Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
nu11ptr 6 hours ago

> fewer automatic restarts

No automatic restarts! I understand that in our security patching world that patching and restarting automatically is the default, fine, but there absolutely should be a dead simple way of disabling auto restarts in settings. I'm fine if it pesters me to restart or whatever, perhaps with growing alarm the longer I wait, but it should always be optional in the end. There are just no words for how bad it can be for mission critical workloads when your computer restarts without your consent. Please make disabling this simple.

kstrauser 6 hours ago | parent [-]

I disagree, at least on end-user devices as opposed to servers.

If you make it possible to defer updates indefinitely, users will. Guaranteed. Doesn't matter how urgent or critical the update is, how bad the bug or vulnerability it patches is, how disastrous the consequences may be: they'll never, ever voluntarily apply them.

If you're running a server, and willing to accept the risk of deferral because 1) you're in a better position to assess the risk and apply compensating controls than a regular user is, and 2) you're OK accepting the personal risk of having to explain to your boss why you kept deferring the urgent patch until after it blew up in your face, then yes, you should have a control to delay or disable it.

But end users? No. I use to believe otherwise, but now I've seen far, far too many cases where people train themselves to click "Delay 1 day" without even consciously seeing the dialog.

JohnFen 5 hours ago | parent [-]

The real sin is combining security updates with feature updates. An argument can be made for enforced security updates(1). There is no good argument for forcing feature updates.

Most security-only updates have a low risk of interfering with with the user or causing instability. Most feature updates have a high risk of doing so.

(1) Although I think there should be some way of disabling even those, even if that way is hard to find and/or cumbersome to keep the regular users away.

kstrauser 2 hours ago | parent | next [-]

Alright, I can buy that. Although from a dev POV I can also appreciate the not-fun of testing a combinatorial explosion of security updates vs features.

jiggawatts 4 hours ago | parent | prev [-]

The problem is that there's dozens of security updates every month, so even if you can skip feature updates, you'll have to reboot every Patch Tuesday anyway.

Even the Server Core edition, which has a much smaller "surface area" needs reboots almost every month.