Fundamental Difference in the Mindset for Updates of Linux vs. Windows Admins
-
@marcinozga said:
I guess Windows admins simply don't have the balls to deal with potential problems that supposedly can arise from patching and upgrading Windows systems. I keep hearing that Microsoft usually breaks things with another Windows Update cycle, yet besides single Outlook 2010 issue a month or 2 ago, I have never run into issues with patching.
Nor have I, and I've never seen a hard core enterprise Windows shop shy from patching in any way. Although I have seen them fall a decade or more behind on major updates.
I hear horror stories of updates going awry, but I have never witnessed it first hand.
-
@scottalanmiller said:
What makes support so important at one point that it drives a huge amount of decision making yet then matters so little that it is casually discarded?
Because they learned "that system" and don't want to learn another one.
-
@johnhooks said:
They did have a bad one in like 2014 where WSUS broke everything IIRC. But that's just one.
I've seen lots of WSUS problems, but not update ones.
-
@scottalanmiller said:
@johnhooks said:
They did have a bad one in like 2014 where WSUS broke everything IIRC. But that's just one.
I've seen lots of WSUS problems, but not update ones.
Ah I remember what it was. When the update was sent out, it broke the ability to update from WSUS after that.
-
@johnhooks said:
Ah I remember what it was. When the update was sent out, it broke the ability to update from WSUS after that.
Yeah, WSUS seems like a piece of crap. So many problems caused by WSUS. I totally appreciate the goals of it, we do this all the time in the Linux world, but it is just so poorly done. I'm dealing with an environment with it right now and my first question "can't we just remove WSUS and have that fix all the problems?" WSUS generally solves nothing in the SMB but introduces a lot of cost, complexity and problems of its own. It's just extra fragility often there for no purpose other than to intentionally disrupt rapid patching.
-
@scottalanmiller said:
@johnhooks said:
Ah I remember what it was. When the update was sent out, it broke the ability to update from WSUS after that.
Yeah, WSUS seems like a piece of crap. So many problems caused by WSUS. I totally appreciate the goals of it, we do this all the time in the Linux world, but it is just so poorly done. I'm dealing with an environment with it right now and my first question "can't we just remove WSUS and have that fix all the problems?" WSUS generally solves nothing in the SMB but introduces a lot of cost, complexity and problems of its own. It's just extra fragility often there for no purpose other than to intentionally disrupt rapid patching.
Thankfully I've never had to use it. I've just heard of the issues with it.
-
@scottalanmiller said:
@johnhooks said:
Ah I remember what it was. When the update was sent out, it broke the ability to update from WSUS after that.
Yeah, WSUS seems like a piece of crap. So many problems caused by WSUS. I totally appreciate the goals of it, we do this all the time in the Linux world, but it is just so poorly done. I'm dealing with an environment with it right now and my first question "can't we just remove WSUS and have that fix all the problems?" WSUS generally solves nothing in the SMB but introduces a lot of cost, complexity and problems of its own. It's just extra fragility often there for no purpose other than to intentionally disrupt rapid patching.
I use it for the purpose of rapid patching. And I am aware of the issues with it, but it's nothing major that can't be easily fixed.
-
I'm always happy to see updates, but having been burned I am cautious about how / when I apply them. Usually within 7 days of their release I'll do it over a weekend. Typically that's enough time for some other sucker to blow up his junk with a bad update and bleat about it on tech news.
As to new OS my primary concern (and a primary part of my job description) is keeping things running smoothly. New OS means user training and while a majority are excited to get new kit and have a go with it there is a minority that unleash FUD and prattle on about how it impacts their productivity. This can rattle up the chain and really impact my relationship with the business. I do not deploy a new OS lightly for this reason.
-
@scottalanmiller said:
@johnhooks said:
Ah I remember what it was. When the update was sent out, it broke the ability to update from WSUS after that.
Yeah, WSUS seems like a piece of crap. So many problems caused by WSUS. I totally appreciate the goals of it, we do this all the time in the Linux world, but it is just so poorly done. I'm dealing with an environment with it right now and my first question "can't we just remove WSUS and have that fix all the problems?" WSUS generally solves nothing in the SMB but introduces a lot of cost, complexity and problems of its own. It's just extra fragility often there for no purpose other than to intentionally disrupt rapid patching.
WSUS is a piece of crap but with limited bandwidth I'd much rather download them all once. Kinda screwed up to think about but WSUS might be one of the worst pieces of software I use on a regular basis.
-
@johnhooks said:
@scottalanmiller said:
Why is it so commonly considered acceptable in the Windows world to become beholden to software that is either not supported or poorly supported?
I'm guessing sunk cost. They paid for it, and now it's unsupported so they are either going to have to spend more money on another solution or just not pay anything and stay where they are.
The hospital I interviewed at was using full desktops pretty much as thin clients and they were still on XP. If I remember right they had issues with some part of their EMR or something on 10, so they weren't going to update to that. But they would have to pay for 7 or 8.1.
Obviously this would have been mitigated by not using a thick client with a full OS as a thin client, but I wouldn't be surprised if the director got a kickback for doing that.
The kick back seems less likely (though possible). To me it seems like the organic nature of migrations lead to this situation. They already had PCs deployed for old app. They deployed a new app that used TS. TS could be run from the existing PCs, so there would be no cost involved at the end user side. So why spend money when you don't have to?
-
@scottalanmiller said:
@johnhooks said:
I'm guessing sunk cost. They paid for it, and now it's unsupported so they are either going to have to spend more money on another solution or just not pay anything and stay where they are.
That's a great point, and another one that I don't understand. So often the same "group" of people that I see that distrust Windows and Microsoft, but feel that they absolutely must use it, also feel at the onset of any purchase that vendor support is so critical that they must choose Windows for this reason (a bad one since it doesn't come with any support, that's a common SMB myth) and yet they then willy nilly abandon support when it is most needed (as the product ages.) What makes support so important at one point that it drives a huge amount of decision making yet then matters so little that it is casually discarded?
I'm not sure it's about support. Instead to me it's the default - the tyranny of the default. It's what those people know. It's like, why do they hire people with degrees over people without? because it's an old mind set that's difficult at best to show is wrong.
Additionally, it's probably the tool set available. Of course this shows there are all kinds of other problems, but let's a young company starts up and they are looking for a tool for their company and they are sold on a windows one. and now they are stuck.
-
@scottalanmiller said:
@johnhooks said:
Ah I remember what it was. When the update was sent out, it broke the ability to update from WSUS after that.
Yeah, WSUS seems like a piece of crap. So many problems caused by WSUS. I totally appreciate the goals of it, we do this all the time in the Linux world, but it is just so poorly done. I'm dealing with an environment with it right now and my first question "can't we just remove WSUS and have that fix all the problems?" WSUS generally solves nothing in the SMB but introduces a lot of cost, complexity and problems of its own. It's just extra fragility often there for no purpose other than to intentionally disrupt rapid patching.
Without WSUS you loose the free reporting tool that tells you what machines have and haven't been updated.
I am pretty sure MS has a new cloud tool for this with Windows 10, but I haven't tried it yet.
-
@Dashrender said:
@johnhooks said:
@scottalanmiller said:
Why is it so commonly considered acceptable in the Windows world to become beholden to software that is either not supported or poorly supported?
I'm guessing sunk cost. They paid for it, and now it's unsupported so they are either going to have to spend more money on another solution or just not pay anything and stay where they are.
The hospital I interviewed at was using full desktops pretty much as thin clients and they were still on XP. If I remember right they had issues with some part of their EMR or something on 10, so they weren't going to update to that. But they would have to pay for 7 or 8.1.
Obviously this would have been mitigated by not using a thick client with a full OS as a thin client, but I wouldn't be surprised if the director got a kickback for doing that.
The kick back seems less likely (though possible). To me it seems like the organic nature of migrations lead to this situation. They already had PCs deployed for old app. They deployed a new app that used TS. TS could be run from the existing PCs, so there would be no cost involved at the end user side. So why spend money when you don't have to?
It was all VDI with Horizon. They had around 500 VDIs and only had one RDS which was only for a couple people. I would think that if you can afford 500 VDI licenses you can at least start to migrate to thin clients which are like $200-300 (or something else).
-
@scottalanmiller said:
In the Windows world, we get very much the opposite. People routinely implement patching controls not to accelerate patching but to control holding it back. Patches are often rolled out grudgingly and infrequently. Major updates, like moving from Windows 7 to Windows 8, 8.1 or 10, are often actually avoided.
Upgrading version is Linux is free. Until Windows 10, upgrading was never free. Most people that I know allow windows update to run (well because the default in Windows 7 was to run automatically) and those people don't have issues, generally. But they apply the updates because they are free. Where do they stop? when they have to spend money.
This Windows "anti-current" culture is so strong that it has become a mantra in the SMB for Windows Admins to make the bizarre claim (without logical connection to technology cycles) that something with a service pack name on it is required before the last set of updates are considered valid for inclusion (which is, of course, insane because that would also imply that the service pack would need to be patched at least once before it would be ready for inclusion, and so forth.)
This is only the case, in my experience for the first SP for an OS. I have not experienced a lack of desire to roll out new versions of, say Office until after SP1 is rolled out. Windows 8 is kind of a good example where waiting until SP1 (OK Windows 8.1) was released before doing actual upgrades. Windows 8 when installed not by the OEM was pretty bad, The same can be said about Vista - actually Vista was way worse. But, in both cases, after SP1, they both became very usable and I consider good OSes.
SMB suffers from anti-spend-itus. They look upon their technology as something that they only need to purchase once, until it completely fails. They treat is like a screw driver. Once I spend the money on a screwdriver, I never need to spend again until it breaks.
Cars are something that society at large has accepted requires maintenance, but even then how often do you see cars driving around leaking oil, huge rust spots, etc? All the time.
We aren't going to change the mindset of the masses of SMBs that don't look upon their technology as something other than a static tool that needs to be constantly groomed and refreshed.
It's only through the tyranny of new defaults do we often see change. Windows by default having the firewall turned on, iPhones requiring a lock code, iPhones encrypting by default, cars that mute the radio until a seat belt is fastened.
-
@MattSpeller said:
@scottalanmiller said:
@johnhooks said:
Ah I remember what it was. When the update was sent out, it broke the ability to update from WSUS after that.
Yeah, WSUS seems like a piece of crap. So many problems caused by WSUS. I totally appreciate the goals of it, we do this all the time in the Linux world, but it is just so poorly done. I'm dealing with an environment with it right now and my first question "can't we just remove WSUS and have that fix all the problems?" WSUS generally solves nothing in the SMB but introduces a lot of cost, complexity and problems of its own. It's just extra fragility often there for no purpose other than to intentionally disrupt rapid patching.
WSUS is a piece of crap but with limited bandwidth I'd much rather download them all once. Kinda screwed up to think about but WSUS might be one of the worst pieces of software I use on a regular basis.
Doesn't Windows 10 fix that, though? And a good proxy / cache might, too.
-
@scottalanmiller said:
@MattSpeller said:
@scottalanmiller said:
@johnhooks said:
Ah I remember what it was. When the update was sent out, it broke the ability to update from WSUS after that.
Yeah, WSUS seems like a piece of crap. So many problems caused by WSUS. I totally appreciate the goals of it, we do this all the time in the Linux world, but it is just so poorly done. I'm dealing with an environment with it right now and my first question "can't we just remove WSUS and have that fix all the problems?" WSUS generally solves nothing in the SMB but introduces a lot of cost, complexity and problems of its own. It's just extra fragility often there for no purpose other than to intentionally disrupt rapid patching.
WSUS is a piece of crap but with limited bandwidth I'd much rather download them all once. Kinda screwed up to think about but WSUS might be one of the worst pieces of software I use on a regular basis.
Doesn't Windows 10 fix that, though? And a good proxy / cache might, too.
I'll let you know next year when we tackle it across the whole company at one go
-
@Dashrender said:
@scottalanmiller said:
@johnhooks said:
I'm guessing sunk cost. They paid for it, and now it's unsupported so they are either going to have to spend more money on another solution or just not pay anything and stay where they are.
That's a great point, and another one that I don't understand. So often the same "group" of people that I see that distrust Windows and Microsoft, but feel that they absolutely must use it, also feel at the onset of any purchase that vendor support is so critical that they must choose Windows for this reason (a bad one since it doesn't come with any support, that's a common SMB myth) and yet they then willy nilly abandon support when it is most needed (as the product ages.) What makes support so important at one point that it drives a huge amount of decision making yet then matters so little that it is casually discarded?
I'm not sure it's about support. Instead to me it's the default - the tyranny of the default. It's what those people know. It's like, why do they hire people with degrees over people without? because it's an old mind set that's difficult at best to show is wrong.
Additionally, it's probably the tool set available. Of course this shows there are all kinds of other problems, but let's a young company starts up and they are looking for a tool for their company and they are sold on a windows one. and now they are stuck.
I'm unclear which piece is the default... buying fake support based solely on the need for support and then changing stance once support isn't available?
-
@Dashrender said:
@scottalanmiller said:
In the Windows world, we get very much the opposite. People routinely implement patching controls not to accelerate patching but to control holding it back. Patches are often rolled out grudgingly and infrequently. Major updates, like moving from Windows 7 to Windows 8, 8.1 or 10, are often actually avoided.
Upgrading version is Linux is free. Until Windows 10, upgrading was never free. Most people that I know allow windows update to run (well because the default in Windows 7 was to run automatically) and those people don't have issues, generally. But they apply the updates because they are free. Where do they stop? when they have to spend money.
Same is true of the initial purchase. If "free" was a real factor, it would have played a role much earlier. I can't believe that they stop "when they spend money" because that fundamentally goes against how the situation was arrived at.
-
@Dashrender said:
SMB suffers from anti-spend-itus.
I see very much the opposite. They often spend from "flagrant displays of waste" as part of the culture. Overspending like crazy... then perhaps getting buyer's remorse. But I come across reckless overspending more than I do overly averse to spending in the SMB space. Both exist, of course.
-
@johnhooks said:
@Dashrender said:
@johnhooks said:
@scottalanmiller said:
Why is it so commonly considered acceptable in the Windows world to become beholden to software that is either not supported or poorly supported?
I'm guessing sunk cost. They paid for it, and now it's unsupported so they are either going to have to spend more money on another solution or just not pay anything and stay where they are.
The hospital I interviewed at was using full desktops pretty much as thin clients and they were still on XP. If I remember right they had issues with some part of their EMR or something on 10, so they weren't going to update to that. But they would have to pay for 7 or 8.1.
Obviously this would have been mitigated by not using a thick client with a full OS as a thin client, but I wouldn't be surprised if the director got a kickback for doing that.
The kick back seems less likely (though possible). To me it seems like the organic nature of migrations lead to this situation. They already had PCs deployed for old app. They deployed a new app that used TS. TS could be run from the existing PCs, so there would be no cost involved at the end user side. So why spend money when you don't have to?
It was all VDI with Horizon. They had around 500 VDIs and only had one RDS which was only for a couple people. I would think that if you can afford 500 VDI licenses you can at least start to migrate to thin clients which are like $200-300 (or something else).
Why do you feel that way? That's still 500 units *$2-300 you think they should just be able to afford simply because they bought 500 VDI licenses? One doesn't mean the other.
The fact that it's VDI vs RDS doesn't really matter. If it was MS VDI, then they are using RDP on the desktop to connect, if it's Citrix's VDI, then it's some ICA protocol, if it's VMWare's View, it's whatever protocol they use.
Really what that hospital should have consider was formatting those desktops and installing a Linux flavor on them and using that to connect to their VDI. And they still could do that. I'm pretty sure all three of the VDI solutions I mentioned have a Linux client. This solves the support of the end user device.
Now, as those old desktops fail, sure, replace them with thin clients, but for now, spend zero money on assets and go with Linux.