Announcement

Collapse
No announcement yet.

Canonical Developer Criticizes Linux Mint's Security

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #71
    Originally posted by chithanh View Post
    For reference: These are the numbers from Wikimedia (mostly Wikipedia visitors) http://stats.wikimedia.org/wikimedia...ingSystems.htm

    I think Wikimedia can accurately detect Ubuntu. They probably cannot accurately detect other distros besides Android, and those hide in the "Linux Other", which lumps together the various desktop and mobile distros. Let's make an uneducated guess that there is a 50/50 split between desktop (ChromeOS etc.) and mobile (Maemo/Meego, WebOS, OpenEmbedded etc.) in "Linux Other". This means that Ubuntu has maybe 50% share of the desktop market, which kind of agrees with other available numbers.

    For the cloud market, on Amazon EC2, we have Ubuntu at around 52% share, along with a generic 25% "Linux" lump: http://thecloudmarket.com/stats#/totals

    An older survey was done as part of Linux.conf.au 2010, a conference for Linux professionals, and it showed Ubuntu at 69.3%, twice as much as the next distro Debian, which was used by 35.5% (multiple distros could be named by respondents).

    I think it is plausible that Ubuntu runs on more than half and less than two thirds of all non-mobile Linux computers. Not 50x more share for sure.
    You're missing a major point, just because that many people visited Wikipedia or that Linux conference does not accurately represent the world usage and market share, it doesn't even come close.

    When you measure the people visiting say, Wikipedia, then you are only measuring the market share of the people visiting the wikipedia website.


    Besides, this is about security. Ubuntu is known for its enterprise OS for a good reason whether you like it or not. It is very secure.

    That's not to say that Linux Mint isn't secure either. But a lot of you are ignoring the massive manpower that Ubuntu has over Mint and they simply would not be able to release every new version that comes out without breaking something.

    But then you guys miss a bigger point that someone just gave, "It's only as secure as it's operator." So shut your faces now, you trolls.

    Comment


    • #72
      Originally posted by Pajn View Post
      Ubuntu uses sudo (I thought it stood for superuser do, but see now that it just is substitute user do) together with no root account
      (well of coerce there is one as it's still Linux but I don't have a password and can't be used). Everything that requires root permissions
      have to go through sudo which, this is very good because if you have multiple users with root/sudo rights you will see which one who
      actually did al those creepy stuff.

      By default the first account is allowed to use sudo and uses it by providing its own password.
      So no you are not root by default and you are required to enter your own password, the logs will say that your account is responsible.

      Other accounts are not sudoers by default.
      Ubuntu uses sudo to switch to the root account. A root account does exist and it has a password, but an impossible one, which makes it impossible to login as root or switch to root using su. There is no such thing like "sudo rights", all that sudo does is elevating your rights to root rights based on the rules in its configuration.

      Comment


      • #73
        Originally posted by profoundWHALE View Post
        You're missing a major point, just because that many people visited Wikipedia or that Linux conference does not accurately represent the world usage and market share, it doesn't even come close.

        When you measure the people visiting say, Wikipedia, then you are only measuring the market share of the people visiting the wikipedia website.
        Yes. But still, you will always have some bias if you don't make a direct census. Wikipedia is pretty much the most universally visited site, together with Google (although nowadays few people directly visit it, and instead uses the search bar on their browsers, it should suffice to take data, I guess), so the bias should be as small as it gets.

        Comment


        • #74
          Originally posted by Vim_User View Post
          Ubuntu uses sudo to switch to the root account. A root account does exist and it has a password, but an impossible one, which makes it impossible to login as root or switch to root using su. There is no such thing like "sudo rights", all that sudo does is elevating your rights to root rights based on the rules in its configuration.
          Well, it's the same just using different words.
          I tend to call it super user rights as that language tend to work with both Windows, Linux and OSX folks.

          Comment


          • #75
            Getting online this morning was in interesting experience, seemingly some news sites picked up a two week old post to a mailing list thread from me to turn it into something that generates revenue …


            And there you have it.

            Comment


            • #76
              Originally posted by Vim_User View Post
              Ubuntu uses sudo to switch to the root account. A root account does exist and it has a password, but an impossible one, which makes it impossible to login as root or switch to root using su. There is no such thing like "sudo rights", all that sudo does is elevating your rights to root rights based on the rules in its configuration.
              Well you can use su to switch to root:
              Code:
              tuke@Tippawaara12 ~ $ sudo su
              Tippawaara12 tuke # id
              uid=0(root) gid=0(root) ryhm?t=0(root)
              There are differencies with sudo and root terminal, i.e. some of the system critical directories are not accessible with sudo cat.

              Comment


              • #77
                You don't have to keep Mint's pin preferences

                Originally posted by Tinitus View Post
                You still won't get updates for Firefox or other packages provided by the Mint repos because they are pinned with a higher priority than Ubuntu packages. Mint's policy is to prioritize features and stability over security - for example in Mint 12 they shipped a vulnerable Java version for which there had been remote exploits in the public but they did not see the need to take action on this. See https://bugs.launchpad.net/linuxmint/+bug/890278
                You can change or remove pin preferences. My advice? Don't run any automatic update manager, use Synaptic to update packages. Set pin priorities to your needs. As for Java, I do NOT recommend enabling Java in any browser unless you have no other choice. Java, Flash, Quicktime, and Adobe Reader are the 4 biggest vectors of infection in Windows, and anyone aiming their exploits at Flash or Java gets a potential cross-platform exploit. Hell, the last time a big Java exploiut came up, NO patch was available and users were advised to get rid of Java. You can selectively enable or disable plugins in realtime in recent versions of Firefox, so you could say, disable all plugins by default, enable Java or Flash only when actually using them. If you need security, you must pay attention to this stuff yourself, and default preferences of any distro become less relevant unless the distro claims to be a security distro.

                Something like this in Tails or Torbrowser could literally get people killed, in Mint it is unlikely to do anything, and even it it does the expected consequences would be a hacked email account or Facebook page, not a visit from the secret police. Like I said before, as for online banking I wouild not trust anything for that, as I do not trust the network itself. Hell. a default Mint install would still be a tough enough target that real pros like the NSA will forget the computer and go after the router instead. When's the last time you updated your router?

                Comment


                • #78
                  Originally posted by Stebs View Post
                  Again, the only difference between Ubuntu and Mint Updates is the _default_ setting of Mint to not update things like Xorg and Kernel (level 4 and 5 updates). Enable the Level 4 and 5 Updates (by Mouseclick) and from now on you have the exact same update behavior just like Ubuntu...

                  It might be a good idea to point Ubuntu -> Mint changers to this difference in default setting (so they can decide how conservative they want to be), but thats all, why this whole drama about it?
                  ...And WTF took that Canonical guy to pretend that Mint (not talking about LMDE by the way) does not get Browser updates at the same time as Ubuntu
                  Sorry, but the "only some mouseclicks" argument didnt count when talking about the "spyware" topic with the unity search scopes. Saying now: well a user could inform himself about that topic (why should he knew about that?) and make some mouseclicks to change the default behaviour is IMHO alot different from a search saying: "local and online search" beeing called spyware because it searches online.

                  and to stop that: ubuntu/canonical/mark hates mint so everyone related to ubuntu is hating mint: (from http://www.markshuttleworth.com/archives/1295)
                  So yes, I am very proud to be, as the Register puts it, the Ubuntu Daddy. My affection for this community in its broadest sense ? from Mint to our cloud developer audience, and all the teams at Canonical and in each of our derivatives, is very tangible today.
                  reads not like that mint hating some people here are trying to make it look like.



                  for me it looks like the mobilizing against canonical from the last years (and especially this year) already gone way to far. that is not worth a linux-"community".

                  Comment


                  • #79
                    Originally posted by tuke81 View Post
                    Well you can use su to switch to root:
                    Code:
                    tuke@Tippawaara12 ~ $ sudo su
                    Tippawaara12 tuke # id
                    uid=0(root) gid=0(root) ryhm?t=0(root)
                    Which works only because you are already root when calling su and you are therefore needing no password. This is an unnecessary extra step, you could also use sudo -i.

                    There are differencies with sudo and root terminal, i.e. some of the system critical directories are not accessible with sudo cat.
                    Actually they are accessible, if you have understood how sudo works and how your shell interprets the command line. Something like
                    Code:
                    sudo cat xxx.txt > /etc/yyy.txt
                    will not work, due to the fact that your shell will try to create (or open for write) the file in /etc before it even looks at the left side of the redirection, which means your rights aren't elevated yet.
                    If you do it instead with
                    Code:
                    sudo $(cat xxx.txt > /etc/yyy.txt)
                    you will get the result you want.

                    Comment


                    • #80
                      Originally posted by malligt View Post
                      That an uninformed/under-informed ubuntu developer could cause this much angst...
                      It probably wouldn't have caused so much fuss, if it wasn't for the fact that it's been a recurring theme of late - someone or another at Canonical coming out spreading misinformation about rivals, or Shuttleworth throwing insults at everyone who's unhappy with their latest misstep. It starts looking less like incompetence, and more like malice...

                      Comment

                      Working...
                      X