Newest Gnome versus LTS

classic Classic list List threaded Threaded
30 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Re: Newest Gnome versus LTS

Gene Heskett-2
On Thursday 18 July 2019 04:22:03 Oliver Grawert wrote:

> hi,
> Am Mittwoch, den 17.07.2019, 21:03 +0200 schrieb Ralf Mardorf via
>
> ubuntu-users:
> > On Wed, 17 Jul 2019 12:21:46 +0200, Oliver Grawert wrote:
> > > what a user really only needs to care about is to keep the system
> > > up to
> > > date.
> >
> > Hi,
> >
> > I disagree, if a package from "main" such as openssl suffers from
> > something like Heartbleed, it might be better to wait a few days for
> > a
> > fix, before continue using such a package's software.
>
> you mean keeping your system vulnerable for a few extra days makes
> much sense ?

That depends on whats between your machines and the net. With a router
reflashed to dd-wrt (theres other equally secure stuff out there),
outsiders getting in is not a consideration. In 19 years, or close to
it, no one has gained access to my local network that wasn't given the
credentials.  It's simply not happened. So the fact that I've got 3
machines still running an old version is not a concern.

> > It was even announced by television news and Bruce Schneier said:
> > "Catastrophic is the right word. On the scale of 1 to 10, this is an
> > 11."
>
> my mom: "who is bruce schneier ?"
>
> > The Ubuntu help explains that not all repositories are supported and
> > warns regarding the risk using packages from those repos.
>
> and because of this what i said is not true? 
>
> yes, there are repo parts that are maintained by the community that
> possibly get security fixes in a slower cadence (or probably none at
> all, which is one of the reasons snap packages exist). but thats
> completely orthogonal to the fact that you should immediately pull in
> a security fix if it is available ... and that you should do this when
> the update manager notifies you about it.
>
> 90% of ubuntu users out there install their software by simply
> clicking the install button in the software-center, they dont know
> what heartbleed is or who bruce schneier is, they only want to use
> their computer. and the most important thing to keep these peoples
> machines secure is to teach them to always apply the updates their
> system offers them ASAP ... keeping your system up to date with the
> updates it offers to you is the number one security rule no matter
> wether you are a computer nerd who is best friends with bruce schneier
> or my mom ...
>
> ciao
> oli


Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page <http://geneslinuxbox.net:6309/gene>

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Newest Gnome versus LTS

Oliver Grawert
In reply to this post by J.Witvliet
hi,
Am Donnerstag, den 18.07.2019, 09:36 +0000 schrieb
[hidden email]:

> Though we observed instable behavior with regards to default
> gateways, and name-resolving in combination with tunnel product.
> Something we never observed in 16.04. This "might" be related to the
> ever expanding influence of systemd...

sounds suspiciously like you are talking about:

https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1754671

which is actively being worked on for the upcoming 18.04 point release
right now ;) ... 

perhaps your input to that bug (as someone being affected) would be
valuable ... 

ciao
        oli
--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

signature.asc (188 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Newest Gnome versus LTS

Oliver Grawert
In reply to this post by Gene Heskett-2
hi,
Am Donnerstag, den 18.07.2019, 05:46 -0400 schrieb Gene Heskett:


> > you mean keeping your system vulnerable for a few extra days makes
> > much sense ?
> That depends on whats between your machines and the net. With a
> router 
> reflashed to dd-wrt (theres other equally secure stuff out there), 
> outsiders getting in is not a consideration. In 19 years, or close
> to 
> it, no one has gained access to my local network that wasn't given
> the 
> credentials.  It's simply not happened. So the fact that I've got 3 
> machines still running an old version is not a concern.
old versions of what ? 

if your browser has a vulnerability that allows an attacker a
javascript that key-logs your password input to your bank account (or
simply read all your ssh keys on disk ) and sends it out with the next
HTTP request to the hacker, a safe firewall doesnt gain you anything. 

a firewall is fine to save you from attacks against something you didnt
allow, but not for stuff you allow to go in and out (which you
certainly do for some stuff, else you wouldnt have to have a router at
all)

ciao
        oli
--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

signature.asc (188 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Newest Gnome versus LTS

Liam Proven
In reply to this post by J.Witvliet
On Thu, 18 Jul 2019 at 11:38, <[hidden email]> wrote:
>
> Hi Liam,
>
> You replied by raising lots of topics... (hence commenting here)

I hope it's helpful.

But I need to say: I find your reply very hard to follow.

This is not a forum. It is a mailing list. (So I do not know what you
mean by "commenting here".)

Please follow proper traditional email etiquette. Quote *only* the
parts of the email that you are responding to, and put your reply
*underneath* those parts. That is what I am doing here.

Do not include anything else you are not responding to; trim it out.

Quote text should have

 >

... in front of each line.

Many Microsoft email clients can't do this. If so I suggest switching
to a working email client. Outlook is badly broken.

> We oversee the use of many tens-of-thousands instances. Therefor stability, is our second concern (after security)

OK.

> We do want to progress from 16.04 forward, as we need to support newer hardware.

OK.

> Though we observed instable behavior with regards to default gateways, and name-resolving in combination with tunnel product.

I do not know what "tunnel product" means.

> Something we never observed in 16.04. This "might" be related to the ever expanding influence of systemd...

It could be, yes. However, it is hard to avoid these days.

For some thing I am now using Devuan. It is a fork of Debian with no
systemd and nothing that requires systemd.

You might wish to evaluate it.

> The support-period of any release is not such a big deal, as long as we are ahead of any dead-line.

OK.

> My goal is to provide quarterly (or even more monthly) new ready-to-run images, with as much of the latest drivers and patches.
> And rather take smaller steps, than the bigger leaps between each LTS

Ah, I see.  Then maybe the LTS releases are not for you.

--
Liam Proven - Profile: https://about.me/liamproven
Email: [hidden email] - Google Mail/Hangouts/Plus: [hidden email]
Twitter/Facebook/Flickr: lproven - Skype/LinkedIn: liamproven
UK: +44 7939-087884 - ČR (+ WhatsApp/Telegram/Signal): +420 702 829 053

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Newest Gnome versus LTS

Liam Proven
In reply to this post by J.Witvliet
On Thu, 18 Jul 2019 at 11:45, <[hidden email]> wrote:
>
> Yes, we can.
> We never upgrade, but always perform a complete fresh install from scratch.

Aha! In that case, yes, certainly it is possible.

If you want a simple, stable system, I suggest investigating the MATE
or XFCE remixes. GNOME is large, complex and introduces some problems.

--
Liam Proven - Profile: https://about.me/liamproven
Email: [hidden email] - Google Mail/Hangouts/Plus: [hidden email]
Twitter/Facebook/Flickr: lproven - Skype/LinkedIn: liamproven
UK: +44 7939-087884 - ČR (+ WhatsApp/Telegram/Signal): +420 702 829 053

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Newest Gnome versus LTS

ubuntu-users mailing list
In reply to this post by Oliver Grawert
On Thu, 18 Jul 2019 12:32:36 +0200, Oliver Grawert wrote:
>old versions of what ?

Hi,

I dislike to trash old hardware that still works without issues, but if
the old hardware isn't supported anymore, the usage requires
reconsideration. Online banking is the first kind of usage I would stop
doing.

The CPU of my Linux PC is a 6.60.3 Intel Celeron G1840 formerly
Haswell. It seemingly still gets microcode updates [1].

It should be no issue to update Linux (kernel and apps) as long as my
mobo and Celeron are still working. I wonder how important
microcode updates are.

I still own an old iPad. The last iOS update for this iPad was released
August 25, 2016. Some apps still get updates, but not all apps and
especially not the underlying OS.

My new iPadPro 3rd gen is the newest available, released in the end of
2018.

I wonder when Intel stops providing updates for the Celeron and when
Apple stops providing iOS updates for the iPadPro. Ubuntu and other
distros for sure support the Celeron for way more than long enough.

For light-scribe only I still keep a very, very outdated Ubuntu
install, just in case it one day should break for my current installs.

Regards,
Ralf

[1]
Linux* Processor Microcode Data File 20190312 Latest
https://ark.intel.com/content/www/us/en/ark/products/80800/intel-celeron-processor-g1840-2m-cache-2-80-ghz.html

--
pacman -Q linux{,-rt{-cornflower,-pussytoes,,-securityink}}|cut -d\  -f2
5.2.1.arch1-1
5.2_rt1-0
5.0.21_rt16-1
5.0.19_rt11-1
4.19.50_rt22-0


--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Newest Gnome versus LTS

Oliver Grawert
hi,
Am Donnerstag, den 18.07.2019, 13:31 +0200 schrieb Ralf Mardorf via
ubuntu-users:

> I wonder how important microcode updates are.

judge yourself by just looking at these three links ;)

Spectre: https://usn.ubuntu.com/3531-3/
Meltdown: https://www.intel.com/content/www/us/en/security-center/advis
ory/intel-sa-00088.html
MDS: https://usn.ubuntu.com/3977-3/

ciao
        oli
--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

signature.asc (188 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Newest Gnome versus LTS

ubuntu-users mailing list
On Thu, 18 Jul 2019 14:06:15 +0200, Oliver Grawert wrote:
>Am Donnerstag, den 18.07.2019, 13:31 +0200 schrieb Ralf Mardorf:
>> I wonder how important microcode updates are.  
>
>judge yourself by just looking at these three links ;)

I wasn't clear enough, since Intel still provides microcode for my CPU,
I asked the crystal ball, if updates for the microcode are still that
important, if matured microcode already exists.

$ cat /sys/devices/system/cpu/vulnerabilities/*
Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT disabled
Mitigation: Clear CPU buffers; SMT disabled
Mitigation: PTI
Mitigation: Speculative Store Bypass disabled via prctl and seccomp
Mitigation: __user pointer sanitization
Mitigation: Full generic retpoline, IBPB: conditional, IBRS_FW, STIBP: disabled, RSB filling

In the beginning there were less mitigations, however, I suspect before
Intel stops providing microcode for my CPU, there unlikely is much more
that could be done, related to Spectre and Meltdown. It can't be solved
and the mitigations are already now quite matured.

The question is, how likely it is, that old Intel CPUs will suffer from
something new, that is as problematic as Spectre and Meltdown are.

Microcode is not only important regarding security, it's also important
to fix possible issues with CPU features, but I guess that fixes for
those issues are also already matured.

While AMD CPUs don't suffer that much from Spectre and Meltdown as
Intel CPUs do, I don't want to use AMD CPUs again, since I get rid of
almost all issues I experienced with my AMD CPUs when I migrated to
Intel. Pro-audio performance is way better and there are absolutely no
graphics related issues. NVIDIA and ATI are a PITA. However, in regards
to Spectre and Meltdown, it might be better to use AMD CPUs.


--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Newest Gnome versus LTS

Volker Wysk
In reply to this post by Volker Wysk
Hi!

Here comes a message which is actually on-topic for this thread.  ;-)

I've set up an Ubuntu 18.04 LTS system, and am in the process of  
recovering. There are still no signs of data corruption. Although it  
is still unknown what caused it, some two weeks ago.

I've decided to stick with the LTS releases. I just don't want to set  
up everything *again*, every six months, when the next release-upgrade  
fails.

It's good to have that the overall stability of an LTS version is  
better that in a regular release. But it can't be as bad as with KDE.  
So this was not a that important point to me.

Bye
Volker



--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Newest Gnome versus LTS

Bret Busby-2
In reply to this post by ubuntu-users mailing list
On 18/07/2019, Ralf Mardorf via ubuntu-users
<[hidden email]> wrote:

<snip>
> NVIDIA and ATI are a PITA.
<snip>

Whilst this has, I believe, digressed from the topic of the thread,
one point that I make here, is that, from my experience, nVidia seems
to work okay with Ubuntu.

Some years ago, I  bought a souperdooper new laptop (Acer Aspire
V3-772G), that has an i7 CPU of the Haswell architecture, and, an
nVidia GeForce thingy, with nVidia Optimus.

The computer has MS Windows 8 installed on it, which I found too
difficult to use, and, at that time, I had been using Debian as my
Linux distribution of choice. Having forgotten the MS Win8 password,
through lack of use, the 250GB or whatever, of HDD space, is written
off.

I could not get an external screen working with the laptop, running Debian.

However, after months of stuffing around with it, and, researching, I
found that only two non-MS operating systems, worked with the Haswell
architecture; DragonflyBSD and Ubuntu Linux. But, DragonflyBSD did
not, and, had no intention of trying to, work with the nVIDIA Optimus
thingy, and, Ubuntu did, and, does. Ubuntu, going back to 12.04,
worked okay with both the Haswell architecture, and, the nVIDIA
Optimus thingy, and, Ubuntu is the only non-MS operating system that I
found that works okay with the nVIDIA Optimus thingy - I think it uses
the nouveau driver.

So, for me, from memory, from my experience, nVIDIA has not provided
problems, with Ubuntu. The i7 system, and, an i3 desktop, with a
different model nVIDIA thingy, without Optimus, both are currently
running UbuntuMATE 16.04, without any remembered problems.

--
Bret Busby
Armadale
West Australia
..............

"So once you do know what the question actually is,
 you'll know what the answer means."
- Deep Thought,
 Chapter 28 of Book 1 of
 "The Hitchhiker's Guide to the Galaxy:
 A Trilogy In Four Parts",
 written by Douglas Adams,
 published by Pan Books, 1992

....................................................

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
12