Ubuntu 20.04 LTS - Page 2

M344587487 · 2020-05-15, 08:45

If it has access to WAN you risk breaking it by not keeping it up to date. Offline/airgapped PC's are where I agree that not updating is a reasonable option.

henryzz · 2020-05-15, 10:04

One of the biggest reasons to keep up to date is that security holes often get published when they are fixed. This leaves unpatched people as targets(generally there are enough to be worth targetting).

xilman · 2020-05-15, 10:10

Quote:

Originally Posted by retina

You are just describing a situation where the thing isn't working, or a portion of it isn't working. Then it needs some change.

So my questions still stand unanswered: So I wonder what is 20.04 giving you that the older OS doesn't provide? If you had a working system then why risk breaking it?

See above.

Some components were potentially buggy, including some possible security bugs which may not yet be in the wild. For instance, python 2.x reached EOL four months ago. Any holes in it will not be patched but 18.04 LTS required it at a deep system level. 20.04 LTS uses 3.x exclusively.

Some novel food became available. Numerous examples can be found at https://wiki.ubuntu.com/FocalFossa/R...s_in_20.04_LTS. Just one example of particular interest to me is PostgreSQL 12

Focal is shipping postgresql-12, which has many improvements:

improved query performance, particularly over larger data sets
SQL/JSON path expression support
generated columns
pluggable table storage interface

because I run PostgreSQL databases to hold integer factorization and astronomy databases.

Those benefits were sufficiently important for me to take the risk of upgrading and, in the case of PostgreSQL, the expense of fixing the breakages.

xilman · 2020-05-15, 10:15

Quote:

Originally Posted by henryzz

One of the biggest reasons to keep up to date is that security holes often get published when they are fixed. This leaves unpatched people as targets(generally there are enough to be worth targetting).

An example of inoculation against a potential future threat.

EdH · 2020-05-15, 12:05

I haven't checked lately, but 18.04's repository openmpi wouldn't work with --hostname when I was trying to use it. I was never able to get it working, even from source. This kept me from upgrading my 16.04 machines. Does anyone know if openmpi is working properly in 20.04 LTS?

retina · 2020-05-17, 03:20

So based upon the responses above.

1. We upgrade our OS because of a vague promise that newer stuff is "more secure" than older stuff.

2. We upgrade our OS because of an application's new features we want.

The first one looks like a catch-all to scare people into complying
The second one looks like a non-sequitur to me. And application version shouldn't be tied to an OS.

I think a lot of the time people upgrade because the vendor tells them to. "We have some new shiny

, upgrade immediately because we say so." Amirite?

xilman · 2020-05-17, 07:06

Quote:

Originally Posted by retina

So based upon the responses above.

1. We upgrade our OS because of a vague promise that newer stuff is "more secure" than older stuff.

Much more than a vague promise. In the case of Ubuntu the source code is available for you to check the claims made.

retina · 2020-05-17, 08:32

Quote:

Originally Posted by xilman

Much more than a vague promise. In the case of Ubuntu the source code is available for you to check the claims made.

I disagree with your conclusion. Yes we can review the source code. But no we can't spot the security problems. If it really was so easy to spot problems by checking the source code then we shouldn't have any security issues. Or indeed any bugs, but still they persist.

xilman · 2020-05-17, 09:03

Quote:

Originally Posted by retina

I disagree with your conclusion. Yes we can review the source code. But no we can't spot the security problems. If it really was so easy to spot problems by checking the source code then we shouldn't have any security issues. Or indeed any bugs, but still they persist.

Here are the steps to be taken.

A vulnerability is published. The publication specifies the nature of the bug and at least one possible exploit. Some publications include proof-of-concept code to exploit the bug.
Examine the code for 18.04 LTS and verify that the bug exists and is exploitable in the manner documented.
Examine the code for 20.04 LTS and verify that the vulnerability has been addressed.
Repeat for the other bugs.

Of course we can't spot all bugs. That doesn't prevent us from being able to spot some bugs. Don't let the perfect be the enemy of the good.

retina · 2020-05-17, 09:50

Quote:

Originally Posted by xilman

Here are the steps to be taken.

A vulnerability is published. The publication specifies the nature of the bug and at least one possible exploit. Some publications include proof-of-concept code to exploit the bug.
Examine the code for 18.04 LTS and verify that the bug exists and is exploitable in the manner documented.
Examine the code for 20.04 LTS and verify that the vulnerability has been addressed.
Repeat for the other bugs.

That's great. But doesn't address the problem. It is still a vague response. "There will be some bugs identified, and they will be fixed." No specific bugs mentioned at all. Vague.

No one has said something like: Their NIC driver ABC has bug XYZ and they need a fix for that.

But even if someone has a specific bug they need fixed. Then that fix would have to be only available in the newest version. Which for some reason hasn't been fixed in the current version they are using. Are there any security bugs fixed in 20.04 that haven't been fixed in 18.04? Or maybe someone is using 16.04 and the bug was introduced in 18.04 and if they had blindly upgraded to 18.04 they would have been worse off. I suspect almost no one knows because almost no one bothers to check. Because it is always the vague "it will be more secure" without any data to provided to support that.

What new bugs are you getting with the new version? That's impossible to say of course because if we knew about them, we would fix them. Perhaps it is a case of "better the devil you know"?

xilman · 2020-05-17, 10:37

Quote:

Originally Posted by retina

No one has said something like: Their NIC driver ABC has bug XYZ and they need a fix for that.

You are using the words "no one" in a way which is unfamiliar to me.

For instance, read https://9to5linux.com/new-ubuntu-lin...ulnerabilities

The authors have said just that.

If by "no one" you mean contributors to this thread, then I am interested in "local attacker" vulnerabilities because I do not care to damage my systems inadvertently. Perhaps I am "no one".

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
login on ubuntu	wildrabbitt	Software	16	2015-12-06 00:24
Ubuntu	storm5510	Linux	24	2013-11-08 20:59
Ubuntu saddies	ET_	GPU Computing	12	2013-05-14 14:30
Ubuntu 9.10	henryzz	Linux	11	2010-01-29 21:31
mprime under Ubuntu?	Unregistered	Linux	8	2007-11-23 23:03

2020-05-15, 08:45	#12
M344587487 "Composite as Heck" Oct 2017 2×5²×19 Posts	If it has access to WAN you risk breaking it by not keeping it up to date. Offline/airgapped PC's are where I agree that not updating is a reasonable option.

2020-05-15, 10:04	#13
henryzz Just call me Henry "David" Sep 2007 Liverpool (GMT/BST) 3·23·89 Posts	One of the biggest reasons to keep up to date is that security holes often get published when they are fixed. This leaves unpatched people as targets(generally there are enough to be worth targetting).

2020-05-15, 12:05	#16
EdH "Ed Hall" Dec 2009 Adirondack Mtns 1010110111100₂ Posts	I haven't checked lately, but 18.04's repository openmpi wouldn't work with --hostname when I was trying to use it. I was never able to get it working, even from source. This kept me from upgrading my 16.04 machines. Does anyone know if openmpi is working properly in 20.04 LTS?

2020-05-17, 03:20	#17
retina Undefined "The unspeakable one" Jun 2006 My evil lair 6,793 Posts	So based upon the responses above. 1. We upgrade our OS because of a vague promise that newer stuff is "more secure" than older stuff. 2. We upgrade our OS because of an application's new features we want. The first one looks like a catch-all to scare people into complying The second one looks like a non-sequitur to me. And application version shouldn't be tied to an OS. I think a lot of the time people upgrade because the vendor tells them to. "We have some new shiny , upgrade immediately because we say so." Amirite?