- Security updates are very important
- Stats tell us they’re not being applied by all users
- Apply updates right now!
- Don’t run an EOL version of Linux Mint
Updating is important
Security updates patch vulnerabilities in your computer. They protect you from local attacks (people with physical access to your computer and people who have an account on it) but also remote ones (attackers targeting your computer through your Internet connection).
Other than directed attacks security updates also protect you from malicious software. When you ask your computer to execute external content (software you downloaded, email attachments, a link you click or even just a webpage you visit in your Web browser) you also take the risk to open a door into your computer and invite attackers in.
When a vulnerability is found developers fix it as soon as possible and distributions ship it as an update so you can apply it in a timely fashion. These vulnerabilities then become public and known by potential attackers. This means an outdated system isn’t just vulnerable, it is known to be vulnerable.
Let’s have a look at the list of known vulnerabilities in Firefox:
If you’re not running the latest version, check which version of Firefox you’re using and count the number of critical (red) patches you’re missing.
Updating is easy
Linux Mint comes with one of the best update managers available. It’s very easy to use, it’s configurable and it shows a lot of information.
It handles security updates for all your software. All you need to do is use it.
Updating is safe
Linux Mint ships with Timeshift to provide integrated system snapshots. With a click of a button you can revert your computer to your previous snapshot and negate the effect of any potential regression.
Thanks to Timeshift you can configure your computer to perform automated snapshots and thus safely configure your Update Manager also to perform automated updates.
After it was introduced in Linux Mint 18.3, Timeshift was backported to previous Linux Mint releases. It’s available in all modern versions of Linux Mint, including EOL ones.
Statistics are not precise but they do tell us something
Before I give statistics, take the numbers in this blog post with a pinch of salt.
We can’t measure anything with precision because there’s nothing in your computer which sends data to us and we don’t configure Linux Mint in a way that even allows us to count how many users we have. In other words, there is nothing in Linux Mint that is common to all users and that we could rely on to establish statistics.
That being said, we do have a few metrics we can measure. They give us stats which only tell one particular aspect of the story and they are unreliable and imprecise but do tell us something nonetheless.
About 30% of users apply updates in less than a week
After we updated Firefox 85.0 we asked Yahoo to give us a breakdown of the Linux Mint traffic per user agent. These stats only covered users which use Yahoo of course but they did show us how fast the update was applied.
We were able to observe the fact that only 30% of users updated their web browser in less than a week.
These statistics also show us users of recent Linux Mint releases which do not apply updates at all. For instance, a part of that traffic uses Firefox 77 (the version which shipped with Linux Mint 20).
Between 5% and 30% of users run Linux Mint 17.x
These stats come from two distinct sources, both highly unreliable.. as you can see there’s quite a gap between 5 and 30, but they both tell us the same story.
0% of users should run Linux Mint 17.x! Anything above is not good, whether it’s 5% or 30%.
Linux Mint 17.x reached EOL (End-Of-Life) in April 2019. In other words it stopped receiving security updates for almost 2 years now!
The 5% figure comes from your default browser start page. The longer you use Linux Mint after you installed it the more likely you are to have changed your first page, so we can reasonably assume the number is lower than reality.
The 30% figure comes from our APT repositories. It’s the traffic percentage we get from Linux Mint 17.x. It’s unreliable because APT got better at performing less HTTP requests for the same queries and we lowered the default cache update frequency in modern releases. It’s unreliable also because we’ve started and became better release after release at recommending the use of local mirrors, so there is naturally a higher proportion of users not using mirrors in older releases. We can reasonably assume the number is higher than reality.
Again, it really doesn’t matter to us if the real number is 10% or 15%. It needs to be 0%. We have mechanisms in place to tell users when a new release becomes available now, but we didn’t have them at the time of Linux Mint 17.x.
Apply updates right now!
Check your version of Linux Mint
Open a terminal and type:
If your version of Linux Mint is 18.3 or higher, Timeshift is already installed. Otherwise, type the following commands in your terminal to install it:
apt update apt install timeshift
Create a system snapshot
Run Timeshift and configure it it it’s the first time you run it (select the default options if you’re not sure).
Press the “Create” button to perform a system snapshot.
If anything goes wrong you’ll be able to come back thanks to this snapshot.
Apply all updates
Run the Update Manager.
Press the “Refresh” button to find available updates.
If a new version of the Update Manager itself is available, you will need to apply it first.
Press “Install Updates” to update your computer.
Automate snapshots and updates
Updates are indicated by a shield icon in your system tray. Unlike other operating systems which rely on frustration and which annoy you at the worst possible time until you perform updates, Linux Mint gives you a visual indication that updates are available but it’s up to you to decide when to apply them.
This setup is empowering and comfortable but it does rely on you to eventually apply the updates. We’ll need to consider a frustration mechanism if the system is neglected for months but we’ll touch on that in the next blog post.
If you don’t apply updates regularly then you should consider automating the process.
In the Timeshift configuration screen you can automate system snapshots.
Likewise, in the Update Manager configuration screen you can automate the updates.
Do this and you no longer need to worry about it.
Firefox ESR in Linux Mint 17.x
If you are still using Linux Mint 17.x you need to backup your data and reinstall a modern version ASAP.
Because Linux Mint 17.x has reached EOL and hasn’t received any updates for almost 2 years, we decided to send an emergency update to upgrade your Firefox web browser from version 66.0 to version 78 ESR.
Because it’s ESR, this update will create a new Firefox profile for you. If you want to get back to your previous profile, close Firefox, open a terminal and type:
Select the “default” profile.
Do upgrade Firefox right now as it is a very important part of your system, but please be aware that it is not enough. You will need to reinstall Linux Mint as soon as possible. You cannot run something that has unpatched known vulnerabilities for years, it’s too risky. Think of all these banks and establishments which got hit because they were still running Windows XP. We don’t want this to be you. After 5 years of support, Linux Mint 17.x is simply not supported anymore. You need to move away from it.
The latest version of Linux Mint is 20.1. It is supported until April 2025.
If you know users of Linux Mint which do not read the blog, please spread the word for us, especially if their system is not up to date or if they run an old release. We’ve no other way of reaching them than via communication here or software updates.
Thank you all for your attention and consideration.
Thanks for the information. Naive users may also check out how to update and upgrade Linux Mint to latest version https://www.techsolveprac.com/upgrade-linux-mint
The post also has a video for practical experience
Naive, you mean novice? 🙂
It’s naive in itself to assume that all the users yet to upgrade to Linux Mint 20.x are doing so because they are novice or uninformed. There are a plethora of reasons, compatibility and stability being big ones. I haven’t done it because of serious issues with video drivers going on between releases 19.x and 20.x versions of Linux Mint.
For instance, I’m currently on 19.3 because of a serious video driver issue in the 20.x release that has not been resolved in the open source driver available when running a 400 and 500 series AMD graphics card (possibly more, this is just what I have experience with). The currently available video driver just will not operate in a stable manner no matter what I try. I get window pop-in and screen tearing, making it unusable in its current state. No suggested fixes address the issue. Even the currently available proprietary driver from AMD won’t properly install on LM 20.x, but will on early version of the OS.
Multiple systems with different hardware, but same problem. In each case it required migrating back to the earlier Mint releases to resolve the problem. Until this is fixed, people like me will have to remain on older versions of the Linux Mint ecosystem.
i wish “force update” for every operating system but nobody implements it. i recognized on my LG G5 android version 8 all updates that since a few weeks the updates on play store are installed silently without my agreement which is good for me because i hate agree on stuff which has to be agreed anyway. but there is ONE big problem: what if the updates destroys the system? i had a linux-kernel-update (linux-kernel-update are very difficult and you have to be carefully) and i couldn’t start my ubuntu (or xubuntu) long time ago, i had to switch to an older linux-kernel and after some days a new kernel-update appeared and i could start the ubuntu with the newest kernel after installing.
what if the update changes something like the layout of linux mint, but i don’t want it to be changed, or it changes a hotkey, or the system takes more seconds to be fully started?
if a system HAS to be updated to take care of the whole world wide web, then force-update are important, but the update itself should not make problems.
i found the news here:
The OS updating itself automatically, seamlessly by default is a very interesting idea from a security point of view but it also potentially could create a huge number of issues:
– If something broke, could it detect it and revert by itself? At the moment the answer is no.
– Would automated snapshots be in place by default? They would need to be.. could that lead to HDD space issues or a more complex installation routine? possibly.
– Could unsolicited updates affect your bandwidth at the least favorable time? possibly..
– Could unsolicited changes (not only bugs but design changes) affect your experience at the least favorable time? possibly also…
There are pros and cons to this approach, but whether we like it or not, I don’t think we’re technically ready for it anyway, so it’s not really something we’re considering.
I like where we are now:
– Updates are checked automatically but neither downloaded nor applied.
– Info is integrated within the OS to make it easy for people to understand and automate snapshots and updates.
What we’re missing is a gentle reminder now and then aimed at people who are interested in it but didn’t get to it.
I agree, Clem. Forced auto-updates are a bad idea. The last thing we need is to emulate one the worst aspects of Windows.
Why haven’t I got a new version of Thunderbird in a long time? Running 20.0 here. How is that updated?
Thunderbird is part of the upstream package base, we don’t backport new versions for it. It gets security updates when there are CVEs though like any frozen version in the Ubuntu LTS package. https://packages.ubuntu.com/search?keywords=thunderbird&searchon=names&suite=all§ion=all.
Updated version (78.x) of Thunderbird is now on proposed (test) repository for focal base (Linux Mint 20.x etc). After a while, you can upgrade with the update.
You can download Firefox and Thunderbird directly from Mozilla…unzip and run from the folder. I haven’t used Thunderbird in a while but Firefox will update itself even while running as a portable app. In fact it will update before the repositories.
Personally I do this as I wasn’t keen on linuxmint being my default search engine. As a portable app you are getting a generic version which is highly customizable. The same for Thunderbird. You can create a shortcut on Desktop, install extensions, etc.
Happy to report I always keep ALL security updates on ALL my devices 🙂
But I noticed that on local mirrors I don’t get the updates as fast as on default mirrors.
I did not check if the delay is for all the updates or only the non-security ones, because I usually prefer to stay on the default official ones.
The delay is the same for all updates on a given mirror. Mirrors are told to sync with us at least once a day. In practice they can be up to 48h behind. There’s a mechanism in place in modern Linux Mint releases which checks and warns if your mirror is outdated.
Um.. “Funny you should mention that.” Firefox security updates from Mint are lagging badly. We got 85.0.1 yesterday FEB 19 for 18.3 — the Ubuntu package page for Firefox 85.0.1 showed release back on FEB 05 — two weeks before. And the Ubuntu package page for the following (and true current) Firefox 85.0.2 was updated on FEB 09 — and we still don’t have this one, here on FEB 20.
To be sure, these two out-of-band important-security-fixes won’t affect many Mint users this time. The CVE were mostly, or all, for Windows users, and the .0.2 fixes a fairly rare lock-up bug. But this has been an ongoing facepalm with Mint. Which HAS improved lately. But these two have shown the system still needs work.
Sorry to bring this up in your otherwise important and well-done post, but no, can’t let it pass: The Firefox update system on Mint is (still) broken. And Mint is so good about security otherwise.
Anyway. Hi & good-morning all. It’s first coffee, with much squinting here, 05H19 PST. Quite possibly I have said something horribly wrong or embarassing. Hope not. Cheers.
I agree the Firefox updates should be pushed out as fast as possible, just as others. The thing is, it’s the default browser and the Mint team customizes it, so that brings a delay. I hope that will be automated in the future, because the changes are non-invasive and virtually nothing can break by having them.
The security issue in 85.0.1 is Windows-specific. You’re right about the delay though. We have automated this process (and for chromium as well) but we’ve been focused on two really important issues. It was a real challenge to tackle the update for 17.x (building 85 turned out not to be an option, it took us a while to try that) and we had an emergency issue which I didn’t mention there. Our master repository server went down with a failed HDD. You didn’t see any downtime because we’re using a cluster facade but that made us unable to perform updates and properly test our ESR upgrade for 17.x. It’s been a mad week to be honest, 85.01 was not a priority and it did take a while.
85.0.2 is not late, it was never planned, neither for Mint nor for Ubuntu. Not every point release becomes an update, it depends on its content.
86.0 is coming on Tuesday.
It’s a relief to see a post about security. I don’t believe there is enough being done in terms of security and detection on the Linux desktop because of the old “Linux is as secure as you make it” saying. As we all know, especially with the SolarWinds hack recently, it is very possible for targeted operations to reach repositories, maintainers, etc., and for that to be pushed down while looking legitimate. The question is, how do we detect that?
Has there been any consideration with creating something new for Mint that would focus on security detections based on process monitoring with network connection criteria? For example, when python running as root is making a network connection to a common cloud provider, top level domain of a country that the user shouldn’t expect, etc. The idea is for those domain and IP values to be customizable for the user and “false positive” markable. I understand this is more of a power user idea, but it would be the first of its kind during this age of rising sophisticated attacks.
I wish we could have the newest Firefox in LMDE instead of the ESR one, which is several versions behind.
It’s several versions behind in terms of features and experimentation. It’s not behind at all in terms of security.
This is such a beautifully crafted message. Clear. Not a spare word. Grammatically perfect. Nicely illustrated. All far more unusual than should be the case. Respect and thanks for such attention to detail. Greatly appreciated.
Wow, thanks Samuel. I’m going to print your comment and frame it on the wall. My kids don’t let me correct their English because I’m not a native English speaker. To be fair, I do talk “funny” (I can’t get used to flat adverbs..) and phrase things in a way that doesn’t sound natural sometimes though. You can’t get the French out of me 🙂
I try to use small sentences and simple words on the blog. I avoid idioms and expressions as much as possible, though I’m not always sure if something’s local (Irish for me) or not.
Anyway, if you do spot mistakes or even sentences which should be rephrased, don’t hesitate to let me know. It improves my English and we end up with a better post.
What a nice compliment to Clem. I second that 🙂
I did catch a grammatical error:
“Run Timeshift and configure it it it’s the first time you run it (select the default options if you’re not sure).”
Should be “configure it if it’s.”
I’m gonna be radical (and maybe controversial) here, and say that Microsoft got this right.
Security and stability updates should ABSOLUTELY be automatically updated by default, then give more experienced people an option to opt-out.
There are definitely pros but also cons to that. We will cover this topic in the next blog post though. We have ideas on how to improve this.
That’s exactly why I left Windows in the first place. Its unnecessary fear mongering for the average user. We as individuals are not at high risk of “targeted attacks” from malicious actors. Which means we are more at risk for large scale scraping attempts. This in the majority of cases can be solved by user caution and intuition(see scary site warnings). We are, however, at risk of invasive policies and practices dissolving what little privacy and control we have left in this digital age. That is why I switched to Linux, to get that back. It always starts with the well meaning “security” patches but later becomes feature eliminations and needless UI changes and of course the favorite “Opt out telemetry”. At best auto updates should be OPT IN AT FIRST USE. So people like me that read before clicking can keep our autonomy while the quick clickers are made “safe”.
Not very happy seeing this rhetoric coming around, because, it in itself gets hijacked and inevitably the “necessities” keep growing until you wind-up with Windows 10.
Why did you say something so contrivercial but so good?
@mj: I disagree.
Users should learn to handle their system responsibly and install the updates at least once a week at the push of a button. This personal responsibility is not too much to ask for. For the very lazy users, there could be an opt-in option.
I lost count of the number of systems I’ve had service calls for because M$ broke it with an update.
Yes, that controversial. Auto updates as on option are fine, but I prefer to do them myself. I can’t tell you how often I have had an auto update break something. That’s true on Windows and Linux.
If you want to always have the latest Firefox or Thunderbird then probably your only option is to purge the ones from the repos and then download the .tar files from Mozilla’s web site and manually install them. Then you have to check for updates periodically.
Hi Clem, it’s all clear, but I’ve got a question: I’ve got a very old pc with mint 17 and works quite good (single core and 2gb ram). If I want to remain update i need to switch to a newer distro or a newer version of mint. Do you consider to create a Long LTS version (10+ years) to remain update an old pc? What if I want to stay with linux mint but the version is EOL? I don’t want to pass to lubuntu (example). What do you think?
Lubuntu is the same, 5 years LTS. It’s a huge amount of time to support. There might be commercial distributions which have a longer support period.. I’m not really sure (Redhat maybe?). Other than that you can opt for a rolling distribution but then you’re basically constantly upgrading and way more prone to regressions (though you do have the option to use timeshift and fixes come faster as well). LTS is the best I know in terms of stability and support.
This page shows that Ubuntu 20 will get 10 years of support:
After 5 years you have to pay for extended security maintenance.
“Updating is easy” – Not really, because not everyone knows enough to properly understand the risks. And then there are a few things that the Update Manager could do better.
1. Give up on that intro page and make it a button on the right of the toolbar. Call it “Custom settings” or something else.
2. Always check for the latest updates, even if the users don’t read or customize anything in their Update Manager settings, because some people don’t even touch that.
3. Classify updates as Security and Others, because your average user won’t even make the difference between the shield and the lightning icons. Maybe make a prominent button “Install security updates” in the Update Manager UI.
4. Add a specific notification icon for security updates, so people know about them. Some people don’t look at the notification area, so if you don’t register a click on that icon, make sure you display a small window after 12-24 hours of the security updates being available (and this interval should be customizable from the Update Manager).
“Updating is safe” – That’s mostly true, although debatable. Timeshift is good for people who know their way around computers, but it’s alien tech for the masses. I only wish you could do usability testing with newbies, so you can cringe at how easily they dismiss such software for not being sufficiently straightforward. Timeshift lets you do your own settings, but doesn’t tell you what’s recommended and why. The wizard has information way above a newbie’s level of knowledge. So if they can’t be bothered to update, you can imagine how that wizard will see an X clicked in the top-right side of the window. How safe is updating then?
This article is great. How about you add a feature in System Reports for highly important articles, so the users get notified when there’s something important to read? Anything related to security qualifies as important.
In the future, it would be great to have an upgrade tool to migrate users from a major release to another. Because one of the reasons people fall behind is that they have everything set up just the way they want it in their existing OS, and it’s tough as nails to get them to do a fresh install and then migrate everything back.
The backup tool is fine, except it’s not built with a major upgrade in mind. Modifying Ubiquity isn’t an option, I guess, although it would be amazing to have a migration step directly in there. But a Migration Tool could allow the user to do what the Backup Tool does for the most part. But the Migration Tool would also take care of custom post-install actions, known incompatibilities between DE settings and so on, so a restore would have greater chances of success.
We do #2 and #3 already. We also insist on updating everything but we do mark security updates distinctively. We’ll tackle #4 in 20.2. I didn’t want to cover this in this message because there’s a lot to talk about. In the current blog post I really want users to apply updates and that’s it. We can talk about development later.
Note: We vulgarize snapshots and updates a lot in Mint, in the welcome screen, in the update manager, in the reporting tool. I agree that the tools themselves might feel intimidating, but we do break down these concepts into easy reads and we make them easy to understand. That’s something we worked a lot on in the past releases. I think they’re well integrated. What’s really missing in my opinion isn’t vulgarization or simplification of UI, but a frustration mechanism. It’s too easy to forget about that tray icon or to get used to it being there and not paying attention to it. That’s what we need to look into. Between annoying people way too often and completely relying on them we’ll need to find a happy medium.
#2 There are people who don’t touch the Update Manager after install, which leaves it in that “first use” state. Does that change if you don’t touch it for a few days or more? I’ll try it myself in a VM, but the answer will likely come slow.
#3 Having custom icons and allowing people to toggle types of updates doesn’t mean newbies will do that. So if you want to make increase the chances for them to apply the most important updates, make two buttons: “Install security updates” and “Install all updates”. That helps a lot, because as annoying as it might sound for a security conscious person that someone cannot be bothered with toggling stuff and click a button, the real world sucks and the stats you got prove it.
Let’s call it #5: Add important notifications to the System Reports tool – like security-related and EOL blog posts.
So if you want to make increase the chances for them to apply the most important updates, make two buttons: “Install security updates” and “Install all updates”.
What is the point of this suggestion? Security updates are virtually all Linux Mint ever gets, other than updates to the spyware Firefox that, like all browsers, seem to have an update ever 4 hours.
Other than that, hardly any software installed by the user through the repositories is ever updated. You can be using a 2 year old version of Mint and whatever software you originally installed when installing Mint is also going to be 2 years past since it’s last update.
Mint does not do updates of anything you install from Software Manager, again, except for Firefox. Sure, if you install a PPA, that software will be updated regularly but, other than that, forget it.
I don’t understand why you think it would be a good idea to have two buttons, one for software updates and one for security updates. Maybe one button for security updates and one for Firefox updates would have been a better way to phrase it.
You know, you could have just out and said it: most people are too stupid for computers.
@ctrlaltdel: I’m not sure how often you keep an eye on the updates, if you even use Mint, but most of the time they’re both regular (bugfix, stability, etc) and security updates. There are icons for that, so it’s easy to spot, and there’s the change log that shows update info for many packages.
@Charles: No, being a user means one doesn’t have in-depth knowledge about something. Users expect things to do their job. Security updates are most of the time limited to security, not regular features, so the risks are usually lower when it comes to breakages.
A separate button would be useless for me as a specialist, because I apply all the updates, but it would be welcome for people who tread carefully just because they want a functional PC, because functionality always comes first. You know, we could still have single Install button, but there could be one to toggle between security updates only, and all updates, so you can install in two clicks without adding too many buttons. Because un-checking all the boxes for non-security updates is not fun when there are a lot to catch up with.
I always keep my system up to date, I check the update manager after boot and before shutdown and I love the way you currently have updates configured. I love what you’re doing with the project Clem. Thanks for everything you and the team are doing. You all do such an awesome job!
Same here. Who needs more redundant buttons? Not me.
I’ve noticed that my local mirrors (university of Washington mathematics) is frequently down and I wonder for Linux mint users, who might be a large number of first time Linux users, if they easily get thwarted when their update manager gives them esoteric warnings about mirrors, how to change them, etc.
I just ran apt update and got the following output:
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error
The following signatures were invalid: BADSIG A6616109451BBBF2 Linux Mint Repository Signing Key email@example.com
The error appeared for the evowise mirror. Is this an issue with the mirror or might it be a problem with my machine?
This can happen if the mirror syncs between an update and the signature of the repository. It goes away on the next sync. Which release are you pointing to?
this issue is with Linux Mint 19.3 Tricia
I just check for updates and install them when I see the shield icon change in the notification area, As an aside, I find the shield in 19.3 changing to blue more obvious than the orange dot in mint 20.1. (I run a mix of 19.3 and 20.1 as certain software I use is deprecated in 20 onwards). That said i also look to see exactly which updates are being installed in case there is an issue. I have never had an issue at all with any update causing as problem, and for that much thanks goes to Clem and the team. However I think the Microsoft “forcing ” Policy is not the best idea either as with their policy Windows 10 regularly breaks and you cannot stop it. A frustration mechanism needs to carefully balance how often it nags, and maybe give an option to disable it for more experienced users who may have valid reasons for not installing an update. It is a tricky subject and there are good and valid arguments for both sides. That said, Clem and the team do a brilliant job and Mint is awesome, so a big thank you to them and I am sure they will come up with a great solution
Although I update frequently (Mint 20 makes it easy), it’s good to be periodically reminded why it is so important.
A big thank you to the dev team for creating such an awesome product.
Hi, i like updates, so i’m always keeping my little companion notebook updated to the most recent versions. However, one thing saddens me; its a 32 bits notebook (Packard Bell Dot-S) and Mint stopped making new releases other than the 64 bits since Linux Mint 20 was released.
What are my best options to stay updated after 2022 other than getting a new notebook? This one still runs everything real smooth. Any chance for like maybe a special Mint Mate x386 20.x somewhere in the future? 19.3 Tricia still does the trick but the clock is ticking…
Are you sure it’s not 64-bit compatible? Which CPU is it exactly?
Assuming your netbook is https://www.cnet.com/reviews/packard-bell-dot-s-review it has a Intel Atom® Processor N570 which Intel shows as a 64-bit CPU. See https://ark.intel.com/content/www/us/en/ark/products/55637/intel-atom-processor-n570-1m-cache-1-66-ghz.html
From what I can tell, the Packard Bell Dot-S comes with the Intel Atom N570 CPU:
And that page specifically states that it’s instruction set is in fact 64bit.
Perhaps you’re mixing it up with first generation single-core Atom CPUs that truly are only 32bit?
Thanx guys, guess i just needed that extra push to look a little deeper into the specifics. Mine has the Intel Atom® Processor N450 which is also 64bits compatible. When i bought it secondhand it had W7 32bits installed. I only assumed it was 32bits because of the W7 info. So 20.1up and running now! (y)
Then you’ll be happy to hear your notebook is in fact 64-bit capable. Dell describes it as 32-bit only because Intel never managed to release a working 64-bit Windows driver for the integrated GPU, but that obviously doesn’t concern you as a Linux user.
Thanks for your work on Linux Mint!
I absolutely love it.
Thanks for this blog entry, it is certainly an important topic.
However, please note that some systems in our network could not be successfully updated to Mint 20.x because it comes with Thunderbird 7x. Thunderbird 7x causes all kinds of problems while communicating with older mail servers (which should also be updated but sometimes this is not possible).
Also it is no longer possible to communicate with older openssh server protocols, rejecting certain protocol types.
In these cases (especially in company environments) upgrading from Mint 17.x to 20.x is probably impossible without a guide on how to make Mint 20.x compatible with these older security protocols, resulting in a quite constant number of Mint 17.x machines out there.
Question for you. If you are so worried about updates, why doesn’t Mint just install the updates automatically? That is what is best for noobs. Advanced users could disable it.
Tis not the Linux way. M$ may bulldoze updates on you, but Linux will treat you as an adult.
It Is a two-edged sword. I keep my systems updated, but have relatives who are now lagging 3 versions of the OS behind because: i) they’re scared of updates, and ii) bandwidth costs a lot where they live.
“Update your computer!”
It conveys a meaning different from that desired.
I believe that:
“Update your system!”
It would be better.
Did somebody remove my comment asking about auto updating?
@NM64 I’ve got a notebook that has a 64-bit Intel Atom, but only has a 32-bit EFI bootloader
@Mortus668 I can’t get LM 64-bit versions to install without adding bootia32.efi from elsewhere, which is a potential security risk so I haven’t tried
You can install some current 32-bit distros (I’m on Debian 10), but the LMDE4 32-bit installer didn’t want to play (I did try 🙂 )
For me LM is much more user-friendly and has a decent update manager, but it just won’t install on that machine
While we’re on the subject, I had an issue in LM20.1 that I’m putting down to a network problem (https://forums.linuxmint.com/viewtopic.php?f=47&t=342829&p=1972251&hilit=%5BSolved%5D#p1972251) The update manager warned me that there was a problem, I acknowledged the error dialogue, and then mintUpdate told me that the system was up to date, which I don’t think that it was because of the error.
It’s done something similar with an NVIDIA driver update where it didn’t display the orange reboot banner, even though the reboot was needed to apply the update
Is this something that needs attention?
Kidding me, right? You admit to not having a solid argument at the top of the article. You rely on admittedly shaky heuristics thereafter. You give zero rationale behind your lament. Who you trying to convince? The choir?
The public needs to understand the importance of security updates. This article would rather insult their intelligence. This read too much like a TechNet article for my liking. Do better.
Hi Linux Mint community,
I myself like to keep everything updated here on my system.
Sometimes it is the person who wants to use the outdated system or some program in that older version, or also has novice users who are not aware of the updates, in short it is a mixed salad of users using the system!
I think that in order to help new users, the system could have some more emphatic warning that there are updates to be made or an option to be able to choose to do automatic updates.
I love Linux Mint very much, congratulations to all the project developers, you all are doing a great job (^o^)//
Is there any way to see those stats somewhere ? Or it’s internal only?
I always update only what I consider worth updating, which means I first look in the changelog tab (set as default) of the Update Manager – gm10 version which you didn’t bother to fork and implement in the 20+ line – analyze carefully what has been done, and only then decide whether to accept that update or not. Blindly accepting any and all updates – more so if set to automatic – would be completely unacceptable to me.
Timeshift to me is worthless because for compatibility reasons I choose all external drives (and additional internal partitions) to be formatted as NTFS (while thumb drives are FAT32) and that thing can’t deal with such drives/partitions. Until you enhance that tool with the capability to store – in a compressed format such as zip or 7z or whatever – the backup to any partition type (provided it allows the file size, thinking of FAT32 4GB limitation) I will never ever let that thing run and clutter the system partition as it happened in the past to me and so many others.
Besides, all programmers can make mistakes. Some may even be intentional. As such, accepting every update as soon as it comes out could even render the system inoperable or at least unable to connect and search for help. In such case, people that for whatever reason have no backup at hand would only be left with reinstalling – thus losing all customization and applications and all that – or, in frustration, going back to Windows if they were fresh Linux users.
Just a personal point of view, for what it’s worth.
at more than 65 years old, I have installed Linux-Mint and am deeply satisfied. No difficulties worth mentioning were encountered. Now I encounter a problem that seems suspicious to me in terms of security.
In the personal folder there is a cache directory and in this again new hidden directories of the kind “/home/*/.cache/.fr-0gAnr5”. There are about 450 .fr folders.
When I went through them, I got a fright. I found sensitive information there, which came from a hidden and encrypted archive I created under /home/*/documents. I did not find other, openly stored documents, pictures etc..
Not without reason I had stored sensitive documents like correspondence with authorities, documents about income and tax matters, a csl file for the password manager in exactly this archive.
Whenever I had opened or edited a document in the hidden archive, I could find it in the “/home/*/.cache/.fr folders” described above.
Should someone (for whatever reason) have access to my system and know this cache, they would be able to print out the csl password overview, with all possible consequences for me.
As an immediate measure I turned off the history of LibreOffice. Since the sensitive documents could still be found in the cache directory, I have since deleted all updated entries under “/home/*/.cache/.fr*”.
Why are there only files from hidden directories under “/home/*/.cache/.fr*”, which moreover were not encrypted without a reason?
How is this circumstance evaluated?
What is Mint’s purpose with this behavior?
Is this acceptable from a security point of view?
How can the user turn this behavior off or consciously control it?
Can deleting all .fr files have negative consequences for the OS?
Can this basically prevent .fr folders from regenerating?
Is a security update required under Mint?
I think you ask too much to Mint and not enough to yourself.
– Why not encrypt your disk at installation ? This would solve the problem of non-encrypted files anywhere, wouldn’t it ?
– Deleting files in the harsh way is usually creating problems rather than solving them.
– Mint is by far the best user-friendly OS on earth, but in terms of security at the level you request, it can’t probably do the job (remember it’s built on Ubuntu who is itself build on Debian and so many code lines cannot be bug free). If some of your files are very sensitive, create a more secure environment : install Tails on a 16Gb key (it’s shipped with Libre Office, Gimp, and Tor Browser so you should have the basic tools to manage documents). No trace will be left on your computer and the 16Go USB will allow you to create a Persistent Storage partition which will host your sensitive files and even use any computer to safely manage them.
According to this https://www.linuxquestions.org/questions/linux-newbie-8/hidden-cache-directory-4175651411/ , your .fr files are cached files from decompressed archives. It is safe to delete them.
According to this https://security.stackexchange.com/a/35838 , encrypted compressed files are not the best solution for privacy.
Hans, you cannot win this war. I once spent a few days going through all files in my home folder – examined all files, many of them hidden by default. I found thousands of leaked cached documents from almost all applications. Even GIMP saves thumbnails of images, and sometimes I open scanned tax docs in GIMP to improve quality. Sometimes I give files confidential names (“ibm-contract-renewal”, “password-list”), and those names can be even found even in kernel/system logs! Libre Office raises some errors like that and this is a big leak. Then when people use TimeShift, they copy all these leaked files/data to another drive, which makes it even worse. And what is COMPLETELY worse, is that it is VERY difficult to securely delete files from SSDs.
The only solution to that is total drive encryption. Not only the home folder, but also the whole root partition as system log messages are stored there. I also save timeshift snapshots to an encrypted partition, only because of that.
Dear Mint Team, when you read this message as your moderation step, please consider it as an idea for another blog post. Security and privacy always go together!
Sorry but im not sure how to make snapshoot in correct way. One yer ago i was made snapshot bat cannot restore it like i want . I was havent got my password on the browsers etc.. So bad expierience..
The snapshots don’t affect your data or your home folder, they affect the system itself. Your password would likely be the same as they were before you restored the snapshot (i.e. your latest ones). If you restore to a version of Firefox which is younger though, Firefox will detect that your Firefox profile is using a later version of Firefox that the version you have installed and could potentially refuse to load your profile or even the browser. In that case simply re-upgrade Firefox to the latest version. You can also run “firefox -ProfileManager” to choose the right profile.
Just for the record, Clem, your command of the English lamguage is far superior to many, many native speakers here in the US. I think I’ve seen maybe two errors in the years since I first started using Mint, and the possibility of typos was there both times. I’m impresswed!
Dammit! See what I mean about typos???
Don’t worry, our brain can auto correct and tolerate typos. It is sufficient if the meaning is conveyed!
I use a lot of distros in the Debian family, so for simplicity’s sake I just use apt instead of any software manager. My habit of many years is that whenever I turn off a computer I do sudo apt-get update and then sudo apt-get dist-upgrade && sudo power off.
A couple of things worth mentioning. In 9 years of doing this, it caused me problems once about 6 years ago on a Debian testing system. In general, updates do not break systems. There’s no reason not to do them. Timeshift really shouldn’t come into the thinking.
I know most users aren’t going to do what I do, but could Mint redesign the turn off button like Windows does, giving the options “Update and Shut Down” and “Shut Down without updating?”
3 or 4 years ago a kernel update broke all virtulabox installations. Thousands of posts appeared on Ubuntu forums and bugtrackers in one day. Updates may break things and users should be aware of that.
Sure. I’m not saying it never happens, but between the two of us we’ve come up with two examples in a decade. And mine doesn’t really even count since I was running testing and took that risk. Of course an update can break stuff, but I’d argue the consequences of not updating are much more serious. I think the suggestion of offering “Update and Power Off” “Power Off without Updating” and “Cancel” is a reasonable balance. People can opt out if they’ve heard bad things about a particular update but the default option is going to be update.
Also, if you update your computer daily, updates are trivial. Most take less than a minute, and if it’s a kernel update with a lot of packages rebuilt maybe 5-10 minutes. For Ubuntu based stuff, there’s usually a small update every day. For Debian stable based systems, it’s a very small amount, maybe a couple of less than 1MB packages a week, a new Firefox every once in a while, and maybe a new kernel every couple of months.
Stop adding buttons!
Well, I have another instance – maybe not trashing the whole system, but giving me severe heartburn with Firefox. It made me wonder if Goggle or MickeySoft had inserted a mole into the update qualification team.
A few days ago, I saw the blue update shield appear on my system. It was for Firefox. That should have been a huge red flag. As the system is running Mint 17.3, and I’d understood that there would be no more updates – albeit there had been a few application updates for security. Certainly, going to the firefox site and trying to manually update was a non-starter. So, even a small update to firefox appeared to be attractive.
It was a freaquing disaster! Nothing in the update description gave any hint of what was about to befall me. Certainly, there was no warning that Firefox 78.7.1 was not only going to start a new profile for me, but that it would obliterate my former profile – as far as I can determine, no recovery is possible – all my bookmarks, history, etc, are gone. I was only informed of this AFTER the installation was complete and Firefox restarted, once it was far too late.
The real problem I see is that people who do not update regularly won’t read this blog neither!
“After 5 years of support, Linux Mint 17.x is simply not supported any more. You need to move away from it.
The latest version of Linux Mint is 20.1. It is supported until April 2025.”
Which is fine if you have a new computer system and time to do so. Many of us are not in the “let’s ruin the planet – must buy a new PC every 6 months” league. With LM20 only being available for 64-bit architecture, you are basically doing the same as Microsoft have done with Win10 and forcing people to scrap perfectly adequate equipment in order to boost manufacturer profits.
Having experimented in the past with a non-GUI version of Mandrake Linux, it was a no brainer to install Linux Mint when the software industry finally made continued use of XP next to impossible. LM17.3 Rosa has ran perfectly well from the off and updates applied at intervals. It has been a pleasure to use and no issues until this last year when several pieces of software that I needed to install failed because, as I soon realised, they were for 64-bit machines only. The developer of one of these kindly sent me her 32-bit beta version of the Linux software which did the job nicely but the other task is still on the back burner.
I have tried LM19.3 and it does certainly run from a USB stick but the time to backup everything has prevented actual full installation. Backup doesn’t work properly. Timeshift just doesn’t convince me that it has backed up what I want it to and doesn’t like my external drives. The hassle of upgrading to LM19.3 is just not worth it.
We have two much more modern 64-bit desktops. Both crap, despite their HP logos. My wife’s is running Win7. Mine, which was originally inherited from my father-in-law with Win7 on board, I installed with LM19.3 and more recently LM20.0 and upgraded the latter to LM20.1. None work properly. Whether the machine or the OS, I don’t know, but frequently the screen just goes into a kaleidoscope of colour and system locks up. Only solution is to power off and on again. So certainly not relying on that desktop PC nor the 64-bit versions of LM.
Thanks for the Firefox upgrade. Looked for later versions than 66 on Update Manager but they were not available.
Timeshift is not a backup tool, it’s used for system snapshots. It’s not the right tool to backup your data.
Please do consider moving away from 17.x. We’re not making money on whatever “manufacturer” product you purchase. We’re telling you this for your own sake because you’re exposed to known security holes.
That Firefox update is a once off, to quickly let you catch up on 2 years of missed security patches (from 66 to 78 ESR), but it won’t happen again and it only covers Firefox itself. Your entire system is missing security fixes.
Hi!… I’m running such a 10 years old Asus K53U with LM 19.3 successfully!… Surely it is becoming little bit slow these days, but pretty capable for what I want it these days!… Congrats to Linux Mint for it, certainly. Otherwise it could have gone away some 5 years ago!…
It is not very often I reply to things like this. I am guilty, I still use LMDE2, but I use a standalone binary direct from Mozilla. Fact, a browser should be able to function all by itself without any dependencies. It should also be entirely sand-boxed and have its own non system storage folders. (The same goes with all Android browsers to). Given that Firefox is trying to blend desktop and Idiot phone versions in one with the hardware and file permissions.
I also use different variants of Mint from 32bit to 64bit. I still like using Nvidia 7800gt’s for mutli-boot XP, Win7, and LM. I do this because I can classic game, Surf the net on LM, and have some shared file space because I know how to be safe. I hate NTFS except for Win7 requires it for the OS partition. I have an entire 250gb all in fat32 because I can. I never make an OS partition bigger than 9gb for Mint because I keep the OS away from personal files and non OS software. Yes the one partition blob approach is stupid if your one partition gets corrupted. I still like running older socket A’s and super socket 7’s as well. Mint 32bit can work on them, except for requiring a SSE or older browser. Not everything has to stream video in life.
Concerning updates. I am very careful not to update anything that is not browser related. I tend to stay away from kernel updates, because those can break things and you can also be left with multiple versions taking up space. Well if one breaks your drivers, you can always boot with the older and delete the offending one if you know how to do it. I also stay away from xorg updates for that reason. Updating can also wear out some ssd and emmc flash devices faster which can kill or corrupt your computer if it is non removable. “Damn you Google”. It can even create ghost memory that requires a full format. It happened on a usb Easy To Boot flash drive I made, that I kept changing out Linux iso’s to test. I deleted all files and it still showed in defraggler that files were still there. It is rare, but it still happened. My case in point; flash based memory is good for mostly static storage, and bad for swap files, and constant frequent updates.
I am not a power user that might use VM’s, but I am in control of what gets updated, the hardware I use, etc.
Far too long greedy manufacturers, and god minded OS providers like the one that brought Virus10 to light.
In comparison the electrical plug in your house remains the same. All software should be designed to operate in that same manner no matter what hardware is used, or how old it is.
So remember if the newer browser version has dependency issues with your current perfectly working and hardware safe LM version then try a standalone version from Mozilla direct download that updates within itself.
Some of this was a rant, but it was needed.
Both my computer-phobic parents are running LMDE which doesn’t get as many updates as the Unbuntu-based version; I kind of consider this a perk as long as there aren’t any security issues. Unfortunately my mother is quite far away and due to COVID-19 pandemic I’ve not been able to tvisit and update her laptop so it’s still running LMDE-3. It seems that System Updater has continued to install updates to the underlying Debian LTS system. Since she is mainly using things in the Firefox browser I’m wondering just how risky it is for her to continue using LMDE-3 for a few more months?
LMDE 3 still gets security updates from the “Debian LTS” project until June 2022 but it reached EOL from a Mint point of view. We do update Firefox on it (it’s running the latest ESR right now in fact) but mostly because it’s easy to do so, we’re not committed to support this release anymore, and these updates are not as regular as for LMDE 4.
Clem — That’s reassuring, thanks!
I still run LMDE 2 for mission critical systems. It’s much more stable, fast, and reliable than all the subsequent versions.
Many of those updates are not available now.
That said, using Mint 20.1 on my main desktop has been going pretty great. Occasionally I have to reboot, probably from too many tabs in Chrome. But Warpinator has been very useful, Compiz is working nicely, and the system is overall pretty great!
But I don’t run services on my main desktop that are mission critical.
I may got back to LMDE4, while Mint 20.1 is nice and kernel 5.8 performs better on my machine than 4.19 I could in theory use the backport kernel on LMDE4 for the same performance boost and have less trickle of updates coming through from Debian than Ubuntu seems to be now doing.
@Clem – Has the new staged updates roll out method at Ubuntu been looked into? Mint Update may not know about that and be downloading updates at the fastest cadence that it should not. I don’t particularly agree with Ubuntu’s approach because they are pushing testing onto a randomised group of end users who will either not know how to report a problem when it arises or just report everything is fine when it isn’t because they don’t know what they are supposed to look for.
Thank you, Clem and all the others who work so hard on Mint.
First, @clem, thanks for your heads up! I am glad to hear that security and updates are a primary concern from the Mint team. Well done!
For those who do not have an EXT3/EXT4-formatted storage for TimeShift backups, well, I may guess you have a NTFS/FAT-formatted storage somewhere else. So this is just a tip (please do not kill me, ok!): Macrium Reflect (the backup software) which runs on Windows can perform backup (and restore!) of EXT3/EXT4 partitions. If you have a dual-boot machine with Mint and Windows (like me!) you can perform in a single step the backup of your entire disk with mixed partitions of NTFS and EXT3/EXT4.
Linux Mint – or any other Linux distro, for that matter – should never rely on any possible external means for backup. Everything should be self-contained and prepared for any possible situation, even for the corner case of having only a FAT32 device at hand for the backup, with its 4GB file size limitation. If I go out and buy myself a 8-16-32GB flash drive factory-formatted as FAT32, insert it and select it as backup destination, the respective application – Timeshift or whatever – should be able to calculate total size and split the unique backup file into multiple archive volumes that would fit the file system limitations, while upon restore it should be able to combine or unpack the split archive volume by volume as needed. All this without affecting any other data that could possibly be already stored on that drive. Now that would be a logical, safe and user-friendly application.
While I respect Mint’s position on updates, the simple fast is that it attracts many novice users who might not know how to make timeshift backups or how to update their computer. I started using Fedora as my main OS last year and GNOME installs updates automatically when I switch off the computer, this is the default setting and Linux Mint needs to do something similar.
No Mint should not do that by default. It can be made to apply updates in the background but the problem is that Ubuntu sometimes release updates that should never have seen the light of day and cause breakages.
Fedora’s Q&A process is far more stringent because they have inherited very robust procedures and tools from RHEL.
If you are happy with updates being forced on you then that’s your lookout. Additionally that only happens with Fedora Workstation as a result of it using the GNOME Desktop environment. None of the Fedora spins do the same.
When will we have Thunderbird 78 on Mint ? It’s a pain to stay v68 in Windows in dual boot because using common folder. This is a security problem, no ?
Thanks Clem ! Thunderbird 78 is here. We have lost some add-ons, but all is fine.
Long life to Mint !
linuxmint 20.1 works perfectly, thank You. In older versions there were the necessary and optional updates, for security or upgrades, but now there is no such differentiation … I install them all. That is how it must be done;
Why are you still shipping Timeshift when the developers of this software can’t even be bothered to fix the software? If I had to guess this software won’t work out of box for about 50% of your users as it is, make a blog post about that first.
This has been an issue for 2 years now and is probably why no one bothers with backups in Linux, the software doesn’t work and no one can be bothered to do what’s required IE
You can ask users to apply patches to broken software so they can have a proper backup software but it probably won’t happen. I know you aren’t directly saying this you probably aren’t even thinking about this because for you it just works but I’m very certain this is an issue for the majority of users its just that most people don’t even bother trying to backup their harddrives so most people don’t realize it’s an issue in the first place.
As for the updates thing, most sites that matter are heavily encrypted, updating your web browser or not it doesn’t matter as much as you realize. Most people are not buying drugs online or are closet furries or something. That’s why no one cares because they know they are boring people on their computers they play games and surf Facebook or whatever. I honestly can see the appeal for not bothering to update when everything just works, why would you be bothered? Everything’s fast, you’re running on Linux which by itself even outdated is a million times more secure than using Windows, there’s very little incentive to do so.
And updating Linux is like playing Russian roulette, I remember back not even ten or so years ago, I had major issues with software being pushed into official repositories. Ubuntu used to ship BROKEN distros as their ‘LTS’ it was a complete joke for QA. If anyone has been using Linux for more than ten years they realizing that updating any software sometimes can literally bork your whole system, it only takes one component being ‘too new’ for instance and the rest of your software won’t want to play nice with that library. This happened to me regularly so I have been burned by this experience.
I’ve been updating but I still run into this issue, certain software of mine for instance won’t run on Python 3 libraries, most newbie users will just be frustrated and give up. I know the sentiment is coming from a good place but you have to put this in perspective of a dude who goes to work 8-5 is 40 years old and doesn’t have time to bother patching software for it to work properly. He’s just going to use Linux to watch Netflix or whatever and check his bank account with $500 in it and Facebook.
I can tell you his bank account is never going to get compromised no matter how old his Linux distro is and even when it does his bank will immediately fix the issue….so why bother?
So let me guess this straight.. Linux is 10^6 more secure than Windows, users don’t need to worry about security, most people use BTRFS, Timeshift is useless, Ubuntu updates break more than they fix, upgrading your browser is only useful if you plan on buying drugs. Well, look, let’s just agree to completely disagree. I don’t think I’ll be able to convince you and I really don’t like your attitude. You’re criticizing that particular developer for not spending time on what you consider important yet you completely dismiss the efforts of thousands of developers out there who work really hard to bring all these security fixes. This doesn’t sound honorable to me or even morally honest.
Unfortunately @Clem took this the wrong way, but you are absolutely correct.
We are genuinely thankful for all the work, but we are not programmers, what excites you, does not excite the general public.
There seems to be a disconnect between a ‘regular’ computer user and those that enjoy tinkering under the hood for weeks on end to resolve minor issues.
The average Joe and Jane just wants an escape and the computer is one route.
There is a never ending stream of updates for everything, so the average user gets uodate fatigue and figures it works, why fix-it.
What danger are they really in when they simply use their computer for email and internet (maybe pics and the odd word document)?
I still run Windoze 7 with all updates turned off and have never had a security issue, how is that possible?
I’ve never used Timeshift and never will, all important files are stored on usb’s.
Even though I have tried to decipher it a few times, I simply could not dedicate any more time to it.
Again, it just does not excite me to tinker around in Cicada 2.0 like there is joy in computer puzzle-solving when real-life is happening all around me.
Just a regular 8-5 working stiff
Jebril did have a point with timeshift and BTRFS. I use timeshift but had to abandon trying to use it with a BTRFS system because it doesn’t work reliably. I really wanted the advantage of a super quick snapshot but have to live instead with timeshift using rsync to a separate ext4 volume.
Hello and thank you for the blog post. Ubuntu are trying to resolve this problem by using snaps. You’ve been very clear about your objections to these, but wouldn’t they be for the greater good in this situation? Surely rapid delivery of automatic updates, sandboxing, isolation from the core (possibly 17.x outdated) OS and rollbacks are fantastic core features for a web browser? No system is perfect, but you’re producing metrics which suggest your existing system needs improvement.
Our existing system needs improvement and improvements are planned.
Snap, like Flatpak, or static builds makes it easier to run modern software on older systems and delegates updates to upstream, but it doesn’t really have anything to do with client update strategies. There are the same concerns at play no matter what the technology is (i.e. bandwidth, knowing/deciding when to trigger updates, having a rollback strategy, automating, frustrating users, informing/empowering them..etc.).
Here we use Linux Mint at 7 machines. By default I enable the automatic update option because users do not take care to keep the system updated. I know the auto update option can cause problems but fortunately until today everything went well. And I think it should be the standard for the common user. Maybe an alternative would be to have in the update manager the option to enable automatic update only for security updates.
Can you make it easier to filter to *only* security updates in the Update Manager tool?
Over the last years I have installed LM-Cinnamon on laptops running an outdated win7 for relatives, friends and acquaintances. I made some calls over the weekend asking them if they installed updates from time to time. It was rather sad to hear that most of them didn’t take care of the updates at all. Some didn’t even have any idea how to update (I must admit that they have very limited computer-skills … e-mail and web-browsing). For these users we must provide an option that the updating must be made mandatory if they log in or out (such as they were used to have when running Windows on their laptops). I’ll guess that it could also help to give a notification each time they log in. This must also be the case when a version gets end-of-life. In this way they will know that there is a security-problem. I also noticed on a laptop that there were at least 20 out-dated kernels present (he was doing the updates regularly, but he didn’t know that outdated kernels were kept on the system – One can specify in the preferences that LM does the cleaning up once a week, but I forgot to set this option when I installed the distro). Anyhow, it might be interesting for some users that updating is automated or if it can’t be done automatically, that they get a notification that they have to contact an expert for doing the job.
I really don’t understand this modern obsession with security and updates. I mean, you usually don’t run a billion dollar company web server.
I think it’s OK if you decide not to agree. It is your computer after all, that’s a key principle of ours. But it’s not OK if you don’t “understand”. I know you didn’t mean it that way in your comment, but it’s an important distinction for us all the same. Because as a mainstream OS, it is our role, it is our responsibility even, to make sure our users have the information they need to make these kinds of decisions. I’d even go further and say, it is our responsibility to make sure we make the best decision for them (by default) if they can’t or don’t make it themselves. It really doesn’t matter to us how much you’ve got to lose, that’s something you need to worry about, from our point of view what really matters if that you don’t lose anything until/unless you decided to take this risk yourself.
What we see here is a lot of people who don’t apply updates. If some of them voluntarily decided not to because they’re in some VM or they’ve nothing to lose, that’s fair enough and perfectly fine. This blog post isn’t for them. This blog post is for people who just never really thought about it, never really thought they were vulnerable and never really decided to either let the door open or to secure their computer. I didn’t come here to change anybody’s mind on anything or debate the merits of A or B, I came here to remind people there were updates available and to consider applying them.
I’ll be very blunt. There are a few people here who think everybody should apply all updates automatically and not even be given the choice. And there are a few people here also who think updates are useless and nobody should bother. I really don’t care about these opinions. I heard them before. We have to accommodate everybody, including these two groups of people and everyone in between. I’ve no interest in debating the merits of security updates. This isn’t why we’re talking about this. With this blog post I want to remind people about something they didn’t necessarily have in mind, and with the next I’ll start explaining how we’ll improve Mint to make sure people don’t overlook this aspect for long periods of time.
Then after that, what you want to do and think, that’s always been up to you and frankly once we’ve done our job (which is to inform you and make your computer easy, comfortable and safe), it’s none of our business.
Please educate yourself before posting. One of the main reasons why home computers are silently taken over: using them as spam bot nodes or child pornography storage. None of them is money related and can put you in big trouble.
I have set up mint machines for non techy friends and just set everything to autoupdate. So far there have been no problems at all, they are not even aware that it is happening. I do manually update my machines when i see the shield icon, but that is because I like to have a “nose” to see what is happening, but have also never had a problem
Where is the like button for your comment, Mr. Clem?… 1000 likes from me, at least!… 🙂
Very timely article, and it makes SO many good points. I’m currently on 19.3 due to having to wait on a couple of issues, coupled with simply not having time the last month. Having said that, I JUST started having a problem with FF 85.0.1 where pages simply won’t load at all. It was fine yesterday, but not today, so now I need to chase down what looks a lot like a vulnerability. I only mention it here because of the discussion around FF updates, not to solicit help. but fact remains that SOMETIMES an update isn’t all beer and skittles.
Well 19.3 is still supported. I think he is more concerned with versions no longer receiving security updates.
We have published it on the official Hungarian website of Linux Mint! Best Regards
I am using Linux Mint 17.3 on my 32-bit computer which is very old (obviously!), but it’s on a virtual machine and I only use it for scanning purposes since I can’t fit the scanner on my other computer tables.
On this computer, however, I use 20.1, and can afford to upgrade should the dire need arise.
Would you ever Consider going to a different web browser within link mint. I have been usng Vivaldi (Brave is another outstanding web browser) for some time now and find it superior to Firefox. With Firefox in the news now with the CEO claiming censorship of certain Political groups, this might be a good time to protect the open source community against such a type of philosophy. After all, isn’t Linux Mint saying “from freedom came elegance.” Along with that platform’s (Firefox) of long standing issues with security vulnerabilities, Linux Mint might want to look at software that comes default with Linux Mint (not that the Dev’s don’t) with a closer and more critical eye. Just a thought.
Clem, in Mint Serena edition kernel updates and microcode (levels 4-5) were not automatically selected in the update manager, but in Ulyssa they are. Why this change? Can I still go back to the old mode? Now I have to scroll a long list of updates and manually deselect all kernel stuff. I don’t want the kernel to update automatically, I have peripherals which often refuse to work with new kernels. No way I will let the kernel to auto update, I try them when I have time, usually a few months after the release. Thanks!
These numbers should indeed be taken with a grain of salt: as I understood it, the number of 30% of users lagging more than a week behind in updates come from those using Yahoo, who are probably those who kept Yahoo as their default search engine, so probably not the most advanced users.
Regardless, it’s important to update, especially when it’s as easy and trouble-free as it is with Mint !
what do advanced users use?
Probably Google for better results or DuckDuckGo for privacy
Often, beginners don’t think about updating! The process of security updates should be done automatically!
– the problem of using linux as an “normal” in general is that issues may occur (after update) and if that happens as a ex-windows user you have to find out why – in my experience this costs a lot of time. So if you got issues after an update you didn’t experience before you just might try to switch back and after solving the problem never ever again install updates.
The problem is normal people experience seldomly hassles with regular updates leading into not updating till they experience not installing security updates results in difficulties too (hopefully this does not happen). The usual practically approach would be not installing updates. If i regard my family – i would say they just need a windows close UI; browser; pdf; some writing, photo editing, vid looking — that’s it. Even if the aim of the article wasn’t to discuss possible ways to tackle problems with user vs OS my Idea would be to create an installation choice for this “normal” group which is safe, easy to undo, but still installing automatic updates with possible integrated fixes for this and some other core-funktions for low-level users. It should create also a % partition as backup location for timeshift to minimize overflow issues because of backups and a minimal safeguard backup setting by default. Getting the system alert is not doing the job and after an not starting system because of an filled disk after an automatic timeshift backup you want to not experience this issue again – but to create a new partition could mean to set up the whole system again. In general try to tackle the issue via choice making of the user in the installing process by the level of knowledge + guide for problem solving for the most “normal” users. The ones with more knowledge in IT probably find a way around problems, switch to another OS or are aware of and taking knowingly the risks.
Thank you and the whole LM-Team for your efforts!
I keep all 5 of my Windows/Linux Mint 20.0 laptops updated on a weekly basis but Firefox does not get updated right away as I’ll wait on that, for reliability reasons and because of the Mozilla Foundation’s messing with the Non FF ESR version’s UI/Feature elements on the FF Rolling Release edition.
Firefox on my one Windows 10/Mint 20.0 laptop that’s using the Linux 5.8(HWE) Kernel and FF’s hardware acceleration issues with YouTube/Other Video streaming online issues. I always keep my devices updated and really my snapshots are manual for me and I’ll always do that before a Kernel Update, or a Firefox Update/Other updates if I think any update may be more prone to issues.
Folks on Newer laptop with M.2/NVM SSD’s well that’s not more than 30 seconds for me on my newest laptop for a snapshot there but does take some time on my older Spinning Rust laptops that are of the Ivy Bridge generation and older Intel core i series generations.
As far as running the latest Version of Mint I’m usually behind the latest by at least 3 months but I’m never running any unsupported Mint edition as that’s just too risky for online usage. Automatic updates are a never allow thing for me and really I can deal with keeping my systems updates manually managed!
Well……welcome the politics of patching……
To be honest, I am not against the principle or need to patch an operating system. I am not against necessarily the idea where the user is in control and can turn such functionality on (such as automatic updates). However, I am against the idea of having this forced upon any user of any operating system for the sake of that operating system’s vendor (e.g., whether its Microsoft, Apple, Ubuntu derivatives) because that vendor is taking on an assumed responsibility to protect the user of such operating system.
The use of any operating system will always vary from user to user, whether at home, a business, an organization/corporation. Every business case is different, they are not all the same.
It is not operating system vendor who makes the decision to assume RISK. That is up to the individual, business, or organization/corporation who will run the operating systems when it comes to functions of the operating, to include patching and scheduling of such patching.
For even a corporation, there are times patching cannot be implemented because of business operations. That also can pertain to people who work at home on systems, they also may not be able to make patching work because it may break functionality altogether of the operating system.
Patching is not the most important item when considering safeguarding an operating system. Most failures of operating systems due to patching issues could have been remediated by other security controls, (e.g., external backups, network segmentation, firewalls).
Data….is far more important and valuable than any operating system. If the data cannot overall be protected and the assumption is made that patching of the operating system is the answer, you will end up always getting screwed by the zero-day because no other security controls were in place.
I appreciate this article. Security updates are important. BTW, speaking about security updates, when can we Enigmail users expect an update from Thunderbird 68? Running 19.3…
So, I’m on 18. When this blog article was posted to the Register, I thought, “huh”. I then pulled up my update manager. Walking through the menus, I found “Upgrade to 18.3”.
I know that there will always be a balance, but I had never seen that before. I’m with those who would put a notice of a version upgrade being available on the welcome screen.
Doing some checking, I see that I’m about to be EOLed. And no obvious instructions in the update manager about upgrading to 19 or 20.
That’s because you have to upgrade to 18.3 before you can upgrade to 19. To get to 20 or 20.1 you are going to have at least two more upgrades after that to deal with, so you would be better off clean installing.
Nathan Zook ; here is the general upgrade instructions from Mint v18.x to Mint v19.x… https://community.linuxmint.com/tutorial/view/2416
then once your on Mint v19.x, if you want to, you can go to Mint v20.x by using this… https://linuxmint-user-guide.readthedocs.io/en/latest/upgrade-to-mint-20.html
but unless it’s a huge problem for you, I would just opt for a clean install to Mint v20.1 at this point in time. because it seems the general word is upgrading Mint on minor versions is okay (i.e. v19.0 to 19.1 to 19.2 etc), but for major versions (Mint v18.x to Mint v19.x to Mint v20.x etc) it’s best to opt for a clean installation.
ThaCrip: That sounds reasonable to me. I’m running 19.3 and once 20.3 is released, I’ll do a clean install. For anyone who is worried about that, make sure you have a good backup of your /home directory before you install. As for me, my /home directory is on a separate partition, so I just add it without formatting during the installation.
Nameless? actually a generalist reply – triggered slowly by several posts but inspired by =
ikester8 March 2, 2021 at 4:07 pm
ThaCrip: That sounds reasonable to me. I’m running 19.3 and once 20.3 is released, I’ll do a clean install. For anyone who is worried about that, make sure you have a good backup of your /home directory before you install. As for me, my /home directory is on a separate partition, so I just add it without formatting during the installation
I’m an old fart (72yrs) – started in about ’68 with FORTRAN (2? >2.5 , 4 but no 77) also BASIC + brief ! look at assembly = basically a user & not intrested in system tweaking. Just want it to work, don’t need latest & greatest nor greatly ‘customized’ in general. Happily used CP/M 8 bit until DOS 6.4. Have aquired a couple items of hard & soft ware that I like & really want to keep that are basically DOS> win 98. Started Linux Mint with LM9. I grumbled about change from dist on CD to DVD as older box has no DVD capability. I am currently running mint (Mate) 19.3 will probably go to 20.3 someday. Noe for the revalent part !
I keep ‘Update Manager’ in the bar on screen & note how many available – ignore some (non – use) but keep actively used stuff up – Easy! keep up with packages in use – easy to do & like that updates are made available easily but not forced!
Enough suffering with laptop integrated mouse that keeps getting touched…
Obviously a lot of time and effort went into today’s “Update your computer!” message. You are to be commended for that herculean effort. But, it pains me that it was necessary. I don’t feel that I am all that savvy about computers or anything else in life, but I do like to know how things work and how to keep them working. Switching from Windows in 2018, I found the Mint update system and procedures to be wonderful. That is the way I still perceive them to be. I check for updates multiple times each day and review and install updates nearly as soon as I see them. It rarely takes more than a few minutes, nor does it really interrupt my work. I guess that is what I get for paying attention.
Reviewing some other user’s comments, I see a number of suggested changes which don’t seem like improvements, just changes.
I am something of a newcomer. I first installed version 19.0 of Linux Mint in the Fall of 2018. Since then, installing updated versions has never been a problem. I now am running two machines using 20.1. A third machine, essentially held in reserve, was last updated to 19.3. When that machine is pressed back into daily service, it will immediately be fully updated, including the O.S.
Admittedly, between Mint 19.0 and 20.1, there are minor unexpected differences from one version to the next. There have been a few head scratchers, but never anything that I have not been able to, upon reflection, either quickly correct or compensate for.
Good Job Clem. And a good job by all of the Linux Mint team.
I apply my updates as soon as I notice the update icon in the notification area. But as I always apply them, I decided to enable the automatic update.
Cool… but… the automatic update is run once per day, so I keep seeing the update icon in the status bar with the blue notification. I’d like to remove that icon if automatic updates are enabled, and only see it if:
– There is an error in the update.
– A restart is required.
Is that possible?
If I disable the Auto-refresh option, will the Automatic Updates still work and keep my system updated?
Juan = try right click on shield & select ‘Preferences’ – I think that will offer what you want…
Clem, this is my first reply to this forum. Allow me as well to congratulate you on such an outstanding and informative post.
“sudo apt-get update” was the very first thing I learned back in “Sonya” when I grew to absolutely LOATHE win 10 Spyware Edition after nearly 30 of avid use of Microsoft OSes, going back to Win 3.1 && DOS before version 6. I couldn’t stand the bloat, the ads, the omnipresent locking me out due to failed update installs, etc, and elected to dual-boot with a now-unsupported Windows OS I keep around for gaming and Mint after learning about and playing around with Fedora on a live cd by a brilliant adjunct professor in a class called Operating System Environments at SUNY Jefferson a number of years ago. That guru, and his class, literally changed my life. After tweaking the tray clock in Sonya, I was hooked and have never looked back. After “update”, I noticed snippets of code on the web with the “-y” argument, then “sudo apt upgrade”, then “dist-upgrade” (still not entirely sure what that one does),
These days, I’m coding aliases for the bash for Ulyssa and Ubuntu Groovy arm64 for my pi 4 which brings me to the point of this post.. I run this alias at LEAST once a day on every device running a Linux OS:
alias update=’ sudo apt-get update -y && sudo apt-get upgrade -y && sudo apt-get dist-upgrade -y’
in my .bash_aliases file, along with several other helpful scripts. For the record, not one are more essential than “update”.
My continued thanks to you and your team for releasing such an eminently superior product along with all this useful and wholly necessary correspondence. I absolutely adore the gnome terminal, the sleek, lightweight operation of a such a beautiful flavour, and the esoteric feel of Mint x64 that you can try in vain to get anywhere else.
P.S – I want to put Ulyana or Ulyssa with 5.10 and wireguard on a Pi 4 for my mom. Any way to accomplish this?
Mint doesn’t support ARM yet, so no it’s not possible to use it on Pi hardware
I first read about this in The Register yesterday. That tells me that I’m not paying attention.
Anyway, here’s one explanation as to why the update figures look so bad.
Ever since the catastrophe of Windoze Alta Vista i’ve been using Linux. Either Ubuntu or a derivative. I’m tech savvy and worked with DEC OSF, Ultrix, Solaris to name a few.
However, my friends and family are not and in the past, whenever they have asked me to “fix” their computer, I have installed Mint for them and briefed them on how to look after it. They love it.
But here’s the downside, I do not have time to nurse maid them and most of them DO NOT run the Update Manager ever or very rarely. Two of them are still running V17.1. I know because I ask when I visit them. There must be hundreds of users like this.
There is a simple way to fix this.
When updates are available, make the Shield Icon popup large in a corner of the screen for say 20 seconds with the option of “never show” for the more savvy. That way you won’t annoy anyone.
Oh, I nearly forgot. Mint is wonderful and after all these years of using it, apart from the usual nonsense with wifi drivers misbehaving, I’ve never had any issues with Installs, upgrades, downgrades, patches….nothing.
Exactly! That and both making the shield icon and the security updates inside the update manager to be colored on red. That might suffix, alongside to make a page in the installer offering to add automatic updates with such a simple but good explanation of the recommendation. Thanks for sharing!
Thanks you, Linux Mint for creating such a great operative system for us.
Clem, it’s not like users don’t want to update or upgrade, it’s just that when it comes to driver management, all we are given is a raw application that only tells us that ‘no additional drivers are needed’, when that isn’t true. Hell even my computer, an AMD-based laptop (AMD A12 APU + Radeon RX540), which managed to run LM17, 18 and 19 has this infamous bug after running it for the very first time after installation: https://www.reddit.com/r/linuxmint/comments/krc4zy/gave_mint_201_mate_beta_a_try_after_logging_in/
which leaves it completely UN-usable, the only thing I can see and control is the mouse cursor.
Also, do I need to remind you that one doesn’t simply ‘adapt’ to those applications Linux has to offer, we still have some windows-only-app dependencies. Yes, I’m talking about MS Office. Think of a folder with more than 120 .doc/.docx files and I need to find the one that needs editing. Wouldn’t it be great to have file previews for MS Office files too? So I managed to compile and install an application that does what LM should by default (to Linux Mint’s credit, it already does movies and pictures previews, why not extend that to the most common files we all open and edit?), I also have vino (an older version, because the current one bring along Gnome-BULLSH** and I REALLY don’t feel like having to endure all that Gnome cr**) so I keep it there, away from any further updates, because my home office requires it in that specific version. I could go on to more details, but I think you get the picture. Oh and as for Timeshift/Snapshots and stuff, sure, I’d go for that, but a 250GB drive which only has ~16GB of free storage can’t do much to save any backups now, can it?
And if I hit the upgrade button, who’s to say it won’t mess up the environment that cost me various weeks to get just the way it is right now, suitable for working? I have a notebook with notes on what Linux Mint has missing and what needs to be improved, and I’d like to voice my opinion on the matter, but it isn’t like we have a straight link with you — or any of the Linux Mint team — to debate whether a suggestion could make it to the next version of the system. And please, do not mention the #linuxmint folks, those are just some random guys doing some contributing to help ease the pain for those who’re coming from Windows, nobody DIRECTLY involved in the Linux Mint team is ever there.
Dear Clem, thanks for your great work. I’ m working with mint for over ten years now but just recently on my wife’s HP computer with EFI setup I deleted opera and many other relevant programmes. Now when I try to boot into lm20.1 partition with a bootable USB Stick, it only says after the whole boot-process, Error: No such device UU……..You have to load the kernel first.. /vmlinuz/. Timeshift doesn’ t help either.
I use automatic updates for years since it was available in earlier versions on my HP Stream notebook, without any issues. I don’t use any black list. Linux stability is remarkable.
Timeshift is not that good.
Practically, it s*cked twice during my usage
First one was in backing up mint 19.3 from package conflicts after an unsuccesful updae to mint 20, it repaired most of problems; but I had to use Switch Users (lightdm) in cinnamon lockscren to unlock it, the lockscreen didn’t accept any passwords since then
The second time was after ordering a restore; after I unconsciously messed up pulseaudio by installing jackd, CURRENTLY it filled up my main harddisk and although I cleaned many files with LIveCD, LM still won’t boot up, the recovery mode and the LM LiveCD both say: 0 byte available; using du command it says: 27 GB available
Any idea how can I recover from this mess?
Thanks for the reminder. I’ve updated regularly but now I update automatically.
Fun fact: The first automatic update has been TB 78 which I’ve been waiting for since the last upgrades, thanks for that one also 😉
The new 5.4.0-66 kernel that came out today in update manager breaks ability to boot Linux Mint on Hyper-V entirely. I can revert to a recent Hyper-V checkpoint, apply only this new kernel, and with restart Linux mint but it will not boot – indefinite blank page with cursor blinking in the upper left. Although I love Linux mint, I’ve had a few issues like this over time and so I hope you decide against adopting a bigger hammer to enforce updates – it should be on us to slit our own throats with the occasional bug 😉
Many thanks Mr. Clem and the great Linux Mint team for this superb post. Permit me to offer for the first time my humble opinions because this subject is very important for me as well.
Pretty much everything else has been said about the average users behavior… Pretty much everyone of us agree that not all of them are technical users and there are even those ones that even though they are, they have some challenges for not applying updates…
I gave some suggestions above in answer to other users on how to remediate this subject by highlighting the updates when they come in and to give an option for auto updates in the installer (if there are no ones now). That might to suffix from that front, and they’re not so difficult to get.
But there is another front of the problem, Mr. Clem… For quite a while now I can feel that both you and the team (which I think is a pretty small one) are quite overworked to the current challenges concerning both Linux and computing alike… Excuse me in advance if I am wrong!…
Security must to be a concern… But that concern also calls for technology enhancement and progress…
Sooner rather than later GTK+ 4 and QT6 will be the challenge of the day…
In a not so distant day Wayland will be an even larger challenge to take in consideration…
TBHH: With so many technologies and versions of them all to be supported, perhaps the day you’ll need to do some significant choices is coming…
Surely there were lots of dissatisfied individuals when you abandoned the KDE edition back in the day…
Surely there will be some dissatisfied ones whatever else decision you make right now…
But my suggestion for Linux Mint, even to become more secure on its development side, would to be to reduce the number of supported versions and desktop environments.
By and large 32 bit PC’s are becoming unsupported elsewhere. That leaves PC’s 14 years old or newer to be well and alive for the times being and the future… Those are the ones we must care about… Even my 10 years old ASUS K53U, then a cheap baseline machine runs Mint Cinnamon with very satisfactory results. Every average 64 bit machine from the beginning should do the same right now!… And the newer, the better!…
Cinnamon is the best DE available in the market. At the same time the most beautiful, polished, simple and at the same time the most complex of them all… And that is the most valuable asset Mint has to offer to the community!…
So, if I were to take the decisions; I would to finish support for MATE and XFCE versions by the end of the 20 version series, that is the upcoming 20.3, I believe. From there I would go just with the Cinnamon Edition which is wonderful!… And I’d also to evaluate if Ubuntu remains a solid base or not. If not, I’d to move somewhere else… But I’d retain only one base to maintain. That would turn the effort more bearable… And the system as a whole better secure as well!…
Excuse me to be so long and have a nice day!…
Upgrading Linux Mint is not as easy as installing updates for Linux Mint.
I am too old to start understanding. I just started using computer. I wanted to use Linux Mint 20.1 through the USB flash drive not to be put into prison because of traces on computer hard disk.
It’s too complicating for me to apply what you have been saying. I also do not know how to choose right Unit Allocation Size while formatting the USB flash drive. 1960s didn’t teach computer skills. Sorry. Waiting next Mint version to just automatically copy it.
I try to apply updates the second that they show up on my tray, but this is a good reminder.
I do love the feature that automates updates (always after activating Timeshift!) and makes them happen even if we completely ignore them. I have it set up this way and if I don’t want to be interrupted because I’m in the middle of something, I quit the update manager and the updates will get done within a day or so.
Perfection is great, but we are imperfect human beings. If Clem keeps trying to fix our bad habits, pretty soon he will have to make sure each of us brushes our teeth! lol
Some years ago I red this phrase. If works doesnt’change ! This a good indication that something has not worked well. Now I am using Linux Mint 19.3. And in my humble opinion is not much stable especially during in the boot and shutdown operation. Linux Mint 17 is better than the newest Mint Version . I had no trouble Please reconsider to restart the project of version 17. With the same init and upgrade all driver and kernel for new Pc.
I think that the most appropriate version is 18 one, and especially 18.3. Everything works as it should. Loading takes 48 seconds, all windows open in the center of the screen, or where I placed them at the last opening, all the various programs have the stylistic imprint of mint. The only limitation is the lack of other y themes, besides the default green one. I have used it again, recently, and I find a lot of the spirit of a few years ago … ‘freedom from elegance’. It would be really bad if it were abandoned in April.
A well worded post. I have been using LM in my main laptop for almost a decade now. I am on 19.3 and don’t plan to upgrade to 20.x anytime soon, mainly due to stability reasons. I do experiment with newer versions and other distros in my other systems, which aren’t so critical to my work. LM 20.x definitely has more polished UI but I have come across posts complaining about lack of compability with newer GPUs so I guess I will just wait till 20.3, backup everything then upgrade directly to it.
I remember from your blog post from last year that there would a new design and style for the linuxmint.com page, but I don’t see anything has changed yet. Any updates on that?
A new Ryzen 5 APU based laptop for my wife is running 20.1 beautifully, albeit I installed the ‘edge’ version of Mint Cinnamon. A bit of fun when I first installed it, the installer offered to put Mint alongside Winwoes, then messed up the partitions when I said no… A quick clean up with Gparted and a full size EXT4 partition sorted that. Post install the only issue I had was that the combination of a 5.8 kernel and the Sane-utils 1.0.29 in the repositories would not allow Xsane to work. Gitlab had version 1.0.31, which also didn’t work, but the latest daily build did.
We are not among those who do not do updates, I hear a whinge every time a new kernel comes out, but nothing has stopped working yet. She is by no means a sophisticated user, but like me she has sworn by Mint for years.
Hello Linux-Mint Friends,
I’m a Linux-Mint newbie and an old guy. Thank you for writing these complex technical concepts in easy to understand verbiage. This week I upgraded to 20.1 after running a backup of 17.x first. But I think I flubbed the Timeshift part. I setup the target drive NOT on my remote drive (incompatible), but my local HDD. How can I best correct this? My first thought was to drag the Timeshift file to my remove drive and start over using a Linux compatible remote drive. Is that a good solution? All help appreciated.
Difficult with a laptop, with no option for a second internal drive. Most desktops can have more than one storage device, if that is what you have add another drive.
In my view it is unfortunate that Timeshift lacks the ability to support a NAS drive. I have not yet tried to use a USB device as the target of Timeshift backups.
Hi, first time using LM 20.1on Live USB. I cannot find the UI(s) shown in the blog for Timeshift and Update Manager. When I try to run Timeshift -create from the Terminal, I am prompted to run as Sudo or Su which i do not have the passwords for. Thanks for a well done installation program and the nice OS. Ray
Nevermind. I just found them! Thanks
You are absolutely right. A user should regularly and immediately apply all updates. I think it’s great that you are addressing this issue here.
But one comment worries me: “We’ll need to consider a frustration mechanism if the system is neglected for months…”
One of the main ideas of Linux is freedom. In my eyes, it’s a blessing that you don’t force updates on the user and you don’t collect telemetry data. Both are great privileges compared to the “walled gardens” of e.g. Microsoft, Apple and others.
Yes, too many users don’t care about their systems. That will always be the case. But if you introduce this “frustration mechanism”, that would be extremely unfair to the bulk of Mint users (whether 80%, 90% or 95%). I can even imagine that in this case many users would turn away from Mint.
The update manager of Linux Mint is the most comfortable one I know. If users are still too lazy to install the updates at least once a week, it’s their own fault.
A compromise would be to integrate this “frustration mechanism” as an opt-in setting. Those who want to can use it, all others install updates on their own responsibility.
I personally would include |frustration free updates|as an individual setting in the Update Manager. Brilliant idea, great post
Those stats are obviously suspicious!
1) Anyone using Yahoo clearly isn’t concerned about security
2) It should be strongly recommended that a search service such as DuckDuckGo be used.
3) Don’t use email that contains adverts or tracking “features”.
4) I could say much more…
FWIW if a security update is rated “critical” – e.g. 1) the vulnerability can be exploited without physical access to the computer, and 2) it has already been detected in the wild, and 3) the patch ONLY fixes the vulnerability without affecting functionality then the update should be automatic. If the OS/App version cannot be patched, a warning should come up on the log-in splash screen spelling out the issue. Anything else should be presented to the user as an option the way it currently shows – unobtrusively. The whole reason I moved to Linux is because Windows, IOS, and Android gave me no choice as to either the time or nature of the update – and the updates almost always broke at least one program – or added “improvements” that were a hinderence to my work. And my computer is first and foremost a tool that I need to get work done – not a hobby or vocation in itself that I can afford to spend time on.
Good call sir! I am not a rolling Distro user but I do keep my point release Distros sufficiently up to date, tweaked and patched.. Linux Mint has never been intrusive as Windows and I have been keeping up with all of it’s versions more than 6/7 years ago.. updating your System is like taking regular baths..
Clem, back in July, I tried upgrading from 19.3 to 20. It broke the system, revolving around Python 3. I love Mint 19.3, it is my main OS, but that episode with the failed upgrade has made me cautious about upgrading th whole OS.
Should I try again? Is there a link to fixes?
When I tried to upgrade my LM 19.3 to 20, same thing happened, and I didn’t find any fixes for it (Actually I should have delete some packages wich were not compatible with Python 3.8 and also not presented in LM 20 repositories), so I restored a backup.
I’m on 20.1, updates checked daily or even sometimes twice. I removed FF and replaced it with ESR, long time ago. Problem with (newer) FF is stability and then some. Also kernel-updates are rare, I’m on 5.11.1 Xanmod2 Cacule now. Never been better or faster since I switched to Xanmod. Combined with Oibaf’s Mesa this machine runs on steroids. And if anyhow something goes wrong, there’s always 5 backups in Timeshift to go back and retry.
What I miss in the updates is an easier way to get e.g. HPLip (pyqt* !!!!!) updated, or LibreOffice (now on 18.104.22.168). I try to have always the latest updates, but that might involve some extra work. Which cannot be solved with automated updates. A monthly visit to https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/ also helps to get latest and stable firmware.
As Clem said, it’s your computer, you’ll need to get your hands dirty and not wait on others to solve your problem. Cheers
Hard to imagine that with the updating process as easy as it is that some users still don’t. Even doing the in-place upgrade from 19.3 to 20.0 was pretty straightforward for an inexperienced Linux user like me. Now have both my machines running 20.1 and updated with anything that’s available whenever they’re switched on.
What does that TLDR from first line of article mean?
TLDR usually means Too Long Didn’t Read?
Too Long Didn’t Read…a version with bullet points listing the main features in the full article
Talking about security. Saw this the other day and was wondering if there is any reason not to implement. Easy enough to do if there is no reason not to.
Update to my earlier post. I got to this page on a search which put me part way into it. It wasn’t until after I’d posted that repeated references to “ESR” that I went back to the original posting. I tried the [firefox -ProfileManger] and it actually worked. I don’t know where the old profile was stored, but it’s back working again. I’m rather certain that someone will ask me why I’m still using 17.3 (this is being enter from another machine running 19.3) It is because 17.3 does things that I haven’t figured out how to do with later versions. Moreover, it doesn’t do anything critical.
I do intend to upgrade to 20.1 on a system I am building. If it works out, I’ll move more appications to it.
Thanks for the help
I have read several comments regarding Thunderbird and Firefox. Whatever the version of Linux Mint, you can have fresh up-to-date versions simply by installing them from thunderbird.net and mozilla.org.
What you download are “ready to work” compressed files; you just uncompress them and put the uncompressed directory where you want (for example, in the /opt directory of your home).
Unlike the versions found in the distributions, the update is automatic, directly from mozilla and thunderbird servers (update process is the same as with Windows or macOS versions).
With this, any bug, related to security or not, will be corrected as soon it is available. No more wait…
It is very important with Thunderbird, no longer updated (at least in 19.3): the distribution version is 68.10, while the latest is 78.8.0, and thunderbird.net has announced that 68.x versions are no longer maintained.
Of course Clem wrote: “Thunderbird is part of the upstream package base, we don’t backport new versions for it. It gets security updates when there are CVEs though like any frozen version in the Ubuntu LTS package.” but it seems to me to be a useless work, done for nothing, since all security updates AND new features are already ported by the developer…
I could say the same for Firefox, LibreOffice (version 6.0.7 in Mint 19.3, no longer maintained, while official versions are 6.4.7, 7.0.4 and 7.1), sudo (available in .deb packages with security updates and all new features from the developer, sudo.ws) and others.
So, useless work from people maintaining Linux Mint, inducing delay in updates and obsolete versions –> waste of time!
Waste of time reading your post, it’s out of date and contains erroneous information. Thunderbird 78 has been rolled out by Ubuntu to their LTS servers. LibreOffice versions are always static per release and again controlled by what’s in the Ubuntu LTS repository. Firefox is current too but you wouldn’t know that because you are wasting time ranting instead of checking for updates
– Thunderbird 78 is not proposed in Linux Mint 19.3. The package manager offers Thunderbird 68.10 only. (checked today February27).
– Linux Mint offers the same version of LibreOffice as Ubuntu, OK. The proposed version of LibreOffice proposed by Ubuntu 18.04 and Linux Mint 19.3 is the 6.0.7, obsolete, not maintained and deprecated. Both Ubuntu and Linux Mint are wrong to propose such a version.
– Firefox is current, but generally updated 1-2 weeks after Ubuntu version, itself updated 1-2 weeks after the version available at mozilla.org. When the update corrects a critical failure, 2-4 weeks may be too late.
If and when I update whatever is running MY hardware IS NOT for you to decide. Offering is fine, and even nagging is fine if it comes with the option “don’t ever dare to mention this again, or else”. The “you have the choice to comply willingly or we’ll make that choice for you” is the number one problem I have with Windows X. It’s ok as it works now. Introduce anything more aggressive (yes that includes unavoidable nagging) and I’ll make sure to rip it out with the nuclear option or stop updating everything completely right before the version that introduces it. Using my own hardware to frustrate me IS NOT something you get to do, regardless of what I end up choosing.
Thanks to this admonishment, I finally upgraded my last laptop from 18.3 to 20.1. I waited this long because it was 18.3 KDE and I just came to terms with the fact y’all weren’t doing anything with KDE anymore. No KDE updates, no update path. Oh well, wiped, clean install, and fully updated like my other 4.
The only problem I have with Mint recommending Timeshift is that it’s not adequately maintained anymore. As I’ve read it, teejee2008 has pretty much given up:
“If you use Linux Mint and need support for an issue please use the Linux Mint support forums. Issues reported on the Issue Tracker will be fixed during the next update. Please do not expect a response as the tracker is checked once a year when the app is being updated.”
Effectively, he’s already passed the buck to Linux Mint. Why not fork the project, and pull Timeshift under the Mint umbrella officially? You guys can likely zap those bugs that have been giving Mint users headaches, sometimes for years.
No, I don’t have time. I stopped updating, unless it’s a security update for a package I recognize. I switched from Fedora 8 after an update broke it (reliably, and stayed live for a week!), as Mint 7 Gloria graded updates by risk. I could set the acceptable risk-level, trust it, and update without paying attention. After Ubuntu criticizing Mint giving users too much information and control over updates, MintUpdate lost that function on the assumption that less info would make users blindly apply all updates instantly. Now I might apply all updates maybe twice a year when I have time to reinstall, and I usually have to reinstall after, confirming to me that not updating was right. Upgrading only on the reinstall when updates break it means I’m on Mint 20.0. Timeshift is a WinXP System Restore, which can’t fix an unbootable system, and I fail troubleshooting new bootprocess things like systemd.
I considered staying with Mint 17, but Clem is right, it’s too risky. I tried researching each update and reading changelogs, but it’s too much. I’ve looked into sleepier distros, and when I have time I’ll switch to PCLinuxOS. I love Mint, but it doesn’t fit me anymore, which is alright as it fits others. If the 5-30% of users are like me, then Mint now is for a new usage case for different users, and you shouldn’t worry about the old users hanging on. If not, maybe python3 broke things they need, which is why I have another PC stuck on old Mint.
I wasn’t going to reply, but turning MintUpdate into user-metric-tracking update-nagware and “it might even insist” means I will never upgrade Mint or trust an update to MintUpdate.
A lot changed in the last 15 years since we started this project. I don’t like it but I can’t ignore it. The Internet was much safer than it is now, there is no comparison. First we didn’t do nearly as much with our computers, second we did most things either offline or at least on software that didn’t use the cloud, third spammers, malware weren’t bombarding us, trying to brute force everything like they’re doing now.
There’s always been a risk of regressions when it comes to code changes. I said it before and I’ll say it again. A developer who thinks regressions don’t exist is a bad developer, no matter where he works. If Ubuntu doesn’t take this seriously, that’s their problem. That being said, while security became more and more important, we also got better at maintaining updates. 15 years ago we didn’t have git, github, continuous integration.. we don’t catch everything of course, and BETAs are here to make sure we stay humble in that regards (users catch many bugs during BETA releases, they’re invaluable to us still), but we catch many things we didn’t catch before.
What is for certain is that the balance regressions vs security has tilted greatly.
What is for certain also is that users like you were a minority. As much as we’d like people to read changelogs and decide for themselves, they don’t. Note that we still provide as much information as possible.
One last thing about the levels, they weren’t based on the regression the updates were bringing. We couldn’t know that. They were based on how critical the area they were potentially affecting was. In the right hands (understand expert hands here) they were somewhat useful. In practice they didn’t help people be more careful, they made people neglect entire levels without caring what the updates brought. I don’t know how unstable Fedora was for you at the time. I know some updates could make Ubuntu unable to boot back then. Levels were smart but they didn’t really solve the problem. Timeshift did.
Snapshots were the first real solution that could work for everybody and the real reason behind this was that they didn’t require the user to review each available update. People, in general, don’t have time or any interest to do so. Being fully up to date while also protected against regressions, that was way better than our previous solution.
Re Clem’s reply. Thanks Clem, you’re still my favourite developer and I still love Mint. You’ve got to balance the tradeoffs, and my usage case is the minority. That said, I’ve seen instances of security patch installation needed instantly whether the user knows or wants it or not, like WinXP installations being infected by worms before it even could possibly update itself (SANS said under 15min in 2004). With bimonthly news of win10 breaking itself with updates for millions of users, and solarwinds-orion cracking top security with trojan updates, a forced update feature (used or not) is high-risk even for the ‘elite’ organizations. Thanks for the thoughtful reply, and the thought that went into the decision. Mint showed the way combining ease of use with control and a familiar GUI, and I can bring the GUI with me.
I have used Linux Mint for years. With this last approach taken by the Mint team I will definitely start looking into an alternative distribution. It is sad. I really like Linux Mint, I have always used it on all my devices, but “insisting” or “forcing” or non-opt-out etc is a breaker for many.
There is no reason to force users to apply a certain update unless Mint itself depends on certain updated to farm data or some other under the hood advantage for statistics. Anytime I as a user am forced to do something. I’m out. Sorry. I really hope the mint team rethinks their strategy. Updates, security or not. The unpatched system is mine to risk with.
Your data is not an asset it’s a liability. Our entire business model is based on your satisfaction, not on your data. We’d be stupid to want to go anywhere near it. Frankly you can keep it, and your doubts along with it. We’ve never done anything to deserve doubt on that topic.
As for forcing updates, I don’t think that was mentioned at all.
Regarding of using Mint 17.3 in 2021 – I think it is worth to mention, that it is possible to apply the security patches from Ubuntu 14.04 ESM into Mint 17.3. I use such setup for some time now on older Core2 Duo machine, and it is quite stable and it is as safe as 14.04 ESM could be. I even managed to install similar set of patches from Ubuntu 12.04 ESM into Mint 13 respectively, and it also ran without noticeable problems, but 12.04 ESM is EOL for some time anyway. Ubuntu 14.04 is still able to run the latest version of Firefox ESR. Of course this solution requires some advanced knowledge and cannot be recommended for novice users od Linux operating system. Access to repositories of Ubuntu ESM is available for free from Canonical for some time already.
for software i think its better to just inform user via software center/manager/store instead (ppl used to store because of their mobile usage?)(i think it should be separated – update manager handle os/driver/etc, while software manager handle software alone including dependency?)(home user may not touch update manager at all, maybe because it confuse/scare them due to not familiar with package name/wording or level? i use the word home user & not beginner linux user, which is probably explain lm17 number since other ppl might install it for them).
also software version need to be alligned with the official one (libreoffice & etc, the version on repo are just too old).
for libreoffice just go for still version, if im a new user trying to find alternative for msoffice & stumbled upon this out of date libreoffice, i would not give it second chances at all(first impression+feature-wise compared to latest still version…lucky im the type that explore a bit, install from website instead).
and tbh personally i rather take software update from official dev instead of os dev which is why i just download official deb instead if it available. im not planning to be a more experienced/tech savvy linux user as i actually just want to use computer & when im done with it, im done. all in all i think os dev need to focus on os alone instead of software & software dev need focus on theirs & especially need to start having an officially supported distro which is probably debian/ubuntu based anyway. coming from windows(exe/msi as installer) its hard to get latest version of software in deb instead of tarball or source with comman line. i mean, i can read em but i cant understand em.
sorry if this sound like rant, my english is bad(another factor) & thank you for your hardwork linux mint developer. this last few year has been a lot less headache than when im using win10(update keep breaking thing ughhh).
The problem specifically in Firefox and Thunderbird is that in every new version they progressively ruin the functionality and user interface to which the users have got used to over many decades. When a cat has nothing to do, it licks its balls. That’s exactly about TB and FF UI Architects. Every new FF/TB release is a new challenge to revert their “novelties” to your previous state, and in every other release they do their best to prevent you from doing this and force you to be happy with their vision of how to use it, not yours. That is why many users deliberately refrain from updating FF/TB as long as possible, and use the lowest available version in the repository.
Sometimes i use the live distro so it may look like i havent updated .. As the stats are coming from the Yahoo home page that is default on the live distro i would say this where the info is coming from. I mean who would stick to Yahoo on a full install?
Traducción de texto
Hola. Sobre este tema, ¿No era que desde el principio, (Y sabiendo que es GNU/Linux y no Micro$oft Window$) se sugiere que un sistema que trabaja de forma satisfactoria, no necesita ser actualizado?. Por favor, no hagan lo mismo que comenzo haciendo Micro$oft con Window$ 10. Linux Mint es un sistema operativo sensacional, de facil uso y muy estable. Jamas me canso, ni me cansaré de hablar bien de el. Estan haciendo un trabajo excelente, y si pudiera, donaria dinero a ustedes, los desarrolladores de esta fantastica distribucción. Saludos desde Argentina 🇦🇷.
564 / 5000
Resultados de traducción
Hello. On this subject, was it not that from the beginning, (and knowing that it is GNU / Linux and not Micro $ oft Window $) it is suggested that a system that works satisfactorily, does not need to be updated? Please don’t do the same thing you started doing with Micro $ oft with Window $ 10. Linux Mint is a great operating system, easy to use and very stable. I never get tired, nor will I get tired of speaking well of him. They are doing an excellent job, and if I could, I would donate money to you, the developers of this fantastic distribution. Greetings from Argentina 🇦🇷.
Mine still using / reusing version 19.3, yeah because I’m on older hardware, and ureadhead still exists.
Mint updates is a bit late than regular Ubuntu does, but this is the good thing in my opinion. Late update mean we can dodge if the updates can break the system stability, because in my opinion Mint is far stable than Ubuntu, it’s strange though since it’s based on Ubuntu.
Hello Clem. The more I read from you, the more I feel proud about my OS. My computer is mine, that’s quite unbelievable to hear nowadays from someone shipping software.
I run a blog in Italian language, devoted to Mint. I always update my followers on every post and this time in particular (https://www.alternativalinux.it/aggiorna-il-tuo-computer-novita-dal-team-mint/).
I wrote a couple of mail to root address, and hope that sooner or later I’ll have feedback.
Thank you from a community of Linux Mint italian enthusiasts.
We all started using Linux because we are passionate about it, developers even more so than casual users. We’re also advanced users ourselves who run Mint on all our computers. It is set up by default for novice users in mind but it does need to adapt and let you configure it the way you want.
Automatic updates doesn’t work! Nothing happens.
The staying on LM ≤17.1 for many folks could have the very simple reason of: that’s the last version that still worked at all!
As I know of my own painful experience with f.e. Athlon XP based desktop and laptops, everything > LM 17.1 is unusable in GUI-mode.
Whenever anything is moving (System Monitor graph, movie player, etc) on the screen, the CPU load hangs @100% and the system becomes unusable. Any other distribution around that time I tried behaved the same.
So, some “progress” made somewhere, killed its functionality on existing older 32b hardware.
It’s as simple as that.
Hmm, sounds similar to my situation. The box on which I am typing this message is capable of running 64 bit operating systems, but my laptop, and another desktop box won’t run 64bit OSs. In both cases they are adequate for the work demanded of them. So I run Mint 18.3 32bit on all of them, saves the learning problems. But slowly system things don’t work properly, or at all. First to go on this main box was some aspects of Wine, that the Wine team are adamant will run the applications that I require but that I see crashing on start. OK there were alternatives so I could put up with that. Then Mint Update (the graphical version) stopped accepting my SU password and collapses in a heap of inaction. OK so I can update via the command line and a simple bash script, so I can live with that. Now a recent update has caused all my AV programs to stop connecting with PulseAudio (except one on Wine!!) and I can’t live with that.
As far as I understand it, changing from 32bit Mint to 64bit Mint (by the looks of things a necessary chnage on order to run Mint 20) is a complete reinstall from scratch. And I would have to run something different on the other boxes. So a complete reinstall from scratch provokes serious thoughts of brand disloyalty. A shame but, if the developers insist on thinking only for bleeding edge systems and not for those of us on limited budgets, it is probably inevitable until someone volunteers to give me their lottery winnings.
Thanks for the update, this is the first update that I am entering. No problems so far.
Dear Linux mints. If you do not stop aggressive attacks in favor of updates and to the detriment of the stability of the system, I will be forced to stop working with your distributions.
I emphasize that the stability of the system is important to me, since Linux Mint previously adhered to the LTS principle. That is, do not include in the repository software that has not passed proper testing. You are following the path of Microsoft, which includes in the list of updates everything that has not been tested for stability and has not received the real 99% security of these updates for the overall stability of the system.
And you should also understand that a sane computer owner will never apply updates whose descriptions do not carry any informational load, except for agitation for their installation. In addition, in this case it will be difficult to track the security of the updates themselves, since nowadays a lot of open source software has code that is difficult to verify. Please note that the policy of forced updates, as well as obtrusive suggestions, is a containment in my privacy, as well as my personal life, since a computer is a thing and belongs to a person who independently decides whether to apply or not apply updates. Otherwise, you are obliged to take legal and financial responsibility for the actions of users of your distribution.
Remember that you are not the only manufacturer of Linux distributions, besides, I myself am a confident user, I can independently assemble software, build my own IT systems.
If you do not want to lose users and support, then do not use aggressive policies. You are not Microsoft or Apple, which can rightfully dominate the operating system market. Remember that there is no high-quality professional custom software for Linux, created by companies such as Adobe, Corel and Microsoft.
If mint 17 browser defaults to a mint home page. Is it not possible to put a large message on that page with update instructions. Apologies if this has already been done or suggested.
me gusto el sistema y el encare de agrupar tanta informacion para un novato como a un abesado de navegar por linux por aÑOS . les dejo una inquietud cuando puse linux mint en mi notebook hp 14 pulgadas no me dejo entrar en internet tube que poner un dispositivo extra para que pueda usar mi google y poder comunicarme con el mundo ,soy un ferbiente defensor de linux tengo 78 aÑos y que me compre esta notebook nueva y venia con el fanfaron de del mayor en el mundo y todo poderoso que quier dar clase de humanidad y reconose su pasado , soy sudaca por que naci en mi hermasa argentina y agradesco todo lo que la hermosa comunida linera me brinda …. gracias gracias gracias
I run Updates all the time, when I see them, usually within an hour of them showing up. I click to disable some software updates of Programs that are of no use to me, that came installed and I deleted because they are of no use to me.
You abandoned KDE with Linux Mint version 19, the last officially supported version of Kde with Linux Mint was version 18.3.
KDE Plasma is moving a lot right now, evolving well, so why not offer KDE on the next “Linux Mint Debian Edition” release.
I think many people would be happy to see KDE Plasma again with Linux Mint, me first.
Clem for President, or at least … Head Of HomePage Security.
Sys 0001- 98 genra media beast! Soyo Dragon 1800 Athalon – OG-1STGen Creative pci 5X DVD, Hercues Game THeater external Audoi eveything!!!! (then 98 got the honor of having to buy 98 ad 98 SE just get Microshaft Winblows to function? $$$.$$?) (Now FREE XFCE + TIDAL = Audiophile grade bit perfect complete Media center!!! I cant say thank you enough! This is being witnessed to out perform 1K to 2K DAC Boxes with SPDIF!!!!!. The best format is no FORMAT. 1-Artist – 2-TIDAL,MQA – 3-cheap phone used for the unpacked file xfer, NOT AUDIO, TIDAL,MQA uses the BT medium for the xfer of 196*24 MASTER file into the CRYSTAL/HERCULES audio hero, simply unpacked and xfered to my Grand Processor+Aragon+Vintage Klipsch and FINALLY the artist to my ears&&&&&&&&&&&. OFF a THUMB DRIVE take that billyboy. Now picture all the 22 years of utter diversions/formats/lies it has turned full circle –SPDIFF– done cleanly is tadays goal for bit perfect audiophile grade source. Look at insane amount of BOXES made by an absurd amount mfg”s to accomplish what was right back then, What i have learned is that Windows/Sony/Government clueless input/ETC has cloaked the Fact that the hardware was and is current then and now!!!!!!!!!! I type slow, imagine me thinking about the long version of this, I still have the two 98/98SE registered OS discs with holograms and LINUX just took everyone to school with a 4gig thumb drive. YYYYYYYYYEEeEEEESSSSSSSSSS!!!!!
Keep it civil and honor our mediators, as they say in Rocky Point—- NO SNIVELLING —-
Timeshift can be a very useful safeguard when an upgrade breaks the system, but in my opinion, placing too much reliance on it leads to difficulties. One, as I see it, is that it can encourage distribution developers to include more software upgrades, which are not strictly necessary on security grounds, in the belief that users will be still be safe, since they can simply turn their system back in case of regressions. Another difficulty, from the point of view of the end user, is that Timeshift is not primarily intended to be a diagnostic tool . If the user is not particularly knowledgeable, all they may know is that something is broken, but not what that something might be. This makes it impractical to use the “blacklist” tool, or to uncheck a particular upgrade from the large number offered..
I am running version 4 of LMDE (which I believe is the current release), but every time I try to use the Update Manager to perform a recommended full upgrade, my computer suffers frequent random reboots, and I have to use Timeshift to go back to a stage closer to my original install. (The latest Timeshift snapshot that will work for me is dated July 2020)
I’ve used Mint for a number of years, and I seem to remember that some earlier versions of the Update Manager were configured to only offer essential upgrades in the first place (unless the user chose to adopt further non-essential enhancements.) As the upstream stable version usually has a new release roughly every two years, I, for one, would be happy to leave most enhancements that were not critical, and not include them in ongoing upgrades. Obviously not all users would agree – but the suggestion I would like to make for future versions of the Update Manager is that it might be configurable to offer different “layers” of upgrades (e.g. critical, recommended, optional new features). A long list, which is sometimes not particularly informative, and small marginal icons, which I find not particularly easy to read, could them be avoided by the user initially setting the Manager to display only the upgrade layer they wanted
About the only thing that I can say, is that these Firefox updates were chewing up my data plan so I ignored a few of them. Well actually until this post I was running version 20, oops. Maybe need to check more often after blacklisting an update. Lesson learned.
Hi there! first of all congrats for your marvelous work with this distro!
i’d like to catch your attention at graphic language… i see the timeshift window and it is really nice..
however i do think it would be better if we refine the icon for ‘timeshift enabled’ purpose.
’cause the shield is used for ‘security updates’ in every OS and users tend to address that meaning to shield icon… (my intent is to promote the use of shields only for security updates and not firewall icon or backups icon…) so my idea is to use a ‘american light switch’ (green when TS is enabled, red when it is not).
i know this it is the smaller detail ever… but it matters… (to me at least). thank u for your time, god bless u!
Mais, le xfce4-weather-plugin est encore en panne, pas mise à jour. Il parait “no data” depuis long temps. Veuillez-vous en penser. Merci.
Every Time ! I update to Kernel up-date to ” 22.214.171.124.75″ I have to reinstall even when I revert back to the old Kernel And, I don”t use Firefox . I use Chromium, Firefox ” Firefox was freezing .No problems after I installed Chromium.
It’s fine asking users to upgrade but not all hardware performs well past LM 17.x (Ubuntu 14.04 LTS). Furthermore there are other restrictions such as the end of 32-bit support.
Thank you for the valuable updates, truly appreciated to say the least. In a future blog would it be possible to touch on any other security measures we can take to secure our ‘mint?’ I use it for research only which can be sort of scary as sites visited are not always what they claim to be.
As JMac said, Until video driver issues are fixed, people like me will have to remain on older versions of the Linux Mint ecosystem.
I have an HP Pavillion Dv9700 (Dv9999us) laptop that came with Windows Vista. It works great with Mint 18.3 which shows the video controller as “NVIDIA Corporation C67 [GeForce 7150M / nForce 630M]. Any newer Mint version shows video garbage – similar to loss of horizontal sync.
I do not want to give up on this laptop because it has a beautiful 17” 16:9 screen and full size keyboard with number pad. It is too old to run Win 10 even if I wanted to. Fortunately at least I can still use it with an older version of Mint.
Been on Mint since version 12.
I’m still on 17.2, but have 20 on another partition and it’s basically unusable compared to 17.2
LM20 uses ~20% more system resources (System D?) while doing less. Plus, none of the issues I have with 17 are fixed in 20. (NVidia Video driver, remembering display set-up after suspend, etc.) Plus, I like Gnome’s version of apps (gThumb mainly) better than Mint’s. I’ve been looking at other distros frankly.
Why I have not updated? Because LM 18 did not work well on my hardware, and LM19 was too different-looking to use it. Updating makes the Look and Feel of the OS different. There’s always differences in the colors, scroll bars, menus, which programs are bundled this time, i.e. everything, it is just different and I hate it. And it’s not only the GUI, it’s all the program that are different too. Calculator is different and just does not work in the same way any more. Even gedit is not called gedit any more, just a fork of it that is similar enough to see that it has been made different. Just imagine how would you feel if the phone of your 80 year old mother updated over night to a different version of Android, with all icons and sounds being different now, and now she would complain to you that it’s not the phone she bought any more and has to re-learn to use it? Not fun.
I haven’t LM fresh in a while, but isn’t the default Ubuntu package ‘unattended-upgrades’ supposed to take care of this? I leave it alone for non-techie users, but I purge it on my systems because it usually locks up apt at login :-(.
MARCH 27, 2021
I CAN’T EVEN GET LINUX MINT 20.1 INSTALLED ON MY NEW HP ENVY 15!!!!!!!
I THINK I BRICKED MY NEW LAPTOP…
TRIED EVERY BOOT MENU VARIATION…. THAT’S THE WORST THING ABOUT LINUX… NO CLEAR DOCUMENTING
Here is clear documentation: https://linuxmint-installation-guide.readthedocs.io/en/latest/.
I don’t think you bricked your laptop. If it installed successfully and you can’t boot it you probably just need to fix the boot sequence. You can try boot-repair from the live ISO.
cool down man. At least try to search first before complaining.Intaling Linux mint is much more easier than another linux distro such as mx linux or anti x linux.
I wouldn’t mind some kind of limited metrics data being sent to you guys for security reasons.
Things like Linux Mint edition, app versions, etc. anonymous ofcourse.
I don’t think many people would mind if it’s being used to keep us updated on the latest security warnings.
I actually update every time I get a notification. However, I don’t see the need to use Timeshift. I also use the terminal to update instead.
Also, will GNOME 40 influence Cinnamon?
I’ve noticed you saying about updating computer but when I trey to update flatpak I get this
Looking for updates…
Info: org.gnome.Platform is end-of-life, with reason: The GNOME 3.36 runtime is no longer supported as of February 13, 2021. Please ask your application developer to migrate to a supported platform.
Info: org.gnome.Platform is end-of-life, with reason: The GNOME 3.34 runtime is no longer supported as of 14th August 2020. Please ask your application developer to migrate to a supported platform.
Info: org.gnome.Platform.Locale is end-of-life, with reason: The GNOME 3.36 runtime is no longer supported as of February 13, 2021. Please ask your application developer to migrate to a supported platform.
Info: org.gnome.Platform.Locale is end-of-life, with reason: The GNOME 3.34 runtime is no longer supported as of 14th August 2020. Please ask your application developer to migrate to a supported platform.
Nothing to do.
Coulod you advise me on what to do because I’ve looked at flatpak and there’s nothing to tell me how or if I need to update flatpak
Which version of Mint and flatpak are you on? Check which apps use these platforms, if none do remove them.
flatpak uninstall –unused
I hardly ever use Windows anymore because of constant updates which result in a slower machine and they’re totally annoying. My Mint has been performing great for years, why should I turn it into a slow screwed up annoying Windows system?
Would it be possible to set a deadline feature in update manager? I do this within Windows Update for Business in my org. Updates may get delayed by X days if the user is working on stuff, however when the deadline is reached the updates are forcibly installed to prevent the machine going to long without security updates.
I got nothing into my hands to be usable.
I could not receive the promised Linux Mint 20.1!
Too complicated to be of any use!
I am 83 years old, and I have been using computer programs since 1980s, many Linux and Windows versions…
You all did kill support for 32-bit machines with LM20, so that may be part of it. I understand the reasons behind doing so, but there are plenty of 32-bit boxes out there that are still capable of use on the modern internet (not BluRays and 4k YouTube obviously but they can still do at least 480p video and emails and such) and in many cases newer machines are either unavailable or unaffordable. So there will probably be a number of users on an old version simply because they are unable to upgrade.
Also, as mentioned, occasionally there are usability problems preventing the use of an upgrade, typically with network and video drivers. I have an ASUS laptop with a GeForce 460M, for example, and with LM20 it no longer allows brightness adjustment, so it’s at a blinding 100% all the time. I have a Clevo laptop with a GeForce 680M and the opposite is true: LM19.X wouldn’t allow display adjustment, but LM20 fixed it. Maybe an update will get my ASUS machine to work properly, but maybe not.
I have to run a EOL version, due to Oregano’s developers ruining the program after version 0.7. Why they persist in making that application which is with version 0.7 – the best ever, to be absolutely horrible to use in subsequent versions, is beyond me. Version 0.7 won’t run in more recent versions of Linux Mint, so I am stuck.
Clem, I’m curious. I’ve now read quite a few articles about updating the Mint OS. My question is Why? Oh, I know the immediate answer regarding security and such. But with updates coming in almost daily – sometimes two or three at a time – it makes it quite tedious. Once the system is installed, shouldn’t it work as-is to it’s EOL without the constant updating. All I want is to be able to do my work on a system that stays out of the way and doesn’t need constant maintenance. I thought I had found that in Mint. In fact, I still have one machine that runs an old version of Mint (15?, 16?) and has never had an update as I’ve turned off the Update Manager. I have been tempted to do likewise with this machine (Mint 20.1). Used to be that was how it worked. You installed an OS and used it for 5 or 8 years – with, maybe, a couple of updates in the entire time.
Not really complaining, just another side of the story.
Totally agree that security updates patch vulnerabilities in your computer. They protect you from both local and remote attacks. When a vulnerability is found developers fix it as soon as possible and ship it as an update. These vulnerabilities then become public and known by potential attackers…after all we all living a dgtlyf now.
even if i want to update it is impossible for me. I am running an old laptop with 1 Gb of ram. It is kind of impossible to running linux mint 18 of more. It is too heavy.