it just came to my attention that Fireinfo reports 38.76% of the installations reporting back to us are running Core Update 144. As far as I can recall, this is the greatest amount of installations being up to date I have ever seen within the last years, yet it still means about two third of the installations remain outdated, which is bad.
Just wanted to post this as a side note - it is always very interesting to look at the Fireinfo data.
Dont get me wrong, but this 38.76% is nothing special for me. I saw in the past much more then 40%. If you have no official access to the stats (history) like me you can proof that easily for example here below
Don’t forget the tech-commandment: if it’s working, do not touch it.
Lots of people are working from remote, therefore update without being on premises might be a not ideal path for them.
31% is 5 or less releases behind.
The part who’s bothering me is the remaining 30% (more or less) more than 5 release behind… And this part should bother you too, @pmueller, IMVHO.
Well its what priority you have. And we talk here not only about stats we talk also about security or? Iam sure we do
So this can have multiple reason why someone not make a update. I mention a few
I do last year a update was this not enough?
I dont know thats a new update here
I dont know
i think after update it does not function as before, i wait forever
Whatever the reason is why people wait… The very best thing what you can do make this fucking update as fast you can. If it really not fits your need do a restore. And my priority is security not if maybe a short interupt happens. Well only my POV dont care about its only mine
There’s a long history of updates and upgrades that made the things not only bad, but sometimes worse or even some other times catastrophe.
Firmware, OS, bios, drivers, whatever.
I am a fan on “update soon, update now” for most of my setups, but during these last months I postponed the update from a minimum of 10 days to a top of 4 months for avoiding these conditions : i cannot go to premises in case something goes wrong or i don’t have enough recent backup of device/OS/server to allow the upgrade or the rollback. None of this setup is virtual so “snapshot not an option”.
If the update is solving vulnerabilities or other issues related to security i am eager to update as soon as possible. At the end of this post i will update the software of an exposed NAS. Out of working time, out of interrupting attivities, five days later the announcement of the producer.
I don’t think that you have to agree with me or do the same thing, it’s just a way of think. I hope that at least you will understand why.
I had to remotely update a firewall few years ago, bricking it. At 3AM in the morning i’ve been woken up by a phone call, and at 5AM I were on premises on reset, reflash, reconfigure. The next day the producer released another update of the firmware solving the issue I encountered…
This is understandable, these releases have suffered the trio of unbound, dhcpd and ips interacting badly. I keep a reserve installation that is not on the latest release, but would count in the statistics.
An installation’s home page displays the core number. Why not show a bold warning to older releases that security fixes have not been applied ? Of course, an update will be necessary, to apply this change.
It’s debatable whether or not upgrading from releases earlier than about 120 is advisable. Those will have partitions that are too small for the long term. Each announcement of next release could inform these users that reinstallation is advisable.
As the punch-line of spectre-meltdown-checker notes: “A false sense of security is worse than no security at all”
Don’t get me wrong either. OP observation that almost 40% are on latest release is encouraging.
But as you note, the bottom 30% is the real concern and fireinfo, which is predominantly a hardware reporter, does not provide much guidance there. I don’t see it giving any indication of the number of clients supported nor whether it is a business or home installation. It’s mainly those factors that determine the potential for disruption as the result of an upgrade.
yes, those profiles will be dropped after not having seen a certain amount of time (AFAIK 14 days), so the release statistics are considered to be based on the entirety of “live” IPFire systems having Fireinfo enabled.