Which updates?

[Oldgit72]

I have come to Linux mint from windows. As such I'm not used to being asked to approve updates. I like it, however I'm not sure if I should be just saying yes to all updates as I don't want to fill my machine with stuff I will never use.
So, for instance libssh TinyCSSH library - which the info tells me is for programmers. As I will never be one, should I download this?

Then there is libxml2 Gnome xml library.. Which it says is if you design your own markup language. Haven't a clue what one of those is.
Both of these are tagged as security - hence my quandary as to whether to install them or not.

The last current one is Linux kernal 6.14.0-35.35-24.04.1 I'm told this is for driver support, so would seem important. However there is a warning that this may affect internet access. As this is almost solely what I use the laptop for, I hesitate.

I use the machine for book keeping, sending/printing invoices, materials orders, watching you tube and playing some small on line games. That's about it.

Can anyone help educate me on which updates I should be allowing and which not.
Thanks

 

[CaffeineAddict]

So, for instance libssh TinyCSSH library - which the info tells me is for programmers. As I will never be one, should I download this?

libraries for devs usually end with <packagename>-dev or <packagename>-devel, these you don't need, but libxml, libssh you need, difference is they have lib* prefix, these are used by other packages that need them so you should update them.

The last current one is Linux kernal 6.14.0-35.35-24.04.1 I'm told this is for driver support, so would seem important. However there is a warning that this may affect internet access. As this is almost solely what I use the laptop for, I hesitate.

Always update your kernel, if something doesn't work you can remove it and use previous kernel which is not removed upon newer kernel install.

Can anyone help educate me on which updates I should be allowing and which not.

Generally you want all updates.
If there is something you don't want then uninstall that package from system, it's better to not have it than have an outdated version.

 

[kc1di]

I would go for the updates. As @CaffeineAddict has said in mint the old kernel is kept so you can easily revert to it if something breaks. current kernel in mint 22.2 is 6.14.0-34. Enjoy!

 

[Brickwizard]

I should be just saying yes to all updates as I don't want to fill my machine with stuff I will never use.

Hi young'en
Linux is not windows, any updates will be essential for security or driver updates, OR for applications you have installed it won't load your machine with bloat

 

[Alexzee]

With any of the Linux Mint updates you can trust where the updates are coming from.

The updates that come from the Linux Mint team are dedicated to a repository that can be trusted.
Should you have troubles with your installation you can always roll back to the previous kernel if need be.

The tool kit libxml2 written in C and essential for many things.

Home · Wiki · GNOME / libxml2 · GitLab

XML parser and toolkit

gitlab.gnome.org

Like @Brickwizard said it provides security, module updates and the like.

A system that is not up-to-date is vulnerable and security then becomes a risk.
Drivers and modules may not load causing printers, applications and other things not to work.

Allowing all updates that the Update MGR is showing you is a wise practice.

 

[Condobloke]

G'day Oldgit72, Welcome to Linux.org

I came from windows to Linux, as well.

This happened approx 13 years ago.

A seriously experienced, long time user told me "Install every update, whether you understand their names and uses or not"
I have religiously followed his advice for the entire time, and do so to this day....without any ill effects whatsoever.

A few times a day, I will right click the 'shield' icon in the system tray and select 'Refresh'.

If it then shows the little red dot which indicates there are updates available......I install them.

It has always been of interest to me that the update system is clever enough to know to only send me updates for the apps that I actually have, and also adjusts for any differences I may have made to my chosen OS (Linux Mint 22.2, Cinnamon.

Be safe...Install all of them. You will not regret it.

 

[Brickwizard]

and also adjusts for any differences I may have made to my chosen OS

and from my point any changes you make to your computer or its peripherals

 

[Oldgit72]

Well thanks all. The message seems clear and simple. I will keep my tinkering for my e-bike, where I know what I'm doing, and simply use my laptop with surety.

 

[bob466]

Welcome to the Forum.

Install all updates and remember Linux isn't windoze.

I remember back in the dark days of windoze checking all updates for spyware and other things that would damage your system...I had a list of the bad ones...that was till m$ stopped us doing that.

 

[theLegionWithin]

i update every friday evening, and recommend that you update frequently - but you're also free not to update

linux is all about choices

 

[bob466]

i update every friday evening, and recommend that you update frequently - but you're also free not to update

linux is all about choices

I think you got that wrong...it's very important to install all updates when they are available.

Linux is about choice but not when it comes to updates...you must keep your system up to date especially when it comes to security.

 

[theLegionWithin]

I think you got that wrong...it's very important to install all updates when they are available.

Linux is about choice but not when it comes to updates...you must keep your system up to date especially when it comes to security. View attachment 28522

it largely depends on the application. if you've got an internet facing box, yeah, update away. if you have a box that doesnt touch the internet often (or at all, say in an industrial environment), then you update rarely or never.

 

[KGIII]

The problems surrounding updates are that those who don't update are more easily compromised. Compromised machines are no longer just about impacting the owner of the machine. These compromised machines are then used for other malicious activities.

Because of this, I could reason my way into some sort of penalty for systems that are not updated. (How this would work, I'm not quite sure.) This would include devices like IoT devices, routers, etc...

Perhaps they should only be allowed to access a separate network, one not connected to the public internet?

Perhaps the ISP should simply block them entirely?

Obviously, there would be some leeway. The process should also be transparent, and the device owners should be notified in some manner. While it can be spoofed, we can already see things like the browser version. This shouldn't be too difficult from a technical standpoint.

I used the analogy the other day of a compromised machine being like letting your rabid dog run free in the streets. If you do that, the person it bites might not be the owner.

I'm not entirely sure what the system would look like, but it's an idea that could be considered. However, getting global cooperation would be difficult. I suppose those regions that don't comply could be cut off from the regular world wide web.

I doubt anything like that will ever happen, but I could reason my way into accepting it if it did happen.

 

[bob466]

it largely depends on the application. if you've got an internet facing box, yeah, update away. if you have a box that doesnt touch the internet often (or at all, say in an industrial environment), then you update rarely or never.

Well all I can say is...you do you.

 

[osprey]

The problems surrounding updates are that those who don't update are more easily compromised. Compromised machines are no longer just about impacting the owner of the machine. These compromised machines are then used for other malicious activities.

It's certainly an issue. A couple of thoughts come to mind.

There's a smart TV used here that's connected by wifi to the router. It's actually never used as a TV, but only for viewing dvd and blu-ray disks, but since it's been connected, it updates itself automatically. That is probably its default behaviour since it was simply connected with the router and no other configuration was altered. Every so often when a film is being viewed, a pop-up appears informing the viewer that the update has been successfully applied.

In relation to actual linux installations, in debian there's the automatic update and upgrade package "unattended-upgrades" which relieves the user of having to manually choose to upgrade. Having lost contact with other distros on this variable, I guess if there's not a specific installable or default means to upgrade automatically, it's still quite scriptable.

It seems there are useful approaches for keeping software updated and upgraded, but the dependency upon individuals, organisations, companies etc. is a sort of complicating or confounding variable, and the notions of what might be mandatory or enforced can be subject of quite strong debate. Nevertheless, it seems there are approaches to the issue if people at various levels and positions in society are willing to look into it I guess.

 

[KGIII]

Nevertheless, it seems there are approaches to the issue if people at various levels and positions in society are willing to look into it I guess.

Yup. The important bit of that is (to me) the last part - "are willing to".

Collectively, we seem to lack the willpower to do anything about this. This is not even a remotely new problem. The problem has existed for a long time. Heck, the problem of proliferating malware extends back long before there was a public internet such as we have now.

[This would be poltical content, thus not allowed.]

(Insert above what is likely obvious, but forbidden fruit.)

Then, and this would be an allowed topic, there are many companies who'd absolutely fight something like this. They release hardware that we can't truly control, and it runs software we can't control. They sell products that are not ever going to see a single update. These products are on the public internet.

Many areas, such as my own, have some consumer protection laws. (This will skirt the politics aspect.) Such laws may be expressed as something like 'an implied warranty of merchantability', which means that the product is expected to function properly and for at least a specific number of years. For example, even though they may offer a warranty of five years from the company, your fridge is expected to last ten years. Even though the OEM doesn't like it, the real laws state that there's an implied length of proper function. (Many consumers are completely unaware of these laws.)

Here's my example:

Title 11, §2-314: Implied warranty: merchantability; usage of trade

See also:

Office of the Maine AG: Consumer Protection: Consumer Law Guide

(Note how minimal the second link is. That's unfortunate.)

These products, those with software that we can't access and control, those that never get updates, are not meeting the letter of the law, nor the spirit of the law.

So, my point is that some mechanisms already exist.

I'd like to talk about political willpower and the people who really influence the politicians, but this would be a violation of the rules of this site. I think one can safely make assumptions based on what I've said, and that those assumptions will express my thoughts on the matter.

For better or worse, this is one of those topics we can't fully discuss on this site. I'd say it's for the better.

Using my analogy from earlier, that is a rabid dog set free on the streets, I picture a more safe community without things like litter lining the street. The public web is a cesspool, for lack of a better word.

Imagine a web without botnets. Imagine a web without spam. Heck, imagine a web without compromised devices spewing trash into the community. While a bit draconian, we should be able to accomplish that. I can think of very few reasonable arguments against cleaning up the community. It's very much a 'public space', or a legal concept known as 'the commons'.

Sorry for the rant and verbosity. Encapsulating this into something more brief would do it a disservice.