Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Posted Feb 22, 2016 16:20 UTC (Mon) by welinder (guest, #4699)In reply to: Linux Mint downloads (briefly) compromised by glaubitz
Parent article: Linux Mint downloads (briefly) compromised
given all the shortcomings you see, why is Linux Mint so popular?
For me, the answer is that Linux Mint protects the users against what I will be nice
and call misguided innovation on the desktop. The fads of the day.
Posted Feb 22, 2016 17:11 UTC (Mon)
by rahulsundaram (subscriber, #21946)
[Link] (9 responses)
Don't see why you need one particular distribution for that. You can very well Cinnamon and Mint in any number of other Linux distributions.
Posted Feb 22, 2016 18:51 UTC (Mon)
by drag (guest, #31333)
[Link] (8 responses)
Regardless of what you think about package managers the fact that it's extremely common to create various 'spins' or 'flavors' of this or that Linux distribution should be telling of a fundamental problem with lack of flexibility with Linux systems.
It's a bit of a confusing problem, of course.
The deal is with most operating systems the operating system itself does not promise the ability to support multiple desktop environments. Windows does not support anything beyond a 'classic' theme'd interface versus a new one. It doesn't have 30 different flavors of desktop, even though it's very possible to that in Windows. Similar thing with OS X. This means that Linux distributions have created a significantly higher level of complexity for themselves versus those from other operating systems.
With Linux the distributions promise the ability to let you install whatever desktop environment you want, but they fail to deliver it in a way that is easy for users to deal with. For most users it's easier to install a entire new linux operating system then it is to (say) try out Gnome and then install KDE and try that.
Why do I know this? Because it's exactly what users choose to do. It's just a question of figuring out _why_ this happens.
And it's even deeper then that...
A major part of the 'cinnamon' vs 'mate' vs 'gnome 2' vs 'gnome 3' is that the Gnome devs made it the unfortunate choice of making Gnome 2 and mutually Gnome 3 exclusive. So it was a huge pain in the ass for users to try out Gnome 3 and then go back to Gnome 2 when they realized it was not mature enough for their purposes.
Why did Gnome decide to do this? Well... the general inability for Linux distributions to make it easy to manage software installations and switch environments is a major cause of this.
Posted Feb 22, 2016 19:03 UTC (Mon)
by rahulsundaram (subscriber, #21946)
[Link]
Without Linux distributions, Linux is just a kernel and nothing more. Application deployment was limited to ./configure dance cycles for a long time and distributions made it very much easier to install and consume applications very quickly. The world around has changed dramatically since the early days and while distributions have somewhat tried to cope with that, they haven't caught up fast enough. xdg-app and GNOME Software seems pretty promising IMO, incidentally, both of which are very much a distro driven solution to the above mentioned problem.
Posted Feb 23, 2016 2:40 UTC (Tue)
by Beolach (guest, #77384)
[Link]
Posted Feb 23, 2016 9:53 UTC (Tue)
by ovitters (guest, #27950)
[Link] (4 responses)
That is a very inaccurate representation. None of the GNOME 2.x versions can be installed at the same time. That has been the case for the entire 2.x. Going to 3.x for loads of components just meant changing the major version from a "2" to a "3". If you couldn't install 2.2 and 2.32 at the same time, changing a major version doesn't make that "suddenly happen".
Saying GNOME made a choice to make it mutually exclusive is therefore incorrect. It wasn't possible, and we didn't do anything to make all the components installable at the same time. But that is vastly different from suggesting that was a choice that it should be this way. One can be used to suggest bad faith. That's not what happened.
This discussion happened in the open on desktop-devel-list whereby it was mentioned it was good to have, but we lacked the development effort and would appreciate people (distributions) to help out. Various distributions were aware of this discussion but didn't have the development resources.
Posted Feb 23, 2016 17:37 UTC (Tue)
by bronson (subscriber, #4806)
[Link] (3 responses)
It's true that GNOME didn't prioritize allowing 2 and 3 to be installed at the same time. In retrospect, do you suppose this was a mistake? (you know I do of course...)
Posted Feb 23, 2016 21:17 UTC (Tue)
by ovitters (guest, #27950)
[Link] (1 responses)
Posted Feb 23, 2016 21:54 UTC (Tue)
by bronson (subscriber, #4806)
[Link]
Then, I followed with a 100% honest question that I have: now, with some hindsight, could things have been done differently? Could things have been better if GNOME had prioritized 2 and 3 being installable in parallel? (my apologies for using the word 'mistake', though I don't see why that word choice shouldn't derail the conversation. hope you accept this slight rewording).
Not sure where you're finding whining and ulterior motives... I'm really not that complex a person.
Posted Feb 24, 2016 1:59 UTC (Wed)
by raven667 (subscriber, #5198)
[Link]
I think the point was that the rest of the GNOME team didn't have the time or inclination to do the work that the MATE team did, not that this work was literally impossible. There is a real question as to whether the GNOME team could have done more to absorb or recruit the new developers who ended up making MATE so that GNOME would have had the resources to ship both versions simultaneously, but there may be more fundamental political disagreement that would prevent this collaboration from happening. There is also the possibility that this couldn't have been done in a non-disruptive fashion because the motivation to maintain GNOME2 wasn't there until distros starting shipping GNOME3 in large numbers to disgruntle enough developers to do the work.
Posted Feb 24, 2016 14:25 UTC (Wed)
by sneex (guest, #107267)
[Link]
Posted Feb 22, 2016 17:15 UTC (Mon)
by glaubitz (subscriber, #96452)
[Link] (51 responses)
One of the main reasons for being popular is the fact that they do not care about licensing issues. They ship their ISO files with pre-installed Adobe Flash, Oracle Java packages as well as multimedia codecs (which people want) which violate intellectual copyrights and patents. Unless the maintainers of a distribution want to violate copyright laws intentionally and make themselves attractive targets for lawyers, there is nothing they can do to alleviate that. Debian and other aren't not shipping those packages because they want to make life hard for their users, it's because they cannot, legally speaking.
Canonical - as a company - was able to negotiate contracts with companies like Skype or Adobe, so they can offer the software packages of these companies in their third-party repositories, but it would still be illegal to ship software like libdvdcss2 in most countries. However, there are no companies behind distributions like Arch, Gentoo or Debian and they therefore cannot negotiate such contracts.
Again, the stance of the Mint developers - namely Clement Levebfre - is simply that they don't care about such issues which is already very dubious in the first place, not even mentioning the security issues they have.
> For me, the answer is that Linux Mint protects the users against what I will be nice
Well, again, you're free to use anything you like. But please be aware of the fact that Linux Mint does not provide any reasonable security support and in the end it's solely up to you to make sure all the necessary security updates are actually installed. If pre-installed multimedia codecs are more important to you than a secure system, it's your decision.
Posted Feb 22, 2016 20:43 UTC (Mon)
by welinder (guest, #4699)
[Link] (8 responses)
That is really just scare mongering.
I have yet to encounter a situation where a cve report has had Debian and Ubuntu
Now, compare that non-situation to Debian's years of dragging feet regarding fixing
Posted Feb 22, 2016 20:57 UTC (Mon)
by glaubitz (subscriber, #96452)
[Link] (7 responses)
No, it's not. It's based on actual facts.
> I have yet to encounter a situation where a cve report has had Debian and Ubuntu responses, but no patch for Mint has shown up in my patch queue immediately or very soon thereafter. (I know about the "banned" packages and I have flipped the switch so I can see them and decide; I am not worried over local attacks, so grub can wait.)
You may be aware of blacklisted package updates, but many users are not. I'm sorry, but making security updates *optional* is not up for discussion, on any operating system. Period.
And, as I have explained before, Linux Mint does not issue security advisories, so you - as a Linux Mint user - have no immediate and easy way to quickly verify whether your particular version of Linux Mint is affected by a certain CVE.
On Debian, I open up Google and type "Debian CVE-2015-7547" and I am immediately presented with a website which shows me which versions of Debian are affected by the recent glibc vulnerability and which are not. You *cannot* do that on Linux Mint which therefore disqualifies itself for any professional use. End of discussion.
> Now, compare that non-situation to Debian's years of dragging feet regarding fixing the package management's trust in the network and its resultant vulnerability to man-in-the-middle attacks -- including those unintentional ones known as captive portals -- which would *disable* security updates entirely. (Debian 710229; Launchpad 1055614; and many others.)
Did you actually read the bug reports you linked? The original report for Debian's #710229 was filed on May 29, 2013 and on September, 01 2014, David Kalniskies [1] comments:
> As said, this isn't the fix for the problem of the initial reporter, though. This problem should be solved with earlier versions we released since the last Debian stable release, so I am closing this bug anyhow. I can't pin-point a specific version as there are many cornercases and we had various iterations fixing some (and opening new venues in the process).
So your argument is a strawman. And, even if it was valid, the problem would affect Linux Mint as since Mint uses most of Debian's packages unmodified, including apt, so I don't really understand why you would bring up in the first place.
> [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710229#17
Posted Feb 23, 2016 11:11 UTC (Tue)
by Wol (subscriber, #4433)
[Link] (6 responses)
> You may be aware of blacklisted package updates, but many users are not. I'm sorry, but making security updates *optional* is not up for discussion, on any operating system. Period.
So you'd be quite happy to see your *business* *critical* *application* taken down by an unrelated security update?
There are reasons why sysadmins blacklist ALL updates, *including* security ones. I'm not saying that's a good attitude. I'm not saying it's a wise attitude. I'm saying sometimes it's an extremely pragmatic one - after all, you wouldn't want your heart monitor in the ICU taken out by a security update, would you?
(And yes, I've had packages unexpectedly taken out by updates. Fortunately I don't have anything critical.)
Cheers,
Posted Feb 23, 2016 12:10 UTC (Tue)
by glaubitz (subscriber, #96452)
[Link] (2 responses)
If you're having *business* *critical* *applications*, you run your **OWN** test upgrades on a **TEST SYSTEM** anyway **prior rollout**, to make sure nothing breaks.
What a stupid strawman argument is that?
And if you're running a *business* *critical* *applications* on something as unsupported as Linux Mint as compared to Debian, RHEL or SLES, you should be fired from your job anyway!
> There are reasons why sysadmins blacklist ALL updates, *including* security ones. I'm not saying that's a good attitude. I'm not saying it's a wise attitude. I'm saying sometimes it's an extremely pragmatic one - after all, you wouldn't want your heart monitor in the ICU taken out by a security update, would you?
Again, if your heart rate monitor in the ICU runs Linux Mint, you would be fired immediately. Particularly medical environments require **CERTIFIED** hard- and software and I can **guarantee** that you would never get **ANY** certification for a hobbyist Linux distribution.
> (And yes, I've had packages unexpectedly taken out by updates. Fortunately I don't have anything critical.)
Then you were not doing your job properly and testing the updates in a testing environment prior rollout which is what **every responsible system administrator** will do.
Can we please stop with these idiotic strawman arguments? Seriously!
Posted Feb 23, 2016 21:58 UTC (Tue)
by Wol (subscriber, #4433)
[Link] (1 responses)
> If you're having *business* *critical* *applications*, you run your **OWN** test upgrades on a **TEST SYSTEM** anyway **prior rollout**, to make sure nothing breaks.
> What a stupid strawman argument is that?
You're assuming that updates are *optional* - that, as sysadmin, I can block them til *I'm* ready, which may be never. Yet a post ago you were saying that they should NOT be optional, that they get force installed. Either you're happy with the sysadmin delaying them (ie they're optional), or they get force-installed and who cares if it crashes a critical system.
> And if you're running a *business* *critical* *applications* on something as unsupported as Linux Mint as compared to Debian, RHEL or SLES, you should be fired from your job anyway!
What if the boss won't pay for support? What if it's not your decision? Unfortunately, the real world isn't as nice and clean cut as you'd like.
And note, I didn't say I thought deferring security updates was a good idea. But I certainly don't think *forcing* security updates is a good idea. I was just making the pragmatic observation that updates break systems. And if a security update breaks a critical application - where you cannot fix the app - then that security update MUST be ignored.
Oh - and who said I was actually running that app on Mint? There are an awful lot of - critical - apps that run on RHEL or SLES but are not supported by Red Hat or Novell. So what do I do if an RHEL update is forced on me that breaks my critical app - for which the *boss* won't pay support? And I've been there - it is a COMMON real-world scenario :-( (Bosses not paying support, that is, not updates breaking systems, fortunately.)
Cheers,
Posted Feb 24, 2016 8:45 UTC (Wed)
by Felix (guest, #36445)
[Link]
I think you're conflating separate issues in your argument. First of all I guess everyone agrees that a sysadmin must be able to choose the best time to install updates (including security fixes) if he should be in control of the system.
However there is a separate issue of default settings especially when these defaults are unlikely to be changed by users. I think it is dangerous of omitting security updates by default. Of course (and that can be done in any Linux distro I know) users/admins can disable updates themselves but at least you can hope they know what they are doing.
And the "update breaks business critical application" argument is a strawman for sure. If you have such an important software you must be able to deal with updates one way or another. Either you can rollback quickly or you test beforehand. Your boss might not give you the resources necessary to do that but some businesses don't do backups either. Still this isn't an argument to suppress security updates by default.
Posted Feb 23, 2016 12:18 UTC (Tue)
by tao (subscriber, #17563)
[Link] (2 responses)
Posted Feb 23, 2016 19:36 UTC (Tue)
by hitmark (guest, #34609)
[Link]
Posted Feb 23, 2016 21:47 UTC (Tue)
by Wol (subscriber, #4433)
[Link]
And yes, hospitals have had nasty shocks when their equipment (running, eg, XP) has rebooted unexpectedly thanks to an internet fix. I suspect the reason we don't hear much about it is a combination of "well, what do you expect, it's a computer", and the usual health service cover-ups of any problems. Plus, I'm not aware of any serious problems - yet!
Cheers,
Posted Feb 23, 2016 0:21 UTC (Tue)
by bournville (guest, #107227)
[Link] (41 responses)
> One of the main reasons for being popular is the fact that they do not care about licensing issues.
No, the main reason is that end users see what appears to be a complete desktop OS that does what they want, presents a desktop environment that looks like what they want, has a software update management system that appears to work as they'd like it too, seems to be well supported, and doesn't seem to be associated with developers choosing sides in incomprehensible political wars that mean nothing to end users. Whether appearances may be misleading is irrelevant. The same goes for licensing issues. What is wrong with you people? Take off your developer hats and your crusader vests every once in a while and make at least a little effort to see things through the eyes of real world users. It's really simple. If your distribution is not the popular one, then you are not doing some things the way end users want them done.
Okay, so you highlighted some problems with Linux Mint. I found them interesting as I didn't know about all of them. What I also don't know are users that want to use Debian or, indeed, any other Linux distribution, but I don't hang out with developers. Most people don't. Do you or do you not want we non-developers to flock to your distribution? Keep making your distribution technically superior while failing to address the things that attract so many of us to Linux Mint and nothing will change. I know a fair number of people using Linux Mint. None that I know of have any particular loyalty to Linux Mint. Improve your product so that it at least equals Linux Mint in the areas that are attracting us and we'll be knocking at your door. Linux Mint is currently more marketable than Debian to the wider world of potential users. It exists and succeeds because your distribution exists and is failing, at least in terms of that wider world. Stop pounding the pulpit and do something about that. Seriously.
Posted Feb 23, 2016 0:37 UTC (Tue)
by rahulsundaram (subscriber, #21946)
[Link] (37 responses)
Licensing isn't just a developer problem. If a proprietary software explicitly disallows redistribution, ignoring it isn't a realistic thing that you can expect distributions to do.
Posted Feb 23, 2016 1:32 UTC (Tue)
by bournville (guest, #107227)
[Link] (36 responses)
> Licensing isn't just a developer problem. If a proprietary software explicitly disallows redistribution, ignoring it isn't a realistic thing that you can expect distributions to do.
You're absolutely right, but missing the point. Most potential end users don't even realize there is a licensing issue, just as they don't realize that they may not be getting the best software update management solution (eg. missing some security updates). Perception is what matters. Ask anybody in marketing. One distribution includes Adobe flash and another doesn't. You developers think that's a licensing issue and as an underlying explanation you may be right. But do you honestly think that most potential users think "Ah ha, licensing!" at that point? No, they assume Linux Mint has a more complete solution, obviously having done whatever is required to achieve that, whereas you did not. Why should they assume that Linux Mint is somehow illegal? Honestly, that never even crossed my mind.
So, yes, licensing actually is "just a developer problem" in a context of this nature.
Posted Feb 23, 2016 1:59 UTC (Tue)
by rahulsundaram (subscriber, #21946)
[Link] (35 responses)
Well, I think you are. A core part of free and open software is the licensing model. If a distribution ignores licensing, they are muddying the waters and that feeds into the FUD about open source having weak "IP" foundations. This affects users in unexpected ways. We have been through the SCO debacle despite it being smoke and mirrors and let's not forget that too quickly.
>Most potential end users don't even realize there is a licensing issue, just as they > don't realize that they may not be getting the best software update management solution
Which is why it is important to educate users rather than ignoring it. This is LWN after all. It is fine to ask distributions to understand consumer desktop user needs better if that is the target of the distribution (many if not most distributions aren't) but there are limitations to what can be done. You should note that end users can and often are held liable in many legal issues.
If Linux mint has taken on the approach of getting explicit permission from vendors, that is fine. If they are implementing wrappers that download such software on demand like some other distributions, that is a clumsy but workable solution but please don't ask any other distribution to outright ignore licensing restrictions because it is "convenient". That is clearly unethical if not illegal. There are plenty of things that superficially seem irrelevant but in reality aren't. Security and licensing matters affect users all the time whether they realize it or not.
Posted Feb 23, 2016 2:33 UTC (Tue)
by viro (subscriber, #7872)
[Link] (3 responses)
Distributors can be sued *and* it just might be worth the effort. Simple as that...
Posted Feb 23, 2016 4:53 UTC (Tue)
by rahulsundaram (subscriber, #21946)
[Link] (2 responses)
Posted Feb 23, 2016 19:41 UTC (Tue)
by hitmark (guest, #34609)
[Link] (1 responses)
They effectively forked Firefox over a trademark issue, yet claim they needed to go systemd because the alternatives require too much effort to maintain.
I applaud their technical efforts, but in recent times their horse has gotten mighty high...
Posted Feb 23, 2016 20:33 UTC (Tue)
by MattJD (subscriber, #91390)
[Link]
I'm not sure this works towards your point. Firefox is "forked", in that they compile it themselves, which doesn't let them use the Firefox trademark. They don't need to modify Firefox for this even, it's included in Mozilla upstream. They aren't creating their own web browser.
There claim on systemd is that to maintain an entirely separate init system that they have to solo fix is too much effort. This isn't a matter of putting minor fixups on top of Firefox (the most they do), but maintaining the entire Firefox code base by themselves.
I'm sure Debian has made contradictory decisions in the past, but this isn't an example of one.
Posted Feb 23, 2016 4:21 UTC (Tue)
by bournville (guest, #107227)
[Link] (30 responses)
> Well, I think you are.
I rather doubt that, since I was referring to the point *I* was trying to make in my previous post. But, for the record, I've made no comment on the practical importance of ensuring licensing legalities. I totally agree with your concerns in this area. Every distribution should be legally sound, including Linux Mint, but that doesn't magically become something end users are aware of as an issue, much less checking for. Chances are that Microsoft has some licensing problems too, but I simply assume that Windows is a fully legal alternative.
>> Most potential end users don't even realize there is a licensing issue, just as they
> Which is why it is important to educate users rather than ignoring it. This is LWN after all.
I don't disagree and perhaps non-developers shouldn't speak up on LWN. But, as end users who are not developers nor FOSS activists, do not be surprised when we aren't moved by the education we weren't seeking and the rants telling us why your distribution is technically superior to the popular one that meets our needs/wants.
> It is fine to ask distributions to understand consumer desktop user needs better if that is the target of the distribution (many if
And so we come to the point. Linux Mint appeals to so many people because it does seem to be targeting consumer desktop users and in many ways is actually getting it right (from the perspective of the users, of course). What I hear from the Debian/FOSS detractors goes something like "Hey, stupid end user! You shouldn't prefer Linux Mint over Debian. Debian is better technically, better legally, better morally, and just generally awesome by every measure that we developers/activists care about. Okay, so it doesn't meet your wants/needs, but it's not meant for you anyway because you're not special". What am I supposed to do with that?!? It's simple, if you're trying to meet the needs of the sort of people attracted to Linux Mint, then start putting some effort in, including addressing those limitations so that people who need/want the infernal Adobe flash player have a way of getting it both legally and easily. If you're not, then stop comparing the Linux Mint apple to the Debian orange. At this point in time, I've got a variety of complaints about Linux Mint, as it's far from perfect, but I'm not aware of a better alternative and Debian promoters aren't helping.
Posted Feb 23, 2016 4:40 UTC (Tue)
by rahulsundaram (subscriber, #21946)
[Link]
It should be obvious but I was referring to my response.
>do not be surprised when we aren't moved by the education we weren't seeking >and the rants telling us why your distribution is technically superior to the popular > one
Let's be clear. There is no "we" here. If Linux Mint suits your needs better, have a blast and use what you like, especially now that you are aware of the issues and get to make a informed choice on what you use. I absolutely did not make any claims of superiority here.
Posted Feb 24, 2016 20:49 UTC (Wed)
by Wol (subscriber, #4433)
[Link] (3 responses)
How was it that MicroSoft grew in the early days? Steal IP, bankrupt the competitor, then buy them out for cents on the dollar to forestall any legal issues?
Case in point - disk compression (was the company Stacker?)
Cheers,
Posted Feb 24, 2016 21:46 UTC (Wed)
by pizza (subscriber, #46)
[Link] (2 responses)
No, MS didn't have to resort to stealing -- instead they didn't use copy protection and turned a blind eye to piracy, but only long enough to put their (generally smaller) competitors out of business.
Posted Feb 25, 2016 19:32 UTC (Thu)
by Wol (subscriber, #4433)
[Link] (1 responses)
Cheers,
Posted Feb 29, 2016 13:20 UTC (Mon)
by nye (subscriber, #51576)
[Link]
So the story goes like this:
MS wanted transparent compression in MSDOS, because some of their competitors had it. One of the leading third party utilities was Stacker, and MS spent some time negotiating for it with Stac Electronics, but were unable to reach an agreement; instead, they bought an alternative from one of Stac's competitors and incorporated that into MSDOS.
Subsequently, Stac sued MS for violating the following two patents: http://www.google.co.uk/patents/US5016009, http://www.google.co.uk/patents/US4701745. They eventually settled for about $80 million. Whether you consider this a 'blatant steal' is going to depend on whether you believe in the validity of software patents in general, and these two patents in particular; reasonable people could hold different opinions on this question.
Microsoft at that point in time was pretty much the poster child for 'big evil corporation', so it's easy to believe that there was some seriously underhand stuff going on here, but there's not really any information publicly available to support that.
Posted Feb 24, 2016 20:53 UTC (Wed)
by Wol (subscriber, #4433)
[Link] (24 responses)
If non-developers don't speak up, then how are developers going to hear their voice?
"The Cathedral and the Bazaar" was written to compare the linux Bazaar with the FSF GCC Cathedral. GCC was developed in a closed echo chamber, which is why we got EGCS (or whatever it was called). And Xemacs, and probably a fair few other things as well.
We don't want Linux to move into an empty Cathedral - they do make lovely echo chambers :-)
Cheers,
Posted Feb 24, 2016 21:21 UTC (Wed)
by viro (subscriber, #7872)
[Link] (23 responses)
Posted Feb 25, 2016 0:28 UTC (Thu)
by Wol (subscriber, #4433)
[Link] (22 responses)
NB. What on earth do you mean by a "Wakefield"? Oddly enough, I was in Wakefield House at school, and my daughter now lives in Wakefield, and I don't have a clue what you mean by it ...
Cheers,
Posted Feb 25, 2016 1:21 UTC (Thu)
by viro (subscriber, #7872)
[Link] (21 responses)
As for C&B... Basically, it goes like this:
Linux development process violates <list of rules>. Normally one would expect that to lead to disastrous mess. Somehow it doesn't. Hypothesis: such-and-such technics used in said development process are sufficient to prevent an otherwise expected degradation. The author has set a project to test the hypothesis above, using those technics and violating the same list of rules. Result of experiment confirms the hypothesis.
The only problem is that his experiment *has* yielded a disastrous mess. If anything, it argues against his hypothesis. Claiming it as a confirmation is fraud, plain and simple. Waving that piece of crap for years and promoting it as major contribution to software engineering takes quite a bit of chutzpah...
Posted Feb 25, 2016 12:07 UTC (Thu)
by job (guest, #670)
[Link]
Posted Feb 25, 2016 19:39 UTC (Thu)
by Wol (subscriber, #4433)
[Link] (19 responses)
As someone who knows personally, someone who was seriously hurt by a vaccine that then got swept under the carpet, I'm afraid I don't agree that Andrew Wakefield was scaremongering. VACCINES ARE DANGEROUS and imho there is a concerted campaign of lying to make us believe they are safer than they are.
Note - I am most emphatically NOT saying vaccines are a bad thing - I think the advantages massively outweigh the disadvantages but, as I said, having had *PERSONAL* experience of the statistics being "fudged", and in the OPPOSITE direction to the one you state, I am afraid I am personally disposed to being on Mr Wakefield's side ...
Cheers,
Posted Feb 25, 2016 21:18 UTC (Thu)
by BlueLightning (subscriber, #38978)
[Link] (6 responses)
Posted Mar 1, 2016 1:14 UTC (Tue)
by Wol (subscriber, #4433)
[Link] (5 responses)
The reverse is also true - the evidence should be credible and reliable.
If you read what I said, I have personal proof that the evidence is not credible :-(
There is a "yellow card" system for reporting drug reactions etc. If you have proof that yellow cards *are being suppressed*, then you have no alternative but to conclude that the evidence vaccines are safe is not credible :-(
The worst case I've heard of is official statements that "there is no evidence that this vaccine is dangerous". It only took a few weeks ferreting by journalists to find the following case:
A lad went to the doctors for the vaccine. After the vaccine, he went home and went to bed. Four weeks later, he died, having never left his bed. His death was not officially linked to the vaccine, because of a directive issued to doctors, that said any events after three weeks could not be related.
Hang on? Of course you have no evidence that the vaccine has actually caused fatalities, because you've banned the recording of the evidence!!!
Or the girl that walked into the doctors for a (I believe rubella) vaccination, and left in a wheelchair. I don't believe she ever walked again, but it took a massive fight by her parents to force the doctors to report it.
As I said before, don't get me wrong, I do believe the benefits of vaccination massively outweigh the risks. But by refusing to accept that there ARE risks, we are actually doing ourselves a massive dis-service.
My wife is chronically ill. I'm exposed to health issues constantly. And I wanted to be doctor (never made it into medical school) so I'm personally very interested in this stuff...
Cheers,
Posted Mar 1, 2016 2:01 UTC (Tue)
by anselm (subscriber, #2796)
[Link] (4 responses)
Of course there are risks associated with vaccination. No reasonable person disputes that. There are risks associated with everything. Crossing the street is risky. However, as you correctly state, the risks associated with vaccination are very, very low and the benefits are huge, which makes vaccination worth doing on the whole.
Even if you are right and adverse effects from vaccinations are underreported by, say, a factor of 10 (i.e., only 1 out of 10 cases is actually reported and 9 cases are suppressed through negligence or malice), you're still statistically way more likely to become severely disabled or even die from some disease like measles than to become severely disabled or die from the vaccination. For measles, the fatality rate in Western countries is something like 0.3%, or 3 cases out of 1000, while the fatality rate from measles vaccinations is considerably less than 3 cases out of 1,000,000. That's more than three orders of magnitude right there, so even if – hypothetically – only 1 out of 100 adverse reactions was being reported and the other 99 suppressed, measles vaccination would still end up being a good idea by a comfortable margin. Widespread vaccination programmes have brought world-wide measles fatalities down from an estimated 2.6 million deaths per year in 1980 to around 100,000 in 2015.
Measles are very, very contagious. You can of course rely on “herd immunity” (i.e., the fact that almost everyone around you is vaccinated) and hope that you'll get away with not being vaccinated yourself because the measles virus will never get near you, but if enough people around you think the same thing, herd immunity will break down, measles outbreaks can happen – thanks to anti-vaxers this occurs a lot more often than it used to –, and eventually people will die. Herd immunity is important because there are people who cannot be vaccinated even if they wanted to, and it is up to the rest of us to protect them.
Posted Mar 2, 2016 0:49 UTC (Wed)
by dlang (guest, #313)
[Link] (3 responses)
if there is a vaccination for a disease that has a low activity rate in the general public, then a vaccination for that disease could very well be more dangerous than the disease is overall.
If you have something that one in 10,000 people catch, and the vaccination has a problem 1 in 1000 times, it is a net loss, even if the disease is 100% fatal if someone gets it without the vaccination.
Now, there aren't that many diseases that fall in this category, but if you are going to be arguing the risk statistics, you need to include this or you are in the statistics end of "lies, Damn Lies, and Statistics'
Posted Mar 2, 2016 2:09 UTC (Wed)
by mjg59 (subscriber, #23239)
[Link]
Posted Mar 2, 2016 2:11 UTC (Wed)
by raven667 (subscriber, #5198)
[Link]
This maybe a misunderstanding of the relevant statistics or of cause and effect, firstly a vaccine which causes more problems than it solves is not useful and so is not done in the legitimate medical field, but specifically to this case the reason that common diseases we vaccinate for are rare is _because_ we vaccinate for them, to the point of taking many diseases out of common circulation because there is not a critical mass of infectable hosts to sustain the disease organism population. Your hypothetical doesn't model anything in reality and is not useful.
Posted Mar 2, 2016 7:46 UTC (Wed)
by anselm (subscriber, #2796)
[Link]
Measles have a contagiousness index of 0.98, which means that if you're unvaccinated and exposed to the virus you're virtually certain to be infected. (The highest possible value would be 1, which means that everybody who is exposed is infected.) Not everybody who is infected with something actually shows symptoms – the “manifestation index” specifies how many people who are infected do exhibit the symptoms, and in the case of measles this is around 0.95.
So obviously the thing to do is to avoid being exposed to the measles virus in the first place, which is why vaccination against measles is so important. If most people in a community are vaccinated against measles, the resulting “herd immunity” means that the measles virus can't obtain a foothold, and this protects even those people who can't be vaccinated because they are too young (you have to be 1 year old or so to be vaccinated) or their immune system doesn't work as it should. Anti-vaxers can often get away with not vaccinating by hitching a free ride on herd immunity, and that creates the illusion that “I don't need to vaccinate because in reality nobody actually ever gets measles, it's all a scam by Big Pharma”. This goes wrong when there are too many anti-vaxers bunched together. For example, here in Germany measles outbreaks, if they occur, often occur in and around Steiner schools, where anti-vax is a big thing and there is no herd immunity.
The reason we don't see many measles cases in the Western world these days is that widespread vaccination has pushed the disease way back compared to, say, 50 years ago. The measles virus has no non-human host so in theory it would be possible to eradicate it completely like the smallpox virus or (almost) the polio virus, but we're not quite there yet; the fact that it is so contagious doesn't make things easier, either.
One disease which is almost similar to what you're describing is rabies, which is why we don't vaccinate everybody against rabies on the off-chance. Rabies is pretty rare in most places, but there is no cure – if you do catch it you're practically certain to die from it. The rabies vaccination isn't problematic in the way you describe, but it is a very unpleasant experience (though way less unpleasant than the disease itself, and it does have the considerable advantage that in the vast majority of cases it won't kill you like rabies does). Fortunately you can still get vaccinated against rabies after you're exposed to the virus but before you start exhibiting symptoms, so that is the usual approach.
Posted Feb 26, 2016 9:27 UTC (Fri)
by anselm (subscriber, #2796)
[Link] (10 responses)
The problem with Wakefield isn't that he said vaccines are dangerous. The problem with Wakefield is that he was out to discredit the popular measles-mumps-rubella (MMR) combination vaccine because he had a financial stake in a measles-only vaccine (so Wakefield wasn't actually “anti-vaccine” at all). He basically made up some data to support his claim that the MMR vaccine causes autism, which according to the overwhelming scientific consensus, based on numerous large studies from various places around the world, is complete and utter BS. Being “on Mr Wakefield's side” is basically being on the side of crookery and scientific fraud.
Sometimes – very occasionally – people do react very badly to vaccines. This does not detract from the fact that vaccination is the #1 public-health intervention in terms of lives saved all over the world. Pretty much the sole reason why there are anti-vaccine activists in the Western world at all is that vaccines have helped us eradicate or push back terrible diseases such as smallpox, polio, diphtheria, measles, or pertussis to a point where people aren't confronted with them any longer on a daily basis, so they have no mental picture of exactly how terrible these diseases are.
Posted Feb 26, 2016 20:01 UTC (Fri)
by Wol (subscriber, #4433)
[Link] (9 responses)
Or, like me, they've seen the bad side of vaccines at first hand, and also experienced the reports being swept under the carpet and ignored ... :-(
Cheers,
Posted Feb 26, 2016 20:53 UTC (Fri)
by anselm (subscriber, #2796)
[Link]
It is necessary to balance the risk of serious vaccine side effects (which is very, very low – 1 in hundreds of thousands of vaccinations or less, and that's counting all sorts of things that don't have a clear causal relationship to the actual vaccination) against the risk incurred by not vaccinating, which is way higher, especially in communities where there is insufficient “herd immunity” because there are too many anti-vaxers. The problem is that by not having yourself or your kids vaccinated, you're endangering people who cannot be vaccinated at all because they're too young or immunocompromised and have to rely on herd immunity to ensure that infectious diseases (like measles or polio) don't come near them.
We see this in real life with the recent measles outbreaks in the US or Germany. Here in Germany, these usually take place in or around Steiner schools, where parents tend to be against vaccination. Anti-vaxers often claim measles are just a harmless childhood disease, but in fact measles (or complications from measles) can severely disable or kill you and that happens far more often than any sort of serious vaccine side effect. More than 300 people worldwide die of measles per day (115000 deaths in 2014, according to the WHO), usually in places where there are no vaccination programs. Even in Germany, at least one child died recently during a measles outbreak, and it is overwhelmingly likely that this could have been prevented by vaccination.
There is a certain risk to vaccination but the risk/benefit ratio is so clearly in favour of this very important public-health measure that scaring people away from it is disingenuous. In fact, people who think vaccination is too risky should never use a car, bus, or bicycle, because the risk of getting seriously injured or killed in a traffic accident is orders of magnitude greater, even if you believe that serious vaccine side effects are consistently underreported.
Posted Feb 26, 2016 23:15 UTC (Fri)
by Cyberax (✭ supporter ✭, #52523)
[Link] (7 responses)
UK has something similar: https://www.gov.uk/vaccine-damage-payment/overview
Posted Mar 1, 2016 1:22 UTC (Tue)
by Wol (subscriber, #4433)
[Link] (6 responses)
So you're telling me my personal experiences are fake?
Anyway, who gives a **** about a court and compensation (and what happens in reality probably isn't as nice as you'd like to think).
My point was that reports of bad reactions to vaccines (and, presumably, other medicines) GET SUPPRESSED!!! Some doctors are good, and will fill in a yellow card as a matter of course. Unfortunately, many doctors will not, and have to be forced to. Which many patients are not prepared to do!!! So the *evidence* that vaccines are safe is seriously compromised :-(
What you say is nice in theory. The reality is, it probably doesn't work that well in practice - many people do not get (often, do not WANT) compensation. And don't have the energy to fight the system, anyway.
Again, I have PERSONAL EXPERIENCE of this - my wife (imho) has been injured by a medical mistake. We don't want compensation - we just wish it had never happened. And, as so often is the case, it's only in hindsight that we realised what had happened.
Cheers,
Posted Mar 1, 2016 2:15 UTC (Tue)
by Cyberax (✭ supporter ✭, #52523)
[Link] (5 responses)
> Again, I have PERSONAL EXPERIENCE of this - my wife (imho) has been injured by a medical mistake.
Pretty much the only medical mistake is NOT getting a vaccine absent clear contraindications.
Posted Mar 1, 2016 8:29 UTC (Tue)
by anselm (subscriber, #2796)
[Link] (4 responses)
To be fair, he never said that his wife's problems had anything to do with vaccination. Even with modern (science-based) medicine, stuff sometimes Goes Wrong, and that can of course be devastating to the people concerned. It's probably a good idea not to put too much blind faith in what a medical doctor tells you – second opinions are generally available – but if you consider the alternatives to modern science-based medicine you will quickly find out that there really aren't any that on the whole are anything near as successful.
As far as adverse vaccine side effects are concerned, there may be some underreporting going on but personally I don't think that this happens enough to make a significant dent in the risk/benefit ratio (as I said in my other message, a 3.5-order-of-magnitude difference in fatality rates is hard to beat). When you're talking about adverse vaccine side effects, it's also worth remembering that pretty much anything bad that happens to you after a vaccination may be (and often is) written up as an adverse side effect. There doesn't have to be an obvious cause-effect relationship. In principle, if you step out of the doctor's office after your vaccination and get hit by a car in the road, that can go into the database as an adverse side effect of your vaccination.
Finally, different countries operate their own separate tracking systems for adverse vaccine reactions. Since these all agree that the risks of vaccination are vanishingly small, there must be a global conspiracy going on where doctors and public-health organisations everywhere collude in playing down vaccination side effects, and that becomes progressively more unlikely the bigger the conspiracy needs to be.
So, people, get vaccinated. It's really quite safe and it helps protect you and the people around you from all sorts of nasty, debilitating, and possibly lethal diseases, including nasty diseases that we don't know how to make better once you actually have them.
Posted Mar 1, 2016 10:42 UTC (Tue)
by Wol (subscriber, #4433)
[Link] (3 responses)
It was painkillers, actually. And now she can't walk without sticks, or walk very far ...
> It's probably a good idea not to put too much blind faith in what a medical doctor tells you – second opinions are generally available –
: -) Including using your own common sense. But the painkiller incident was lack of experience (by a very well-respected Doctor!), and all too often this does boil down to experience or lack thereof. The more I experience of the system, the more I see its failings in sharing experiences ... :-(
> but if you consider the alternatives to modern science-based medicine you will quickly find out that there really aren't any that on the whole are anything near as successful.
Which is why I repeatedly stress that I'm in favour of this stuff. I just come across far too much evidence of dishonest (typically American sharp) practice. Unfortunately, I get the impression that Cyberax is very insular and thinks "everyone does it the American way". THEY DON'T.
We have a major advantage over here in that health care is free. If it wasn't, we'd probably be destitute trying to pay for my wife's care. But that has the side effect that when things go wrong, we get "the linux warranty attitude". In other words, they'll refund us what we paid for it - nothing. But if it's cost you your job, your health, etc etc that's a pretty appalling attitude. And sadly, it is NORMAL over here. Too many people (including Cyberax) take the "I'm all right, Jack" attitude. Until it happens to them. And then they scream and say "why isn't anybody doing anything!?!?". Well, I'm trying to do something, because it's happened to us, but it's hard work against the megaphone of "I'm all right".
Cheers,
Posted Mar 1, 2016 16:46 UTC (Tue)
by nix (subscriber, #2304)
[Link]
And this has nothing whatsoever to do with vaccines. My twin brother died because of pretty staggering levels of medical incompetence, but that doesn't mean I think vaccines are bad or even that doctors are evil or covering anything up: I just think that doctors should go back for retraining every so often (the doctor who accidentally killed my brother at birth through failing to notice that he existed was almost forty years out of training and probably still believed in the leech cure). Mind you it is fairly hard to cover up dead people, except literally.
Posted Mar 1, 2016 18:47 UTC (Tue)
by Cyberax (✭ supporter ✭, #52523)
[Link]
However, there's nothing gray about vaccines - it's completely black and white. You should always get vaccinated against common diseases in the absence of clear direct contraindications (allergy to components of vaccines, weakened immune systems due to HIV/cancer/...).
Other medical procedures and medications are more complicated (painkillers, antidepressants, ADHD drugs) and there absolutely is a lot of potential for medical mistakes. Not so with vaccines.
Posted Mar 7, 2016 12:28 UTC (Mon)
by paulj (subscriber, #341)
[Link]
Posted Mar 2, 2016 2:40 UTC (Wed)
by paulj (subscriber, #341)
[Link]
However, that has no bearing on the fact that Wakefield's research was dishonest, manipulated and did not show any link of MMR to autism. Further, his experiments were also highly unethical in subjecting *children* to non-negligible spinal injury risks by carrying out *wholly unnecessary* lumbar puncture procedures.
Just cause you know someone who had some (I assume) unrelated bad experience with vaccines is most definitely not a good reason to start looking favourably on Wakefield or his work.
Again: Wakefield's "MMR causes autism" studies were *complete bull-crap*, and highly dangerous bull-crap.
Posted Feb 23, 2016 1:06 UTC (Tue)
by viro (subscriber, #7872)
[Link]
Posted Feb 24, 2016 14:34 UTC (Wed)
by sneex (guest, #107267)
[Link]
Posted Feb 24, 2016 17:32 UTC (Wed)
by anselm (subscriber, #2796)
[Link]
End users would probably like all sorts of things that are not within the power of a Linux distribution to provide. I'm pretty sure many end users would greatly enjoy a Linux distribution that came with a free copy of Microsoft Word (running under WINE or something) but not even Linux Mint goes there.
When you make a Linux distribution, you have the basic choice between producing something that obeys applicable laws and therefore must, sadly, omit some stuff that many users would really like to have but that can't be freely distributed, and producing something that includes the stuff in question but ignores the legal issues around it. So far, Linux Mint seems to have successfully evaded the attention of those entities that sue people for distributing stuff they're not supposed to distribute, but that may only be due to the fact that there isn't much point in suing the Linux Mint guys – they don't have the sort of money in the bank that would make suing them worthwhile. This is an option that the bigger outfits like Red Hat, Novell, Ubuntu, or even Debian don't have, so they prefer to obey the law when they have to. It also puts a practical limit on the size that an operation like Linux Mint can attain in its present form, because once they get big enough, money-wise, to become a worthwhile target they will have to rethink how they do things, or the owners of the stuff that they're ripping off today will come for them after all.
Linux Mint downloads (briefly) compromised
and call misguided innovation on the desktop. The fads of the day.
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
I agree that creating a boutique distribution in order to circumvent disputes with the Gnome devs over the direction of their software is a waste of resources (ie: time/money/etc), but this isn't a completely irrational decision.
Linux Mint pre-dates the GNOME 3 kerfuffle by a significant margin. Their original goal, that led to their early popularity growth, was out-of-the-box ease-of-use above all else, including legality. See glaubitz comments in this thread for more detail.
Linux Mint downloads (briefly) compromised
> exclusive. So it was a huge pain in the ass for users to try out Gnome 3 and then go back to Gnome 2 when they realized it was not mature enough for their purposes.
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
and call misguided innovation on the desktop. The fads of the day.
Linux Mint downloads (briefly) compromised
> support and in the end it's solely up to you to make sure all the necessary security updates
> are actually installed. If pre-installed multimedia codecs are more important to you than a
> secure system, it's your decision.
responses, but no patch for Mint has shown up in my patch queue immediately or
very soon thereafter. (I know about the "banned" packages and I have flipped the
switch so I can see them and decide; I am not worried over local attacks, so grub
can wait.)
the package management's trust in the network and its resultant vulnerability to
man-in-the-middle attacks -- including those unintentional ones known as captive
portals -- which would *disable* security updates entirely. (Debian 710229;
Launchpad 1055614; and many others.)
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Wol
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Wolo
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Wol
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
>> don't realize that they may not be getting the best software update management solution
> not most distributions aren't) but there are limitations to what can be done.
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Wol
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Wol
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Wol
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Wol
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Wol
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Wol
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
you are ignoring one factor. how many people catch measles vs how many you are vaccinating.
If you have something that one in 10,000 people catch, and the vaccination has a problem 1 in 1000 times, it is a net loss, even if the disease is 100% fatal if someone gets it without the vaccination.
Linux Mint downloads (briefly) compromised
I am afraid I am personally disposed to being on Mr Wakefield's side ...
Linux Mint downloads (briefly) compromised
Wol
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Wol
Linux Mint downloads (briefly) compromised
No, they're not. At least in the US they are registered centrally: https://vaers.hhs.gov/data/index - it's even available for download. And the reporting is _mandatory_ for doctors.
Sorry, nope. I don't believe you or your wife. Vaccines are extremely safe unless you have a direct allergy to one of the components.
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Wol
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Nope. I'm not even an American.
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
Linux Mint downloads (briefly) compromised
It's really simple. If your distribution is not the popular one, then you are not doing some things the way end users want them done.