I don't give a fuck of any of the bullshit that I'm reading. The only thing I know is that my server in production with Ubuntu 12.04 got fucked up from this Linux kernel exploit once an hacker got into a shitty Joomla installation: http://blog.zx2c4.com/749
Well, "people that have physical access" != "random people", and if your OS has obvious permission escalation breaches, I'm not sure you can trust it anyway.
Originally Posted by FLHerne
Also, there only need one security breach in your browser for allowing remote code execution, so by that reasoning, any system with a browser is a compromised system.
Do you visit DistroWatch and click on your distro periodically? Because I don't know of a single individual that does. That's why it is not representative. DistroWatch is useful to read about distros. Usually, you already know what's in there for your distribution, and you'd only enter to compare a few if you want to switch. So, neither bounds one user to one distro (and the common case is that one user uses only one distro) nor to the distro he or she uses.
Originally Posted by Goddard
Yes, it is. Well, not a complete coincidence, as what it measures is curiosity about such distributions, but yeah, it has nothing to do with the number of users.
Originally Posted by prodigy_
On the Mint issue, with information I've found on this thread I changed my mind. I thought this was a serious problem in general, because it sounds like they don't dispatch the updates, not like they are optional. If the user knows what he/she's doing, Mint is as secure as their upstream, Ubuntu, is. It is not so moron friendly as Ubuntu, though, having the user to think about the updates.
Ubuntu requires super user permissions to install updates. Ubuntu doesn't have a root account by default.
Originally Posted by dee.
Are you suggesting that Ubuntu really has 50x more users than any other distro, and that twice as many people use tiny distros than the combined userbases of all well-known distros including Ubuntu?
Originally Posted by NothingMuchHereToSay
Because that's what those WP stats say, and your dismissal is based on the premise that they're accurate.
There is no such thing as a super user. If you mean the command su: That stands for "switch user" and switches to root by default (but you can use it to switch to any user).
Originally Posted by Pajn
Do you mean you need root permissions? If so: Are you required to enter your root password? Or is there no password at all? Or do you have root privileges all the time? If you say no to the first and/or yes to the second/third question Ubuntu is a very insecure distro.
BTW: All that questions are serious, I never used Ubuntu for myself.
For reference: These are the numbers from Wikimedia (mostly Wikipedia visitors) http://stats.wikimedia.org/wikimedia...ingSystems.htm
Originally Posted by FLHerne
I think Wikimedia can accurately detect Ubuntu. They probably cannot accurately detect other distros besides Android, and those hide in the "Linux Other", which lumps together the various desktop and mobile distros. Let's make an uneducated guess that there is a 50/50 split between desktop (ChromeOS etc.) and mobile (Maemo/Meego, WebOS, OpenEmbedded etc.) in "Linux Other". This means that Ubuntu has maybe 50% share of the desktop market, which kind of agrees with other available numbers.
For the cloud market, on Amazon EC2, we have Ubuntu at around 52% share, along with a generic 25% "Linux" lump: http://thecloudmarket.com/stats#/totals
An older survey was done as part of Linux.conf.au 2010, a conference for Linux professionals, and it showed Ubuntu at 69.3%, twice as much as the next distro Debian, which was used by 35.5% (multiple distros could be named by respondents).
I think it is plausible that Ubuntu runs on more than half and less than two thirds of all non-mobile Linux computers. Not 50x more share for sure.
Ubuntu uses the sudo mechanism. If the user is in the admin group, he can use the sudo command to run tasks with superuser privileges. Ubuntu will ask for the user's password then.
Originally Posted by TAXI
There is no password for the root account set by default. Before you can use the root account, you need to set a password (but it is not necessary as described above).
Apparmor is still in repo, you will notice this if you are USING it
Since Mint uses Ubuntu Repos, Apparmor is still in repo. In Ubuntu by default, Apparmor is disabled for the browser, the single most important place to use it! Since I use a custom Firefox profile with Apparmor, I would notice a missing /etc/apparmor/d directory very quickly and fetch the package after a new install from a Mint installer. If I am setting up a machine for someone else, I cannot use that Apparmor profile anyway as people would wonder why all the restrictions. I use the Apparmor profile as part of a layered defense to make CIPAV-type policeware harder to push to my machines used for activist work, it's not necessary for most users. If something REALLY counts I am going to use Tails, a specialized Tor-based security distro that runs from an immutable live image.
Originally Posted by monraaf
Mint does not claim to be a specialized security distro, Tails it is not and need not be. Webservers are another specialized use, requiring maximum security. Since Mint differs from Ubuntu mostly in the DE, why would anyone need a "mintserver" installer anyway?