Meanwhile I’ve still got customers who are running CentOS 6.
We have an app running on CentOS 6. The vendor of the app informed us they expect to have a new version that can run on RHEL 8 by the end of the year - 2025.
Hate to be that guy but if you automatically patch critical infrastructure or apply patches without reading their description first, you kinda did it to yourself. There’s a very good reason not a single Linux distribution patches itself (by default) and wants you to read and understand the packages you’re updating and their potential effects on your system
There’s a lot of people out there running automation to keep their servers secure. Well I agree any automation out there should be able to flag and upgrade excluded, It would seem to me like Microsoft should own some of the blame for a full ass hard to uninstall OS update fed in with the same stream and without it interaction. I kind of expect my OS in stall pop up a window and say hey a****** this is going to upgrade your system, are you cool with that. I don’t know how it works these days but I know back in the day going between versions you would have to refresh your licensing on a large upgrade.
Unlike with other OSes Microsoft releases all of their patches on Tuesday at around the same time in one big batch. I spend my Tuesday morning reading the patch descriptions and selectively applying them. A method that hasn’t failed me once.
Since rolling back to the previous configuration will present a challenge, affected users will be faced with finding out just how effective their backup strategy is or paying for the required license and dealing with all the changes that come with Windows Server 2025.
Accidentally force your customers to have to spend money to upgrade, how convenient.
Congratulation, you are being upgraded. Please do not resist. And pay while we are at it.
Since MS forced the upgrade, you should get 2025 for free. That would probably be really easy to argue in court
Ah, but did you read the article?
MS didn’t force it, Heimdal auto-updated it for their customers based on the assumption that Microsoft would label the update properly instead of it being labeled as a regular security patch. Microsoft however made a mistake (on purpose or not? Who knows…) in labeling it.
Then it’s still on Microsoft for pushing that update through what is essentially a patch pipeline
It is, but they never forced anyone to take the update, so that might save their asses, or it might not
This would be no different to you ordering food in a restaurant, them bringing you the wrong meal, you refusing because you didn’t order it, then they tell you to go fuck yourself and charge you for it anyway.
If this argument is valid in your judicial system then you live in a clown world capitalist dictatorship.
Have you seen the state of the US? A “clown world capitalist dictatorship” is a pretty apt description
I’m truly, totally, completely shocked … that Windows is still being used on the server side.
Basically AD and the workstation management that uses it. Could all be run on a VM and snapshotted because you know it’s going to fuck up an update eventually. Perhaps SQL Server but that’s getting harder to justify the expense of anymore.
We run a lot of Windows servers for specialized applications that don’t really have viable alternatives. It sucks, but it’s the same reason we use Windows clients.
A bunch of enterprise services are Windows only. Also Active Directory is by far the best and easiest way to manage users and computers in an org filled with a bunch of end users on Windows desktops. Not to mention the metric shitload of legacy internal asp applications…
Linux does AD. Don’t let that stop you from switching.
No not really. It does the various services for the most part, but Active Directory is exclusively a Microsoft product. Group Policy in particular also does not have a drop in replacement that’s any sort of sane.
Yeah at work we do a lot of internal microsoft asp stuff, poweshell, AD, ms access, all that old legacy ms stuff
Is powershell “legacy”?
Windows Powershell sort of is legacy, but Powershell 7 definitely isn’t
I guess not actually but the amount of weird bugs I got from running a working script makes me think there’s something wrong with the way we have ours set up.
Do system administrators still exist? Honest question. I was one of those years ago and layoffs, forced back to office bullshit drove me away
yes, but we spend most of our time in meetings with cloud service vendors now.
I haven’t been inside the server room for a month.I only go in the server room to t-pose in front of the giant air conditioner to cool off.
I’m not necessarily talking about being in the server room, I’m talking about more like doing power shell stuff and the stuff you would think system administrators do. They are still teaching active directory in IT classes in college
What, do you think it’s all run by AI now?
No, just not many job postings for it. Go look on indeed with that exact title. Switch to remote, almost no jobs
Misleading title. It was installed by a third-party updater, Heimdall, but MS labeled a Windows 11 update wrong.
They labelled an OS version upgrade as a security update.
Yet another reason to not do auto-updates in an enterprise environment for mission-critical services.
In an enterprise environment, you rely on a service that tracks CVEs, analyzes which ones apply to your environment, and prioritizes security critical updates.
The issue here is that one of these services installed a release upgrade because Microsoft mislabelled it as security update.Should still be doing phased rollouts of any patches, and where possible, implementing them on pre-prod first.
For security updates in critical infrastructure, no. You want that right away, in best case instant. You can’t risk a zero day being used to kill people.
Pre-prod is ideal, but a pipe dream for many. Lots of folks barely get prod.
We still stagger patching so things like this only wipe some of the critical infrastructure, but that still causes needless issues.
Wrong.
Microsoft labelled the update as a security update
Do you know that’s not a mistake and done fully malicously knowing that? Please give me your source.
Read the fucking article.
The patch id couldnt be any clearer.
And you make absolutely no error?
Besides that:
Should MS have caught the errorenous ID (assuming it truly was errourneous and not knowingly falsely labeled)? Absolutely. Should the patch management team blindly release all updates that MS releases? No?
It must have been the same fun as when back in 2012 (or 2013?) McAfee (at least I think it was them) identified /system32 as a threat and deleted it :)
One of the few things that accursed software actually got right!
Haha, that’s great!