Avoid 10 fatal mistakes in Linux Mint and Ubuntu

Back to the home page

There are 10 mistakes that you definitely want to avoid, for the sake of the health of your system. Because they may be fatal.

As with all warnings in general, these warnings are especially important for beginners with Linux. Advanced Linux users won't easily get into trouble, not even in the danger zone. And when they do get into trouble, they can help themselves...

To make a comparison with jet planes: it all depends on how you want to use your computer.

As a pilot of the trusted F-18:

Or as a test pilot of an experimental plane:

Or as a pilot of... well, whatever it is:

If (for the time being?) the battle proven reliability of the F-18 is what you're looking for, then you can benefit from the warnings below.

Be very careful with external repositories (like PPA's) and with external .deb files

1. Software from third-party repositories (like PPA's) and external .deb installers, is untested and unverified. Therefore it may damage the stability, the reliability and even the security of your system. It might even contain malware....

Furthermore, you make yourself dependent on the owner of the external repository, often only one person, who isn't being checked at all. By adding a PPA to your sources list, you give the owner of that PPA in principle full power over your system!

Therefore only use a PPA when you really (really!) have no acceptable alternative. Or when you're a tester for a particular piece of software (which you should only be doing on a non-essential test computer).

PPA's are a mixed blessing, to say the least. If used wisely and very restrictively, PPA's can occasionally be of great help. But used carelessly, they're for Linux what the bubonic plague was for the Middle Ages....

Have you already enabled PPA's or other third-party repo's and do you want to get rid of them? Then you can recreate a clean software sources list like this.

For the same reasons you also need to be careful with .deb files from external sources:

Files with the extension .deb are separate installers, just like .exe installers for Windows. You can download debs from some websites. When you double-click them, they ask for your password and then they install themselves in your system.

Only install those .deb files that you trust completely. When you're at all unsure about a .deb file, don't install it! These files are unchecked, unverified and may do damage to your system. They may even contain malware, like spyware and such.

This happens in the real world: I know of at least one incident. Some years ago, malware (a trojan) was detected in a .deb file, that was available for download on the much visited website of gnome-look.org.

Be restrictive with root authority (administrative permissions)

2. A root desktop would defeat the security model that's been in place for Ubuntu and Mint since their inception. Therefore, even the administrator logs in with mere user permissions.

Applications are meant to be run with non-administrative user permissions (or as mere mortals), so you have to elevate their privileges to modify the underlying system.

For example, you wouldn't want that recent crash of VLC to wipe out your entire /usr directory due to a bug. Or that vulnerability that was just posted in LibreOffice, to allow an attacker to gain a root shell. Or that malicious script on a website, to take over your entire system by means of an (as yet) unpatched Firefox or Adobe Flash Player. Et cetera, et cetera....

It's just good practice on any operating system, in fact the only sane practice, to run your applications on a user level. Only administrative tasks should be executed with root permissions, on a per-need basis.

Only use sudo and gksudo when absolutely necessary

2.1. With sudo and gksudo you give yourself root permissions (administrator power). You should only do that for system administration applications and never for ordinary applications.

Unnecessary use of sudo (and gksudo) can mess up your file and directory permissions, causing all kinds of weird malfunctions.

When you launch an ordinary application with sudo (or gksudo), it creates files and directories that are the property of root, and not of you. Plus it changes the ownership of some existing files to root.

Never launch ordinary applications with sudo (or gksudo). It's unnecessary, it's dangerous and you run a big risk of messing up the permissions of your own files.

Be careful with add-ons, extensions, applets and desklets

3. Be careful with the add-ons, extensions, applets and desklets that you install. Because some of them can cause lots of problems:

Firefox and Chromium/Chrome add-ons and extensions: don't trust them blindly

3.1. Firefox add-ons with malicious software: it has happened, in spite of the malware scanning efforts by Mozilla. Don't trust them blindly. This goes for Chromium/Chrome as well.

And keep their number down anyway: don't turn Firefox and Chromium/Chrome into a Christmas tree. The more extensions you install, the slower your browser becomes. Furthermore, some add-ons may cause malfunctions in other add-ons, or even in the browser itself.

Have you already become the victim of such an add-on? Then cleanse your web browser like this (item 8, right column).

Desklets and applets: think before you install

3.2. Applets and desklets can beautify your desktop and even add useful features. But they can cause problems. So keep their number down.

The more desklets and applets you install, the slower your system becomes. What's more, some of them may cause malfunctions in each other or in the desktop itself.

Never use cleaning or defrag applications

4. With cleaning applications like BleachBit or deborphan, you easily destroy more than you want. They're software wrecking balls that can damage your system beyond repair.

You can't trust them, because unless you're very careful, they remove too much and damage the system. Sometimes so heavily, that your Ubuntu or Mint can't boot into the desktop anymore. Under certain circumstances, BleachBit can even pollute your system with massive amounts of junk.

BleachBit, deborphan and others like them are superfluous at best, and disastrous at their worst. They're "tools" that primarily cater to the psychological needs of new Linux users who come fresh from Windows, and mistakenly assume that certain essential Windows maintenance is needed on Linux as well.

In short: it's a newbie trap. Don't fall for it.

Besides, cleaning applications are superfluous. Linux hardly experiences any pollution. So cleaning is not necessary. You may at most win a gigabyte or so of disk space, at an unacceptably high risk of damage. Should you wish to clean up a bit anyway, then this is a safe way for Ubuntu and this is a safe way for Linux Mint.

There's only one exception: in Ubuntu (not in Linux Mint) you'll want to reduce the number of old kernels from time to time. This is how to do that (item 5, right column).

Defragmentation tools are even worse. Unfortunately, you can find some defrag tools in the "fringes" of the Linux ecosystem.... Don't use them! There's a considerable risk that they either mess up your system beyond all repair, or cause massive loss of files.

Defrag tools are dangerous rubbish. Without any exception. What's more: Linux doesn't even need defragmentation.

Don't mix desktop environments

5. Using different desktops on the same system, can lead to strange problems and errors. Installing another desktop can change system files and dependencies, alter default system and application settings and create incompatibilities.

This is why there are different editions of Mint and Ubuntu, rather than a single one (size issues aside).

Especially the mix of KDE with other desktops is toxic. An Ubuntu or a Linux Mint in which you install the full KDE desktop alongside the existing other desktop environment (Mate, Cinnamon, Unity, Xfce, LXDE or Gnome), becomes a hopelessly polluted mess. This pollution will decrease performance and may cause instability and malfunctions.

If you want to ensure that your operating system continues to work well, stick to the default desktop environment. And don't install any KDE applications in Ubuntu or Linux Mint, that upon installation pull in half of the KDE desktop as dependent files (like for example DVD burner K3B does)...

Tip: when you install applications by means of Synaptic Package Manager, then you can check beforehand what a particular application needs as dependent files.

There are desktop environments that share a lot "under the hood"; it's less problematic to install those alongside each other. For example: Xfce (the desktop environment of Xubuntu) doesn't fit too badly alongside the Gnome/Unity of Ubuntu and the Cinnamon or Mate of Linux Mint.

But even then some pollution is inevitable... A system with a single desktop will always perform best.

Have you made this mistake and do you wish to undo it? Then the best approach is unfortunately a clean re-installation.

Don't install a second full-blown file manager

5.1. Related to the "don't mix desktop environments" issue: it's not advisable to install a full-blown second file manager. It's best to stick to the file manager that comes by default with your desktop environment.

The reason is, that full-blown file managers are deeply interwoven with the desktop environment for which they were designed. That means that they can cause problems after installation in a "foreign" desktop environment: they simply engrain themselves too deeply in that "foreign" desktop and tend to clash sometimes with its primary file manager.

Exceptions are stand-alone simple file managers like Double Commander and Midnight Commander. They don't interweave themselves with the desktop environment at all, and only do their primary limited task: basic file management.

Never use installation scripts or third-party tools like Ultamatix, Ubuntu Tweak, Ubuntu Sources List Generator, Grub Customizer and Ubuntuzilla

6. Third-party installation scripts are all dangerous: some are acutely risky, some a little less. But you'd better avoid the lot. Below I'll describe some of the most common dangerous scripts, as well as a dangerous third-party tool called Grub Customizer.

Severe danger level (red alert!): Ultamatix

6.1. Ultamatix is the worst of the bunch. It will irreparably damage your system.

Note: this horrible project seems to be dead, but it has been resurrected from the grave before... So for the time being I won't remove this warning.

Ultamatix installs all kinds of unstable versions of applications (nightly builds). Besides, it makes use of forced permits: --assume-yes and --force-yes are very dangerous. The developer says that those are being used because "he doesn't want to bother the users with all kinds of questions". It takes only one wrong dependency, buggy application or another hitch, and your system may be damaged beyond repair....

When you've already used this script, a clean re-installation of Ubuntu or Linux Mint is the only solution. With previous formatting of the root partition.

Furthermore, Ultamatix is essentially superfluous: everything it does, you can do also in the safe official way. With only a little extra effort.

(continued in the column on the right)

This website is being sponsored by Google Ads.

Are you using an ad blocker? Then you're also blocking my earnings from advertisements....

If you wish to support my website, you can configure your ad blocker to make an exception for this website.

Thanks in advance....

High danger level (orange alert): Ubuntu Tweak, Ubuntu Sources List Generator and Grub Customizer

6.2. There's also an "orange alert" (high danger) category, which contains the applications Ubuntu Tweak, Ubuntu Sources List Generator and Grub Customizer.

Ubuntu Tweak and Ubuntu Sources List Generator

6.2.1. Ubuntu Tweak and Ubuntu Sources List Generator are dangerous as well. Don't use them! With them, you can add several PPA's and third-party software, without it being clear where everything comes from and without being asked for a verification key.

You can add all kinds of software packages without verification or quality check, and without knowing if they are fit for your operating system version or what they'll do to your system. Very risky indeed. Better stay away from them...

Grub Customizer

6.2.2. There's also a third-party tool called Grub Customizer, which massively complicates your bootloader. It heavily changes the contents of the system folder /etc/grub.d, which is where important parts of Grub reside. These changes don't disappear, when you remove Grub Customizer after using it!

In that system folder, Grub Customizer changes files into so-called "proxified" files, which creates a complex and unclear situation. This additional thick layer of complexity may have something to do with the problems it can cause: the more you complicate something, the bigger the risk of failures....

Another negative indication is that Grub Customizer isn't present in the official software sources.

The main problem with Grub Customizer in a nutshell: as long as it works as expected, all is fine.

But when there is a problem, removing it and trying to boot without it can create big difficulties. Because the program has done major changes in /etc/grub.d, which would all have to be undone manually. For uninstalling Grub Customizer after using it, does not remove its changes.

That's the downside of the complexity it adds. And for what? For a few things, most of which are non-essential, that can usually also be done without adding a thick layer of complexity....

Grub Customizer (grub-customizer) may look easy and nifty, but can mess up a vital part of your operating system. Your bootloader is as vital as it gets: after all, a system that won't boot anymore, is useless.

Furthermore, most of what Grub Customizer does can also be achieved by other means, without adding thick layers of complexity "under the hood".

Thankfully, Grub Customizer isn't present in the official software repositories. Let's hope it stays out.

Note: if you're a victim of Grub Customizer, you might be able to undo its changes like this. If that fails, a clean re-installation of your Ubuntu or Linux Mint is the only solution....

Elevated danger level (yellow alert): Ubuntuzilla

6.3. Ubuntuzilla is more limited in scope, and poses no security risk. But you'd better avoid this one as well. It may cause strange malfunctions in Firefox, because the Ubuntuzilla version of Firefox is "original upstream software" which isn't completely adapted to and tested for your Ubuntu version.

With Ubuntuzilla, you bypass the entire system of tweaks and quality checks that the Ubuntu developers apply to Firefox.... This endangers the stability and reliability of Firefox.

Don't enable the software repository "proposed" (or "romeo")

7. Don't enable the software repository "proposed", unless you're a tester and don't value a stable system. In Linux Mint this repo is called "Unstable packages (romeo)", but it's the same risk.

The source "proposed" ("romeo" in Linux Mint) is very dangerous. It contains unstable and buggy software that hasn't been improved and tested enough yet. Stay away from it!

When you do enable this source, your system will definitely become unstable sooner or later. The only solution then, is a complete clean re-installation of Ubuntu or Linux Mint. With previous formatting of the root partition.

It's disabled by default of course, but like this you can check whether this source is really safely disabled in your system:

Linux Mint:
Menu button - Administration - Update Manager
Panel: Edit - Software sources
Optional components: Unstable packages (romeo) should be disabled.

- If not installed yet: first install Synaptic Package Manager. Synaptic is present by default in Linux Mint, but not in Ubuntu. So use the application Software to install Synaptic.

Then launch Synaptic:

Click on the grey Ubuntu logo (Dash home).
Query: synaptic
Click on Synaptic Package Manager

Settings - Software Sources

Tab Updates: you'll see this unchecked update source:
Pre-released updates (xenial-proposed).

As said: make sure it's disabled!

The only reason for the existence of the source xenial-proposed (Ubuntu) and romeo (Linux Mint), is use by testers. Those testers help to hunt for bugs in potential updates, before those updates are being delivered to the users of Ubuntu and Linux Mint.

Handle with some care: the software repositories Backports and Partners

8. There are two software repositories that are safe enough to enable them in your Ubuntu, but nevertheless have to be handled with some care: Backports and Partners.

Definitely not a fatal matter, because these repositories pose an acceptable low risk. But this risk, although low and acceptable, is still worthy of some attention...


8.1. In Linux Mint 18.x, the "backport" repository is enabled by default, and it's best to leave it that way. You can trust that the repository maintainers won't put risky packages in it; Mint is very conservative and cautious in that respect.

In Ubuntu, the software repository of "backports" is also enabled by default. But with a lowered (harmless) priority, so that you can only install software from it when you consciously choose to.

Like this you can check whether this source is enabled in Ubuntu:

- If not installed yet: first install Synaptic Package Manager by means of the application Software.

- Click on the grey Ubuntu logo (Dash home).
Query: synaptic
Click on Synaptic Package Manager

Settings - Software Sources - tab Updates

You'll see this checked update source:
Unsupported updates (xenial-backports).

The "backports" source is much less risky than "proposed", because it holds software that's stable in itself. But this software hasn't been tested for your version of Ubuntu. Therefore it may still diminish the stability of (parts of) the system.

Although this repository has been enabled, it has therefore been issued a low and harmless priority. My advice is: keep backports enabled in Ubuntu, but be cautious when using it.

To check the priority of Backports you can run the following command in a terminal (use copy/paste to transfer it):
apt-cache policy | grep backports

Now you'll see that the priority of the Backports repository is pinned to 100 for everything except the translations (in a localized system). Other repositories (and the translations in Backports) have the default priority 500.

This means that you have to explicitly choose to install the backport version of a package, if another version of that package also exists in a non-backports repository. The advantage of this is, that if a package is only available in Backports, you'll be able to install it without modifying anything else.


8.2. Only applicable in Ubuntu, not in Linux Mint: like this you can check the current status of the repository Partners:

- If not installed yet: first install Synaptic Package Manager by means of the application Software.

- Click on the grey Ubuntu logo (Dash home).
Query: synaptic
Click on Synaptic Package Manager

Settings - Software Sources - tab "Other Software"

Here you can enable the Partners repository (it's not enabled by default). This gives you access to certain software from third parties, such as companies (the partners) that have entered into an agreement with Canonical.

So far, so good. But this repository may pose a security risk, because it's not always being updated adequately.... Updates come from the partner companies and independent developers, not from Canonical: Canonical only does the packaging for them. Those partner companies and the independents don't always pay as much attention to providing security updates as they should.

For example, in the past the Partners repository contained an outdated and insecure version of Adobe Flash Player (whereas the regular Multiverse repository contained the secure version, under another name!). Same thing with certain localized versions of Adobe Reader (which is a highly attacked target by malware).

So it's better to use this repository with some care. By all means do enable it, but don't put too much trust in the security of the software you install from it.

Never remove any application that's part of the default installation of Ubuntu or Linux Mint

9. Even when you never use a particular default application: don't remove it. Reason: the default installation is an intertwined system that's dependent on shared supporting files, which makes the operating system run stable.

When you remove a default application, you run a risk of seriously damaging the system. With some default applications this risk is bigger than with others, and with some there's no risk at all. But it's best to avoid this risk altogether.

If you want to, you can remove an unused application from the menu, but don't remove it from the system.

This limitation applies only to those applications, that are part of the default installation of Ubuntu or Linux Mint. Applications that you've added yourself, can be removed safely.

Don't experiment on a production machine

10. Probably not all of your computers are equally important to you. Some computers are real production machines, or "work horses" that you always must be able to rely on. Other computers are more or less like "play boxes"; fun to have, but of no vital importance.

It's important to treat both kinds of computers differently. Do not experiment on a production machine, no matter how tempting it may be to try out something new.

Only do your experiments on the play boxes or on a dedicated testing machine. Because otherwise you may end up suddenly with an unusable computer, and for a production machine that's often a small disaster.

The best approach is, to install only LTS versions of Ubuntu on production machines. Because LTS versions are extra good and reliable. All Linux Mint versions are LTS nowadays, so with Mint you're always OK.

When you want to upgrade a production machine that's already running on an Ubuntu LTS version, to a newer LTS version, then only do that after the appearance of the first point release ("Service Pack 1") of that newer Ubuntu LTS version.

The best practice is, to split your computer work force in three: work horses, play boxes and testing machines.

- on the work horses you only install LTS versions of Ubuntu (all current and future versions of Linux Mint are and will be LTS);

- on the play boxes you can install the latest stable Ubuntu every six months;

-  on the testing machines you do your wild experiments, and your bug hunting in alpha and beta editions of the development versions of Ubuntu or Linux Mint.

Want more tips?

11. Do you want more tips and tweaks for Ubuntu or Linux Mint? There's a lot more of them on this website!

To the content of this website applies a Creative Commons license.