Slashdot Mirror

← Back to Stories (view on slashdot.org)

Canonical Developer Warns About Banking With Linux Mint

Posted by samzenpus on from the family-fight dept.

sfcrazy writes "Ubuntu developer Oliver Grawert does not prefer to do online banking with Linux Mint. In the official mailing list of the distribution, Ubuntu developers stated that the popular Ubuntu derivative is a vulnerable system and people shouldn't go for online banking on it. One of the Ubuntu developers, Oliver Grawert, originally pointed out that it is not necessary that security updates from Ubuntu get down to Linux Mint users since changes from X.Org, the kernel, Firefox, the boot-loader, and other core components are blocked from being automatically upgraded." Clement Lefebvre, the Linux Mint project founder, has since made a statement and confirmed that Oliver Grawert seems "more opinionated than knowledgeable" adding "the press blew what he said out of proportion."

30 of 206 comments (clear)

  1. like we needed more ammo by X0563511 · · Score: 4, Insightful

    Nice job Oliver - we really needed more ammunition in the Everyone vs Canonical battle.

    --
    For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
    1. Re:like we needed more ammo by Anonymous Coward · · Score: 3, Funny

      Reminds me of the http://xkcd.com/435/ but wtih plain vanilla Debian instead of Mathemeticians.

    2. Re:like we needed more ammo by Eggplant62 · · Score: 4, Insightful

      This is the stupidest thing I've ever read. Not only is it a blow to Mint, but to free software in general. I just got done crowing to friends that Linux isn't full of NSA backdoors, and then this pops up on newsfeed. Sheiss.

      I suppose our developer doesn't understand that one can go with slightly more intelligent tools, like apt-get on the CLI, to get those packages upgraded? If so, he's no developer I'd give a shit about.

    3. Re:like we needed more ammo by fisted · · Score: 4, Funny

      Nice to be on top with LFS, right?
      Wait.. Oh, Hey, we didn't see you guys all the way over there!
      Yours, The BSDs

      --
      CLI paste? paste.pr0.tips!
    4. Re:like we needed more ammo by exomondo · · Score: 4, Insightful

      I suppose our developer doesn't understand that one can go with slightly more intelligent tools, like apt-get on the CLI, to get those packages upgraded? If so, he's no developer I'd give a shit about.

      He likely does, but that's not really the point is it? It's whether the average users know to do this.

    5. Re:like we needed more ammo by ifiwereasculptor · · Score: 3, Informative

      LFS isn't a branch, it's more akin to the root. Or maybe a book on growing branches, designed for trees. Which is more accurate but kind of wrecks the metaphor.

  2. Lots of this lately by Anonymous Coward · · Score: 5, Insightful

    if you can't say how good your product is. tell everyone how shitty everyone elses product is.

  3. Missing context by Fwipp · · Score: 5, Informative

    TFS makes it sounds like it's a long article about how Linux Mint is insecure.

    Here's the entirety of his commentary:

    Do you think that Linux Mint is a vulnerable system ? Really ?

    https://github.com/linuxmint/mintupdate/blob/master/usr/lib/linuxmint/mintUpdate/rules

    this is the list of packages it will never update, instead of just
    integrating changes properly with the packagaes in the ubuntu archive
    they instead suppress doing (security) updates at all for them.

    i would say forcefully keeping a vulnerable kernel browser or xorg in
    place instead of allowing the provided security updates to be installer
    makes it a vulnerable system, yes

    i personally wouldn't do online banking with it ;)

    ciao
            oli

    1. Re:Missing context by ttucker · · Score: 4, Insightful

      It is a pretty fucking good point too, that list of rules contains update exclusions that certainly would affect security.

    2. Re:Missing context by Rob+Simpson · · Score: 5, Informative

      Levels 4 and 5 ("unsafe", in that they may cause things to stop working) are not automatically selected when updating - which is fine with me. Video drivers may need to be reinstalled when performing a kernel update, for example. My issue is that they are not visible by default. It's easy to change in the preferences (there are "safe" and "visible" checkmarks for each level, so I have it set up so I can see if there is a kernel update available and select it when I want to install it) but novice users may miss this.

  4. what? by MickyTheIdiot · · Score: 3, Funny

    The makers of Zeitgeist are concerned about privacy??

  5. This is why... by sgage · · Score: 5, Insightful

    ... I don't want anything more to do with Canonical, or Ubuntu, or Mint, or any of that lot. I'm sticking with Debian. I'm sure it has its problems and all, but at least the politics seem to remain mostly internal. These public pissing matches between distros just seem so counter-productive. But since I've been using Linux (1998), it seems to be a constant. Ego issues? I don't know. I don't particularly care. It's just so boring and off-putting.

    1. Re:This is why... by jones_supa · · Score: 4, Insightful

      I personally am seeing BSDs as an increasingly interesting choice.

    2. Re:This is why... by c0d3g33k · · Score: 3, Insightful

      With all due respect, working on Linux distributions is, for the most part, a thankless job. People certainly aren't doing it for the money - they are doing it because they passionately care about what they are doing. Aaaand ... passionate people sometimes react before they think, sometimes they are misinformed, because they are crazy busy doing their best to provide quality software to you for nothing. Because they care enough to do what they are doing when few others do. And they do it all in public for all to see ... and are judged for it, quite often by those who don't participate or understand. I'd ask you to take that into account before you dismiss passionate outbursts as "pissing matches" with a wave of the hand - you're just getting a glimpse into "how the sausage is made". Get over it. That's how humans operate. The beauty of the FL/OSS ecosystem is that you don't have to listen to the discussions that create your software for you - just use what you like based on its technical merits. Maybe if you feel gratitude for the gift you've been given you might even say "thank you" now and then. But if you're making your technical decisions based solely on what you misperceive as "politics", you are doing it wrong.

    3. Re:This is why... by sensei+moreh · · Score: 4, Interesting

      Fedora, Mint, Ubuntu. I run all three. Mint for Cinnamon, the other two (with LXDE desktops) because sometimes one just works better than the other. Pissing matches are those who've been drinking too much beer.

      --
      Geology - it's not rocket science; it's rock science
    4. Re:This is why... by Windwraith · · Score: 3, Informative

      Seeing the originating comment is pretty much a harmless comment made on an Ubuntu mailing list, I think you are being misled by the flamebaiting article wording.

      All the guy said accounts to "this is a list of packages it won't update by default. I don't consider those choices very safe". How is this even newsworthy? And not only slashdot, other sites are making way too much of it.
      Also, notice this post so rich in Canonical evil ending with a ";)", I mean come on. This is news as much as somebody posting "lol ps4 sucks" on twitter.

  6. Pot and kettle by Anonymous Coward · · Score: 4, Insightful

    Why would you want to use a different distro where you don't know what could happen to your personal info;Here at Canonical we build the selling of your private info right into the menu!

  7. +1 Article Troll by ADRA · · Score: 3, Informative

    And nothing of value was lost.

    --
    Bye!
    1. Re:+1 Article Troll by squisher · · Score: 5, Informative

      While the article may not have very diplomatic wording, the essence is true: I installed Linux Mint about a year ago, and liked it. But I had to switch to a different distribution after a couple of months because there were virtually NO updates coming in at all. I'd say that Ubuntu updates like crazy, but no updates at all in several months makes it very likely that they just don't have enough manpower to provide such a service. And that does make your distribution vulnerable. My experience may be outdated, but I'd bet it's still the same given this article...

    2. Re:+1 Article Troll by boristhespider · · Score: 3, Informative

      I don't use Mint anymore myself - chiefly because my normal laptop died and Fedora plays more happily with Macbook's twisted form of EFI, and also partly because I spent so long administering Red Hat and then Fedora Core boxes that Fedora comes more naturally to me - but my anecdotal evidence is different. I didn't see Mint updating slowly at all. I can't say I paid much attention to kernel updates, but other patches came through as regularly as on any other distribution.

      For constant kernel updates and the attendent fun wondering if *this* is the update that will break your wifi or graphics support, nothing beats Fedora.

      Disclaimer for those taking Slashdot a bit too seriously: Fedora's constant kernel updates have only twice broken my wifi or graphics support, and that's chiefly because of a small latency in the drivers being updated that I wouldn't have noticed had I just waited about twenty minutes. It is irritating plugging the damn machine into the router again (they live in different rooms, and I'm no fan of trailing metre after metre of cable around), but that's the price you pay for updating without thinking.

    3. Re:+1 Article Troll by wile_e8 · · Score: 5, Informative

      Read the statement from Clem in the summary. Linux Mint updates just as fast as Ubuntu on most things, but has certain updates that could potentially crash otherwise stable machines disabled as a default. If you are really concerned about these to avoid vulnerability, they are easy to enable. Nothing about Linux Mint updates are slow after you enable them.

    4. Re:+1 Article Troll by exomondo · · Score: 5, Insightful

      The problem is these are labeled Unsafe Packages and Dangerous Packages, now with those descriptions what user is going to say "yes I want those"? It states that these can affect stability, which is true, but leaves out that they could be critical security patches, which is also true.

      The real beneficial fix to end users here would be to state the whole truth about these updates.

    5. Re:+1 Article Troll by ifiwereasculptor · · Score: 3, Interesting

      We all know that's important. However, for the regular user, someone remotely exploiting a xorg bug is way less likely than a video driver fuckup (especially if the user opted for a blob). And whoever doesn't know what xorg or a kernel are is unlikely to solve the problem when presented with a terminal, thus dooming the machine completely. So yes, Mint's way makes more sense for the unaware user. And the aware user can configure it to his liking.

  8. He's just mad. by imunfair · · Score: 3, Insightful

    It's not surprising he'd try to bash Mint, considering they ate part of Ubuntu's marketshare when Ubuntu made stupid design decisions. That's what happens when you try to cram weird GUI changes down peoples throats in open source.

    Don't move my Close, Minimize, and Maximize buttons to the left side by default unless you're going provide some spectacular improvements in return. I tried using it that way for a couple days and was still reflexively clicking on the empty right side to close the window. Eventually I found a config mod that fixed it, but then they went to the stupid Ubuntu mobile desktop and I couldn't be assed to work around it any longer so I switched.

    It's worth mentioning that if you don't like Ubuntu repos, Mint also has a version based directly on Debian.

  9. Somewhat FUD apparently by jones_supa · · Score: 3, Informative

    I found this interesting Google+ post from the Muktware article comments.

  10. Canonical Failed? by enter+to+exit · · Score: 4, Interesting

    Ubuntu is in a rut. They're not making money, growth is plateauing, it's mindshare is diminishing. It's questionable if they'll ever make a profit. I mean why Ubuntu over Novell, Oracle or RedHat for enterprise stuff? RedHat is a billion dollar publicly listed company..Novell is owned by attachemate group (a billion dollar revenue company) and Oracle poops money.

    The Ubuntu Edge was a hail Mary pass that failed. They lack the revenue (and wherewithal) to get into hardware and no hardware maker wants to partner with them.

    I have to wonder, when will shuttleworth stop? Would it be extreme to say Canonical is a failed company? At what point is Ubuntu going to transition into a community driven OS? Ubuntu TV is vapourware, their phone OS relies on someone willing flashing their nexus..They've totally fucked their Desktop OS and it's unclear why anyone would select them for enterprise support considering the breadth of their competition.

    1. Re:Canonical Failed? by dkleinsc · · Score: 3, Insightful

      At what point is Ubuntu going to transition into a community driven OS?

      I'd say it already is transitioning to a community-driven setup, called "Mint". One of the key things that makes the open-source world different from the commercial world is that when an organization starts getting stupid and greedy, someone forks the project, and if they do a better job the user-base just switches to the new project and loses nothing of any great value.

      --
      I am officially gone from /. Long live http://www.soylentnews.com/
  11. End of the world? by dshk · · Score: 5, Insightful
    We are talking about a short, almost personal comment on the developer's mailing list of Ubuntu:

    i personally wouldn't do online banking with it ;)

    Compare this with the Slashdot article title:

    Canonical Developer Warns About Banking With Linux Mint

    Whether he is technically right, or not, I find it disgusting that such a side note becomes news on Slashdot.

    By the way, the subject was another new distribution based on Ubuntu, similar to Mint, therefore the Ubuntu developer actually encouraged an Ubuntu derivative.

  12. I feel the same way... by Lumpy · · Score: 3, Insightful

    I warn people away from Ubuntu and towards Debian or another reputable distro that is not selling your info and loading your os with AD's and spyware. Yes if you are sending info for targeted ad's you are bundling SPYWARE.

    Ubuntu has tainted the water. It's not a safe OS.

    --
    Do not look at laser with remaining good eye.
  13. ...and now it becomes about Linux in general. by Mirar · · Score: 3, Insightful

    By inferring that Linux in any form or shape might be not worthy of "online banking",
    I think this has hurt Linux an immense amount.

    He probably just now blocked tens of thousands of people of trying *Canonical*,
    because the article reads "*Linux* is not good to do online banking with".

    Smooth.

    I wonder if he can do anything to repair the damage. :(