Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> As an example, I have sites that were built using ASP.NET version 1.1 that have survived to this day with nothing more than Windows Update

You are right; but in my experience those ASP applications also had security holes (CSRF etc) that were never patched. They ultimately either became botnets or faded away when the corp simply faded away.

A business that can't afford to pay for cleaning up its business applications is likely to be unable to pay for general upkeep as well. It is simply past the point of being a viable business and is either in limbo or in the grave!

See "maintenance free" approach to software as canary in the coal-mine and run away as fast as possible.



That's not the reality I know. I have apps written and compiled on windows xp that still work to this day.

If you work on any non-msft stack I know of, you're constantly updating code for any, sometimes even minor version upgrade.


The reality I know is that the people who wrote their apps on Windows XP left the company some years ago, but the apps live on: perfectly functioning, but unable to make requests via anything more secure than TLS1.0 and forcing other people to run servers that continue to accept TLS1.0 years after it was deprecated by everyone else.

https://blog.pcisecuritystandards.org/migrating-from-ssl-and...

(That's the PCI announcement in 2015 that despite everyone knowing about problems with TLS1.0, they would continue to allow it through 2018 because of all the companies who deferred their technical debt in the manner you seem to be advocating.)


That happened to me. All I had to do is patch windows server. I didn't have to change or even recompile my code.

I know is hard to believe it's that simple, but it is.


So all you had to do was:

1. Know what to do.

2. Have approval to do it.

3. Do it.

... which is to say, maintenance. The fact that maintenance is simple and/or easy doesn't mean it happens by itself.


> The fact that maintenance is simple and/or easy doesn't mean it happens by itself.

Yes, there will always be _some_ maintenance. The point is it should be as simple and easy as possible.


I'm telling you that the entire infrastructure of the world is held back by companies who don't do simple maintenance, and your response is to tell me it should be easy to do maintenance.

Someone isn't getting the point, and I don't think I can make it any clearer.


Or is your point that we're held back by people who don't do simple maintenance, and trying to make maintenance simpler, while it might help, won't solve 100% of the problem.


Are you saying it's better if maintenance requires a lot of work, to encourage people to do more maintenance?

If we made things harder to upgrade would that encourage more people to upgrade?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: