Why do IT pros use long outdated versions of Linux while we're told to keep updating and upgrading?
SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Does everything have to be political? Every Web browser in history has had "back" and "forward" buttons.
It's software. Use it or don't use it. It's entirely your choice. There's nothing political here.
In all honesty he's got a solid point about the pace of change. I don't agree with his ideology but when people say "keep updating" when not every change is a security/bug fix it gets on everyone's nerves.
I've been digging through changelogs for other distros and it gets pretty messed up. There's some real bullshit in the way some projects document their changes so it's not a surprise to me when someone gets cranky.
They can run any version of Linux they want in "the lab" because "the lab", pretty much by definition, is an environment where everything is controlled (as opposed to "the field").
Moving the 'Next' button on a prompt from the lower right to the top left and calling it 'Forward'. And Forward is a term for those of a certain political ideology. One I despise with a passion.
Quote:
Customer: "That's why I hate this Windows - because of the icons - I'm a Protestant, and I don't believe in icons."
Tech Support: "Well, that's just an industry term sir. I don't believe it was meant to-"
Customer: "I don't care about any 'Industry Terms'. I don't believe in icons."
Tech Support: "Well...why don't you click on the 'little picture' of a filing cabinet...is 'little picture' OK?"
Customer: [click]
They can run any version of Linux they want in "the lab" because "the lab", pretty much by definition, is an environment where everything is controlled (as opposed to "the field").
True. Anyone can run whatever they want; it's none of our business. I would be curious if the Slackware 12 stations have access to the internet or if they're on a protected intranet.
great thread and points. on OP? security vs. features for upgrades is the real ? A private lan can run whatever
they want and only worry about the firewall and security on the main server to the internet. you can still take
an ancient Os online if desired to do so.
I'm still learning.I've been using Lubuntu forever, but I'm going to try again at learning Slackware. Even the striped down version of Ubuntu is updating daily as bad as Windows. I checked in with my local uni's computer science department and many of their professors were using long outdated versions of linux, one was using Slackware 12.0.
Non of these A**wholes seemed to have the time or energy to answer a few simple questions. This was after hours.
1.So how long can you safely use an older version Slackware.
2.Why are there so many updates from these other linux versions?
Thanks
Wally
Short answer:
The average home user is at a very low risk of anything happening to their Linux system. But people update because of either hardware changes or to have peace of mind.
Long answer:
I refer you to a discussion I had with a programmer veteran a couple of years ago who works for an e-security firm.
Quote:
L: With regard to security, people say they’ve never seen a Spectre or Meltdown attack in the wild. People are patching their machines like crazy and using microcode but I hear that there’ve been very few attacks.
M: What I’m going to say is very politically incorrect but I have never suffered from a security attack - well, I may have had an attack but I’ve never suffered a security incident. I’ve seen security incidents and I work in an area currently which is very sensitive to security but I’ve never ever seen anything. We run machines that have uptimes of 1,500 days that we don’t dare reboot anymore. Is that a good thing? No, it’s certainly not compliant with some of the auditory requirements that we’re supposed to be following and those machines are special-case machines, if you manage to penetrate the security in front of those machines - to get to them - in my view you deserve to have access! Because they’re not easy machines to get to, we can’t even get to them within the organisation. So it’s very difficult to say. My personal gut feeling is it’s too much of a religion and I have seen problems introduced by patching, I’ve seen systems break because of patching, I’ve seen new security holes arise because of patching. I’ve been to security conferences where they show you how easy it is to break into machines and no amount of patching is going to fix that and no amount of security scanning software is going to solve the problem.
If you can patch, and you can patch regularly and you can patch reliably and you can patch automatically then you may as well do it, as long as you have a good testing regime in there so you can test the stuff first. I personally, on my phone and on my computers, I make sure I’m not at the latest patch level.
L: You’re not?
M: No, I don’t want to be at the latest patch level.
L: Why not?
M: It’s nearly always broken in one way or another. I don’t like it, I hate it, I hate upgrading stuff on my phone, it’s always worse than it used to be.
L: How much risk is the average home computer user at?
M: No doubt there’s a risk of becoming part of a botnet. Of course there’s a risk, so what Windows do with their occasional patch releases is probably a good thing, but religiously patching with every single patch that comes out? I don’t think it’s worth it. I actually think it’s damaging. If you can afford it and you’ve got the time, it’s not going to do you any harm, well, it’s not going to do you much harm.
L: It’s kind of an “if it ain’t broke, don’t fix it” kind of thing?
M: I’m certainly a big believer in "if it ain’t broke, don’t fix it".
L: So having a 1,500 hour [uptime] -
M: Day.
L: Day, sorry.
M: I’m not proud of it.
L: You should be!
M: Actually in some ways I am proud of it, but the fact is that this machine has been running a national identification system and we have other machines with that kind of uptime and no security breaches ever. There was a security alert on some library, I think it might have been TLS or SSL, some kind of encryption algorithm, I can’t remember, but it was some library, an enormous hole had been found in it and everybody needed to panic about it, the whole organisation and the whole of all the organisations were jumping up and down needing to patch this hole in this library but ours were so old that we weren’t affected by it. It was quite pleasant at the time.
L: People are religiously patching and worrying about the next incremental kernel update or the microcode, they’re obsessed by it.
M: Being on the latest version is never a good idea. Oracle release patches to their database, I think four times a year. Solaris used to release patches four times a year and HP-UX four times a year. There are more people desperately trying to get into these machines now but you never stayed on the latest version so you were always six months behind at best. Because the latest version will introduce bugs. At the place I work now - I think it was SUSE which changed the way that su worked - it took me a while to find out that it was su but we patched it - we had automated patching, if we want to patch we don’t go and patch all our machines individually - and we rolled out the latest versions of patches and some obscure script that somebody had written just broke, and it was an important script, it ran once every six months and it broke. And the reason why it broke was that the guy had written the script properly, really carefully and really well, redirecting standard outputs, standard error, and it didn’t work with su because there was a new feature with su and you had to put some incredibly annoying and fashionably long flag on the command line to get it to behave in the same way that it used to. It’s not a huge thing, I suppose, but we had a production failure because of a patch.
We had a change control system written in Perl at one place, some guy patched another machine which patched Perl and it broke the change management system because it changed the way it handled databases. And the change management system failed. It broke because he had patched the system. It’s not a religious thing to do. I think it’s something to do with care, even with Oracle. The best practice with Oracle is to look through every patch first before you apply it.
L: Slackware -current is a testbed for the next stable. It’s not like the very very latest things get dropped into it, sometimes they get dropped into /testing and then they end up going into -current but -current is for the users to report any bugs or if they need it because it’s got more recent hardware support. But the stable version only ends up having security updates.
M: Yes, don’t keep fixing it until you break it. It’s a difficult thing to say. People do get attacked and machines do get taken over and they do become part of botnets which attack other machines, it does happen. It’s just never happened to me.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
