more control?
This initially sounds like a good idea. But, with Microsoft now in control, what could possibly go wrong? Lot's of Register stories will result from this I am sure.
Microsoft is updating a service introduced last year that shifts the responsibility of patching Windows devices from IT admins to the vendor itself. Redmond in April 2022 unveiled Windows Autopatch to automate updates to endpoints, but still giving administrators controls to adapt or make changes as needed. When it was first …
…Microsoft said that "for organizations who select this option, the second Tuesday of every month will be 'just another Tuesday.'"
For you, the day Microsoft graced your village was the most important day of your month. But for me, it was Tuesday.Paraphrased from the otherwise-forgettable Street Fighter movie.
It'll be funnier if you try something like:
17 02 8-14 * 2 (apt-get update; apt-get upgrade)
to try to get it to run on the second Tuesday as 'expected'.
Hint: It won't. I wish they would just fix that, even if it might break some weird, unholy crontabs that should never have been created that way in the first place.
Go on, use systemd-timers instead :-/
(I'm surprised they don't accept RFC5445 "iCalendar" for the events.)
But yeah, the semantics of cron are one of the weird corners of the toolchest, along with the output format of at being invalid input format for at.
Way back just after the KT boundary formed, I used to be brave enough to install 0-day updates. These days I'd like a solid week to go by to check how others have gotten on after applying the updates before I'll subject myself. I don't have the time to be down and I can't stay up all night troubleshooting like I used to. Mostly this is because I'm self-employed and not getting massive amounts of OT I can use to buy the ever increasing amounts of espresso it would take.
I have to a bleeding edge test group. Interestingly, my boss insisted upon being part of that test group.
I put my own machine in the production test group, if the bleeding edge didn't exsanguinate, we'd then test in the broader production test group. We put those in place after a much too small test group had some ill behaved patches trigger reboots in the middle of the day - including the installation commander during a briefing to his general.
Which is precisely what generated the KT boundary in the first place.
Given that DISA tests updates before releasing them broadly, then organizations test them further in their production network test groups, this should prove an interesting subject of conversation between the US DoD and Microsoft at contract time.
You will obey
When you don't
Exterminate, Exterminate
{grandson has been watching old Dr Who episodes that feature Daleks while he gets over Chicken Pox}
In other news, a female colleague joked that 'Patch Tuesday' was the software version of a Period. An event that can muck you up for days, one that cannot be ignored and like a bad kebab, keeps on repeating.
You would think by now, what with Microsoft's life time of experience in developing software, it was now expert in releasing software that was bug free in the first place so a patch Tuesday was something only inexperienced software development companies did.
Perhaps when they fire the 10% (it is still 10% isn't it?) each year they are firing the wrong 10%.