- This topic has 9 replies, 5 voices, and was last updated Feb 10-3:02 pm by stevesr0.
-
Posts
-
stevesr0
Hi,
Everytime I see an announcement of new kernels available with security fixes, I add the latest kernel.
My question is why ISN’T the HIGHEST version with the fix (4.19 as of today) recommended?
stevesr0
Anonymous
The answer on your simple questions, gives enough material for a book or two.
If you’d have understood what Kernel is and what it does, you wouldn’t even been asking that question.
In short:
– Changing Kernel is not only the advantage but, in some cases it might become a huge disadvantage too.
– Security is often overrated. Over 90% of security issues are not at all relevant for your private PC.Example Nr. 1:
You have a couple of dozens of VM’s, you update the Kernel and your virtual ‘landscape’ crashes.Example Nr. 2:
You install antiX on your ‘brand new’, 1997 PC and you come here to ask for help.
Using some LTS Kernel under 4.4 would probably never rise that question.@noclue,
thanks for reply.
I asked the question because I am already running a 4.19 kernel with the fixes. It seemed odd to make a blanket recommendation that everyone should move to an earlier version.
Unfortunately, If there is an advantage for someone in my position moving back to an earlier version, I still don’t know what it might be.
stevesr0
christophe
4.19 series kernel is an LTS release – supported longer term.
Check out anticapitalista’s announcement: https://www.antixforum.com/forums/topic/new-kernels-in-repos/confirmed antiX frugaler, since 2019
If there is an advantage for someone in my position moving back to an earlier version, I still don’t know what it might be.
That you indirectly repeat your question means two things:
1. You still didn´t inform yourself what the Kernel is and what it’s doing.
2. You also didn´t inform yourself about The Meltdown and Spectre.There is no way to fix it with patches, it can be only fixed with changing the processor architecture.
All fixes are only first aid — that does not come without consequences (== less efficiency).
Relevant part for you is to have the web browser patched, you are not a company.If you will notice anything or not is, as I said, depending on who is using it and how and then, which Kernel and which HW combination.
Big companies don’t use computers like you or me, which is 90 % of time computing under 10 – 20 %.
Optimum configuration of one computer is when it constantly runs between 70 – 80 %.
All the rest is wasting money.Now imagine if Kernel patch reduces processor efficiency for some 20 – 40 %. Banks can close their bussines temporarly while the DB will cause processor run with over 100 %.
https://www.bankinfosecurity.com/performance-hit-meltdown-spectre-patches-slow-systems-a-10570
Newer Kernels also sometimes stop supporting older HW. If your HW is supported, you’re fine.
https://lists.debian.org/debian-devel-announce/2016/05/msg00001.html
https://www.quora.com/Does-the-Linux-kernel-ever-drop-old-architectures-or-drivers-for-old-hardwareIf YOU didn’t notice any problems, then YOU are fine.
@ christophe,
Thanks for reply. Both the recommended 4.9.153 version and the 4.19.18 are listed as long term support images. That is nice.
Just don’t understand why the 4.9 was recommended over the 4.19.
I think it would depend on what version was already installed. In my case, I already had a 4.19 kernel image running without a problem, so I just upgraded to the 4.19.18 version.
stevesr0
@ noclue,
You seem annoyed. I don’t feel like discussing this with you further.
Have a nice day.
stevesr0
anticapitalista
@ christophe,
Thanks for reply. Both the recommended 4.9.153 version and the 4.19.18 are listed as long term support images. That is nice.
Just don’t understand why the 4.9 was recommended over the 4.19.
I think it would depend on what version was already installed. In my case, I already had a 4.19 kernel image running without a problem, so I just upgraded to the 4.19.18 version.
stevesr0
The default (ie shipped on the iso) kernel is the 4.9 series, which is why it is the recommended one.
Philosophers have interpreted the world in many ways; the point is to change it.
antiX with runit - leaner and meaner.
caprea
The 4.9-kernel is also the default on debian stretch(stable)
https://packages.debian.org/de/stretch/linux-image-amd64Hi anticapitalista and caprea,
Thanks for response. I thought that might be the reason.
Stevesr0
- You must be logged in to reply to this topic.
