Patch Tuesday Facelift End of an Era

[RV_]

I'm not pro or con this change. I join in the applause for tightening the gap between exploits and patching against them. Businesses and those who pay for pro will not get the as developed because of deployment difficulties so those with Windows Pro will still be able to test and prepare.

 

On the other hand, for folks like RVrs and on limited data plan there will be adjustments to be made. Having them all come in at once gives fair warning to go to all local free WiFi or friend's Ethernet cable. No they will trickle in all through the month as they are developed. That can close a four week possible gap of vulnerabilities. Or being smaller may be more acceptable on the road.

 

I do know some folks don't update until it is too late because they don't want to wait for them.

 

For me I'll just set them on auto and check regularly to see what' been updated.

 

For folks on the road they can set updates to Ask First, and decide. Or go to Starbucks or another free Internet place for a pleasant hour listening to their ripped music on their ear buds while they imbibe in the caffeine ritual or a McRibs, and download and install large ones.

 

Here's an excerpt from the announcement and a link to the rest of the story:

 

"Scheduled patch deliveries are so last decade—and thankfully, it looks like they’re over when it comes to Microsoft Patch Tuesday.

 

Microsoft this week at its Ignite event introduced its new security update scheme called Windows Update for Business, which debuts in Windows 10 with several new features that help IT departments take better control of patch deployments and prioritization. For consumers and businesses not running Windows Pro or Windows Enterprise devices where the service is free, the second-Tuesday-of-every-month procession of updates is over.

 

“We’re not going to be delivering all of these updates to all of these consumers on one day of the month,” said Terry Myerson, executive vice president of operating systems at Microsoft. And with that declaration, Patch Tuesday’s 12-year run is essentially done. Companies that have structured all-hands-on-deck patch rollouts will now get patches—and new functionality features—as they’re available. Windows of exposure to attacks against unpatched vulnerabilities close a little tighter. The applause given to Myerson during his keynote at Ignite was likely echoed in server rooms worldwide."

 

See more at: https://threatpost.com/patch-tuesday-facelift-end-of-an-era/112640#sthash.ynkeXYcB.dpuf

[RV_]

No more patch Tuesdays and no one comments??

 

This is quite a departure for Microsoft.

[wa_desert_rat]

Swell... now we have to pay closer attention to what they roll out and when. And when the patch causes everything on the server to stop working there'll only be one IT guy on the floor. He's gonna be a happy camper all right.

 

 

WDR

[harley-dave]

When I still worked, I was in IT and we never let patches occur on automatic. Download and test, then push them ourselves on our schedule. Much less of a problem for us that way.

 

Dave

[wa_desert_rat]

When I still worked, I was in IT and we never let patches occur on automatic. Download and test, then push them ourselves on our schedule. Much less of a problem for us that way.

 

Dave

True enough..... it was just easy to schedule two guys on patch night so they could determine which ones to do and just get 'em done.

 

WDR

[Jim & Alice]

When I still worked, I was in IT and we never let patches occur on automatic. Download and test, then push them ourselves on our schedule. Much less of a problem for us that way.

 

Dave

 

You got that right, Dave. We maintained duplicate test systems, and did all our burn-in testing there... before a 4:00 AM Sunday morning shutdown to re-image our OS. Later, IBM developed a technology called Parallel Sysplex, where we could maintain a Plex of 3-4 mainframes sync'd together, and could take one offline, upgrade it's OS... and then re-sync it with the other processors in the Plex. Doing that one-by-one eliminated shutdowns.

Jim

[wa_desert_rat]

 

You got that right, Dave. We maintained duplicate test systems, and did all our burn-in testing there... before a 4:00 AM Sunday morning shutdown to re-image our OS. Later, IBM developed a technology called Parallel Sysplex, where we could maintain a Plex of 3-4 mainframes sync'd together, and could take one offline, upgrade it's OS... and then re-sync it with the other processors in the Plex. Doing that one-by-one eliminated shutdowns.

Jim

Wow... the biggest gear I worked on were Honeywell 316s in a real-time system controlling the positioning of a drill ship. They were in a 10x20 compartment adjacent to the bridge where the control panels and readouts were. H316s were "mini" computers in the 70s and had core memory and a 1mb drum drive.

 

We thought it was pretty nifty... but 3 or 4 mainframes back then would have taken up the entire bridge deck!

 

WDR

[Clay L]

Now that I am connected to cable with unlimited data at 44 Mbps this won't matter a much to me as it did with a 3G aircard running at .6 Mbps (when throttled) to 1.5 Mbps.

It would have been nice sometimes back then - with two laptops to make it worse.

[Jim & Alice]

We thought it was pretty nifty... but 3 or 4 mainframes back then would have taken up the entire bridge deck!

 

WDR

 

Actually, it was a lot of fun... but a little expensive. I picked up the technology by attending an IBM User Conference called SHARE. The really big players attended this 5-day conference, and shared what they were doing with IBM.

 

We could LPAR (Logically Partition) a single mainframe 'box' into a few different boxes, complete with individual serial numbers. Or, we could buy distinct mainframe boxes with individual serial numbers. Or goals were along the "five 9's" for application availability, or %99.999 available. One of the last projects my teams did when I was working, was to create a 2nd 'lights out' data center located a half-mile away. We ran underground fiber to connect it physically to the rest of the plex'd mainframes. That way, if the main data center physically went away... the workload going on (CICS & DB2) would immediately shift to the 2nd (presumably safe) datacenter.

 

I imagine this stuff is pretty routine today, but back in the early 2000's, it was leading edge.

Jim

[wa_desert_rat]

 

Actually, it was a lot of fun...

....I imagine this stuff is pretty routine today, but back in the early 2000's, it was leading edge.

 

I was doing the drill ship thing in the late 1970s and the Honeywell 316 min-computer was pretty popular. They were very rugged (I think they were designed to be used on tanks) and were actually the first computer to be advertised to use in the home for recipes (at $50k or so).

 

We used low frequency transponders dropped in a pattern around the drill site and integrated wind, current and wave data to keep the rig centered within 10% of water depth (we were drilling in 6,000 feet of water even back then). I was also the subsea engineer and responsible for the multiplexed blow-out-preventer which was supposed to hold in any pressure bubbles. It was pretty interesting work even though I was away from home a lot. We worked 28days on and 28days off with full pay every month and that gave me enough time off to build our 32' cruising sailboat when I was home.

 

Interesting people too... lots of geologists and biologists and pretty much the cutting edge of oil wildcatting technology.

 

So I tended to stay small, working with DEC computers and then various operating systems like Xenix, Unix, and then Linux.

 

WDR

[Jim & Alice]

So I tended to stay small, working with DEC computers and then various operating systems like Xenix, Unix, and then Linux.

 

WDR

 

Probably smart on your part. Mainframes had their day, but with the advent of peer-to-peer networking (tcp/ip), they became unnecessarily hard to work with. I think today, they can only be justified in the most demanding reliability situations... and IBM did equip them with tcp/ip in the early 90's.

 

Sounds like you have seen some interesting stuff! Working on a drill ship... 28 on, 28 off... sounds like almost 'military'. Were you in the Gulf Coast? And the systems.... Xenix (Burroughs?), Unix, Linux... all good stuff. I went thru the PC wars back in the late 80's and early 90's.... Windows vs. OS/2... and working for a Hospital, we had to contend with a strong 'medical professional' preference for Apple. Later in life, I got involved with networking and Solaris and Linux, as well as Microsoft's OS's. Glad to be retired!

Jim

[wa_desert_rat]

I was an RF guy at first and then moved into control systems at a company that was making deck equipment for the Navy (constant tension winches, windlasses, etc.) and tension control systems for off shore drill rigs. We did some experimenting with Intel 4004 controllers but they did not have enough address space (and no one had invented "paging") so we stuck to CMOS digital controls. Then I moved onto the drill rigs we were making equipment for, made more money and worked half the time.

 

I drilled all over the northern hemisphere on rigs that contracted to the likes of Shell, Exxon, etc. Nothing military once I was out of the Navy (except for a year in the WA Air National Guard).

 

Once I had stopped working on ships I was dissatisfied with MS Windows abilities to multitask (in comparison to Unix) and stumbled across Linux in 1994. Byte Magazine said Unix was dead but I kept finding people who wanted me to work on the stuff. When the Internet boom hit the only OS that actually worked well with tcp/ip (remember that Bill Gates stole the BSD tcp/ip stack - complete with copyright - for Windows 95) and suddenly my skills were really in demand.

 

I must say that being an electronics engineer first was a big help when working with control systems and getting involved with computer systems (4004, etc) early was also critical.

 

But I would have loved to work on some "big iron" just a little bit. Of course, now they just link Linux blades together until they get enough teraflops so with Linux you get everything from a Raspberry Pi that fits in a shirt pocket to NASAs supercomputers.

 

I just wish I could be 30 and know what I know now.

 

WDR

[Jim & Alice]

I must say that being an electronics engineer first was a big help when working with control systems and getting involved with computer systems (4004, etc) early was also critical.

.......

I just wish I could be 30 and know what I know now.

 

WDR

 

WDR, Amen on the 'being 30'. I think I'd go back and be a History teacher. I enjoyed computers, but I have a passion for history...

 

The electronics engineer is a good background - especially in today's world of networked servers. I never did get to where I liked building a rack... and all them doggone cables. My background degree was in pure Computer Science - more math and statistics than anything electronic. Following that background, I started in software programming, progressed to OS programming... all bits & bytes. That worked well in a uni-mainframe, but like I said, when servers came in.. racks... cards... I became a manager where I didn't have to do any real work!

Jim