this post was submitted on 28 Feb 2024

834 points (97.3% liked)

linuxmemes

21291 readers

857 users here now

Hint: :q!

Sister communities:

LemmyMemes: Memes
LemmyShitpost: Anything and everything goes.
RISA: Star Trek memes and shitposts

Community rules (click to expand)

1. Follow the site-wide rules

Instance-wide TOS: https://legal.lemmy.world/tos/
Lemmy code of conduct: https://join-lemmy.org/docs/code_of_conduct.html

2. Be civil

Understand the difference between a joke and an insult.

Do not harrass or attack members of the community for any reason.

Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.

Bigotry will not be tolerated.

These rules are somewhat loosened when the subject is a public figure. Still, do not attack their person or incite harrassment.

3. Post Linux-related content

Including Unix and BSD.

Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of sudo in Windows.

No porn. Even if you watch it on a Linux machine.

4. No recent reposts

Everybody uses Arch btw, can't quit Vim, and wants to interject for a moment. You can stop now.

Please report posts and comments that break these rules!

Important: never execute code or follow advice that you don't understand or can't verify, especially here. The word of the day is credibility. This is a meme community -- even the most helpful comments might just be shitposts that can damage your system. Be aware, be smart, don't fork-bomb your computer.

founded 1 year ago

MODERATORS

[email protected]

834

I find this to be most accurate with Debian (lemmy.dbzer0.com)

submitted 8 months ago by [email protected] to c/[email protected]

81 comments fedilink hide all child comments

(page 2) 31 comments

sorted by: hot top controversial new old

[–] [email protected] 30 points 8 months ago

I find this to be least acurate with debian.. on other distros a patch may or may not install a new version of that package. that can bring changes to the behavior. On debian stable the security issues are backported. So you can patch and be sure that there is no changes to the behavior of the system. It is basically the reason all vm's i manage are debian stable.
It is also true they never crash. But that is expected of linux. It is the extreme reliabillity that is the debian killer feature for me.

[–] [email protected] 66 points 8 months ago (6 children)

I work at a medium size company with hundreds of Linux servers and none of them get updated. Because it's more important that they keep running as they are than to have the latest updates. I bet this is very common for most companies.

[–] [email protected] 3 points 8 months ago (2 children)

If it's a personal server that can manage being down for 15min or so. You could just setup auto updates with email if anything goes wrong and reboot off hours. Containers also make it less risky although it does fail to update every once in a great while.

load more comments (2 replies)

[–] [email protected] 86 points 8 months ago (1 children)

There is nothing more important than security patches on a system.

I used to work at an FMI, which’s motto was “keep things stable”. Even the ciso department bought that crap. Until we hired a white hat hacker. The only thing given was the name of the company. He managed to get into the building, access an employee’s workstation and install a root kit on one of the most important financial message tracking systems (you know, the one that instructs other systems to transfer money), using a security bug, which would have been patched if they kept a regular (security) update cycle. After shit hit the fan, many people were fired and an update cycle was introduced.

No system is important enough to not patch. And if you believe it is, you’re wrong.

[–] [email protected] 8 points 8 months ago* (last edited 8 months ago) (6 children)

Yeah, but that just takes way too much work. You think I really care about the company's/bank's money if I'm not getting paid enough for that job? Security patches can also introduce new problems, like x changes, so y doesn't work, so the main app doesn't work... and what, then I have to manually edit code, introduce the thing that x relied on so that y can work again?

I'm sorry, but this is not your average IT department's job... or if it is, I expect a damn good compensation for it.

I've updated and rolled back snapshots because of shit like this... nah, not gonna try and figure out what the problem was... at least not for the salary I'm currently getting paid. If it burns, it burns, so be it.

[–] [email protected] 15 points 8 months ago (17 children)

“Way too much work” — if you ever said that where I work I’d fire you or not hire you in a heartbeat. An administrator’s role is not only to the stability of the system but the security too. You’re a hackers wet dream.

load more comments (17 replies)

[–] [email protected] 20 points 8 months ago (2 children)

I’d be surprised if you actually saw anything change from security updates tbh, I don’t think I’ve ever seen anything break from a quick patch.

Dist upgrades are when things might break, but they’re only once every few years. Leave them too long though and you may end up with compatibility issues if you need to make changes.

Fair enough if you’re not getting paid enough, the company should hire more people to stay on top of that though.

[–] [email protected] 1 points 8 months ago (2 children)

Usually you upgrade everything though, not just sec patches. And it's a risk that something stops working, and nobody wants to spend time on that..

load more comments (2 replies)

load more comments (1 replies)

load more comments (4 replies)

[–] [email protected] 16 points 8 months ago (1 children)

Jup same here. We have a colleague that constantly reminds everyone that we're not properly patched (even running eol versions) but there's always something to be done that's a higher priority.

[–] [email protected] 7 points 8 months ago (4 children)

Exactly. Shit needs to just work, period. Why? Because otherwise, I'm the one getting 2AM calls... and I would be OK with that if I'm properly compensated for it... which I'm not.

load more comments (4 replies)

[–] [email protected] 6 points 8 months ago

Typically monthly or quarterly patching depending on severity and DMZ exposures. When log4j or shellshock hit it was patch once the patch was released and tested

load more comments (2 replies)

[–] [email protected] 12 points 8 months ago (1 children)

Unatended-upgrades keeps all systems securly patched. But there is a need for a reboot for kernel updates now and then.

[–] [email protected] 21 points 8 months ago (1 children)

Me with my 'homelab' nas:

system (user-facing) package has an update? It'll auto-update overnight

dockerized service has feature updates? Let watchtower handle it with the weekly schedule

dockerized service with security patch? yeah, let's hit that this afternoon

actual system update? EVERYTHING IS GOING OFFLINE -4 SECONDS AGO FOR THIS

[–] [email protected] 19 points 8 months ago (1 children)

The system is going down NOW.

[–] [email protected] 3 points 8 months ago (1 children)

https://youtu.be/Z1TlbLfaJp8?si=nL9C6MqHUbWm0cy-

The system is down

[–] [email protected] 3 points 8 months ago

Here is an alternative Piped link(s):

https://piped.video/Z1TlbLfaJp8?si=nL9C6MqHUbWm0cy-

Piped is a privacy-respecting open-source alternative frontend to YouTube.

I'm open-source; check me out at GitHub.

[–] [email protected] 42 points 8 months ago (2 children)

Do you work for the North Korean government or something OP? Why discourage people from keeping their systems secure?

[–] [email protected] 31 points 8 months ago (2 children)

What they are referring to is people just don't update their server because during that time they wouldn't be able to make a profit. This goes more to middle siszed businesses but happens rather often

[–] [email protected] 5 points 8 months ago (2 children)

I was making a joke

[–] [email protected] 15 points 8 months ago

Joke transfer unsuccessful. Server crashed. Time to update the joke server.

load more comments (1 replies)

[–] [email protected] 9 points 8 months ago (2 children)

Blows my mind, lol. Usually means no redundancy that allows one set to be done while the other set handles the traffic.

[–] [email protected] 9 points 8 months ago

"Why should we pay for another server one works just fine, a second would just be waisted money."

Also

"We need 9 9s of reliability or the company will fail."

[–] [email protected] 7 points 8 months ago (5 children)

Yeah, it is quite common, I can confirm... well, at least around here it is.

load more comments (5 replies)

[–] [email protected] 9 points 8 months ago

Security is an art... the art of not giving a fuck about your data

-Op, probably

[–] [email protected] 11 points 8 months ago (1 children)

True except for the one BOFH admin on the team who actually cares about best practices.

And yes, most distros have painless updates, the devs and everyone else don't care.

[–] [email protected] 13 points 8 months ago (1 children)

Hi. It's me. The guy bitching about best practices every other meeting. Sorry, but some of my past and present coworkers are clowns.

load more comments (1 replies)

[–] [email protected] 19 points 8 months ago

Debian updates are not usually that big of a deal especially if you have HA configured

[–] [email protected] 86 points 8 months ago* (last edited 8 months ago)

Updates in Linux are far more tolerable. There’s really no reason to delay Debian stable, imo, unless you absolutely can’t risk some downtime.

Server rats excepted, it’s just a process that goes in the background and at most, you have to reboot the kernel.

There’s no staring at the Blue Screen of Boredom while windows update holds your machine hostage.

load more comments