Solved Please be bit more sensitive about Upgrade Warnings.

Some readers may have observed in several posts of mine that I may gave a concerned impression about updates.
I just had a good reason to explain now why:

I just checked if to update my 13.0 by
freebsd-update fetch
and received:
Code:
....
No updates needed to update system to 13.0-RELEASE-p11.

WARNING: FreeBSD 13.0-RELEASE-p11 is approaching its End-of-Life date.
It is strongly recommended that you upgrade to a newer
release within the next 2 months.

That WARNING is new to me.
Where did this was invaded from? Linux world? Windows?

What I get from this "Warning" is this:
"ALARM!! YOUR SYSTEM DO HAVE A VERY URGENT AND EXTREM SERIOUS SECURITY PROBLEM AND MAY DIE A HORRIBLE DEATH ANY SECOND!!!" 📉☣️🔥🚒
The effect on me is:
AAAaaah!!.... *PANIC* 😧o_O:eek:.....maybe better downgrade to 12.3 until 13.1 is released?!!?! ...whattodo?whattodo?whattodo?whattodo?... 😵 ......AAAAAAaaaaaaaarrrrrrrgh!!1!eleven!!.....

And it ends with a joke:
13.0-RELEASE is the newest version available.
The new version 13.1-RELEASE is upcoming - not available yet!

So I am sitting on a highly insecure system and there is nothing I can do about it, just hope.

To me that's exactly the message of this vague Warning.

(I am no developer experimenting/testing. I use and for that only what's released as "stable, tested, for production...- most bugfree." So no advices to 14..., -CURRENT or what have you, please. ty.)

The "within 2 months" is a joke in its own, because though 13.1 seems to be in schedule fo far, but many of the releases I observed were delayed at last.
For me this ain't no problem at all. Really. That's OK to me.
For me this is actually a reason for trust. Yeah. Really!
I am an engineer myself, and I do know real world project time schedules match only in theory the fantastic fairy tale world salesmen and project managers live in. They always must automatically cut a third of an realistic project time given to them because they are not able to estimate it by themselves, and then put all work on another (delayed) project for the first 3 months, because there is already still way more than enough time left.
😁

To me a suspended release date is a sign of quality.
Because to me it means: "We only release if it's tested and proven OK."
And not, what I hate about all this commercial crap:
"Doesn't matter if the shit not works. We have a deadline. It's christmas. Just drop this garbage on the market! Sell the trash! There are enough morons paying actual money for this junk. For the rest we have measures of handling complaints like infinite loops to FAQs, customer support with tickets, and forums with users left on their owns. Don't care how they deal with it by themselves. Maybe very soon we will come up afterwards with bugfixes and updates, eventually." 🤪

We don't need no discussion about reasons, sense, purpose and use of updates.
I am fully aware of that. Updates are not the point. I am not against updates [I'm not a complete idiot. 😎]
I am critizising the way they are (often) [mis]used, how it's handled and above all communicated.

I'm way far from being an expert on FreeBSD, Softwareengineering and OS.
But I'm no tumb common Windows-user neither.
I am a highly sensitive person (that's why I am writing so very long posts - I'm always worried to piss someone off because I was misunderstood.[If I really want to piss someone off, he'd knew it 😋]

And I am very concerned about security, particulary of my computers.

I know this updating-terror-bullshit from Windows,...Ubuntu....
And I hate it.
It's one of the reasons I'm using FreeBSD now.
Now I explain why I am so sensitive about "update! - update! - update! - update! - update! - update! - update!...." 🤢

In many cases the "extremely important updates of urgent security issues" (all updates are ALWAYS of extreme urgent security issues! Always emergency alarm!) are neither a fix of security, nor a useful new feature, not even a bugfix but only something software developers produced and just want to see it on the market, not caring if the users needed or asked for it.
It's not that everything old was better. So ain't everything new.
Often they are commercial terror bullshit, to compell users to download new advertisments or other shit they don't want.

So my need and my trust into vague "ALWAYS MUST have EVERYTHING on the VERY NEWEST VERSION AVAILABLE" is very limited. Even if it wasn't FreeBSD that exhausted this credit in trust (yet.)

In most cases even a pro cannot distinguish each from useful or crap. There are simply too many to test and comb every single one.
So one gives up control.
And this makes me feel insecure.

Subtle the feeling is generated that your system will be hacked, destroyed, flared off .... or dies another horrible death immediatly if you do not have ALL software checked for updates every 20 minutes!
Result: stress.
Because it results in a permanent feeling of insecurity, so panic, plus the feeling of losing control, because of the insecurity and the computer tells you what to do, and when.

I am the master over my slave the machine. Not vice versa!

No system will die, because xfig received its last update in August 2021, or such like that!
I've actual seen software getting a new version number and the need of an update just because only a typo in the source's comments has been corrected [long time ago under Linux.]
Several times I had the problem that some software wasn't working anymore after an update, because it depended on another that wasn't yet. (Where is the sense of an update, if something doesn't work anymore afterwards? To get the most secure machine, switch it off!! 😤)

That's one major point I appreciate FreeBSD for:
The effort to have a "synchronized system" - trying to have all software consistent on the same level.
Which in large and above works exemplary. 👌
(At least better than in any other system I've worked on. So far I didn't had any inconsistenty yet, I did not produced by my own stupidity myself.)

And I actually "fixed" some of this version-difference-issues just by brute overwriting the version-number to it's old version.... 🤔 Programmers may despair, but the program worked again as before. And that's what I - the user - want: A working system. Other people may see it differently but I have absolutely no use for something that's not working, doesn't matter if it's the most current, most secure, best version ever. At first it must work. If not, nothing else matters.

This was all not under FreeBSD, of course, and a long time ago.
But bad experiences make you more sensitive, they tend to stay, makes you quicker alarmed - and, of course, sometimes to overreact. (sorry about this.)

That's also a reason for this long post (sorry.)
Because in the last couple of months I saw many posts here in this forum that may quick-and-dirty summarized
as:
"Hey, under Linux this&that is so great.... why not here?!!"
"Forget it! There are too many old farts here who always attack the slightest smell of change."

😡 No.
That's neither that easy, nor the point at all.
I have experience with Linux.
I don't like it.
If I thought Linux was better I would use Linux, not trying to change FreeBSD.
And as an ex-Linux-user feeling very comfortable with FreeBSD I am always concerned about people coming from Linux and may try to change FreeBSD into Linux, because they are used to it, see only the advantages of Linux and the changes they have to make to fit into FreeBSD. (What, of course, is not always the case. But sometimes it feels like that.)

There's not everything bad about Linux.
So there is not everything good about it.
Of course ideas need brought in and discussed.
But just because something is a good idea elsewhere does not mean it's always a good idea for everything.
Many things are just different, not better nor worse, just different.
Being used to something does not mean it's better.
But one thing is definitively bad: Doing everything the same way.
I'am pretty sure that's exactly the core-basic idea of why FreeBSD was started by its developers in the first place (when there already was a Linux.)
And that's why many are quickly alarmed when someone here posts to recommend to do it like somewhere else.
Because experience teaches if no-one objects, it's done quickly and not seldom carelessy.
Testing afterwards, regrets and changing back (what almost never is done) are also always worse than do it the other way around. 🤓

For me Linux lacks of core issues FreeBSD offers.
I love FreeBSD the way it is.
I don't want that to change.
But that doesn't mean I'm generally against any change nor improvement.
I just want to ask: Does it fit into this system?

For me a system consists not of sourcecode only, but way more of a philosophy, how things are done, where are the priorities etc.

So back to topic:
Because on other systems patches, bugfixes, updates, upgrades, changes and improvements are wildely mixed up, excluding me from decisions, I don't want to become FreeBSD bombarding me with vague and compelling upgrade warnings like other systems.

On FreeBSD security issues leave me cool. Yet. So far.
Even if they are serious.
Why?
Because I know.
And I know how to deal with them.
I inform myself by reading blogs, or having a subscription in mailing lists such as FreeBSD Security Advisory.
And I am pretty sure most of the FreeBSD users, at least the ones doing more than just testing shortly the taste of it, are even better informed as I am.
They (we) are no Windows-/Ubuntu-users.

A real serious security issue is quickly around in the community.
Even I get aware of it within 24...36h. And within a few days if not hours there is at least a temporarily work around, alternative or evasion, if not a fix.
So I get specifically informed about specific problems and solutions.
I can check if it really bothers me, what parts of my system affected, or none.
I can check if I need to act, what to do, get a solution or workaround, or I get the certainty I don't need to feel insecure because I know it does affect my system.
I know.

But general "WARNINGS" like this one only create unsecurity, panic,....destroying trust.
Because I don't know what.
"the whole system" - and there is no solution available yet.

I cannot stand an OS that gives me feeling it's completely insecure all the time.
That's why I left other systems.
That's why I am here.

Bottom Line:
All I want to say is I'd appreciate if there would be a bit more sensitivity about alarms.
I don't think there really is an urgent, serious security issue at the moment.
Because I don't want to. But I don't know.
I feel insecure and have to do research work now, because my computer's core system told me something very important, but vague and general. And I believe just because someone may ment it good, but didn't thought about it carefully enough.
So - please - be a bit more careful about generating general alarms.
That's all I wanted to ask for.

Don't toss around general warnings and alarms, just because others do it excessively.
We are already living in a world of way too many ubiquitious noisy, flashing alarms fighting each other for getting the most attention.

What others do is seldom a good advisor.
Especially not for people who knowingly and willfully left the road of all others.
FreeBSD users are not tumb turnkey OS cattle.
We are different. :cool:

Thank you very much.

Sincerly

Profighost
 

SirDice

Administrator
Staff member
Administrator
Moderator
That WARNING is new to me.
Then this must be the first upgrade you have encountered. freebsd-update(8) has given that sort of warnings since its inception.

What I get from this "Warning" is this:
Maybe you should read the actual message.

13.0-RELEASE is the newest version available.
The new version 13.1-RELEASE is upcoming - not available yet!
The warning specifically states to upgrade some time in the next two months. As soon as 13.1 is released 13.0 will be EoL three months later.
 
Thanks.
Because I made several updates with free-bsd update (12 and fewer), but I never saw this warning before.
That's why I am so concerned.
May be it came with 13, or maybe I just checked updates not so close to EOL so I didn't saw it yet.

In any case I would feel better if this message only occur when the next version is already released.
 
Yeah. Thanks.

You see, I'm not really seriuosly concerned - but it gives you quite a start.
Honestly: I've never seen it before - or the according brain cell died 😅
 
[...] Bottom Line:
All I want to say is I'd appreciate if there would be a bit more sensitivity about alarms.
[...]
So - please - be a bit more careful about generating general alarms.
That's all I wanted to ask for.
I agree, the message could perhaps be slightly tweaked, maybe something with a reference to the upcoming 13.1-RELEASE. The "Warning" in combination with the mentioned time window makes it clear to me that there isn't any imminent danger: no impending doom. IMO "alarms" and "general alarms" do not equate with the "Warning" as stated in the message.
 
Sorry. But in this way I'm a bit like an US american:
"You cannot say at another point I didn't told you" 😁


...maybe I'm a bit too sensitive.
It gave me a start, because of the new version is not released yet.
And as I already wrote, giving a time window when experience shows, there may delays.

After all I'd recommend:
Make it a Note as long as the new version is not released, and a warning, after the successor is released.

As I loooong pointed out, I'm simply unsecure becasue of experiences in other systems.
After 6 years gliding into, I now completely swithced to it, but not yet arrived.
 
yeah, me too - it's a habit what good programmers should do.
But SirDice is right insofar, as it's a system message, not a compiler's.
I understand this.
I was simply just not aware of it at the moment, and would appreciate to be a bit more less alarming.
 
A culture of "new is better, new is safer!" is a little bit overly simplistic in my view. Security is based on layers; not simply a treadmill of updates.

That said, I don't disagree with that warning. It is there to protect the FreeBSD project from any backlash of people carelessly unmaintaining their systems and then blaming the project.
 
A culture of "new is better, new is safer!" is a little bit overly simplistic

Absolutely. That's what I also was trying to point out.

Point taken.
Cause I can distinguish the mistakes I do from the faults of the system - at least I try and learn - but many others don't, system designers have to think of it. Right.
But that's also my point: To me it feels like the treadmill of updates I don't want to get into. And as I pointed out, being concerned that FreeBSD maybe get into that one day, thus losing its value of self responsiblity of the systems-owner ("root-user").

...maybe I just spent too much time in the forum the last couple of weeks and got a bit paranoid about too much presumptious pressure coming from Linux. :-/
 
But that's also my point: To me it feels like the treadmill of updates I don't want to get into.
Agreed, I am in a similar position. I tend to find better alternatives to security than simply updating. I.e I try to avoid messy stuff like Javascript / Python dependencies because they are basically guaranteed to be insecure on release and rely on continuous updates.

I am also extremely skeptical of updates on macOS and Windows. If you read through them, many of them are simply wasting your time giving the illusion of a software "refresh".
 
  • Like
Reactions: mer
Errors need action now. Warnings are just that, a warning. In this context; "advance notice of something."

I treat warnings as errors.
Only if they are compiler warnings.

I've seen that message in the past and while at first glance one can get the flutters from it, it's a chance to dig into what the message means.

As Erichans says above perhaps saying "NOTICE: 13.0-RELEASE is approaching EOL, 13.1-RELEASE will be here soon" would be less alarming. That would likely cause more people to pay attention to announcements on next release.

Are security notifications warnings or errors? How many people routinely ignore those? I understand the OP's position, I recall similar reaction the first time I saw it but after investigation, understood what it meant.
 
I don't know, I think the problem here is that the message is just... stupid?

Since the EoL isn't known and the remedy for the warning is not available, why is freebsdupdate warning about upgrading. I mean, no 💩, you should update your machine when an update is available. Why not just wait until it actually IS.
 
  • Like
Reactions: bjs
It is urgent after the time has expired, bc it won't get security updates then, and that version will be known to be insecure by potential threats. It's to give time to upgrade. It's a timely warning for urgency. Everyone needs advanced warning. More time for advanced warning is also good for many, because it can take time for them to focus and act. Also, upgrading earlier is better than doing that later.
 
  • Like
Reactions: mer
Yeah. I got it.


Thank you all.
By and large we share the same principle view, just differ in details, really.

What I learned about FreeBSD's main security reason (there was another thread got new posts yesterday, about comparing BSD derivates) - primarily is, you don't get an automatically preconfigured jack-of-all-trades turnkey system, but something very basic for the start.
What you want/need you have to select, install and configure.
Therein already lies a lot of security and trust into your system. Becasue you have to grapple with and learn it. And what's not there, cannot be a security issue.
Thus the source of my concern: The more automatic, the more problematic the security issue.

But of course I also see for OS designers it's always a compromise, how to design it.
On the one hand you want as many people to use it as possible.
On the other hand the more people get involved, the more issues occur additonally the number of morons.
Yeah, and also if this position is not fixed I need to postion myself anywhere between professionel (definitvely not) and moron/noob....
...where to draw the line?
Somwhere it must be drawn.
At my position? For sure not.
Just for the fact I'd stop learning then 😁
 
  • Like
Reactions: mer
[...]
But that's also my point: To me it feels like the treadmill of updates I don't want to get into. And as I pointed out, being concerned that FreeBSD maybe get into that one day, thus losing its value of self responsiblity of the systems-owner ("root-user").

...maybe I just spent too much time in the forum the last couple of weeks and got a bit paranoid about too much presumptious pressure coming from Linux. :-/
It's hard to argue with somebody's feelings. Say, if a red light frightens you, consider the meaning of that signal: please stop your vehicle, proceed when green. If you feel the freebsd updates like "the treadmill of updates I don't want to get into", please consider the release dates of the recent minor/major versions:
  • 12.0 (December 11, 2018)
  • 12.1 (November 4, 2019)
  • 12.2 (October 27, 2020)
  • 13.0 (April 13, 2021)
  • 12.3 (December 7, 2021)
I don't know how other OS-es take care of their update schedule & messages but this list does not constitute a treadmill of updates to me. (I'm aware that I don't mention patches as, IMO they are (very) important but small changes; accompanied with the luxury of (ZFS) BEs they impose very little risk or hassle.)

The self responsibility of the systems-owner has to be balanced by the responsibility of the issuers of FreeBSD, i.e. the release engineering and security team.

Edit: "By and large we share the same principle view, just differ in details, really."
Yes, I think so too.
 
Absolutely.
Windows and Ubuntu-Software-updates sometimes occur daily, sometimes even more often. And the system forces you to reboot.
And the big problem for me of Winodws is, one cannot say if/when a major update aka new version is released. And you're more or less forced to switch to it, not seldom with the need of buying new software licenses and hardware.
That's a treadmill, alright.
With 10 friends told me:"Nah, this will be the last one - update to it! There only will be updates of 10 then."
I didn't believed that for a moment from the start.
Where are they now already? 12? 14? I don't care. I left Windows when 7 expired.

However, FreeBSD does NOT feel as a treadmill to me.
But since I never seen this Warning before yet, when no new version was already available, and I thought I felt much presumptious pressure from Linux to it,
I just thought:"f#ck. Now they also start doing the same crap...."
 
FreeBSD definitely has always been a treadmill. Much faster than commercial software. I've not found it terribly onerous, but definitely tedious, as I once upgraded something from 8 to 10 fairly easily. Although, this upcoming driver cull may be bothersome.
 
OK, to be more specific on this:
It's not the pure time periods updates occur that makes it a treadmill. At least FreeBSD tries to have regular predictable ones.
Updates need to do be done anyway, else your OS is outdated, obsolete and insecure shorttermed, of course.
So better do it regulary instead of "surprise" users.
No, it's how often your system is butting in by itself unasked, affected you in a way you need (being forced) to change/buy software/hardware, or the look and feel, and all you know about it, how to use and config it, is willfully changed.
In this FreeBSD is exemplary.
Besides of new technologies are added I only gain additional knowledge. My system looks the same, and can be used and configured the same way as long as I wants it, not if somebody compells me to.
For me that's the very most important crucial point to make a system worth to really grapple it.
And that's my greatest concern that this may ever change abrupt.
 
As Erichans says above perhaps saying "NOTICE: 13.0-RELEASE is approaching EOL, 13.1-RELEASE will be here soon" would be less alarming. That would likely cause more people to pay attention to announcements on next release.
I agree. It should be a notice now. It should be a warning, as soon as 13.1 has been released and not before.
 
13.0 well may be, but this .. ? 13.1 just got out ! 😁

No updates needed to update system to 13.1-RELEASE-p0.

WARNING: FreeBSD 13.1-RELEASE HAS PASSED ITS END-OF-LIFE DATE.
Any security issues discovered after Sat Jun 1 02:59:59 EEST 2024
will not have been corrected.
 
Top