Was it really the community though? It sounds like it was sheer luck, due to a guy working for Microsoft. The so called "community" often seem to be just people profiting off of a few persons or maybe even only one who do the hard work. Maybe it would be good if more people who call themselves part of this proposed "community" would actually contribute something back, instead of giving themselves a pat on the back whenever somebody else has done some good thing, like in this case. I feel as often times the term "community" is used as an excuse for "somebody else should do it". Let alone those companies that make millions of dollars but don't give a f*ck about the people that make their machinery work. The idea of open source completely freely available is a nice, idealistic view which obviously has some serious flaws in the real world. I think, Open Source-licenses will have to change, so that said companies have to pay something to libraries and other projects they are profiting from.

@@stephanhuebner4931 this what's community for) big numbers playing like they should

it is the community lol ur just blackpilled

Yeah. But some passionate script junkies absolutely hate flatpak and talk crap and contribute nothing. The truth is ftathub/flatpak allows non Linux users to become Linux users overnight without having to break their system or worry about some dependency. Immutable OS are best for non technical people and using flathub for their apps which is unbeknownst to many people.

After watching the entire video I wanted to add a few things. First, the trust situation as far as the XZ backdoor is completely solved if developers just follow good guidelines for key-signing. Debian for instance used to have a pretty good policy for key-signing. The end result is that a digital key is then essentially linked to real world identification. Maintainers can then check the signatures on a key before accepting a patch or vetting a new maintainer. Maintainers just getting started would have to go through a process to show that they could be trusted. Along the same lines - I don't like the "unverified" badge for Flathub as it makes it sound like a possibly untrusted app. I don't know what the better tag would look like, but they need something other than "un-verified". Maybe derivative maintainer badges or something similar (such as Ubuntu developer, Debian Developer, etc where the signer is a member of the named project).

lol kind of but also not really. We address this specific thing in the next Destination Linux episode

You're welcome for the content. As for the "only" server question, no that is not accurate. This backdoor was meant to be placed in every mainstream distro regardless of desktop or server. The most logical target would be servers because of their importance but everyone would have been affected to some degree even though in some cases it would be dormant. The difference is that SSH is installed by default in most server distros and is not installed by default by Desktop versions of distros. However, the backdoor would be there regardless so the moment someone wants to activate SSH on their desktop they would have instantly activated the backdoor. Flatpaks are great for many reasons and I like how they have a security mechanism but it is far from solid security and really they cant be. Flatpaks install into the home folder and permissions by default give them access to the home folder to some degree so they have access to your data. They dont have root so they cant alter the system but your personal data is stored where Flatpaks are stored and if you install a malicious Flatpak then they can still get your data (if it is in the home folder) I dont even use KDE User Themes, I am fine with the default so I have never ran into that kind of thing but yea it is potentially a problem to allow code to run but depending on what kind of data you are protecting, when it comes to /home folder data both could do things badly. The Flathub does review submissions but once something is reviewed and verified then it could be changed for someone to takeover the account on the github side or the company side and inject bad stuff. I dont think Flathub does ongoing reviews.

@@michael_tunnell Omg and here I thought flatpaks were safe. So the only safe apps are the community driven apps. Is that how I should interpret your reply? Thanks for clearing up the XZ part. So many youtubers stress that it is only server related and the rest of us are safe. Can I ask your opinion on something? Just ignore it if you don't want to engage: There's a youtuber called NetworkChuck. He is teaching a lot of hacking tricks. I don't know anything about hacking or even ethical hacking, but when i look at his material, I get a bed feeling. I think that his aim is to teach people to protect their networks, but if a criminal or weak person is tempted, could they learn how to hack other people's networls and computer with those tools, you think? Don't worry, I'm almost 70 I have no intention of learning hacking. Thank you for a bunch of great show and Gnews!

The XZ server thing is true but also not completely. Most desktop users would be safe from that initial thing BUT this backdoor offered access to someone to do basically anything they wanted so if they wanted to infect systems that deployed packages to desktop users then it would be rather trivial for them to do it. If they could infect Debian's package build servers which they almost did then they could deploy any kind of horrible nonsense to desktop users because Debian's package build servers are servers so they could be a target and then at that point everyone could be affected. > "So the only safe apps are the community driven apps. Is that how I should interpret your reply? " No, that is not what I am saying. What I am saying is "there is no such thing as 'safe' apps". Security is a never ending battle. I didnt know you were 70, that's pretty awesome! I have seen you comment on my stuff many times and I am impressed that you are doing so with as much interest and gusto. I know people in that age range who refuse to even learn how to use email, so what you are doing is awesome! Back to the topic, the common goto cliche suggestion is "you should only install software from sources you trust". The reason people say this is that it is impossible for anyone to ever guarantee that any app format from any store on any OS is 100% safe from security issues. All software can have security issues. There are configurations where some things are more likely to be safer than others like Linux is more likely to be safer than Windows. It is also probably fair to say that Flatpaks are more likely to be safer than DEBs because DEBs require root access to install and Flatpaks do not. BUT it is not possible to say any of them are "100% safe". > "I think that his aim is to teach people to protect their networks, but if a criminal or weak person is tempted, could they learn how to hack other people's networls and computer with those tools, you think?" I dont know his content but it's possible. The only real difference between "ethical hacking" and "hacking" is whether or not the person gaining the information is ethical and is going to use it ethically because it is all the same info.

I have not noticed any theming issues but that’s probably just me. Thunderbird is many levels of disappointing imo Flatpak or not so maybe it’s not the Flatpak fault but rather the Thunderbird fault

@@michael_tunnell With tarball and snap beta I can't send anything, but with the deb I can. Very weird. Maybe they fixed the theming with flatpak.

If I am not mistaken, VRR is something related to Wayland support and both KDE and GNOME offer similar support on that. I think KDE Plasma offers more control over monitor settings since GNOME still has issues with true fractional scaling and KDE has had that solved for a couple years now. Please correct me if I am wrong.

I dont think that is the metric to predicting when Wayland will switch be the main display server. X11 will survive in Ubuntu for a couple years after that I would bet and maybe even SUSE as well. I think until all major distros announce the removal of X11 then Wayland will still be far away. Fedora might be doing it by end of the year but RHEL is a couple years from that and Ubuntu is probably a couple years after that so I would say at the earliest the transition will be done in 5 years but thats not a prediction but a slightly educated guess lol

@@michael_tunnell No, because the transition isn't a complete change. It's just when most people consider it to be generally accepted. lol (But judging by the pace of development, you might be right.) In any case, X11 might be around for much longer than 5 years.

You're goddamn right!

They should take some lessons from the Sega Dreamcast. Even though the Dreamcast is no longer supported, people still can go play multi-player games like Phantasy Star Online or Quake 3 Arena through Offline or Private Servers.

What is the motivation behind a switch to Debian as the base? (I am asking this as to not assume your position) Is the point to simply avoid Ubuntu/Canonical input? Side note on the other piece, Debian Backports are much slower to update than Ubuntu so its not a drop in replacement. Latest version for Ubuntu HWE kernel is 6.5 and the latest version for Debian Backports is 6.1. (Having Linux 6.1 in Debian is actually kind of fast for Debian pace but still a year behind overall)

​@@michael_tunnell I just like Debian i guess. I've Distro hopped for a long time, and when i got to Debian KDE, i stopped hopping. It just checks all the boxes for me. After being on Debian almost exclusively Since Debian 9, you just get used to the Debian way of doing things. However i have seen a few problems with Linux mint that i can blame directly on Ubuntu's upstream packages. For example, the Ubuntu Restricted extras meta package had a problem on my Mom's computer back when i had Linux Mint installed on it. This issue was causing a hard fault every time i wanted to run updates. I couldn't install the updates until i fixed this problem. The problem was with the Microsoft core Fonts package that was part of the restricted extras. it got to the fonts package it would just fail because the URL that the fonts installer script was pointing to, was wrong. The source for those fonts had changed and Ubuntu never updated their scripts. It took them three months to fix it. Debian on the other hand maintains a completely separate version of the Microsoft core fonts installer in their repos. It also happens to be in the Linux Mint repos because Linux Mint does add some Debian packages to their repos. I installed that package instead, black listed the one from the restricted extras, and it fixed it the updating problem. Another issue that exist right now, is Linux Mint has problems playing certain HEVC h265 videos, They are choppy and glitchy. The codec for this, is also an Ubuntu maintained package, If you replace it with the Debian version, it works just fine. I tested a recent daily build of 24.04 about a week ago. And yep, it still uses the same broken codec. The bottom line is, all of these issues i mentioned, were all caused by Ubuntu upstream packages. And also in both cases i fixed them using the Debian version of the package. I've also had lots of problems with Ubuntu HWE kernel updates breaking WiFi, GPU, and VIrtualbox drivers on my system. I don't think it's as common of an issue as it used to be. But it certainly left me with a bad opinion of it. But even if we ignore all that and just look at things from a practical point of view, I think that Linux Mint, would improve if they switched to Debian, Because as time goes on, they keep doing more and more work, to block or undo Ubuntu's push for snaps as well as mitigating other bad choices they don't agree with. As a result the Linux Mint developers now have to maintain their own Deb packages along side of Ubuntu's in order to mitigate these changes. I think they could save themselves lots of work and duplicated effort, if they just used the Debian base to begin with, cutting out Ubuntu's extra baggage. But that's just my opinion. There's obviously value in it for them to keep Using Ubuntu. But i personally don't see why. I also have a tendency to favor parent distros over their downstream counterparts. Such as Arch over Manjaro, Debian over Ubuntu, etc. Linux Mint is basically a fork of a fork. I think the closer they get to the original parent distro, the better off it will be. But again, these are only my opinions.

I think your perspective as to why you think they should go to Debian is very solid. I agree with pretty much everything you said as to the basis for why it would make sense for Mint to switch to Debian as a base. As for downstream vs upstream, I think downstream can be very good options but they can also be bad options, and your point reminds me of the "too many cooks in the kitchen" scenario so great take.

@@michael_tunnell Thanks. 👍

I agree that the year version is very valuable and super easy to keep track of for what is the latest but the problem is that Linux Mint only updates the core base once every 2 years. Linux Mint 22 is based on Ubuntu 24.04 but when Ubuntu 24.10 comes out, Linux Mint will be releasing a new version but it will still be based on 24.04. I suppose they could call it 24.0 and then 24.1 then 25.0 and 25.1 but it that would cause its own problems with 24.x & 25.x being based on the same version of Ubuntu 24.04 and give just another type of confusion for most.

I do that in the video, I say sponsored by in the video and it’s also the first thing in the description

@@michael_tunnell ok, I have no problem with sponsors, but it is good to have it marked from the real content. Except this, a great channel with good information, thanks!

I think it is fair to say it could be more clear but I try to be transparent. I suppose the wording of this one needs improvement. Thanks for the feedback and thanks for watching and the kind words about the content. Expect more content coming soon. :D

I also like stability in my O.S. and found his attitude toward people like us a bit weird.

Yeah, I'm tired of this... He is too much of a neckbeard that "knows best" and has on multiple occasions been both rude and delivered false information. And I am using a rolling release, but the "I know better than you" makes my blood boil. Linux is about CHOICE! I'm unsubscribing.

Where did he smirk or appear condescending? I'm not implying that he didn't, I'm genuinely curious.

@namelast2193 please do not ask me stop doing something that I did not do. This comment is misguided at best, maybe you are commenting on the wrong video, I don't know. I would never look down on people for using Stable versions of a distro, because I dont judge people for what distro or version they use, I don't care. Especially considering I use Stable versions and would therefore be looking down on myself. I am very curious what initiated this response because to me it does not make sense so if you have a timestamp where it seems like I did that then I request you share it so I can see for myself.

@SlyPearTree what attitude? provide a timestamp of this claim. I'm a stable distro user so I am very interested to see where I insulted myself

I wouldn’t call that the method, that’s more like the type. I would say the method was mostly social engineering

I agree that GNOME is easier but that’s because it’s so much more limited than KDE Plasma. KDE’s Wayland support was good in Plasma 5 but it is great in Plasma 6. A couple notes though, Linux Mint doesn’t have GNOME as an option , in case you switch you’ll likely want to use Cinnamon. Lastly, Ubuntu’s GNOME implementation is very different from the default offering that GNOME gives so it’s a pretty big difference in ease of use comparing to vanilla GNOME

I guess the color grading was off on this episode. I am fine 😀👍

This attack was against servers primarily and Linux has been the dominant server OS for well over a decade so the popularity of desktop usage is not relevant to this attack. Of course there is some truth to what you are saying but there’s also the fact that this took the attacker 2 years to attempt so that’s an insane amount of patience. Most hackers attack Windows because it’s the easiest target, Linux is not an easy target by any stretch and just because there are more desktop users does not mean that’s the reason why it’s attacked so much, the terrible security is why its attacked so much.

I think you make an interesting point. I think physical media is still limited without emulation because if the console dies then so does the game but its not even about paying for content in perpetuity because at some point the companies just rip it all away from you even if you want to pay for it forever. This is the part that bothers me the most.

@@michael_tunnell im in my 40s, and i have seen the transition to digital, and for me the benefits so-called are outweighed by the cons , when I pay for something I still retain the concept that it is MINE , which is why I prefer DVD and blurays for my movies, and even CDs, this goes for games, but I guess if you no longer own your copy, I feel perhaps it makes an interesting case for piracy, I do not like the idea of perpetually renting.

I said this in the video but where he works was not relevant to finding it, it was just coincidental

Windows gets backdoored, you just don't hear about it because Windows is proprietary while Linux is open source

First, Microsoft is publicly and purposefully taking data from their users via Windows telemetry and we dont fully know how much they are taking because it is proprietary so switching to Windows for security or privacy would be the incorrect direction to take. Second, why would volunteers be controlled and who could possibly force any volunteer to do anything? This a contradiction to the concept of volunteering. Third, these projects need to have sustainable funding so that the people involved dont get burned out and implementing more developers would be easier because they could be paid as a job. Lastly, in your case, using an isolated machine even virtual for a specific usecase like this where it is as minimal as possible because it only does one thing. That is probably the best thing to do for that and it should absolutely not be Windows. Doesn't have to be Linux but it shouldnt be Windows.

Well, you just have to decide whether, on balance, you're safer with an OS environment that has an inherently less secure architecture and attracts many more malicious actors versus one that, while far from perfect, has a better track record for security. The XZ flaw was the result of a combination of protracted action by bad actors, what was apparently fairly sophisticated obfuscation, and social engineering. Also, had it become widespread, the effect would have been much more on server installations (not to minimize the impact of that) than on desktop users.

The public wifi are faster than secured wifi, you can do banking fasting on public wifi, don't forget to turn off your firewall and antivirus while on public networks to save your battery.

Microsoft didnt tell him to keep digging and didnt tell him to tell anyone so no, Microsoft didnt save Linux just because they employed the guy who found this. It is good that he was employed by them to work on PostgreSQL and therefore he found this during testing but they didnt actively do anything. We got lucky that he found it and Microsoft got lucky they made a good hiring decision :D

The undoing what Ubuntu does is a good debate point because it does seem like they could be served better elsewhere. The counter point for that is the Ubuntu support is so widespread that being based just on Debian is limiting a lot of factors because Debian stable (what LMDE is based on) is very slow to update and have hardware support. Being based on Ubuntu is probably a better base because it is updated faster and backed by a large company so you can benefit from the money being put into that base vs Debian that gets residuals of Ubuntu backing and other volunteer stuff. I think you are right that it would make more sense for Linux Mint to be based on Debian in the sense that they are so vocal about anti-Ubuntu on a variety of topics especially Snaps but even with that under consideration I think the benefit of being based on Ubuntu has so many other benefits than being based on Debian and that is why they still do it that way.

@@michael_tunnell I am sure the team could just perhaps branch off from Debian Sid then, if they need more hw support either way, ubuntu imo has pretty much dropped the ball in support and their policies regarding pushing a package format nobody wants to use by force.

@@breadmoth6443 in my opinion the issue is that Debian Sid is not a stable base, even Ubuntu doesn't use Sid for the most part. The amount of effort to stablize and test Debian Sid is a lot of work. Linux Mint can't keep up with Ubuntu's non-LTS releases of every 6 months which is why they switched to being based on Ubuntu LTS so I dont think it is possible for them to do that. As for the other comment, I respect your right to not like Snaps and what Ubuntu is doing with them but I do disagree with the use of the term "force" because no one is being forced to only have a single option of using a Snap because even without Linux Mint making a DEB for stuff, there were still choices and the word "force" implies zero choice which is just not accurate. I think it makes perfect sense that Ubuntu/Canonical would make a format they think is good and then try to push it forward, honestly I would be asking why they arent doing that if they werent.

@@michael_tunnell well perhaps Linux Mint can just take the ubuntu page and solely base itself off of debian then which goes back to my main point, if ubuntu at some point could base off debian and be successful, I am sure Linux Mint can too; and the reason why I also implied 'force', is because it defaults to snaps , and the user isn't really given a choice if they want snaps or not, and seems you have to jump through some hoops to get a regular package if you want. also the question is for how long, until you can ONLY use snaps?

Ubuntu was able to base of Debian because Mark Shuttleworth was an independent wealthy millionaire prior to make Ubuntu. Mark Shuttleworth spent millions of dollars building Ubuntu and while it is based on Debian it is also much different. Linux Mint does not have a millionaire backer and their team is much much smaller so that's why Ubuntu could do it and Linux Mint likely can't. Also 5 years ago Ubuntu almost went under because they were losing so much money. Even now, Canonical is only 1/3rd the annual revenue of SUSE. This is to say that it takes a lot of effort to be successful in this space. However, there is more to this story. In my opinion, Linux Mint has no reason to switch to directly Debian because the amount of influence Ubuntu has on Debian is much much higher than people think. The guy who maintains APT and created Synpatic package manager is an employee of Canonical. The entire kernel team of Debian work for Canonical, last I checked (last year). The list goes on. If the goal is to avoid Ubuntu/Canonical, that's basically impossible if Debian is still involved. As for the Snaps thing, defaulting to Snaps is not equivalent to forcing. Yes, some people who dont know anything about Snaps vs DEBs will therefore install the Snap but its more likely than not that if they dont know they likely wont care. Especially, now that the speeds of Snaps are no where near as bad as they used to be so its mostly fine for average users. The only reason imo to want a regular package (DEB) is the speed of the loading but that's much less of an issue these days. I think the use of the term force makes people attack Ubuntu as if they are some kind of villain and just because they saw a truly massive problem in Linux and wanted to fix it . . . I dont think that is fair to call them a villain. If someone doesnt like Snaps then they can choose to not use them but I dont see a problem for Ubuntu to want to push the format they are making to improvement the desktop experience. If they believe it is good to push then they should. The funny thing to me is that people think DEB packages are some wonderful perfect package format when these are super flawed, I mean the security of DEBs is not only non-existent you have to give a DEB complete root access to install it and this is just one of the flaws.

L take.

In my experience, Gnome-people tend to shame Plasma-people with buzzwords like "old-fashioned" and "windows-like", often without any clue or care for what these words mean or if they even make sense or what is the meaning behind the way Plasma is done.

@@stephanhuebner4931 I always find it amusing when gnome calls KDE "old fahioned" when gnome is unwilling to even implement basic functionality for some things. I can make my KDE desktop look like a mac in a few clicks, how is that "windows like"?!? LMAO They are both great, but for completely different reasons and for completely different kinds of people.

@@marcusjohansson668 I don't get it either. To me it looks like a desperate attempt to justify the existence and difference of the Gnome-desktop compared to just about any other. But if "modern" is the only real argument, there *is* no argument. And the alleged streamlined experience is something that has yet to be proven, and in my opinion, is actually disproven by the simple fact that just about any Gnome-environment uses some variation of add-ons to make it actually usable. Whereas KDE Plasma works perfectly fine out of the box. So much for "old fashioned".

I advocate for the companies making billions of dollars to donate to the projects they depend on…not regular users

@@michael_tunnell wont work companys will always take free if they can :) while there will be licenses what say free to use for comercial use no money will come.

@@michael_tunnell In my opinion, the popular open source-licenses are an idealistic view of the world that often doesn't translate well into the real world. The licenses should change in a way that companies that make huge amounts of money *have* to donate a certain proportion of their profits (or workforce) to said projects.

that is a very dystopian way to look at this topic but interesting and not without some merit since there really is no way to know. The complexity of finding it in something completely unrelated is why I am willing to believe it was luck but I dont know and maybe we will never truly know 🤷‍♂️ . . . interesting point though, thanks for commenting.

I made big changes to this stuff the next episode, much more simplistic and chill. Check that one out and let me know your thoughts. It’s the one with SPI-ware in the title

@michael_tunnell Sorry, it's just that every time I get on YT, I'm reminded of why I literally can't even watch it anymore. It's a platform-wide problem. YT has no regulations or guidelines for content creators to follow when it comes to flash warnings, and some people do have medical conditions that make them prone to seizures. So I didn't mean that as just being kind of tongue in cheek. I really do appreciate your reply and consideration though.

I agree that a lot of people are going way overboard with effects and animations, the Mr.Beastification of KZbin is pretty annoying. I didnt think we were doing it too much but I think the latest episode is much more chill in the vibe while still having visuals. Very curious what you think when you get the chance to take a look at it. 😎👍

GNOME users enjoy having features taken away and then call it modern. It may be modern since modernity is all about owning nothing and being happy.

Your opinion is absurd. There are different environments for different people and KDE is a very, very efficient one that doesn't need to be customized into anything as it works quite nicely right from out of the box. It just doesn't act like an overbearing parent that constantly tells their users how to behave and how to do their work. If you prefer Gnome, fine, but don't act as if KDE is unusable in its default state. There's a good reason why the "Windows experience" (which in actuality is based on former standards developed by Apple and others) is still a standard. It's something that countless people know how to work with, coming from Windows or Mac, and it's because this standard works just as well as Gnomes', if not better. Just because an idea is "modern" doesn't mean that it's automatically good.

@@stephanhuebner4931 Thank you for making my point.

@@_-martin-_ You're acting like the typical, childish Gnome zealot who thinks they've seen the light and everybody else is stupid. Hope you'll find happiness in your La la land.

@_-Martin- As a man who has tried many if not all major DE setups. Gnome is far from the friendly setup and it's required extensions to do anything approach doesn't endear it anymore than KDE. Take the gatekeeper attitude and leave as it's not appreciated by anyone If you prefer Gnome fine but if people prefer KDE or anything else doesn't make them a lesser individual