|
| ▲ | II2II 6 hours ago | parent | next [-] |
| I'm not sure what the current state of most distributions is, but I remember update applications providing an option to accept or reject individual packages. Even without that, you could preview the list of pending updates and delay them indefinitely, do manual updates of individual packages, or configure it to ignore particular packages during updates. Historically, I believe that you could block certain updates on Windows as well - or maybe you could just rollback and update. Of course none of this is considered user friendly so things may have changed. |
|
| ▲ | undersuit 7 hours ago | parent | prev | next [-] |
| Provide a way to show that your compiled code is what you say it is. https://wiki.debian.org/ReproducibleBuilds |
| |
| ▲ | MarsIronPI 6 hours ago | parent [-] | | But where does the original compiler come from? Reproducible builds are only as good as the compiler used to compile them. That's the point of Trusting Trust. If you build with a backdoored compiler and I reproduce your build with the same backdoored compiler, that solves nothing. This is why full-source bootstrap is important[0]. [0]: https://guix.gnu.org/en/blog/2023/the-full-source-bootstrap-... | | |
| ▲ | Dylan16807 2 hours ago | parent [-] | | It would be very very hard to actually accomplish something like that on mainstream x86/arm compilers. And hide it from every debugger in the world. If it diminishes the value of reproducible builds, it's by something like 1%. > Reproducible builds are only as good as the compiler used to compile them. Which is so so so much better than "as good as nothing". |
|
|
|
| ▲ | Certhas 7 hours ago | parent | prev | next [-] |
| Is that true? Can Ubuntu download and install and run new code without me doing anything? I am not sure that's the case. Of course every time I run an update, they can install whatever. But that's different from what Windows is doing as I understand it... |
| |
| ▲ | AndrewDucker 7 hours ago | parent [-] | | "Ubuntu will apply security updates automatically, without user interaction. This is done via the unattended-upgrades package, which is installed by default." https://documentation.ubuntu.com/server/how-to/software/auto... | | |
| ▲ | aruggirello 6 hours ago | parent [-] | | Right, but it's a minor annoyance, get rid of it with: sudo apt-get remove --purge unattended-upgrades
(doesn't trigger removal of anything else, and you'll enjoy 420kb of additional disk space).OTOH the real issue with Ubuntu is snap(d). Snap packages definitely do auto-update. You may want to uninstall the whole snap system - it's (still?) perfectly possible, if a little bit convoluted, due to some infamous snaps like firefox, thunderbird, chromium, or eg. certbot on servers Or just use Debian or any snap-free fork for the matter. Edit: fixed |
|
|
|
| ▲ | CamperBob2 6 hours ago | parent | prev | next [-] |
| I mean.. how is this different from any OS distribution? The other OS distributions let you turn it off. |
|
| ▲ | jmclnx 6 hours ago | parent | prev | next [-] |
| There are a lot more distros than RH, Ubuntu, Gentoo and LFS. And none of them will show you ads except maybe Ubuntu. Plus you can also look at *BSD. None of them comes close to what Microsoft is doing. To me, your comment looks like you do not understand the Linux eco-system. Plus IIRC, LFS can now come with compiled binaries. |
|
| ▲ | ErroneousBosh 5 hours ago | parent | prev [-] |
| > Apple can push whatever. So can Red Hat or Ubuntu or Gentoo In the case of Ubuntu and Debian, and to a lesser extent RedHat, I trust the developers not to do that because they have a history of not "just pushing whatever". Also in many cases I actually know these developers, and I can go round and ask them / remonstrate with them / put a brick through their window / other response if required about it. |
