• Takapapatapaka@tarte.nuage-libre.fr
    link
    fedilink
    English
    arrow-up
    22
    arrow-down
    2
    ·
    edit-2
    16 hours ago

    I mean, shouldn’t you be able to refuse updates anyway ? Like if there is something you don’t like or that will break your workflow in the update, shouldn’t you be able to accept the risks and keep the old version indefinitely ?

    Edit : a word was missing.

    • spitfire@lemmy.world
      link
      fedilink
      arrow-up
      2
      ·
      16 hours ago

      No, because devices need to be compliant, there needs to be an unskipable deadline. Otherwise everyone would just defer.

      • Takapapatapaka@tarte.nuage-libre.fr
        link
        fedilink
        English
        arrow-up
        1
        ·
        15 hours ago

        Do they really imperatively need to be compliant ? (i genuinely don’t know, but it seems weird to me, it feels like i can just postpone updates indefinitely on linux)

        Or is this that it’s way better to be compliant, so companies need to enforce it on their computers (but individuals may not have this need) ?

        • spitfire@lemmy.world
          link
          fedilink
          arrow-up
          1
          ·
          12 hours ago

          You can postpone them but it’s a risk. Companies try to mitigate risks, because they don’t want to get hacked or fined because they don’t follow regulation. And to be honest it’s in your best interest to be up to date too. It’s not such a pain in the ass to reboot your computer every once in a while :)

    • mumblerfish@lemmy.world
      link
      fedilink
      arrow-up
      4
      ·
      19 hours ago

      Companies lock out the computer because it is lacking updates rather than have it working. Apple broke ssh on all their macs with an update for three months or so. Managed to postpone it for a while until the called and said I have to update or be locked out. Luckily I had postponed it for so long that the next update arrived just like a week later.

          • Takapapatapaka@tarte.nuage-libre.fr
            link
            fedilink
            English
            arrow-up
            1
            ·
            15 hours ago

            Okay, i see, i’m not that familiar with tech companies. I wouldn’t have guessed they’d be that aware of what version of OS people are using.

            • mumblerfish@lemmy.world
              link
              fedilink
              arrow-up
              2
              ·
              14 hours ago

              A personal laptop of an employee is a very good entrypoint for an attacker. First thing you do is log in to your job. It may be a vpn, a site login, some token gets stored on your computer for the day. If someone gets access to this, it can be devastating. So, if a vulnerability gets discovered and patched by the OS, it can be very important to update as soon as possible. So companies scan their empoyees laptops, is one thing, and if the try to connect they also try to check that the computer appears up to date, is known, and so on.

    • CompactFlax@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      17
      arrow-down
      3
      ·
      1 day ago

      No, not on a business owned device. The updates should give warnings, of course. Some companies don’t seem to know how to supply those warnings before mandating the install, for some reason.

        • spitfire@lemmy.world
          link
          fedilink
          arrow-up
          3
          ·
          12 hours ago

          It doesn’t require „newest technology” (or Intune;)), you could send sensible notifications with SCCM 2007. Not that people would read or act upon them. Some of them would obviously complain there were no notifications (because they simply ignored them and forgot about it) :D

      • Jesus_666@lemmy.world
        link
        fedilink
        Deutsch
        arrow-up
        5
        ·
        24 hours ago

        My company uses a third-party deployment platform that gives you dialog with a 60 minute countdown and a button to start immediately. And I think the deployment dialog can’t pop up if you’re not on the computer. Because nobody likes nonsense like five minute countdowns that can start while the screen is locked.