Author Topic: If you ever wondered why techs don't update right away....  (Read 4511 times)

0 Members and 1 Guest are viewing this topic.

Offline Leslieann

  • * Elevated Elder
  • Thread Starter
  • Posts: 3196
If you ever wondered why techs don't update right away....
« on: Wed, 28 March 2018, 22:06:59 »
Things like this are why techs hate automatic/forced updates.
We tend to take a wait and see approach or simply skip them entirely, because you need time to properly evaluate them, especially these days since MS certainly is not doing it the right way (virtual machines instead of real machines).

"Microsoft's Windows 7 Meltdown Fixes From January and February Made PCs More Insecure"
https://tech.slashdot.org/story/18/03/28/2010240/microsofts-windows-7-meltdown-fixes-from-january-and-february-made-pcs-more-insecure


Don't forget, they also just found another bug in Intel's latest chips called "Branchscope", so even if you buy a new one to avoid Specter and Meltdown, you may be getting something less secure, or some new vulnerability.
https://segmentnext.com/2018/03/28/intel-chips-face-new-threat-branchscope/


I'm not saying don't update anything ever, I'm just saying if you are waiting for the next patch to fix things or the next processor to have a fix, don't. While updates are not a bad, often those patches (especially rushed ones) create more problems than they fix, and many of the vulnerabilities are often easily plugged by not being an idiot, and running some sort of anti-malware. Those get patched and are updated far more often than Windows, not only are they more nimble, but their business model revolves around stomping out problems as often and quickly as possible, as opposed to Microsoft who decides if something is worth patching (because $$$$) or to shelve it and hope no one notices (which is why win10 is vulnerable to some of the same things as XP was). 

As for hardware, I have always found and stated that it's better to buy what you can, when you can, otherwise you will be perpetually waiting on the next thing coming down the line.

There is always threats and vulnerabilities, known and unknown, buying the latest and greatest just means more unknown, that applies to software and hardware. Don't let them rule your life.
« Last Edit: Fri, 30 March 2018, 01:55:14 by Leslieann »
Filco MJ2 L.E. w/hand milled Vortex case, custom feet/paint/winkey blockoff plate, HID Liberator, stainless steel universal plate, 3d printed adapters, Type C, sound dampened,  Thick PBT caps (o-ringed), Cherry Jailhouse Blues w/lubed/clipped Cherry light springs | GMMK TKL | Magicforce 68 | YMDK75 | KBT Race S L.E. | Das Pro (Costar model) | GH60 | IBM Model M (x2)


Offline davkol

  •  Post Editing Timeout
  • Posts: 4994
Re: If you ever wondered why tects don't update right away....
« Reply #2 on: Thu, 29 March 2018, 03:51:17 »
Meanwhile, Willy Tarreau:

Quote
Most consumers don't realize the risks they're taking by *buying products running on outdated kernels.* Most people don't care, some find it convenient as it allows them to download some applications to "root" their devices by exploiting some unfixed bugs (which then basically become the only bugs the vendors care to fix when they do). Others are just used to reboot their home router in the basement once in a while because it just hangs every 3 weeks for no apparent reason (_but it's a cheap one, surely it's expected_). And of course everyone believes the vendors when they claim that they still backport important fixes into their kernels. This is wrong at best and in fact almost always a lie in practice.

[…]

It's unknown how many exploitable vulnerabilities are present in these kernels, however it's *certain that all of them are at least locally exploitable,* allowing for example a browser plugin to inject malware code into the system and *take full control* of the device to steal data or participate to internet attacks. And if you don't care about security issues, just think about some of these bugs that I have encountered on various devices running outdated kernels, some of which disappeared after I managed to rebase and rebuild the kernel […]

Offline Leslieann

  • * Elevated Elder
  • Thread Starter
  • Posts: 3196
Re: If you ever wondered why techs don't update right away....
« Reply #3 on: Fri, 30 March 2018, 03:20:54 »
The problem I have with many guys talking about this stuff is it's often one sided and often only from their perspective, like the comment about backporting fixes or old kernels and such, here's why this is a problem...  Update your 2 year old Android... Go ahead, I'll wait... Oh, wait, you can't. Unless you rooted it and installed a custom rom.

Let's try the other perspective...
Try and disable a problematic update for Win10. Got it? Cool. Tomorrow MS will re-issue that update and you get to start over again. I hope you took notes.


Food for thought...
Why is it your computer gives you root access by default, but your cell phone needs to be hacked in order to have the same control?
Which is less secure, Android Froyo which is several years old without root or Android Oreo which is relatively recent, but with root?

The answer to both, are actually related.

Filco MJ2 L.E. w/hand milled Vortex case, custom feet/paint/winkey blockoff plate, HID Liberator, stainless steel universal plate, 3d printed adapters, Type C, sound dampened,  Thick PBT caps (o-ringed), Cherry Jailhouse Blues w/lubed/clipped Cherry light springs | GMMK TKL | Magicforce 68 | YMDK75 | KBT Race S L.E. | Das Pro (Costar model) | GH60 | IBM Model M (x2)

Offline davkol

  •  Post Editing Timeout
  • Posts: 4994
Re: If you ever wondered why techs don't update right away....
« Reply #4 on: Fri, 30 March 2018, 08:44:43 »
Why is it your computer gives you root access by default, but your cell phone needs to be hacked in order to have the same control?
It's not like Microsoft hasn't tried… Remember the early days of Secure Boot?

That's a part of the war on universal computing.

Offline Blaise170

  • * Esteemed Elder
  • Posts: 1332
  • Location: Boston, MA
  • ALPS キーボード
    • XYZ
Re: If you ever wondered why techs don't update right away....
« Reply #5 on: Fri, 30 March 2018, 09:31:49 »
Security is really just an illusion in most instances anyways. No matter how well you try to protect yourself, there will always be some entity spying on you or some malicious code that hasn't been discovered in the wild yet. Even if you are the hyper paranoid type and using Tails+Tor, there is still some flaw that could be exploited when found. The only way to be 100% secure is to not use technology in the first place.
I proxy anything including keyboards (キーボード / 鍵盤), from both Japan (日本) and China (中國). For more information, you may visit my dedicated webpage here: https://www.keyboards.es/proxying.html

View my current and past keyboards here: https://deskthority.net/wiki/User:Blaise170

Offline davkol

  •  Post Editing Timeout
  • Posts: 4994
Re: If you ever wondered why techs don't update right away....
« Reply #6 on: Fri, 30 March 2018, 10:32:15 »
Security is really just an illusion in most instances anyways. No matter how well you try to protect yourself, there will always be some entity spying on you or some malicious code that hasn't been discovered in the wild yet. Even if you are the hyper paranoid type and using Tails+Tor, there is still some flaw that could be exploited when found. The only way to be 100% secure is to not use technology in the first place.
Recommended reading: A Taxonomy of Privacy by Daniel J. Solove

Offline MajorKoos

  • Posts: 799
  • Location: Bay Area
  • 1 life please. Extra large.
Re: If you ever wondered why techs don't update right away....
« Reply #7 on: Fri, 30 March 2018, 10:35:17 »
Walk into any banking IT department and this is standard operating procedure.  People having meetings to discuss who's going to be on the team which evaluates whether it's worth doing a PoC to determine whether they're going to test the patch.

Offline ThoughtArtist

  • Posts: 306
  • Location: A climate-controlled testing facility
Re: If you ever wondered why tects don;t update right away....
« Reply #8 on: Fri, 06 April 2018, 18:22:44 »
I'm going to turn off internet before i go to sleep...



That's actually more logical than leaving a wide open net connection on all night for no reason at all.

Simply "hanging up" the net connection like in the old days with dial-up modems could at least lessen the exposure to potential hacks.

I'm sure national intelligence agencies would rather you not do that "for your own safety" though.
« Last Edit: Fri, 06 April 2018, 18:24:41 by ThoughtArtist »
The Model-M is more plasticy than a standard metal mounting-plate Cherry MX Brown TKL keyboard.

Offline Findecanor

  • Posts: 4614
  • Location: Koriko
Re: If you ever wondered why techs don't update right away....
« Reply #9 on: Fri, 06 April 2018, 19:34:02 »
I'm sure NSA loves Connected Standby ...
Man must shape his tools lest they shape him
-- Arthur Miller


Offline Altis

  • Posts: 951
  • Location: Canada
Re: If you ever wondered why techs don't update right away....
« Reply #11 on: Thu, 12 April 2018, 14:45:21 »
Not just automatic/forced/arm-twist updates, but permanent ones that you're stuck with forever are brutal.

And not just for security reasons, but major bugs or feature changes that people don't like. iOS is like this... once you update, the device can never be reverted back. If it's chalk-full of bugs and horrible UI/UX changes, then that's just too bad. Oh, and if it stills the device down to the point where it's unusable and needs to be replaced -- that's a real shame, isn't it.
WhiteFox (Gateron Brown) -- Realforce 87U 45g -- Realforce 104UG (Hi Pro 45g) -- Realforce 108US 30g JIS -- HHKB Pro 2 -- IBM Model M ('90) -- IBM Model M SSK ('87) -- NMB RT-101 & RT-8255C+ (Hi-Tek Space Invaders) -- Keytrak (Blue Alps) -- Chicony KB-5181 (Monterey Blue Alps) -- KPT-102 (KPT Alps) -- G80-1800 (MX Blue) -- KUL ES-87 (62/65g Purple Zealios) -- CM QFR (MX Red) -- Apple Aluminum BT -- Realforce 23u Numpad

Offline Blaise170

  • * Esteemed Elder
  • Posts: 1332
  • Location: Boston, MA
  • ALPS キーボード
    • XYZ
Re: If you ever wondered why techs don't update right away....
« Reply #12 on: Thu, 12 April 2018, 14:50:15 »
There's a reason I'll never buy an iPhone for myself. Sure I can save blobs after jailbreaking but there's only so much you can do to the phones to customize them. The first thing I did after buying my OnePlus 5t was replace recovery with TWRP, install custom OS, and root it. I want control over my device.
I proxy anything including keyboards (キーボード / 鍵盤), from both Japan (日本) and China (中國). For more information, you may visit my dedicated webpage here: https://www.keyboards.es/proxying.html

View my current and past keyboards here: https://deskthority.net/wiki/User:Blaise170

Offline StickyBlueJuice

  • Posts: 1160
  • Location: Denmark / Deliverance
  • Tactile pls
Re: If you ever wondered why techs don't update right away....
« Reply #13 on: Sat, 14 April 2018, 07:03:25 »
There's a reason I'll never buy an iPhone for myself. Sure I can save blobs after jailbreaking but there's only so much you can do to the phones to customize them. The first thing I did after buying my OnePlus 5t was replace recovery with TWRP, install custom OS, and root it. I want control over my device.
I am by no means a fanatic for either system.
Both have their advantages and flaws in MY opinion.
I do have the itch to root a phone and customize it the way I want though. So I've been leaning towards the Sony XZ2.

Offline Leslieann

  • * Elevated Elder
  • Thread Starter
  • Posts: 3196
Re: If you ever wondered why techs don't update right away....
« Reply #14 on: Sun, 15 April 2018, 01:10:21 »
Before you buy a phone, research the heck out of it on XDA forums if you plan on doing anything to it.

Let's use the Galaxy S4 as an example
When released the AT&T model had a locked sim card but unlocked bootloader, unfortunately the first (or second) OTA  update locked the bootloader. Those first unlocked ones fetch a serious premium if you can find one that has not been updated. A locked bootloader means even if you root it, you may not be able to install another rom. At best you can use a modified stock rom. While rom builders are getting good at working around the limitation, it's still a limitation. Locked sim means you cannot port out without authorization.

Here is how carriers stack up, at least with Samsung phones as they are the worst. They will work with carriers and lock it down how they wish, other manufacturers may or may not.
AT&T - locked sim and boot loader
Verizon - locked bootloader, unlcoked sim
Sprint - HAHAHA* TL/DR run away.
T-mobile fully unlocked.
You pay a premium for the T-mobile and unlocked because they are unlocked.

Other brands and models have variations, this is the norm for Samsung though. Samsung are also extremely easy to brick and they are extremely unforgiving. LG often plays games with partitioning which can be a nightmare to root, but they are very forgiving when you screw up. HTC is very forgiving if you mess up and, at least they used to, offer an easy way to root. I have no experience with Sony. Beware OnePlus, they do some shady things, they started out well but have gone downhill.

As for Iphone vs Android
Iphone screen to body ratio is/was pathetic, I also hate IOS and how locked down it is, BUT, at least they do proper updates on a regular basis. Android is nice and open, but updates are a hassle unless you root and rom, and even then it's not easy and Google is a bastard about Gapps and spying.  I run Android with a custom rom and very limited Google background systems with as much firewalled as I can.


* Sprint not only locks both, but removes the unlock menu in software, this way they can legally tell you it cannot be unlocked and transfer carriers. They planned for this and was doing those to their phones for a bit before the new FTC law, which they helped write, creating this exemption in the process. They were also placing locks on high end models until 2 years of use (a blacklist), and then after the FCC rule change they placed a hold on them insisting even if the phone was paid off that you couldn't port out with the phone until you used it for a full year on Sprint. When I bought my S4 it was free, a month later they placed an ETF hold on it, saying I needed to use it for a year on Sprint contract. I was considering using Sprint prepaid with it, which I had used for 14 years prior but instead I bought a Verizon mainboard (which was compatible) and ported out. I have not looked back and refuse to do anything with that company.
Filco MJ2 L.E. w/hand milled Vortex case, custom feet/paint/winkey blockoff plate, HID Liberator, stainless steel universal plate, 3d printed adapters, Type C, sound dampened,  Thick PBT caps (o-ringed), Cherry Jailhouse Blues w/lubed/clipped Cherry light springs | GMMK TKL | Magicforce 68 | YMDK75 | KBT Race S L.E. | Das Pro (Costar model) | GH60 | IBM Model M (x2)

Offline StickyBlueJuice

  • Posts: 1160
  • Location: Denmark / Deliverance
  • Tactile pls
Re: If you ever wondered why techs don't update right away....
« Reply #15 on: Sun, 15 April 2018, 02:39:26 »
Before you buy a phone, research the heck out of it on XDA forums if you plan on doing anything to it.
Yeah that's the plan. The phone is just starting to hit the streets and I'm not upgrading phone until sometime in Q4 this year. So that'll leave plenty of time to see what I can get away with.

Offline Blaise170

  • * Esteemed Elder
  • Posts: 1332
  • Location: Boston, MA
  • ALPS キーボード
    • XYZ
Re: If you ever wondered why techs don't update right away....
« Reply #16 on: Sun, 15 April 2018, 03:09:53 »
OnePlus has definitely done some shady things with OxygenOS which is exactly why I removed it. The main issue with updates on Android is fragmentation, manufacturers like Samsung don't want to keep pushing out updates to old hardware because then you won't buy their latest devices. I will never buy another Samsung product after the nightmare that is my Galaxy S4 Active, considering that even after rooting I still can't do much with it since AT&T not only had an exclusive contract for the Active, but also made sure to lock the bootloader. The fact that I can't even factory reset without manually restoring a bunch of stuff is awful. I blame manufacturer's 100% on almost every issue I've ever encountered on Android. Sure Google doesn't have a spotless record, but I trust them with my data far more than a lot of other companies.
I proxy anything including keyboards (キーボード / 鍵盤), from both Japan (日本) and China (中國). For more information, you may visit my dedicated webpage here: https://www.keyboards.es/proxying.html

View my current and past keyboards here: https://deskthority.net/wiki/User:Blaise170

Offline katushkin

  • Too Keycool for School
  • * Elevated Elder
  • Posts: 3662
  • Location: Birmingham - Not Alabama
  • The KOTM guy
Re: If you ever wondered why techs don't update right away....
« Reply #17 on: Thu, 19 April 2018, 19:12:10 »
In the last 6 months we've had two forced Win 10 architecture updates **** our domain controllers at work. Somehow they managed to stop the devices using network time and they used their own CMOS time, which was for whatever reason an hour behind. This then synced across all domain controllers, putting everyone's systems behind an hour, but still in the same TZ, so other applications refused connections basically breaking everything.

TL;DR, forced updates have ground our business to a halt twice in the last 6 months.
Can we get them to build the Alps ten feet higher and get Cherry to pay for it?
Katushkin's Clearout | Twitter | Steam | Instagram|

Offline tp4tissue

  • * Destiny Supporter
  • Posts: 12903
  • Location: Official Geekhack Public Defender..
  • OmniExpert of: Rice, Top-Ramen, Ergodox, n Females
Re: If you ever wondered why techs don't update right away....
« Reply #18 on: Thu, 19 April 2018, 19:16:33 »
In the last 6 months we've had two forced Win 10 architecture updates **** our domain controllers at work. Somehow they managed to stop the devices using network time and they used their own CMOS time, which was for whatever reason an hour behind. This then synced across all domain controllers, putting everyone's systems behind an hour, but still in the same TZ, so other applications refused connections basically breaking everything.

TL;DR, forced updates have ground our business to a halt twice in the last 6 months.

Pretty normal.. Happens in database software all the time.. backup failed.. applications hang.. everyone blames everyone else.. 50 phone calls to India.. 2 weeks minimum..

Offline Leslieann

  • * Elevated Elder
  • Thread Starter
  • Posts: 3196
Re: If you ever wondered why techs don't update right away....
« Reply #19 on: Thu, 19 April 2018, 20:47:47 »
2 weeks for the businesses I work for means you're fired, especially if you caused it.
Filco MJ2 L.E. w/hand milled Vortex case, custom feet/paint/winkey blockoff plate, HID Liberator, stainless steel universal plate, 3d printed adapters, Type C, sound dampened,  Thick PBT caps (o-ringed), Cherry Jailhouse Blues w/lubed/clipped Cherry light springs | GMMK TKL | Magicforce 68 | YMDK75 | KBT Race S L.E. | Das Pro (Costar model) | GH60 | IBM Model M (x2)

Offline katushkin

  • Too Keycool for School
  • * Elevated Elder
  • Posts: 3662
  • Location: Birmingham - Not Alabama
  • The KOTM guy
Re: If you ever wondered why techs don't update right away....
« Reply #20 on: Thu, 19 April 2018, 22:57:37 »
Two days for a priority 1 incident is the point that you lose your job as a third party support contractor. If you can't fix something in two weeks then you shouldn't be supporting it in the first place.
Can we get them to build the Alps ten feet higher and get Cherry to pay for it?
Katushkin's Clearout | Twitter | Steam | Instagram|

Offline Altis

  • Posts: 951
  • Location: Canada
Re: If you ever wondered why techs don't update right away....
« Reply #21 on: Fri, 20 April 2018, 00:02:56 »
In the last 6 months we've had two forced Win 10 architecture updates **** our domain controllers at work. Somehow they managed to stop the devices using network time and they used their own CMOS time, which was for whatever reason an hour behind. This then synced across all domain controllers, putting everyone's systems behind an hour, but still in the same TZ, so other applications refused connections basically breaking everything.

TL;DR, forced updates have ground our business to a halt twice in the last 6 months.

That's nuts.

Forced/permanent updates are such an awful idea, but tech companies know they only need to convince the masses to go along with it, who largely don't know any better.
WhiteFox (Gateron Brown) -- Realforce 87U 45g -- Realforce 104UG (Hi Pro 45g) -- Realforce 108US 30g JIS -- HHKB Pro 2 -- IBM Model M ('90) -- IBM Model M SSK ('87) -- NMB RT-101 & RT-8255C+ (Hi-Tek Space Invaders) -- Keytrak (Blue Alps) -- Chicony KB-5181 (Monterey Blue Alps) -- KPT-102 (KPT Alps) -- G80-1800 (MX Blue) -- KUL ES-87 (62/65g Purple Zealios) -- CM QFR (MX Red) -- Apple Aluminum BT -- Realforce 23u Numpad

Offline katushkin

  • Too Keycool for School
  • * Elevated Elder
  • Posts: 3662
  • Location: Birmingham - Not Alabama
  • The KOTM guy
Re: If you ever wondered why techs don't update right away....
« Reply #22 on: Fri, 20 April 2018, 00:10:17 »
Well our infrastructure guys said they had stopped auto reboots on all our important servers, and our updates are meant to be pushed out via group policy, but there you go.
Can we get them to build the Alps ten feet higher and get Cherry to pay for it?
Katushkin's Clearout | Twitter | Steam | Instagram|

Offline tp4tissue

  • * Destiny Supporter
  • Posts: 12903
  • Location: Official Geekhack Public Defender..
  • OmniExpert of: Rice, Top-Ramen, Ergodox, n Females
Re: If you ever wondered why techs don't update right away....
« Reply #23 on: Fri, 20 April 2018, 05:05:31 »
Two days for a priority 1 incident is the point that you lose your job as a third party support contractor. If you can't fix something in two weeks then you shouldn't be supporting it in the first place.


Most things get fixed in 2 days..

But we get the 2 weeks thing at least once/twice a year..

And we're still on contract with the same indian crew 6 years running ever since oracle went india.

Offline MajorKoos

  • Posts: 799
  • Location: Bay Area
  • 1 life please. Extra large.
Re: If you ever wondered why techs don't update right away....
« Reply #24 on: Fri, 20 April 2018, 08:14:32 »
Well our infrastructure guys said they had stopped auto reboots on all our important servers, and our updates are meant to be pushed out via group policy, but there you go.

Updates are not typically pushed via GPO.
Rather, one uses a GPO to configure windows to update from somewhere like WSUS or SCOM in place of windows update.
If that GPO rolls back for some reason windows will revert to default, i.e. windows update + auto install.
Sounds like that's what happened to the DCs - someone screwed up the GPOs which  rolled back the windows update settings.

1) How did they break GPOs twice (which would have prevented both incidents)?
2) Why do those super important servers have internet access enabled (which would have prevented both incidents)?
3) Why didn't they fix the BIOS time after the first incident (which would have at least prevented the second incident)?
« Last Edit: Fri, 20 April 2018, 08:21:27 by MajorKoos »