Announcement

Collapse
No announcement yet.

Canonical Developer Criticizes Linux Mint's Security

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • phoronix
    started a topic Canonical Developer Criticizes Linux Mint's Security

    Canonical Developer Criticizes Linux Mint's Security

    Phoronix: Canonical Developer Criticizes Linux Mint's Security

    While Linux Mint is derived from Ubuntu's package-set, a Canonical developer has criticized the popular Ubuntu derivative for its handling of packaging upgrades that could leave the system in a vulnerable state...

    http://www.phoronix.com/vr.php?view=MTUxNzY

  • leech
    replied
    Originally posted by DDF420 View Post
    They are using the dash as a gateway to find anything anywhere. Yes, this obviously may include stuff for sale via Amazon or any other of the shopping scopes.Yes since sending what you type to the smart scopes server it should be opt in.

    Paid Television advertising or paid internet advertising is totally different to affiliate marketing. Paid advertising would mean i can pay Canonical x amount and they will display my specific product related ads to everyone in the dash. That's not what happens. Instead you are shown relevant (when only amazon questionable) results, from on line retailers , to which the retailer rewards Canonical with an affiliate commission if the lead turns into a sale. PAID ads would involve Canonical receiving money from CPM/CPC advertising.
    As far as we know they're not. But what about things in the Ubuntu One Store, or whatever they call their commercial repository front-end?

    Leave a comment:


  • DDF420
    replied
    Originally posted by leech View Post
    They in essence are using their dash as a gateway to selling products, just like television does. These ARE paid ads. There really is no exaggerations. Someone clicks on an ad, buys the product, Canonical gets paid. Just like crappy advertisements on websites. Television same thing, the network gets paid for air time hoping that some people will say "I need that" and go to the store and purchase it.

    It is only slightly different than having the good ol' pop up ads from not too long ago. It's just instead of random "Get Russian brides!" popping up on your screen, you get whatever random thing you may be looking for on your system.

    Either way it's annoying product placement.
    They are using the dash as a gateway to find anything anywhere. Yes, this obviously may include stuff for sale via Amazon or any other of the shopping scopes.Yes since sending what you type to the smart scopes server it should be opt in.

    Paid Television advertising or paid internet advertising is totally different to affiliate marketing. Paid advertising would mean i can pay Canonical x amount and they will display my specific product related ads to everyone in the dash. That's not what happens. Instead you are shown relevant (when only amazon questionable) results, from on line retailers , to which the retailer rewards Canonical with an affiliate commission if the lead turns into a sale. PAID ads would involve Canonical receiving money from CPM/CPC advertising.

    Leave a comment:


  • leech
    replied
    Originally posted by DDF420 View Post
    Get your facts straight
    They are not selling paid ads in the dash. They are simply taking an affiliate commission if someone actually buys something shown from said results from a few scopes. Huge difference but you do love to exaggerate.
    They in essence are using their dash as a gateway to selling products, just like television does. These ARE paid ads. There really is no exaggerations. Someone clicks on an ad, buys the product, Canonical gets paid. Just like crappy advertisements on websites. Television same thing, the network gets paid for air time hoping that some people will say "I need that" and go to the store and purchase it.

    It is only slightly different than having the good ol' pop up ads from not too long ago. It's just instead of random "Get Russian brides!" popping up on your screen, you get whatever random thing you may be looking for on your system.

    Either way it's annoying product placement.

    Leave a comment:


  • DDF420
    replied
    Originally posted by dee. View Post
    Canonical is profiting from selling paid ads in their dash, an integral part of the OS. Try whatever mental gymnastics you like, you can't get away from that basic fact.
    Get your facts straight
    They are not selling paid ads in the dash. They are simply taking an affiliate commission if someone actually buys something shown from said results from a few scopes. Huge difference but you do love to exaggerate.

    Leave a comment:


  • dee.
    replied
    Originally posted by k1l_ View Post
    again you miss a point: they get only paid if the user actually buys something. it is not even revenueing that much money, that canonical would think of debating a special deal with amazon.

    so you can cut off that: canonical is getting rich with spyware.
    Canonical is profiting from selling paid ads in their dash, an integral part of the OS. Try whatever mental gymnastics you like, you can't get away from that basic fact.


    in both cases you have to do something to get a more secure state. if its opt-in or opt-out doesnt matter. you could think of opting-out of the not-so-good update-system, too. no matter if you call it opt-in or opt-out, the user has to take action. so its both either good or both bad. but not again these double standards that is good as long as its from canonical.
    It does matter if it's opt-in or opt-out. It matters a lot, as it's simply a way of making it certain that the needs of the users are being put as a first priority.

    The user has to take action anyway when the user wants to upgrade packages. There's no windows-style automatic updates in Mint, you have to authorize and approve the updates yourself anyway. The user can opt-in to getting certain updates which can possibly lead to instability. The feature of getting extra updates is disabled by default. There is no active feature enabled by default.

    Whereas Canonical makes it opt-out: they assume by default that you want paid ads in your application launcher, so you have to actively disable that feature yourself, to opt-out of that feature: the active feature is enabled by default. Therefore, it's opt-out.

    I can't explain this to you any clearer. The default state is inaction, any feature that performs some activity is an active feature, that can either be enabled or disabled by default, opt-out or opt-in. Getting extra updates is an active feature, not getting extra updates is the lack of an active feature. Getting paid ads in the launcher is an active feature, not getting paid ads in the launcher is the lack of an active feature.

    and again i say: you need to accept cooperation if you call for cooperation. the history of unity and the big drama after the mir announce show quite clear that there is no will to accept cooperation.
    I don't think you really know that history very well.

    Leave a comment:


  • k1l_
    replied
    Originally posted by dee. View Post
    In other words, it's paid ads. Canonical has admitted that the purpose of the feature is to collect revenue for Canonical. It produces revenue to Canonical, therefore Canonical is getting paid for displaying ads in their dash, therefore, they are paid ads. It's simple as that.
    again you miss a point: they get only paid if the user actually buys something. it is not even revenueing that much money, that canonical would think of debating a special deal with amazon.

    so you can cut off that: canonical is getting rich with spyware.


    Originally posted by dee. View Post
    No I'm not, I'm saying it's ok in both cases to have opt-in. Ubuntu is not having opt-in, they have opt-out of their adware feature.
    in both cases you have to do something to get a more secure state. if its opt-in or opt-out doesnt matter. you could think of opting-out of the not-so-good update-system, too. no matter if you call it opt-in or opt-out, the user has to take action. so its both either good or both bad. but not again these double standards that is good as long as its from canonical.


    Originally posted by dee. View Post
    It's spelled "loser". And if you want to speak of "the community", you'd better ask yourself why Canonical is shafting the entire community with Mir. Why are they shooting themselves in the foot by being divisive, when they'd much more benefit from a strong focus and united front behind Wayland.
    and again i say: you need to accept cooperation if you call for cooperation. the history of unity and the big drama after the mir announce show quite clear that there is no will to accept cooperation.

    Leave a comment:


  • dee.
    replied
    Originally posted by k1l_ View Post
    its not paid ads. they just get paid with a refund if you actually buy that after clicking on the search result. its the well known amazon-ref-link thing. other open source projects use that too, like music-players for music in the amazon store.
    In other words, it's paid ads. Canonical has admitted that the purpose of the feature is to collect revenue for Canonical. It produces revenue to Canonical, therefore Canonical is getting paid for displaying ads in their dash, therefore, they are paid ads. It's simple as that.

    no its not fallacious. on the one hand you say: its ok to have to opt-in into security topics and on the other hand you say its not ok. that is the double-standard.
    No I'm not, I'm saying it's ok in both cases to have opt-in. Ubuntu is not having opt-in, they have opt-out of their adware feature.

    as you can read in my postings in this thread im in no way like you described me.
    while for some very few but load group it seems to be the duty to pick on canonical/ubuntu i think in the long run that only leads to an enviroment where the community is the looser.
    It's spelled "loser". And if you want to speak of "the community", you'd better ask yourself why Canonical is shafting the entire community with Mir. Why are they shooting themselves in the foot by being divisive, when they'd much more benefit from a strong focus and united front behind Wayland.

    Leave a comment:


  • GreatEmerald
    replied
    Originally posted by hadrons123 View Post
    The distros that does timely security fixes are Fedora/RHEL &its clones and Arch linux is catching up even better than opensuse.
    The other distros are just super duper vulnerable.
    Gentoo Hardened should be pretty solid as well.

    Originally posted by chithanh View Post
    For reference: These are the numbers from Wikimedia (mostly Wikipedia visitors) http://stats.wikimedia.org/wikimedia...ingSystems.htm

    I think Wikimedia can accurately detect Ubuntu. They probably cannot accurately detect other distros besides Android, and those hide in the "Linux Other", which lumps together the various desktop and mobile distros. Let's make an uneducated guess that there is a 50/50 split between desktop (ChromeOS etc.) and mobile (Maemo/Meego, WebOS, OpenEmbedded etc.) in "Linux Other". This means that Ubuntu has maybe 50% share of the desktop market, which kind of agrees with other available numbers.
    Wikimedia stats come from browser user agents. All Linux distros except Ubuntu realised that it's a bad idea to inflate the user agent string (makes for additional bandwidth and could be used for fingerprinting) and removed the distro references. Thus the non-Ubuntu distros listed there are from users using really antiquated versions of the distros, or those that set their user agent manually. I'm also not sure if Ubuntu derivatives change the user agent, but I doubt they do.

    There's no 50/50 split, it's all desktops. Note how it says "Breakdown per OS version, non mobile". So my take is that Ubuntu and its derivatives are 0.22% 32-bit + 0.21% 64-bit = 0.43%, while all the other distributions combined are 0.46% 64-bit + 0.21% 32-bit + 0.03% unidentified = 0.70%. Thus from the 1.16% of desktop Linux users, Ubuntu and derivative users take 40%.

    Leave a comment:


  • k1l_
    replied
    Originally posted by Stebs View Post
    Well, IMHO the online search scopes are really no big deal/problem as long as you can easily deactivate them by mousecklicks, never had to do that thought because Unity is just not my "style" of DE.
    Every Distribution is different, has other advantages and disadvantages, so why not just test/read about them all and choose YOUR favorite... and be happy.
    Those Distro-Wars are just stupid. But what really annoys me is when people start telling "facts" that are not true (see Firefox Updates), maybe those were not meant as a lie, but why then start talking about those things if one has no clue?
    I am totally fine with users choosing what suits them best. if you dont like unity: no problem, there are a lot of other desktops out there.
    what i really dont like is the double standards when it comes to ubuntu/canonical:
    mint: well, do some reading there, some mouseclicks here and everything is fine.
    ubuntu: omg! you need to make 3 mouseclicks and its not doing that out of the box.




    Originally posted by dee. View Post
    You're twisting and/or confusing the facts here. The dash search was called spyware not because it searched online, but because it sent your keystrokes - unencrypted in first versions - to third parties without your prior consent. It's potentially dangerous even when it's sent encrypted, as there's all kinds of things you might type in your dash to search for local files that you wouldn't want broadcasted to whoever.
    i disagree. when its labled "search local and online" it is very clear that some data will be send online. and you dont want to tell me, that users want to get online results but dont want to get aynthing send online, do you?


    Originally posted by dee. View Post
    The spyware aspect wasn't the biggest issue though IMO, even if you don't consider it spyware, there's no question about it being adware. It shoves paid ads in your actual OS interface. It would be very simple to fix all the problems with the dash scopes, by simply making it opt-in instead of opt-out, and making it entirely user-configurable. No one would have anything much to complain about it then, it'd just be another optional feature. Which is why it's monumentally stupid of Canonical not to do it this way.
    its not paid ads. they just get paid with a refund if you actually buy that after clicking on the search result. its the well known amazon-ref-link thing. other open source projects use that too, like music-players for music in the amazon store.

    Originally posted by dee. View Post
    Comparing it to Mint's updates is also entirely fallacious. Mint already does the updates as opt-in: you can opt-in to receive additional updates which may potentially make your system unstable.
    no its not fallacious. on the one hand you say: its ok to have to opt-in into security topics and on the other hand you say its not ok. that is the double-standard.


    Originally posted by dee. View Post
    For me it looks like you're suffering from the same persecution complex that plagues most of the Ubuntu fanbase: "oh poor us, everyone's always picking on us becuz they jealous!! they want to make linux hard and command line only becuz ofcourse theres no other alternative to unity!!!" And it's really no wonder people spout such crap, when Shuttleworth himself encourages such thinking. And that's how we get people like bo$$...
    as you can read in my postings in this thread im in no way like you described me.
    while for some very few but load group it seems to be the duty to pick on canonical/ubuntu i think in the long run that only leads to an enviroment where the community is the looser.

    Leave a comment:

Working...
X