Why do they have to make patching so hard?

Both Sun and Symantec have now made patching your OS and application significantly harder than it used to be.  Do they not like all us command-line folks, or what?

I used to be able to download Solaris patches from ftp.sunsolve.com, and my Symantec patches from ftp.veritas.com.  Now both companies have completely disabled our ability to do that.   I haven't heard a single reason for this that makes any sense.  All I know is that getting patches from these two companies is now more difficult than ever.

In the case of Sun, you have to sign up for a sunsolve account.  So far, it doesn't look like you'll have to have a support contract to download OS patches, but it's certainly hinted that this might be the case in the very near future.  At least in the case of sun, there's a URL that I can point wget to in order to download the patch I need.  (Sun does this automated "we'll manage your patches for you" tool, but I'm a bit old school in this area.  I'll download my own patches, thank you.)

In the case of Symantec,  there is no direct URL to the patch in question. Once you find the patch you need (which is NO easy thing), you are presented with a "download" link.  When you click on that, it opens a download process in the background. There is no direct link that you can pass to wget.

Do the people in charge at these companies not realize that many of us are administering systems over remote links that do not have web browsers running locally on the server?  The web browser often runs only on our desktop.  This means that if I can't use ftp, and I can't use wget or something like it, I have to download the patch(es) to my laptop, then scp them to my server, then install them. WOW, what a pain.

Come on, Sun and Symantec.  Make it easier to get patches. 

----- Signature and Disclaimer -----

Written by W. Curtis Preston (@wcpreston). For those of you unfamiliar with my work, I've specialized in backup & recovery since 1993. I've written the O'Reilly books on backup and have worked with a number of native and commercial tools. I am now Chief Technical Architect at Druva, the leading provider of cloud-based data protection and data management tools for endpoints, infrastructure, and cloud applications. These posts reflect my own opinion and are not necessarily the opinion of my employer.

3 thoughts on “Why do they have to make patching so hard?

  1. hga says:

    Very obnoxious indeed. And, yeah, even to my XP SP2 desktop, I’m "old school" (REAL old school is FTP and nothing but 🙂 and use wget by preference.

    – Harold

  2. jpv says:

    I try my best not to use a GUI to download anything. I use wget from an SSH session on a Linux box and find it’s much faster than using the GUI (especially from Windows). So sites that like this annoy me to no end, and I’ll go to great lengths to defeat them. VMware used to be really annoying with this, but they changed (or at least, I think they did, since I can’t recall being irritated by them lately).

    One method I’ve used is to install http://wireshark.org/ (used to be Ethereal) to sniff the HTTP session and see if I can figure out the URL, then document and extrapolate downloads now and in the future (e.g., same URL but newer package name) where possible. Of course you are out of luck using HTTPS, but I’d say I have about a 50% success rate on regular HTTP. It depends on how the site “works.”

    I also use the Refresh Blocker Firefox plug-in, which “breaks” many mirror site automatic redirects, so I can just grab a URL and paste it into my SSH/wget session.

  3. hga says:

    Wow, your “best” is very good indeed!

    I’ll let sites force me to do it their way, I haven’t experienced bad downloads with Firefox in this.

    WRT VMWare, I pulled down VM Server for XP a few weeks ago before I found another solution, and to my memory wget sufficed.

    One would hope that companies selling to sysadmins wouldn’t play these tricks; maybe they can be trained…. ^_^

    – Harold

Leave a Reply

Your email address will not be published. Required fields are marked *