# One Reason I now Feel that the Linux Update Process is Stable

Back in past years, the habit I had had with my Linux computers was such, that I would not do a complete upgrade of all installed packages. Instead, I would often tell my package manager to install some new packages, and view the message it generated, according to which many packages were to be held back and not updated, as part of the new installation. I used to acknowledge this in general, and allow it to happen.

By contrast, I did notice how often Windows Update does its job, and how my Windows computers were never or seldom broken by a Windows Update. However, it had happened to me on occasion, that the Linux computers could get into some sort of stability issue, over upgrades I had done. And so I had reached the vague conclusion, that Windows Update was somehow better, than the habit of doing complete upgrades under Linux.

What I now have is two computers, on which all the packages I have installed are at their most recent version, due to the ‘unattended-upgrades‘ package which I have installed, and which I wrote before in This Earlier Posting.

What I now find, is that my Linux computers that are up-to-date, are at least as stable as my Windows 7 and Windows 8.1 machines, if not more stable. And so advice which I was once given but had ignored, seems to have been accurate, according to which my earlier practice of only upgrading a minimum of libraries, was a bad practice, and according to which doing so, introduced stability problems of its own.

Having said that, If we are given a Debian / Linux machine which requires upgrades to a large number of packages, let us say to more than 20 packages, then we effectively need to do a ‘dist-upgrade‘ to achieve that most reliably, and even then, this one-time action can fail, and can leave us with an unstable or broken system.

Dirk

## 9 thoughts on “One Reason I now Feel that the Linux Update Process is Stable”

1. My coder is trying to convince me to move to .net from PHP.
I have always disliked the idea because of the costs.
But he’s tryiong none the less. I’ve been using Movable-type
on a number of websites for about a year and am anxious about switching to another platform.
I have heard good things about blogengine.net.
Is there a way I can import all my wordrpress content into it?
Any kind of help would be greatly appreciated!

Here is my webpage; information online, http://www.prlog.org,

1. Dirk Mittler says:

When I go into my Admin Panel, under Tools I see ‘Import’ and ‘Export’. I have a localized version of WordPress.org, 4.1 for Linux. Under Import, I see a specific option to Import From Movable-Type. But I see no specific option to Export To Movable-Type. It is completely normal, for any platform only to export its own formats, but to offer importing others’ . Hence, whether you can Import From WordPress within Movable-Type (?), depends on whether that platform is so accommodating…

2. Hey! Ɗo you knoա іf they make any plugins tߋ protect against hackers?
I’m kinda paranoid about losing everything І’ѵе worked hard οn. Аny
recommendations?

Ꭺlso viusit mʏ blog post … reuben singh wife

1. Dirk Mittler says:

I would say that in General, No. Your most probable hackers, could be the dev who wrote one of the plugins. No offense intended to legitimate devs. But I’d say the more plugins you install, the more likely you’re going to be, to get hacked. Thus, I’d stay away from plugins I don’t see any need for, just due to the statistics of it.

2. Dirk Mittler says:

But I have yet a 3rd opinion to offer on this same subject, of ‘How best to avoid WordPress.org getting hacked’. A common scenario is that people download the open-source package, which consists of Core PHP Scripts, Plugin PHP Scripts, Theme PHP Scripts, and maybe a few CSS and finally HTML Files, and then upload this to a Web hosting service which offers the privilege of running PHP. The upload happens via FTP. Some people might do this, just to dodge the subscription fees of WordPress.com.

And a key vulnerability to this setup is, that the client of the Web host is only given one username, which may or may not be the same username which the PHP scripts are running under. If it is the same username, the scripts themselves can install more scripts, and if it is not, it still leaves the fact, that the Core PHP Scripts belong to the same username, the Plugin PHP Scripts belong to.

My own setup is, that the Core PHP Scripts belong to ‘root’, while the Plugin Scripts belong to a different username, which the Web-server also runs, and which the PHP interpreter runs under.

And so even though my Plugins can install updates to themselves, when I enable something in person, they still cannot overwrite my Core Scripts. So the type of hack which just happened in my 2nd answer, could not have happened to me. And with this differentiation into 2 usernames, I may effectively already be doing half of what the ‘WordFence’ Plugin offers.

However, the potential exists for me to have a false sense of security over this. The Core Scripts are already coded, to query my setup for Plugins, and to provide hooks by which Plugin code will run, without the Core Scripts themselves needing to be altered. Hence, If I was to want to install a ‘Captcha’ Plugin for example, this might require a Core Script to be modified – because the Captcha would be displayed in the login page, which is supposed to be secure. If it did, this would present too big a risk for me to pursue. And if it did not, I still couldn’t be 100% sure that the Plugin, whenever the Core Script runs it, won’t be able to read the password that somebody types in.

So even if my Core Scripts are not modified, there is the potential for the Plugin to monitor more data than it should…

If the Plugin was ‘WordFence’, again, I’d be trusting that one author, only to do his duty, and eventually to protect me from all the others – via interception. Exactly Why, would I trust this one author, more than any of the others? Because it seems obvious to do so? Beware the obvious.

Dirk

3. Hі there! I knoԝ thіs is
kinda օff topic ƅut Ι wwas wondering іf yоu кneԝ ᴡҺere
I ϲould locate а captcha plugin for
mү commment form? І’m uing thе same bllog platform as ʏοurs ɑnd I’m ɦaving difficulty finding оne?
Thanks а ⅼot!

mү web ρage Bert

1. Dirk Mittler says:

I don’t really think that this one posting, should start to become a discussion corner. Please, feel free to read some of my other postings. In response to your actual question, I’d suggest you use a plugin:

WordPress.org Search Result

But now don’t ask me, which of these plugins might contain Malware. Really, most of them don’t, but you never know.

Dirk

2. Dirk Mittler says:

By now I have started using this one: