this post was submitted on 08 Nov 2023
230 points (98.3% liked)

datahoarder

6785 readers
5 users here now

Who are we?

We are digital librarians. Among us are represented the various reasons to keep data -- legal requirements, competitive requirements, uncertainty of permanence of cloud services, distaste for transmitting your data externally (e.g. government or corporate espionage), cultural and familial archivists, internet collapse preppers, and people who do it themselves so they're sure it's done right. Everyone has their reasons for curating the data they have decided to keep (either forever or For A Damn Long Time). Along the way we have sought out like-minded individuals to exchange strategies, war stories, and cautionary tales of failures.

We are one. We are legion. And we're trying really hard not to forget.

-- 5-4-3-2-1-bang from this thread

founded 4 years ago
MODERATORS
 

I've been seeding many Foss things for years but for some reason, people keep downloading Ubuntu versions that are more than 3 years old.

Any ideas why there is always someone downloading the ancient stuff, especially Ubuntu?

top 36 comments
sorted by: hot top controversial new old
[–] clif@lemmy.world 157 points 1 year ago (1 children)

I just want to say that you're a MVP for seeding that much for that long. Lots of TBs up there - you've helped out a ton of people.

Thank you.

[–] Apollo2323@lemmy.dbzer0.com 26 points 1 year ago (1 children)
[–] syrooks@infosec.pub 14 points 1 year ago

Agreed, came here to post a “thank you for your service”

[–] neanderthal@lemmy.world 86 points 1 year ago* (last edited 1 year ago) (2 children)

Yes, Ubuntu 20 isn't EOL yet. A lot of those downloads are probably IT staff or developers that are running Ubuntu servers or developing on those versions.

ETA: We still have some RHEL 7 and clones at my day job

[–] cerement@slrpnk.net 13 points 1 year ago* (last edited 1 year ago) (1 children)

got curious – 20.04 LTS still has more than a year of support left

[–] caseyweederman@lemmy.ca 3 points 1 year ago

Seven more years of ELTS

[–] ejmin@lemmy.ml 7 points 1 year ago

Yeah, should've remembered that before asking... Makes sense. Thanks

[–] prayer@lemmy.world 56 points 1 year ago (2 children)

This man really does have GBs of Linux ISOs

[–] kernelle@0d.gs 18 points 1 year ago
[–] umbrella@lemmy.ml 7 points 1 year ago

i tought this post was going to be a "linux ISOs" joje lol

[–] MystikIncarnate@lemmy.ca 44 points 1 year ago (1 children)

20.04 and 22.04 were LTS versions, aka, long term support.

Any application that requires stability should run on LTS versions. Combined with Ubuntu being one of the most popular distros, makes 20.04 and 22.04 the most popular choices for anything in a home lab and many smaller business needs.

Whether you're building a server for home DNS, or a time server for a small business, then you're probably using Ubuntu as the base.

I think the next LTS version will be 24.04, so things might shift sometime after that.

[–] pietervdvn@lemmy.ml 6 points 1 year ago

Correct. Naming of ubuntu is always . of release. The LTS'es are supported for four years, so when 24.04 is released, the 20.04 will be EOL

[–] computerboss@sh.itjust.works 30 points 1 year ago (1 children)

I can give you an answer from someone who regularly downloads really old EOL versions of Ubuntu and Debian. I personally use them as part of attack and defense competitions. They are normally very close to unusable and are nearly impossible to update to a more recent or secure version. This forces my team to find creative ways to keep them working while also taking measures to isolate them as much as possible. I also use them to teach old exploits that have been patched in more recent versions, walking people through how it worked and why it existed.

It happens a lot more with Windows machines, but there might be some manufacturing systems out there that require software that won't run on modern versions of the OS. These systems often require new manufacturing tools in order to upgrade, or they need massive overhauls that smaller companies can't always afford.

[–] fiat_lux@kbin.social 7 points 1 year ago (1 children)

This forces my team to find creative ways to keep them working while also taking measures to isolate them as much as possible. I also use them to teach old exploits that have been patched in more recent versions, walking people through how it worked and why it existed.

I am interested in learning more about this. I know a fair bit about networks but exploit history and modern attack / defense strategies and server hardening are not my main specialty. Do you have any good links or resources that you can share?

[–] computerboss@sh.itjust.works 4 points 1 year ago

Ok so to be clear when I said team I mean a bunch of college students preparing for different ctfs, but these are some of the more helpful resources we have found:

Tryhackme: personal favorite especially for beginners Hackthebox: great for learning/practicing attacks Overthewire: another good ctf site

We try to build many of our own ctf like machines, then each person switches their machine with another person and the other person tries to secure the vulnerabilities without knowing anything about the machine. Once everyone has secured their machines we try to attack them using the notes made while setting them up. This is our step by step for that process.

  1. download an old version of a distro. (Ubuntu 14, deb 9, ect)
  2. install and setup the VM without any updates or changes to the default configuration
  3. google the distro version (Ubuntu 14.04) + vulnerabilities or exploits
  4. read through the different sites to find applications that had huge security issues on that version and begin installing some of the programs that have known exploits

So for example with Ubuntu 14.04 we know there are some Linux kernel exploits.

A quick Google search returned this exploit: https://www.exploit-db.com/exploits/43418

Using Ubuntu's website I looked up other critical vulnerabilities and found these: https://ubuntu.com/security/cves?q=&package=&priority=critical&version=trusty&status=

From here I could add some of the packages mentioned as having exploits and then attempt to exploit them. I could also check newer versions of Ubuntu like 16 to find vulnerabilities that would also apply to older versions.

There is also Mitre's list(s) of the most dangerous software vulnerabilities. They have one for 2023, but also a catalog of lists from previous years.

https://cwe.mitre.org/top25/archive/2023/2023_top25_list.html

Hopefully this helps!

[–] PlatinumSf@pawb.social 26 points 1 year ago

FOSS hero. 💜

[–] Faceman2K23@discuss.tchncs.de 24 points 1 year ago (1 children)

Gotta download at least a few actual Linux ISOs to be a real datahoarder.

[–] fork@endlesstalk.org 2 points 1 year ago (1 children)

People download fake Linux ISO's? What even are those? I have no idea. No idea at all.

[–] Faceman2K23@discuss.tchncs.de 2 points 1 year ago

Yea I have 100tb of these weird Linux ISOs, I have no idea how they even got there either.

[–] rhythmisaprancer@kbin.social 16 points 1 year ago

I don't know about now, but my first Linux OS was Ubuntu and I appreciated the long support because of this. That was in the dial up days, tho, I can't imagine why anyone would require that now ☠️

[–] Rogue 12 points 1 year ago (1 children)

People desperately trying to avoid snaps by any means possible?

I struggled with those for so long. I'm running Pop now with integrated flathub and all of a sudden Linux is fun again!

[–] Diva@lemmy.ml 10 points 1 year ago* (last edited 1 year ago) (1 children)

I worked at a place which was still using a 20.04 version (for products they were selling) because updating it would require spending any amount of time updating software. Path of least resistance is using the old os forever.

[–] pbjamm@beehaw.org 7 points 1 year ago (1 children)

10 years ago I was working at a place that still used an Apple ][e

It controlled a ROM burner that was vital to the manufacturing process. In a back room was a stack of backup ][e s just in case the production one should ever fail. In the years I worked there it never did.

We had an old 286 running the HVAC at a hospital I worked at. This was a hospital with about 2000 employees in a major American city.

[–] SinningStromgald@lemmy.world 9 points 1 year ago

Data hoarders? People rolling back to older versions? Those are my best guesses.

[–] MechKit@beehaw.org 8 points 1 year ago (1 children)

I assume it's not human driven. Maybe some automated archiver? Some bot looking for proof of pirated content, and just downloads everything it finds?

[–] ejmin@lemmy.ml 5 points 1 year ago (1 children)

Right, that sounds like a good guess. That makes sense, bots are everywhere.

[–] GroteStreet@aussie.zone 14 points 1 year ago (1 children)

Some of it may be, but the fact that the LTS versions (20.04 & 22.04) are downloaded overwhelmingly more than the others seem to indicate it's more intentional.

[–] jlow@beehaw.org 1 points 1 year ago

Do old versions of Linux (Ubuntu in this instance) run better on really old hardware? That might be a reason if so.

[–] navigatron@beehaw.org 7 points 1 year ago

Sir, you are a hero. Thank you for your service.

[–] nightwatch_admin@feddit.nl 4 points 1 year ago

Systemd haters? But seriously, this could well be because of business environments where applications require specific OS versions to keep being supported by the vendor. Or better: where the orchestration tool cannot be updated because of the old OSs while said OSs cannot be updated because it will break orchestration.

This is why people love containers: you can run insecure software on insecure OS (component)s while pretending to be in control on your shiny Kubernetes cluster.

[–] ms264556@beehaw.org 3 points 1 year ago* (last edited 1 year ago)

I occasionally have to download and run old versions in a VM to build poorly supported software.

E.g. step 1 of the build instructions here...

Install the following packages in an ubuntu - 14.04.6 LTS machine

[–] GnomeComedy@beehaw.org 3 points 1 year ago

ITT: speculation by people that clearly don't use/understand Ubuntu.

[–] nossaquesapao@lemmy.eco.br 3 points 1 year ago

I once downloaded a really old (like 10 years old) ubuntu iso, because I had an app in deb format made for that version, that needed older libraries to run. Perhaps, there were other ways to run it, but running the older iso in a vm worked fine.

[–] scumola@sh.itjust.works 1 points 1 year ago

22.04 still isn't FIPS validated yet, so if you need FIPS with Ubuntu pro, the most recent LTS distro you can get is 20.04. That's why 20.04 is still popular.