Fair points. Admittedly I use a tiling window manager so I never see most of these problems.

My basic concern is with fragmentation. IMO many techies just don’t grasp how forbidding Linux is to normal people. Or the importance of reputation in people’s choice to take the leap. It’s all but priceless. Ubuntu-bashing has always struck me as a case of an elite group that prefers to split hairs rather than to take the win of getting extra users of FOSS. Idealism vs pragmatism, basically.

Anyway, I’m repeating myself. If you think that normies have heard of Mint already and that it won’t go away next year, then fine. The important thing is to get them to take the leap. They can always change distro later, the second time is much less forbidding.

In my opinion Ubuntu-bashing is unjustified and counterproductive.

Unjustified because Ubuntu is great! I say that having used it exclusively for years without a problem. That has to be worth something. Yes, there’s the Snap issue, and occasional shenanigans from Canonical, but so far these problems are not existential. For context I’ve been on Linux for 2 decades (also Debian) but I am not a typical techie (history major). Ubuntu just works.

Counterproductive because Linux needs a flagship distro for beginners. Just the word Linux is daunting to most normies! We absolutely need a beginner distro with name recognition. Well, this may hurt to hear but Ubuntu is basically the only candidate. Name recognition does not come cheap. At this point it is decades of work and we should not be squandering it.

Terrible, no-good, cynical, nihilist take. If everybody took your advice, the world would be a worse place in short order. Sorry to be so blunt.

This should really be more widely known. It’s a case study of mission creep and bureaucratization. The cost of keeping the servers running, and even dev work, is at this point a smallish fraction of what they’re pulling in. The is rest going to various forms of outreach and activism. That’s fine, and the money is probably well spent. But they really should be more honest about why they’re asking for it.

A token amount, a few euro a month.

BUT. One day it will all be donated. Every last cent of it.

Money is security. It’s peace of mind. So I will keep hold of mine for now, thank you very much.

That’s why I wrote typical. The question was from a beginner, not a networking expert.

Yes, I am one of those people, literally all the time. This is the point of laptops.

And I use default Ubuntu Desktop config, kept up to date of course.

If that makes me and OP sitting targets, then maybe we should address this concern to the people who make distros rather than to a random anxious newbie.

Just to clarify this comment for other “total newbies”: yes, the UFW default config is fine and “you don’t need to mess with it”.

But by default UFW itself is not even enabled on any desktop OS. And you also don’t need to mess with that. It’s because the firewall is on the router.

OP said clearly that this “is just my personal computer” and here we all are spreading unintentional FUD about firewall configs as if it’s for a public-facing server.

This pisses me off a bit because I remember having exactly the same anxiety as OP, to the point of thinking Linux must be incredibly insecure - how does this firewall work? dammit it’s not even turned on!! And then I learned a bit more about networking.

This discussion should have begun with the basics, not the minutiae.

Yes, fair point.

As I understand it, the main risk of an untrusted local network is with DNS. The best precaution being to set it manually (to 1.1.1.1 for example or ideally something less centralized). Actually I used to do that myself, running a stub DNS server on localhost. This kind of option really should be in every OS by default.

Would be interested to know the consensus on better locking down a roving laptop.

Well, screwed I will be, then. I’m not going to waste my life babysitting a bespoke firewall on my Ubuntu Desktop.

And it seems like a bad idea to be telling beginners on Ubuntu or Mint whatever that their “security philosophy is flawed” and they must imperatively run these 10 lines of mysterious code or else bad things will happen.

This whole discussion looks like a misunderstanding. OP is not a sysadmin on public-facing server. They are a beginner on a laptop at home.

deleted by creator

You don’t need a firewall on a typical desktop computer. You only need them on routers and servers.

That is because your personal computer is not actually on the internet. It is on a local network (LAN) and it talks only to your router. The router is the computer connected to the internet, and it has a firewall.

The question highlights a classic misunderstanding about networking that IMO should be better addressed. I was like OP once, and panicking about this pointlessly.

Addendum: You’re all replying to OP as if they’re a sysadmin managing a public-facing server. But OP says clearly that they’re just a beginner on a PC - which will almost certainly be firewalled by their router. We should be encouraging and educating people like this, not terrorizing them about all the risks they’re taking.

deleted by creator

Your individualism. Of course I’m aware of the huge downsides, but my understanding is that personal freedom has been a vanishing rare thing in human history. As I see it, some very odd circumstances (puritans and the frontier) generated the USA, which morphed into something even weirder still: a libertarian superpower. Which then, in extremis, saved the rest of us from authoritarianism of both right and left. Probably temporarily. I predict that after it all collapses, and with better hindsight, we’ll appreciate the USA more than we do today.

Ugh! That word again.

Guessing you’re American. Over here in soft Europe, even to ask that question would get you ostracized as a psychopath.

Of course, most of us are complete hypocrites given our diets.

BRB.

sudo apt purge cups

Done. This should not even be part of baseline Ubuntu desktop. Speaking for myself but I have not had a printer for about 15 years. The paperless office really did become reality.

The counter-argument is that communes are populated by an unusual variety of human being, hence their rarity, and that most people are motivated by less disciplined human goals such as status and material accumulation.

Same. I checked on my Debian VPS the other day after many months of negligence and, sure enough, everything was up to date and secure thanks to unattended-upgrades with the reboot option enabled.

It also has YAST which is the best GUI based managment system on Linux

Semi-offtopic. Suse was my first distro 20 years ago and in those few months I had such a nightmarish experience with dependency hell in YAST and Yum, and such a contrastingly good experience with APT after I finally moved to Debian, that I have only ever used Debian and Ubuntu since then and I am still traumatized by the mere sight of the name YAST.

Silly but alas true! Of course I didn’t understand anything back then and I’m sure YAST is much better these days.