I think companies are pushing updates way too aggressively to those who have auto update on.
Is there some reason why phased release isn't more common among OS/firmware updates?
Auto update does not have to mean "update my device the day new versions are out".
Edit: Is this related to public disclosure of security bugs? If so, the community should change their standard so that public disclosure doesn't happen until a week after the update is available. This would allow for phased rollouts.
What OS X and Windows, IOS, Android and probably lots of others need, is Long Term Support releases. I'm so sick and tired of my phone and computer switching up major features and UI every year, because some UX person wants to not get fired.
Releasing a new major version of your OS yearly is insane.
On windows you can choose to get feature updates with a 4 month delay if you have windows pro (set updates to "Semi-Annual Channel" instead of "Semi-Annual Channel (Targeted)", and yes microsoft are indeed terrible with naming things). I never had issues with windows updates on that branch. There is also windows enterprise long term servicing branch (LTSB), which gets feature updates every 3 years (but is meant more for things like point of sale systems, not for regular PC's).
On macOS you can stay one major release behind. So, stay on mojave until the successor to catalina is released, then upgrade to catalina. You still get security fixes and full software ecosystem support, but far fewer issues with buggy updates.
On android and iOS you don't really have good options to my knowledge.
Second the recommendation to stay on Mojave. I do this for my $WORK laptop and it still gets back-ported security updates. $WORK's IT department has advised Apple users to hold off upgrading to 10.15 and it seems they have good reason to continue dispensing that advice, still...!
Heck, I do that with my personal laptop. Feeling pretty happy having read these comments that I never took the leap to Catalina.
I feel pretty sure this must be common because I still see apps and infrastructure, even last month, coming out with updates related to Catalina compatibility.
It sucks though. I have a Google Pixel phone and never hesitate to apply updates, I even look forward to them. I don't think I've ever had an Android phone experience the sort of severe regressions that occur regularly with Apple updates.
I've been a MBP user for a long time, but I'm really starting to wonder if it's time to take a leap soon. I've been using this laptop for maybe a year and:
1. I'm scared to upgrade to the latest OS
2. The screen's coating has been damaged and has key-print impressions on it. This always happens and Apple seem incapable of fixing it.
3. The latest butterfly keyboard has at least not broken on me for 8 months or so, but the options, C and A keys have worn through and now have holes in them. This started happening a few generations ago and now seems like a regular problem that I'm just supposed to accept.
4. Very soon after getting it something happened to the metal such that it has a large discolouration on the bottom left, of a type I've never seen before. Nothing seems to fix it.
5. The screen routinely gets a yellow splotch in one of the corners if the laptop has been in my backpack for a while.
The problem is that despite not even really having improved for years, macOS is probably still the best OS out there. Linux on laptops has never worked well - my colleagues who try to use it routinely have issues with webcams not working properly. Windows laptops seem to vary wildly in quality and many of them have stupid design flaws like putting the webcam at the bottom of the screen instead of the top, coming loaded with crapware, anti-virus products that cripple performance, Windows is still a rats nest of weird problems under the hood. And their way to make it better for developers is to just bundle Linux?
I really wish there was more competition in the laptops-for-technical-people space.
FWIW I put ubuntu LTS on my thinkpad T460p and everything worked flawlessly except for the fingerprint reader. For thinkpads that seems to be the rule: everything works except for the fingerprint reader.
If you want good linux support on a laptop you need to do some research, but there are options. Thinkpads, XPS, ... They’re just not that much cheaper than a macbook if you want comparable specs.
Yes, but it's Enterprise only. Everyone else is forced to act as Microsofts QA department, inplace of their long since dismantled actual QA department.
Been working fine for me since October 2018 for dual boot gaming & firmware updates. It will update to the latest version of LTSC when you start up.
Works with the latest hardware too, I am using it with a 5700xt (released last July, purchased in December) and a Ryzen 7 (also released last year). Only thing missing is the new Microsoft Store, if you search for it there's a repo on github which will let you install it.
For all the Windows 10 ISOs you need to use Rufus instead of normal dd/cat the ISO to a USB stick (doesn't work with dd/cat). Rufus works in a VirtualBox VM with USB passthrough. During the setup, select that you don't have a license key and then activate it later as mentioned in that post.
They do. Since Microsoft already puts all the effort into maintaining this branch, why the heck isn’t it available to normal consumers who want it? Heck, why do they keep telling enterprises to pretty pretty please not use it?
Is Microsoft concerned users would like it too much? Maybe that’s a sign that their constant feature updates aren’t actually desirable and they should back off.
> If so, the community should change their standard so that public disclosure doesn't happen until a week after the update is available.
The update being available is public disclosure! For an experienced reverse engineer, comparing the files before and after the update is usually enough to pinpoint the security issue.
I can't seem to be able to find a link to it right now but there was even this one project/website that dumped the bindiffs for each Windows Update and their disassembly.
Don't most iOS bugs these days require multiple security exploits in order to work? I'm not sure it's always that simple to find a reliable exploit just based on what code has changed (because lots of code has changed).
If there is an obvious to find, easily-exploitable bug, the update could be pushed to everyone (the way updates are pushed today).
There is a balance to strike here. If issues with auto update cause enough people turn auto update off, I'm not sure it's helping security.
Finally - Apple already has a beta programs including public betas. Are those binaries not already used to find exploits?
Essentially, I'm not convinced a phased update (with public security disclosure slightly later) would lead to worse security than we have today.
Doesn't matter what the security community does - The security fixes are often obvious enough in the binary delta (Comparing all of the changed files on one system to another) that cracking teams can discover the flaws that were fixed within 24h, and have exploits available in 48. That's what drives the pace of these updates - The very real fear that fixes reveal your hand to the malware community.
Beta programs are about new features, not about security fixes. Those that are included are typically incidental. They're more likely to be deliberately held back/in a separate branch from beta programs so as not to reveal them.
macOs management tools for enterprises like Jamf allow you to explicitly set deferral for updates for 30 days to avoid situations like this. I may actually set this for my company since we try and patch within two weeks of a general security patch release.
Is there some reason why phased release isn't more common among OS/firmware updates?
Auto update does not have to mean "update my device the day new versions are out".
Edit: Is this related to public disclosure of security bugs? If so, the community should change their standard so that public disclosure doesn't happen until a week after the update is available. This would allow for phased rollouts.