diff --git a/cmd/orbit/orbit.go b/cmd/orbit/orbit.go
index d9f39eb693..f532938635 100644
--- a/cmd/orbit/orbit.go
+++ b/cmd/orbit/orbit.go
@@ -201,6 +201,8 @@ func main() {
 			)
 		}
 
+		options = append(options, osquery.WithFlags([]string{"--force"}))
+
 		if c.Bool("debug") {
 			options = append(options,
 				osquery.WithFlags([]string{"--verbose", "--tls_dump"}),
diff --git a/pkg/osquery/osquery.go b/pkg/osquery/osquery.go
index 985d4af28d..e8a8af5847 100644
--- a/pkg/osquery/osquery.go
+++ b/pkg/osquery/osquery.go
@@ -64,8 +64,6 @@ func WithEnv(env []string) func(*Runner) error {
 func WithShell() func(*Runner) error {
 	return func(r *Runner) error {
 		r.cmd.Args = append(r.cmd.Args, "-S")
-		r.cmd.Stdout = os.Stdout
-		r.cmd.Stderr = os.Stderr
 		r.cmd.Stdin = os.Stdin
 		return nil
 	}
diff --git a/pkg/update/hash.go b/pkg/update/hash.go
index cd7fc69648..ada9f040d2 100644
--- a/pkg/update/hash.go
+++ b/pkg/update/hash.go
@@ -38,12 +38,18 @@ func CheckFileHash(meta *data.TargetFileMeta, localPath string) error {
 
 // selectHashFunction returns the first matching hash function and expected
 // hash, otherwise returning an error if not matching hash can be found.
+//
+// SHA512 is preferred, and SHA256 is returned if 512 is not available.
+
 func selectHashFunction(meta *data.TargetFileMeta) (hash.Hash, []byte, error) {
 	for hashName, hashVal := range meta.Hashes {
-		switch hashName {
-		case "sha512":
+		if hashName == "sha512" {
 			return sha512.New(), hashVal, nil
-		case "sha256":
+		}
+	}
+
+	for hashName, hashVal := range meta.Hashes {
+		if hashName == "sha256" {
 			return sha256.New(), hashVal, nil
 		}
 	}
diff --git a/pkg/update/update.go b/pkg/update/update.go
index c8e5ad216b..6dd63b4d1c 100644
--- a/pkg/update/update.go
+++ b/pkg/update/update.go
@@ -115,20 +115,20 @@ func (u *Updater) UpdateMetadata() error {
 	return nil
 }
 
-func (u *Updater) RepoPath(name, version string) string {
-	return path.Join(name, u.opt.Platform, version, name+constant.ExecutableExtension(u.opt.Platform))
+func (u *Updater) RepoPath(name, channel string) string {
+	return path.Join(name, u.opt.Platform, channel, name+constant.ExecutableExtension(u.opt.Platform))
 }
 
-func (u *Updater) LocalPath(name, version string) string {
-	return u.pathFromRoot(filepath.Join(binDir, name, u.opt.Platform, version, name+constant.ExecutableExtension(u.opt.Platform)))
+func (u *Updater) LocalPath(name, channel string) string {
+	return u.pathFromRoot(filepath.Join(binDir, name, u.opt.Platform, channel, name+constant.ExecutableExtension(u.opt.Platform)))
 }
 
 // Lookup looks up the provided target in the local target metadata. This should
 // be called after UpdateMetadata.
-func (u *Updater) Lookup(name, version string) (*data.TargetFileMeta, error) {
-	target, err := u.client.Target(u.RepoPath(name, version))
+func (u *Updater) Lookup(name, channel string) (*data.TargetFileMeta, error) {
+	target, err := u.client.Target(u.RepoPath(name, channel))
 	if err != nil {
-		return nil, errors.Wrapf(err, "lookup target %v", target)
+		return nil, errors.Wrapf(err, "lookup %s@%s", name, channel)
 	}
 
 	return &target, nil
@@ -146,9 +146,9 @@ func (u *Updater) Targets() (data.TargetFiles, error) {
 
 // Get returns the local path to the specified target. The target is downloaded
 // if it does not yet exist locally or the hash does not match.
-func (u *Updater) Get(name, version string) (string, error) {
-	localPath := u.LocalPath(name, version)
-	repoPath := u.RepoPath(name, version)
+func (u *Updater) Get(name, channel string) (string, error) {
+	localPath := u.LocalPath(name, channel)
+	repoPath := u.RepoPath(name, channel)
 	stat, err := os.Stat(localPath)
 	if err != nil {
 		log.Debug().Err(err).Msg("stat file")
@@ -158,7 +158,7 @@ func (u *Updater) Get(name, version string) (string, error) {
 		return "", errors.Errorf("expected %s to be regular file", localPath)
 	}
 
-	meta, err := u.Lookup(name, version)
+	meta, err := u.Lookup(name, channel)
 	if err != nil {
 		return "", err
 	}
@@ -168,7 +168,7 @@ func (u *Updater) Get(name, version string) (string, error) {
 		return localPath, u.Download(repoPath, localPath)
 	}
 
-	log.Debug().Str("path", localPath).Msg("found expected version locally")
+	log.Debug().Str("path", localPath).Msg("found expected channel locally")
 
 	return localPath, nil
 }
@@ -189,6 +189,7 @@ func (u *Updater) Download(repoPath, localPath string) error {
 		return errors.Wrap(err, "initialize download dir")
 	}
 
+	// The go-tuf client handles checking of max size and hash.
 	if err := u.client.Download(repoPath, &fileDestination{tmp}); err != nil {
 		return errors.Wrapf(err, "download target %s", repoPath)
 	}