• CriticalMiss@lemmy.world
    link
    fedilink
    English
    arrow-up
    28
    arrow-down
    8
    ·
    4 days ago

    Hate to be that guy but if you automatically patch critical infrastructure or apply patches without reading their description first, you kinda did it to yourself. There’s a very good reason not a single Linux distribution patches itself (by default) and wants you to read and understand the packages you’re updating and their potential effects on your system

    • festus@lemmy.ca
      link
      fedilink
      English
      arrow-up
      15
      ·
      4 days ago

      Many distros (at least Ubuntu) auto-installs security updates, and here a mislabeled “security update” was auto-installed. This is not the fault of the sysadmins.

      • starman2112@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        8
        arrow-down
        1
        ·
        4 days ago

        here a mislabeled “security update” was auto-installed.

        To be fair, you would have to read all the way to the first paragraph to get this information from the article. Hard to blame people for not knowing this critical bit of information when it was buried so deep

    • rumba@lemmy.zip
      link
      fedilink
      English
      arrow-up
      2
      ·
      4 days ago

      There’s a lot of people out there running automation to keep their servers secure. Well I agree any automation out there should be able to flag and upgrade excluded, It would seem to me like Microsoft should own some of the blame for a full ass hard to uninstall OS update fed in with the same stream and without it interaction. I kind of expect my OS in stall pop up a window and say hey a****** this is going to upgrade your system, are you cool with that. I don’t know how it works these days but I know back in the day going between versions you would have to refresh your licensing on a large upgrade.

      • CriticalMiss@lemmy.world
        link
        fedilink
        English
        arrow-up
        5
        ·
        4 days ago

        Unlike with other OSes Microsoft releases all of their patches on Tuesday at around the same time in one big batch. I spend my Tuesday morning reading the patch descriptions and selectively applying them. A method that hasn’t failed me once.

        • rumba@lemmy.zip
          link
          fedilink
          English
          arrow-up
          1
          ·
          3 days ago

          Yeah, I’m using Ninja on about 120 boxes. It’s set to auth critical only. If someone reports a problem, we’ll go ahead and blacklist that update temporarily while we sorted out even though it’s semi-automated they never happen all at once there’s always a couple of canaries that get up a little early.