abadideaNov 25, 2024

Good news: The Dell firmware update utility definitely checks whether update executables are signed.

Bad news: Dell is posting unsigned update executables to their website labeled “critical” which then fail to install due to the good news

Show threadabadideaNov 25, 2024
This firmware update has been periodically failing since I got this laptop from work several weeks ago, and only today did I put in the effort to track down where it was hiding the logs with the real reason. This suggests that not only do they have a process issue that meant an unsigned update got posted, but they have no ability to detect that there’s a 100% failure rate to install after downloading it
Show threadPhilNov 25, 2024
@0xabad1dea People keep being upset about "telemetry". But that's the kind of telemetry that you'd want as someone pushing software to people.
Show threadabadideaNov 25, 2024
@phil 100%, there should always be a chance to say no to telemetry but even if only a fraction of users consent, the 100% failure rate among reporters should be quickly raising a huge red flag somewhere
Show threadsabik
@0xabad1dea @phil
They might even have one laptop themselves, suitably instrumented 🤷‍♀️
Nov 25, 2024 at 11:45amWeb
Show threadabadideaNov 25, 2024
@sabik @phil I can at least understand why they don’t have canary end user laptops set up, because since this is firmware updates, they’d need one for every hardware configuration they’ve shipped in the last decade to reliably catch every issue of this class
Show threadI had something for this…Nov 25, 2024

@0xabad1dea @sabik @phil is it actually unreasonable for one of the largest hardware integrators on the planet to have some 5-6 figure number of machines configured to run integration tests?

They initially developed all those configurations and allow-listed them as options.

They sell countless millions in warranty and support contracts… isn’t *some* part of the business relying on that compatibility not being broken by first-party updates?

Show threadLisPiNov 28, 2024
@rvalue @phil @sabik @0xabad1dea They are indeed running the risk of screwing up a support contract at some point or another by letting this lie, indeed.

Or possibly they refuse to provide support contracts that includes this except on very specific hardware for which they actually do what they should've been doing.
Show threadTony YarussoNov 25, 2024
@phil @0xabad1dea @sabik Now I’m envisioning the annual Dell all-hands meeting where they run some sort of lottery to find out who will be using the oldest and cruddiest computers for the next year.
Show threadLisPiNov 28, 2024
@0xabad1dea @phil @sabik > they’d need one for every hardware configuration they’ve shipped in the last decade to reliably catch every issue of this class

Which they really should have, in fact.