Ask HN: What's the benefit of deferring updates?

4 points by mimsee ↗ HN

8 comments

[ 2.8 ms ] story [ 31.5 ms ] thread
I'm not too sure in what context you're referring to, but I'll assume you're asking for reasons why you might want to delay updating software.

One reason might be because of regression, when an update introduces a bug that causes the software to malfunction despite it previously working. It is sometimes wise to let other people try out the update first, and then update if it appears to not be problematic.

Another reason might be because the update intentionally breaks compatibility, or removes a feature you need. If the new version of the software doesn't meet your requirements, then you might need to stick to using the older version. This might just be temporary until newer versions of the software meet your requirements once again.

You might also need time to assess whether the update compromises the security of your systems (there have been instances when updates have contained malware), or complies with legal or business requirements (the terms of the software licence may have changed).

Despite all of that, however, it is imperative that security updates in particular are taken very seriously. In most cases, it is a good idea to install security updates as soon as they become available.

Call be paranoid but I'd rather have a few hypothetical feature-bugs in the systems than security vulns. Just keep the systems in the stable release.
Probably not what you have in mind but, in the case of old computers, performance.

I know everyone here changes computers every year, but lots of people I know keep the same computer for 7-10 years. And why wouldn't them? They can read their email, browse the news, and write letters.

Updates, on the other hand, tend to include the latest and greatest, requiring more and more resources. As a result, the computer gets slower and slower without providing any extra functionality. Good luck installing a modern browser with 512MB of RAM or, God forbid, the latest Windows. Things can also move around across versions, which is not great for non-technical users (or even worse, users with some kind do of impairment).

In these situations I disable updates, add some extra protections, and accept the fact that I'll have to retouch them every year or so.

I understand your point for old hardware but I was mostly meaning in a company/school/hospital type of environment where there is adequate hardware. Sorry for not mentioning it before.
Huh?

It tends to be the opposite - government places like schools or hospitals run on tightly reglamented software and processes, and updating ANYTHING is a hard, long struggle. You would often find computers running XP or less around such places.

Hell, i had to setup a bunch of USB floppy drives at a certain auto parts manufacturer's accounting office because the local tax office's computers didn't have USB and all the digital tax reports could only be accepted on floppy disks. Yes, that was this decade, and not early in it either.

It's regular people who tend to buy new stuff all the time, not organizations.

The primary reason to defer updates is the risk that the updates will break existing functionality in a way that negatively impacts worker productivity. This could be bricking a laptop/server/computer, or causing software to stop working. The risk is particularly high for older software, which might be using deprecated or unofficial apis, or potentially may no longer be supported (when a vendor goes out of business there's nobody to call or pay). Many companies have customized existing software to the extent that they're incompatible with updates ie they've forked the software. In some cases, like the air traffic control software https://www.wired.com/2015/02/air-traffic-control/, to change over they need to do a full-rewrite, which is very risky and may be missing functionality or just be buggier than the mature software you're using.

For healthcare, banking and education there are some additional factors. These are all regulated industries, where all updates have to go through change management and testing in order to be compliant. In healthcare, updates are particularly uncommon as devices spend at 6+ months to years undergoing FDA certification. When a piece of software is updated, that update has to have gone through the FDA certification process before being applied.

My reason: I don't live in an IT perfect world. Moving parts that always break with updates.

I have third party provided configuration in some machines and most of the Windows updates break these configurations. When it happens, I have to call these third party and a non-IT person come here to reconfigure things.

These configurations are mostly client certificates that work only with IE8 or older (!!!). Their websites use ActiveX, Flash or some other buggy tech. I have the option to maintain my computers working without patches or I update my Windows and wait 2 days (or more) before they're able to reconfigure my machines (and this downtime costs a lot).

I try to sandbox these machines in my network, but you know it is not perfect.