|
Mr Shiny Pants posted:As for the other point, hyperbole much? MS do know better. It's demonstrably proven by the actual use people did before updates on home were forced. If people didn't put off security updates for 6 months before, you'd not have MS solving the issue by taking that option away. Home users repeatedly disabled updates because "oh it always wants to do updates god this takes ages whats even the point why urgh" so MS stopped users having that choice. If you need more than 168hours* of contiguous up time, you can grab an OEM pro key for <$5 on eBay. * - updates aren't daily, so this is a worst-case anyway. You'll typically have ~840hours between forced reboots. Khablam fucked around with this message at 13:45 on Aug 18, 2019 |
#
?
Aug 18, 2019 13:42
|
|
|
|
| # ? Apr 27, 2024 03:11 |
|
|
Mr Shiny Pants posted:As for the other point, hyperbole much? One of them was so insane, hooking up a freshly installed machine, without the necessary patches, to the Internet, got it infected within 15 mins.
|
|
#
?
Aug 18, 2019 13:53
|
|
|
Khablam posted:Home users repeatedly disabled updates because
|
|
#
?
Aug 18, 2019 13:58
|
|
|
Combat Pretzel posted:I can't remember the names, but there's been viruses/trojans that spread like a wildfire, a long while back. Before the time of automatic updates and typically badly patched machines. Slammer and Windows XP iirc. It's just that taking the whole patching out of my hands is what irks me, and I don't run machines directly connected to the internet. So yeah, I think I can actually decide when to patch my machine or not. I also run Ubuntu and updating that is a breeze compared to Windows 10. This is probably a bad opinion, but I don't really care to be honest. So I'll leave it at this. 
Mr Shiny Pants fucked around with this message at 14:13 on Aug 18, 2019 |
|
#
?
Aug 18, 2019 14:06
|
|
|
You mean NAT with not directly connected? The most popular vector is the web nowadays. Yeah, Ubuntu gives you some security through obscurity, because desktop Linux is just a blip on the radar and therefore bad actors aren't really interested in spending any effort on it. Should Linux ever get really popular, that'll change, tho.
|
|
#
?
Aug 18, 2019 15:36
|
|
|
I was massively critical of the unsafe restarts 2 years ago and IMO they've fixed that part. I use the group policy to make updates require manual action on my main desktop, but my laptop is default (and running Home, so I don't have gpedit in any case). Restarts don't happen without notifications in the action center, plus an icon in the tray that shortcuts to the scheduler. The auto-scheduling is frequently for a day or two later, not the same night of the patch. If someone is having trouble with forced restarts in 1809/1903, I'm not sure what they're doing with the computer that it can't restart but they're never around to see the notifications. Using it as a rendering station or something? Or some setting is busted and you aren't getting notifications. However, that's one step forward and they've taken multiple steps backwards over the same time with quality and reliability of updates. Malware and cryptoworms are real bad, but we are in some sophie's choice territory here. Combat Pretzel posted:One of them was so insane, hooking up a freshly installed machine, without the necessary patches, to the Internet, got it infected within 15 mins. This is a worse security failure than being lackadaisical with patches though. WannaCry would have been this for Windows 10 if it hadn't been luckily defused. Zero-days happen.
|
|
#
?
Aug 18, 2019 15:55
|
|
|
Combat Pretzel posted:Yeah, Ubuntu gives you some security through obscurity, because desktop Linux is just a blip on the radar and therefore bad actors aren't really interested in spending any effort on it. Should Linux ever get really popular, that'll change, tho. Pfffffffft this is a statement 1000000 times dumber than anyone's opinion on updates good or bad. Linux on the desktop is Linux. It is not security through obscurity, every webserver and database machine in the world is a target.
|
|
#
?
Aug 18, 2019 15:58
|
|
|
Combat Pretzel posted:You mean NAT with not directly connected? The most popular vector is the web nowadays. NAT and Pfsense with PfblockerNg. Sure the web is a poo poo show but Firefox patches itself quickly and I run Ublock, combined with not running a load of crap and installing stuff willy-nilly from all over the place I think I am doing better than most. I like to just run Windows update from time to time but MS, in their infinite wisdom, decided that this means you like bleeding edge beta software...... I mean come on. I was mostly talking about how installing updates is just a smooth experience in Ubuntu. It is fast and relatively reboot free.
|
|
#
?
Aug 18, 2019 16:12
|
|
|
Note that if you're manually running apt-get upgrade you could very well need to reboot, but you'll not be notified about it unless you go looking. This has to be hammered home to a lot of server admins who believe they're patched when they're not. Of course most of the time you'll be upgrading firefox and other user-land programs through apt, but it's worth a mention any system level and/or kernel updates require as much rebooting as Windows, even if it's not telling you such.
|
|
#
?
Aug 18, 2019 16:28
|
|
|
So, what's the best way to install Windows 10 Pro for Workstations? I have an MSDN Enterprise or whatever subscription, so I have a valid license key already. I'm about to flatten and re-install my machine. Is it through the MCT? Is it just the key that makes the difference? Or do I have to do something else or download it from somewhere other than MSDN downloads? Also, does it get updates like any other Pro version of Win10? I'd like to use the new Windows subsystem for Linux on it and run sandbox and all that other stuff. Just want to make sure it'll work. I turn my machine off when I'm not using it so the Power Usage doesn't bother me.
|
|
#
?
Aug 18, 2019 16:47
|
|
|
Khablam posted:Note that if you're manually running apt-get upgrade you could very well need to reboot, but you'll not be notified about it unless you go looking. I've configured my server to spam me with emails if it detects out of date executables, for a restart. It happens often.
|
|
#
?
Aug 18, 2019 17:05
|
|
|
Khablam posted:Note that if you're manually running apt-get upgrade you could very well need to reboot, but you'll not be notified about it unless you go looking.
|
|
#
?
Aug 18, 2019 17:49
|
|
|
Khablam posted:Note that if you're manually running apt-get upgrade you could very well need to reboot, but you'll not be notified about it unless you go looking. Ubuntu, well KUbuntu anyway, will tell you that a reboot is required to finish the updating process.
|
|
#
?
Aug 18, 2019 18:12
|
|
|
biznatchio posted:That's literally not a problem if you're using anything other than Windows 10 Home, because Windows 10 Pro and up allow you to configure Windows to require the user's permission before restarting for an update, and allow it to be put off for up to the maximum delay -- which is 7 days by default, and can be turned up to 14 days. And if 14 days isn't enough for your video encoding, you can even go beyond that and explicitly, proactively elect to pause updates for 35 days. That sounds great! What exactly do I do to set it up, and when did they introduce that? I have Pro, and the last time I tried to make it ask the user before restarting it failed entirely. The mix of functional, semi-functional, and non-functional group policies is a giant pain. In the end I put it on "ask to install" mode, but that's not ideal.
|
|
#
?
Aug 18, 2019 18:13
|
|
|
Sininu posted:Where do I turn off fast startup in the newest W10? Having to restart specifically for updates pisses me off when I shut down my computer any time I won't be using it for more than 3 hours and that doesn't count for installing W10 updates. Do you use hibernate? If not then disable hibernate entirely. (Run command prompt as admin, powercfg /hibernate off) If you just want fast startup off, here's instructions on how to get to the correct part of the control panel: https://help.uaudio.com/hc/en-us/articles/213195423-How-To-Disable-Fast-Startup-in-Windows-10 No guarantees it'll fix anything about updates being weird, but fast startup causes enough strange problems by itself...
|
|
#
?
Aug 18, 2019 18:20
|
|
|
Dylan16807 posted:Do you use hibernate? If not then disable hibernate entirely. (Run command prompt as admin, powercfg /hibernate off) Oh, I was blind and it was still there. Didn't see it and thought It was gone when I checked earlier. Thank you!
|
|
#
?
Aug 18, 2019 18:29
|
|
|
I'm going to be upgrading to 1903 soon, and it's going to be via a re-format. I recall something a while ago about Spectre/Meltdown mitigation with CPUs such as mine (i5-7600K). I think I have the microcode patch on here already, do I need to do it again after finishing the 1903 install, or does 1903 have that functionality built-in?
|
|
#
?
Aug 18, 2019 19:44
|
|
|
Dylan16807 posted:That sounds great! What exactly do I do to set it up, and when did they introduce that? I have Pro, and the last time I tried to make it ask the user before restarting it failed entirely. The mix of functional, semi-functional, and non-functional group policies is a giant pain. In the end I put it on "ask to install" mode, but that's not ideal. Run gpedit.msc. Go to Computer Configuration\Administrative Templates\Windows Components\Windows Update and then change these policies:
Once those settings are changed (you may need to reboot before it takes effect, not sure) Windows will no longer automatically reboot unless 1) you've given it explicit permission to, 2) there is no active user session (a locked desktop counts as an active user session), or 3) unless you've ignored the notification for 7 days. If 7 days isn't enough, you can change the Specify deadline before auto-restart for update installation policy to any value between 2 and 14 days instead. With that pair of options, you'll get a notification telling you there's an update waiting, with buttons to install now, install the next time the computer is idle, or to open up the Settings app to schedule a time within the deadline period. biznatchio fucked around with this message at 19:51 on Aug 18, 2019 |
|
#
?
Aug 18, 2019 19:47
|
|
|
Ofecks posted:I'm going to be upgrading to 1903 soon, and it's going to be via a re-format. I recall something a while ago about Spectre/Meltdown mitigation with CPUs such as mine (i5-7600K). I think I have the microcode patch on here already, do I need to do it again after finishing the 1903 install, or does 1903 have that functionality built-in? You could always run the powershell script that checks these things before/after: https://support.microsoft.com/en-us/help/4074629/understanding-the-output-of-get-speculationcontrolsettings-powershell
|
|
#
?
Aug 18, 2019 19:52
|
|
|
Klyith posted:Pfffffffft this is a statement 1000000 times dumber than anyone's opinion on updates good or bad.
|
|
#
?
Aug 18, 2019 19:56
|
|
|
Combat Pretzel posted:Yet, the majority of effort is spent on exploiting Windows. Linux desktop is harder to exploit by design, your exploit probably won't run on more than a small percentage of systems and will almost certainly require user input. Windows is also extremely hard to exploit these days. The malware that's still prevalent is distributed in a way that makes users run it, crypto attacks and similar all do this. Since running an executable just isn't a thing on Linux, the distribution model doesn't work. You're then left with actual bonafide exploits, which neither system is particularly vulnerable to any more. They're more likely to be found by a bug-bounty hunter in the modern age, as any live exploits don't live long enough due to much tighter patching (see: why people defend forced patching) to be profitable as a malware vector. This is all to say Linux is securer by the virtue it's harder to get the user to run code for you. Windows could be theoretically free of any exploits, and it'd still be the main target as the "windows way" of adding software leads to it.
|
|
#
?
Aug 18, 2019 20:49
|
|
|
namlosh posted:So, what's the best way to install Windows 10 Pro for Workstations? I have an MSDN Enterprise or whatever subscription, so I have a valid license key already. I'm about to flatten and re-install my machine. I think it does updates like regular Pro, but other than Workstation, I’ve only ever used LTSB/LTSC.
|
|
#
?
Aug 19, 2019 03:36
|
|
|
Laslow posted:You can use the MCT, it might bitch about you having the wrong version of Pro and then prompt you to reboot to upgrade to Workstation, and you’re fine. Thanks man! For content, I’ll throw my hat in the ring and say that I’m one of those people that still believes in format, flatten, reinstall for windows every once in a while. I don’t do it near as much as I used to and windows has certainly gotten better; but people saying that system restore/reset is the exact same thing are wrong in my opinion. I’ve been a windows developer for many years and with all of the legacy stuff still built into windows 10, there’s just no way it could be true. That said, it’s your o/s and computer, so you do you
|
|
#
?
Aug 19, 2019 15:16
|
|
|
biznatchio posted:Just waiting for someone to claim that being able to postpone for 7 days is not enough because they absolutely need to use their consumer-level PC with its consumer-level OS without interruption for 7 days straight and how dare Microsoft get in the way of such an incredibly common use case. Hahaha, gently caress off with this bullshit. It's not yours. It's not Microsoft's. Those loving consumer-level users. The solution is to make reboots a non-issue, but Microsoft isn't smart enough internally and doesn't have a good enough relationship with developers to do this. A reboot should be unnoticeable. Apps can set a flag that they are reboot-blockers, and even better, can flag only certain states. Hey, AfterEffects is in the middle of a render, don't reboot. The OS could also be smart enough to see CPU pegged and know that it might not be a good time. Post reboot, everything gets put back just like it was. If Microsoft were REALLY smart, they'd monetize cooperation to drive more people to their awful Store. Reboot now to earn $0.49 in Store credit! And the amount gets lower and lower as time goes on. AlternateAccount fucked around with this message at 17:44 on Aug 19, 2019 |
|
#
?
Aug 19, 2019 17:42
|
|
|
What’s 0.49 multiplied by 1 billion multiplied by 12?
|
|
#
?
Aug 19, 2019 17:50
|
|
|
I just wanna clarify that it's possible to pause updates up to 35 days on Windows 10 Home and Pro alike.
|
|
#
?
Aug 19, 2019 17:52
|
|
|
Sri.Theo posted:What’s 0.49 multiplied by 1 billion multiplied by 12? You're operating under the assumption that anything on the Microsoft Store has actual cash value. It's just gonna be old people "buying" millions of copies of Candy Crush. Do we not incur ~$6bn globally as a result of botnet bullshit?
|
|
#
?
Aug 19, 2019 17:56
|
|
|
Sri.Theo posted:What’s 0.49 multiplied by 1 billion multiplied by 12? It doesn’t matter when zero of those one billion are spending any sizable amount of money in the store.
|
|
#
?
Aug 19, 2019 17:57
|
|
|
So why would 0.49 incentivise people if there’s nothing they want to buy? I don’t think you can have it both ways.
|
|
#
?
Aug 19, 2019 18:24
|
|
|
Sri.Theo posted:So why would 0.49 incentivise people if there’s nothing they want to buy? I don’t think you can have it both ways. Skinner box, maybe? Remember that old Xbox related thing where you played cheesy word games in a browser and got points toward items? My mom got REALLY INTO IT, ended up getting >$1000 worth of crap out of it. Outlier, for sure, but...
|
|
#
?
Aug 19, 2019 18:34
|
|
|
AlternateAccount posted:Apps can set a flag that they are reboot-blockers, and even better, can flag only certain states. Hey, AfterEffects is in the middle of a render, don't reboot. The problem with this is that there'd be a million programs out there that exist solely to set the flag for the dumbfucks who never want to update. Those are the people Microsoft is targeting here, they want them to either give up or gently caress off to some other platform. Providing any official method to indefinitely delay updates defeats the purpose. There are official methods to delay updates by a reasonable amount of time, that's what you're supposed to use. If you want to just not update, consumer Windows is not for you.
|
|
#
?
Aug 19, 2019 18:38
|
|
|
AlternateAccount posted:The solution is to make reboots a non-issue, but Microsoft isn't smart enough internally and doesn't have a good enough relationship with developers to do this. A reboot should be unnoticeable. Apps can set a flag that they are reboot-blockers, and even better, can flag only certain states. Hey, AfterEffects is in the middle of a render, don't reboot. The OS could also be smart enough to see CPU pegged and know that it might not be a good time. Post reboot, everything gets put back just like it was. Hell, I can't ever get the scheduled reboots to ever take, it skips over them 2/3 of the time and I need to do it manually. Even chrome's background task is enough to stop it most times.
|
|
#
?
Aug 19, 2019 18:59
|
|
|
wolrah posted:The problem with this is that there'd be a million programs out there that exist solely to set the flag for the dumbfucks who never want to update. Those are the people Microsoft is targeting here, they want them to either give up or gently caress off to some other platform. Providing any official method to indefinitely delay updates defeats the purpose. There are official methods to delay updates by a reasonable amount of time, that's what you're supposed to use. If you want to just not update, consumer Windows is not for you. Ideally it'd work both ways: apps set a flag to request updates to be delayed, and Windows sets a flag that warns apps that there's an update pending (with the understanding that Windows is going to ignore the app reboot delay request if they take too long). The app can then look for a safe pause point or ask the user to finish updates before starting a new task. The real problem is that Windows has a ton of legacy apps that still see regular use, and they won't be able to utilize any of those flags. Updating those apps is not always feasible, whether it's because the developers no longer maintain it or because you'd have to pay big bucks on a new license for what amounts to convenience.
|
|
#
?
Aug 19, 2019 20:32
|
|
|
Khablam posted:This is already largely how it works. The issues are yelled out by a loud minority that it affects. Is it? If Windows does a late-night surprise reboot, I usually get to it the next day and am momentarily confused because nothing's open. MacBook does this, and only sometimes leaves little clues or inconsistencies that indicate something happened.
|
|
#
?
Aug 19, 2019 20:35
|
|
|
I have some Windows 10 Pro systems at work. I have "Windows Update For Business" configured to Semi-Annual Channel for feature updates and defer for 30 days. None of them are getting 1903 nor are they offered 1903 if you manually check for updates. In fact most of them never received 1809 either, they are on 1803. All other updates are downloading, applying and restarting based on my settings. I can confirm the GPO is applying correctly both by checking GP Results and manually checking the registry entries. Here are the relevant GPO settings.  Anyone have any ideas? Edit: I am stupid... I had a conflicting GPO that was overriding it and had a WMI filter set to exclude Windows 10. oops. Once I fixed it the computers now are getting offered 1903. stevewm fucked around with this message at 21:44 on Aug 19, 2019 |
|
#
?
Aug 19, 2019 21:26
|
|
|
Or the system could just reboot when the admin tells it to, and at no other time. Other people scheduling their updates around their life doesn't prevent you from dropping everything to do it on windows' schedule if that's what brings you happiness. I'm actually setting up a laptop right now for what is probably the worst case scenario as far as keeping updated; 90% of its internet access will be on a heavily metered and shared connection, so auto-downloading of windows updates without user approval is absolutely off the table; definition updates for Defender would probably be fine since they're generally smaller. The 10% of the time it gets dragged to somewhere with decent internet, it's for a reason, and it can't just immediately max out the connection catching up on updates while the person is trying to work. I'm going to harden it as much as I can before shipping it - so defender, Chrome with ad and script blocking mainly - but further suggestions for keeping this thing as secure as possible would be great.
|
|
#
?
Aug 19, 2019 23:31
|
|
|
So what’s the plan for the user to keep it up to date?
|
|
#
?
Aug 20, 2019 13:10
|
|
|
If Windows doesn't do it automatically then mobile connections can be set as metered to avoid burning through data, and it isn't going to max out non-metered connections.
|
|
#
?
Aug 20, 2019 13:54
|
|
|
Sri.Theo posted:What’s 0.49 multiplied by 1 billion multiplied by 12? https://www.wolframalpha.com/input/?i=What%E2%80%99s+0.49+multiplied+by+1+billion+multiplied+by+12%3F
|
|
#
?
Aug 20, 2019 14:10
|
|
|
|
| # ? Apr 27, 2024 03:11 |
|
|
Javid posted:Or the system could just reboot when the admin tells it to, and at no other time. Other people scheduling their updates around their life doesn't prevent you from dropping everything to do it on windows' schedule if that's what brings you happiness. You realize there is out of box functionality to control WU behavior over metered connections, right?
|
|
#
?
Aug 20, 2019 15:01
|
|
