
I want out of Windows patch hell - CrankyBear
http://www.computerworld.com/article/3128145/security/i-want-out-of-windows-patch-hell.html
======
riskable
The only path out of Windows patch hell is Linux and Mac OS. If you're not
already migrating every app you have to the web you're either a masochist or
delusionally thinking Microsoft is still focused on delivering a decent
desktop experience.

For the latter group I have news for you: Microsoft is going "all in" with
their "services" strategy. Operating systems and fat client software don't
exactly fit neatly into the "service" model.

The future of Microsoft is as a competitor in a commodity cloud services
market. The thinking is that they can provide value in the form of commercial
web applications like Office 365. In other words, they think they can do a
better job than Google and Zoho at serving _enterprises_ things like email and
spreadsheets.

You know what? They just might be able to do a better job. Especially if they
actually put in some effort into supporting non-Microsoft platforms (e.g. web
browsers other than IE on platforms other than Windows). They also have to a
long way to go in terms of _federation_ so businesses can work with each other
without compromising security.

In the end though, I think it is pretty clear that Windows isn't going to be
Microsoft's focus anymore. I expect they will allow the platform to slowly
erode away, collecting as much revenue from it as possible while converting
their business to services.

------
AdmiralAsshat
Patching on Windows 7 is just as bad.

I let my Windows 7 PC go several months without updates, because it seems like
no matter how many I did, there were always more when I restarted. So I
finally had a brief scare with a file (opened up something inside a rar
package that was disguised with a .jpg extension but was an exe) and decided I
needed to get up to date.

It took _a week_ of updating before my damn computer was done with them. I had
over a hundred packages to install, but I wasted several days where they would
show as being available, yet when I would try to download them, the progress
bar sat at 0% for hours without ever moving.

A few days of googling and trying again, I finally got a few "roll-up" patches
to install (which still required leaving the computer alone for 24 hours, mind
you), and _then_ I was able to actually get the rest of them to download.
Restart and all is well, right? Nope. As soon as they were done and I
restarted, I was informed that I had a dozen new ones to grab. Download,
install, restart. Rinse, repeat. At least four more times. It was absolutely
ridiculous.

------
sveiss
His characterization of Current Branch for Business (the 'Defer Upgrades'
toggle in the Update settings pane) as blocking security upgrades for a year
is a bit off the mark.

CBB defers major feature upgrades, like the Anniversary Edition which started
rolling out recently, but you continue to receive updates for the build you're
on -- including security updates. You'll eventually receive major upgrade
build N when build N+1 has rolled out to consumers, and when N+2 rolls out, N
becomes unsupported.

This option is only available for Pro and above, so Home users are essentially
stuck in permanent beta-testing mode.

------
tygorius
It's funny, we expect "undo" features in our applications these days, why
shouldn't the OS and indeed the entire machine's state be treated the same
way?

I used to think that virtualized Windows guests would eliminate the need for
wine. I have XP and Windows 7 VMs around precisely for games or the few
applications I use that aren't wine-friendly. Over time my usage of wine has
dropped to the occasional Play on Linux game.

But part of what makes those VMs so robust is that 1) they're normally
disconnected from the internet, and 2) I have developed a habit of saving my
work to a shared folder so that I can reset a machine's state to a few days
previous at the slightest sign of trouble. For applications that require
access to the internet, however, wine may be our last, best hope of opting out
of the Cortana Empire.

Historical aside: Before VM usage took off Robert Shingledecker and friends
followed that reset logic to an extreme with the Tiny Core Linux project --
every time you start your machine you load a known-good kernel and apps into
RAM, use the machine, and then let anything other than your data derez at the
end of the session. You can get pretty good performance with that approach on
older hardware that can't support virtualization. The downside is that your
application choices are limited and dated when compared to mainstream Linux
distributions.

