Slashdot Mirror
Canonical Developer Warns About Banking With Linux Mint
sfcrazy writes "Ubuntu developer Oliver Grawert does not prefer to do online banking with Linux Mint. In the official mailing list of the distribution, Ubuntu developers stated that the popular Ubuntu derivative is a vulnerable system and people shouldn't go for online banking on it. One of the Ubuntu developers, Oliver Grawert, originally pointed out that it is not necessary that security updates from Ubuntu get down to Linux Mint users since changes from X.Org, the kernel, Firefox, the boot-loader, and other core components are blocked from being automatically upgraded." Clement Lefebvre, the Linux Mint project founder, has since made a statement and confirmed that Oliver Grawert seems "more opinionated than knowledgeable" adding "the press blew what he said out of proportion."
Nice job Oliver - we really needed more ammunition in the Everyone vs Canonical battle.
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
if you can't say how good your product is. tell everyone how shitty everyone elses product is.
Too bad i use sudo apt-get dist-upgrade!
The guy is obviously lacking in basic social skills. Sadly the Ubuntu developers and forum admins are alienating themselves rather than doing anything useful for Linux.
Internet banking is convenient, too convenient. If you believe you are safe, think again. The banksters have your money, they can do what they like and you have no recourse other than taking back your money. Take it out now, before the run.
The mind conceives, the body achieves, the spirit manifests.
TFS makes it sounds like it's a long article about how Linux Mint is insecure.
Here's the entirety of his commentary:
The makers of Zeitgeist are concerned about privacy??
... I don't want anything more to do with Canonical, or Ubuntu, or Mint, or any of that lot. I'm sticking with Debian. I'm sure it has its problems and all, but at least the politics seem to remain mostly internal. These public pissing matches between distros just seem so counter-productive. But since I've been using Linux (1998), it seems to be a constant. Ego issues? I don't know. I don't particularly care. It's just so boring and off-putting.
Why would you want to use a different distro where you don't know what could happen to your personal info;Here at Canonical we build the selling of your private info right into the menu!
And nothing of value was lost.
Bye!
From the article title, I thought it was going to be about how Mint figured a way to hijack your online banking like they do with their crappy Google search hijack. It seems every time I figure out where they've crammed in more of their over-the-top branding, something else pops up. I guess I shouldn't complain too much, I've learned a lot this way. How would I have known how the fortune program was configured until I had to figure out how to get rid of all those annoying Husse fortunes.
Delete the preferences file in /etc/apt. Simple solution.
So everything that is a derivative of something else is vulnerable?
Isn't Ubuntu a derivative of Debian?
I'm a good cook. I'm a fantastic eater. - Steven Brust
Everyone who knows anything about security and follows linux distros, of which mint is popular enough for it not to slip under the radar; these people should know mint doesn't have security advisories nor mailing lists nor a security "team" such as it's grandparent distro. What is canonical thinking? They must like stirring the shit up. What do they have to gain from doing this? They're already on everyone's shitlist.
It's not surprising he'd try to bash Mint, considering they ate part of Ubuntu's marketshare when Ubuntu made stupid design decisions. That's what happens when you try to cram weird GUI changes down peoples throats in open source.
Don't move my Close, Minimize, and Maximize buttons to the left side by default unless you're going provide some spectacular improvements in return. I tried using it that way for a couple days and was still reflexively clicking on the empty right side to close the window. Eventually I found a config mod that fixed it, but then they went to the stupid Ubuntu mobile desktop and I couldn't be assed to work around it any longer so I switched.
It's worth mentioning that if you don't like Ubuntu repos, Mint also has a version based directly on Debian.
Good!
May they suffer.
I found this interesting Google+ post from the Muktware article comments.
Is that something similar to Bitcoins?
One day it may well be - but with the individual being his/her own bank instead of paying for some other entity to store the stuff.
Quo usque tandem abutere, Nimbus, patientia nostra?
I tell them to use GNU Hurd. It can't actually visit your bank's site, so there's no risk. Plus I think any applications that actually do run, are in userland, and hence are pretty slow. As a result, my clients spend less time on their computer, and more time wheeling and dealing.
And no, if major components aren't updated, then security is very temporary.
The banksters have AT LEAST ten times your money. It's the law and they are doing God's work, so don't ask questions.
Linux Mint creator's take:
http://segfault.linuxmint.com/2013/11/answering-controversy-stability-vs-security-is-something-you-configure/
Summary: Nothing to see here; Let's move on.
Another person on the same thread:
http://benjaminkerensa.com/2013/11/18/linux-mint-stay-calm-make-free-software
Summary: Nothing to see here; Let's move on. Oh, Mate is cool.
The quoted developer:
http://ograblog.wordpress.com/2013/11/18/lots-of-canonical-in-my-mouth/
Summary: Nothing to see here; the Press sucks, let's move on. Oh, Mate is cool.
Don't use Mint on Mint.
(Ubuntu, which never ever mentions the word Linux on its websites and webpages)
482 of the Top500 supercomputers run Linux, and China’s Tianhe-2 is the fastest
http://www.linuxbsdos.com/2013/11/18/482-of-the-top500-supercomputers-run-linux-and-chinas-tianhe-2-is-the-fastest/
Enjoy!
Yet Microsoft is the biggest joke these days!
This is just another piece of evidence that confirms my suspicions. Canonical has been threatened by the Mint project for years now. This is not the first interview that has come out with an Ubuntu dev speaking ill of Mint, and I'm sure it wont be the last.
Somewhere, something incredible is waiting to be known. -Carl Sagan
Parent makes it sound like this is some hard blacklist.
Now guess what the 3rd and 5th fields in each row are for.
Ubuntu is in a rut. They're not making money, growth is plateauing, it's mindshare is diminishing. It's questionable if they'll ever make a profit. I mean why Ubuntu over Novell, Oracle or RedHat for enterprise stuff? RedHat is a billion dollar publicly listed company..Novell is owned by attachemate group (a billion dollar revenue company) and Oracle poops money.
The Ubuntu Edge was a hail Mary pass that failed. They lack the revenue (and wherewithal) to get into hardware and no hardware maker wants to partner with them.
I have to wonder, when will shuttleworth stop? Would it be extreme to say Canonical is a failed company? At what point is Ubuntu going to transition into a community driven OS? Ubuntu TV is vapourware, their phone OS relies on someone willing flashing their nexus..They've totally fucked their Desktop OS and it's unclear why anyone would select them for enterprise support considering the breadth of their competition.
Ubuntu developer Oliver Grawert does not prefer to do online banking with Linux Mint.
"prefers not" would be a less ambiguous way of putting it. But hey, you just copy-pasted the whole thing, it's not like Slashdot expect to you to write summaries in your own words. Oh wait, they totally do.
One of the Ubuntu developers, Oliver Grawert, originally pointed out that it is not necessary that security updates from Ubuntu get down to Linux Mint users since changes from X.Org, the kernel, Firefox, the boot-loader, and other core components are blocked from being automatically upgraded.
Err, what? I honestly can't be sure what this means. First, Grawert was already introduced in a previous line of the summary/article. Doing so again is just confusing, but even more so is that it's impossible to tell whether this second sentence, containing as it does the word "originally," is meant to agree or disagree with the idea that Mint is vulnerable.
systemd is Roko's Basilisk.
Compare this with the Slashdot article title:
Whether he is technically right, or not, I find it disgusting that such a side note becomes news on Slashdot.
By the way, the subject was another new distribution based on Ubuntu, similar to Mint, therefore the Ubuntu developer actually encouraged an Ubuntu derivative.
Because Year of the Linux Desktop went from being a joke to just being sad. Look at what Google accomplished with Linux yet the desktop folks are still bickering and blaming users for the lack of adoption. It is a clear example of where "dogfooding" doesnt work, Microsoft does it too little and the desktop Linux community does it too much, everything seems simple and intuitive when you have spent so much time on it and have a keen interest in it but the average user (90%+ of the target audience) doesn't. That is why this issue with MINT seems like a non-issue to MINT users and developers, they actually understand the perils and benefits of pulling in these updates but an average user does not and this is not clearly communicated to those average users either but by all means continue to just say these users are idiots and move on ignoring them.
Face it, Linux isn't for everyone and may never be. So fucking what? It's good for the people that use it. It's been my desktop since 1999 when I finally retired my Amiga 3000. It's the desktop of choice of a lot of people. I've seen the average windows user and guess what? They mostly don't know what they're doing. The overwhelming majority of windows users happily install malware on their computers on a daily basis. That's the desktop we're shooting for in the Linux community? Average users are going to fuck up their systems regardless of what platform they use.
I came to Linux because I thought we'd be over this stupid, overblown shit that's really nothing to be concerned about. But it appears you can't have peace anywhere on the net without fan-boys using anything scrap of info as an excuse to ruin things.
I came to Linux at a time when people just wanted to use a quality system and assist each other with learning how to use it effectively and work to improve it. Now that's becomes "mainstream" the community has turned to shit. I suppose the Linux community has always had its fair share of BS politics, but it's too easy to make them front-page news now to the point where it makes us look like a bunch of kids, amateurs no better than the bickering idiots in other fields.
See what the Canonical developer has to say to the blame himself at http://ograblog.wordpress.com/2013/11/18/lots-of-canonical-in-my-mouth/ or https://plus.google.com/+OliverGrawert/posts/Ayf2Gy3TpJP
"Ubuntu developer Oliver Grawert"
Well I don't want to do banking with you, either. Nor do I want spyware in my distribution.
https://plus.google.com/+OliverGrawert/posts/Ayf2Gy3TpJP
I warn people away from Ubuntu and towards Debian or another reputable distro that is not selling your info and loading your os with AD's and spyware. Yes if you are sending info for targeted ad's you are bundling SPYWARE.
Ubuntu has tainted the water. It's not a safe OS.
Do not look at laser with remaining good eye.
Where Amazon can watch you and tailor ad's based on your balance
Mint has no security. They intentionally run with access control disabled on the X server (xhost +). Keyloggers and screen scrapers are trivial in this case. Bugs have been filed about this, but Mint considers it working as designed.
It might not solve all issues, after all, it's not like Ubuntu itself is never hacked. But my solution is to run the Mate desktop over Ubuntu 12.04 LTS and get the best of both. It works great, and avoids the crap that is unity, gnome3, you name it - it's like having a stable version of gnome2 that actually works right. I agree with the commentors on many of the other issues. Unity is crap on a multi monitor desktop. It has built-in surveilance on you for crying out loud, huge icons if you've got 4 24" monitors, that you can't move. I like to be able to put the tic-tac-toe buttons where I wish, I like menu and task bars I can autohide, and put on the monitor I want. I paid for every single pixel on them - don't tell me what I can have on my screen or where I can put it. It's not like I don't have other options. Cannonical really stuck its head up its butt in a number of ways of late - and when told so, they said it was our fault for not liking their stupid ideas, which were and are genuinely stupid. Too bad, otherwise they were the good stuff. But they are not alone. Somone figured out that most computers hit the dumpster with the same opsys they shipped with. Since PC sales are falling (the ones out there are all good enough by now anyway, why buy a new one is a good question for most users) - they decided on a "one size fits all" for PCs and mobes. Stupid idea - I have both and use them for different stuff and at different levels of security for that different stuff. It seems the current crop of programmers is too stupid to put in a single boolean - true if PC, false if mobe, or vice versa, and do the rest of the install based on that. Even if my quad monitor setup was reachable by anything but my extended legs and was touch enabled, I'd think this current bunch of Ubuntu stuff was crap for it, what I have is far better, and a lot more usable. It might work out on my nexus, only it's better the way it is already, than unity would make it. They really jumped the shark on this - in company, but still....
Why guess when you can know? Measure!
Not really. Linux is still the least likely OS to contain backdoors and the most likely community to find and out them.
Linus is not even in the top 100 kernel contributors these days so his opinion on the matter is questionable.
... NSA Security-enhanced Linux is a set of patches to the Linux kernel and some utilities to incorporate a strong, flexible mandatory access control (MAC) architecture into the major subsystems of the kernel."
The NSA is a contributor to Linux.
"The United States National Security Agency (NSA), the original primary developer of SELinux, released the first version to the open source development community under the GNU GPL on December 22, 2000.[3] The software merged into the mainline Linux kernel 2.6.0-test3, released on 8 August 2003
OpenBSD, which has multiple people involved in periodic security audits of existing code, would be the operating system less likely. It is a myth that many users means many eyeballs looking for exploits and bugs.
By inferring that Linux in any form or shape might be not worthy of "online banking",
I think this has hurt Linux an immense amount.
He probably just now blocked tens of thousands of people of trying *Canonical*,
because the article reads "*Linux* is not good to do online banking with".
Smooth.
I wonder if he can do anything to repair the damage. :(
Everyone versus Linux. That's the ammunition he gave out for everyone outside the Linux world.
Because Year of the Linux Desktop went from being a joke to just being sad. Look at what Google accomplished with Linux yet the desktop folks are still bickering and blaming users for the lack of adoption. It is a clear example of where "dogfooding" doesnt work, Microsoft does it too little and the desktop Linux community does it too much, everything seems simple and intuitive when you have spent so much time on it and have a keen interest in it but the average user (90%+ of the target audience) doesn't. That is why this issue with MINT seems like a non-issue to MINT users and developers, they actually understand the perils and benefits of pulling in these updates but an average user does not and this is not clearly communicated to those average users either but by all means continue to just say these users are idiots and move on ignoring them.
There is too much navel-gazing attitude in the community, and that tends to produce stuff that only looks friendly to Unix greybeards and those who want to emulate their elitism. Ubuntu has distanced itself somewhat from that unhealthy dynamic, but IMO they are still missing certain ingredients for a successful desktop OS. I think Elementary OS also deserves a mention because although its based on GNU/Linux, they publicly renounce any status as another "Linux distro" or close association with that subculture... they do not live to be cozy with "upstream" as doing so ensures that whatever you publish will be the product of a consortium of tech committees.
Its the only OS that I'd trust to do online banking these days; BSD jails are flimsy compared to Qubes' XEN domains.
I'd also assume that any OS outfit offering "security" that doesn't have security researchers at its core is handing out a load of jive, especially if their system relies on a traditional kernel for said security.
I will admit it was nice try at first ... but now it's just a pile of commercial crap floating around the Internet.
I urge the GNU/Linux community send it to the recycling plant.
This comeing from company that deliperatly sells its users privacy.. So is Canonical any better then? Nope.
That's why I mostly stay away from mint
Last year there was a linux root exploit in the kernel. I tried the exploit and it worked: bang root shell!
So I waited to see when this would be fixed via the usual upgrade path... nothing happened during 6 months.
Until I finally wanted to use my system and so I looked into the reasons why I'm still vulnerable while all other distributions are ok.
So I need to run apt-get to get a new kernel! That's not "ready for the desktop".
Come on! All distributions are so proud to always say that fixes get quickly spread and there comes mint saying: "I won't even notify the end user that he should upgrade his X or kernel because it is vulnerable". That's dumb. Mint is wrong, Ubuntu is right.
Result: I don't like Ubuntu, I don't like Mint. Is there a Mint derivative which does it correctly or do I need to go with Apple?
Atari rules... ermm... ruled.
Mint is a security problem in itself.
It takes ubuntu, and strips it from upgrade, strips it from some updates, fro broken reasons.
Why break functionnality insted of making the right thing, which would be to limit it by default, for example.
aaaaaaa
We don't trust Ubuntu not to install programs that will send our data to Amazon and the like. Auto Updates are turned off so we get to control what is installed.
Comment removed based on user account deletion
Hasn't anyone questioned if automatically accepting updates from another source would/could risk overwriting the updates that the Mint team has made? Seems reasonable to me to at least ask if Mint handles those updates on their own. I know that Mint does push out updates for those packages, if they're not coming from Ubuntu then it begs the question of where are they coming from (Debian?) and why would they want to give Ubuntu access to override those changes? Seems like it's a perfectly legit choice to block those packages. Does anyone know if this is the case?
AFAIK, the reader infers, the writer implies.
Why do you want a Mint derivative? There are more distros than just Ubuntu and Mint. Go over to distrowatch.com and have a look. Personally after trying Mint for most of this year, I am now trying Mageia and quite like it.
And Google would never, never, sell your information? Not like that dastardly Canonical, or that awful Mint that just gives it away.