XZ Backdoor Attack, Linux Mint 22, Fedora Switch to KDE?, Flathub Unverified & more Linux news

  Рет қаралды 13,356

Michael Tunnell

Michael Tunnell

Күн бұрын

Пікірлер: 130
@pamus6242
@pamus6242 7 ай бұрын
This channel is a 10/10 for Linux Journalism and OSS news.
@greenrocket23
@greenrocket23 7 ай бұрын
Thankfully the community acted on time to prevent the worse case scenario from happening
@stephanhuebner4931
@stephanhuebner4931 7 ай бұрын
Was it really the community though? It sounds like it was sheer luck, due to a guy working for Microsoft. The so called "community" often seem to be just people profiting off of a few persons or maybe even only one who do the hard work. Maybe it would be good if more people who call themselves part of this proposed "community" would actually contribute something back, instead of giving themselves a pat on the back whenever somebody else has done some good thing, like in this case. I feel as often times the term "community" is used as an excuse for "somebody else should do it". Let alone those companies that make millions of dollars but don't give a f*ck about the people that make their machinery work. The idea of open source completely freely available is a nice, idealistic view which obviously has some serious flaws in the real world. I think, Open Source-licenses will have to change, so that said companies have to pay something to libraries and other projects they are profiting from.
@ordinarygg
@ordinarygg 7 ай бұрын
@@stephanhuebner4931 this what's community for) big numbers playing like they should
@vendetta.02
@vendetta.02 7 ай бұрын
it is the community lol ur just blackpilled
@OldKingMaple
@OldKingMaple 7 ай бұрын
Appreciate your delivery and news. Great work!
@WolfSparc
@WolfSparc 7 ай бұрын
Have to say that I really feel sorry for the XZ dev (Tukaani?) I really hope they are given support from groups/orgs like Microsoft and Linux foundation etc and perhaps the tool itself should be moved under the watchful eye of one of these corps and Tukaani provided a good salary for continued work on such a widely used tool.
@guilherme5094
@guilherme5094 7 ай бұрын
As always thanks Michael.
@prateekSpace
@prateekSpace 7 ай бұрын
A Sunday with Linux weekly update just awesome thanks MT for makin this video!
@MegaSunspark
@MegaSunspark 7 ай бұрын
Thank you, Andres! Hope Microsoft rewards you with a handsome bonus or pay hike, even though it wasn't a Microsoft OS or application. But the responsibility to the general community should be commended and appreciated.
@thingsiplay
@thingsiplay 7 ай бұрын
Flatpak Unverified I think it's a good idea to put a badge for unverified apps. But this can be improved. I personally don't like the term "unverfied" and wish it was more descriptive such as "Official" and "Unofficial". Also the warning symbol next to it looks like this could be malware. Also if there is an official app, it could be listed alongside to the unofficial one to bring it into relation.
@pamus6242
@pamus6242 7 ай бұрын
Yeah. But some passionate script junkies absolutely hate flatpak and talk crap and contribute nothing. The truth is ftathub/flatpak allows non Linux users to become Linux users overnight without having to break their system or worry about some dependency. Immutable OS are best for non technical people and using flathub for their apps which is unbeknownst to many people.
@tmendoza6
@tmendoza6 7 ай бұрын
Linux news! baby
@louisfifteen
@louisfifteen 7 ай бұрын
Thank you Michael for taking your time to explain what happened. Did I get it right, that it is "only" server based, that me using fedora 29 WS is not affected or would have been affected? I only use flatpaks, and I am not confused, just feeling secure with flatpaks. What I don't feel secure with, is using KDE User Themes. They are not monitored by any human andis found to contain, in some cases, not all, malware.
@michael_tunnell
@michael_tunnell 7 ай бұрын
You're welcome for the content. As for the "only" server question, no that is not accurate. This backdoor was meant to be placed in every mainstream distro regardless of desktop or server. The most logical target would be servers because of their importance but everyone would have been affected to some degree even though in some cases it would be dormant. The difference is that SSH is installed by default in most server distros and is not installed by default by Desktop versions of distros. However, the backdoor would be there regardless so the moment someone wants to activate SSH on their desktop they would have instantly activated the backdoor. Flatpaks are great for many reasons and I like how they have a security mechanism but it is far from solid security and really they cant be. Flatpaks install into the home folder and permissions by default give them access to the home folder to some degree so they have access to your data. They dont have root so they cant alter the system but your personal data is stored where Flatpaks are stored and if you install a malicious Flatpak then they can still get your data (if it is in the home folder) I dont even use KDE User Themes, I am fine with the default so I have never ran into that kind of thing but yea it is potentially a problem to allow code to run but depending on what kind of data you are protecting, when it comes to /home folder data both could do things badly. The Flathub does review submissions but once something is reviewed and verified then it could be changed for someone to takeover the account on the github side or the company side and inject bad stuff. I dont think Flathub does ongoing reviews.
@louisfifteen
@louisfifteen 7 ай бұрын
@@michael_tunnell Omg and here I thought flatpaks were safe. So the only safe apps are the community driven apps. Is that how I should interpret your reply? Thanks for clearing up the XZ part. So many youtubers stress that it is only server related and the rest of us are safe. Can I ask your opinion on something? Just ignore it if you don't want to engage: There's a youtuber called NetworkChuck. He is teaching a lot of hacking tricks. I don't know anything about hacking or even ethical hacking, but when i look at his material, I get a bed feeling. I think that his aim is to teach people to protect their networks, but if a criminal or weak person is tempted, could they learn how to hack other people's networls and computer with those tools, you think? Don't worry, I'm almost 70 I have no intention of learning hacking. Thank you for a bunch of great show and Gnews!
@michael_tunnell
@michael_tunnell 7 ай бұрын
The XZ server thing is true but also not completely. Most desktop users would be safe from that initial thing BUT this backdoor offered access to someone to do basically anything they wanted so if they wanted to infect systems that deployed packages to desktop users then it would be rather trivial for them to do it. If they could infect Debian's package build servers which they almost did then they could deploy any kind of horrible nonsense to desktop users because Debian's package build servers are servers so they could be a target and then at that point everyone could be affected. > "So the only safe apps are the community driven apps. Is that how I should interpret your reply? " No, that is not what I am saying. What I am saying is "there is no such thing as 'safe' apps". Security is a never ending battle. I didnt know you were 70, that's pretty awesome! I have seen you comment on my stuff many times and I am impressed that you are doing so with as much interest and gusto. I know people in that age range who refuse to even learn how to use email, so what you are doing is awesome! Back to the topic, the common goto cliche suggestion is "you should only install software from sources you trust". The reason people say this is that it is impossible for anyone to ever guarantee that any app format from any store on any OS is 100% safe from security issues. All software can have security issues. There are configurations where some things are more likely to be safer than others like Linux is more likely to be safer than Windows. It is also probably fair to say that Flatpaks are more likely to be safer than DEBs because DEBs require root access to install and Flatpaks do not. BUT it is not possible to say any of them are "100% safe". > "I think that his aim is to teach people to protect their networks, but if a criminal or weak person is tempted, could they learn how to hack other people's networls and computer with those tools, you think?" I dont know his content but it's possible. The only real difference between "ethical hacking" and "hacking" is whether or not the person gaining the information is ethical and is going to use it ethically because it is all the same info.
@dlbike76
@dlbike76 7 ай бұрын
I've been watching every video that I can on this, and it's really surprising to me that this wasn't picked up and financially supported by someone somewhere. Redhat, Canonical, FSF, etc. and the list just goes on.
@dlbike76
@dlbike76 7 ай бұрын
After watching the entire video I wanted to add a few things. First, the trust situation as far as the XZ backdoor is completely solved if developers just follow good guidelines for key-signing. Debian for instance used to have a pretty good policy for key-signing. The end result is that a digital key is then essentially linked to real world identification. Maintainers can then check the signatures on a key before accepting a patch or vetting a new maintainer. Maintainers just getting started would have to go through a process to show that they could be trusted. Along the same lines - I don't like the "unverified" badge for Flathub as it makes it sound like a possibly untrusted app. I don't know what the better tag would look like, but they need something other than "un-verified". Maybe derivative maintainer badges or something similar (such as Ubuntu developer, Debian Developer, etc where the signer is a member of the named project).
@johanb.7869
@johanb.7869 7 ай бұрын
I don't use flatpaks because they don't theme right and when I tried the Thunderbird flatpak I could not send files or pdf's from Thunar with Thunderbird.
@michael_tunnell
@michael_tunnell 7 ай бұрын
I have not noticed any theming issues but that’s probably just me. Thunderbird is many levels of disappointing imo Flatpak or not so maybe it’s not the Flatpak fault but rather the Thunderbird fault
@johanb.7869
@johanb.7869 7 ай бұрын
@@michael_tunnell With tarball and snap beta I can't send anything, but with the deb I can. Very weird. Maybe they fixed the theming with flatpak.
@SecretlySeven
@SecretlySeven 7 ай бұрын
About the Fedora KDE thing. I think it's all about variable refresh rate. In 2024 if you want to be taken serious as an OS you have to be able to nail gaming and variable refresh rate is at the top of everyone's list right now.
@michael_tunnell
@michael_tunnell 7 ай бұрын
If I am not mistaken, VRR is something related to Wayland support and both KDE and GNOME offer similar support on that. I think KDE Plasma offers more control over monitor settings since GNOME still has issues with true fractional scaling and KDE has had that solved for a couple years now. Please correct me if I am wrong.
@Sunrise-d819i2
@Sunrise-d819i2 7 ай бұрын
I love the flathub sign because packaging with virus is becoming a common deliverly system like with the OBS, VLC and ect that had virus packaged in the EXE's an just because its linux don't mean you can have malware installed on the system that will track and ect. right now linux's main weakness is info stealers. the new flathub system is the best for everyone.
@jet6593
@jet6593 7 ай бұрын
I liked that smash button and smashed the likes button too
@jasonsdodd
@jasonsdodd 7 ай бұрын
You mean we have M$ to thank? :)
@michael_tunnell
@michael_tunnell 7 ай бұрын
lol kind of but also not really. We address this specific thing in the next Destination Linux episode
@squirlmy
@squirlmy 7 ай бұрын
xz nor was not part of the kernel, but part of systemd, which is another matter that could be discussed: Systemd goes against the "Unix philosophy" of small tools for specific problems, and tries to do a ton of stuff at boot up. Most OpenSSH on various distros don't use libzma nor call xz, but Redhat, (Fedora?) and Debian distros patch OpenSSH to do this. They add a patch to link sshd to systemd, which in turn, links to liblzma, and this allows xz Utils to exert control over sshd. While other linux distros could theoretically spread the malware, the vast majority wouldn't be directly effected. And this seems to be purposefully planned stealth, not an oversight. the malware had "security through obscurity", and wouldn't be noticed easily, but would compromise those specific distros seriously!
@Jopekos
@Jopekos 7 ай бұрын
Wayland on NVidia GPUs needs an urgent solution. ✅
@mploof
@mploof 7 ай бұрын
I like mint, but I wish they'd change their version number to a year format (22 should be 24 now), and every distro for that matter.
@michael_tunnell
@michael_tunnell 7 ай бұрын
I agree that the year version is very valuable and super easy to keep track of for what is the latest but the problem is that Linux Mint only updates the core base once every 2 years. Linux Mint 22 is based on Ubuntu 24.04 but when Ubuntu 24.10 comes out, Linux Mint will be releasing a new version but it will still be based on 24.04. I suppose they could call it 24.0 and then 24.1 then 25.0 and 25.1 but it that would cause its own problems with 24.x & 25.x being based on the same version of Ubuntu 24.04 and give just another type of confusion for most.
@taylor-worthington
@taylor-worthington 7 ай бұрын
Wayland will soon be the only choice for Fedora Workstation. Then it will be that way in RedHat a year or two later. Isn't that the closest thing to predicting when Wayland will be the new desktop.
@michael_tunnell
@michael_tunnell 7 ай бұрын
I dont think that is the metric to predicting when Wayland will switch be the main display server. X11 will survive in Ubuntu for a couple years after that I would bet and maybe even SUSE as well. I think until all major distros announce the removal of X11 then Wayland will still be far away. Fedora might be doing it by end of the year but RHEL is a couple years from that and Ubuntu is probably a couple years after that so I would say at the earliest the transition will be done in 5 years but thats not a prediction but a slightly educated guess lol
@taylor-worthington
@taylor-worthington 7 ай бұрын
@@michael_tunnell No, because the transition isn't a complete change. It's just when most people consider it to be generally accepted. lol (But judging by the pace of development, you might be right.) In any case, X11 might be around for much longer than 5 years.
@fontenbleau
@fontenbleau 7 ай бұрын
Your voice at x2 speed perfect for Ai
@AndersJackson
@AndersJackson 7 ай бұрын
(It would be nice if you marked support companies part of your video. For transparency.)
@michael_tunnell
@michael_tunnell 7 ай бұрын
I do that in the video, I say sponsored by in the video and it’s also the first thing in the description
@AndersJackson
@AndersJackson 7 ай бұрын
@@michael_tunnell ok, I have no problem with sponsors, but it is good to have it marked from the real content. Except this, a great channel with good information, thanks!
@michael_tunnell
@michael_tunnell 7 ай бұрын
I think it is fair to say it could be more clear but I try to be transparent. I suppose the wording of this one needs improvement. Thanks for the feedback and thanks for watching and the kind words about the content. Expect more content coming soon. :D
@saint00
@saint00 7 ай бұрын
the method they used is called a supply chain attack....
@michael_tunnell
@michael_tunnell 7 ай бұрын
I wouldn’t call that the method, that’s more like the type. I would say the method was mostly social engineering
@jasonsdodd
@jasonsdodd 7 ай бұрын
You should not need an internet connection to play a game, period. Even multi player should be able to be done via lan if you like.
@guilherme5094
@guilherme5094 7 ай бұрын
You're goddamn right!
@Mr.Atari2600
@Mr.Atari2600 7 ай бұрын
They should take some lessons from the Sega Dreamcast. Even though the Dreamcast is no longer supported, people still can go play multi-player games like Phantasy Star Online or Quake 3 Arena through Offline or Private Servers.
@AndersJackson
@AndersJackson 7 ай бұрын
Hm, I might transfer from Ubuntu to Mint now. I thought KDE had bad support for Wayland. KDE is a good DE, but I think GNOME is easier.
@michael_tunnell
@michael_tunnell 7 ай бұрын
I agree that GNOME is easier but that’s because it’s so much more limited than KDE Plasma. KDE’s Wayland support was good in Plasma 5 but it is great in Plasma 6. A couple notes though, Linux Mint doesn’t have GNOME as an option , in case you switch you’ll likely want to use Cinnamon. Lastly, Ubuntu’s GNOME implementation is very different from the default offering that GNOME gives so it’s a pretty big difference in ease of use comparing to vanilla GNOME
@RockawayCCW
@RockawayCCW 7 ай бұрын
The Linux Foundation should employ the people that make critical parts of the system (like XZ) instead of wasting money on gender studies.
@matthewmoore757
@matthewmoore757 7 ай бұрын
20:30 I've been saying it for years, but i believe it even more strongly now. Linux Mint should just drop Ubuntu and move their default base over to Debian. LMDE is already indistinguishable from the Main version to the untrained eye. There are differences but nothing the average joe would notice. They should drop Ubuntu like a hot potato and embrace Debian as their primary base. I've felt this way for many years. Also with the Debian backports repository you can get the newer kernels on Debian if you need them. The Mint team could easily link to the backports for their kernel manager GUI. and still offer an "Edge" kernel if they wanted to. It would be easy to do so. Maybe we should start a petition to persuade Clem to drop Ubuntu from Mint. :)
@michael_tunnell
@michael_tunnell 7 ай бұрын
What is the motivation behind a switch to Debian as the base? (I am asking this as to not assume your position) Is the point to simply avoid Ubuntu/Canonical input? Side note on the other piece, Debian Backports are much slower to update than Ubuntu so its not a drop in replacement. Latest version for Ubuntu HWE kernel is 6.5 and the latest version for Debian Backports is 6.1. (Having Linux 6.1 in Debian is actually kind of fast for Debian pace but still a year behind overall)
@matthewmoore757
@matthewmoore757 7 ай бұрын
​@@michael_tunnell I just like Debian i guess. I've Distro hopped for a long time, and when i got to Debian KDE, i stopped hopping. It just checks all the boxes for me. After being on Debian almost exclusively Since Debian 9, you just get used to the Debian way of doing things. However i have seen a few problems with Linux mint that i can blame directly on Ubuntu's upstream packages. For example, the Ubuntu Restricted extras meta package had a problem on my Mom's computer back when i had Linux Mint installed on it. This issue was causing a hard fault every time i wanted to run updates. I couldn't install the updates until i fixed this problem. The problem was with the Microsoft core Fonts package that was part of the restricted extras. it got to the fonts package it would just fail because the URL that the fonts installer script was pointing to, was wrong. The source for those fonts had changed and Ubuntu never updated their scripts. It took them three months to fix it. Debian on the other hand maintains a completely separate version of the Microsoft core fonts installer in their repos. It also happens to be in the Linux Mint repos because Linux Mint does add some Debian packages to their repos. I installed that package instead, black listed the one from the restricted extras, and it fixed it the updating problem. Another issue that exist right now, is Linux Mint has problems playing certain HEVC h265 videos, They are choppy and glitchy. The codec for this, is also an Ubuntu maintained package, If you replace it with the Debian version, it works just fine. I tested a recent daily build of 24.04 about a week ago. And yep, it still uses the same broken codec. The bottom line is, all of these issues i mentioned, were all caused by Ubuntu upstream packages. And also in both cases i fixed them using the Debian version of the package. I've also had lots of problems with Ubuntu HWE kernel updates breaking WiFi, GPU, and VIrtualbox drivers on my system. I don't think it's as common of an issue as it used to be. But it certainly left me with a bad opinion of it. But even if we ignore all that and just look at things from a practical point of view, I think that Linux Mint, would improve if they switched to Debian, Because as time goes on, they keep doing more and more work, to block or undo Ubuntu's push for snaps as well as mitigating other bad choices they don't agree with. As a result the Linux Mint developers now have to maintain their own Deb packages along side of Ubuntu's in order to mitigate these changes. I think they could save themselves lots of work and duplicated effort, if they just used the Debian base to begin with, cutting out Ubuntu's extra baggage. But that's just my opinion. There's obviously value in it for them to keep Using Ubuntu. But i personally don't see why. I also have a tendency to favor parent distros over their downstream counterparts. Such as Arch over Manjaro, Debian over Ubuntu, etc. Linux Mint is basically a fork of a fork. I think the closer they get to the original parent distro, the better off it will be. But again, these are only my opinions.
@michael_tunnell
@michael_tunnell 7 ай бұрын
I think your perspective as to why you think they should go to Debian is very solid. I agree with pretty much everything you said as to the basis for why it would make sense for Mint to switch to Debian as a base. As for downstream vs upstream, I think downstream can be very good options but they can also be bad options, and your point reminds me of the "too many cooks in the kitchen" scenario so great take.
@matthewmoore757
@matthewmoore757 7 ай бұрын
@@michael_tunnell Thanks. 👍
@namelast2193
@namelast2193 7 ай бұрын
please dont smirk at people that stay on stable and not in bleeding edge updated versions everytime, u opened up the video with a pretty good XZample of why we think thats an awesome ideia
@SlyPearTree
@SlyPearTree 7 ай бұрын
I also like stability in my O.S. and found his attitude toward people like us a bit weird.
@marcusjohansson668
@marcusjohansson668 7 ай бұрын
Yeah, I'm tired of this... He is too much of a neckbeard that "knows best" and has on multiple occasions been both rude and delivered false information. And I am using a rolling release, but the "I know better than you" makes my blood boil. Linux is about CHOICE! I'm unsubscribing.
@cameronmoore136
@cameronmoore136 7 ай бұрын
Where did he smirk or appear condescending? I'm not implying that he didn't, I'm genuinely curious.
@namelast2193
@namelast2193 7 ай бұрын
@@cameronmoore136 21:48 its not his first nor the most obvious time he did this
@michael_tunnell
@michael_tunnell 7 ай бұрын
@namelast2193 please do not ask me stop doing something that I did not do. This comment is misguided at best, maybe you are commenting on the wrong video, I don't know. I would never look down on people for using Stable versions of a distro, because I dont judge people for what distro or version they use, I don't care. Especially considering I use Stable versions and would therefore be looking down on myself. I am very curious what initiated this response because to me it does not make sense so if you have a timestamp where it seems like I did that then I request you share it so I can see for myself.
@elalemanpaisa
@elalemanpaisa 7 ай бұрын
you do not buy games, you buy a license.
@raimg1816
@raimg1816 7 ай бұрын
thanks god we had backdoor at least for some time we will have somthing to talk :) but it that shows how far from perfect is situation open source. also for ppl to donate something there is just to many projects to actually donate for. And most users think that main thing in Linux is distros but in realty lot of other projects actually matter what most ppl dont see dont know. And while blogers and Ytubers will keep hunt views and hype same things(new distros or DE ) nothing will change xD
@michael_tunnell
@michael_tunnell 7 ай бұрын
I advocate for the companies making billions of dollars to donate to the projects they depend on…not regular users
@raimg1816
@raimg1816 7 ай бұрын
@@michael_tunnell wont work companys will always take free if they can :) while there will be licenses what say free to use for comercial use no money will come.
@stephanhuebner4931
@stephanhuebner4931 7 ай бұрын
@@michael_tunnell In my opinion, the popular open source-licenses are an idealistic view of the world that often doesn't translate well into the real world. The licenses should change in a way that companies that make huge amounts of money *have* to donate a certain proportion of their profits (or workforce) to said projects.
@BanduTheGreat
@BanduTheGreat 7 ай бұрын
The more popular Linux becomes, the more attacks it will get. Welcome to Windows world. Let us all lube our back doors.
@michael_tunnell
@michael_tunnell 7 ай бұрын
This attack was against servers primarily and Linux has been the dominant server OS for well over a decade so the popularity of desktop usage is not relevant to this attack. Of course there is some truth to what you are saying but there’s also the fact that this took the attacker 2 years to attempt so that’s an insane amount of patience. Most hackers attack Windows because it’s the easiest target, Linux is not an easy target by any stretch and just because there are more desktop users does not mean that’s the reason why it’s attacked so much, the terrible security is why its attacked so much.
@russelmendoza
@russelmendoza 7 ай бұрын
A Microsoft dev discovered the malicious thank you very much!
@michael_tunnell
@michael_tunnell 7 ай бұрын
I said this in the video but where he works was not relevant to finding it, it was just coincidental
@breadmoth6443
@breadmoth6443 7 ай бұрын
"you will own nothing and you will be happy." , we are pretty much at the digital age, and it is already biting people in the backside. "hahaha, physical media is dead." , maybe so , but enjoy paying for your content in perpetuity then...
@michael_tunnell
@michael_tunnell 7 ай бұрын
I think you make an interesting point. I think physical media is still limited without emulation because if the console dies then so does the game but its not even about paying for content in perpetuity because at some point the companies just rip it all away from you even if you want to pay for it forever. This is the part that bothers me the most.
@breadmoth6443
@breadmoth6443 7 ай бұрын
@@michael_tunnell im in my 40s, and i have seen the transition to digital, and for me the benefits so-called are outweighed by the cons , when I pay for something I still retain the concept that it is MINE , which is why I prefer DVD and blurays for my movies, and even CDs, this goes for games, but I guess if you no longer own your copy, I feel perhaps it makes an interesting case for piracy, I do not like the idea of perpetually renting.
@jackfrost-lh7tn
@jackfrost-lh7tn 7 ай бұрын
It was fixed 3 weeks ago
@michael_tunnell
@michael_tunnell 7 ай бұрын
and this video was published 3 weeks ago
@nils-erikolsson3539
@nils-erikolsson3539 7 ай бұрын
So in fact, Microsoft saved Linux? I mean, if he didnt say anything after finding it, it might have gone unnoticed for way too long.
@michael_tunnell
@michael_tunnell 7 ай бұрын
Microsoft didnt tell him to keep digging and didnt tell him to tell anyone so no, Microsoft didnt save Linux just because they employed the guy who found this. It is good that he was employed by them to work on PostgreSQL and therefore he found this during testing but they didnt actively do anything. We got lucky that he found it and Microsoft got lucky they made a good hiring decision :D
@WoodyJohnson-r3v
@WoodyJohnson-r3v 7 ай бұрын
this is why I support piracy!!
@diuran1919
@diuran1919 7 ай бұрын
Are sick or your light make you looks like ghost. Still no easy way to make Samba server on Linux Mint ehh.
@michael_tunnell
@michael_tunnell 7 ай бұрын
I guess the color grading was off on this episode. I am fine 😀👍
@breadmoth6443
@breadmoth6443 7 ай бұрын
the team at Linux Mint is wasting their efforts constantly undoing what ubuntu does, and i think their efforts would be better served if they just dropped ubuntu and focused on the Debian version of their distro.
@michael_tunnell
@michael_tunnell 7 ай бұрын
The undoing what Ubuntu does is a good debate point because it does seem like they could be served better elsewhere. The counter point for that is the Ubuntu support is so widespread that being based just on Debian is limiting a lot of factors because Debian stable (what LMDE is based on) is very slow to update and have hardware support. Being based on Ubuntu is probably a better base because it is updated faster and backed by a large company so you can benefit from the money being put into that base vs Debian that gets residuals of Ubuntu backing and other volunteer stuff. I think you are right that it would make more sense for Linux Mint to be based on Debian in the sense that they are so vocal about anti-Ubuntu on a variety of topics especially Snaps but even with that under consideration I think the benefit of being based on Ubuntu has so many other benefits than being based on Debian and that is why they still do it that way.
@breadmoth6443
@breadmoth6443 7 ай бұрын
@@michael_tunnell I am sure the team could just perhaps branch off from Debian Sid then, if they need more hw support either way, ubuntu imo has pretty much dropped the ball in support and their policies regarding pushing a package format nobody wants to use by force.
@michael_tunnell
@michael_tunnell 7 ай бұрын
@@breadmoth6443 in my opinion the issue is that Debian Sid is not a stable base, even Ubuntu doesn't use Sid for the most part. The amount of effort to stablize and test Debian Sid is a lot of work. Linux Mint can't keep up with Ubuntu's non-LTS releases of every 6 months which is why they switched to being based on Ubuntu LTS so I dont think it is possible for them to do that. As for the other comment, I respect your right to not like Snaps and what Ubuntu is doing with them but I do disagree with the use of the term "force" because no one is being forced to only have a single option of using a Snap because even without Linux Mint making a DEB for stuff, there were still choices and the word "force" implies zero choice which is just not accurate. I think it makes perfect sense that Ubuntu/Canonical would make a format they think is good and then try to push it forward, honestly I would be asking why they arent doing that if they werent.
@breadmoth6443
@breadmoth6443 7 ай бұрын
@@michael_tunnell well perhaps Linux Mint can just take the ubuntu page and solely base itself off of debian then which goes back to my main point, if ubuntu at some point could base off debian and be successful, I am sure Linux Mint can too; and the reason why I also implied 'force', is because it defaults to snaps , and the user isn't really given a choice if they want snaps or not, and seems you have to jump through some hoops to get a regular package if you want. also the question is for how long, until you can ONLY use snaps?
@michael_tunnell
@michael_tunnell 7 ай бұрын
Ubuntu was able to base of Debian because Mark Shuttleworth was an independent wealthy millionaire prior to make Ubuntu. Mark Shuttleworth spent millions of dollars building Ubuntu and while it is based on Debian it is also much different. Linux Mint does not have a millionaire backer and their team is much much smaller so that's why Ubuntu could do it and Linux Mint likely can't. Also 5 years ago Ubuntu almost went under because they were losing so much money. Even now, Canonical is only 1/3rd the annual revenue of SUSE. This is to say that it takes a lot of effort to be successful in this space. However, there is more to this story. In my opinion, Linux Mint has no reason to switch to directly Debian because the amount of influence Ubuntu has on Debian is much much higher than people think. The guy who maintains APT and created Synpatic package manager is an employee of Canonical. The entire kernel team of Debian work for Canonical, last I checked (last year). The list goes on. If the goal is to avoid Ubuntu/Canonical, that's basically impossible if Debian is still involved. As for the Snaps thing, defaulting to Snaps is not equivalent to forcing. Yes, some people who dont know anything about Snaps vs DEBs will therefore install the Snap but its more likely than not that if they dont know they likely wont care. Especially, now that the speeds of Snaps are no where near as bad as they used to be so its mostly fine for average users. The only reason imo to want a regular package (DEB) is the speed of the loading but that's much less of an issue these days. I think the use of the term force makes people attack Ubuntu as if they are some kind of villain and just because they saw a truly massive problem in Linux and wanted to fix it . . . I dont think that is fair to call them a villain. If someone doesnt like Snaps then they can choose to not use them but I dont see a problem for Ubuntu to want to push the format they are making to improvement the desktop experience. If they believe it is good to push then they should. The funny thing to me is that people think DEB packages are some wonderful perfect package format when these are super flawed, I mean the security of DEBs is not only non-existent you have to give a DEB complete root access to install it and this is just one of the flaws.
@bertnijhof5413
@bertnijhof5413 7 ай бұрын
Maybe I should move to Windows again for e.g banking, if the volunteers maintaining the Open Source software are insufficiently controlled.
@Locked101
@Locked101 7 ай бұрын
Windows gets backdoored, you just don't hear about it because Windows is proprietary while Linux is open source
@michael_tunnell
@michael_tunnell 7 ай бұрын
First, Microsoft is publicly and purposefully taking data from their users via Windows telemetry and we dont fully know how much they are taking because it is proprietary so switching to Windows for security or privacy would be the incorrect direction to take. Second, why would volunteers be controlled and who could possibly force any volunteer to do anything? This a contradiction to the concept of volunteering. Third, these projects need to have sustainable funding so that the people involved dont get burned out and implementing more developers would be easier because they could be paid as a job. Lastly, in your case, using an isolated machine even virtual for a specific usecase like this where it is as minimal as possible because it only does one thing. That is probably the best thing to do for that and it should absolutely not be Windows. Doesn't have to be Linux but it shouldnt be Windows.
@davey820051
@davey820051 7 ай бұрын
Well, you just have to decide whether, on balance, you're safer with an OS environment that has an inherently less secure architecture and attracts many more malicious actors versus one that, while far from perfect, has a better track record for security. The XZ flaw was the result of a combination of protracted action by bad actors, what was apparently fairly sophisticated obfuscation, and social engineering. Also, had it become widespread, the effect would have been much more on server installations (not to minimize the impact of that) than on desktop users.
@balsalmalberto8086
@balsalmalberto8086 7 ай бұрын
The public wifi are faster than secured wifi, you can do banking fasting on public wifi, don't forget to turn off your firewall and antivirus while on public networks to save your battery.
@frankywatte5646
@frankywatte5646 7 ай бұрын
It's a Microsoft plot. Some people can talk for hours about a pea in a pod
@TwstedTV
@TwstedTV 7 ай бұрын
I have over 100 games that I can no longer play, because the company either stopped maintaining the game entirely or multiplayer games didn't have many players. But even when playing single player games as well, the company ripped the game from people, even though people like myself paid $60 for the game. This needs to stop, seriously. I am getting seriously angry that slowly my steam games library is dying, and eventually I will be left with hundreds of dead games in my library. THIS is another reason why I no longer pay $60 for games. Why should I, when I can wait another year or 2 to get the game for $10 to $15 and play it then, Because I know eventually the game company will close the game anyway. People might look at me weirdly, I honestly don't care. I no longer trust game companies and if I am late to play a game, it's because I don't want to drop $60 for a game that I will no longer own, because eventually they will have their doors closed anyway. Instead of game companies converting their games into single player offline mode when they decide to close their doors and allowing people to continue to play the game in single player mode, they would rather rip it away from you completely, even though you paid $60 for the game. And for those that are saying "Oh it's only $60 stop being cheap" Just goes to show that you most likely they don't have a job and work 9-5 to earn that hard-earned money. I am saying this because I got ridiculed for saying what I believe in, in another forum, and saying that I will no longer purchase expensive games anymore.
@RockawayCCW
@RockawayCCW 7 ай бұрын
The XZ scandal tells us that either (A) Linux is not backdoored by the US/UK, or (B) if it is backdoored by the US/UK, the attacker was a country that doesn't have access to the backdoor.
@walter_lesaulnier
@walter_lesaulnier 7 ай бұрын
I've been on Fedora with KDE Plasma/ Wayland for a little over a year and it is AWESOME. I have not had a single issue that required my intervention in all of that time. Oh, and people that prefer Gnome to KDE are the kind of psychos that probably don't like pineapple on pizza! LOL
@renealbrechtsen9743
@renealbrechtsen9743 7 ай бұрын
L take.
@stephanhuebner4931
@stephanhuebner4931 7 ай бұрын
In my experience, Gnome-people tend to shame Plasma-people with buzzwords like "old-fashioned" and "windows-like", often without any clue or care for what these words mean or if they even make sense or what is the meaning behind the way Plasma is done.
@marcusjohansson668
@marcusjohansson668 7 ай бұрын
@@stephanhuebner4931 I always find it amusing when gnome calls KDE "old fahioned" when gnome is unwilling to even implement basic functionality for some things. I can make my KDE desktop look like a mac in a few clicks, how is that "windows like"?!? LMAO They are both great, but for completely different reasons and for completely different kinds of people.
@stephanhuebner4931
@stephanhuebner4931 7 ай бұрын
@@marcusjohansson668 I don't get it either. To me it looks like a desperate attempt to justify the existence and difference of the Gnome-desktop compared to just about any other. But if "modern" is the only real argument, there *is* no argument. And the alleged streamlined experience is something that has yet to be proven, and in my opinion, is actually disproven by the simple fact that just about any Gnome-environment uses some variation of add-ons to make it actually usable. Whereas KDE Plasma works perfectly fine out of the box. So much for "old fashioned".
@cejannuzi
@cejannuzi 7 ай бұрын
What if the person finding the issue was really one of the people behind it? How would anyone know?
@michael_tunnell
@michael_tunnell 7 ай бұрын
that is a very dystopian way to look at this topic but interesting and not without some merit since there really is no way to know. The complexity of finding it in something completely unrelated is why I am willing to believe it was luck but I dont know and maybe we will never truly know 🤷‍♂️ . . . interesting point though, thanks for commenting.
@Onyx-it8gk
@Onyx-it8gk 7 ай бұрын
What's with everyone's seizure-inducing animations and transitions? They're absolutely everywhere. YT is basically unwatchable anymore
@michael_tunnell
@michael_tunnell 7 ай бұрын
I made big changes to this stuff the next episode, much more simplistic and chill. Check that one out and let me know your thoughts. It’s the one with SPI-ware in the title
@Onyx-it8gk
@Onyx-it8gk 7 ай бұрын
@michael_tunnell Sorry, it's just that every time I get on YT, I'm reminded of why I literally can't even watch it anymore. It's a platform-wide problem. YT has no regulations or guidelines for content creators to follow when it comes to flash warnings, and some people do have medical conditions that make them prone to seizures. So I didn't mean that as just being kind of tongue in cheek. I really do appreciate your reply and consideration though.
@michael_tunnell
@michael_tunnell 7 ай бұрын
I agree that a lot of people are going way overboard with effects and animations, the Mr.Beastification of KZbin is pretty annoying. I didnt think we were doing it too much but I think the latest episode is much more chill in the vibe while still having visuals. Very curious what you think when you get the chance to take a look at it. 😎👍
@Secret4us
@Secret4us 7 ай бұрын
Theft by misrepresentation, ie. fraud.
@michael_tunnell
@michael_tunnell 7 ай бұрын
Which topic is this comment referring to?
@Secret4us
@Secret4us 7 ай бұрын
@@michael_tunnell if the gaming publishers sold licenses under the apparent pretext that the code would be available longer than it was, then that is what it would be called.
@_-martin-_
@_-martin-_ 7 ай бұрын
KDE is for users that want to customize everything into ugliness and cling to that Windows experience. Gnome is for users that want a modern and productive desktop environment! The proposal to switch to from Gnome to KDE is absurd!
@SajjadRizvi77
@SajjadRizvi77 7 ай бұрын
GNOME users enjoy having features taken away and then call it modern. It may be modern since modernity is all about owning nothing and being happy.
@stephanhuebner4931
@stephanhuebner4931 7 ай бұрын
Your opinion is absurd. There are different environments for different people and KDE is a very, very efficient one that doesn't need to be customized into anything as it works quite nicely right from out of the box. It just doesn't act like an overbearing parent that constantly tells their users how to behave and how to do their work. If you prefer Gnome, fine, but don't act as if KDE is unusable in its default state. There's a good reason why the "Windows experience" (which in actuality is based on former standards developed by Apple and others) is still a standard. It's something that countless people know how to work with, coming from Windows or Mac, and it's because this standard works just as well as Gnomes', if not better. Just because an idea is "modern" doesn't mean that it's automatically good.
@_-martin-_
@_-martin-_ 7 ай бұрын
@@stephanhuebner4931 Thank you for making my point.
@stephanhuebner4931
@stephanhuebner4931 7 ай бұрын
@@_-martin-_ You're acting like the typical, childish Gnome zealot who thinks they've seen the light and everybody else is stupid. Hope you'll find happiness in your La la land.
@brianhedley5139
@brianhedley5139 7 ай бұрын
@_-Martin- As a man who has tried many if not all major DE setups. Gnome is far from the friendly setup and it's required extensions to do anything approach doesn't endear it anymore than KDE. Take the gatekeeper attitude and leave as it's not appreciated by anyone If you prefer Gnome fine but if people prefer KDE or anything else doesn't make them a lesser individual
@elton9412
@elton9412 7 ай бұрын
🔥🔥🔥
What Everyone Missed About The Linux Hack
20:24
Theo - t3․gg
Рет қаралды 288 М.
УДИВИЛ ВСЕХ СВОИМ УХОДОМ!😳 #shorts
00:49
Why no RONALDO?! 🤔⚽️
00:28
Celine Dept
Рет қаралды 97 МЛН
10 REASONS why Linux Mint is the desktop OS to beat in 2023
15:14
InfinitelyGalactic
Рет қаралды 203 М.
Why I Love openSUSE
18:21
The Linux Cast
Рет қаралды 43 М.
Fedora with KDE by default? XZ backdoor fallout, German state moves to Linux
16:58
The Story Behind the XZ Backdoor and KDE Unsafe Themes
24:18
Nicco Loves Linux
Рет қаралды 8 М.
Linux Mint vs... Linux Mint (Debian Edition)
17:43
Veronica Explains
Рет қаралды 283 М.
Self Hosting Has Changed My Life - What I Self Host
17:31
The Linux Cast
Рет қаралды 113 М.
УДИВИЛ ВСЕХ СВОИМ УХОДОМ!😳 #shorts
00:49