Canonical Developer Warns About Banking With Linux Mint

← Back to Stories (view on slashdot.org)

Canonical Developer Warns About Banking With Linux Mint

Posted by samzenpus on Monday November 18, 2013 @10:30AM from the family-fight dept.

sfcrazy writes "Ubuntu developer Oliver Grawert does not prefer to do online banking with Linux Mint. In the official mailing list of the distribution, Ubuntu developers stated that the popular Ubuntu derivative is a vulnerable system and people shouldn't go for online banking on it. One of the Ubuntu developers, Oliver Grawert, originally pointed out that it is not necessary that security updates from Ubuntu get down to Linux Mint users since changes from X.Org, the kernel, Firefox, the boot-loader, and other core components are blocked from being automatically upgraded." Clement Lefebvre, the Linux Mint project founder, has since made a statement and confirmed that Oliver Grawert seems "more opinionated than knowledgeable" adding "the press blew what he said out of proportion."

53 of 206 comments (clear)

Min score:

Reason:

Sort:

like we needed more ammo by X0563511 · 2013-11-18 10:31 · Score: 4, Insightful

Nice job Oliver - we really needed more ammunition in the Everyone vs Canonical battle.

--
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
1. Re:like we needed more ammo by Anonymous Coward · 2013-11-18 10:34 · Score: 3, Funny
  
  Reminds me of the http://xkcd.com/435/ but wtih plain vanilla Debian instead of Mathemeticians.
2. Re:like we needed more ammo by Darfeld · 2013-11-18 10:48 · Score: 2
  
  More like Linux from scratch instead of Mathematician, gentooist as physicist, Debian as chemist...
  
  --
  (\__/) This is Lapinator
  (='.'=) copy it in your sig
  (")_(") so it can take over the world
3. Re:like we needed more ammo by wile_e8 · 2013-11-18 11:00 · Score: 2
  
  Linux Mint is based on Ubuntu (or Debian). Ubuntu is based on Debian. Gentoo and LFS are an entirely different branch of the distro family tree.
4. Re:like we needed more ammo by Eggplant62 · 2013-11-18 11:05 · Score: 4, Insightful
  
  This is the stupidest thing I've ever read. Not only is it a blow to Mint, but to free software in general. I just got done crowing to friends that Linux isn't full of NSA backdoors, and then this pops up on newsfeed. Sheiss.
  I suppose our developer doesn't understand that one can go with slightly more intelligent tools, like apt-get on the CLI, to get those packages upgraded? If so, he's no developer I'd give a shit about.
5. Re:like we needed more ammo by fisted · 2013-11-18 11:06 · Score: 4, Funny
  
  Nice to be on top with LFS, right?
  Wait.. Oh, Hey, we didn't see you guys all the way over there!
  Yours, The BSDs
  
  --
  CLI paste? paste.pr0.tips!
6. Re:like we needed more ammo by exomondo · 2013-11-18 11:20 · Score: 4, Insightful
  
  I suppose our developer doesn't understand that one can go with slightly more intelligent tools, like apt-get on the CLI, to get those packages upgraded? If so, he's no developer I'd give a shit about.
  He likely does, but that's not really the point is it? It's whether the average users know to do this.
7. Re:like we needed more ammo by ifiwereasculptor · 2013-11-18 15:34 · Score: 3, Informative
  
  LFS isn't a branch, it's more akin to the root. Or maybe a book on growing branches, designed for trees. Which is more accurate but kind of wrecks the metaphor.
8. Re:like we needed more ammo by Adam+Jorgensen · 2013-11-18 22:06 · Score: 2
  
  Agreed. Just because I tried PCBSD and it failed to work at all on my laptop doesn't mean I hate PCBSD and BSD in general. I'm not the target audience and I recognise that.
9. Re:like we needed more ammo by VGPowerlord · 2013-11-19 02:49 · Score: 2
  
  How exactly did you verify this?
  ps -A | grep -i nsa
  returned no results!
  
  --
  GLaDOS for President 2016! "Well here we are again. It's always such a pleasure." -- GLaDOS, 2011
10. Re:like we needed more ammo by allo · 2013-11-19 09:09 · Score: 2
  
  bsd is unix, linux is applied unix.
Lots of this lately by Anonymous Coward · 2013-11-18 10:39 · Score: 5, Insightful

if you can't say how good your product is. tell everyone how shitty everyone elses product is.
1. Re:Lots of this lately by similar_name · 2013-11-18 11:43 · Score: 2, Insightful
  
  Sounds like politics.
Not very diplomatic by johnsie · 2013-11-18 10:41 · Score: 2

The guy is obviously lacking in basic social skills. Sadly the Ubuntu developers and forum admins are alienating themselves rather than doing anything useful for Linux.
1. Re:Not very diplomatic by Mister+Liberty · 2013-11-18 11:04 · Score: 2, Insightful
  
  Where on its websites and -pages does Ubuntu ever mention the word Linux?
2. Re:Not very diplomatic by donaldm · 2013-11-18 21:12 · Score: 2
  
  Where on its websites and -pages does Ubuntu ever mention the word Linux?
  No where, if you exclude lists, wiki and irclogs.
  Try this site (thanks Desler) then the second paragraph down. I''ll even save you the bother of looking by quoting the second paragraph:
  
  Linux was already established as an enterprise server platform in 2004, but free software was not a part of everyday life for most computer users. That's why Mark Shuttleworth gathered a small team of developers from one of the most established Linux projects – Debian – and set out to create an easy-to-use Linux desktop: Ubuntu.
  
  --
  There ain't no such thing as proprietary standards only proprietary formats. Standards are by definition open.
Missing context by Fwipp · 2013-11-18 10:43 · Score: 5, Informative

TFS makes it sounds like it's a long article about how Linux Mint is insecure.
Here's the entirety of his commentary:

Do you think that Linux Mint is a vulnerable system ? Really ?

https://github.com/linuxmint/mintupdate/blob/master/usr/lib/linuxmint/mintUpdate/rules
this is the list of packages it will never update, instead of just
integrating changes properly with the packagaes in the ubuntu archive
they instead suppress doing (security) updates at all for them.
i would say forcefully keeping a vulnerable kernel browser or xorg in
place instead of allowing the provided security updates to be installer
makes it a vulnerable system, yes
i personally wouldn't do online banking with it ;)
ciao
oli
1. Re:Missing context by ttucker · 2013-11-18 10:56 · Score: 4, Insightful
  
  It is a pretty fucking good point too, that list of rules contains update exclusions that certainly would affect security.
2. Re:Missing context by Rob+Simpson · 2013-11-18 14:21 · Score: 2
  
  You are both reading it incorrectly - or rather, the context needed to read it is missing. The number refers to the "safety level" of the update:
  
  1 - from Linux Mint developers
  2 - tested to be safe
  3 - untested but probably safe
  4 - untested and may cause problems
  5 - known to cause problems with some hardware
  
  The flash package is 2, that is, tested and shown to not cause any problems. Levels 1 to 3 are automatically selected to be installed when updating.
3. Re:Missing context by Rob+Simpson · 2013-11-18 14:30 · Score: 5, Informative
  
  Levels 4 and 5 ("unsafe", in that they may cause things to stop working) are not automatically selected when updating - which is fine with me. Video drivers may need to be reinstalled when performing a kernel update, for example. My issue is that they are not visible by default. It's easy to change in the preferences (there are "safe" and "visible" checkmarks for each level, so I have it set up so I can see if there is a kernel update available and select it when I want to install it) but novice users may miss this.
4. Re:Missing context by ttucker · 2013-11-19 04:45 · Score: 2
  
  Would that also apply to sudo apt-get update and sudo apt-get upgrade?
  No. You can complain that apt will install dangerous updates that break things, because it does. It is impossible to complain that it will not keep you on the bleeding edge of technology,
what? by MickyTheIdiot · 2013-11-18 10:43 · Score: 3, Funny

The makers of Zeitgeist are concerned about privacy??
This is why... by sgage · 2013-11-18 10:45 · Score: 5, Insightful

... I don't want anything more to do with Canonical, or Ubuntu, or Mint, or any of that lot. I'm sticking with Debian. I'm sure it has its problems and all, but at least the politics seem to remain mostly internal. These public pissing matches between distros just seem so counter-productive. But since I've been using Linux (1998), it seems to be a constant. Ego issues? I don't know. I don't particularly care. It's just so boring and off-putting.
1. Re:This is why... by jones_supa · 2013-11-18 10:58 · Score: 4, Insightful
  
  I personally am seeing BSDs as an increasingly interesting choice.
2. Re:This is why... by c0d3g33k · 2013-11-18 11:21 · Score: 3, Insightful
  
  With all due respect, working on Linux distributions is, for the most part, a thankless job. People certainly aren't doing it for the money - they are doing it because they passionately care about what they are doing. Aaaand ... passionate people sometimes react before they think, sometimes they are misinformed, because they are crazy busy doing their best to provide quality software to you for nothing. Because they care enough to do what they are doing when few others do. And they do it all in public for all to see ... and are judged for it, quite often by those who don't participate or understand. I'd ask you to take that into account before you dismiss passionate outbursts as "pissing matches" with a wave of the hand - you're just getting a glimpse into "how the sausage is made". Get over it. That's how humans operate. The beauty of the FL/OSS ecosystem is that you don't have to listen to the discussions that create your software for you - just use what you like based on its technical merits. Maybe if you feel gratitude for the gift you've been given you might even say "thank you" now and then. But if you're making your technical decisions based solely on what you misperceive as "politics", you are doing it wrong.
3. Re:This is why... by TangoMargarine · 2013-11-18 11:26 · Score: 2, Insightful
  
  This doesn't sound like a pissing match so much as an Ubuntu guy being an ass and a corresponding Mint guy rolling his eyes. The urine is flowing one way.
  
  --
  Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF
4. Re:This is why... by Iskender · 2013-11-18 12:02 · Score: 2, Insightful
  
  because they are crazy busy doing their best to provide quality software to you for nothing.
  Uhh, the guy flaming in this case is working for Ubuntu. I don't know this, but I'd bet he's *employed* by Ubuntu.
  Meaning, he probably has even fewer excuses.
  And if making distros is a thankless job, maybe he should have some respect for others doing it? The guy behaved badly, end of story.
5. Re:This is why... by sensei+moreh · 2013-11-18 12:48 · Score: 4, Interesting
  
  Fedora, Mint, Ubuntu. I run all three. Mint for Cinnamon, the other two (with LXDE desktops) because sometimes one just works better than the other. Pissing matches are those who've been drinking too much beer.
  
  --
  Geology - it's not rocket science; it's rock science
6. Re:This is why... by Windwraith · 2013-11-18 15:48 · Score: 3, Informative
  
  Seeing the originating comment is pretty much a harmless comment made on an Ubuntu mailing list, I think you are being misled by the flamebaiting article wording.
  All the guy said accounts to "this is a list of packages it won't update by default. I don't consider those choices very safe". How is this even newsworthy? And not only slashdot, other sites are making way too much of it.
  Also, notice this post so rich in Canonical evil ending with a ";)", I mean come on. This is news as much as somebody posting "lol ps4 sucks" on twitter.
7. Re:This is why... by Aighearach · 2013-11-18 17:39 · Score: 2
  
  I've been using Fedora since it was called "RedHat Linux" and it has always played well with everything else, works well in both dev and server roles, and the best thing about it, it isn't "cool" at all! Most of the users just want a stable distro that works and is pragmatic.
  Somebody wants a trendy distro, guaranteed the blogs are going to be full of asshat wannabe hipsters.
Pot and kettle by Anonymous Coward · 2013-11-18 10:47 · Score: 4, Insightful

Why would you want to use a different distro where you don't know what could happen to your personal info;Here at Canonical we build the selling of your private info right into the menu!
+1 Article Troll by ADRA · 2013-11-18 10:49 · Score: 3, Informative

And nothing of value was lost.

--
Bye!
1. Re:+1 Article Troll by squisher · 2013-11-18 10:55 · Score: 5, Informative
  
  While the article may not have very diplomatic wording, the essence is true: I installed Linux Mint about a year ago, and liked it. But I had to switch to a different distribution after a couple of months because there were virtually NO updates coming in at all. I'd say that Ubuntu updates like crazy, but no updates at all in several months makes it very likely that they just don't have enough manpower to provide such a service. And that does make your distribution vulnerable. My experience may be outdated, but I'd bet it's still the same given this article...
2. Re:+1 Article Troll by boristhespider · 2013-11-18 11:02 · Score: 3, Informative
  
  I don't use Mint anymore myself - chiefly because my normal laptop died and Fedora plays more happily with Macbook's twisted form of EFI, and also partly because I spent so long administering Red Hat and then Fedora Core boxes that Fedora comes more naturally to me - but my anecdotal evidence is different. I didn't see Mint updating slowly at all. I can't say I paid much attention to kernel updates, but other patches came through as regularly as on any other distribution.
  For constant kernel updates and the attendent fun wondering if *this* is the update that will break your wifi or graphics support, nothing beats Fedora.
  Disclaimer for those taking Slashdot a bit too seriously: Fedora's constant kernel updates have only twice broken my wifi or graphics support, and that's chiefly because of a small latency in the drivers being updated that I wouldn't have noticed had I just waited about twenty minutes. It is irritating plugging the damn machine into the router again (they live in different rooms, and I'm no fan of trailing metre after metre of cable around), but that's the price you pay for updating without thinking.
3. Re:+1 Article Troll by wile_e8 · 2013-11-18 11:15 · Score: 5, Informative
  
  Read the statement from Clem in the summary. Linux Mint updates just as fast as Ubuntu on most things, but has certain updates that could potentially crash otherwise stable machines disabled as a default. If you are really concerned about these to avoid vulnerability, they are easy to enable. Nothing about Linux Mint updates are slow after you enable them.
4. Re:+1 Article Troll by bmo · 2013-11-18 11:21 · Score: 2
  
  Fedora's constant kernel updates ... It is irritating plugging the damn machine into the router again (they live in different rooms, and I'm no fan of trailing metre after metre of cable around), but that's the price you pay for updating without thinking.
  And this is why you keep at least one old kernel in Grub to boot from. I've never had a kernel kill wireless (Atheros FTW) but I've had kernels I didn't like that had regressions elsewhere.
  --
  BMO
5. Re:+1 Article Troll by exomondo · 2013-11-18 11:29 · Score: 5, Insightful
  
  The problem is these are labeled Unsafe Packages and Dangerous Packages, now with those descriptions what user is going to say "yes I want those"? It states that these can affect stability, which is true, but leaves out that they could be critical security patches, which is also true.
  The real beneficial fix to end users here would be to state the whole truth about these updates.
6. Re:+1 Article Troll by jedidiah · 2013-11-18 14:11 · Score: 2
  
  Except from the point of view of system stability and change control, Mint polices are actually the ones that make sense. Dicking around with the kernel or Xorg SHOULD be treated like it's dangerous and that terminology should be exposed to the "poor frightened" end users.
  "Crucial to Linux components working with one another. Do not install unless you are experiencing a problem which you believe the upgrade will solve"
  Sounds sensible actually.
  
  --
  A Pirate and a Puritan look the same on a balance sheet.
7. Re:+1 Article Troll by ifiwereasculptor · 2013-11-18 15:44 · Score: 3, Interesting
  
  We all know that's important. However, for the regular user, someone remotely exploiting a xorg bug is way less likely than a video driver fuckup (especially if the user opted for a blob). And whoever doesn't know what xorg or a kernel are is unlikely to solve the problem when presented with a terminal, thus dooming the machine completely. So yes, Mint's way makes more sense for the unaware user. And the aware user can configure it to his liking.
8. Re:+1 Article Troll by boristhespider · 2013-11-18 20:04 · Score: 2
  
  blah blah blah lol fortran etc
  if it helps, i program in f03. there are some irritating quirks about the language, but there are about any. c would be a regression for me, given its shitty array handling and lack of easy data hiding. c++ would be the closer comparison, but still has teh shitty array handling. plus, all the libraries i'm dealing with are in fortran and i'm building on previous code in fortran. it's heavily used in science and despite mockery thrown at it by people who've never even bothered looking at it, is a perfectly servicable language.
He's just mad. by imunfair · 2013-11-18 10:59 · Score: 3, Insightful

It's not surprising he'd try to bash Mint, considering they ate part of Ubuntu's marketshare when Ubuntu made stupid design decisions. That's what happens when you try to cram weird GUI changes down peoples throats in open source.
Don't move my Close, Minimize, and Maximize buttons to the left side by default unless you're going provide some spectacular improvements in return. I tried using it that way for a couple days and was still reflexively clicking on the empty right side to close the window. Eventually I found a config mod that fixed it, but then they went to the stupid Ubuntu mobile desktop and I couldn't be assed to work around it any longer so I switched.
It's worth mentioning that if you don't like Ubuntu repos, Mint also has a version based directly on Debian.
1. Re:He's just mad. by Mashdar · 2013-11-18 12:41 · Score: 2
  
  My favorite was that the Unity bar was smack in the middle of my two monitors regardless of which monitor was the primary. Good thing they didn't want to let anyone move the damned thing.
Somewhat FUD apparently by jones_supa · 2013-11-18 11:02 · Score: 3, Informative

I found this interesting Google+ post from the Muktware article comments.
Canonical Failed? by enter+to+exit · 2013-11-18 11:36 · Score: 4, Interesting

Ubuntu is in a rut. They're not making money, growth is plateauing, it's mindshare is diminishing. It's questionable if they'll ever make a profit. I mean why Ubuntu over Novell, Oracle or RedHat for enterprise stuff? RedHat is a billion dollar publicly listed company..Novell is owned by attachemate group (a billion dollar revenue company) and Oracle poops money.

The Ubuntu Edge was a hail Mary pass that failed. They lack the revenue (and wherewithal) to get into hardware and no hardware maker wants to partner with them.

I have to wonder, when will shuttleworth stop? Would it be extreme to say Canonical is a failed company? At what point is Ubuntu going to transition into a community driven OS? Ubuntu TV is vapourware, their phone OS relies on someone willing flashing their nexus..They've totally fucked their Desktop OS and it's unclear why anyone would select them for enterprise support considering the breadth of their competition.
1. Re:Canonical Failed? by dkleinsc · 2013-11-18 11:50 · Score: 3, Insightful
  
  At what point is Ubuntu going to transition into a community driven OS?
  I'd say it already is transitioning to a community-driven setup, called "Mint". One of the key things that makes the open-source world different from the commercial world is that when an organization starts getting stupid and greedy, someone forks the project, and if they do a better job the user-base just switches to the new project and loses nothing of any great value.
  
  --
  I am officially gone from /. Long live http://www.soylentnews.com/
Re:banksters by Penguinisto · 2013-11-18 11:36 · Score: 2

If you believe you are safe, think again.
Oh, it gets worse than that... much, much worse...

--
Quo usque tandem abutere, Nimbus, patientia nostra?
End of the world? by dshk · 2013-11-18 11:48 · Score: 5, Insightful

We are talking about a short, almost personal comment on the developer's mailing list of Ubuntu:

i personally wouldn't do online banking with it ;)
Compare this with the Slashdot article title:

Canonical Developer Warns About Banking With Linux Mint
Whether he is technically right, or not, I find it disgusting that such a side note becomes news on Slashdot.
By the way, the subject was another new distribution based on Ubuntu, similar to Mint, therefore the Ubuntu developer actually encouraged an Ubuntu derivative.
Re:YearOfTheLinuxDesktop!!! by amiga3D · 2013-11-18 12:08 · Score: 2

Face it, Linux isn't for everyone and may never be. So fucking what? It's good for the people that use it. It's been my desktop since 1999 when I finally retired my Amiga 3000. It's the desktop of choice of a lot of people. I've seen the average windows user and guess what? They mostly don't know what they're doing. The overwhelming majority of windows users happily install malware on their computers on a daily basis. That's the desktop we're shooting for in the Linux community? Average users are going to fuck up their systems regardless of what platform they use.
I feel the same way... by Lumpy · 2013-11-18 13:06 · Score: 3, Insightful

I warn people away from Ubuntu and towards Debian or another reputable distro that is not selling your info and loading your os with AD's and spyware. Yes if you are sending info for targeted ad's you are bundling SPYWARE.
Ubuntu has tainted the water. It's not a safe OS.

--
Do not look at laser with remaining good eye.
Mint runs xhost + by Anonymous Coward · 2013-11-18 14:03 · Score: 2, Informative

Mint has no security. They intentionally run with access control disabled on the X server (xhost +). Keyloggers and screen scrapers are trivial in this case. Bugs have been filed about this, but Mint considers it working as designed.
Well, by DCFusor · 2013-11-18 15:05 · Score: 2

It might not solve all issues, after all, it's not like Ubuntu itself is never hacked. But my solution is to run the Mate desktop over Ubuntu 12.04 LTS and get the best of both. It works great, and avoids the crap that is unity, gnome3, you name it - it's like having a stable version of gnome2 that actually works right. I agree with the commentors on many of the other issues. Unity is crap on a multi monitor desktop. It has built-in surveilance on you for crying out loud, huge icons if you've got 4 24" monitors, that you can't move. I like to be able to put the tic-tac-toe buttons where I wish, I like menu and task bars I can autohide, and put on the monitor I want. I paid for every single pixel on them - don't tell me what I can have on my screen or where I can put it. It's not like I don't have other options. Cannonical really stuck its head up its butt in a number of ways of late - and when told so, they said it was our fault for not liking their stupid ideas, which were and are genuinely stupid. Too bad, otherwise they were the good stuff. But they are not alone. Somone figured out that most computers hit the dumpster with the same opsys they shipped with. Since PC sales are falling (the ones out there are all good enough by now anyway, why buy a new one is a good question for most users) - they decided on a "one size fits all" for PCs and mobes. Stupid idea - I have both and use them for different stuff and at different levels of security for that different stuff. It seems the current crop of programmers is too stupid to put in a single boolean - true if PC, false if mobe, or vice versa, and do the rest of the install based on that. Even if my quad monitor setup was reachable by anything but my extended legs and was touch enabled, I'd think this current bunch of Ubuntu stuff was crap for it, what I have is far better, and a lot more usable. It might work out on my nexus, only it's better the way it is already, than unity would make it. They really jumped the shark on this - in company, but still....

--
Why guess when you can know? Measure!
...and now it becomes about Linux in general. by Mirar · 2013-11-18 17:35 · Score: 3, Insightful

By inferring that Linux in any form or shape might be not worthy of "online banking",
I think this has hurt Linux an immense amount.
He probably just now blocked tens of thousands of people of trying *Canonical*,
because the article reads "*Linux* is not good to do online banking with".
Smooth.
I wonder if he can do anything to repair the damage. :(
Re:like they needed more ammo by Mirar · 2013-11-18 17:38 · Score: 2

Everyone versus Linux. That's the ammunition he gave out for everyone outside the Linux world.