this post was submitted on 03 Aug 2024
197 points (93.8% liked)

Linux

48328 readers
761 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] Nibodhika@lemmy.world 2 points 3 months ago* (last edited 3 months ago) (12 children)

Nope, that's not how it works on Linux, even if someone introduced the most heinous breaking change people would just not update until things were fixed, in fact the update is unlikely to do that because things are tested before being pushed. If someone were using latest of everything by having something like a Gentoo system with everything building from git maybe that person would be affected and he would have to rollback to an earlier version and keep going for a total downtime of 1h tops, and that is if someone was using the most stupid way possible in production.

The main reason why this will NEVER happen to a server running Linux is that updates are not automatic, i.e. they get triggered manually, so if there's an issue upstream you don't update, and if you encounter you rollback. The issue is not that Windows had a broken update, that can happen and it's fine, the issue is when the OS forcefully installs that update and breaks your system without you doing anything.

And yeah, I know what I'm talking about, I worked as a software architect for a large website for a few years and now I work as a software engineer for the servers of one of the largest online games.

Edit: re-reading your post, I would like to ask you how would you build this critical infrastructure with Windows? Because independently of how you answer it you would have been affected by this.

[–] lud@lemm.ee 2 points 3 months ago (4 children)

The problem wasn't with an update Microsoft pushed out. It was due to an update by crowdstrike which iirc ignored all settings for staged rollout (or there were no settings at all for that)

It's not like anyone outside Crowdstrike chooses to have these updates installed. It happened automatically with no way of stopping it.

[–] Nibodhika@lemmy.world 2 points 3 months ago (3 children)

Yes, this specific problem wasn't caused by Microsoft, but it was caused by the forced automatic update policy that crowdstrike has, which is the same behavior Windows has. So while this time it wasn't Microsoft, next time it could be. And while you can prevent this from happening on your Linux box by choosing software that doesn't do this, it's impossible to prevent it on a Windows box because the OS itself does it.

[–] lud@lemm.ee 3 points 3 months ago (1 children)

You absolutely can (and should) do staged rollout for windows updates.

Source: We do that at work. We have 3 different patch groups. 1 "bleeding edge", 1 delay by a day or two, and another one delayed by a bit more. This so so we can stop an update from rolling out to prod if dev breaks.

[–] Nibodhika@lemmy.world 2 points 3 months ago (1 children)

Correct me if I'm wrong, but others have told me that Microsoft reserves the right to push security upgrades that bypass any policy setup by the network administrator.

[–] lud@lemm.ee 1 points 3 months ago

Maybe, I'm not sure about that.

It's possible that there is a way to for example bypass a company's WSUS server but I don't know if there is such a way and I couldn't find any obvious way when searching.

Due to the source being hearsay I don't really feel convinced and if I were you I wouldn't spread such information further unless you found reliable sources first.

I'm open to any information about it if anyone can find any reliable information like documentation or blog posts from MS employees.

Still I highly doubt that is used often at all if it even exists. Only to be used in the absolute direst of times. I would also trust Microsoft much more in such a case that a third party like Crowdstrike.

load more comments (1 replies)
load more comments (1 replies)
load more comments (8 replies)