Slashdot Mirror
Linux Mint Hack Is an Indicator of a Larger Problem (techrepublic.com)
An anonymous reader writes: On February 20th, a hacker working under the handle 'Peace' took control of the website of Linux Mint, a popular Linux distribution derived from Ubuntu (and Debian) targeted toward non-technical users and power users unhappy with modern desktop environments. While these attacks are regrettable, and part of an infrastructure problem rather than a problem with the distribution itself, it increasingly appears that the Linux Mint team is spread too thin when it comes to security. The distribution itself blacklists updates that work perfectly in Ubuntu and Debian, and the graphical utilities don't update the kernel. Because the value added by Linux Mint is in Cinnamon, why do the developers need to distribute a broken version of Ubuntu when the Cinnamon DE could be distributed as an Ubuntu spin?
Wake me up when they hack the Denver mint.
I think it means three things: "Why do people use Mint when Ubuntu is better in every way? Some people think the only answer is 'Cinnamon' . Ubuntu should port that over so they are the awesome and Mint can die"
Your ad here. Ask me how!
and the graphical utilities don't update the kernel. Because the value added by Linux Mint is in Cinnamon, why do the developers need to distribute a broken version of Ubuntu when the Cinnamon DE could be distributed as an Ubuntu spin?
My guess would be that most - or allot - of Mint users are looking for more than just Ubuntu with Cinnamon. If that is all Mint users where looking for, there would not be a KDE version, a XFCE version, or a Mate version. If that is all they wanted, they would download Ubuntu and add the ppas for their desktop of choice. People find value with those "graphical utilities".
The author is confusing what he wants from Mint for what others want.
Actually, Linux Mint's value add was originally (and still is) providing an Ubuntu distribution that includes non-free software and codecs pre-installed and configured right out of the box (e.g. DVD playback, MP3 playback, 3D graphics drivers like then visual binary blob, Flash, JAVA, etc.). Yes, these features can be separately stalled by users in Ubuntu. But for first time or novice users, this could be difficult and Linux Mint took the approach of making sure these features were installed, configured, and working out of the box.
Cinnamon is a separate project to provide an alternative to Gnome3. Linux Mint sponsored it and is the primary user of it. But it's not the only "value add".
That said, Linux Mint did make some weird design decisions. I always thought it would be easier to just create and publish a custom Ubuntu spin that included these features rather than create a whole distribution from scratch.
I'm moving to Arch
Good for you. Arch is not for newbie users as it lacks a tool to perform automated installs, but once it is up and running i'd venture to say is the most reliable, easiest to use distro out there.
Non-technical users should use a Mac, as it simply works.
I wish this was true so I wouldn't have to deal with so many support requests from Mac users.
I think it means three things: "Why do people use Mint when Ubuntu is better in every way? Some people think the only answer is 'Cinnamon' . Ubuntu should port that over so they are the awesome and Mint can die"
I agree with your interpretation. I even (unlike you, probably) kind of agree with the original author's point. I would be pretty happy if the Ubuntu team offered Cinnamon as an alternative of Unity. But of course they never will, because they specifically developed Unity to replace Gnome in the first place, thus creating all this demand for Cinnamon and Linux Mint.
I tried mint a few years ago when I found the default install of Ubuntu desktop unusable. Could I have customized it to the desktop I wanted? Sure. Or, I could try this new distribution that has a DE that is actually intuitive. If Ubuntu shipped with Cinnamon by default I'd go back to Ubuntu. Ubuntu really shot themselves in the foot a few years ago and I got tired of being a beta tester.
Non-technical users should use a Mac, as it simply works.
"Non-technical users should use $WHAT_I_THINK_IS_BEST_FOR_THEM_BECAUSE_I_UNDERSTAND_ALL_USE_CASES as it simply works". Gotcha.
I think it means three things: "Why do people use Mint when Ubuntu is better in every way? Some people think the only answer is 'Cinnamon' . Ubuntu should port that over so they are the awesome and Mint can die"
I agree with your interpretation. I even (unlike you, probably) kind of agree with the original author's point. I would be pretty happy if the Ubuntu team offered Cinnamon as an alternative of Unity. But of course they never will, because they specifically developed Unity to replace Gnome in the first place, thus creating all this demand for Cinnamon and Linux Mint.
and now we're telling the folks at Mint to go fork themselves?
{ducks}
You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
Linux Mint isn't just Ubuntu. They also provide Linux Mint Debian Edition, which is far superior, IMHO.
"Non-technical users should use $WHAT_I_THINK_IS_BEST_FOR_THEM_BECAUSE_I_UNDERSTAND_ALL_USE_CASES as it simply works". Gotcha.
Some of the better IT shops are giving users the choice between Mac and PC. From what I've seen in the field, non-technical users and engineers prefer the Mac. Macs and PCs are pretty much interchangeable these days.
It's what passes for trash talk from anonymous story contributors, a loaded question like 'when will the developers stop beating their wives?' Mint is not just Cinnamon, of course, and not all versions are even based on Ubuntu, 'broken' or otherwise. Mint fans might want to point out that Ubuntu-Mate, by far the best version of Ubuntu (see what I did there?), owes a great deal to Mint's support of the MATE desktop project...
Top 5 reasons why Arch Linux sucks:
1) Lead arch developer got his computer hacked 3 times. see: https://web.archive.org/web/20120805043450/https://bbs.archlinux.org/viewtopic.php?id=12192&p=1
2) Unstable. Go check out arch's forum instead of listening to the fanboy to see the enormous amounts of issues.
3) Unprofessional. Arch isn't used in any professional environment for a good reason. Made by amateurs.
4) Community. Pretentious, trendy, ricer, hippie morons.
5) Forum. Full of noob questions (can't help it as majority is ex-ubuntu users)
The site in question used WordPress, which gets hacked early and often. Being hacked had nothing to do with how many Mint developers there are; it's more a commentary on flaws most php based platforms have.
Linux Mint chooses to blacklist certain applications in line with the project goals; these of course can be overridden at user's choice.
What a pile of FUD, I smell jealousy of Linux Mint's success as unlike Ubuntu the team does listen to end user needs and wants; while Ubuntu instead crams badly designed UI (Unity) down throats that neither meets needs nor was requested by anyone
You mean like the Anonymous Coward who says "graphical utilities don't update the kernel"
This person should simply click the Mint update manager on their bar which brings up the graphical Update Manager Window. Then you click "View", and from that drop-down menu select "Linux Kernels". From there you can choose from all of the available kernels for Linux Mint.
I don't know about you, but that is certainly looks fairly graphical to me!
CAN-CON 2019 - Ottawa's only book oriented Science Fiction Convention! October 18-20, Sheraton Hotel, Ottawa, Canada h
Macs are really only suitable for top level security experts. Certainly not non-technical users.
You obviously haven't spend much time at an Apple Store. I seriously doubt that Grandma is a top level security expert.
That's the value for me, it works out of the box for all the hardware I've used it on so far. Unlike Ubuntu which has issues of it's own lately for me. Before the hack hit I had Mint installed on an MSI laptop with and Nvidia card and the thing fired up out of the box with no issues. Only thing I had to do was turn off that secure boot garbage in the bios which was easy.
Maybe Mint isn't the ideal distribution for people and maybe it could be done better. Still it's doing things right enough for me to use it and run Steam on it with no issues for all the games that provide native Linux ports. Could Ubuntu do it? Maybe but I hate Unity and Gnome 3. I also don't want one of the side distributions because unlike Mint I feel like they're treated as second class from the main one.
While I understand that the overlords of commerce like to pretend that nothing could ever be wrong with anything even remotely advertising-related, the reality is that Ubuntu foundation did itself some irreparable damage with that incident.
Rule 35 of the internet: "If it can be hacked, it will be". - Charles Stross
Mint is Ubuntu with an additional repository that contains Cinnamon, and a different set of default packages. When I say Mint is Ubuntu with ..., I mean that literally, as in (for Rosa):
"Ubuntu Spin" is the term given to a variant of Ubuntu that's the result of a collaboration between Canonical and an interested community. For example, KUbuntu is a spin with KDE replacing Unity as the desktop.
So...
What the author is saying is given Mint is just Cinnamon + Ubuntu, why distribute this somewhat hacked together kludge, rather than collaborating with Canonical? If the two works together, then the "Mint" side would be able to build on Ubuntu in cooperation with Canonical, leaving "CUbuntu" to have the same advantages as other spins (for example, up to date releases, testing so that changes in one part of Ubuntu do not damage CUbuntu, etc) while still getting a Cinnamon desktop.
That's one solution, another is to get more people and disentangle the project from Ubuntu completely. It depends upon what the Mint team actually want.
You are not alone. This is not normal. None of this is normal.
And the author is an ass. Mint includes, among other things, full multimedia support. Ubuntu does not have that. That's why it is very popular. Ubuntu made a choice not to include full multimedia support.
I keep reading this claim, I'm not sure what's being referred to. Ubuntu most certainly does play movies and music out of the box. It seems to have at the very least the same multimedia support that, say, Windows does.
(I just checked, Rhythmbox and "Videos" installed by default on the Ubuntu system I'm using now.)
You are not alone. This is not normal. None of this is normal.
Macs and PCs are pretty much interchangeable these days.
Not really. Macs require a much more current IT staff. Unfortunately many IT departments have been force fed the Microsoft dribble for so long that they don't know what real IT looks like. Adding Macs to corporate infrastructure should be done carefully.
It's not about the user or the OS. It's about the infrastructure behind it.
Oh for mod points. Amen.
"Non-technical users"? Fuck off. It's an OS that is designed to be used, not endlessly fiddled with. But for some self-appointed gatekeepers, that's somehow become an unbearable eternal-September thing for linux.
They wouldn't replace Unity with Cinnamon in the primary version of Ubuntu, but given they have no problems distributing versions of Ubuntu with KDE, GNOME 3, XFCE, LXDE, and even MATE (the other thing that came out of the Unity sucks movement), I don't see why they wouldn't do a Cinnamon version if there was a community willing to maintain it.
You are not alone. This is not normal. None of this is normal.
Probably codecs that Mint has but Ubuntu doesn't include by default for legal reasons
Look into Slackware
Encrypted DVDs don't play out of the box on Ubuntu, you have to manually install libdvd-pkg. Which admittedly isn't hard, but it is an extra step. And there may well be other codecs they don't support I'm not aware of.
I'm using Windows 10, but I'll use whatever is in front of me if it does the job. I gave my father my Mac mini when it was no longer fast enough for me, and he's required virtually no tech support in the years since, other than doing a fresh install of Mavericks for him.
What I'd like is to have OSX on my parts-built PC without doing a Hackintosh. Apple should know by now that opening up the OS to other hardware would mean making even more off the App Store.
My only caveat for friends who look at buying Mac is to never, ever buy first generation hardware. Wait six months. There's always something wrong with the first generation of the latest "hot and sexy" out of Apple. But they figure it out.
Macs require a much more current IT staff.
A tech manager who been with the company for 15+ years recently threw a fit. He was trying to replace the hard drive in a new Dell laptop. There was no slot for the 2.5" hard drive he wanted to install. He took the whole laptop apart and couldn't find the hard drive. Some of the techs pointed out a card on the logic board that was the new hard drive standard. He screamed that the card was the wireless card, and got madder when they pointed to the wireless card with the antenna connections. The laptop remains on the back shelf because he can't fix it with a standard 2.5" hard drive.
If the IT department is not current, it's a management problem and not a technology problem.
Bless tech support, of course. But you can't fix stupid. I am working with someone who wants a new win install, but does not know how to boot from CD.
Apple should know by now that opening up the OS to other hardware would mean making even more off the App Store.
Apple tried licensing to third-party hardware makers and saw their hardware sales decline as the cheaper Macs became popular. That was the first thing Steve Jobs killed off when he came back to Apple.
It's in "Update Manager", "View", "Linux Kernels".
Also allows to delete kernels although that is slow, and must be done one by one.
It has to be said, although updates to the kernel are never automatic. Thus pproximately no one does them I'd say.
In fact, with straight Ubuntu I had to do the apt-get get dist-upgrade described in the story to update the kernel (which I did very rarely) and I did not bother with graphical tools. Now there's a likable graphical tool for updates, so instead of the graphical stuff disabled or not present I get notified for every software non-kernel update that comes up.
I don't know about security updates held up, and I don't use Cinnamon (can't buy an Intel graphics card to run a desktop). This I believe is where's most of the hackery due to e.g. GTK3 upstream constantly trying to ruin the game for devs that are not building UIs that look like a cross of Mac OS and Windows 8.
The article seems fairly preposterous. For me the Mate and Xfce editions are where it's at and yes the default themes etc. are a good reason, along with cross-DE tools. Not gonna using and pushing some hastily thrown together desktop with e.g. a black task bar on top rather than a gray task bar on bottom, ugly icons and wallpapers and so on.
You want a nice little machine to fellate you?
Apparently I've been buying the wrong computers. Tell me more about these nice little machines.
"An unarmed man can only flee from evil, and evil is not overcome by fleeing from it." Col. Jeff Cooper
That's why they do it. The official line is "Don't replace the kernel unless you have a reason to."
Kernels update automatically as part of the graphical process. The kernel replacement procedure above is to change kernel versions. I've currently go 3.16.0-38 installed. As long as I don't do anything, any updates to 3.16.0-38 will automatically be installed.
If I want a newer version of the kernel I can bring up the kernel upgrade dialog mentioned above and scroll down through all the available kernels. I note that 3.19.0-33 has a check mark in the "recommended" column. Versions up to 4.2.0-30 are in the list, but only certain ones have the "recommended" status.
Seems user-friendly enough to me. Enough detail to help someone who wants to upgrade, hidden enough to discourage someone who really shouldn't, and automatic enough to keep the current version safely up to date.
Ignorance killed the cat. Curiosity was framed.
Xfce has stagnated.
Great! I'd rather have something that goes nowhere at all than something that goes downhill. Software that improves itself while avoiding the eventual downhill part is extremely hard to come by, which is backed up by all the examples you posted. Putting a bunch of developers on a project yet managing to make it worse is just a waste of human resources.
But isn't Ubuntu just a derivative of Debian? They probably use 80%+ pure Debian in their releases so you could argue why don't they just partner with Debian instead of rolling their own.
I also could be biased though as Mint is my distro of choice. I prefer its interface and how it works to every other distro I have used. As for the comments in the article it feels to me more that he has an axe to grind because he doesn't agree with how mint is structured. He talks about why not partner with cannonical and become a Cbuntu. But if they did that they stop be able to brand differentiate and will essentially disappear in short order. Longer term I expect that mint will start to role its own packages as it gets more and more popular.
The other thing is that mint and ubuntu have different goals and design principals. The user interface of mint is extremely stable. I run one machine with mint 13 on it and one with the latest shiny on it. You can move from one to another with almost no change to work flow.
Finally I question his other assertion that because of blacklisting packages or not upgrading kernels in place the machine is inherently more prone to security issues. The whole concept of the LTS releases of ubuntu is that they receive long term updates for security. I doubt very much that there will be a blacklisted package upgrade in mint which has security implications. That is the sort of package upgrade that they would make work. There is no question that you may not be running the latest version of every piece of software but that isn't unique to mint. If you run an LTS version of Ubuntu you won't be running the latest versions of the same software.
I don't know what to do at this point. Switching to FreeBSD is looking like the most likely option. It still suffers from some of the same problems as Linux distros do, due to it using a lot of open source software, too. But at least it will minimize the problems by FreeBSD itself being of an extraordinarily high quality, and it using better alternatives (like Clang and LLVM instead of GCC) where possible.
I can install and use Clang and LLVM under Linux as well. Interesting troll though.
There ain't no such thing as proprietary standards only proprietary formats. Standards are by definition open.
Write your own and open source it
Exactly what is wrong with opensource right now. So much crap. Just because it's popular doesn't mean it's not crap. Please, please. Don't just start your own code unless you know what you're doing.
His problem is his unwillingness to get current when it wouldn't take a whole hour on the net to learn what he needs to know.
His problem is typical of full-time employees with many years at a company. They stop learning, become comfortable and panic at the slightest hint of change. I had two friends with software engineering degrees who fell into this trap, getting great jobs out of college and getting laid off six years later in the dot com bust, unable to find a job with obsolete skills, and still working as drug store clerks years later.