undefined | Better HN

0 pointsPeterStuer1y ago0 comments

Sounds like you come from the B2B, consultancyware or 6÷ figure/year license world.

For the vast realm of <300$/year products, the ones that actually use updaters, all your suggestions are completely unviable.

0 comments

sigmoid101y ago

And it's not like B2B doesn't get whacked by bad software or bad actors regulalry. The idea that software updates itself is vastly more benefitial than harmful in the very long term. There so many old machines running outdated software in gated corporate networks, they will get owned immediately once a single one of them is compromised in any way. They are literally trading minor inconveniences for a massive time-bomb with a random timer.

buran771y ago

The two sides of your thought are going head to head. "Gated corporate networks" don't benefit from software that "updates itself" (unless we're talking about pure SaaS). It's exactly where auto-updating is completely useless because any company with a functioning IT will go out of its way to not delegate the decisions of when to update or what features are forced in out to the developer and their product manager.

Auto-updates mostly ever practically happen for software used at home or SMB which might not have a functioning IT. If security is the concern why not use auto-updates only for security updates? Why am I gaining features I explicitly did not want, or losing the ones which were the reason I bought the software in the first place? Why does the dev think I am not capable of deciding for myself if or when to update? I have a solid theory of why and it involves an MBA-type person thinking anyone using <$300 software just can't think for themselves and if this line of thought cuts some costs or generates some revenue all the better.

sigmoid101y ago

You're not thinking of it long term. In the short term you might be better off deciding when to update yourself, but in the long term you will be infinitely worse off because the reality of business practice is to delay updates until something catastrophic happens just to save a few bucks in the IT department. This approach merely means your system will run smoother over short time scales, while it becomes a complete clusterfuck over long time scales.

1 more reply

account421y ago

This mentality is how we get incidents like CrowdStrike. Relying on auto-updates for security is a crutch that allows insecure designs to spread.

sigmoid101y ago

Crowd strike was primarily an issue of running third party software in the kernel. If you're fine with this approach ad a company, you'll always be at the mercy of other people not screwing up in the lightest. Auto update issues are actually one of the nicer things you can run into over there.

account421y ago

This is how consumer programs used to work before everyone got fast broadband.

PeterStuerOP1y ago

There was not much consumer programs to exploit in the days of dialup.

Sure, virii were with us since the early 80's, but they mostly targetted the OS, and there were no rapid security patch release cycles back then. You just had 'prevention' and mostly cleanup.

j / k navigate · click thread line to collapse

0 comments

sigmoid101y ago

buran771y ago

sigmoid101y ago

1 more reply

account421y ago

This mentality is how we get incidents like CrowdStrike. Relying on auto-updates for security is a crutch that allows insecure designs to spread.

sigmoid101y ago

account421y ago

This is how consumer programs used to work before everyone got fast broadband.

PeterStuerOP1y ago

There was not much consumer programs to exploit in the days of dialup.

Sure, virii were with us since the early 80's, but they mostly targetted the OS, and there were no rapid security patch release cycles back then. You just had 'prevention' and mostly cleanup.

j / k navigate · click thread line to collapse