lol. I stopped updating when every single goddammn update was pushing win10 on me, and my machine literally could not upgrade ( I tried multiple times, and every time, it ended up rolling back).
Then I found out about the crap win10 was phoning home (and their bullshit excuse that it was just "telemetry data," which by the way is a meaningless phrase), and how they were going to force updates, and I said "fukkit, linux it is"
...and now I occasionally remember to update, lol.
Automate. The word you are looking for is automate.
You absolute want some measure of manual control over your update process because sometimes updates brick things and blindly trusting that an update won't is a good way to get yourself into trouble. There's a reason IT departments employ some degree of change management.
Security breaches among other things have happened before through auto-updates, it doesn't matter really whose fault this is, they never learn and don't give the option for users to switch it off to protect their systems. I've mentioned this in another thread but there was a security breach via Unity Engine's auto-update in their launcher and that's what made me switch from them because it was a major red flag for incompetency.
Auto-update just means that you're opening yourself up to a cyber attack from a third party who can bork peoples' systems overnight while the majority are asleep.
I don't know if they re-enabled that recently or not, but as far as I know you can only disable windows updates through regedit and typical bs work arounds.
Auto updates are a good idea for the idiot consumer masses to keep them from shooting themselves in the foot. For anything server or business related, you want managed and vetted updates that roll out in a staggered manner to prevent exactly this.
For the use case of the clueless consumer, auto updates are better. The instant you start requiring a user to manage their own update process you are requiring a higher level of intelligence and proficiency than the vast majority of the population possesses. Given the choice, the idiot consumer will just never update and leave themselves wide open to malicious actors to do whatever they want with the victim's machine.
It's not just an observations but along the lines of they are good and we need to continue doing business with them. It feels very odd and forced.
I mean, I'll agree on auto-updates being bad. But defending Crowdstrike isn't at all surprising for the usual suspects. After all, they were involved with helping the DNC and investigating the evils of Orange Man so they must be Good Guys.
But defending Crowdstrike isn't at all surprising for the usual suspects.
The usual suspects proving they're nothing more than bots. Since when pushing an update that break systems to the point manual intervention on every affected machine is needed was ever defensible, even if you have a severe case of TDS.
Oh yeah btw I am very suspicious of software that gets deployed this widely that quickly puts this company into the S&P 500. With their stuff running live on so many computers. Someone said it was a dress rehearsal for a cyber attack. but they didn't say who would be making that attack.
Isn't it strange only Musk is the smart one to do this?
As a company you wouldn't exactly scream publicly what security systems you have deployed/removed since hackers can just focus on not being detected by X or Y solution. Musk has the clout to harm Crowdstrike's rep even further by announcing this shit publicly(though the outage already took it to the dumps).
I saw a post somewhere citing it was okay for the driver to kick off a BSOD loop if the config file was malformed.
Sounds like a masochistic BOFH: "If you screw up the config file then you'll have to enter recovery mode; because heaven forbid you just alert the user that the service isn't working and let them work while waiting on IT. Also good luck if you stored your Bitlocker keys on another affected machine."
There is something strange about the response to CrowdStrike. I've had people defend them and blame the companies for having auto-update.
It's not just an observations but along the lines of they are good and we need to continue doing business with them. It feels very odd and forced.
not defending crowdstrike, but auto updates are a bad idea in my opinion.
I cannot fathom the man who auto updates nor the man who never updates.
He got burned by Microsoft XP's Service Pack 2 update from over a decade ago and decided it was never worth the risk if something's already working.
lol. I stopped updating when every single goddammn update was pushing win10 on me, and my machine literally could not upgrade ( I tried multiple times, and every time, it ended up rolling back).
Then I found out about the crap win10 was phoning home (and their bullshit excuse that it was just "telemetry data," which by the way is a meaningless phrase), and how they were going to force updates, and I said "fukkit, linux it is"
...and now I occasionally remember to update, lol.
Hey thats me!
Has it really been a decade already?
When it comes to servers and security, you want to update as soon as possible. If updates are frequent, there's no reason not to automatize it.
There is at least one reason to not automatize updating and it just happened.
I disagree. in a business environment, you should be testing updates before you deploy company-wide, and this crowdstrike fiasco is a good reason why.
You want to update by choice as soon as possible.
Auto-updating without consent creates downstream disasters, even security vulnerabilities. If I don't see release notes, I ain't updating.
Sure, except for the giant clusterfuck we’re talking about that happened just a couple days ago.
Sysadmin For DEI hires:
"Install operating system and services with default settings, turn on auto update. Collect paycheck. Point fingers when something does break."
Automate. The word you are looking for is automate.
You absolute want some measure of manual control over your update process because sometimes updates brick things and blindly trusting that an update won't is a good way to get yourself into trouble. There's a reason IT departments employ some degree of change management.
Security breaches among other things have happened before through auto-updates, it doesn't matter really whose fault this is, they never learn and don't give the option for users to switch it off to protect their systems. I've mentioned this in another thread but there was a security breach via Unity Engine's auto-update in their launcher and that's what made me switch from them because it was a major red flag for incompetency.
Auto-update just means that you're opening yourself up to a cyber attack from a third party who can bork peoples' systems overnight while the majority are asleep.
I think you can switch off Microsoft updates? IDK about this Crowd strike thing.
I don't know if they re-enabled that recently or not, but as far as I know you can only disable windows updates through regedit and typical bs work arounds.
sometimes they're even accidental...
I agree is just feels a lot of victim blaming while defending the culprit.
Tell me more
- Microsoft
Auto updates are a good idea for the idiot consumer masses to keep them from shooting themselves in the foot. For anything server or business related, you want managed and vetted updates that roll out in a staggered manner to prevent exactly this.
That's only true if you assume that the updates are always a good thing, and this crowstrike situation proves they are not.
and this was (presumably) an accident. What happens when a malicious actor intentionally puts a backdoor or other nasty surprise into an update?
and I wont even get into the elitism of "the idiot consumers" attitude, lol
For the use case of the clueless consumer, auto updates are better. The instant you start requiring a user to manage their own update process you are requiring a higher level of intelligence and proficiency than the vast majority of the population possesses. Given the choice, the idiot consumer will just never update and leave themselves wide open to malicious actors to do whatever they want with the victim's machine.
I mean, I'll agree on auto-updates being bad. But defending Crowdstrike isn't at all surprising for the usual suspects. After all, they were involved with helping the DNC and investigating the evils of Orange Man so they must be Good Guys.
The usual suspects proving they're nothing more than bots. Since when pushing an update that break systems to the point manual intervention on every affected machine is needed was ever defensible, even if you have a severe case of TDS.
Oh yeah btw I am very suspicious of software that gets deployed this widely that quickly puts this company into the S&P 500. With their stuff running live on so many computers. Someone said it was a dress rehearsal for a cyber attack. but they didn't say who would be making that attack.
Isn't it strange only Musk is the smart one to do this?
Remove Cloudstrike, replace it with a competitor.
As a company you wouldn't exactly scream publicly what security systems you have deployed/removed since hackers can just focus on not being detected by X or Y solution. Musk has the clout to harm Crowdstrike's rep even further by announcing this shit publicly(though the outage already took it to the dumps).
☈: Musk Says He’s Deleted CrowdStrike From Systems After Outage.
☈: Elon Musk Deletes CrowdStrike "From All Systems,"
☈: Outages Explained – Possible Election Implications.
☒: Rolling The Curtains On Cabal.
☈: No coincidences here. Move along folks.
☒: Tech Experts Believe Outage Connected To Theft Of 2024 Election.
☒: The Crowdstrike Story so Far.
☒: An update on the Austin Private Wealth situation.
☈: Pelosi & husband invest up to $1 million in CrowdStrike.
☈: Julian Assange- Crowdstrike was hired by the DNC.
☈: 4Chan /pol/ | What is CrowdStrike.
☈: CROWDSTRIKE CODE INSERT?.
ㅤ ㅤ ㅤ ㅤ ㅤ ㅤ🔎: Communiteis General Search.
-̱͞|͞מ͟͞͞פ͟ו͟͞͞ק͞פ͟͞͞ק͞|̊̆ ‡.̗̀́
Wouldn't want to be part of the crowd on this one. Might be grounds for a tactical strike.
Most people are drones and will support whatever the status quo is. When the wind shifts all of these drones will change their "mind".
I saw a post somewhere citing it was okay for the driver to kick off a BSOD loop if the config file was malformed.
Sounds like a masochistic BOFH: "If you screw up the config file then you'll have to enter recovery mode; because heaven forbid you just alert the user that the service isn't working and let them work while waiting on IT. Also good luck if you stored your Bitlocker keys on another affected machine."