back to article Linux Mint users in hot water for being slow with security updates, running old versions

Linux Mint founder Clem Lefebvre has complained that too many users are slow to apply updates or run unsupported versions of the operating system. Lefebvre used Firefox as an example. Mozilla's browser is frequently updated and has fixes for security vulnerabilities described by the firm as critical, which it defined as "can …

  1. Anonymous Coward
    Anonymous Coward

    Generally I'd be against the concept of automatic updates without user intervention.

    BUT....Linux Mint is supposed to be the user-friendly, easy to use, "Windows alternative" face of Linux, isn't it? It's aimed at people who want something that works in vaguely the same way and don't want to deal with any of the stuff that Linux has a reputation for, like command lines and tinkering.

    So...perhaps Mint SHOULD have automatic updates turned on. People who want more control over their systems can either switch them off or use another distro which doesn't have quite so much hand-holding...

    It doesn't help that it's not just YOUR system you're putting at risk. Thanks to annoyances like botnets, leaving your computer unsecured can potentially harm others.

    1. Anonymous Coward
      Anonymous Coward

      Sounds like an option to present at install-time (obviously with the ability to alter it afterwards) ...

      1. Peter X

        Or maybe, just enable automatic updates by default *but* provide a method that sys-admins / technically aware users can disable this. I personally don't like automatic updates... but I do usually apply updates as soon as they're available.

        1. Anonymous Coward
          Anonymous Coward

          I don't mind automatic security updates. Automatic feature updates are a different prospect.

          Always annoyed me that I had to prat around with the CLI to configure aspects of automatic updates.

    2. Blackjack Silver badge

      Kernel panic and video driver problems are more common on Debian based systems that people thinks.

      I had several of those over the years, be in Ubuntu, Mint or Debian. And in different machines.

      1. Gary Stewart

        Been using Debian (now Devuan) since 2005 and I have had a few video driver problems, some caused by using older video hardware. However I don't remember ever having a kernel panic after any update and only very, very rarely in normal use.

        I've also been using Linux Mint since version 17, now running 19.3, and have few if any video driver problems and NO kernel panics so far. I do keep up it updated regularly, usually on a one to two week interval. I have no problem with automatic updates, but only if I can disable them.

    3. alain williams Silver badge

      So...perhaps Mint SHOULD have automatic updates turned on.

      I suspect that some people do not notice the icon that says that updates are needed. So why not make it become bigger, flash, turn red over several days ?

      I run Linux mint on my laptop - which might not be turned on for some time - which might skew their stats.

      Firefox is a pain: I will sometimes avoid updating it as once you have done so it refuses to let you open new tabs until after a restart. That is annoying as it interrupts workflow and kills private windows.

      1. Nate Amsden

        Re: So...perhaps Mint SHOULD have automatic updates turned on.

        sure, change the default.

        Then the more advanced users who care can easily turn it off if they need to.

        (Linux user since 1996, no auto updates, ever)

        I ran Mint 17 until not long after Mint 20 came out, the timestamp on my last downloaded ISO of Mint 20 was Aug 15 which sounds about right. I maintain my browsers separately from the OS (Palemoon, Firefox ESR and Seamonkey, none of which appear to be in the Mint repos). I also run them as a somewhat more limited user and launch them via sudo e.g.

        sudo -u firefox -H VDPAU_NVIDIA_NO_OVERLAY=1 /usr/local/palemoon/palemoon %u

        Could go further of course but haven't bothered to do so. Does make sorting file permissions out funky sometimes.

        Just wasn't looking forward to doing the work to do the migration until Mint 20 came out. I rely on a gnome app called brightside which I guess hasn't been maintained in years and it took several hours of work to compile it on Mint 20 from Ubuntu 16 sources(was available in the Mint 17 repos). Plus more hours to get everything setup again(started from scratch on a new partition rather than try to upgrade the existing OS, still have Mint 17 installed and can boot to it if needed). I ran Ubuntu 10.04 on my laptop for a good 12-18 months after EOL before installing Mint 17 years ago.

        For me personally the security risk is quite low. I suspect for most linux users the risk is quite low(though mine personally I think is much lower than even that), just by nature of the type of users most likely to be running linux, combine that with stats like this:

        https://www.theregister.com/2021/02/18/cve_exploitation_2_6pc_kenna_security/

        I guess at the end of the day the "install all updates now!" group of people generally come across as you will be secure if you have all of the latest updates. (may not be the intention but that's the way it sounds in my opinion) Which of course isn't true. In my opinion even running older software you are safer if your not going to tons of random sites and downloading random things and opening random email attachments with all security updates applied. So of course it depends on the user. Hence going back to linux users are more likely to not do that kind of thing.

        I have run internet exposed servers since 1996. I host my own websites, DNS, email etc all on public IPs(behind an openbsd firewall) at a co-location facility(and I even have an FTP server still for a couple people that use my systems). My "exposure" there I guess you could say is "high" because the systems are always open from the outside(at least the ports I want opened are). However I have had zero security incidents(that I am aware of) since ~1999 (in that case the incident was caused by an malicious user on the system who was granted legitimate ssh level access but ended up being not trustworthy).

      2. bombastic bob Silver badge
        Devil

        Re: So...perhaps Mint SHOULD have automatic updates turned on.

        some people do not notice the icon that says that updates are needed

        Other people (like me) just *DISABLE* that kind of [insert profane pejorative here] and PRACTICE SAFE SURFING instead...

        1. pc-fluesterer.info
          FAIL

          how do you accoplish SAFE SURFING?

          pls. tell us your secret. What is SAFE SURFING? A condom over the mouse? What else?

    4. gerdesj Silver badge
      Gimp

      "Generally I'd be against the concept of automatic updates without user intervention."

      Wrong question, wrong answer! The real problem is that even today, software requires disruptive updates and reboots. It is absolutely shit that a modern OS needs a 30+ minute time out monthly to update. I've done Windows updates that have seen a three hour outage. Linux is better in general. The worst updateathon on Ubuntu or Centos or Debian or even Raspbian I've done was about ten minutes. I don't count Gentoo here! A laptop of mine once took over a week to recompile "world" (this was before @world and sets and I was upgrading to a v4 gcc and us plebs didn't realize that a full recompile probably wasn't really needed, just some basic libraries and related stuff)

      I have to patch a lot of Windows boxes and a lot of Linux boxes (oh and a fair few switches, firewalls and stuff) A Windows box can take anything from five minutes to 30 minutes in general for maintenance. An out of the box install can take a morning to patch to date by hand

      In 2021 I think we should expect updates to simply happen quietly in the background and reboots being rare, if at all.

    5. big_D Silver badge

      The other thing is, we have become used to our browsers saying "update has been installed, please restart the browser", or it happens the next time we boot the PC. We don't have to think about it, it just happens.

      Because of the package managers this automatic updating no longer takes place, users have to remember to run the updates. For a seasoned professional or an enthusiast, that isn't a problem. For 98% of users, this is a major problem.

      As has been mentioned, it should be an option at install time, whether Mint keeps itself up to date or whether the user wants to do it manually. That needs to be clearly worded and it need to default to automatic mode. Pros and enthusiasts will understand the consequences of turning it off and will actually read the screen, instead of just clicking through.

  2. Ian Johnston Silver badge

    You can't stop (or at least I can't stop) Firefox on Xubuntu from updating itself automatically. Could that not be implemented for Linux Mint?

    1. Woodnag Silver badge

      You should be able to lock the version under the package manager.

  3. Anonymous Coward
    Anonymous Coward

    Could they pick a better example than Firefox?

    I use Mint at home and am mostly up-to-date at 20.1, using the little icon that appears in the taskbar - Synaptic? I click on it, see the list of updates, and press OK to install them. It works well. I have (the illusion of) control, even though I click on almost everything anyway - the newer version of a package probably has a bunch of fixes in to make it better. Install away!

    Except for Firefox. They mix security updates in with their own special brand of pointless UI changes, configuration over-writes, intrusive unwanted "features" and general misery which makes them bloody hard to like. So rather than swallow every update, I tend to wait a few months until I've got the mental strength to deal with it before doing the update, and seeing what they've managed to ruin this time. At least they haven't disabled add-ons for a while.

    1. Anonymous Coward
      Anonymous Coward

      Re: Could they pick a better example than Firefox?

      "I use Mint at home and am mostly up-to-date at 20.1, using the little icon that appears in the taskbar"

      Indeed.

      The Icon always alerts me to when there is a new security update.

      "Except for Firefox. They mix security updates in with their own special brand of pointless UI changes"

      You might want to have a look at:

      /usr/share/ubuntu-system-adjustments/firefox

      And for goodness sake make changes to Mint's Firefox (including the default web page and search engine) BEFORE you let it connect to the web!

      The amount of third party servers that the default Mint Firefox connects to is bonkers!

      1. Doctor Syntax Silver badge

        Re: Could they pick a better example than Firefox?

        I'm not sure how much notice it takes of those settings. I just tried changing the search engine order - including trying commenting out the lot in hope it would stop it - with no effect at all.

    2. Fish & Chips
      Big Brother

      Re: Could they pick a better example than Firefox?

      I used to have occasional some issues with Firefox, but not any longer: I unistalled all Mozilla software after they recently promoted the clamping down of free speech on the internet and even "created a browser add-on that transforms everyday @YouTube users into watchdogs"

      https://twitter.com/mozilla/status/1358452973463097355?s=20

      1. Refugee from Windows

        Re: Could they pick a better example than Firefox?

        Of course I delay Firefox XX.0 updates until at least XX.0.1 is available, after all they're bound to have missed something obvious "whoops we missed that" comes to light. That's usually within a week.

      2. sev.monster Bronze badge
        Childcatcher

        Re: Could they pick a better example than Firefox?

        Can I flag that tweet as regrettable?

        And to think, I was even considering switching back to Firefox too, because Chrome (Ungoogled Chromium) just doesn't give me enough control. I guess there is such a thing as too much control, huh, Mozilla?

    3. Doctor Syntax Silver badge

      Re: Could they pick a better example than Firefox?

      Not to any great extent. It appears from the article that they looked at the versions of Firefox from Mint were visiting Yahoo. That means that the options were limited to browsers. It raises the question of whether Yahoo constitutes a representative sample of Mint users.

      I avoid the mental strength to tackle Firfox updates by seldom using Firefox because of their interface; I only use it when I start to wonder how Firefox handles some problem site - or the problem site simply refuses to work without some named browser (not a good sign anyway).

      I mostly use Seamonkey, which has relatively few updates and did roll back their latest version almost immediately as it had knackered the address groups interface.

      1. druck Silver badge

        Re: Could they pick a better example than Firefox?

        I would say that anyone still visiting yahoo is likely to be firmly entrenched in the past, and probably well past being able to update their OS. Mint 17 is still a lot newer than Windows 7.

        1. babaganoush

          Re: Could they pick a better example than Firefox?

          I am still using Yahoo! mail, and update my OSes - including Mint - regularly, thank you very much.

          In the 20+ years I've used Yahoo mail, I never once had a problem. And most pleasingly I can still pretty much use the same interface and workflow to compose an email as I have done two decades ago.

          Is Yahoo! modern, sexy, cutting edge - no! no! no!

          Is it perfectly and consistently serviceable at what it does - absolutely.

          1. Dave559 Silver badge

            Re: Could they pick a better example than Firefox?

            Umm, babaganoush, you might want to search this very website for details of all the many password (and other) hacks that Yahoo has had over the years…

            I'm sure many of us have some fond memories of Yahoo in its heyday, but once its profits started to drop, so did their attention to site security. I really wouldn't touch it, these days.

    4. Nate Amsden

      Re: Could they pick a better example than Firefox?

      Would be nice if Mint LTS releases, being an LTS release used Firefox ESR instead of regular firefox for this kind of reason.

      I upgrade my ESR about once every month or two myself. I haven't run the built in browsers to mint probably since Firefox's version was below 30.x. (maybe was on Ubuntu 10.04 at that time I don't recall how long ago that Firefox version was).

  4. cschneid
    Unhappy

    Grump grump grump grump

    The problem is that changing things breaks things, not changing things breaks things, what we have is broken to start with, and you kids won't get off my lawn.

    There doesn't appear to be a solution. Everyone shrugs, says "the perfect is the enemy of the good," and makes do with systems conforming to an ever lower bar designating "good enough."

    1. sev.monster Bronze badge
      Unhappy

      Re: Grump grump grump grump

      Stop it, you're gonna give me an ulcer!

    2. RobinCM

      Re: Grump grump grump grump

      My question to people when it comes to updates is:

      Your stuff might break. You have two options: risk breaking it yourself in a known way at a known time, or have somebody else break it for you in unknown ways at an unknown time maybe stealing private info in the process.

      Sensible people choose to risk breaking their own stuff :-)

  5. Dave K Silver badge

    Usage case

    My Linux machine effectively runs as a mini home server (using the LTS version of Ubuntu). As such, updates are strictly set to manual. I do update it from time to time (usually every couple of months or so), but it will be one of the systems that doesn't show as being on the "bleeding edge" of update compliance. Of course for what I use it for, I don't see this as a major problem. It serves files and a couple of other bits across my local network and I hardly ever use it for web browsing or external stuff.

    Problem in this day and age is that updates are a balancing act. The vendors would have you believe that every update is critical and must be immediately applied, yet how many times have updates introduced problems, broken compatibility or changed things that previously worked etc? Hence for me, updating is often about finding that balance between keeping my systems secure, but also wanting to ensure that I don't run into issues that prevent my system from working as it should.

  6. Blackjack Silver badge

    Linux Mint 20 does have several compatibility problems

    For example Linux Mint 20 doesn't support my monitor screen resolution by default, I had to switch to an old CTR monitor. And even then the NVIDIA driver by comes by default, even in Mint 20.1, doesn't work.

    Is a mite annoying that a monitor from the beginning of the century works but one that's only six years old doesn't.

    Unfortunately Linux Mint Debian Edition has the exact same compatibility problems Linux Mint 20.x does so besides avoiding Ubuntu specific problems there is not much point to switching to it.

  7. msknight Silver badge

    Solve the Nvida problem and I'll be on board

    I have to download the correct Nvidea driver and then compile it for my kernel. (finding the right Linux driver on Nvidea's web site can sometimes be an adventure in itself) I'm actually hanging off the latest update purely because of having to through this pain again... dropping to console, stopping the GUI service, running the Nvidea installer, then running it again as SUDO because I forgot the first time, then being told it failed, having to track down the log file, diagnose what's missing, fix that, then SUDO the installer again... and after too much time faffing about I eventually get it to work. The main desktop I updated and stuck with the open source drivers, only I'm getting flashing windows on one monitor. I mean... it shouldn't be this difficult. Blame it on Mint, blame it on Ububtu, blame it on Nvidea... I don't care who you blame... it just shouldn't be this hard for a driver which is so core to a smooth running experience.

    1. Throatwarbler Mangrove Silver badge
      Paris Hilton

      Re: Solve the Nvida problem and I'll be on board

      It took me less than five minutes of searching via Duck Duck Go to locate at least two options:

      http://www.linuxandubuntu.com/home/how-to-install-latest-nvidia-drivers-in-linux#Nvidia_PPA

      https://www.nvidia.com/en-us/drivers/unix/

      1. GrumpenKraut Silver badge

        Re: Solve the Nvida problem and I'll be on board

        Yes, this can work. Unless it does not, see my post next to this one.

        Just last week an Nvidia card died on me (several years old admittedly), it was a surprisingly happy feeling.

        1. SuperGeek

          Re: Solve the Nvida problem and I'll be on board

          I have a weird issue on my Precision M6600 where the Quadro 3000 locks up on Remote Desktop. Never been fixed. It isn't hardware either as it was a new card. The Radeon 6870 equivalent doesn't do it. Just a pain doing GPU swaps on these as the palmrest has to come off!

    2. GrumpenKraut Silver badge

      Re: Solve the Nvida problem and I'll be on board

      I recently solved that problem (and it *is* Nvidia) by swapping in an old-ish Radeon (AMD) card. Just works. About to plug in an identical Radeon into another computer that had wandering screen artifacts from day one; yes I installed the recommended firmware, it fixed the screen but leads to a solid lock-up (proper dead kernel) within less than two minutes after booting.

      Under Linux Nvidia is just a steaming pile and things are not getting better.

      Btw. intel on-CPU graphics works out of the box as well.

    3. DJV Silver badge

      Re: Solve the Nvida problem and I'll be on board

      Well, if you're going to the Nvidea website instead of the Nvidia one then that might be part of the problem!

    4. Nate Amsden

      Re: Solve the Nvida problem and I'll be on board

      I assume you have a super new Nvidia card?

      I've been using Nvidia on linux since probably 98-99, Riva TNT something like that. Haven't had to use Nvidia's drivers from their website(I mean downloading them manually and using their installer, I have relied on the packaged drivers which seem to do something similar but in a more clean way) I think I want to say since something like Ubuntu 8 or 9 myself. But I am by no means on the bleeding edge of Nvidia. My main machine runs a Quadro M2000M (Lenovo P50 laptop). Though I really don't use it's capabilities for much these days.

      I remember having to purchase AcceleratedX back in the 90s for Linux not sure if any others around here remember that. I think mainly for my Number Nine(brand) cards which I was a fan of back then.

      1. GrumpenKraut Silver badge

        Re: Solve the Nvida problem and I'll be on board

        The "wandering artifact" card of mine is a Quadro P400, launched 2017. I sadly have two of them, both have the problem. Distro is Devuan (that is Debian sans systemd).

        I guess they'd "work" under Windows, using some 100MByte driver blob. Possibly even more than two minutes in a row.

    5. Anonymous Coward
      Anonymous Coward

      Re: Solve the Nvida problem and I'll be on board

      Well... Google what Linus Torvalds said about Nvidia's non-existent support for Linux. Then stop buying hardware that everyone knows is problematic.

      1. msknight Silver badge

        Re: Solve the Nvida problem and I'll be on board

        That is, actually, fair comment. Ironically, I ended up with Nvidea because of the problems with Radeon. And now the situation seems to have come full, or half circle.

        I ended up buying some 750Ti's because of the problems with the graphics on board the A10 black which had Radeon HD 7000 on board. (two of my "always on" machines ran those processors for the relatively low power consumption at the time) My main gaming rig ended up with a 1060Ti as it was a good cost/power balance for the time, as I do run Steam and play Linux games. Although I don't push the card.

        The main problem at the time, as a serious Minecraft player, is that I would have problems starting the game with the Nouveau drivers, so I had no choice other than to load the Nvidea drivers.

        I wouldn't mind converting my three main machines to Radeon, but it's all down to spare cash (which I don't have) or winning one of the many giveaways that are going on (I wouldn't win a lottery if I bought all the tickets!)

      2. Jast118

        Re: Solve the Nvida problem and I'll be on board

        It's all fine saying that, but try playing Dying Light on Nouveau. Linus can take his views and shove them where the sun doesn't shine.

        I use Devuan, update weekly, do kernel updates once a month and don't act like a complete tit online. I practice safe surfing and have my system locked down. Yes I have to recompile the nvidia driver when I do the kernel, but its been like that for as long as I remember. The driver from apt doesnt work so well with CUDA so I use one that does. The real fun is trying to get an amdgpu driver to work in a system with an nvidia driver.

  8. Aaiieeee
    Angel

    Guilty

    Reasons:

    -I'm lazy

    -It's currently working

    ..Oh OK fine, I'll do it now

  9. Jim-234

    How about NOT doing what Microsoft Does?

    One of the reasons I much prefer Linux over Microsoft Windows 10 is the "Automatic Updates" that quite often cause serious issues and can leave your computer unusable until you decide that a re-install is probably quicker than trying to fix whatever mess they made.

    If I want updates, I'll update when I'm good and ready.

    How about we say you force automatic updates, you are responsible for fixing any systems that the update crashes... Oh and good luck when an upgrade to Mint happens to mess with your Nvidia drivers and you have disk encryption.....

    1. bombastic bob Silver badge
      Devil

      Re: How about NOT doing what Microsoft Does?

      If I want updates, I'll update when I'm good and ready.

      That sounds like INDIVIDUAL LIBERTY to me.

      Since when has a toy maker tried to stop children from playing with the toys that they make in ways that they don't like? Yeah, it's kinda like that, isn't it?

    2. Anonymous Coward
      Anonymous Coward

      Re: How about NOT doing what Microsoft Does?

      I update regularly, and the worst that happened only took 20 mins to fix after Googling the dmesg (had to uninstall and reinstall the dbus package).

      People who don't have the skills to fix computers definitely shouldn't be making decisions about switching off automatic updates.

  10. a_yank_lurker Silver badge

    Updating

    Generally I keep systems updated. Those in daily use are current while those connected to the internet but used irregularly are updated when fired up. The only system not updated is an offline Windows system kept around for a couple of applications Swambo might occasionally use, emphasis on occasionally.

  11. Andy Non Silver badge
    Linux

    An option for automatic updates would be good

    I always install the latest Mint updates as soon as they are available, which is almost every day. I'd be quite happy to tick a box to let it download and install everything automatically. Over the last 8 or so years I've been using it, I don't recall any bad updates or problems. Maybe I've just been lucky?

    1. Blackjack Silver badge

      Re: An option for automatic updates would be good

      Linux Mint is based on Ubuntu so yes you have been really lucky.

      1. Nate Amsden

        Re: An option for automatic updates would be good

        On Mint 17 I went as far as locking my kernel version for something like 2 years because I was tired of sound randomly breaking between versions. Haven't had that issue on Mint 20 yet but my kernel hasn't been updated for a while, build date says April 20 2020 (didn't install Mint 20 till August 2020).

        1. Robert Carnegie Silver badge
          Joke

          Re: An option for automatic updates would be good

          Yes I know. :-)

    2. Infi 1

      Re: An option for automatic updates would be good

      Actually, there is an option for automatic updates in Mint already. Just open the Update Manager, click Edit -- Preferences, then Automation.

      I usually set this almost straight away after I do an install so updates get installed within 24 hours of the update arriving.

      Occasionally I'll manually do the update if I see the notification before Mint does the update, but if I don't notice it, it'll get installed anyway. As mentioned, there's always Timeshift to fall back on if there's a bad update.

      1. Andy Non Silver badge

        Re: An option for automatic updates would be good

        Thanks I hadn't noticed that option. :-)

  12. mark l 2 Silver badge

    I wonder if a lot of the stats that the Mint developers have collected might actually be from people running Mint in a VM which they just run up occasionally or a live boot from DVD/USB? As I doubt many people would still be running version 17 as a daily driver and also not have bothered to change the default webpage on Firefox.

  13. Bibbit
    Trollface

    Easy solution

    Just use snaps. Sorted!

    1. Claptrap314 Silver badge

      Re: Easy solution

      Saved by the troll...

  14. Doctor Syntax Silver badge

    And right on cue comes another batch of updates with a new Firefox.

  15. yetanotheraoc

    Network = $

    I don't have broadband. That means many GBs of updates runs through my data plan, becomes an overage, and costs me _serious_ money. Automatic update sucks big-time, especially an OS update that starts when I'm not looking and can't be turned off until it finishes. I'm looking at you Microsoft. I'm looking at you Apple. I have automatic update turned off as much as possible, but these clowns turn it back on when I'm not looking. Or they allow me to turn it "off", but then they don't respect their own setting when it's the second full moon in the month, or something. Example: Apple say my iPad will update "When it's locked, connected to wifi, and connected to power". There's no setting to change that, and anyway it's not even true. It will update anytime it damn well pleases if it's locked and connected to wifi. So I have to remember to disconnect from wifi every time I lock it. When I was working in the office I would use the corporate wifi. These days I use the library wifi, and since they are closed that means standing outside in the frigid weather. But it's warming up so it looks like I can update in relative comfort this weekend. If Linux starts doing the same shit with automatic update, I am going postal.

    1. yetanotheraoc

      Re: Network = $

      Revisiting my previous post for a couple reasons, maybe the downvote I'm seeing now is related to one of these.

      1. I made a mistake about the iPad. It's not the update that happens against instructions, it's the backup. The issue with the update is slightly different. I have automatic update turned off, what Apple does in that case is automatically *download* the update (which defeats my purpose in turning off the automatic update), and then let me choose when to install it. So again I have to make sure wifi is turned off whenever it's locked.

      2. I want to apologize for my extreme language. I almost never do that, but _forced_ automatic update is my personal bugbear. On top of that a couple of comments higher up set me off. The first one suggested Microsoft was doing it right, the second one suggested maybe Linux should start doing the same thing. So I was really angry when I posted. I should have waited, I know that. Again, sorry.

      Finally, I have seven different OS on five different devices (two of them dual-boot) that all need updates. That's a lot of data going over the network, I absolutely need to manage that cost. At the moment Linux is the only OS that gives me complete control, such control is a big factor in why Linux (currently Devuan ascii and PCLinuxOS) is my OS of choice. Obviously I don't want Linux to change for the worse.

  16. razorfishsl

    Updating by default is just lazy IT.

    It is also very risky and can easily totally destroy a critical system.

    Just try it with tomcat & a background database....

    go try it with postgresql....., sometimes there is more to it than just shoving in some new updated code.

    1. jtaylor Bronze badge

      Updating by default is just lazy IT....and can easily totally destroy a critical system.

      Then stop running critical servers on Linux Mint.

      1. MrMerrymaker Silver badge

        Check out the dude who thinks Windows updates make for reliability!

  17. sreynolds

    Updates are like russian roulette

    You just never know when one update is going to bring everything down in flames. I needed to try something that wasn't working on Arch, so I used a fedora ISO I had downloaded last year. 1.7G iso, released less than four months ago. I do an install and then an apt, dnf yum or whatever it is called update and it has to download 1.1G of crap. Why? On 4G with a yagi it still takes eons.

  18. TReko

    A bit rich

    Linux Mint does not provide updates to major versions.

    For example: Installed 18.x? Then the highest you can go is 18.3. After that you need to clean install to get 19.x or 20.x

    1. bombastic bob Silver badge
      Linux

      Re: A bit rich

      most debian-based releases have "apt-get dist-upgrade" available, but you're kinda on your own to make it work. You need to mess with the sources.list file among other things. Often worth doing, but you may have problems later...

    2. Anonymous Coward
      Anonymous Coward

      Re: A bit rich

      I started on Mint 18 and upgraded in-place to 19, then 20. In both cases about a week after the new major version appeared a blog post materialised giving some command-line steps which needed to be done. Followed them faithfully and it worked fine.

      Yes I did back up my data first. And it was "unofficial". But it did work.

      It would, however, be nice if it could be done officially.

  19. drewsup

    Going to Yahoo??

    Going to Yahoo looking for insecure versions of Linux Is like going to Aldi looking for cheap shoppers.

    The more savvy *Nix users wouldn’t be caught dead at Yahoo, never mind running such an old version of Mint.

    But ya, an auto updater option would be nice as long as there’s an off button.

  20. Anonymous Coward
    Anonymous Coward

    Really? No auto-update?

    These days most people assume that auto-update is enabled. I think that the only time I don't update my system is if I am developing a kernel module (or maybe if I hear something really bad on the internet).

    I don't have a clue what is in 99.99% of the updates - many serious security fixes aren't even publicly documented for 30 days. I don't believe anyone who pretends they do know (although I always get a chuckle out of people who actually post on these articles saying exactly that). The most that I do is make them install at the end of the day and check that the computer is still running after it updates itself.

  21. Anonymous Coward
    Anonymous Coward

    The real reason

    The real reason people don't update firefox is that they only ever use it once to install chrome.

  22. CAPS LOCK

    Clem has a track record for making good decisions....

    ....unlike some other tech leaders I could mention. I trust him.

  23. dvd

    I'm on Mint 19.2...

    ...and that won't change for a while.

    Why?

    Because it took over a fucking week to get the printer working and I'm still not sure what it was that fixed things. I'll not be going through that again for shits and giggles. That's assuming that it's even possible in 20.x

  24. Mike 137 Silver badge

    Before the flood

    I remember a distant past when open source was much less bug ridden than closed source. If it now needs "automatic updates" it would appear to be catching up.

  25. nautica
    Boffin

    Article's title is not quite correct; just a teensy bit inaccurate.

    "Linux Mint users in hot water for being slow with security updates, running old versions"

    should read

    "Linux MINT in hot water for users running old versions and not accepting Mint crap spewed out since Mint 17.3"

    Now then, inaccuracy fixed.

  26. Claverhouse Silver badge
    Mushroom

    A Good Place

    I was stuck on Mint 18 for a few years past it's sell-by date simply because they dropped KDE and --- it being an old computer --- I was captious about installing an entirely new OS.

    They have every right to drop whatever they want, but when they drop something excellent, with poorer alternatives, they must expect some will stay with what works best.

    As for 'security', these never-ending screams make me tired. As I just wrote in a forum admin forum, I've never got malware and if I did, I would nuke and re-install.

  27. Claverhouse Silver badge
    Happy

    Stopping Firefox Updates

    For some time because I loathe Australis, I had to block Firefox from updating. One installs an older version, then start it, and close instanter, then go to wherever the Firefox Update Channel is in one's OS, and sets it to either blank or whatever. Then start Firefox and switch off all updates

    Otherwise once one has put in the old version, Mozilla immediately starts updating it to the newest vile version.

    .

    Now on Pale Moon, as old-fashioned as I desire, so don't have to bother any more.

  28. BPontius

    There are always comments on articles about Windows 10 from Linux users about Linux not having update or security issues, "...it just works". But the truth is Linux users don't and won't update from what I've read, even keeping auto updates off.

    "Pay no attention to the man behind the curtain." -Wizard of Oz

  29. Ganton Scum

    Use Ubuntu. Mint is a patch work quilt.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021