←back to thread

91 points robaato | 5 comments | | HN request time: 0s | source
Show context
Animats ◴[] No.42071463[source]
"or paying for the required license?"

Where was the acceptance of a contract requiring that? Microsoft just gave people a free upgrade.

replies(2): >>42072582 #>>42075922 #
PittleyDunkin ◴[] No.42072582[source]
I imagine the definition of "upgrade" depends on the needs of the customer. The merchant of the license is inherently unable to evaluate this. Installing software without explicit consent, especially not-functionally-equivalent-software, is inherently wrong.
replies(1): >>42072809 #
causality0 ◴[] No.42072809{3}[source]
It's amazing to me that we're all so chill about a company in Redmond having root access to our PCs because they pinky-swear they will never misuse it.
replies(1): >>42072826 #
ranger_danger ◴[] No.42072826{4}[source]
And yet when you call it what it is (a backdoor) people get highly offended. Same thing with ubuntu snaps or really anything that updates automatically.
replies(1): >>42073901 #
112233 ◴[] No.42073901{5}[source]
How exactly updating non-automatically would help you avoid vendor backdoors that could be placed in the software by a request from the vendor government?
replies(1): >>42080200 #
ranger_danger ◴[] No.42080200{6}[source]
If you or someone else inspect the update and find something malicious before the update is actually applied, I think that's useful.

For example look at how many "patch tuesday" update fails there have been... I think it's sometimes a good idea to not always apply new updates immediately for this and other reasons.

replies(1): >>42081435 #
orf ◴[] No.42081435{7}[source]
Right, but this is expensive and dumb so nobody is going to do it themselves.

And then you’re back to trusting an external third party, just slower and with greater expense.

replies(1): >>42081537 #
1. ranger_danger ◴[] No.42081537{8}[source]
I don't think it's dumb, I have been saved from disaster too many times to count, by just waiting a little bit after something new comes out, to see if other people start having problems that might affect me.
replies(1): >>42081602 #
2. orf ◴[] No.42081602[source]
That’s a different thing entirely - waiting for a review of a product before purchasing is different from inherently untrusting the manufacturer of the product, as it may contain something malicious that is targeted at you.
replies(1): >>42081715 #
3. ranger_danger ◴[] No.42081715[source]
I'm still only talking about updates. I didn't update xz for example, and I'm glad I didn't because it turned out to be compromised in certain versions.
replies(1): >>42081833 #
4. orf ◴[] No.42081833{3}[source]
Sure, or it could have left you vulnerable in other versions.

Waiting for others to hopefully discover targeted security vulnerabilities and only updating after an ad-hoc timeframe if nobody shouts “FIRE!” isn’t a security posture, it’s just terrible patch management.

replies(1): >>42083843 #
5. ranger_danger ◴[] No.42083843{4}[source]
I don't think things are always so black and white but I respect your opinion.