Linux Mint downloads (briefly) compromised
As far as we know, the only compromised edition was Linux Mint 17.3 Cinnamon edition. If you downloaded another release or another edition, this does not affect you. If you downloaded via torrents or via a direct HTTP link, this doesn’t affect you either. Finally, the situation happened today, so it should only impact people who downloaded this edition on February 20th."
Update: it appears
that the Linux Mint forums were compromised too; users should assume that
their passwords have been exposed.
Posted Feb 21, 2016 5:17 UTC (Sun)
by rwm (guest, #104883)
[Link] (14 responses)
Posted Feb 21, 2016 5:18 UTC (Sun)
by prometheanfire (subscriber, #65683)
[Link] (13 responses)
Posted Feb 21, 2016 8:00 UTC (Sun)
by bronson (subscriber, #4806)
[Link] (9 responses)
Posted Feb 21, 2016 10:29 UTC (Sun)
by pabs (subscriber, #43278)
[Link] (8 responses)
Posted Feb 21, 2016 10:30 UTC (Sun)
by pabs (subscriber, #43278)
[Link] (7 responses)
https://help.riseup.net/en/security/message-security/open...
Posted Feb 21, 2016 15:54 UTC (Sun)
by alvieboy (guest, #51617)
[Link] (6 responses)
Remember most people installing Linux these days do not actually know very much about security. Most are Windows users, which want to try something different or need to use it at work - they do not know much about Linux either.
An FTP site is also probably not the best way to distribute these ISOs, because if you move to the site you get absolutely no instructions on how to validate them.
Furthermore, the digests (or at least the signature of those) should be on another site, preferably even widespread across the "cloud", to minimize chances those are also compromised.
The only solution here would be the ISO to validate itself, but since you can generate it at will, I don't see any feasible way to do it.
Alvie
Posted Feb 21, 2016 16:02 UTC (Sun)
by Otus (subscriber, #67685)
[Link] (5 responses)
USB creator programs (usb-creator-gtk, Linux Live USB Creator) could request the signature file and warn if it doesn't match the (stored) key. Not foolproof, but better than nothing.
I don't think this is currently done, though?
Posted Feb 21, 2016 18:13 UTC (Sun)
by alvieboy (guest, #51617)
[Link] (1 responses)
But again, remember that most users will use Windows to burn their ISOs onto optical media, and they will also use Windows apps to generate installable USB sticks.
So you never know which app they actually use.
Alvie
Posted Feb 21, 2016 19:11 UTC (Sun)
by tialaramex (subscriber, #21167)
[Link]
For example I think we're starting to see this for Let's Encrypt / ACME support in cheap web hosts. Six months ago you were lucky if your cheap virtual host even offered SNI and a way to painstakingly upload a certificate you'd bought online. Today there are a fair few cheap options that do Let's Encrypt today, and most of those that weren't focused on SSL cert referrals as a big income stream have made it clear it's on their roadmap.
Or even further back think about SSH. When I first worked with a bunch of Unix systems we had telnet. Once in a while a "prankster" would take over someone's connection, or even snoop their password and you just had to be aware it could happen. But in maybe 2-3 years SSH went from a cool toy that a few paranoid people installed to the default, unspoken assumption for how you connect to a remote machine, and then it took maybe 10-15 years after that before e.g. people would say your appliance was garbage because it expected people to use telnet not SSH to administrate it.
Posted Feb 22, 2016 5:43 UTC (Mon)
by zuki (subscriber, #41808)
[Link] (2 responses)
LUC does that. It gets the SHA256 checksum using https://dl.fedoraproject.org (so normal TLS certificate is used to protect the checksum), and then the downloaded ISO is verified against that (see https://github.com/lmacken/liveusb-creator/blob/develop/l...).
Can't speak about the other tools.
Posted Feb 22, 2016 6:45 UTC (Mon)
by Otus (subscriber, #67685)
[Link] (1 responses)
Wouldn't have helped here, since the server where the hashes are was compromised.
Signatures would be the better option, since you can include a list of public keys in the application.
Posted Feb 25, 2016 3:52 UTC (Thu)
by zuki (subscriber, #41808)
[Link]
Fortunately this is also provided. Fedora ISOs are accompanied by a GPG-signed CHECKSUM file (see https://download.fedoraproject.org/pub/fedora/linux/relea...).
Posted Feb 22, 2016 9:19 UTC (Mon)
by ovitters (guest, #27950)
[Link] (2 responses)
Secondly, if you use e.g. MirrorBrain it gives sha256 sum (and more) when it redirects you to the mirror. Normally your download+mirror infrastructure should be way more secure and separated from your website. If wget/curl/etc would check the sha256 sum header from the first link it could automatically verify all the mirrors. This as using GPG/signify is nice, but the majority of the downloaders will not check anything. Better to have a non-ideal but still pretty good alternative method. Signing will always complicate things because if someone could've compromised the original download site, then they could've pretended there's a new private key as well IMO. That or the effort to check the signature is high enough that nobody checks it anyway.
Posted Feb 23, 2016 19:29 UTC (Tue)
by hitmark (guest, #34609)
[Link]
the whole thing is like mayflies.
Ask 10 -sec people about best practices and you get 100 different responses.
The basic problem is that nobody ever stops to ask "secure against what?" its just "secure" or "insecure".
Frankly it seems like the -sec world is hung up about getting into some grand duel of oneupmanship with NSA or their equivalent. And thus anything less is deemed "insecure", no matter how much of an AAA against tweetie birds it is for daily life.
Posted Feb 25, 2016 13:05 UTC (Thu)
by pabs (subscriber, #43278)
[Link]
Posted Feb 21, 2016 5:32 UTC (Sun)
by xtifr (guest, #143)
[Link] (1 responses)
Posted Feb 21, 2016 5:43 UTC (Sun)
by troy.unrau (guest, #73654)
[Link]
Hopefully they identify whatever exploit was used, and secure it.
Posted Feb 21, 2016 16:57 UTC (Sun)
by AdamW (subscriber, #48457)
[Link] (2 responses)
Posted Feb 23, 2016 19:30 UTC (Tue)
by hitmark (guest, #34609)
[Link] (1 responses)
Posted Feb 23, 2016 23:05 UTC (Tue)
by rahulsundaram (subscriber, #21946)
[Link]
Posted Feb 21, 2016 18:51 UTC (Sun)
by job (guest, #670)
[Link] (86 responses)
From the comments: I am lost for words. I know this is voluntary work, pitch in or shut up and all that, but that right there is just bad Internet citizenship beyond imagination. Both Fedora and Debian has had breaches. As soon as they were known all systems were immediately taken offline until all details had been worked out, to avoid repeat compromise, then completely re-imaged from scratch before they were put back online. The post mortem were then shared with the world to learn from. Nothing unusual, but best practice. It's not very straightforward for their users to verify the integrity of the downloads. If you know were to look, there are signed hashes, but there is no trust path published for their keys. Those are solved problems. Again, just do what Debian and Fedora does. Why do we constantly need to re-invent this particular wheel?
Posted Feb 21, 2016 19:45 UTC (Sun)
by glaubitz (subscriber, #96452)
[Link] (81 responses)
Well, Linux Mint is generally very bad when it comes to security and quality.
First of all, they don't issue any Security Advisories, so their users cannot - unlike users of most other mainstream distributions [1] - quickly lookup whether they are affected by a certain CVE.
Secondly, they are mixing their own binary packages with binary packages from Debian and Ubuntu without rebuilding the latter. This creates something that we in Debian call a "FrankenDebian" which results in system updates becoming unpredictable [2]. With the result, that the Mint developers simply decided to blacklist certain packages from upgrades by default thus putting their users at risk because important security updates may not be installed.
Thirdly, while they import packages from Ubuntu or Debian, they hi-jack package and binary names by re-using existing names. For example, they called their fork of gdm2 "mdm" which supposedly means "Mint Display Manager". However, the problem is that there already is a package "mdm" in Debian which are "Utilities for single-host parallel shell scripting". Thus, on Mint, the original "mdm" package cannot be installed.
Another example of such a hi-jack are their new "X apps" which are supposed to deliver common apps for all desktops which are available on Linux Mint. Their first app of this collection is an editor which they forked off the Mate editor "pluma". And they called it "xedit", ignoring the fact that there already is an "xedit" making the old "xedit" unusable by hi-jacking its namespace.
Add to that, that they do not care about copyright and license issues and just ship their ISOs with pre-installed Oracle Java and Adobe Flash packages and several multimedia codec packages which infringe patents and may therefore not be distributed freely at all in countries like the US.
To conclude, I do not think that the Mint developers deliver professional work. Their distribution is more a crude hack of existing Debian-based distributions. They make fundamental mistakes and put their users at risk, both in the sense of data security as well as licensing issues.
I would therefore highly discourage anyone using Linux Mint until Mint developers have changed their fundamental philosophy and resolved these issues.
Adrian
> [1] http://lwn.net/Alerts/
Posted Feb 21, 2016 20:03 UTC (Sun)
by h2 (guest, #27965)
[Link]
Posted Feb 21, 2016 20:10 UTC (Sun)
by h2 (guest, #27965)
[Link] (1 responses)
Mint has gotten FAR worse, not better, so you might as well just remove that qualification, I can't remember how many years ago there may have been some hope for Mint, but it's many, at least 4-5 I'd say.
I know from firsthand discussion with a good Mint dev that the problems come from Clem, he's the source, so there's little point in talking about generic Mint developers, the problems come from the top so you might as well identify the source accurately to avoid disparaging anyone who might temporarily be working in mint as a dev, soon to leave in disgust, but not yet having done so. I would never have blamed my acquaintance for the issues caused by Clem, he loathed all the decisions, and left a while later.
Posted Feb 21, 2016 20:17 UTC (Sun)
by glaubitz (subscriber, #96452)
[Link]
Oh, I made my experience with him as well. I'm a Debian Developer so I can claim I have some experience in getting packages right. I contributed some actual fixes to their "mdm" package (the gdm2 fork) just to have them reverted by Clem shortly after because he wanted to keep the broken state for whatever reason.
Good to know I'm not the only one making this experience.
Adrian
Posted Feb 21, 2016 21:10 UTC (Sun)
by flussence (guest, #85566)
[Link] (2 responses)
The root cause of that issue is that they've built their distro atop one that doesn't namespace packages sanely (or at all). Debian also has had the same dilemma internally with ack, chromium, dolphin, etc. but they choose to work around it by changing the name, sometimes the binary, of one of the two programs; the end result is that the one on the losing side of the deal ends up harder to find.
Everything else you've said is valid, but this one is squarely Debian's fault.
Posted Feb 21, 2016 21:21 UTC (Sun)
by glaubitz (subscriber, #96452)
[Link] (1 responses)
Well, yes, but is there any distribution out there which supports multiple namespaces? I'm not aware of any.
> Everything else you've said is valid, but this one is squarely Debian's fault.
I think that's arguable. You cannot blame Debian when Mint decides to re-use the name of existing packages and deliberately runs into such conflicts. I mean, yes, we have had conflicts in Debian with packages like "node" vs. "nodejs" and so on, but we actually resolved them and did not leave them as-is and let just the user run into them.
FWIW, one could as well blame the upstream projects for using conflicting names for their projects.
Adrian
Posted Feb 22, 2016 12:13 UTC (Mon)
by ssokolow (guest, #94568)
[Link]
Posted Feb 21, 2016 21:37 UTC (Sun)
by job (guest, #670)
[Link] (9 responses)
Thank you for that. At least it shows that I'm not the only one dumbfounded by the apparent insanity here. It's one thing that this is a hobbyist project, but when real people are actually put at risk because of your hobby, it is not unfair to demand at least some accountability. I don't understand. Why would you ever want to do that? Surely it must be a lot less work to just build your desktop and artwork and whatnot against stretch and sid, and publish those? You can still build your own installer if you wish, and have a very wide leeway with branding. Not to mention the immense help building on established infrastructure would give. What is the background for this decision? On the surface of it, it seems like a lose-lose proposition.
Posted Feb 21, 2016 21:48 UTC (Sun)
by glaubitz (subscriber, #96452)
[Link] (8 responses)
I'm not sure what you are asking. Are you asking why a derivative should rebuild all the packages they import from their upstream distributions? If that's the question, then the answer is simple: To avoid the exact upgradebility issues that Linux Mint has. I'm not aware of any other distribution which has to blacklist single packages during updates like Mint.
> You can still build your own installer if you wish, and have a very wide leeway with branding. Not to mention the immense help building on established infrastructure would give. What is the background for this decision? On the surface of it, it seems like a lose-lose proposition.
Again, I'm not sure I'm grasping your stance. Are you in favor of mixed repositories or against it?
My point is: If you don't have the resources to rebuild all packages from source that you ship to your users, you shouldn't maintain your own distribution in the first place.
Sure, making your own spin of your distribution of choice is easy enough and fun. But the hard part is not creating those images, the hard part is providing proper support for that spin you created. The work on a distribution doesn't stop once the images have been created.
Adrian
Posted Feb 21, 2016 22:32 UTC (Sun)
by job (guest, #670)
[Link] (7 responses)
Linux Mint is a desktop environment. Why don't they build this desktop for Debian (or Ubuntu, or some other entity with the infrastructure already in place)? Building a top notch modern desktop environment and compete with Gnome and KDE (let alone Windows and Mac) is hard enough. I can not for the life of me understand why you would also take upon yourself to build out a fully fledged Linux distribution on top of that. The odds that both of these ventues would be successful seems faint. The last part of my comment was meant to say that if you for some inexplicable reason still wanted to go down that road, a Debian spin is still a thousand times easier than re-inventing everything yourself. Because the latter must be what Mint set out to do, otherwise they would not have ended up with the situation they are in. It must close to impossible to maintain, and it can't possibly be anyone's idea of "fun".
Posted Feb 22, 2016 14:44 UTC (Mon)
by Beolach (guest, #77384)
[Link] (5 responses)
But Linux Mint is a full Distribution, not just the Cinnamon DE, and as such has a *much* larger scope, and in that larger scope has made decisions that I strongly disagree with. In addition to glaubitz's list, the issue that turned me off of Linux Mint is their very old kernel versions - 3.19 in their latest release. And it's not even an older LTS kernel release; it's a no-longer supported kernel. 3.18 would have been better (assuming they kept up w/ the LTS minor updates, of course).
There are how-to guides out there for upgrading Linux Mint to a more recent kernel, but they're all just about grabbing an Ubuntu or Debian kernel. So it's back to the Frankendebuntu situation, make-your-own monster this time.
Posted Feb 22, 2016 19:13 UTC (Mon)
by job (guest, #670)
[Link] (3 responses)
What is the larger scope here? What is it in Mint apart from the installer and the desktop environment that differs from regular Ubuntu or Debian?
Posted Feb 22, 2016 20:53 UTC (Mon)
by johannbg (guest, #65743)
[Link]
Posted Feb 23, 2016 2:21 UTC (Tue)
by Beolach (guest, #77384)
[Link] (1 responses)
I don't think I understand what you think a distribution is. Do you thing Ubuntu isn't a distribution? If Ubuntu is a distribution, and Linux Mint took it, added their packages, and re-distributed it under their own branding, how is Linux Mint *not* a distribution? Yes, it is most definitely a fork of Ubuntu, but a fork of a distribution is a still a distribution. I think you're underestimating how far the Linux Mint fork has diverged from Ubuntu, but regardless, even if it was a very close fork w/ very small differences, how would it not be a distribution? And how is the Ubuntu fork from Debian any different from the Linux Mint from from Ubuntu? I had been thinking you were conflating Linux Mint w/ their Cinnamon DE, but now I'm just confused by what you mean by distribution. My definition of a Linux Distribution is: a project to distribute the Linux kernel together with a selection of user-space packages. Linux Mint fits that definition. Most distributions, including Linux Mint, have a set of goals that guide which user-space packages they select for inclusion, and they put effort into getting the user-space packages to serve those goals & deliver a consistent user experience. But while I think those goals are important in determining how useful a specific distribution is, I don't think they're defining charateristics required to be a "Linux Distribution". If someone distributed the Linux Kernel together w/ a completely random selection of user-space packages w/ no effort spent on consistency, I would say that still fits the definition of a "Linux Distribution" - it would just be a particularly useless one. I was comparing the scope of the Cinnamon DE to the scope of the entire Linux Mint distribution; not the scope of Linux Mint to the scope of Ubuntu or Debian. To me it's very obvious that Linux Mint is larger than one package within it. Again, I think you're underestimating how far Linux Mint has diverged since their fork. There are many more differences between Linux Mint & Ubuntu or Debian than just the installer & desktop environment (and the DE isn't really different, since you can use Cinnamon or MATE in Debian or Ubuntu). But again I don't think that's relevant to whether or not Linux Mint is a distribution. What makes Linux Mint different are its different goals, and the different decisions made in pursuit of those goals. Its goals are out-of-the-box ease-of-use & a traditional desktop computer user experience. While Ubuntu also has a goal of out-of-the-box ease-of-use, they don't have the second goal. And Debian has many more goals & different priorities. Both Ubuntu and Debian do have broader goals & therefore larger scope than Linux Mint. Another significant difference is the project's organization: here Linux Mint is closer to Debian than Ubuntu, being a volunteer non-corporate organization, but compared to Debian is *much* smaller & less mature. As a result of the nature of Linux Mint's small volunteer organization, they made the decision to clone much (but not all) of the Ubuntu repository directly, rather than investing in the infrastructure to completely build their own repository. I can understand how the cost/benefit analysis appeared that led to that decision, but I think it was a mistake, compounded by other mistakes made later (see glaubitz & h2 comments earlier). But while I think Linux Mint has made mistakes that ultimately lead me not to use it, even when I agree w/ their goals, that doesn't mean they're not a distribution.
Posted Feb 25, 2016 12:23 UTC (Thu)
by job (guest, #670)
[Link]
Well, that was perhaps harshly put, but isn't there a difference between redistribution and forking? If you don't even re-build the packages you're just redistributing. From the comments here it seems like the Mint people generally do more of the latter than the former. I probably am. I really don't understand why they created a distribution (pseudo- or not) around their desktop environment. It seems like a strange decision from the outside, as they clearly don't have enough resources for even the most basic distribution work, such as keeping track of security issues. What is it that Linux Mint does differently than Ubuntu or Debian? What were the reasons behind this decision? Again, I don't want to criticize anyone's hobby, but there is a limit when end users at put at risk.
Posted Feb 23, 2016 9:41 UTC (Tue)
by jtaylor (subscriber, #91739)
[Link]
Assuming mint is based on ubuntu lts you can install a 4.2 kernel via:
but I have never used mint, so maybe this doesn't work there.
Posted Feb 22, 2016 14:47 UTC (Mon)
by leoluk (guest, #97665)
[Link]
Posted Feb 22, 2016 14:46 UTC (Mon)
by leoluk (guest, #97665)
[Link] (1 responses)
Posted Feb 22, 2016 14:52 UTC (Mon)
by glaubitz (subscriber, #96452)
[Link]
Yeah, it would probably be best if they abandoned their own distribution and just focused on developing their own applications.
Even though I wouldn't call MATE a Linux Mint project. I happen to be in Debian's packaging team for MATE and most upstream MATE developers that I talked to aren't related to Linux Mint. They also don't agree with Mint's policy on security.
Posted Feb 22, 2016 16:20 UTC (Mon)
by welinder (guest, #4699)
[Link] (62 responses)
For me, the answer is that Linux Mint protects the users against what I will be nice
Posted Feb 22, 2016 17:11 UTC (Mon)
by rahulsundaram (subscriber, #21946)
[Link] (9 responses)
Don't see why you need one particular distribution for that. You can very well Cinnamon and Mint in any number of other Linux distributions.
Posted Feb 22, 2016 18:51 UTC (Mon)
by drag (guest, #31333)
[Link] (8 responses)
Regardless of what you think about package managers the fact that it's extremely common to create various 'spins' or 'flavors' of this or that Linux distribution should be telling of a fundamental problem with lack of flexibility with Linux systems.
It's a bit of a confusing problem, of course.
The deal is with most operating systems the operating system itself does not promise the ability to support multiple desktop environments. Windows does not support anything beyond a 'classic' theme'd interface versus a new one. It doesn't have 30 different flavors of desktop, even though it's very possible to that in Windows. Similar thing with OS X. This means that Linux distributions have created a significantly higher level of complexity for themselves versus those from other operating systems.
With Linux the distributions promise the ability to let you install whatever desktop environment you want, but they fail to deliver it in a way that is easy for users to deal with. For most users it's easier to install a entire new linux operating system then it is to (say) try out Gnome and then install KDE and try that.
Why do I know this? Because it's exactly what users choose to do. It's just a question of figuring out _why_ this happens.
And it's even deeper then that...
A major part of the 'cinnamon' vs 'mate' vs 'gnome 2' vs 'gnome 3' is that the Gnome devs made it the unfortunate choice of making Gnome 2 and mutually Gnome 3 exclusive. So it was a huge pain in the ass for users to try out Gnome 3 and then go back to Gnome 2 when they realized it was not mature enough for their purposes.
Why did Gnome decide to do this? Well... the general inability for Linux distributions to make it easy to manage software installations and switch environments is a major cause of this.
Posted Feb 22, 2016 19:03 UTC (Mon)
by rahulsundaram (subscriber, #21946)
[Link]
Without Linux distributions, Linux is just a kernel and nothing more. Application deployment was limited to ./configure dance cycles for a long time and distributions made it very much easier to install and consume applications very quickly. The world around has changed dramatically since the early days and while distributions have somewhat tried to cope with that, they haven't caught up fast enough. xdg-app and GNOME Software seems pretty promising IMO, incidentally, both of which are very much a distro driven solution to the above mentioned problem.
Posted Feb 23, 2016 2:40 UTC (Tue)
by Beolach (guest, #77384)
[Link]
Posted Feb 23, 2016 9:53 UTC (Tue)
by ovitters (guest, #27950)
[Link] (4 responses)
That is a very inaccurate representation. None of the GNOME 2.x versions can be installed at the same time. That has been the case for the entire 2.x. Going to 3.x for loads of components just meant changing the major version from a "2" to a "3". If you couldn't install 2.2 and 2.32 at the same time, changing a major version doesn't make that "suddenly happen".
Saying GNOME made a choice to make it mutually exclusive is therefore incorrect. It wasn't possible, and we didn't do anything to make all the components installable at the same time. But that is vastly different from suggesting that was a choice that it should be this way. One can be used to suggest bad faith. That's not what happened.
This discussion happened in the open on desktop-devel-list whereby it was mentioned it was good to have, but we lacked the development effort and would appreciate people (distributions) to help out. Various distributions were aware of this discussion but didn't have the development resources.
Posted Feb 23, 2016 17:37 UTC (Tue)
by bronson (subscriber, #4806)
[Link] (3 responses)
It's true that GNOME didn't prioritize allowing 2 and 3 to be installed at the same time. In retrospect, do you suppose this was a mistake? (you know I do of course...)
Posted Feb 23, 2016 21:17 UTC (Tue)
by ovitters (guest, #27950)
[Link] (1 responses)
Posted Feb 23, 2016 21:54 UTC (Tue)
by bronson (subscriber, #4806)
[Link]
Then, I followed with a 100% honest question that I have: now, with some hindsight, could things have been done differently? Could things have been better if GNOME had prioritized 2 and 3 being installable in parallel? (my apologies for using the word 'mistake', though I don't see why that word choice shouldn't derail the conversation. hope you accept this slight rewording).
Not sure where you're finding whining and ulterior motives... I'm really not that complex a person.
Posted Feb 24, 2016 1:59 UTC (Wed)
by raven667 (subscriber, #5198)
[Link]
I think the point was that the rest of the GNOME team didn't have the time or inclination to do the work that the MATE team did, not that this work was literally impossible. There is a real question as to whether the GNOME team could have done more to absorb or recruit the new developers who ended up making MATE so that GNOME would have had the resources to ship both versions simultaneously, but there may be more fundamental political disagreement that would prevent this collaboration from happening. There is also the possibility that this couldn't have been done in a non-disruptive fashion because the motivation to maintain GNOME2 wasn't there until distros starting shipping GNOME3 in large numbers to disgruntle enough developers to do the work.
Posted Feb 24, 2016 14:25 UTC (Wed)
by sneex (guest, #107267)
[Link]
Posted Feb 22, 2016 17:15 UTC (Mon)
by glaubitz (subscriber, #96452)
[Link] (51 responses)
One of the main reasons for being popular is the fact that they do not care about licensing issues. They ship their ISO files with pre-installed Adobe Flash, Oracle Java packages as well as multimedia codecs (which people want) which violate intellectual copyrights and patents. Unless the maintainers of a distribution want to violate copyright laws intentionally and make themselves attractive targets for lawyers, there is nothing they can do to alleviate that. Debian and other aren't not shipping those packages because they want to make life hard for their users, it's because they cannot, legally speaking.
Canonical - as a company - was able to negotiate contracts with companies like Skype or Adobe, so they can offer the software packages of these companies in their third-party repositories, but it would still be illegal to ship software like libdvdcss2 in most countries. However, there are no companies behind distributions like Arch, Gentoo or Debian and they therefore cannot negotiate such contracts.
Again, the stance of the Mint developers - namely Clement Levebfre - is simply that they don't care about such issues which is already very dubious in the first place, not even mentioning the security issues they have.
> For me, the answer is that Linux Mint protects the users against what I will be nice
Well, again, you're free to use anything you like. But please be aware of the fact that Linux Mint does not provide any reasonable security support and in the end it's solely up to you to make sure all the necessary security updates are actually installed. If pre-installed multimedia codecs are more important to you than a secure system, it's your decision.
Posted Feb 22, 2016 20:43 UTC (Mon)
by welinder (guest, #4699)
[Link] (8 responses)
That is really just scare mongering.
I have yet to encounter a situation where a cve report has had Debian and Ubuntu
Now, compare that non-situation to Debian's years of dragging feet regarding fixing
Posted Feb 22, 2016 20:57 UTC (Mon)
by glaubitz (subscriber, #96452)
[Link] (7 responses)
No, it's not. It's based on actual facts.
> I have yet to encounter a situation where a cve report has had Debian and Ubuntu responses, but no patch for Mint has shown up in my patch queue immediately or very soon thereafter. (I know about the "banned" packages and I have flipped the switch so I can see them and decide; I am not worried over local attacks, so grub can wait.)
You may be aware of blacklisted package updates, but many users are not. I'm sorry, but making security updates *optional* is not up for discussion, on any operating system. Period.
And, as I have explained before, Linux Mint does not issue security advisories, so you - as a Linux Mint user - have no immediate and easy way to quickly verify whether your particular version of Linux Mint is affected by a certain CVE.
On Debian, I open up Google and type "Debian CVE-2015-7547" and I am immediately presented with a website which shows me which versions of Debian are affected by the recent glibc vulnerability and which are not. You *cannot* do that on Linux Mint which therefore disqualifies itself for any professional use. End of discussion.
> Now, compare that non-situation to Debian's years of dragging feet regarding fixing the package management's trust in the network and its resultant vulnerability to man-in-the-middle attacks -- including those unintentional ones known as captive portals -- which would *disable* security updates entirely. (Debian 710229; Launchpad 1055614; and many others.)
Did you actually read the bug reports you linked? The original report for Debian's #710229 was filed on May 29, 2013 and on September, 01 2014, David Kalniskies [1] comments:
> As said, this isn't the fix for the problem of the initial reporter, though. This problem should be solved with earlier versions we released since the last Debian stable release, so I am closing this bug anyhow. I can't pin-point a specific version as there are many cornercases and we had various iterations fixing some (and opening new venues in the process).
So your argument is a strawman. And, even if it was valid, the problem would affect Linux Mint as since Mint uses most of Debian's packages unmodified, including apt, so I don't really understand why you would bring up in the first place.
> [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710229#17
Posted Feb 23, 2016 11:11 UTC (Tue)
by Wol (subscriber, #4433)
[Link] (6 responses)
> You may be aware of blacklisted package updates, but many users are not. I'm sorry, but making security updates *optional* is not up for discussion, on any operating system. Period.
So you'd be quite happy to see your *business* *critical* *application* taken down by an unrelated security update?
There are reasons why sysadmins blacklist ALL updates, *including* security ones. I'm not saying that's a good attitude. I'm not saying it's a wise attitude. I'm saying sometimes it's an extremely pragmatic one - after all, you wouldn't want your heart monitor in the ICU taken out by a security update, would you?
(And yes, I've had packages unexpectedly taken out by updates. Fortunately I don't have anything critical.)
Cheers,
Posted Feb 23, 2016 12:10 UTC (Tue)
by glaubitz (subscriber, #96452)
[Link] (2 responses)
If you're having *business* *critical* *applications*, you run your **OWN** test upgrades on a **TEST SYSTEM** anyway **prior rollout**, to make sure nothing breaks.
What a stupid strawman argument is that?
And if you're running a *business* *critical* *applications* on something as unsupported as Linux Mint as compared to Debian, RHEL or SLES, you should be fired from your job anyway!
> There are reasons why sysadmins blacklist ALL updates, *including* security ones. I'm not saying that's a good attitude. I'm not saying it's a wise attitude. I'm saying sometimes it's an extremely pragmatic one - after all, you wouldn't want your heart monitor in the ICU taken out by a security update, would you?
Again, if your heart rate monitor in the ICU runs Linux Mint, you would be fired immediately. Particularly medical environments require **CERTIFIED** hard- and software and I can **guarantee** that you would never get **ANY** certification for a hobbyist Linux distribution.
> (And yes, I've had packages unexpectedly taken out by updates. Fortunately I don't have anything critical.)
Then you were not doing your job properly and testing the updates in a testing environment prior rollout which is what **every responsible system administrator** will do.
Can we please stop with these idiotic strawman arguments? Seriously!
Posted Feb 23, 2016 21:58 UTC (Tue)
by Wol (subscriber, #4433)
[Link] (1 responses)
> If you're having *business* *critical* *applications*, you run your **OWN** test upgrades on a **TEST SYSTEM** anyway **prior rollout**, to make sure nothing breaks.
> What a stupid strawman argument is that?
You're assuming that updates are *optional* - that, as sysadmin, I can block them til *I'm* ready, which may be never. Yet a post ago you were saying that they should NOT be optional, that they get force installed. Either you're happy with the sysadmin delaying them (ie they're optional), or they get force-installed and who cares if it crashes a critical system.
> And if you're running a *business* *critical* *applications* on something as unsupported as Linux Mint as compared to Debian, RHEL or SLES, you should be fired from your job anyway!
What if the boss won't pay for support? What if it's not your decision? Unfortunately, the real world isn't as nice and clean cut as you'd like.
And note, I didn't say I thought deferring security updates was a good idea. But I certainly don't think *forcing* security updates is a good idea. I was just making the pragmatic observation that updates break systems. And if a security update breaks a critical application - where you cannot fix the app - then that security update MUST be ignored.
Oh - and who said I was actually running that app on Mint? There are an awful lot of - critical - apps that run on RHEL or SLES but are not supported by Red Hat or Novell. So what do I do if an RHEL update is forced on me that breaks my critical app - for which the *boss* won't pay support? And I've been there - it is a COMMON real-world scenario :-( (Bosses not paying support, that is, not updates breaking systems, fortunately.)
Cheers,
Posted Feb 24, 2016 8:45 UTC (Wed)
by Felix (subscriber, #36445)
[Link]
I think you're conflating separate issues in your argument. First of all I guess everyone agrees that a sysadmin must be able to choose the best time to install updates (including security fixes) if he should be in control of the system.
However there is a separate issue of default settings especially when these defaults are unlikely to be changed by users. I think it is dangerous of omitting security updates by default. Of course (and that can be done in any Linux distro I know) users/admins can disable updates themselves but at least you can hope they know what they are doing.
And the "update breaks business critical application" argument is a strawman for sure. If you have such an important software you must be able to deal with updates one way or another. Either you can rollback quickly or you test beforehand. Your boss might not give you the resources necessary to do that but some businesses don't do backups either. Still this isn't an argument to suppress security updates by default.
Posted Feb 23, 2016 12:18 UTC (Tue)
by tao (subscriber, #17563)
[Link] (2 responses)
Posted Feb 23, 2016 19:36 UTC (Tue)
by hitmark (guest, #34609)
[Link]
Posted Feb 23, 2016 21:47 UTC (Tue)
by Wol (subscriber, #4433)
[Link]
And yes, hospitals have had nasty shocks when their equipment (running, eg, XP) has rebooted unexpectedly thanks to an internet fix. I suspect the reason we don't hear much about it is a combination of "well, what do you expect, it's a computer", and the usual health service cover-ups of any problems. Plus, I'm not aware of any serious problems - yet!
Cheers,
Posted Feb 23, 2016 0:21 UTC (Tue)
by bournville (guest, #107227)
[Link] (41 responses)
> One of the main reasons for being popular is the fact that they do not care about licensing issues.
No, the main reason is that end users see what appears to be a complete desktop OS that does what they want, presents a desktop environment that looks like what they want, has a software update management system that appears to work as they'd like it too, seems to be well supported, and doesn't seem to be associated with developers choosing sides in incomprehensible political wars that mean nothing to end users. Whether appearances may be misleading is irrelevant. The same goes for licensing issues. What is wrong with you people? Take off your developer hats and your crusader vests every once in a while and make at least a little effort to see things through the eyes of real world users. It's really simple. If your distribution is not the popular one, then you are not doing some things the way end users want them done.
Okay, so you highlighted some problems with Linux Mint. I found them interesting as I didn't know about all of them. What I also don't know are users that want to use Debian or, indeed, any other Linux distribution, but I don't hang out with developers. Most people don't. Do you or do you not want we non-developers to flock to your distribution? Keep making your distribution technically superior while failing to address the things that attract so many of us to Linux Mint and nothing will change. I know a fair number of people using Linux Mint. None that I know of have any particular loyalty to Linux Mint. Improve your product so that it at least equals Linux Mint in the areas that are attracting us and we'll be knocking at your door. Linux Mint is currently more marketable than Debian to the wider world of potential users. It exists and succeeds because your distribution exists and is failing, at least in terms of that wider world. Stop pounding the pulpit and do something about that. Seriously.
Posted Feb 23, 2016 0:37 UTC (Tue)
by rahulsundaram (subscriber, #21946)
[Link] (37 responses)
Licensing isn't just a developer problem. If a proprietary software explicitly disallows redistribution, ignoring it isn't a realistic thing that you can expect distributions to do.
Posted Feb 23, 2016 1:32 UTC (Tue)
by bournville (guest, #107227)
[Link] (36 responses)
> Licensing isn't just a developer problem. If a proprietary software explicitly disallows redistribution, ignoring it isn't a realistic thing that you can expect distributions to do.
You're absolutely right, but missing the point. Most potential end users don't even realize there is a licensing issue, just as they don't realize that they may not be getting the best software update management solution (eg. missing some security updates). Perception is what matters. Ask anybody in marketing. One distribution includes Adobe flash and another doesn't. You developers think that's a licensing issue and as an underlying explanation you may be right. But do you honestly think that most potential users think "Ah ha, licensing!" at that point? No, they assume Linux Mint has a more complete solution, obviously having done whatever is required to achieve that, whereas you did not. Why should they assume that Linux Mint is somehow illegal? Honestly, that never even crossed my mind.
So, yes, licensing actually is "just a developer problem" in a context of this nature.
Posted Feb 23, 2016 1:59 UTC (Tue)
by rahulsundaram (subscriber, #21946)
[Link] (35 responses)
Well, I think you are. A core part of free and open software is the licensing model. If a distribution ignores licensing, they are muddying the waters and that feeds into the FUD about open source having weak "IP" foundations. This affects users in unexpected ways. We have been through the SCO debacle despite it being smoke and mirrors and let's not forget that too quickly.
>Most potential end users don't even realize there is a licensing issue, just as they > don't realize that they may not be getting the best software update management solution
Which is why it is important to educate users rather than ignoring it. This is LWN after all. It is fine to ask distributions to understand consumer desktop user needs better if that is the target of the distribution (many if not most distributions aren't) but there are limitations to what can be done. You should note that end users can and often are held liable in many legal issues.
If Linux mint has taken on the approach of getting explicit permission from vendors, that is fine. If they are implementing wrappers that download such software on demand like some other distributions, that is a clumsy but workable solution but please don't ask any other distribution to outright ignore licensing restrictions because it is "convenient". That is clearly unethical if not illegal. There are plenty of things that superficially seem irrelevant but in reality aren't. Security and licensing matters affect users all the time whether they realize it or not.
Posted Feb 23, 2016 2:33 UTC (Tue)
by viro (subscriber, #7872)
[Link] (3 responses)
Distributors can be sued *and* it just might be worth the effort. Simple as that...
Posted Feb 23, 2016 4:53 UTC (Tue)
by rahulsundaram (subscriber, #21946)
[Link] (2 responses)
Posted Feb 23, 2016 19:41 UTC (Tue)
by hitmark (guest, #34609)
[Link] (1 responses)
They effectively forked Firefox over a trademark issue, yet claim they needed to go systemd because the alternatives require too much effort to maintain.
I applaud their technical efforts, but in recent times their horse has gotten mighty high...
Posted Feb 23, 2016 20:33 UTC (Tue)
by MattJD (subscriber, #91390)
[Link]
I'm not sure this works towards your point. Firefox is "forked", in that they compile it themselves, which doesn't let them use the Firefox trademark. They don't need to modify Firefox for this even, it's included in Mozilla upstream. They aren't creating their own web browser.
There claim on systemd is that to maintain an entirely separate init system that they have to solo fix is too much effort. This isn't a matter of putting minor fixups on top of Firefox (the most they do), but maintaining the entire Firefox code base by themselves.
I'm sure Debian has made contradictory decisions in the past, but this isn't an example of one.
Posted Feb 23, 2016 4:21 UTC (Tue)
by bournville (guest, #107227)
[Link] (30 responses)
> Well, I think you are.
I rather doubt that, since I was referring to the point *I* was trying to make in my previous post. But, for the record, I've made no comment on the practical importance of ensuring licensing legalities. I totally agree with your concerns in this area. Every distribution should be legally sound, including Linux Mint, but that doesn't magically become something end users are aware of as an issue, much less checking for. Chances are that Microsoft has some licensing problems too, but I simply assume that Windows is a fully legal alternative.
>> Most potential end users don't even realize there is a licensing issue, just as they
> Which is why it is important to educate users rather than ignoring it. This is LWN after all.
I don't disagree and perhaps non-developers shouldn't speak up on LWN. But, as end users who are not developers nor FOSS activists, do not be surprised when we aren't moved by the education we weren't seeking and the rants telling us why your distribution is technically superior to the popular one that meets our needs/wants.
> It is fine to ask distributions to understand consumer desktop user needs better if that is the target of the distribution (many if
And so we come to the point. Linux Mint appeals to so many people because it does seem to be targeting consumer desktop users and in many ways is actually getting it right (from the perspective of the users, of course). What I hear from the Debian/FOSS detractors goes something like "Hey, stupid end user! You shouldn't prefer Linux Mint over Debian. Debian is better technically, better legally, better morally, and just generally awesome by every measure that we developers/activists care about. Okay, so it doesn't meet your wants/needs, but it's not meant for you anyway because you're not special". What am I supposed to do with that?!? It's simple, if you're trying to meet the needs of the sort of people attracted to Linux Mint, then start putting some effort in, including addressing those limitations so that people who need/want the infernal Adobe flash player have a way of getting it both legally and easily. If you're not, then stop comparing the Linux Mint apple to the Debian orange. At this point in time, I've got a variety of complaints about Linux Mint, as it's far from perfect, but I'm not aware of a better alternative and Debian promoters aren't helping.
Posted Feb 23, 2016 4:40 UTC (Tue)
by rahulsundaram (subscriber, #21946)
[Link]
It should be obvious but I was referring to my response.
>do not be surprised when we aren't moved by the education we weren't seeking >and the rants telling us why your distribution is technically superior to the popular > one
Let's be clear. There is no "we" here. If Linux Mint suits your needs better, have a blast and use what you like, especially now that you are aware of the issues and get to make a informed choice on what you use. I absolutely did not make any claims of superiority here.
Posted Feb 24, 2016 20:49 UTC (Wed)
by Wol (subscriber, #4433)
[Link] (3 responses)
How was it that MicroSoft grew in the early days? Steal IP, bankrupt the competitor, then buy them out for cents on the dollar to forestall any legal issues?
Case in point - disk compression (was the company Stacker?)
Cheers,
Posted Feb 24, 2016 21:46 UTC (Wed)
by pizza (subscriber, #46)
[Link] (2 responses)
No, MS didn't have to resort to stealing -- instead they didn't use copy protection and turned a blind eye to piracy, but only long enough to put their (generally smaller) competitors out of business.
Posted Feb 25, 2016 19:32 UTC (Thu)
by Wol (subscriber, #4433)
[Link] (1 responses)
Cheers,
Posted Feb 29, 2016 13:20 UTC (Mon)
by nye (subscriber, #51576)
[Link]
So the story goes like this:
MS wanted transparent compression in MSDOS, because some of their competitors had it. One of the leading third party utilities was Stacker, and MS spent some time negotiating for it with Stac Electronics, but were unable to reach an agreement; instead, they bought an alternative from one of Stac's competitors and incorporated that into MSDOS.
Subsequently, Stac sued MS for violating the following two patents: http://www.google.co.uk/patents/US5016009, http://www.google.co.uk/patents/US4701745. They eventually settled for about $80 million. Whether you consider this a 'blatant steal' is going to depend on whether you believe in the validity of software patents in general, and these two patents in particular; reasonable people could hold different opinions on this question.
Microsoft at that point in time was pretty much the poster child for 'big evil corporation', so it's easy to believe that there was some seriously underhand stuff going on here, but there's not really any information publicly available to support that.
Posted Feb 24, 2016 20:53 UTC (Wed)
by Wol (subscriber, #4433)
[Link] (24 responses)
If non-developers don't speak up, then how are developers going to hear their voice?
"The Cathedral and the Bazaar" was written to compare the linux Bazaar with the FSF GCC Cathedral. GCC was developed in a closed echo chamber, which is why we got EGCS (or whatever it was called). And Xemacs, and probably a fair few other things as well.
We don't want Linux to move into an empty Cathedral - they do make lovely echo chambers :-)
Cheers,
Posted Feb 24, 2016 21:21 UTC (Wed)
by viro (subscriber, #7872)
[Link] (23 responses)
Posted Feb 25, 2016 0:28 UTC (Thu)
by Wol (subscriber, #4433)
[Link] (22 responses)
NB. What on earth do you mean by a "Wakefield"? Oddly enough, I was in Wakefield House at school, and my daughter now lives in Wakefield, and I don't have a clue what you mean by it ...
Cheers,
Posted Feb 25, 2016 1:21 UTC (Thu)
by viro (subscriber, #7872)
[Link] (21 responses)
As for C&B... Basically, it goes like this:
Linux development process violates <list of rules>. Normally one would expect that to lead to disastrous mess. Somehow it doesn't. Hypothesis: such-and-such technics used in said development process are sufficient to prevent an otherwise expected degradation. The author has set a project to test the hypothesis above, using those technics and violating the same list of rules. Result of experiment confirms the hypothesis.
The only problem is that his experiment *has* yielded a disastrous mess. If anything, it argues against his hypothesis. Claiming it as a confirmation is fraud, plain and simple. Waving that piece of crap for years and promoting it as major contribution to software engineering takes quite a bit of chutzpah...
Posted Feb 25, 2016 12:07 UTC (Thu)
by job (guest, #670)
[Link]
Posted Feb 25, 2016 19:39 UTC (Thu)
by Wol (subscriber, #4433)
[Link] (19 responses)
As someone who knows personally, someone who was seriously hurt by a vaccine that then got swept under the carpet, I'm afraid I don't agree that Andrew Wakefield was scaremongering. VACCINES ARE DANGEROUS and imho there is a concerted campaign of lying to make us believe they are safer than they are.
Note - I am most emphatically NOT saying vaccines are a bad thing - I think the advantages massively outweigh the disadvantages but, as I said, having had *PERSONAL* experience of the statistics being "fudged", and in the OPPOSITE direction to the one you state, I am afraid I am personally disposed to being on Mr Wakefield's side ...
Cheers,
Posted Feb 25, 2016 21:18 UTC (Thu)
by BlueLightning (subscriber, #38978)
[Link] (6 responses)
Posted Mar 1, 2016 1:14 UTC (Tue)
by Wol (subscriber, #4433)
[Link] (5 responses)
The reverse is also true - the evidence should be credible and reliable.
If you read what I said, I have personal proof that the evidence is not credible :-(
There is a "yellow card" system for reporting drug reactions etc. If you have proof that yellow cards *are being suppressed*, then you have no alternative but to conclude that the evidence vaccines are safe is not credible :-(
The worst case I've heard of is official statements that "there is no evidence that this vaccine is dangerous". It only took a few weeks ferreting by journalists to find the following case:
A lad went to the doctors for the vaccine. After the vaccine, he went home and went to bed. Four weeks later, he died, having never left his bed. His death was not officially linked to the vaccine, because of a directive issued to doctors, that said any events after three weeks could not be related.
Hang on? Of course you have no evidence that the vaccine has actually caused fatalities, because you've banned the recording of the evidence!!!
Or the girl that walked into the doctors for a (I believe rubella) vaccination, and left in a wheelchair. I don't believe she ever walked again, but it took a massive fight by her parents to force the doctors to report it.
As I said before, don't get me wrong, I do believe the benefits of vaccination massively outweigh the risks. But by refusing to accept that there ARE risks, we are actually doing ourselves a massive dis-service.
My wife is chronically ill. I'm exposed to health issues constantly. And I wanted to be doctor (never made it into medical school) so I'm personally very interested in this stuff...
Cheers,
Posted Mar 1, 2016 2:01 UTC (Tue)
by anselm (subscriber, #2796)
[Link] (4 responses)
Of course there are risks associated with vaccination. No reasonable person disputes that. There are risks associated with everything. Crossing the street is risky. However, as you correctly state, the risks associated with vaccination are very, very low and the benefits are huge, which makes vaccination worth doing on the whole.
Even if you are right and adverse effects from vaccinations are underreported by, say, a factor of 10 (i.e., only 1 out of 10 cases is actually reported and 9 cases are suppressed through negligence or malice), you're still statistically way more likely to become severely disabled or even die from some disease like measles than to become severely disabled or die from the vaccination. For measles, the fatality rate in Western countries is something like 0.3%, or 3 cases out of 1000, while the fatality rate from measles vaccinations is considerably less than 3 cases out of 1,000,000. That's more than three orders of magnitude right there, so even if – hypothetically – only 1 out of 100 adverse reactions was being reported and the other 99 suppressed, measles vaccination would still end up being a good idea by a comfortable margin. Widespread vaccination programmes have brought world-wide measles fatalities down from an estimated 2.6 million deaths per year in 1980 to around 100,000 in 2015.
Measles are very, very contagious. You can of course rely on “herd immunity” (i.e., the fact that almost everyone around you is vaccinated) and hope that you'll get away with not being vaccinated yourself because the measles virus will never get near you, but if enough people around you think the same thing, herd immunity will break down, measles outbreaks can happen – thanks to anti-vaxers this occurs a lot more often than it used to –, and eventually people will die. Herd immunity is important because there are people who cannot be vaccinated even if they wanted to, and it is up to the rest of us to protect them.
Posted Mar 2, 2016 0:49 UTC (Wed)
by dlang (guest, #313)
[Link] (3 responses)
if there is a vaccination for a disease that has a low activity rate in the general public, then a vaccination for that disease could very well be more dangerous than the disease is overall.
If you have something that one in 10,000 people catch, and the vaccination has a problem 1 in 1000 times, it is a net loss, even if the disease is 100% fatal if someone gets it without the vaccination.
Now, there aren't that many diseases that fall in this category, but if you are going to be arguing the risk statistics, you need to include this or you are in the statistics end of "lies, Damn Lies, and Statistics'
Posted Mar 2, 2016 2:09 UTC (Wed)
by mjg59 (subscriber, #23239)
[Link]
Posted Mar 2, 2016 2:11 UTC (Wed)
by raven667 (subscriber, #5198)
[Link]
This maybe a misunderstanding of the relevant statistics or of cause and effect, firstly a vaccine which causes more problems than it solves is not useful and so is not done in the legitimate medical field, but specifically to this case the reason that common diseases we vaccinate for are rare is _because_ we vaccinate for them, to the point of taking many diseases out of common circulation because there is not a critical mass of infectable hosts to sustain the disease organism population. Your hypothetical doesn't model anything in reality and is not useful.
Posted Mar 2, 2016 7:46 UTC (Wed)
by anselm (subscriber, #2796)
[Link]
Measles have a contagiousness index of 0.98, which means that if you're unvaccinated and exposed to the virus you're virtually certain to be infected. (The highest possible value would be 1, which means that everybody who is exposed is infected.) Not everybody who is infected with something actually shows symptoms – the “manifestation index” specifies how many people who are infected do exhibit the symptoms, and in the case of measles this is around 0.95.
So obviously the thing to do is to avoid being exposed to the measles virus in the first place, which is why vaccination against measles is so important. If most people in a community are vaccinated against measles, the resulting “herd immunity” means that the measles virus can't obtain a foothold, and this protects even those people who can't be vaccinated because they are too young (you have to be 1 year old or so to be vaccinated) or their immune system doesn't work as it should. Anti-vaxers can often get away with not vaccinating by hitching a free ride on herd immunity, and that creates the illusion that “I don't need to vaccinate because in reality nobody actually ever gets measles, it's all a scam by Big Pharma”. This goes wrong when there are too many anti-vaxers bunched together. For example, here in Germany measles outbreaks, if they occur, often occur in and around Steiner schools, where anti-vax is a big thing and there is no herd immunity.
The reason we don't see many measles cases in the Western world these days is that widespread vaccination has pushed the disease way back compared to, say, 50 years ago. The measles virus has no non-human host so in theory it would be possible to eradicate it completely like the smallpox virus or (almost) the polio virus, but we're not quite there yet; the fact that it is so contagious doesn't make things easier, either.
One disease which is almost similar to what you're describing is rabies, which is why we don't vaccinate everybody against rabies on the off-chance. Rabies is pretty rare in most places, but there is no cure – if you do catch it you're practically certain to die from it. The rabies vaccination isn't problematic in the way you describe, but it is a very unpleasant experience (though way less unpleasant than the disease itself, and it does have the considerable advantage that in the vast majority of cases it won't kill you like rabies does). Fortunately you can still get vaccinated against rabies after you're exposed to the virus but before you start exhibiting symptoms, so that is the usual approach.
Posted Feb 26, 2016 9:27 UTC (Fri)
by anselm (subscriber, #2796)
[Link] (10 responses)
The problem with Wakefield isn't that he said vaccines are dangerous. The problem with Wakefield is that he was out to discredit the popular measles-mumps-rubella (MMR) combination vaccine because he had a financial stake in a measles-only vaccine (so Wakefield wasn't actually “anti-vaccine” at all). He basically made up some data to support his claim that the MMR vaccine causes autism, which according to the overwhelming scientific consensus, based on numerous large studies from various places around the world, is complete and utter BS. Being “on Mr Wakefield's side” is basically being on the side of crookery and scientific fraud.
Sometimes – very occasionally – people do react very badly to vaccines. This does not detract from the fact that vaccination is the #1 public-health intervention in terms of lives saved all over the world. Pretty much the sole reason why there are anti-vaccine activists in the Western world at all is that vaccines have helped us eradicate or push back terrible diseases such as smallpox, polio, diphtheria, measles, or pertussis to a point where people aren't confronted with them any longer on a daily basis, so they have no mental picture of exactly how terrible these diseases are.
Posted Feb 26, 2016 20:01 UTC (Fri)
by Wol (subscriber, #4433)
[Link] (9 responses)
Or, like me, they've seen the bad side of vaccines at first hand, and also experienced the reports being swept under the carpet and ignored ... :-(
Cheers,
Posted Feb 26, 2016 20:53 UTC (Fri)
by anselm (subscriber, #2796)
[Link]
It is necessary to balance the risk of serious vaccine side effects (which is very, very low – 1 in hundreds of thousands of vaccinations or less, and that's counting all sorts of things that don't have a clear causal relationship to the actual vaccination) against the risk incurred by not vaccinating, which is way higher, especially in communities where there is insufficient “herd immunity” because there are too many anti-vaxers. The problem is that by not having yourself or your kids vaccinated, you're endangering people who cannot be vaccinated at all because they're too young or immunocompromised and have to rely on herd immunity to ensure that infectious diseases (like measles or polio) don't come near them.
We see this in real life with the recent measles outbreaks in the US or Germany. Here in Germany, these usually take place in or around Steiner schools, where parents tend to be against vaccination. Anti-vaxers often claim measles are just a harmless childhood disease, but in fact measles (or complications from measles) can severely disable or kill you and that happens far more often than any sort of serious vaccine side effect. More than 300 people worldwide die of measles per day (115000 deaths in 2014, according to the WHO), usually in places where there are no vaccination programs. Even in Germany, at least one child died recently during a measles outbreak, and it is overwhelmingly likely that this could have been prevented by vaccination.
There is a certain risk to vaccination but the risk/benefit ratio is so clearly in favour of this very important public-health measure that scaring people away from it is disingenuous. In fact, people who think vaccination is too risky should never use a car, bus, or bicycle, because the risk of getting seriously injured or killed in a traffic accident is orders of magnitude greater, even if you believe that serious vaccine side effects are consistently underreported.
Posted Feb 26, 2016 23:15 UTC (Fri)
by Cyberax (✭ supporter ✭, #52523)
[Link] (7 responses)
UK has something similar: https://www.gov.uk/vaccine-damage-payment/overview
Posted Mar 1, 2016 1:22 UTC (Tue)
by Wol (subscriber, #4433)
[Link] (6 responses)
So you're telling me my personal experiences are fake?
Anyway, who gives a **** about a court and compensation (and what happens in reality probably isn't as nice as you'd like to think).
My point was that reports of bad reactions to vaccines (and, presumably, other medicines) GET SUPPRESSED!!! Some doctors are good, and will fill in a yellow card as a matter of course. Unfortunately, many doctors will not, and have to be forced to. Which many patients are not prepared to do!!! So the *evidence* that vaccines are safe is seriously compromised :-(
What you say is nice in theory. The reality is, it probably doesn't work that well in practice - many people do not get (often, do not WANT) compensation. And don't have the energy to fight the system, anyway.
Again, I have PERSONAL EXPERIENCE of this - my wife (imho) has been injured by a medical mistake. We don't want compensation - we just wish it had never happened. And, as so often is the case, it's only in hindsight that we realised what had happened.
Cheers,
Posted Mar 1, 2016 2:15 UTC (Tue)
by Cyberax (✭ supporter ✭, #52523)
[Link] (5 responses)
> Again, I have PERSONAL EXPERIENCE of this - my wife (imho) has been injured by a medical mistake.
Pretty much the only medical mistake is NOT getting a vaccine absent clear contraindications.
Posted Mar 1, 2016 8:29 UTC (Tue)
by anselm (subscriber, #2796)
[Link] (4 responses)
To be fair, he never said that his wife's problems had anything to do with vaccination. Even with modern (science-based) medicine, stuff sometimes Goes Wrong, and that can of course be devastating to the people concerned. It's probably a good idea not to put too much blind faith in what a medical doctor tells you – second opinions are generally available – but if you consider the alternatives to modern science-based medicine you will quickly find out that there really aren't any that on the whole are anything near as successful.
As far as adverse vaccine side effects are concerned, there may be some underreporting going on but personally I don't think that this happens enough to make a significant dent in the risk/benefit ratio (as I said in my other message, a 3.5-order-of-magnitude difference in fatality rates is hard to beat). When you're talking about adverse vaccine side effects, it's also worth remembering that pretty much anything bad that happens to you after a vaccination may be (and often is) written up as an adverse side effect. There doesn't have to be an obvious cause-effect relationship. In principle, if you step out of the doctor's office after your vaccination and get hit by a car in the road, that can go into the database as an adverse side effect of your vaccination.
Finally, different countries operate their own separate tracking systems for adverse vaccine reactions. Since these all agree that the risks of vaccination are vanishingly small, there must be a global conspiracy going on where doctors and public-health organisations everywhere collude in playing down vaccination side effects, and that becomes progressively more unlikely the bigger the conspiracy needs to be.
So, people, get vaccinated. It's really quite safe and it helps protect you and the people around you from all sorts of nasty, debilitating, and possibly lethal diseases, including nasty diseases that we don't know how to make better once you actually have them.
Posted Mar 1, 2016 10:42 UTC (Tue)
by Wol (subscriber, #4433)
[Link] (3 responses)
It was painkillers, actually. And now she can't walk without sticks, or walk very far ...
> It's probably a good idea not to put too much blind faith in what a medical doctor tells you – second opinions are generally available –
: -) Including using your own common sense. But the painkiller incident was lack of experience (by a very well-respected Doctor!), and all too often this does boil down to experience or lack thereof. The more I experience of the system, the more I see its failings in sharing experiences ... :-(
> but if you consider the alternatives to modern science-based medicine you will quickly find out that there really aren't any that on the whole are anything near as successful.
Which is why I repeatedly stress that I'm in favour of this stuff. I just come across far too much evidence of dishonest (typically American sharp) practice. Unfortunately, I get the impression that Cyberax is very insular and thinks "everyone does it the American way". THEY DON'T.
We have a major advantage over here in that health care is free. If it wasn't, we'd probably be destitute trying to pay for my wife's care. But that has the side effect that when things go wrong, we get "the linux warranty attitude". In other words, they'll refund us what we paid for it - nothing. But if it's cost you your job, your health, etc etc that's a pretty appalling attitude. And sadly, it is NORMAL over here. Too many people (including Cyberax) take the "I'm all right, Jack" attitude. Until it happens to them. And then they scream and say "why isn't anybody doing anything!?!?". Well, I'm trying to do something, because it's happened to us, but it's hard work against the megaphone of "I'm all right".
Cheers,
Posted Mar 1, 2016 16:46 UTC (Tue)
by nix (subscriber, #2304)
[Link]
And this has nothing whatsoever to do with vaccines. My twin brother died because of pretty staggering levels of medical incompetence, but that doesn't mean I think vaccines are bad or even that doctors are evil or covering anything up: I just think that doctors should go back for retraining every so often (the doctor who accidentally killed my brother at birth through failing to notice that he existed was almost forty years out of training and probably still believed in the leech cure). Mind you it is fairly hard to cover up dead people, except literally.
Posted Mar 1, 2016 18:47 UTC (Tue)
by Cyberax (✭ supporter ✭, #52523)
[Link]
However, there's nothing gray about vaccines - it's completely black and white. You should always get vaccinated against common diseases in the absence of clear direct contraindications (allergy to components of vaccines, weakened immune systems due to HIV/cancer/...).
Other medical procedures and medications are more complicated (painkillers, antidepressants, ADHD drugs) and there absolutely is a lot of potential for medical mistakes. Not so with vaccines.
Posted Mar 7, 2016 12:28 UTC (Mon)
by paulj (subscriber, #341)
[Link]
Posted Mar 2, 2016 2:40 UTC (Wed)
by paulj (subscriber, #341)
[Link]
However, that has no bearing on the fact that Wakefield's research was dishonest, manipulated and did not show any link of MMR to autism. Further, his experiments were also highly unethical in subjecting *children* to non-negligible spinal injury risks by carrying out *wholly unnecessary* lumbar puncture procedures.
Just cause you know someone who had some (I assume) unrelated bad experience with vaccines is most definitely not a good reason to start looking favourably on Wakefield or his work.
Again: Wakefield's "MMR causes autism" studies were *complete bull-crap*, and highly dangerous bull-crap.
Posted Feb 23, 2016 1:06 UTC (Tue)
by viro (subscriber, #7872)
[Link]
Posted Feb 24, 2016 14:34 UTC (Wed)
by sneex (guest, #107267)
[Link]
Posted Feb 24, 2016 17:32 UTC (Wed)
by anselm (subscriber, #2796)
[Link]
End users would probably like all sorts of things that are not within the power of a Linux distribution to provide. I'm pretty sure many end users would greatly enjoy a Linux distribution that came with a free copy of Microsoft Word (running under WINE or something) but not even Linux Mint goes there.
When you make a Linux distribution, you have the basic choice between producing something that obeys applicable laws and therefore must, sadly, omit some stuff that many users would really like to have but that can't be freely distributed, and producing something that includes the stuff in question but ignores the legal issues around it. So far, Linux Mint seems to have successfully evaded the attention of those entities that sue people for distributing stuff they're not supposed to distribute, but that may only be due to the fact that there isn't much point in suing the Linux Mint guys – they don't have the sort of money in the bank that would make suing them worthwhile. This is an option that the bigger outfits like Red Hat, Novell, Ubuntu, or even Debian don't have, so they prefer to obey the law when they have to. It also puts a practical limit on the size that an operation like Linux Mint can attain in its present form, because once they get big enough, money-wise, to become a worthwhile target they will have to rethink how they do things, or the owners of the stuff that they're ripping off today will come for them after all.
Posted Feb 22, 2016 5:38 UTC (Mon)
by pr1268 (guest, #24648)
[Link] (3 responses)
From the 2nd link: I'm wondering if their own server was installed from an infected ISO image—thus explaining the hackers' access (and "second" attack) through what's likely a rootkit backdoor. If so, then for how long? Spooky, indeed.
Posted Feb 23, 2016 4:14 UTC (Tue)
by rahvin (guest, #16953)
[Link] (2 responses)
This is because Wordpress is used extensively, it's one of the top CMS website products and as such it's a huge target written in a crappy language and has rotten security. There are security exploits right down to root vulnerabilities in Wordpress discovered nearly every day.
Posted Feb 23, 2016 11:38 UTC (Tue)
by Felix (subscriber, #36445)
[Link] (1 responses)
I think you mean privilege escalation exploits *within Wordpress* so attacker get admin access for the Wordpress instance (and hence something like "shell access") - the ability of getting (Linux) root access is not affected by Wordpress (besides it being the initial attack target). However I have to say that Wordpress' auto-updates feature often makes it more secure than other PHP CMS systems which are updated ... very rarely (aka never).
Posted Feb 24, 2016 1:39 UTC (Wed)
by rahvin (guest, #16953)
[Link]
Posted Feb 21, 2016 22:20 UTC (Sun)
by amacater (subscriber, #790)
[Link] (1 responses)
Linux "Polo" Mint - the Mint with the hole (TM)**
This is one of the reasons that derivatives of derivatives become a relative nightmare. I gave up maintaining the LDP Linux Distributions HOWTO I don't know how many years ago because there were too many to count.
Fundamentally, Debian was forked to Ubuntu in 2004 which has since forked a couple of hundred times. I'm _incredibly_ biassed in favour of Debian because I have to fix problems in Ubuntu-based distributions and everyone in Debian and around has to become the 2 x upstream advice givers because the user communities around the distributions are sometimes insufficiently mature or large to support themselves.
I feel really sorry for Clem - it's a nasty thing to wake up to and he's been working hugely hard. The sysadmin in me hurts for him - but it may be a wake up call for others.
Use good hashes, ask users to verify them routinely. Don't host unrelated services on the same machine (don't use Wordpress, phpBB, Webmin or a few other difficult areas).
** As distinct from the joke current when the UK Royal Mint moved from London to Llantrisant in South Wales - "LLantrisant, the hole with a mint in it :) "
Posted Feb 22, 2016 17:12 UTC (Mon)
by SiliconSlick (guest, #39955)
[Link]
And here I was expecting something like... "MintOS... the fresh (bug) maker" (except better).
Posted Feb 24, 2016 10:14 UTC (Wed)
by pflugstad (subscriber, #224)
[Link]
Posted Feb 24, 2016 14:03 UTC (Wed)
by sneex (guest, #107267)
[Link] (10 responses)
Posted Feb 24, 2016 14:16 UTC (Wed)
by pizza (subscriber, #46)
[Link] (9 responses)
"Cutting them some slack" would also be quite hypocritical. If we, as a community, advocate for violating the "IP" rights of others, we don't get to complain when someone else does the same to ours.
Posted Feb 24, 2016 14:45 UTC (Wed)
by sneex (guest, #107267)
[Link] (5 responses)
Posted Feb 24, 2016 15:23 UTC (Wed)
by pizza (subscriber, #46)
[Link] (4 responses)
(And of course folks will prefer to have multimedia support over one that doesn't. But that doesn't mean it's legal to give them what they want, for free.)
Posted Feb 24, 2016 16:22 UTC (Wed)
by sneex (guest, #107267)
[Link] (3 responses)
As I stated earlier in this portion of the thread even OpenSuse is easier than Debian or RHEL ... now I suppose you will say they are also in violation?
Posted Feb 24, 2016 16:26 UTC (Wed)
by sneex (guest, #107267)
[Link] (1 responses)
Posted Feb 24, 2016 17:02 UTC (Wed)
by pizza (subscriber, #46)
[Link]
But I think it's fair to point out they're accomplishing some of that by ignoring the law and hoping that organizations that like to wield big legal cudgels fail to notice.
Posted Feb 24, 2016 16:53 UTC (Wed)
by pizza (subscriber, #46)
[Link]
This situation didn't come about because RH or Debian is hostile to (or doesn't care about) end-users, it's because their lawyers say that bundling patent-encumbered codecs so would open themselves up to massive, massive liability should the (extremely litigious) patent holders decide to go after them.
(It's not a matter of right/wrong, morality, or ethics. It's a matter of legality..)
But for Fedora and RHEL at least, a simple google search will provide the instructions to enable the third-party repositories and the packages to install. IIRC Debian has a similar method. I can't comment about OpenSuse, as I've never so much as looked at it.
Posted Feb 24, 2016 21:01 UTC (Wed)
by Wol (subscriber, #4433)
[Link] (2 responses)
Bear in mind it sounds to me like Mint is French. Certainly the name of the chief developer suggests it.
In which case, they CAN NOT be violating European patent law.
Aiui, they also CAN NOT be violating US SCOTUS precedent on patent law.
The fact that the patent lobby would have us believe otherwise, and want to enforce their illegally granted patents against us, is part of the tragedy.
(Hint - if it fits on a CD, then it's Maths. Maths is unpatentable in the US. If it's Maths, then it is also a Computer Program. Besides maths being unpatentable in the EU, Computer Programs are *explicitly* unpatentable, too.)
Cheers,
Posted Feb 24, 2016 21:43 UTC (Wed)
by pizza (subscriber, #46)
[Link] (1 responses)
http://www.mpegla.com/main/programs/AVC/Documents/avc-att...
Just going on the European country codes I recognize, I see Germany, Spain, UK, Italy, Denmark, Poland, the Netherlands, and yes, even France. And that's only eight pages into a 94-page document.
If the Linux Mint folks are based in any of the countries on that list, they're exposing themselves to ruinously expensive risks should any of the patent holders decide to make an example of 'em. (It's not the actual damages so much as the cost of defending themselves)
Posted Feb 25, 2016 0:34 UTC (Thu)
by Wol (subscriber, #4433)
[Link]
Then hopefully, we would get ALL software patents overturned at a stroke. The problem is, American companies are quite happy to use the *threat* of a lawsuit as a weapon.
But if someone did take Mint to court, I hope all the Free Software bods out there, and a lot of others as well, would all pile in and prove the point "It's Maths, it's a Computer Program, both SCOTUS and the EU Patent Treaty say it is not patentable material".
At the end of the day, it's a case of how much moral fibre you have. Do you cave in to baseless threats? And as far as patents go, ALL threats are BASELESS.
Yes I know - the problem is "can you afford the cost of proving it?".
Cheers,
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
OpenBSD signify
http://www.openbsd.org/papers/bsdcan-signify.html
Benefits:
- Easy to use
- Really tiny keys!
Example: https://download.gnome.org/misc/promo-usb/gnome-3.18.x86_... (do a wget -S on https://download.gnome.org/misc/promo-usb/gnome-3.18.x86_...)
OpenBSD signify
OpenBSD signify
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
it seems like the download pages still point to the hacked ISOs.
[...]
this is a second attack so it means we’re still vulnerableLinux Mint downloads (briefly) compromised
> [2] https://wiki.debian.org/DontBreakDebian#Don.27t_make_a_Fr...
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
> they are mixing their own binary packages with binary packages from Debian and Ubuntu without rebuilding the latter
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
It looks more like they took Ubuntu, added their packages, and called it a distribution.
What is the larger scope here? What is it in Mint apart from the installer and the desktop environment that differs from regular Ubuntu or Debian?
Linux Mint downloads (briefly) compromised
If Ubuntu is a distribution, and Linux Mint took it, added their packages, and re-distributed it under their own branding, how is Linux Mint *not* a distribution?
Again, I think you're underestimating how far Linux Mint has diverged since their fork. There are many more differences between Linux Mint & Ubuntu or Debian than just the installer & desktop environment
Linux Mint downloads (briefly) compromised
apt-get install --install-recommends linux-generic-lts-wily
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
given all the shortcomings you see, why is Linux Mint so popular?
and call misguided innovation on the desktop. The fads of the day.
Linux Mint downloads (briefly) compromised
and call misguided innovation on the desktop. The fads of the day.
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
I agree that creating a boutique distribution in order to circumvent disputes with the Gnome devs over the direction of their software is a waste of resources (ie: time/money/etc), but this isn't a completely irrational decision.
Linux Mint pre-dates the GNOME 3 kerfuffle by a significant margin. Their original goal, that led to their early popularity growth, was out-of-the-box ease-of-use above all else, including legality. See glaubitz comments in this thread for more detail.
Linux Mint downloads (briefly) compromised
> exclusive. So it was a huge pain in the ass for users to try out Gnome 3 and then go back to Gnome 2 when they realized it was not mature enough for their purposes.
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
and call misguided innovation on the desktop. The fads of the day.
Linux Mint downloads (briefly) compromised
> support and in the end it's solely up to you to make sure all the necessary security updates
> are actually installed. If pre-installed multimedia codecs are more important to you than a
> secure system, it's your decision.
responses, but no patch for Mint has shown up in my patch queue immediately or
very soon thereafter. (I know about the "banned" packages and I have flipped the
switch so I can see them and decide; I am not worried over local attacks, so grub
can wait.)
the package management's trust in the network and its resultant vulnerability to
man-in-the-middle attacks -- including those unintentional ones known as captive
portals -- which would *disable* security updates entirely. (Debian 710229;
Launchpad 1055614; and many others.)
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Wol
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Wolo
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Wol
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
>> don't realize that they may not be getting the best software update management solution
> not most distributions aren't) but there are limitations to what can be done.
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Wol
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Wol
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Wol
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Wol
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Wol
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Wol
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
you are ignoring one factor. how many people catch measles vs how many you are vaccinating.
If you have something that one in 10,000 people catch, and the vaccination has a problem 1 in 1000 times, it is a net loss, even if the disease is 100% fatal if someone gets it without the vaccination.
Linux Mint downloads (briefly) compromised
I am afraid I am personally disposed to being on Mr Wakefield's side ...
Linux Mint downloads (briefly) compromised
Wol
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Wol
Linux Mint downloads (briefly) compromised
No, they're not. At least in the US they are registered centrally: https://vaers.hhs.gov/data/index - it's even available for download. And the reporting is _mandatory_ for doctors.
Sorry, nope. I don't believe you or your wife. Vaccines are extremely safe unless you have a direct allergy to one of the components.
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Wol
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Nope. I'm not even an American.
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
It's really simple. If your distribution is not the popular one, then you are not doing some things the way end users want them done.
"briefly" compromised?
However, the Linux Mint team managed to discover the hack, cleaned up the links from their website quickly, announced the data breach on their official blog, and then it appears that the hackers compromised its download page again.
"briefly" compromised?
"briefly" compromised?
"briefly" compromised?
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux "Polo" Mint - the Mint with the hole (TM)**"
Hacker explains how he put "backdoor" in hundreds of Linux Mint downloads
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Wol
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Wol