|
Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems. |
I’ve been seeing Kernel updates in my update manager and am a bit reluctant to mess with them. There are three of them and the main one is marked security and is 67 MB. Is this something I should be concerned about? My Linux Mint laptop is running just fine and I don’t want to mess anything up. All these updates have a rating of 4.
@Charlie – For whatever this is worth – I’ve been running Ubuntu 16.04 LTS for the last 27 months on an old HP AMD Athlon 64 bit machine (about 10 years old). As an experiment to see just how much of a no-brainer patching is, I install every update offered to me – yes, every single one of them. I’ve installed many kernel updates and also many updates that remove unused portions of old kernels. I’ve never had any problems with any updates (kernel or not). A conservative estimate is 5 patches a week, so over 27 months 600+ patches. If it was me, I’d go for it on your Mint machine.
My understanding is that if the kernel update offers no security updates, but just additional compatibility for newer hardware, then you are safe to skip it if your hardware is running fine, or you are running an older system.
But I would install all updates that are flagged for security.
Windows 10 Pro 22H2
Right.
My understanding is that if the kernel update offers no security updates, …
But I would install all updates that are flagged for security.
Now I don’t know how Mint’s update manager does it, but in the general case with Linux kernel updates this means installing those that only change the third or fourth part of the version string.
(Third number is the “minor release” and fourth is patches on top of that. Ubuntu backports fixes a lot, they’re well into 4 digits on the patch number in some branches and a bit less in others. So Ubuntu has a version 4.4.0-166 instead of going to 4.4.198…)
Also I’m not sure if others are doing that but I’m of the opinion that anything that has the potential to cause significant data loss or corruption even independent of external threats should be considered a security issue.
So, I’d install patches that’d fix data loss if your specific SATA HBA chip happens to have a hiccup. But that’s often dependent on hardware and requires a close reading of the changelogs…
Right.
My understanding is that if the kernel update offers no security updates, …
But I would install all updates that are flagged for security.Now I don’t know how Mint’s update manager does it, but in the general case with Linux kernel updates this means installing those that only change the third or fourth part of the version string.
(Third number is the “minor release” and fourth is patches on top of that. Ubuntu backports fixes a lot, they’re well into 4 digits on the patch number in some branches and a bit less in others. So Ubuntu has a version 4.4.0-166 instead of going to 4.4.198…)
Also I’m not sure if others are doing that but I’m of the opinion that anything that has the potential to cause significant data loss or corruption even independent of external threats should be considered a security issue.
So, I’d install patches that’d fix data loss if your specific SATA HBA chip happens to have a hiccup. But that’s often dependent on hardware and requires a close reading of the changelogs…
Right, but this thread is about Mint. 🙂
They developed their Mint 5 level update system for more novice users, and those that are probably not as interested in studying detailed change logs. That is where Mint diverges from the Ubuntu philosophy, at least regarding updates.
My advice: when in doubt, or just because, always make an image before any system update. That is the easiest way to restore a system that becomes unstable or un-bootable after an update.
By default Mint updates level 1-3 are checked. If you are adventurous, you may select all 5.
https://sites.google.com/site/easytipsforlinux/linux-mint-update-manager-explained
The 5 levels and their description are:
Level 1:
Certified packages. These packages has been tested or directly maintained by Linux Mint. Recommended to be updated when updates are available.
Level 2:
Recommended packages. All packages are tested and approved by Linux Mint. Also recommended to be updated.
Level 3:
Safe packages. All level 3 packages are not tested but considered to be safe. Recommended to be updated as well.
Level 4:
Unsafe packages. Updates classified as level 4 could have a potential negative affect on system stability. Deselected by default for safety and visibility.
Level 5: Dangerous packages. Updates classified as level 5 can have a negative affect on system stability depending on the system hardware and specifications. Also deselected for safety and visibility.
Although there are users who claim that level 4 and level 5 updates disrupt their systems when it comes to stability, there are plenty of users who select level 4 and level 5 for updating and not having any problems with their system after updating.
Windows 10 Pro 22H2
I trust Levels 1, and 2, maybe even 3’s, but the 4’s worry me. I don’t know how to revert back to the older kernel. Seems I have a lot to learn. I want to do the right thing but then things are running well so I don’t want “fix what isn’t broken” to coin a phrase.
In your case of not knowing how to roll back changes, I would suggest to leave well enough alone, and stick with 1-3. If your system is working well now, I doubt your system will stop working even if you never update the kernel again.
One other thing I’m wondering is whether or not if I checked all the kernel related updates, the Update Manager would know the proper order in which to install them?
It seems that the package manager keeps up with any update dependencies, so you should not normally need to worry about that.
If rolling back a kernel, or restoring your system from a disk image, is not currently an option for you, I would suggest backing up all of your personal data to an external drive. That way, in the event that your system ever does stop working, re-installing Mint may be your only option for recovery.
In my previous job with corporate IT, there was a zero tolerance for risk. ALL changes had to have a verified back-out plan. So that has shaped my opinion on changes forever. You are free to follow your own instincts, but just be aware of the risks of having no back-out plan.
Something to think about! 🙂
Windows 10 Pro 22H2
I know nothing about Timeshift. You might seek advice from others with experience on that topic.
I have always relied on full images, or clones of my Linux drives and partitions, and never had any issues with creating a backup image and performing a successful full restore using a bootable utility such as Clonezilla.
Windows 10 Pro 22H2
Agree with @JohnW, imaging the system is a far safer choice. Timeshift is an equivalent system restore for linux but, as with system restore..don’t rely on it to save your bacon!
Have used it briefly in the past, no longer use it (found it useless), much prefer an image offline.
Timeshift will bring back the old kernel, not a problem there. Even without using Timeshift, though, (as I mentioned already), you can also select any of the old kernels installed from the GRUB menu, which makes them easier to roll back than any other change you make to the system. When you install a new kernel version, the old one is still there also, unless you explicitly remove it. Until you do, it’s available to be used anytime, along with all of the included drivers, the kernel parameters, and and initramfs configuration that was/were in use at the time that kernel was last configured (usually that would be at the time it was installed).
In contrast to Microfix’s experience, I’ve found Timeshift to be tremendously useful, to the point that I made a donation to its developer. It’s not a replacement for full system imaging, but for what it is meant to do, it does far more easily and quickly than having to restore an image. I use both, much as I used system restore (in the rare instances when it actually worked) and Macrium Reflect when I used Windows.
The Mint devs got a lot of flak over their designation of updates as being dangerous, to the point that people began to say that Mint “has questionable security practices,” which I don’t think was true. It did tend to exaggerate the risk of certain things, like kernel updates. It has some similarity to what Woody does here with the MS-DEFCON, but I don’t know that Mint ever reduced the “danger” level of a given update even after the update had been well vetted. It was up to the users to decide when a level 4 or 5 update had been tested long enough to trust it, and for those who just looked at the updater and took it as gospel, it didn’t really work. The thing that makes MS-DEFCON work is that Woody changes the number once the “dangerous” patches have been vetted… a number that never changes is misleading and a lot less useful.
This was why the Mint devs dropped the level system and instead encouraged their users to use the integration feature of Timeshift and the updater (like how the Windows System Restore creates a restore point before installing updates, if it hasn’t been turned off again). If a problem is encountered, just roll back to the previous Timeshift snapshot and you’re back in business. I’ve found it very reliable and useful, in contrast to System Restore, which was a lot more temperamental.
Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)
@Charlie, FWIW I also use the mint-updater albeit on a non-mint distro which comes set with all 5 boxes ticked at default (this is inline with Ubuntu policy aparently) however,
Linux Mint is more conservative when it comes to kernel updates. They want the end-user to just use the OS without worries and the repo/ distro maintainers will look after your system relative to configuration/ software and hardware.
If you know how to revert back to an older kernel, tick all 5
(keeping your previous kernel as a failsafe)
If you don’t, leave well alone and follow the Linux Mint directive is my advice.
Hi Charlie, I fully back the discussion on being comfortable with both sides of imaging makes everything less stressful. I offer a decision process that may ease your concern with levels 4 and 5. Introduce the idea of probation, a delay to allow others to test and find faults. Similar to Woody’s monthly process, but I don’t want to confuse the similar numbering because they are somewhat opposite and really not related at all.
So when you see a level 4 that looks helpful, wait a couple of weeks. When there is no reports of troubles on equipment that looks like yours, you may then consider the item as tested under public use. That will give you more assurance than you had one day one, even if the level rating is not changed.
If Level 5 is even more worrisome, give it a month or more probation. But either way, allow the passage of time and public testing to dilute any anxiety. And have an image available.
Hi again Charlie. You are very attentive to the status of your system and the updates available for it. I’m hoping to encourage your developing your own sense of security that will also give comfort with your choices. By relying on your own review of what you read, and trusting your judgement more than the ratings given by others. The rating change will happen on your end, not on theirs.
Where I had written
That will give you more assurance than you had on day one, even if the level rating is not changed.
I might have made more clear that these ratings are assigned as an initial notice to alert you to the possible hazards. That rating remains in place for future users to see the same notice and start their own review of how it may affect their systems. This decision method should be done system by system. As what works for you may not work for another.
The passage of time together with a lack of reports on equipment like yours indicates others have not had trouble. If your equipment is highly customized, you might find an obscure bug that would not be revealed by others. But that is what those backup images are for.
Use those numbers to alert you, then trust your own evaluation instead. Your comfort with your own opinion will grow with experience.
That’s a good point, especially where the Mint level system is static, and was assigned merely by the type of update (kernel, or some other significant system package) and the potential for that type of update to disrupt stability. It was not based on known issues like Woody’s defcon system often is.
Bottom line is that the Mint developers have deprecated the level system in the current release, because they feel it does not communicate risks correctly as it was once intended to. So it is probably most prudent to move on from that method, as the developers have done.
I also like the idea proposed earlier, to place risky updates on probation when they first appear, and delay installing them for a week or a month, or whatever.
And backups…
Windows 10 Pro 22H2
Just fyi, the Update Manager in Mint 19.2 no longer categorizes updates according to Levels. It does still identify security updates vs software updates, with kernel updates as a separate category.
That said, I’m a newbie in Linux but haven’t had any problems so far just taking all the updates in 19.2, including kernel updates (in the 4.15 series). Of course, this isn’t my primary computer, and it wouldn’t be too difficult just to reinstall Mint. I do use Timeshift and have successfully done a restore before, on a different computer.
I still need to look into learning about Clonezilla, which I’ve been putting off because it looks a little complicated. I use Macrium Reflect for Windows.
Linux Mint Cinnamon 21.1
Group A:
Win 10 Pro x64 v22H2 Ivy Bridge, dual boot with Linux
Win l0 Pro x64 v22H2 Haswell, dual boot with Linux
Win7 Pro x64 SP1 Haswell, 0patch Pro, dual boot with Linux,offline
Win7 Home Premium x64 SP1 Ivy Bridge, 0patch Pro,offline
That said, I’m a newbie in Linux but haven’t had any problems so far just taking all the updates in 19.2, including kernel updates (in the 4.15 series). Of course, this isn’t my primary computer, and it wouldn’t be too difficult just to reinstall Mint.
With a kernel update, if the new one fails to work, simply reboot, select the “advanced options for Linux Mint” option in the GRUB menu, then scroll down to the listing for the previous kernel version. The first option will be the newly installed one that isn’t working… the second one will be the recovery mode for the new kernel. Right below that should be the previous kernel, the one that was working fine. Hit enter, and everything should be just like it was before. You can then search for answers online, or just uninstall the version that does not work.
Within one kernel version, like 4.15, the kernel updates will mostly be for bug fixes and other enhancements. There is a chance of new bugs with any updated software, but it’s greater for releases that introduce new features as well as bug fixes. I wouldn’t have any reservations installing them… I’ve never had any issues doing so personally, and the means to boot the old kernel (which is still installed in addition to the new one, unlike most packages) is so easy, that I don’t consider it a big risk.
I regularly go one step further and update to the newest kernels offered by Ubuntu. In Mint, you can easily do that by looking in the Kernel menu of the updater program, which will show you all the Ubuntu kernels available. Mint uses the Ubuntu kernels, like other Ubuntu derivative distros (which also includes KDE Neon, which I use). The current newest version offered is 5.3, which is eight releases newer than the 4.15 kernel that Ubuntu 18.04 LTS and derivative distro releases (like Mint 19.x). If it fails to work properly (or at all), the same method above to boot the previous version will work.
As for Linux imaging… I used to use Macrium Reflect for Windows to image my Linux partitions, and it did faithfully restore them to perfect working order every time I performed a restore. It still required booting to Windows or the Reflect rescue media to perform each backup, which was a pain. Now I use Veeam Agent for Linux, which is the closest I have yet seen to a Reflect type of program to run natively in Linux. It’s free for home users, too. It runs from the command line, but once started, it’s fully menu-driven, not requiring any typed commands to make it work. It’s quite fast (on par with the fastest of the Windows backup programs I tried) and works well in backup and restoration.
Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)
As for Linux imaging… I used to use Macrium Reflect for Windows to image my Linux partitions, and it did faithfully restore them to perfect working order every time I performed a restore. It still required booting to Windows or the Reflect rescue media to perform each backup, which was a pain. Now I use Veeam Agent for Linux, which is the closest I have yet seen to a Reflect type of program to run natively in Linux. It’s free for home users, too. It runs from the command line, but once started, it’s fully menu-driven, not requiring any typed commands to make it work. It’s quite fast (on par with the fastest of the Windows backup programs I tried) and works well in backup and restoration.
Does Macrium support all partition and file system types?
Windows 10 Pro 22H2
Does Macrium support all partition and file system types?
Reflect is able to recognize the two partition table types, MBR and GPT, and for any file system it does not recognize, it goes into sector by sector mode, so it should be able to work with anything. “Should,” of course, is a weasel word, but until I’ve thoroughly tested it with every file system in existence (which, of course, I can’t!), I really cannot say definitively that it will. I do know it worked well with Ext4, though. I restored Linux backups (that is, backups of Linux partitions, not backups made in Linux) with it several times with no problems.
Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)
@ascaris wrote:
“It still required booting to Windows or the Reflect rescue media to perform each backup, which was a pain.”
Ascaris,
Thanks for this information about your use of kernels, and especially for the reminder that I could use the Macrium Reflect rescue media to make a Reflect backup of Linux. I’m dual-booting Linux Mint and Windows XP, which has an older version of Macrium Reflect; but since XP can’t recognize my GPT external hard disks, I had been thinking I couldn’t use them for backups and would have to re-format one as FAT32 in order to use Macrium Reflect. That would also mean the image would be broken up into about 26 or so 4-GB files.
But if I understand correctly, instead of using Windows XP, I could just boot into the Macrium Reflect rescue CD (I think the one I used has Windows PE 5) to make an image backup on a “regular” GPT external hdd, is that right? I remember now that in another thread you had talked about booting into the rescue media, but I had forgotten.
So does this also mean you can boot to the Macrium Reflect rescue media to image Linux even if Windows isn’t installed on the computer?
Linux Mint Cinnamon 21.1
Group A:
Win 10 Pro x64 v22H2 Ivy Bridge, dual boot with Linux
Win l0 Pro x64 v22H2 Haswell, dual boot with Linux
Win7 Pro x64 SP1 Haswell, 0patch Pro, dual boot with Linux,offline
Win7 Home Premium x64 SP1 Ivy Bridge, 0patch Pro,offline
You can boot from the Macrium WinPE rescue disk on any computer regardless of the installed OS, and execute a backup or restore using any attached drives. This is because the host OS is offline, and it is only the WinPE executing during the session.
Windows 10 Pro 22H2
GPT is a partition table type, while FAT is a filesystem type. They don’t compare directly.
In terms of the partition table, it’s a question of GPT or MBR (master boot record). XP x86 cannot recognize GPT disks (the 64-bit variant can read and write to/from them, but not boot from them), but any current OS can recognize and read/write MBR disks.
A MBR disk can have partitions formatted in NTFS or Ext4 just as easily as can a GPT disk… there’s no need to use FAT for XP. Still, if the external disk is already set up in GPT, XP won’t be able to recognize it unless the disk is converted to MBR. That’s what I would do, personally, but not if there were any critical backups on the disk. There is the potential for something to go wrong and for data loss to occur. I’ve only converted partition types a few times, and it’s worked without any problems, but that’s not enough to know how prevalent data loss would be.
As the others have already mentioned, you can perform a backup from the bootable rescue media. I’ve never tried creating a rescue drive from XP, though! The ones I’ve made with Windows 7 and 8.1 use a WinPE environment based on Windows 10, and that certainly is able to use a GPT external hard drive. You could give it a try and see if it works, and if not, maybe use a newer Windows PC to create the Reflect media. It will still be able to read the older PC’s disks… it just will have to be done from the bootable media itself, not from Windows XP.
Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)
With a kernel update, if the new one fails to work, simply reboot, select the “advanced options for Linux Mint” option in the GRUB menu, then scroll down to the listing for the previous kernel version. The first option will be the newly installed one that isn’t working… the second one will be the recovery mode for the new kernel. Right below that should be the previous kernel, the one that was working fine. Hit enter, and everything should be just like it was before. You can then search for answers online, or just uninstall the version that does not work.
I should have asked this before – how do I get into the GRUB menu, and the “advanced Options for Linux Mint”? This doesn’t come up automatically when I boot so is there some key to push to get into it?
Edit: And also the way to get out of it if I don’t want to do anything.
Please disregard my last post directly above. I now know to use the Shift key while booting, and the escape key to undo what I’m doing. Got this from Google.
By the way, my current kernel stops being “supported” in August 2020. So it appears that I’ll have to update the kernel before that.
Just fyi, the Update Manager in Mint 19.2 no longer categorizes updates according to Levels. It does still identify security updates vs software updates, with kernel updates as a separate category.
That said, I’m a newbie in Linux but haven’t had any problems so far just taking all the updates in 19.2, including kernel updates (in the 4.15 series). Of course, this isn’t my primary computer, and it wouldn’t be too difficult just to reinstall Mint. I do use Timeshift and have successfully done a restore before, on a different computer.
I still need to look into learning about Clonezilla, which I’ve been putting off because it looks a little complicated. I use Macrium Reflect for Windows.
Good to know! I had not heard about the change to the update manager level system, as I haven’t updated to that version yet. So the old info still applies to past versions.
Here is the scoop:
Breaking: Update Manager in 19.2 will no longer feature a protective level system
https://forums.linuxmint.com/viewtopic.php?t=290342
Regarding Clonezilla Live – https://clonezilla.org/clonezilla-live.php – it is a bit techy and confusing. Not sure I would recommend it to a non-tech. It must run offline as a bootable Linux distro, and the interface is like an old DOS text based interface thingy. Reading and understanding the instructions in detail is critical, and you need to be fully familiar with the Linux internal/external drive and partition naming and numbering of your system.
I believe that there are other modern commercial and free imaging programs for Windows, that provide bootable environments for offline disk imaging and restores, with support for Linux partitions. But I have not attempted to use any of them for Linux drives. I seem to recall a discussion around here recently with some options related to that.
Windows 10 Pro 22H2
Just for information purposes here are the three Level 4 kernel updates:
Notice they are checked and come up that way. There are other level 2 updates relating to the kernel and labeled Software which I have not done so far. I need to build up more confidence before proceeding. It’s me, I’m always over cautious.
Does Macrium support all partition and file system types?
No. Then again nothing else does either. If you have an old 68k or PowerPC Mac, I don’t expect Macrium will help you with that much except in whole disk raw mode.
Macrium works with MBR and GPT partitions, and some versions also Windows’s Dynamic Disks. In addition it can do at least raw copy. Those should be enough for a non-ancient PC.
There’s more than a dozen kinds of “partition tables” out there and I don’t know of any single tool that’d handle all of them. Some are fairly exotic. Some are even not stored on the disk in question at all.
Filesystem types there’s a lot more of still. Particularly if you count all the different variants of ufs/ffs …
Regarding Clonezilla Live – it is a bit techy and confusing. Not sure I would recommend it to a non-tech. It must run offline as a bootable Linux distro,
Yeah, Clonezilla Live is a specialized mini-distro. The non “Live” is a text-mode application that can be run on a Linux PC, or a friendlier live-usb distribution.
Which reminds me, should see if I can find some more SATA hotplug enclosures for the problem-desk Linux workstation… USB/SATA bridges do funny things with sector size emulation on some drives.
The current newest version offered is 5.3, which is eight releases newer than the 4.15 kernel that Ubuntu 18.04 LTS and derivative distro releases (like Mint 19.x). If it fails to work properly (or at all), the same method above to boot the previous version will work.
Exactly.
And what’s more – on modern Linux distros you can usually have multiple branches of kernels installed simultaneously and constantly updated. (Well at least on Ubuntu, should work on Mint too?) That way you can just use the boot menu to switch between, say, latency-optimized for sound or other signal processing work and throughput-optimized for non-realtime number crunching… and a long-term support base kernel.
Since Linux has no direct need to reboot to install kernel updates on the disk, you can install multiple kernel updates between reboots and only boot to one of them. No need to reboot just to complete installing a new kernel if you don’t want to use it right away, like if it’s from an alternate branch.
Like here, I have (on Xubuntu 18.04):
$ dpkg -l |grep linux-image |grep ^ii ii linux-image-4.15.0-66-generic 4.15.0-66.75 amd64 Signed kernel image generic ii linux-image-5.3.0-19-lowlatency 5.3.0-19.20~18.04.2+2 amd64 Signed kernel image lowlatency ii linux-image-generic 4.15.0.66.68 amd64 Generic Linux kernel image ii linux-image-lowlatency-hwe-18.04-edge 5.3.0.19.85 amd64 lowlatency Linux kernel image
The latter two are branch metapackages that always pull the latest of that branch in.
See, Apt has direct installs and dependencies, latest versions of those metapackages depend on specific latest version of the actual package.
If you install an actual kernel package directly – or mark it as direct install while it’s already been pulled in as a a dependency – you’ll get to keep that one too in the boot menu even after the metapackage updates and starts to depend on a newer version. Subject to your disk space of course.
Word of caution (before installing Kernel Updates in Mint)…too many of them, and you may get a “low/boot space” error where the header update did not complete and gave an error that there was not enough space in /boot.
What I normally do before installing a new kernel is go to the Update Manager, click on View/Linux Kernels, then click on continue, and look and see how many are installed. In my case, the Kernel groups are 4.4-4.15, and I check each level.
I normally keep only three or four, so before installing the new one, I click on the oldest one (it will be marked “installed”, not “active”!…in my case it was 4.15.0-64, I clicked on it, hit remove, and put in my password. Once that was done, I would close update manager, re-open it, and install the new kernel.
If you run into the “low boot space error”, this thread from the Mint forums can help:
You can get more info about many of the Mint updates here:
Yes, the link is to an Ubuntu site but very often, at least for Kernel updates and vulnerabilities, you can get CVE numbers and kernel version numbers and match them up with the descriptions/info in your Mint Update Manager. The above link and the descriptions in Update Manager will often describe what’s new and issues addressed.
FWIW I’ve installed the kernel updates on 3 Mint 19.2 machines with no issues.
If a kernel update has a CVE number associated with it, then the update is fixing some kind of vulnerability (i. e., a security issue)
After running Ubuntu 16.04 LTS and 18.04 LTS for over 3 years and Mint 19.2 for 3 months and installing every update that’s come down the pike without any issues whatever – and that’s probably over 1,000 patches – I feel much more comfortable installing patches than I did with Win 7 since the end of 2016. In fact I’m not missing Windows in any way, shape, or form. I particularly appreciate the lack of patching drama. For me, at least, Ubuntu and Mint “just work”.
There are all kinds of updates that go into kernel versions. Some are security updates, but a lot are non-security bug fixes. Bug fixing in general is a good thing! A bug can be affecting you even if you don’t recognize it, or it might do so at some point in the future even if it has not so far. Within any one kernel version (like 4.15 or 5.3), each revision is a relatively small, incremental update, generally for bug fixes (security or otherwise). New features usually have to wait for new kernel versions. I would have no more difficulty recommending a person install any new revision of their existing kernel than any other update.
This worry over kernel updates is part of the reason that Mint dropped the numbering system for updates. It was giving people the wrong idea about updates.
For Windows, Woody assigns MS-DEFCON numbers according to the risk of patching Windows at that moment. He sets MS-DEFCON to 2 before Patch Tuesday, and it remains there until he gets some news about how the updates are working. If they are causing problems, he will keep the number at 2, or if the problems are really bad, drop it to 1. Out of band fixes (revisions to Patch Tuesday updates in the coming weeks) often come along when more bugs are found in the initial Patch Tuesday release of an update. Woody’s numbers change as MS cleans up its patches. By the time Patch Tuesday rolls around again, he’s usually given the green light for the previous patch to be installed. The number changes in response to actual complaints.
Mint didn’t do that. An update that had a 5 (high risk, supposedly) would remain a 5, since it was the type of update that resulted in the rating, not the actual experience people had with it. Seeing that “maximum risk” rating on a kernel update that, a few weeks later, had been vetted by lots of people made them think the risk was greater than it was. That 5 rating should have been interpreted to mean “you might want to wait a few weeks to let things shake out before installing this,” not “This thing is way too dangerous to mess with. Don’t do it.”
Mint’s update ratings of 4 or 5 were more like a stop sign, while Woody’s rating is more like a stoplight, with 1 or 2 being a red light. The light will turn green when Woody thinks it is safe to proceed, but if you wait for a stop sign to turn into a go sign, you’ll be stuck forever, which is not the intent of a stop sign. Stop, look, and proceed when it is safe. How long you want to wait is up to you, but if it is still available (and has not been replaced by a new update for the same package) after that time, you should be good to go.
Mint includes Timeshift in the distro, and they have integrated it into the Mint update manager. If you use this, any update that goes wrong, even one that makes the system unbootable, can be rolled back with a minimum of fuss. Mint devs have said that they consider Timeshift to be a replacement for the old numbering system. All you have to do is get Timeshift set up, and you have a greater degree of protection than you ever did from the old update level system.
Any update has the potential for messing things up, but kernel updates in particular are very easy roll back in the unlikely event that something goes wrong, since the old kernel remains installed and fully usable even if you install a new one. If you have GRUB set up to show the menu at boot time (by default, it will show if more than one OS is installed on the system, but you can set it to show at every boot if you wish), you can simply select “advanced options for Linux Mint”, then press the down arrow until you’ve selected the old kernel, then press enter. That will boot with the old kernel, and from there you can use the Mint kernel tool to uninstall the faulty kernel version.
Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)
I’m now running 4.15.0.99.89 and I haven’t notice any difference in the look of the GUI.
Just to throw this out there, but you should not normally see any changes to your GUI after a Linux kernel update. The kernel is the part of Linux that runs “under the hood”. (Well at least if nothing serious breaks).
Unlike Windows, the desktop GUI that you view in Linux doesn’t live in the kernel. The GUI is provided as an optional “Desktop Environment (DE)” add-on component, which for Mint would most commonly be “Cinnamon”, or “Mate”, but you could really run just about any DE on Mint.
Linux was not originally designed as a desktop system, and at heart is a server that doesn’t even require a desktop environment. The DE is just an add-on program that provides the ease and familiarity of a desktop so users can avoid using a command line exclusively. More like when early Windows ran on top of DOS in the pre-NT days. The kernel has more of a role like DOS did back then.
So instead, you’re more likely to see updates to new versions of the DE with new or changed desktop features, which are typically pushed out with new versions or point releases of the distro, for example Mint 19.1 to 19.2 or 19.3. Although the DE might get patched in the updater between versions. But this where you would look for changes, or problems with the GUI.
It’s a rather modular system. There are a few other components in a desktop Linux system besides the kernel and the DE. But they can vary by distro. If you’re interested, there are plenty of resources online to learn about them, but the casual end user need not be overly concerned with knowing all about them.
But one of the biggest differences with Linux is that the various components of a linux distro are not usually on the same update schedule. The maintainers of the chosen distro must decide which versions of the various component packages are suitable for inclusion in any given release version of the distro. One can of worms is that each component is developed by a different team of developers.The folks who test the distro are responsible for assembling the parts that must work together and provide the necessary QA.
Unlike Microsoft where everything comes from one company… 🙂
Windows 10 Pro 22H2
I like how Mint handles updates. I install the security updates almost as soon as they show up and tend to hide the kernel updates until I am ready for them.
The software updates can be odd and I used to hide the ones I was unfamiliar with (old Windows habit of fearing “feature” updates that break things). For example when I moved to Mint I installed the multimedia codecs which included flash and chromium. I disable flash in Firefox and don’t use the Chromium browser so when a flash non-security update arrived I just hid it. About a week later I checked my plugins and Firefox complained that flash was out of date and insecure. I re-found the update and installed it and things were fine.
Recently I received several chromium updates and decided to uninstall the codecs since I don’t use them but I would have to uninstall the multimedia codecs package they are part of as well. Updating the chromium seemed easier than finding and reinstalling all the other codecs, 🙂
My update routine is:
This works well for me.
Attached is a screen of Mint’s Update Manager for those unfamiliar with the OS.
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
