Has Linux patching surpassed Mac and Windows? (ZDNet)
Recent vulnerabilities in Adobe Macromedia Flash and Mozilla Firefox that can affect multiple operating systems highlight a weakness in the Mac and Windows auto-update process because they're primarily focused on patching Apple and Microsoft specific issues. Most modern Linux distributions on the other hand like Redhat and SuSE have automatic update mechanisms that patch across the entire spectrum of software since Linux by its very nature is made up of a collection of applications from different sources."
Posted Mar 16, 2006 23:04 UTC (Thu)
by k8to (guest, #15413)
[Link] (5 responses)
Posted Mar 17, 2006 0:40 UTC (Fri)
by drag (guest, #31333)
[Link] (4 responses)
Go look at the horror that is 'enterprise' style Windows-based program and patch management systems. Imagine trying to roll out a Firefox patch across 300 different Windows boxes or try to install applications across all those. It looks like a huge pain that is unreliable and very expensive to say the least.
With Apt-get or Yum with ssh I can spend 20 minutes writing a custom script to do the same thing. Also making deb packages or rpms for custom software is fairly easy also.
I can do stuff like maintain a local mirror of the distro's software and when I get updates from the web.. try those out on test machines to make sure no new bugs are introduced then add them to the mirrors and let the machines automaticly update themselves via cronjobs or whatnot. It would be fairly easy to deploy configuration changes that way also.
Posted Mar 17, 2006 9:38 UTC (Fri)
by kornak (guest, #17589)
[Link] (2 responses)
Posted Mar 17, 2006 12:03 UTC (Fri)
by drag (guest, #31333)
[Link] (1 responses)
My experiance is mostly with apt-get. I just write a script to send commands to bunches of different machines with ssh. Something based around the idea of going like this:
Of course if the deb package asks for some input it will kinda of throw a wrench into it.. but debconf is configurable for the sort of questions it asks. The nice thing about it is that it's usefull for lots of different stuff other then just installing or updating software. It's easiest when you have something like kerberos setup.
Of course I make it more complex with logging output and have it report weither or not the job completely successfully and whatnot.
There are also programs like Batch Manager Login that is something that you can use for a more widespread environment with multiple different authentication scemes. http://batchlogin.sourceforge.net/ Probably much better then anything I make up on the fly.
Posted Mar 18, 2006 10:48 UTC (Sat)
by gdt (subscriber, #6284)
[Link]
<p>The combination of yum and cfengine is pretty typical when administering large numbers of RHEL/FC machines.</p>
Posted Mar 17, 2006 12:45 UTC (Fri)
by rvfh (guest, #31018)
[Link]
You're a bit biased here. You can run scripts at login in W... to
update the user settings/system. Ok, I agree that doing administrative
tasks as a normal user feels weird to me too, but for MS it's normal!
That's how they propagate trojan horses, viruses and worms. In fact, they
are some kind of nature lovers in Redmond...
Posted Mar 17, 2006 0:22 UTC (Fri)
by jwb (guest, #15467)
[Link] (2 responses)
Posted Mar 17, 2006 2:38 UTC (Fri)
by mcculls (guest, #34229)
[Link] (1 responses)
Posted Mar 17, 2006 3:09 UTC (Fri)
by mattdm (subscriber, #18)
[Link]
Posted Mar 17, 2006 17:47 UTC (Fri)
by kmself (guest, #11565)
[Link] (3 responses)
I became painfully aware of just how different the worlds of GNU/Linux
and the largely proprietary MS Windows are a couple of years ago when I
was responsible for running a youth center lab with WinXP desktops, just
as the spyware/malware epidemic was building. From basic system
architecture to the relationships between ISVs and OS vendors, the entire
system is adversarial and confrontational, resulting in a huge additional
burden to end-users and admins. What's key is that the reasons are very
much more than technical.
I've written up observations on this in my essay Spyware, Adware,
Windows, GNU/Linux, and Software Culture. Might make interesting
reading in conjunction with Mr. Ou's article.
Posted Apr 3, 2006 21:15 UTC (Mon)
by roelofs (guest, #2599)
[Link] (2 responses)
Outstanding essay.
I think David (A.?) Wheeler has written something along similar lines, and Richard Forno also did so a few years back (with a more Mac-centric slant).
Greg
Posted Apr 17, 2006 1:11 UTC (Mon)
by kmself (guest, #11565)
[Link] (1 responses)
If you have any pointers to the Wheeler and/or Forno essays, I'd be very interested in seeing them. karsten (at) linuxmafia.com should reach me.
Thanks.
Posted Apr 19, 2006 3:48 UTC (Wed)
by roelofs (guest, #2599)
[Link]
I believe these are the ones (fairly sure about Wheeler, certain about Forno):
In addition, here's a related essay/blog entry on MSIE by Wheeler:
Greg
Posted Mar 18, 2006 20:35 UTC (Sat)
by h2 (guest, #27965)
[Link]
One thing I didn't see mentioned, I've found one and only one av product that actually is able to withstand the full frontal attack on security created by some users, the ones who WILL click on all attachments for example no matter how many times you tell them not to: nod32 is the only antivirus product that has protected my boxes 100%, zero virus infections over the years. Normally I don't like recommending commercial products, but if you must maintain a windows network, and if you use commercial av solutions, nod32 is very good. The best I've ever seen.
Your article was definitely a real world view of the spyware windows issues, I also liked your comments on adware simply being a logical extension of commercial software. All makes great sense, thanks for linking to that.
What an amusing postulate, considering that Linux has been superior in update rollout going on a decade now.Has Linux patching surpassed Mac and Windows? (ZDNet)
Ya it is funny. Has Linux patching surpassed Mac and Windows? (ZDNet)
I'm a little curious how you use ssh with yum and why? Has Linux patching surpassed Mac and Windows? (ZDNet)
I donno. Is there a better way to use yum remotely?Has Linux patching surpassed Mac and Windows? (ZDNet)
for i in list-of-machines; do ssh $i "apt-get --yes install blah" ;done
<p><i>I donno. Is there a better way to use yum remotely?</i></p>Has Linux patching surpassed Mac and Windows? (ZDNet)
Auto update in MS W...
The reader can extend the above article to understand why Autopackage (http://autopackage.org/) is a very poor idea and foreign to the core value of a Linux distribution.Has Linux patching surpassed Mac and Windows? (ZDNet)
Except that autopackage allows patching of software not supported by your distro, which is better than no patching at all. It also means app developers can provide their own update channel without relying on the various distros.Has Linux patching surpassed Mac and Windows? (ZDNet)
They can do that now by creating an apt or yum repository....Has Linux patching surpassed Mac and Windows? (ZDNet)
Not just patching but entire packaging & SW ecosystem
I've written up observations on this in my essay Spyware, Adware, Windows, GNU/Linux, and Software Culture.
Not just patching but entire packaging & SW ecosystem
Wheeler / Forno essays?
If you have any pointers to the Wheeler and/or Forno essays, I'd be very interested in seeing them.
Wheeler / Forno essays?
kmself, I have to say, usually when somebody posts a link to their stuff it's not that great, but your article fits with my experience almost perfectly. Where I have full control spyware infections are much lower. And where adults are using the boxes, they will always have spyware on them each time I run system cleanups, which I do once or twice a year. But it's always within reason.Has Linux patching surpassed Mac and Windows? (ZDNet)