116

Citrix sends out security bulletin emails, and every time the support article gets hugged to death (tesseract.dubvee.org)

submitted 2 months ago* (last edited 2 months ago) by ptz@dubvee.org to c/mildlyinfuriating@lemmy.world

19 comments fedilink hide all child comments

They used to put the affected versions in the email, but that stopped a few months ago. Now it's just a vague "product is affected, click the link to learn more". Every. Time. the support part of their site gets hugged to death as if the uptick in traffic to it is completely unexpected.

So now I have Schrodinger's vulnerability until whatever potato-class servers they have their support bulletins running on frees up enough slots to render a frigging static HTML page.

It's almost as bad as news teasers that are like "Is something in your house going to kill you in the next 30 seconds? Find out more at 11!"

top 19 comments

sorted by: hot top controversial new old

[-] breakingcups@lemmy.world 35 points 2 months ago

I mean, it must be very difficult to checks notes host a static document in a scalable way.

But still, if only they had an asynchronous, distributed way of publishing this information. Like old school letters, only digital. That would help them decrease the load on their infrastructure...

[-] ptz@dubvee.org 10 points 2 months ago

My thoughts/words, your mouth (err, fingers)

[-] perishthethought@lemm.ee 17 points 2 months ago

TIL: Citrix is still in business.

(You can tell I don't work in IT)

[-] ptz@dubvee.org 9 points 2 months ago

They've gone so far downhill it's not even funny. Unfortunately, they're still the best option for us to offer remote apps and desktops to our org.

[-] flambonkscious@sh.itjust.works 4 points 2 months ago

Yeah, same boat. It's like the uncle that had a head injury and can hardly function compared to some of the earlier products they released

[-] False@lemmy.world 5 points 2 months ago

I also just learned this and I work in tech.

[-] possiblylinux127@lemmy.zip 1 points 2 months ago

Who in IT actually uses them?

[-] notannpc@lemmy.world 11 points 2 months ago

If only they knew a multinational cloud provider that could help them handle the load caused by them notifying their customers…

[-] bionicjoey@lemmy.ca 11 points 2 months ago

Can't you just search for the CVE online?

[-] ptz@dubvee.org 13 points 2 months ago

I mean, yeah, to get the general details of the vuln, but the support bulletin has the affected firmware versions. Ours may or may not be affected.

[-] bionicjoey@lemmy.ca 3 points 2 months ago

This appears to have affected versions (everything up to version 20230928)

[-] ptz@dubvee.org 4 points 2 months ago

Thanks, but those aren't for the Netscaler appliance.

[-] bionicjoey@lemmy.ca 3 points 2 months ago

Ah, I see

[-] ptz@dubvee.org 7 points 2 months ago* (last edited 2 months ago)

Good resource, though. With these, they're appliances and you don't update packages individually: you just update the whole firmware.

Our org's firmware update cadence is quarterly unless there's a vulnerability that needs to be addressed. So that's what I'm trying to determine so I can get the maintenance window scheduled. We just updated everything last month.

[-] flambonkscious@sh.itjust.works 1 points 2 months ago

I could never get useful details out of any of the CVE sites. Really annoying, but maybe I'm dumb

[-] possiblylinux127@lemmy.zip 1 points 2 months ago

Could you just check the official CVE database?

[-] flambonkscious@sh.itjust.works 1 points 1 month ago

Yeah, even for this one, mite and the nvd are completely useless (denying it exists).

mitre denies it exists links to NVD which is also basically an HTTP 404 error

You are right, though - When I look at CISAs notes, they direct to the right source meaningfully. I'm sure I've found some that are total stonewalls in the past, but no idea of that was MS, chrome or just a particular vulnerability... It's happened enough I'd given up, but maybe I should retry next time

[-] Moonrise2473@feddit.it 7 points 1 month ago* (last edited 1 month ago)

Same for my electric bill. They used to attach the PDF to the email, now is "login to download" - and for 2-3 days from the bill the server is completely overloaded

Hate this behavior too much

[-] vk6flab@lemmy.radio 3 points 1 month ago

Seems to me that they're giving you ample incentive to migrate to another supplier.

this post was submitted on 09 Jul 2024

116 points (100.0% liked)

Mildly Infuriating

34999 readers

1292 users here now

Home to all things "Mildly Infuriating" Not infuriating, not enraging. Mildly Infuriating. All posts should reflect that.

I want my day mildly ruined, not completely ruined. Please remember to refrain from reposting old content. If you post a post from reddit it is good practice to include a link and credit the OP. I'm not about stealing content!

It's just good to get something in this website for casual viewing whilst refreshing original content is added overtime.

Rules:

1. Be Respectful

Refrain from using harmful language pertaining to a protected characteristic: e.g. race, gender, sexuality, disability or religion.

Refrain from being argumentative when responding or commenting to posts/replies. Personal attacks are not welcome here.

...

2. No Illegal Content

Content that violates the law. Any post/comment found to be in breach of common law will be removed and given to the authorities if required.

That means: -No promoting violence/threats against any individuals

-No CSA content or Revenge Porn

-No sharing private/personal information (Doxxing)

...

3. No Spam

Posting the same post, no matter the intent is against the rules.

-If you have posted content, please refrain from re-posting said content within this community.

-Do not spam posts with intent to harass, annoy, bully, advertise, scam or harm this community.

-No posting Scams/Advertisements/Phishing Links/IP Grabbers

-No Bots, Bots will be banned from the community.

...

4. No Porn/Explicit

Content

-Do not post explicit content. Lemmy.World is not the instance for NSFW content.

-Do not post Gore or Shock Content.

...

5. No Enciting Harassment,

Brigading, Doxxing or Witch Hunts

-Do not Brigade other Communities

-No calls to action against other communities/users within Lemmy or outside of Lemmy.

-No Witch Hunts against users/communities.

-No content that harasses members within or outside of the community.

...

6. NSFW should be behind NSFW tags.

-Content that is NSFW should be behind NSFW tags.

-Content that might be distressing should be kept behind NSFW tags.

...

7. Content should match the theme of this community.

-Content should be Mildly infuriating.

-At this time we permit content that is infuriating until an infuriating community is made available.

...

8. Reposting of Reddit content is permitted, try to credit the OC.

-Please consider crediting the OC when reposting content. A name of the user or a link to the original post is sufficient.

...

Also check out:

Partnered Communities:

1.Lemmy Review

2.Lemmy Be Wholesome

3.Lemmy Shitpost

4.No Stupid Questions

5.You Should Know

6.Credible Defense

Reach out to LillianVS for inclusion on the sidebar.

All communities included on the sidebar are to be made in compliance with the instance rules.

founded 1 year ago

MODERATORS

LillianVS@lemmy.world

STRIKINGdebate2@lemmy.world

Tenthrow@lemmy.world