Breaking: Update Manager in 19.2 will no longer feature a protective level system
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 6 months after creation.
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 6 months after creation.
Re: Breaking: Update Manager in 19.2 will no longer feature a protective level system
hi there Night Wing, im hoping you are taking into account that kernel updates in the same series kernel such as the 4.15.0-xx LTS series, are bug fixes and security updates that SHOULD be updated mostly for security reason...they are not "re-inventing the wheel", they are maintaining the integrity of that kernel series is all...without those updates within the same series, you are compromising the security of your entire OS...just a thought to share with you...DAMIEN
- smurphos
- Level 18
- Posts: 8498
- Joined: Fri Sep 05, 2014 12:18 am
- Location: Irish Brit in Portugal
- Contact:
Re: Breaking: Update Manager in 19.2 will no longer feature a protective level system
Can I suggest you reviewNight Wing wrote: ⤴Sun Mar 17, 2019 4:37 pm When I install a new Mint version, I always use the kernel provided by default..
Sometimes I wish developers, when things are running like a well oiled machine, would just leave things alone.
https://usn.ubuntu.com/releases/ubuntu-18.04-lts/ noting that kernel updates are frequently patching known vulnerabilities and consider whether your update policy might need review
For custom Nemo actions, useful scripts for the Cinnamon desktop, and Cinnamox themes visit my Github pages.
Re: Breaking: Update Manager in 19.2 will no longer feature a protective level system
personally i think it's time to actually install makulalinux and see how it stacks up to mint cinnamon, especially since it does have a few extra preinstalled apps i felt should of been in mint from the first boot.Pjotr wrote: ⤴Sun Mar 17, 2019 1:56 pmWell, there are more nifty tools.... Like mintstick, mintsources and mintbackup. And of course Cinnamon. Stuff you won't find in the *buntu's....
Apart from this feature loss, in other respects mintupdate has been improved noticeably.
For me, it's a loss. But not enough of a loss to consider a switch to another distro.
Re: Breaking: Update Manager in 19.2 will no longer feature a protective level system
.smurphos wrote: ⤴Sun Mar 17, 2019 5:04 pm Can I suggest you review
https://usn.ubuntu.com/releases/ubuntu-18.04-lts/ noting that kernel updates are frequently patching known vulnerabilities and consider whether your update policy might need review
Yes, they have also been well known to occasionally bork or crash the computers. ...
https://news.softpedia.com/news/canonic ... 4816.shtml - Canonical Patches Linux Kernel Regression in Ubuntu 18.04 LTS,
https://news.softpedia.com/news/canonic ... 4892.shtml - Canonical Apologizes for Boot Failure in Ubuntu 18.10 & 18.04, Fix Available Now
Level 4 updates in LM 19.0 means dangerous or risky to the computer system. The default setting in LM 19.0 installs all Level 1-4 updates, including those for the Linux kernel = some computers going borked or crashing, especially newbies'.
Re: Breaking: Update Manager in 19.2 will no longer feature a protective level system
The present trend is for OS software developers to take away control from computer operators/users over the updating process and changing selective individual updates to non-selective "Patch Rollups". I do not get this new mentality that it is OK for software developers to regularly crash computers with their buggy security updates = the computer operators/users just need to do a system restore with Timeshift or System Restore, which sometimes does not work.
The BIG question is, who will have final control of the updating process, the computer operators/users or the LM software developers, and what will be their results, eg for LM 20, LM 21, etc.? - bearing in mind the big difference between home-users and enterprise-users.
As an average home-user, my personal trend is to completely not install any future "Patch Rollups" in Linux ala operating Win XP post EOL in 2014. I do not need the hassle of buggy security updates regularly crashing MY computer and needing to do system restores/recoveries. I'd rather my unpatched computer system gets infected through security bugs/vulnerabilities and then do a system recovery, which so far has never happened to my "unpatched" LM systems = I have been operating LM 16 and LM 17 smoothly for the past few years without installing any Level 4-5 updates.
....... Similarly, I have been operating Win 7 online smoothly since stopping all security updates from April 2016 onward when M$ introduced her aggressive GWX KB3035583 update/upgrade campaign and monthly Patch Rollups in Oct 2016. Of course, I also practice safe-browsing, has AV real-time protection, etc.
.
.
P S - Linux systems are well known to be not very vulnerable to viruses/malware, eg no need Anti-Virus protection. Correct.? If so, I do not get why this new trend of LM developers being so insistent on all security updates "must" be installed by users/operators asap or immediately. Maybe, the "must" is for enterprise users.
The BIG question is, who will have final control of the updating process, the computer operators/users or the LM software developers, and what will be their results, eg for LM 20, LM 21, etc.? - bearing in mind the big difference between home-users and enterprise-users.
As an average home-user, my personal trend is to completely not install any future "Patch Rollups" in Linux ala operating Win XP post EOL in 2014. I do not need the hassle of buggy security updates regularly crashing MY computer and needing to do system restores/recoveries. I'd rather my unpatched computer system gets infected through security bugs/vulnerabilities and then do a system recovery, which so far has never happened to my "unpatched" LM systems = I have been operating LM 16 and LM 17 smoothly for the past few years without installing any Level 4-5 updates.
....... Similarly, I have been operating Win 7 online smoothly since stopping all security updates from April 2016 onward when M$ introduced her aggressive GWX KB3035583 update/upgrade campaign and monthly Patch Rollups in Oct 2016. Of course, I also practice safe-browsing, has AV real-time protection, etc.
.
.
P S - Linux systems are well known to be not very vulnerable to viruses/malware, eg no need Anti-Virus protection. Correct.? If so, I do not get why this new trend of LM developers being so insistent on all security updates "must" be installed by users/operators asap or immediately. Maybe, the "must" is for enterprise users.
Last edited by michael louwe on Mon Mar 18, 2019 1:14 am, edited 2 times in total.
- smurphos
- Level 18
- Posts: 8498
- Joined: Fri Sep 05, 2014 12:18 am
- Location: Irish Brit in Portugal
- Contact:
Re: Breaking: Update Manager in 19.2 will no longer feature a protective level system
Why would the users experience level influences the likelihood of their hardware having issues with specific kernels? It doesn't. A less experienced user may just need more guidance in how to deal with an issue should one ever occur.michael louwe wrote: ⤴Mon Mar 18, 2019 12:05 am Level 4 updates in LM 19.0 means dangerous or risky to the computer system. The default setting in LM 19.0 installs all Level 1-4 updates, including those for the Linux kernel = some computers going borked or crashing, especially newbies'.
Dangerous and risky are strong and emotive words and in my opinion and experience, hyperbolic when applied to updates in Ubuntu based distros. Yes some updates may have more scope to cause issues but that doesn't make them inherently dangerous. And for any given update that patches a security vulnerability there is a risk level attached to not applying it. Not updating may reduce the risk to stability, but the risk to security accumulates over time and doesn't go away and at some point enters territory where the descriptor dangerous might be merited. And sometime not updating some components for long periods introduces risks to stability as new OS components find themselves inhabiting a system with old ones.
The level system could have played a useful role in educating users so they could make informed decisions as to these relative levels of risk and I think it could still do so it's a shame that it is going in that regard. Personally I'd be quite happy if the level label stayed but the ability to blacklist by level went which would hopefully have the effect of encouraging users new and old to educate themselves about what updates they are applying so they can make informed decisions as to what and when to update.
Anyway as gm10 has made clear the updater will still include tools to give end users enhanced control of their updates, what to update and when as per their personal risk assessment and not someone else's. I hope that it also continues to improve in it's ability to help users new and old understand what they are updating and why to assist them in that decision making process. I think that improvements to date have been a step in the right direction..
On that note...gm10 as you are likely watching this thread......what are the chances of security updates having a hyperlink to their respective USN - clickable from within update manager?
Updated Linux systems are well known to be not very vulnerable to viruses/malware. An important distinction.michael louwe wrote: ⤴Mon Mar 18, 2019 12:43 am P S - Linux systems are well known to be not very vulnerable to viruses/malware, eg no need Anti-Virus protection. Correct.?
For custom Nemo actions, useful scripts for the Cinnamon desktop, and Cinnamox themes visit my Github pages.
Re: Breaking: Update Manager in 19.2 will no longer feature a protective level system
.
https://www.linuxmint.com/rel_sonya_kde_whatsnew.phpLevel 5 is extremely rare and not used by default. This level is dedicated to flagging dangerous or broken updates.
Level 4 in LM 19.0 is formerly Level 4 & 5 in LM 18.1 or older.
viewtopic.php?t=243592
- smurphos
- Level 18
- Posts: 8498
- Joined: Fri Sep 05, 2014 12:18 am
- Location: Irish Brit in Portugal
- Contact:
Re: Breaking: Update Manager in 19.2 will no longer feature a protective level system
Michael - you are taking that quote of of context. One might say trolling.
Level 5 in 18.1 and prior meant something different to level 5 in 18.2.
18.2 release notes.
Level 5 in 18.1 and prior meant something different to level 5 in 18.2.
18.2 release notes.
And to my knowledge nothing was ever flagged as level 5 after the release of 18.2. The only globally dangerous update after the release of 18.2 (a level 2 BTW) was handled by a mandatory update to mint-update to make the dangerous update conflict with mint-update and force uninstall / prevent the update.Policies and level definitions were refined to better filter updates depending on their level of impact on the operating system and without worrying about their origin. Most updates are now level 2. Application updates which do not impact the OS are level 1. Toolkits and desktop environments or libraries which affect multiple applications are level 3. Kernels and sensitive system updates are level 4.
Level 5 is extremely rare and not used by default. This level is dedicated to flagging dangerous or broken updates.
For custom Nemo actions, useful scripts for the Cinnamon desktop, and Cinnamox themes visit my Github pages.
- catweazel
- Level 19
- Posts: 9763
- Joined: Fri Oct 12, 2012 9:44 pm
- Location: Australian Antarctic Territory
Re: Breaking: Update Manager in 19.2 will no longer feature a protective level system
For those of you who feel a sense of loss over this decision, now you have at least a small taste of what us former Mint KDE users felt
"There is, ultimately, only one truth -- cogito, ergo sum -- everything else is an assumption." - Me, my swansong.
Re: Breaking: Update Manager in 19.2 will no longer feature a protective level system
sorry for OT but since I was asked:
I could do something generic like a CVE tracker link like we do for the kernels, but that would confuse more than it would help.
Interesting idea, but probably zero. There's no API to query them that I'm aware of, so I'd have to parse the website, and that means every single USN back to the time of release of the distro, since I don't know when a user is going to apply them. For Ubuntu 14.04 LTS there's currently 1347 USN listed, you can imagine the resource cost on both ends of crawling all of that, even assuming I'd be caching the results after the first run. I don't think that's worth it for something most users probably won't read, anyway. We already have the classification as a security update and the changelog for the technical details, that must be good enough.
I could do something generic like a CVE tracker link like we do for the kernels, but that would confuse more than it would help.
- smurphos
- Level 18
- Posts: 8498
- Joined: Fri Sep 05, 2014 12:18 am
- Location: Irish Brit in Portugal
- Contact:
Re: Breaking: Update Manager in 19.2 will no longer feature a protective level system
Fair enough but perhaps a link to the USN with some explanation for what is it in the update manager help documentation might be good.
For custom Nemo actions, useful scripts for the Cinnamon desktop, and Cinnamox themes visit my Github pages.
Re: Breaking: Update Manager in 19.2 will no longer feature a protective level system
.
.
.
There is no Level 5 in LM 18.2 or LM 19.0.
Level 4 & 5 in LM 18.1 and earlier became Level 4 in LM 18.2 and later.
https://sites.google.com/site/easytipsf ... -explained
https://easylinuxtipsproject.blogspot.c ... pdate.html
- Pjotr
- Level 24
- Posts: 20130
- Joined: Mon Mar 07, 2011 10:18 am
- Location: The Netherlands (Holland) 🇳🇱
- Contact:
Re: Breaking: Update Manager in 19.2 will no longer feature a protective level system
Well, anyway, to get back on topic again: this feature loss is not such a big deal, because we can simply solve it ourselves. As said, by copy/pasting one single command line:
https://easylinuxtipsproject.blogspot.c ... html#ID3.1
So there's no reason to become overly emotional about it.
https://easylinuxtipsproject.blogspot.c ... html#ID3.1
So there's no reason to become overly emotional about it.
Tip: 10 things to do after installing Linux Mint 21.3 Virginia
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
- Night Wing
- Level 4
- Posts: 474
- Joined: Wed Dec 25, 2013 10:21 pm
- Location: Piney Woods of Southeast Texas
Re: Breaking: Update Manager in 19.2 will no longer feature a protective level system
@ DAMIEN1307, @ smurphos
I've read both of your replies and looked at the links. But, from my first hand experience with a security kernel update in a previous version of Mint, I'll tell you what happened to me when I did one of those Level 4 "security" updates for a kernel.
When I did the update and the update was installed, after that, I "did not" have a cursor. It just disappeared. To say I was "ticked off to the MAX" is to put it mildly. Do you know how hard it is to work a computer screen with no cursor?
With no cursor, one cannot just go to Timeshift to fix the problem because without a cursor on the screen, there is no navigation to anywhere which includes navigating to Timeshift.
This move is on the drawing board for 19.2 and speaking just for myself, it should "never" make it off the drawing board. To the developers who want this move, I hope they read my comment here or maybe by chance this could happen to them (no cursor) and then they would understand why I do not like doing Level 4 updates.
And since there will be no levels anymore, this is akin to what Microsoft is doing with their updates with regards to Windows 10. The only difference, I can still ignore a bad update, in Mint, which has the ability to severely cripple my system whereas with Windows 10, one can only defer a bad KB update and hope Microsoft gets off it's "backside" (for the want of a better term) and fixes the problem Microsoft created with one of their sorry KB updates.
So given the choice of not installing a Level 4 update and being attacked (after reading all those links) with the "an attacker may or an attacker could do this", with having a no cursor after installing a bad security kernel update.............I'll take the attacker because I don't mind re-installing the system, finding the bad update and ignoring it.
And I don't use TImeshift in Mint 19.1 because for me, I find it confusing.
I've read both of your replies and looked at the links. But, from my first hand experience with a security kernel update in a previous version of Mint, I'll tell you what happened to me when I did one of those Level 4 "security" updates for a kernel.
When I did the update and the update was installed, after that, I "did not" have a cursor. It just disappeared. To say I was "ticked off to the MAX" is to put it mildly. Do you know how hard it is to work a computer screen with no cursor?
With no cursor, one cannot just go to Timeshift to fix the problem because without a cursor on the screen, there is no navigation to anywhere which includes navigating to Timeshift.
This move is on the drawing board for 19.2 and speaking just for myself, it should "never" make it off the drawing board. To the developers who want this move, I hope they read my comment here or maybe by chance this could happen to them (no cursor) and then they would understand why I do not like doing Level 4 updates.
And since there will be no levels anymore, this is akin to what Microsoft is doing with their updates with regards to Windows 10. The only difference, I can still ignore a bad update, in Mint, which has the ability to severely cripple my system whereas with Windows 10, one can only defer a bad KB update and hope Microsoft gets off it's "backside" (for the want of a better term) and fixes the problem Microsoft created with one of their sorry KB updates.
So given the choice of not installing a Level 4 update and being attacked (after reading all those links) with the "an attacker may or an attacker could do this", with having a no cursor after installing a bad security kernel update.............I'll take the attacker because I don't mind re-installing the system, finding the bad update and ignoring it.
And I don't use TImeshift in Mint 19.1 because for me, I find it confusing.
Linux Mint 21.3 (Virginia) Xfce
MX Linux 23.2 (Libretto) Xfce
Linux Debian 12.5 (Bookworm) Xfce
MX Linux 23.2 (Libretto) Xfce
Linux Debian 12.5 (Bookworm) Xfce
Re: Breaking: Update Manager in 19.2 will no longer feature a protective level system
Boom! And there we have it.Night Wing wrote: ⤴Mon Mar 18, 2019 8:05 am I don't use TImeshift in Mint 19.1 because for me, I find it confusing.
You are not alone in that! But surely the interface can be improved?
If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!
- Pjotr
- Level 24
- Posts: 20130
- Joined: Mon Mar 07, 2011 10:18 am
- Location: The Netherlands (Holland) 🇳🇱
- Contact:
Re: Breaking: Update Manager in 19.2 will no longer feature a protective level system
But how? Personally, I find the current interface really simple already....Moem wrote: ⤴Mon Mar 18, 2019 8:11 amBoom! And there we have it.Night Wing wrote: ⤴Mon Mar 18, 2019 8:05 am I don't use TImeshift in Mint 19.1 because for me, I find it confusing.
You are not alone in that! But surely the interface can be improved?
Tip: 10 things to do after installing Linux Mint 21.3 Virginia
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Re: Breaking: Update Manager in 19.2 will no longer feature a protective level system
michael louwe is 1,000,000% correct in ask "who will have final control over updating". us the end users should, it's one of the main reasons for switching from windows. take the resent stunt with windows updates and how they will be handled after the spring update in april.
"Dangerous and risky" are apt terms regardless of believe otherwise. for years millions of us refused to allow windows to install any drivers via windows update cause they had a nasty habit of borking things up more times than not. millions on windows still do not allow windows to install drivers, hence why microsour went out of their way to give the end user the choice if they wanted windows to check for and install driver updates when checking for other updates.
"Dangerous and risky" are apt terms regardless of believe otherwise. for years millions of us refused to allow windows to install any drivers via windows update cause they had a nasty habit of borking things up more times than not. millions on windows still do not allow windows to install drivers, hence why microsour went out of their way to give the end user the choice if they wanted windows to check for and install driver updates when checking for other updates.
thanks for that.Pjotr wrote: ⤴Mon Mar 18, 2019 7:45 am Well, anyway, to get back on topic again: this feature loss is not such a big deal, because we can simply solve it ourselves. As said, by copy/pasting one single command line:
https://easylinuxtipsproject.blogspot.c ... html#ID3.1
So there's no reason to become overly emotional about it.
Boom! there is PART of it, as i stated in this thread and shortly after i gave my entire ssd over to mint i got shafted by timeshafter. i used parted magic to reset the ssd, popped in the mint live media, boot into the live media, clicked install, let mint auto partition the drive, once on the desktop and the welcome screen was up selected to use timeshift, got told it did not like my partition setup AFTER mint itself did the partitioning. i know i'm far from the only one that ran into this issue.Moem wrote: ⤴Mon Mar 18, 2019 8:11 amBoom! And there we have it.Night Wing wrote: ⤴Mon Mar 18, 2019 8:05 am I don't use TImeshift in Mint 19.1 because for me, I find it confusing.
You are not alone in that! But surely the interface can be improved?
Last edited by MrGrimm on Mon Mar 18, 2019 9:19 am, edited 1 time in total.
Re: Breaking: Update Manager in 19.2 will no longer feature a protective level system
This is idiotic, it's actually the best thing about Mint and the ONLY reason I'm still using it.
For every complex problem there is an answer that is clear, simple, and wrong - H. L. Mencken
Re: Breaking: Update Manager in 19.2 will no longer feature a protective level system
In an ideal world the end users would be capable of making educated decisions on which software updates to accept and install and which ones not."who will have final control over updating". us the end users should
In real life the end users have got no chance of making any such educated decisions, because they neither have got the needed expertise, nor do they have got the time to test each software update thoroughly on a test system in order to identify regressions and newly introduced bugs, before installing the software updates on their (productive everyday) systems. Even those users, who are long time Linux users and who do not take pride in being life long "newbies".
So we are in a plight.
The Linux Mint Update Manager protective level system was an attempt at simplifying a very complex challenge by sorting available updates into 5 seemingly simple and easy to understand stability levels so that even the majority of inexperienced Linux Mint users seemed to be able to make an educated decision on which levels of updates to install and which ones to ignore.
This whole stability versus security approach was an invalid approach from the very start, however. (Because you need both, security and stability.)
Next applying catchy labels and suggestive colours to the 5 levels (from green over yellow to dark red) did not lead to educated decisions on the users side. Instead it helped spread some irrational update phobia, which prevented users from keeping their systems up-to-date and ironically gave them the (unjustified) feeling they were acting extra smart by doing so.
In brief, the Mint update level system is a sad example how a good intention turned out to be counter-productive in the end.
In brief, I am not quite sure whether I should shed an artificial tear that the Update Manager level system is going to leave us.
On discontinuing the level system:
From my perspective: Quite honestly and truthfully, the level system has been switched off on my Mint systems by making all 5 levels visible and marking them as "safe for installing", since roundabout August 2012 (Mint 13).This is idiotic, it's actually the best thing about Mint and the ONLY reason I'm still using it.
During the whole 9 years of using Ubuntu / 7 years of using Mint, I have had
+ to revert to a previous kernel version (in the same series) twice, because the new kernel introduced a nasty regression (read "bad bug")
+ to fiddle around quite a bit, because a regression in a level 4 update (proprietary NVidia driver) caused unpleasant visual side effects with my old Nvidia card
The people of Alderaan have been bravely fighting back the clone warriors sent out by the unscrupulous Sith Lord Palpatine for 792 days now.
Lifeline
-
- Level 6
- Posts: 1282
- Joined: Mon Nov 24, 2014 9:17 am
- Location: Chrząszczyżewoszyce, powiat Łękołody
Re: Breaking: Update Manager in 19.2 will no longer feature a protective level system
Update manager already allows me what you think I need: I can ckeck every checkboxes.
Next. How can I call a situation when I need to restore from snapshot due buggy secure update? Return to unsecured or return to stability?
Windows assumes I'm stupid but Linux demands proof of it