The Lounge is rated PG. If you're about to post something you wouldn't want your
kid sister to read then don't post it. No flame wars, no abusive conduct, no programming
questions and please don't post ads.
Not quite. Delaying something doesn't mean it'll magically stop from a reboot without your knowledge when it finally does decided to download a patch. It just simply defers the "magical reboot". Your server can still go down willy nilly, just 180 days later than everyone else.
Rajesh R Subramanian wrote:
One could argue that the exact opposite of this might happen (both opinions being predictions anyway), but only time will tell what would happen.
It seems perfectly reasonable to give the server administrator several days or perhaps weeks to perform a manual reboot. if that does not happen... force the update.
Absolutely NOT. Computer systems are tools of the business, not the other way around.
The vendor does not own the environment, does not manage the environment, and has absolutely no say in how the environment is managed. They can recommend, but it is NOT their call.
I have worked in complex, highly regulated environments where any computer rebooting in the middle of a process will cause (at least) hundreds of thousands of dollars in damage, not including loss of business due to loss of confidence by the customers. People get fired for doing anything that negatively affects such processes, so I don't expect any OS that can force reboots will be allowed.
And how much do you pay out from those hundreds of thousand dollars to those clients who lost everything using your service because a timing issue existed in your system unpatched? Or because Google is your competitor[^]?
While I agree, that in the context of something redundant, "underlying OS for a cloud", etc. that's just a node on a cluster of machines, a single machine reboot can be acceptable. I don't agree that forcing it upon the user within a guest VM or legit server is prudent. And since Windows update tends to release updates for all at the same time, it would force more than one machine to reboot at similar times. I don't agree with that, it takes the assumptions that server admins are smart enough to figure out how to keep machines up to date.
After giving this much thought, I'm going to side with Microsoft on this one. A server is intended to be part of a domain and to therefore adopt the domain policies once deployed. Until then, it should default to the most fanatically secure/paranoid state possible. Public facing system deployment should be done with deliberation requiring opt-out options for anything related to security.
You disagreeing with me... again? Say it isn't so.
I don't agree with MS. I've administered ISPs. Under no circumstance should a machine go down without the admin having a say-so in it. This takes the assumption a sys admin is a retard who can't patch his/her system without being spoon fed.
This is about a default configuration, not a deployed configuration. A server should never be deployed in its default configuration. The unfortunate reality is that many admins aren't doing due diligence in setting up servers. The number of unpatched servers of all OS varieties is astonishing.
Another point is that Microsoft intends Windows Server to be used on a domain with domain policies in place, not stand-alone.
I know it's about a default configuration. I also know it's not nearly as easy to avoid this now. And I know there are stupid admins out there. However, magical default reboots are silly. And stand-alone or cluster doesn't matter.
I don't expect you to agree with me. Seriously Joe. I get how this pattern works between us. You never reply to my posts unless it's to disagree with me. Been years now bro. Seriously. Tell me something nice.
If a function be advertised to return an error code in the event of difficulties, thou shalt check for that code, yea, even though the checks triple the size of thy code and produce aches in thy typing fingers, for if thou thinkest 'it cannot happen to me', the gods shall surely punish thee for thy arrogance."
- Harry Spencer
"Go forth into the source" - Neal Morse
Last Visit: 31-Dec-99 19:00 Last Update: 3-Dec-16 20:23