Linux Mint: Never Again

Due to a bad assumption, I had abandoned Mint 17.2 with KDE Plasma 4 and replaced it with Mint 17.3 and Cinnamon. The sleep function was still failing to work properly and I disliked Cinnamon as a desktop environment. And then the shit hit the fan with Mint’s security.

For those of you who don’t follow Linux news, in February this year someone managed to hack the Mint website and switch the download link to a version of Mint that they had modified to include a back door. Anyone who downloaded their copy of Mint 17.3 on the 20th had a compromised version and needed to download and reinstall a new copy. This didn’t affect me, but it gave me pause for thought.

Another pause for the thought came when I realised that Mint’s policy on Ubuntu updates meant that they do not update the Linux kernel. Their reasoning is sound – it’s usually unnecessary and if the update is bad it can make a real mess. However, there have been vulnerabilities found in the Linux kernel in the last couple of years, and they were fixed by patches. Was there any guarantee that Mint wouldn’t skip a necessary patch? I couldn’t remember whether the last kernel vulnerability was found before or after Ubuntu 14.04 (which Mint 17 is based on) was released. (EDIT: I just did a quick news search for a decent link as I was preparing this piece for upload and found this, published today!)

Then the final nail was put in my Mint coffin. It wasn’t the fact that my forum account was one of the ones compromised by the hack; it was the response that Mint made to the issue. The new password restrictions are of a laughable old school of password creation that makes it much harder to remember your own password but not much harder for a hacker to crack – as explained here. Not only that, but the new password policy wouldn’t prevent the hackers in this case doing exactly the same thing again – it was an inconvenience to users that wasn’t actually fixing the problem.

It’s a big enough ask to expect your user base to trust in your operating system after a security breach like the website hack. It’s quite another to expect a user base that on average has technical knowledge to trust you after a clearly bullshit response. I was confronted with the fact that Mint is not as secure as it might be because the people behind it simply don’t have a clue.

In the meantime, I did at least find a solution to the sleep issue.

This left me in a quandary. I wanted a longer-term solution to my computing needs, but I was unhappy with the current long term service variants of Ubuntu. With a Xenial Xerus now around the corner, maybe all I really needed was a stop gap while I waited until June (I always leave a couple of months after a new release). A few months on from last reading the reviews, I thought I may as well try out KDE Plasma 5. So I downloaded Fedora 23.

~ by Scary Rob on 1 June, 2016.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: