Musk Says He’s Deleted CrowdStrike From Systems After Outage
(www.bloomberg.com)
You're viewing a single comment thread. View all comments, or full comment thread.
Comments (61)
sorted by:
not defending crowdstrike, but auto updates are a bad idea in my opinion.
I cannot fathom the man who auto updates nor the man who never updates.
He got burned by Microsoft XP's Service Pack 2 update from over a decade ago and decided it was never worth the risk if something's already working.
lol. I stopped updating when every single goddammn update was pushing win10 on me, and my machine literally could not upgrade ( I tried multiple times, and every time, it ended up rolling back).
Then I found out about the crap win10 was phoning home (and their bullshit excuse that it was just "telemetry data," which by the way is a meaningless phrase), and how they were going to force updates, and I said "fukkit, linux it is"
...and now I occasionally remember to update, lol.
Hey thats me!
Has it really been a decade already?
The war has been long, brother.
When it comes to servers and security, you want to update as soon as possible. If updates are frequent, there's no reason not to automatize it.
There is at least one reason to not automatize updating and it just happened.
I disagree. in a business environment, you should be testing updates before you deploy company-wide, and this crowdstrike fiasco is a good reason why.
It's all fun and games until the update somehow manages to break all of the network printer configurations.
yeah so I'm not the master of large scale IT, but I do test my code on the h/w it's going to run on before I publish it. I'm not saying it's simple to do so given how many different configurations might be deployed. That's why I'm not the master of IT to tell you how to do that. But the principle is I think the same.
You want to update by choice as soon as possible.
Auto-updating without consent creates downstream disasters, even security vulnerabilities. If I don't see release notes, I ain't updating.
Sure, except for the giant clusterfuck we’re talking about that happened just a couple days ago.
Bad automatization software, I guess.
Sysadmin For DEI hires:
"Install operating system and services with default settings, turn on auto update. Collect paycheck. Point fingers when something does break."
Add in the part about convincing the company to buy every third-party security software suite who's sales guy takes you out to lunch. You should see an average business computer now, there's a stack of random security software, none of which that place nice with anything.
I think you can switch off Microsoft updates? IDK about this Crowd strike thing.
It looks like you're right that they don't make it available with the GUI, but you don't need regedit. Just disable services.msc ... they say. I have had Windows re-enable services before.
sometimes they're even accidental...
I agree is just feels a lot of victim blaming while defending the culprit.
Tell me more
- Microsoft
Auto updates are a good idea for the idiot consumer masses to keep them from shooting themselves in the foot. For anything server or business related, you want managed and vetted updates that roll out in a staggered manner to prevent exactly this.
That's only true if you assume that the updates are always a good thing, and this crowstrike situation proves they are not.
and this was (presumably) an accident. What happens when a malicious actor intentionally puts a backdoor or other nasty surprise into an update?
and I wont even get into the elitism of "the idiot consumers" attitude, lol
For the use case of the clueless consumer, auto updates are better. The instant you start requiring a user to manage their own update process you are requiring a higher level of intelligence and proficiency than the vast majority of the population possesses. Given the choice, the idiot consumer will just never update and leave themselves wide open to malicious actors to do whatever they want with the victim's machine.