Why do they have to make patching so hard?

Both Sun and Symantec have now made patching your OS and application significantly harder than it used to be.  Do they not like all us command-line folks, or what?

I used to be able to download Solaris patches from ftp.sunsolve.com, and my Symantec patches from ftp.veritas.com.  Now both companies have completely disabled our ability to do that.   I haven't heard a single reason for this that makes any sense.  All I know is that getting patches from these two companies is now more difficult than ever.

In the case of Sun, you have to sign up for a sunsolve account.  So far, it doesn't look like you'll have to have a support contract to download OS patches, but it's certainly hinted that this might be the case in the very near future.  At least in the case of sun, there's a URL that I can point wget to in order to download the patch I need.  (Sun does this automated "we'll manage your patches for you" tool, but I'm a bit old school in this area.  I'll download my own patches, thank you.)

In the case of Symantec,  there is no direct URL to the patch in question. Once you find the patch you need (which is NO easy thing), you are presented with a "download" link.  When you click on that, it opens a download process in the background. There is no direct link that you can pass to wget.

Do the people in charge at these companies not realize that many of us are administering systems over remote links that do not have web browsers running locally on the server?  The web browser often runs only on our desktop.  This means that if I can't use ftp, and I can't use wget or something like it, I have to download the patch(es) to my laptop, then scp them to my server, then install them. WOW, what a pain.

Come on, Sun and Symantec.  Make it easier to get patches. 

Written by W. Curtis Preston (@wcpreston), four-time O'Reilly author, and host of The Backup Wrap-up podcast. I am now the Technology Evangelist at Sullivan Strickler, which helps companies manage their legacy data

3 comments
  • Very obnoxious indeed. And, yeah, even to my XP SP2 desktop, I’m "old school" (REAL old school is FTP and nothing but ๐Ÿ™‚ and use wget by preference.

    – Harold

  • I try my best not to use a GUI to download anything. I use wget from an SSH session on a Linux box and find it’s much faster than using the GUI (especially from Windows). So sites that like this annoy me to no end, and I’ll go to great lengths to defeat them. VMware used to be really annoying with this, but they changed (or at least, I think they did, since I can’t recall being irritated by them lately).

    One method I’ve used is to install http://wireshark.org/ (used to be Ethereal) to sniff the HTTP session and see if I can figure out the URL, then document and extrapolate downloads now and in the future (e.g., same URL but newer package name) where possible. Of course you are out of luck using HTTPS, but I’d say I have about a 50% success rate on regular HTTP. It depends on how the site “works.”

    I also use the Refresh Blocker Firefox plug-in, which “breaks” many mirror site automatic redirects, so I can just grab a URL and paste it into my SSH/wget session.

  • Wow, your “best” is very good indeed!

    I’ll let sites force me to do it their way, I haven’t experienced bad downloads with Firefox in this.

    WRT VMWare, I pulled down VM Server for XP a few weeks ago before I found another solution, and to my memory wget sufficed.

    One would hope that companies selling to sysadmins wouldn’t play these tricks; maybe they can be trained…. ^_^

    – Harold