Linux Kernels

[dos2unix]

Recently, someone in another thread asked... Why update your Linux kernel?
If it ain't broke, why fix it? I actually like that, and usually I feel the same way.

But in this case, what does "broke" mean? On one hand, my computer is working,
so that means nothing is "broke" right? But on the other hand, it may be working, but is it
working as securely, and efficiently as it could be?

Here is the Linux kernel change log between version 6.6.7 and 6.6.8

https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.8

It has over 140 commits since 6.6.7, which was only released a couple of weeks ago.
If you look back, through all the change logs, since... I dunno say version.. 6.2.15

There are over 2,000 bug fixes, new features, security patches, enhancements, as well
as over 65 new hardware drivers.

Now, I have to be honest here, I did not go all the back to kernel 4.18.30. That would have
taken months, maybe even years to parse through all those change logs.

But I did randomly grab a few 4.18.x change logs, and a few 5.18.x change logs, and of course
the 6.6.8 change log listed above. Every single one of the ones I looked at had over 100
commits. In some cases over 150. On average I found 3 or 4 new hardware drivers in
every new "mid version" ( meaning the middle number in the version ).

Now I realize this isn't an exact scientific verifiable method, but I just go by the averages
of the security fixes, bug fixes, new features and new drivers per release. That means,
there have been over 7,000 bug fixes, over 2,200 new features, over 3,900 security fixes
and over 4,000 new hardware drivers since the Linux 4.18 kernel.

But let us say, you don't care about security. ( And actually vendors like Redhat do
keep doing security fixes on older kernels ) or you don't care about new hardware drivers.
( After all I didn't change any of my hardware in the last 5 years ). That still leaves efficiency.
A new version of a web server like apache or nginx, can run as much as 7% faster on a newer kernel.

Now I'm not saying everyone should run the latest and greatest, in fact I myself usually run a month
or two behind the latest kernel. But I do think it's worth upgrading from a five and a half year old
kernel ( 4.18.x for example - August 2018 ).

If you DO have newer hardware, newer AMD Radeon video cards, USB 3.2 hubs, NVMe disk drives,
DDR6 RAM, or especially a newer Wifi chip. Then updating the kernel that has all the latest drivers is
a no-brainer.

So even though your old kernel might not be "broke". It might not be working as good as it could be either.

 

[dcbrown73]

I used to only update occasionally even if I wasn't having any issues. Though really. These days, people are getting smarter and looking for a quick buck. What's worse, is they used to specifically target people. Today, that is no longer necessary. Their attacks are more like a disease spreading.

To me, the days of leaving your door unlocked and not worrying that some was going to come in without your knowledge are gone. Today, they no longer have to specifically target you with their attack. They just release their attacks to the Internet and you (as an Internet user) will find them or will end up in their crosshairs due to carpet bombing approach. (ie, spamming out the attack).

That realization alone should be enough to tell you it's more important today to keep your security updates patched. It's no longer a question of if you will be exposed to some sort of attack, the question is when will you be exposed and will you be ready when it happens?

 

[wildman]

One of the reasons I love Linux is that they are always with many eyes looking at items that could have been attacked. This is the great advantage of open source. When they find something a update to fix it is quickly dispatched. I would strongly suggest one loaded all the updates. I also would strongly suggest one have Timeshift on their machine in case in the rare event something did go wrong one could revert to a previous version.
Always,
Wildman

 

[KGIII]

I update frequently - but manually. I have the line I use to update loaded to an alias and I just type it into the terminal. I do this at least once a day, sometimes more than once a day. It's six letters. I can type them quickly, probably even on a phone.

 

[Condobloke]

My approach to kernel updates is fairly straightforward.

When I see an update in Linux Mint Update Manager, I simply install it.....comforted by the knowledge that Timeshift has taken a snapshot either on that particular day or the day before (depending on the time of day or night that the kernel update appears.

If, a glitch becomes apparent, I simply restore my system to the day before and continue on as if nothing had happened. I also delete the offending kernel, and as soon as the Update Manager presents that offending kernel for install (because it will be presented again, I right click on it and select 'ignore further updates for this item'...Problem?....what problem !

Current kernel in LM21.2 is 5.15.0-91 ...released recently

kernel 6.2.0-39 is also available, as is 6.5.0-14
What benefits, either security speaking or other, either of these would present, I have zero idea.

I also have no idea where to find that info out

Like KGIII, I also update frequently. Several times per day.

This takes place simply by right clicking the shield icon in the system tray and selecting Refresh. if an update is there, the little red dot will appear in the shield icon. Usual procedure from there

Good post, @dos2unix.

 

[osprey]

I also have no idea where to find that info out

For your version 5 kernels, the info is in the ChangeLog files at:

Index of /pub/linux/kernel/v5.x/

just in case you'd like to know

 

[wendy-lebaron]

Surprised that Manjaro MATE and EndeavourOS "Galileo" ran for me on my 12-year-old laptop with 2-core CPU, integrated MESA graphics, broken touchpad buttons preferring "synclient" method etc. with one of the later kernels from the v6.6 series.

However, I had to make sure it worked without surprises, and I wanted to get away from performance-sapping Wayland. Therefore on both those Arch-based distros I scaled down to the LTS kernel. This is more of an assurance with Manjaro since I used that distro longer.

But note that it's with MATE D.E. Cannot have KDE anymore because it began giving me problems on my computer such as very slow boot, and the last time I tried to install it, Calamares was working too slowly to bear. Yesterday I was reminded of it: tried to install KDE Neon and had to halt because it was taking half an hour only to "fill up filesystems" and it rejected the "swap" partition of the target disk.

There shouldn't be a lot of difference from one kernel to another, going back to v5.15 LTS series to the v6.1 series that was chosen for Debian "Bookworm". I don't notice the performance gains. I just want the thing to work, if I have to put up with slow booting of these kernels significantly fatter than v4 and earlier. :/

The blip about Debian v6.1.0-14-amd64 and the short-lived "Bookworm" v12.3 should have alienated me about LTS kernels but I cannot be arsed about something like that. The fix was found quickly and almost no harm was done to people booting with that kernel.

 

[Condobloke]

I have to admit...deciphering the changes that would impact me and my hardware etc would be a Daunting task !!!!
I take my hat off (if i had one) to the many and various people who compile that "thing" relentlessly

I would also make comment here, that anyone who thinks they have the mental fortitude etc to decide which updates are suitable for their system and which are not...?.....are kidding themselves.
The jigsaw puzzle which is present in the kernel is mammoth.

It very quickly becomes apparent that there is a connection and interconnection between SO many little pieces, that only the TEAM of people who put together those kernels would have any hope of staying on top of the intricacies involved.

I will remain one seriously happy little camper, and rely on the boys and girls at https://cdn.kernel.org/pub/linux/kernel/v5.x/ to do that for me.

At least I can trust them. The past (approx) 9 years has proven that in spades.

(Eat your heart out m'soft)

 

[Aristarchus]

That is why kernel.org is publishing Changelog. Kernel updating make sense if changes are related to your setup.

I have to admit...deciphering the changes that would impact me and my hardware etc would be a Daunting task !!!!
I take my hat off (if i had one) to the many and various people who compile that "thing" relentlessly

I would also make comment here, that anyone who thinks they have the mental fortitude etc to decide which updates are suitable for their system and which are not...?.....are kidding themselves.
The jigsaw puzzle which is present in the kernel is mammoth.

It very quickly becomes apparent that there is a connection and interconnection between SO many little pieces, that only the TEAM of people who put together those kernels would have any hope of staying on top of the intricacies involved.

I will remain one seriously happy little camper, and rely on the boys and girls at https://cdn.kernel.org/pub/linux/kernel/v5.x/ to do that for me.

At least I can trust them. The past (approx) 9 years has proven that in spades.

(Eat your heart out m'soft)

this is why you can rely on Whonix developers, grsecurity, kspp, Arch hardened and so on. Whether one uses it, just update kernel or not it boils down what keeps one comfortable.

 

[bob466]

I always install the latest Kernel...who wouldn't want the newer drivers etc. Should any happen you can always rollback to the previous one.

I also create a snapshot with Timeshift as well just in case.

 

[KGIII]

This isn't mine and it's a bit adult-themed but I just saw the greatest analogy ever and wanted to share it with you. I'll have to paraphrase a little to make it more concise - and to remove the 'adult' language.

Using unsupported software is like using expired condoms at an orgy.

I'm so stealing that analogy.