Slashdot Mirror
Linux Mint Hack Is an Indicator of a Larger Problem (techrepublic.com)
An anonymous reader writes: On February 20th, a hacker working under the handle 'Peace' took control of the website of Linux Mint, a popular Linux distribution derived from Ubuntu (and Debian) targeted toward non-technical users and power users unhappy with modern desktop environments. While these attacks are regrettable, and part of an infrastructure problem rather than a problem with the distribution itself, it increasingly appears that the Linux Mint team is spread too thin when it comes to security. The distribution itself blacklists updates that work perfectly in Ubuntu and Debian, and the graphical utilities don't update the kernel. Because the value added by Linux Mint is in Cinnamon, why do the developers need to distribute a broken version of Ubuntu when the Cinnamon DE could be distributed as an Ubuntu spin?
Wake me up when they hack the Denver mint.
Now there's your problem!
I'm moving to Arch
Because the value added by Linux Mint is in Cinnamon, why do the developers need to distribute a broken version of Ubuntu when the Cinnamon DE could be distributed as an Ubuntu spin?
What the hell does this sentence mean?
and the graphical utilities don't update the kernel. Because the value added by Linux Mint is in Cinnamon, why do the developers need to distribute a broken version of Ubuntu when the Cinnamon DE could be distributed as an Ubuntu spin?
My guess would be that most - or allot - of Mint users are looking for more than just Ubuntu with Cinnamon. If that is all Mint users where looking for, there would not be a KDE version, a XFCE version, or a Mate version. If that is all they wanted, they would download Ubuntu and add the ppas for their desktop of choice. People find value with those "graphical utilities".
The author is confusing what he wants from Mint for what others want.
Are you f'ing kidding me? The entire project is like 5 guys.
Jesus how idiotic can you be.
Actually, Linux Mint's value add was originally (and still is) providing an Ubuntu distribution that includes non-free software and codecs pre-installed and configured right out of the box (e.g. DVD playback, MP3 playback, 3D graphics drivers like then visual binary blob, Flash, JAVA, etc.). Yes, these features can be separately stalled by users in Ubuntu. But for first time or novice users, this could be difficult and Linux Mint took the approach of making sure these features were installed, configured, and working out of the box.
Cinnamon is a separate project to provide an alternative to Gnome3. Linux Mint sponsored it and is the primary user of it. But it's not the only "value add".
That said, Linux Mint did make some weird design decisions. I always thought it would be easier to just create and publish a custom Ubuntu spin that included these features rather than create a whole distribution from scratch.
"Seldom have I seen such a hive of scum and villainy." Jokes aside, whats with shoving tons of unstable code into your distro "just to be like Windows". I would not touch this piece of unsecured crap with a 10' pole!
I tried mint a few years ago when I found the default install of Ubuntu desktop unusable. Could I have customized it to the desktop I wanted? Sure. Or, I could try this new distribution that has a DE that is actually intuitive. If Ubuntu shipped with Cinnamon by default I'd go back to Ubuntu. Ubuntu really shot themselves in the foot a few years ago and I got tired of being a beta tester.
I'm having problems finding a IT job because I don't want to have a Linkedn ir Shitbook account? I can't believe it. And I though I was only being targetted by cyber punksters after the princess of the nazi lost her virtual Barbie doll playing videos games.
Duh.
The candy of choice for hackers everywhere.
myself. This isn't that has lost for trool5' approximately 90%
Linux Mint isn't just Ubuntu. They also provide Linux Mint Debian Edition, which is far superior, IMHO.
The Linux community is too concerned with feature churn and not concerned enough with security and stability. It starts from the kernel and flows on down. The BSDs have them laughably beat in this area.
If you don't think they do it well, clone it and roll your own. It's a free OS. Or, if you have a suggestion that's simple and easy to implement, why not talk to the maintainers and politely suggest it, instead of ragging on them in a third party forum?
I am so friggin tired of distro wars, and people criticizing maintainers who provide a service to others for free on third-party forums instead of making actual suggestions. You want to show off how much smarter you are than the people who do this for a living? Screw you.
The site in question used WordPress, which gets hacked early and often. Being hacked had nothing to do with how many Mint developers there are; it's more a commentary on flaws most php based platforms have.
Linux Mint chooses to blacklist certain applications in line with the project goals; these of course can be overridden at user's choice.
What a pile of FUD, I smell jealousy of Linux Mint's success as unlike Ubuntu the team does listen to end user needs and wants; while Ubuntu instead crams badly designed UI (Unity) down throats that neither meets needs nor was requested by anyone
I use it with Mate since day one.
I'm not a developer but Software architect and Mint Mate just do the job without any cumbersome thing to make it works with a normal stable DE unlike ubuntu.
And The distribution itself [DOESN'T] blacklists updates that work perfectly in Ubuntu and Debian, and the graphical utilities [DO] update the kernel when correctly configured when YRTF !
Ceci n'est pas une Signature !
Right now hardly anyone knows that Ubuntu Mate exists.
In two months (16.04), expect a lot of Mint MATE and vanilla Ubuntu (Unity) users to discover that Ubuntu MATE exists. Once that happens, I expect to see Ubuntu MATE hit #1 on distrowatch. Currently, the lack of an LTS release is the main reason a lot of Mint MATE users haven't swiched to Ubuntu Mate already; that's why Mint is still #1 on distrowatch.
---
Gnome2 for life.
YALDNNAA (yet another linux distribution not needed at all)
YALDTSE (yet another linux distribution that shouldn't exist)
YALDWR (yet another linux distribution wasting resources)
YALDTH (yet another linux distribution to hack). I like this one, could be pronounced Y'all Death
I guess that is the freedom of Linux, but there are way too many distributions just because someone doesn't like something in one of the distributions. Instead of taking your energy to try and make a great distribution better, you fork and have a lot of energy up front, but then fizzle out like so many other one/two/three man projects.
Thanks, but I'll stick with the big ones here when it comes to serious work and not just playing around. Linux Mint along with so many others are simply just hobby distributions without any serious resources to remain alive long.
They were trying to portray as bad certain packages are by default not allowed, but its because of design decisions. of course that can be overridden...but I don't even get what basis their claim of no kernel updates comes from, of course it does them but doesn't jump kernel versions
I've been using Linux for many years. For most of them I was a very happy user. Linux distros in general were better than nearly all of the alternatives in terms of price, stability, quality, and capability. But I've seen all of those properties suffer these past several years.
It's not just the Linux kernel of course. It's the entire ecosystem of open source software that has built up around the Linux kernel that's suffering. GNOME 3 is atrocious, and way worse than GNOME 2. Recent releases of KDE have been very bloated. Xfce has stagnated. GCC is still slow. sysvinit wasn't great, but systemd is far worse. Wayland is nowhere to be seen. GTK+ 3 is archaic. Firefox gets worse with each release. LibreOffice is slow and bloated.
Linux and open source software used to represent great potential. They used to be better than proprietary software. Yet today they're worse. I don't think that the proprietary software has gotten better. Instead, it's the open source software that has gotten worse over time. GNOME 3 is probably the best example of how a great product can be ruined so quickly.
I don't know what to do at this point. Switching to FreeBSD is looking like the most likely option. It still suffers from some of the same problems as Linux distros do, due to it using a lot of open source software, too. But at least it will minimize the problems by FreeBSD itself being of an extraordinarily high quality, and it using better alternatives (like Clang and LLVM instead of GCC) where possible. If that doesn't work, then I'll have to try OS X or Windows 10. I never thought I'd say myself saying this, but Windows 10 is starting to look like a better option for me than most Linux distros are.
I need an operating system that works well and that is reliable. As much as I don't want to use FreeBSD or OS X or even Windows, if they provide me a better experience than Linux then I'll just have to use them instead of Linux.
That's the value for me, it works out of the box for all the hardware I've used it on so far. Unlike Ubuntu which has issues of it's own lately for me. Before the hack hit I had Mint installed on an MSI laptop with and Nvidia card and the thing fired up out of the box with no issues. Only thing I had to do was turn off that secure boot garbage in the bios which was easy.
Maybe Mint isn't the ideal distribution for people and maybe it could be done better. Still it's doing things right enough for me to use it and run Steam on it with no issues for all the games that provide native Linux ports. Could Ubuntu do it? Maybe but I hate Unity and Gnome 3. I also don't want one of the side distributions because unlike Mint I feel like they're treated as second class from the main one.
While I understand that the overlords of commerce like to pretend that nothing could ever be wrong with anything even remotely advertising-related, the reality is that Ubuntu foundation did itself some irreparable damage with that incident.
Rule 35 of the internet: "If it can be hacked, it will be". - Charles Stross
You're a moron. Don't let the door hit you on the way out. Not only is almost everything you say untrue, but it doesn't even matter whether or not it's true: you've contributed nothing towards it, and if your needs are such that any of the alternatives you mentioned can fit them, use them and be damned.
Why does Ubuntu need to distribute anything more than a shell script to build Linux from sources or precompiled binaries?
Because branding means more than reality, that's why. If you want to fix it then go LFS.
The truth is Mint the brand means more than anything and that's the problem with our society as a whole. Nobody cares about the Internals.
It's the same thing with the Internet, hell I work with people in Networking who don't even know what L1/2/3 is.
Write your own and open source it. Some of us might be willing to help.
Shhhh! Don't scare him. Later lads, popcorn time!
And non-technical Linux user. Linux desktop is a Linux desktop is a Linux desktop is a Linux desktop is a Linux desktop. It's the same software performing the same functions. The non-technical Windows user a non-technical Mac user. What is that supposed to mean? Is it like a car the disabled car is not as desirable or skilful as the non-disabled car? My daddy is bigger than your daddy? What the fuck does it mean? I don't just use the car I built the car I don't smoke cigarettes from a cigarette box I roll my own. Is this like a silly saying from a non-technical writer?
Look into Slackware
The distribution itself blacklists updates that work perfectly in Ubuntu and Debian,
It is good security practice to blacklist Mono, then disable Samba if you have no Windows machines to talk to.
The article was submitted by someone who doesn't know what he's talking about nor does he know anything about the history of Linux Mint. I use Linux Mate DE. It has nothing to do with Ubuntu and nothing to do with Cinnamon.
you can have any kernel you want to.... they push out security updates... used mint update and select kernel update and you get a list of 20-30 of them. Been running mint on parent's pc since version 6.
Concern trolling masquerading as content!
I don't know what to do at this point.
I do. Wipe your i-don-wanna can't-do-it tears in your fucking sleeve, pick yourself up out of your self-pity, tie your shoes like a big boy and get to work figuring things out, working hard and making things better like the rest of us.
Honestly. I've had it with you people. You want a nice little machine to fellate you? Ask Redmond or Cupertino. You want to build your own hot rod? Be a man and hit the books, FFS.
It's in "Update Manager", "View", "Linux Kernels".
Also allows to delete kernels although that is slow, and must be done one by one.
It has to be said, although updates to the kernel are never automatic. Thus pproximately no one does them I'd say.
In fact, with straight Ubuntu I had to do the apt-get get dist-upgrade described in the story to update the kernel (which I did very rarely) and I did not bother with graphical tools. Now there's a likable graphical tool for updates, so instead of the graphical stuff disabled or not present I get notified for every software non-kernel update that comes up.
I don't know about security updates held up, and I don't use Cinnamon (can't buy an Intel graphics card to run a desktop). This I believe is where's most of the hackery due to e.g. GTK3 upstream constantly trying to ruin the game for devs that are not building UIs that look like a cross of Mac OS and Windows 8.
The article seems fairly preposterous. For me the Mate and Xfce editions are where it's at and yes the default themes etc. are a good reason, along with cross-DE tools. Not gonna using and pushing some hastily thrown together desktop with e.g. a black task bar on top rather than a gray task bar on bottom, ugly icons and wallpapers and so on.
The guy that owns Slackware is a giant douchebag. I wouldn't use his OS again if he paid me to.
You want a nice little machine to fellate you?
Apparently I've been buying the wrong computers. Tell me more about these nice little machines.
"An unarmed man can only flee from evil, and evil is not overcome by fleeing from it." Col. Jeff Cooper
n/t
Linux Mint Cinnamon was a bubble waiting to burst. Bursting it did last week in an oblique way. If you want Cinnamon, install it under Debian or Ubuntu.
Time to break out that secure website/download server and distro knowledge and start a Spearmint variant.
Xfce has stagnated.
Great! I'd rather have something that goes nowhere at all than something that goes downhill. Software that improves itself while avoiding the eventual downhill part is extremely hard to come by, which is backed up by all the examples you posted. Putting a bunch of developers on a project yet managing to make it worse is just a waste of human resources.
If there is ever going to be "The year of the Linux desktop", Mint with Cinnamon has the best shot. IMHO
debian live has an excellent cinnamon spin, and non-free in the non-official area, its good++
http://cdimage.debian.org/cdimage/unofficial/non-free/cd-including-firmware/8.3.0-live+nonfree/
did i read that right? if that writer just called mint "broken ubuntu" I want to buy him a beer then slap him upside the head, as that is damn comical.
GNOME for life!
Fucking GCHQ.
I don't know what to do at this point. Switching to FreeBSD is looking like the most likely option. It still suffers from some of the same problems as Linux distros do, due to it using a lot of open source software, too. But at least it will minimize the problems by FreeBSD itself being of an extraordinarily high quality, and it using better alternatives (like Clang and LLVM instead of GCC) where possible.
I can install and use Clang and LLVM under Linux as well. Interesting troll though.
There ain't no such thing as proprietary standards only proprietary formats. Standards are by definition open.
Do you require services of a certified and experienced ethical hacker for your
general ethical and specialized Hacks?
+ Contact us at leehacks92@gmail.com,serious enquiries only!
Hubris, probably.
Thanks for pointing that out, hadn't heard of the project. And after spending some time on the site, it looks like you may be right. This may be the distro that fixes the damage from the UI wars. Going to try it in a VM and throw a few bucks in the tip jar just because they seem to have their heads screwed on straight.
Write your own and open source it
Exactly what is wrong with opensource right now. So much crap. Just because it's popular doesn't mean it's not crap. Please, please. Don't just start your own code unless you know what you're doing.
I didn't like Gnome 3 or Unity at all, KDE was ok, but annoyed me in small ways that eventually caused me to switch (granted that was years ago, might be better now), while XFCE was ok. When I tried Cinnamon though, I loved it.
This is definitely a difference between the bsd and Linux crowd. I think Xfce is great; if it's not broke, what's to fix? It's only an opportunity to make a good thing worse. Besides, there's a plugin interface you can write new stuff to easily, if you want to.
However much you think you're invested in Linux, you're not as invested like the people you're demanding make things 'better'. If you can't even articulate what you actually want, other than better, then you're setting up all the guys who want to do something bold like gnome3 or go conservative and stable like Xfce. I can't believe anyone would shit on Xfce. It's got to be the most stable environment on Linux or bsd.
Because I like rice.
There are many things Mint does that Buntu does not. For example, the software centre is much better and comes with important software such as Steam. Buntu, last time I checked, blacklisted Steam because they probably view them as a competitor. Furthermore, I'm glad they hold back on some of Ubuntu updates until they're tested more.
Re the comment on kernel updates, it could hardly be easier in Mint. Open the update manager where the regular updates are listed. Select "View" from the Menu bar, then select "Kernels" which opens up a list of all the kernels.
XFCE is not stagnant. The users WANT it to stay the same. It's also highly configurable, you can change things around so much that it's unrecognizable compared to the original layout. Again, the XFCE community doesn't want change, you see what change did to Gnome.
You want a nice little machine to fellate you?
Apparently I've been buying the wrong computers. Tell me more about these nice little machines.
Ah, so *that's* why everyone get's so excited about the MATE desktop. I have heard good things about the user experience it can offer.
It's the entire ecosystem of open source software that has built up around the Linux kernel that's suffering. GNOME 3 is atrocious, and way worse than GNOME 2. Recent releases of KDE have been very bloated. Xfce has stagnated. GCC is still slow. sysvinit wasn't great, but systemd is far worse. Wayland is nowhere to be seen. GTK+ 3 is archaic. Firefox gets worse with each release. LibreOffice is slow and bloated.
I think by "ecosystem of open source software", you mean "projects with a massive scope".
XFCE and GCC are the only ones you listed that don't have a massive scope -- merely large.
It's no surprise that when the scope is massive, you don't have enough developers. Keep the scope reasonable and you have something that may work.
Great! I'd rather have something that goes nowhere at all than something that goes downhill.
Well, if temporary setbacks are not allowed, there is never an advance after the local maximum is reached.
Really? That's too bad. I was going to pay you $195,000 if you would install Slackware on your computer. But since you don't want it, I'll make the offer to somebody else.
I really liked Windowmaker. At one moment I went to XFCE due to driver issues, What I liked is that the only thing it did was out things on my desktop. It did not try to do anything else.
Now we have a booty system that wants to do everything, running a kernel that trees to do everything, launching a desktop that tries to do everything with a browser that wants to do everything.
One of the reasons I started with Linux, because I liked how everything was separated (Last Windows version was Windows 95 without IE) and now we have this mess.
I like that I have 25 different programs and that each program can be replaced with something I like for reason only I know and only I need to know.
At this moment I run KDE, GNOME and XFCE programs at the same time, because sometimes I like one more than the other for any random reason.
Mmmm. Perhaps I should look back into Windowmaker as new drivers are out since a few years.
Don't fight for your country, if your country does not fight for you.
Anon really hates Mint.
Mark Shuttleworth, is that you?
[...]As much as I don't want to use FreeBSD or OS X or even Windows, if they provide me a better experience than Linux then I'll just have to use them instead of Linux.
Nice troll, but you forgot the goatse.cx link at the end.
The best way to know is to try. It's a little thing we call 'learning.' This learning is frequently necessary. This may not be the same from where you are from but humans on this planet are rarely borne coding expert level C and designing secure websites. Most people are good if they can cry and poop themselves on day one.
You pay for what you get. For a lot of free software the price is merely the correct one for the quality. If you got anything better it was because someone else paid your way - usually by learning on that way.
You want a nice little machine to fellate you?
Apparently I've been buying the wrong computers. Tell me more about these nice little machines.
Well, it's generally illegal (and socially frowned upon) to outright purchase them. However, you can request one. Random expenditures (patterned fabric, very small bits of precision forged metal, and colorful plants) and dialog are usually requirements, and their firmware is generally considered to be difficult to understand and changes frequently with minimal documentation. If you manage to acquire one in exclusivity, upgrading is incredibly expensive.
Please clarify; what does the window manager have to do with drivers?
difficult to understand and changes frequently with minimal documentation
So, you're saying they run Linux?
Many modern desktops require 3D.
Beware of he who would deny you access to information, for in his heart he dreams himself your master.
Case in point: Microsoft Windows UI, which peaked at Windows 7 and is showing no signs of anything as good as stagnating since.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
Do you always base your product selection on the personality of the owner of the company? That's like the last thing I look at, particularly if I never meet or interact with that person.
Thanks for the information, I might give LMDE another try.
left at the release 12 when clem got a) very political about Palestine b) very commercially focussed. c) obsessed by cinnamon when actually KDE was the most stable and popular spin oh I went to manjaro coz it has a boss i3 spin. https://manjaro.github.io/Manj...
You make a good point. I went to mint because it was the easiest way to get Ubuntu base w/cinnamon. Now I'm not sure why I shouldn't go to straight Debian with cinnamon on top.
I'm with you. I'll buy one of these machines for each room and the mobile for the car too.
The article describes the fact that an 'overall problem exists'. However an issue with a web page should be the least of their\our issues. The site provides checksum calculations that should be used, though that is somewhat besides the point as it can be adjusted if the site is truly taken over (if it is). Wordpress is very much the easiest CMS to install and get running (by far) (Google it). And just as easy to take over (mainly when you add plugins). But besides that, security topics have become a flamboyant topic, but generally lack overall emphasis on the general code that is applied due to vast amounts of coding that very few topics will include. In reality, while linux has adopted different philosophies, Ubuntu has been ever increasing in both the user environment and business world, which has lead to less emphasis on the individual person's security and certain sacrifices that many traditional Linux\Unix might not always agree with. While no lines of code will be included in this post, I will also remind you that Linux Mint is and still will be one of the best distributions around. If you want to help, instead of posting something such as the above topic, maybe you should spend your time writing some code instead.
Samsung has you covered:
https://www.youtube.com/watch?v=qvCGqhShNnk
The bit about Gnome 3 was spot on though.
Listen to Joe's Garage, Zappa explains it all. Di-chromium in serious leather