Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Wednesday August 17 2016, @02:34PM   Printer-friendly
from the our-os-our-rules dept.

Two users have submitted stories about Microsoft's intended change to how it provides updates and patches in the future.:

Running Windows 7 or 8? From October, Monthly Patches Are All-or-Nothing

El Reg reports

As of October, users of Windows 7, Windows 8, and various server products can [say farewell to] a Patch Tuesday of downloading multiple files: Microsoft is implementing the monthly patch rollup it promised in May.

At the same time, however, Redmond has decided to kill off individual security patches, something that might not please sysadmins. Instead, a monthly security-only rollup will collect "all of the security patches for that month into a single update".

[...] Instead of individual patches for each platform, for Windows 7.1 SP1, Windows 8, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2, there'll be a single set of updates.

The monthly rollups will include security patches and bug fixes, and each month's update will include the previous month's. That will reduce the chance that an update fails because it's got a dependency on a prior update (which, as Microsoft's Nathan Mercer writes in the announcement, can often mean hunting for a file that's hard to find).

[...] Servicing Stack and Adobe Flash won't be included in the rollups.

[Continues...]

In the comments we found these gems

  • I am already imagining having to miss out on critical fixes as some not-too-critical update in the package is broke and affecting the overall result.

  • The fact that you have to take the crap with the updates is one of the reasons so many of us rejected 10. Linux, as always, will be patched as soon as the updates become available; no waiting a month for MS to get around to providing a big monolithic update.

  • I shudder to think how this will affect environments with WSUS for the purpose of limiting specific patches to specific machines.

  • Does this mean Windows Update won't 'think about it' for 15 minutes?

  • A double whammy for those on restricted bandwidth [because a) everyone gets the patches for other versions, and b) last month's patches included

  • Just call it a Service Pack. By the end of next year, we'll have Windows 7 SP17. It's not elegant, but it's much clearer than KB6765431123134654741324.

Windows 7, 8.1 Moving to Windows 10's Cumulative Update Model

In with a story from Ars TechnicaWindows 7, 8.1 Moving to Windows 10's Cumulative Update Model

October 2016's Patch Tuesday will see the release of the first Monthly Rollup for Windows 7 and 8.1. This will be a single package delivering all of the security and reliability improvements released that month. Patch Tuesday will be delivered through Windows Update (WU), Windows Server Update Services (WSUS), and System Center Configuration Manager (SCCM). Subsequent months will have new Monthly Rollups, and these will be cumulative, incorporating the content of all previous Monthly Rollups.

[...]

Microsoft will also create security-only updates that include all the security fixes released each month, without any reliability or feature changes. These updates won't be cumulative. They will only be offered via WSUS and SCCM; WU users won't see them.

What Microsoft won't be doing after October, however, is shipping the individual hotfixes any more. Fixes will only be available through the Monthly Rollup or security-only update. This means that the ability to pick and choose individual fixes to apply will be removed; they'll be distributed and deployed as a singular all-or-nothing proposition. Microsoft argues that this will improve patch and system reliability. The company only tests configurations where every update is applied (with hundreds of individual updates, it's simply not possible to test all the individual combinations that a user might choose). This means that users and organizations that cherrypick their updates and only install a subset of the patches that ship each month are actually using configurations that Microsoft itself has not tested. Combining the updates should mean that end-user systems are closer to Microsoft's tested configurations.

[...] Going forward there will also be an equivalent patching regime for the .NET Framework. WU and WSUS will both distribute a Monthly Rollup of security updates and reliability improvements, with a security-only update offered to WSUS alone. The corresponding server operating systems—Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2—will also move to the same rollup model as the desktop platforms will use.


Original Submission #1Original Submission #2

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Informative) by nitehawk214 on Wednesday August 17 2016, @02:40PM

    by nitehawk214 (1304) on Wednesday August 17 2016, @02:40PM (#389132)

    Considering things like WindowsLies [github.com] have been cutting out the spyware portions of the updates for a while now, I am surprised it has taken them so long to start doing this.

    Now it will be trivially easy to slip malware in the cumulative "security" updates. Who knows what it is doing? Its a bunch of unrelated changes lumped together.

    --
    "Don't you ever miss the days when you used to be nostalgic?" -Loiosh
    Starting Score:    1  point
    Moderation   +4  
       Insightful=1, Interesting=1, Informative=2, Total=4
    Extra 'Informative' Modifier   0  

    Total Score:   5  
  • (Score: 2) by jdavidb on Wednesday August 17 2016, @02:45PM

    by jdavidb (5690) on Wednesday August 17 2016, @02:45PM (#389133) Homepage Journal

    Even beyond that I'm sure it's a cheaper maintenance burden for MS to not allow so much choice in the update process. From a business point of view it makes sense for them: why go to the extra expense of allowing a la carte patches on the legacy versions of the OS?

    Of course, from a user/administrator perspective, that doesn't mean it's the best way to go at all.

    --
    ⓋⒶ☮✝🕊 Secession is the right of all sentient beings
    • (Score: 3, Insightful) by tangomargarine on Wednesday August 17 2016, @03:03PM

      by tangomargarine (667) on Wednesday August 17 2016, @03:03PM (#389137)

      When you know you're above the law, why bother not being evil?

      --
      "Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
      • (Score: 0) by Anonymous Coward on Wednesday August 17 2016, @03:55PM

        by Anonymous Coward on Wednesday August 17 2016, @03:55PM (#389152)

        Hey, that's the google motto. Get yer own!

      • (Score: 2) by Grishnakh on Wednesday August 17 2016, @04:08PM

        by Grishnakh (2831) on Wednesday August 17 2016, @04:08PM (#389159)

        How are they "above the law" in this instance? There's no law saying that software vendors must make updates available on an a la carte basis, nor is there a law saying that vendors must act in the best interest of their customers. This change makes perfect sense for them and their shareholders, reduces fragmentation, and gives them more control over the "user experience" and how customers' machines are configured. I'm honestly surprised they didn't do this long ago.

        If you don't like it, you're free to find another OS vendor.

        • (Score: 5, Insightful) by tangomargarine on Wednesday August 17 2016, @04:24PM

          by tangomargarine (667) on Wednesday August 17 2016, @04:24PM (#389169)

          Well, ever since they got that antitrust judgment, it's not like they've really stopped anything they were doing. And now they're just seeing how much they can get away with.

          But fine, if you prefer, referring to the recent schenanigans, "unethical." I said "above the law" because there are a great many things that clearly are illegal that our court system is handwaving these days. And Microsoft has teams of Ninja Lawyers and swimming pools full of cash.

          If you don't like it, you're free to find another OS vendor.

          With Microsoft this is disingenuous. People (companies) need compatibility, and they've got a proven track record of stuff like AARD. [wikipedia.org]

          --
          "Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
          • (Score: 2) by Arik on Wednesday August 17 2016, @05:23PM

            by Arik (4543) on Wednesday August 17 2016, @05:23PM (#389199) Journal
            The general 'people' you cite that needs compatibility would be better served by funding ReactOS rather than Microsoft, but hey why not just keep feeding the dog that bites you instead?
            --
            If laughter is the best medicine, who are the best doctors?
            • (Score: 3, Interesting) by tangomargarine on Wednesday August 17 2016, @05:30PM

              by tangomargarine (667) on Wednesday August 17 2016, @05:30PM (#389202)

              I expect that the exact moment ReactOS becomes stable enough to be used for anything, they will somehow get sued into oblivion. And yes, I know what a clean-room implementation is. Still.

              Don't mistake this for me saying nobody should support them. It's a cool idea if it ever gets off the ground.

              --
              "Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
              • (Score: 2) by Arik on Wednesday August 17 2016, @06:24PM

                by Arik (4543) on Wednesday August 17 2016, @06:24PM (#389237) Journal
                The project has been going since 1996. It's not a new project that one should support 'if it ever gets off the ground' it's an old and well established one that's suffered chronically from underfunding. Virtually all the work that's been done on it over the past 20+ years has been done by a handful of unpaid volunteers, tracking a target that moves more quickly than they can hope to keep up with. If it had the kind of funding the likes of Ubuntu throw around it could 'get off the ground' but if it has to 'get off the ground' before it finds funding that's a pretty vicious catch-22 now isn't it?
                --
                If laughter is the best medicine, who are the best doctors?
                • (Score: 2) by tangomargarine on Wednesday August 17 2016, @08:15PM

                  by tangomargarine (667) on Wednesday August 17 2016, @08:15PM (#389278)

                  Yes, I've read about them before. All these reasons you're listing are very eloquent and all but we're just discussing why they're never going to make a difference :P

                  In other news, GNU Hurd will be totally orgasmtastic when they finally release it any year now, and we'll have flying cars in 20 years and cold fusion in 40.

                  --
                  "Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
                  • (Score: 0) by Anonymous Coward on Thursday August 18 2016, @04:56PM

                    by Anonymous Coward on Thursday August 18 2016, @04:56PM (#389648)

                    One of the big issues with GNU Hurd is that they've basically taken all the work, thrown it out and started over multiple times. By the time they decided on one to stick to, Linux was already the big boy on the scene. Except, they haven't really picked one because every few years, a big chunk of core developers spend their time trying to port it to another microkernel that is theoretically better.

        • (Score: 0) by Anonymous Coward on Wednesday August 17 2016, @04:38PM

          by Anonymous Coward on Wednesday August 17 2016, @04:38PM (#389177)

          Not this instance, but in other instances (the OP said "When you know you're above the law, ", not this instance shows that Microsoft is above the law).

          For example you and I would be in serious trouble (with various computer crimes laws) if we went about upgrading thousands of machines to Windows 10 without the genuine permission of the owners e.g. we popped up a dialog box and they clicked the wrong thing like "close" the dialog box.

          And yet Microsoft gets away with it.

          http://www.computerworld.com/article/3075018/windows-pcs/microsoft-breaks-own-design-rules-in-dupe-the-user-windows-10-upgrade-tactic.html [computerworld.com]
          http://www.extremetech.com/extreme/229040-microsofts-latest-trick-clicking-x-to-dismiss-windows-10-upgrade-doesnt-stop-upgrade-process [extremetech.com]

        • (Score: 2, Funny) by Anonymous Coward on Wednesday August 17 2016, @06:17PM

          by Anonymous Coward on Wednesday August 17 2016, @06:17PM (#389228)

          "It applies the patches, or it gets the hose!" Bill "Buffalo" "Microsoft" Gates

    • (Score: 0) by Anonymous Coward on Wednesday August 17 2016, @03:11PM

      by Anonymous Coward on Wednesday August 17 2016, @03:11PM (#389140)

      Sure it is, and you can do that if you have slaves. Other businesses have customers they need to keep happy.