Fog Creek Software
Discussion Board




Earth to Microsoft

Microsoft Security Bulletin MS04-025
Cumulative Security Update for Internet Explorer (867801)

How about making a giant download that detects the version of the browser and installs the patch instead of making us download them all and then try to run scripts on old 95 and NT machines to determine the browser?

sysadmin
Monday, August 02, 2004

XP has such a patch.  A friend of mine went on Windows Update yesterday and it attempted to download 867 MB worth of patches.  Last I checked, my windows installation was about 1.5GB.  Why in hell should I download a patch more than 50% the size of my OS?

muppet
Monday, August 02, 2004

YOU don't have to.  You can have the little patch.  I as a system administrator want one giant one so I don't have to figure out what version is installed on 300 machines.

sysadmin
Monday, August 02, 2004

It sounds to me like you're not a very good system administrator, if you'd rather deploy a mammoth patch across the network than targetted, smaller ones.  If detecting browser version is such an issue for you, perhaps you need some training.

muppet
Monday, August 02, 2004

score one muppet.


idiot

sysadmin
Monday, August 02, 2004

Yes.  You want to deploy a half gig patch over a 50 meg one, and I'm the idiot.

Welcome to crazy world.

muppet
Monday, August 02, 2004

sysadmin - 99.9% of the sysadmins bitchnmoan any time MS has a giant patch/package that needs to be distributed - that's why there are a million small patches.

Perhaps you need to:
a) Standardize on a browser version
b) Upgrade your systems
c) Put together a good browser version detection script (I know IE patches don't come along real often [sigh], but you'll be glad you have it)
d) Monster.com

Greg Hurlman
Monday, August 02, 2004

lol

The Wanderer
Monday, August 02, 2004

Allow me to elaborate.  No one seems to mind when MS raises memory and cpu requirements by orders of magnitude, but God forbid I want to have a single large patch called from a server rather than a small on on a LAN.

Have you actually tried writing any scripts that work across all of the many versions of Win 95 and NT with all the various browser configurations.  It is not as trivial.  Unless you want to touch each machine and install wsh, your using batch files.

Wholesale upgrading isn't in the cards.  We also have some 2000 machines.  Certainly not the way I'd manage things if it was my money, but there you go.

sysadmin
Monday, August 02, 2004

You only have 2000 machines and you can't deal?  You ought to feel lucky you still have a job.

muppet
Monday, August 02, 2004

"Yes.  You want to deploy a half gig patch over a 50 meg one, and I'm the idiot."

Whoa,

the patch I looked at was 2mb for one of the versions of IE.  Why would a 10-15mb be bad?  How do you get 1/2 gig?

File Name:
    

IE5.5sp2-KB867801-x86-ENU.exe

Download Size:
    

2414 KB

sysadmin
Monday, August 02, 2004

Well, I think the problem is more the lack of frequency of the big patches.  MS does occasionally roll a bunch of fixes into "big" packages - usually Security Rollup packages and Service Packs.  They are infinitely more convenient than the little patches - if for no other reason than you have to reboot only once for a big package, and sometimes many times for little patches (depending on what they are.)

A Programmer
Monday, August 02, 2004

Muppet and sysadmin, you're both hilarious. It's like watching Itchy and Scratchy reruns.

Bored Bystander
Monday, August 02, 2004

Muppet, he had 95, NT and 2000 machines.  In sysadmin's defense.  Microsoft is now only starting to get a handle on management tools to manage their machines.  Their product MOM was aquired from someone else and is now being rewrittent to scale better.

Mike
Monday, August 02, 2004

In fact we have two products now Systems Management Server (SMS) 2003 which is targeted at the software deployment piece of the puzzle (the issue being discussed here) and Microsoft Operations Manager (MOM) 2005 which targets the alerting and system awareness piece of the puzzle.  Together these two products will be integrated to form System Center 2005 in a few years.

Anyone that believes that MS has no management software hasn't looked in quite some time.  Other offerings (just concerned with patch management) include Software Update Services (SUS) soon to be Windows Update Services (WUS).

[Insert all of Philo's usual disclaimers here.]

Elephant
Tuesday, August 03, 2004

Elephant-

I haven't played with MOM at all, but can SMS 2003 be trusted to monitor servers?

Back when I was working at the big M, it was a daily battle to keep domain policies from installing SMS 2k2 on my (and others on my team) machines.  Granted, I was running either 2000 Server or a 2003 Server beta as my primary box - but any time SMS managed to get in and start running something, a system process would inevitably fail.  Eventually, we had to let SMS install everything it wanted to, and then explicitly deny access to the files for the Everyone "group".

Greg Hurlman
Tuesday, August 03, 2004

SMS 2003 can be trusted to administer servers.  I personally have not seen any problems with it causing servers to fail.  Like they say with Microsoft, 3rd times the charm, and I think they finally got it right with SMS 2003.

If this is of serious concern, I can try and get some information for you from the support groups to see how often this occurs.

Elephant
Tuesday, August 03, 2004

Don't worry about it... it was a concern at my old job, but not now, thx.

Greg Hurlman
Tuesday, August 03, 2004

sysadmin:

you are fired!

donald trump
Tuesday, August 03, 2004

*  Recent Topics

*  Fog Creek Home