/ windows

System updates: apply them ASAP or not?

Some people will scream at me for saying that, but I don't apply system updates as soon as they're released. And that's both intentional and because I forget to. And I'm talking both Windows and Linux here. Let me tell you a story.

A long time ago (actually, that's only ~7 years ago, so...), I used to have a really, but really old computer: a Pentium III 450 MHz [1] with 280MB of RAM (128+128+32, -8 for VRAM). The HDD was a 40GB one, which I got from an online friend from another state in the country. Good old days when HDD malwares weren't possible allowed such things. It had a secondary drive, which was the original one, a 6GB beast (full of MP3 files, ironically). Anyway, that machine was slow. Like really slow. But it was mine and I took care of it (mostly). It was crappy, crashed quite a lot when I was gaming (Quake II brings me back good memories), but it was enough for the time. I had no money of my own to buy something new, neither had my mother. I started college with that thing. I coded assembly on that, and believe, it was awesome! Best time of college - I miss that... *sigh*

But that machine was complicated. It was running Windows XP Pro SP3 for a while, probably an English version [2], and I had to, of course, run Windows Update. I, of course, set the thing to tell me when something was available for download, and then I would decided when it was the best time to install it (pretty much never). But when I did install it, it was because I wanted to and I had time. People don't consider this anymore because machines are faster, but installing updates takes a lot of time and power, and that's not something you can always afford. Also, at that time, updates could break the hell out of your system: break apps, break drivers or even break the whole OS. And when that happens, sorry, but you're screwed.

Because of that and many other reasons, I started installing updates a while after they were released. That was mostly synced on vacation time, or time without exams and projects for classes: if the machine broke, I would be screwed. It takes forever to reinstall your whole system on an old machine. Not so long ago, Microsoft released an update for Windows 7 that broke a lot of systems around the globe: they simply stopped working. Completely. Before that, people had forgotten that updates break things. Usually not because they want to, but somethings shit something happens and stuff stops working. It doesn't matter what, but Murphy says that it would be something critical for whatever you need right now. And yes, I believe I had some updates that killed my machine. But then again, I loved fixing it :-)

Most recently, I decided to do an overall and update all my machines: desktop, laptop, home server, overseas servers and media center. We're talking about something like 5 machines or so. The desktop is easy: it's a Windows machine and I had recently installed Windows 10, so it was up-to-date. The laptop hasn't been update for a while, so it was time to download over 1GB of Arch Linux packages (including AUR ones), compile whatever it was required and install. It took a while. The home server? Same thing: Arch Linux, lots of packages. The overseas servers? Debian, piece of cake, not so many updates. And, finally, a media center (Raspberry Pi 2 in the living room), also with Arch Linux: way too many packages. But after 1~2h I was finished, with all my machines updated to the latest security packages. All applications were updated, shiny, ready to use. Or so I thought.

Have you ever read the warnings on updates? Have you ever read a changelog? Has an update ever broke a service or an application you really wanted to use? I already experience issues with OpenVPN, SSH and even Samba updates, but last time I had to laugh: I updated Kodi (aka XBMC), my media center application. It runs on my desktop, laptop and media center. The database is synced with MariaDB (mySQL...?) on my home server, so it's really great to use and switch between places/machines (almost seamlessly). But hey, Kodi had a new version with a new database! Guess what? I had to upgrade the DB! It's usually an easy process: open the new version and wait... a lot. 5min already and nothing was happening. I killed the process, killed the new databases and forced Kodi to do everything again - this time it worked. But think about it: an unexpected update, which I didn't bother to really look into it, could have destroyed the whole database on the thing! This is dangerous.

I know what you're thinking: I didn't bother to read the package list and it's just a media center application. Yes, I didn't read on my laptop's screen the package list, and yes, I know it's just a really good media player. But let me tell you something: the moment I saw that Kodi was upgraded, I had to manually update it on my Windows machine and update my media center. All versions need to be synchronized, which is fine. But updating it on my Pi2 broke the OpenVPN tunnel I had over my ISP's wiring (I'll talk about this another time), which took me about 1h to fix. It didn't actually break the tunnel, but it broke the startup order for the OpenVPN and Kodi services. So essentially it broke the device, since I use it only as a media center. Think of this as a microwave: if the panel stops working, you don't care that the panel is the issue - the thing is damaged and you have to fix it (or have it fixed, which is safer for microwaves but not for computers). Even if you broke it. In my case, Kodi was the main service of that cute ARM board: so, for me, a simple package update broke it - completely.

And if you still don't agree with me, well, let me tell you this: once at work an update broke the whole Oracle database. Yes, the whole thing stopped working. I got into the office and was forced to sit down in front of a dusty CRT display and an even dustier keyboard and fix it. In the end, it doesn't matter who broke the thing: you, an update, the manufacturer or even a storm: someone will need to deal with it, and that someone will get angry. I hate fixing stuff that I wasn't prepared for, something I didn't know it could happen. It's annoying. But we're hackers, we can deal with issues like that and look for a solution. Think now as a common user: updates will break your system, and you'll have to deal with that (call support?). Putting in simpler words: it sucks.

Finally, before anyone gets angry at me, yes, security patches should be installed ASAP. If you can, install on a test machine first. If you can't and are not directly vulnerable (network is off, for example), take a look at what that might break. I once broke SSH by updating my home server. The solution was easy (just update my client: #fail), but it was annoying. I had to think, try to understand why. It's an unexpected situation. But, in general, security patches must be applied as soon as you can. Now, trust this words: Murphy loves you, and you'll, once day, suffer with an updated, completly broken, system.

Oh, and in case you're wondering, yes, that machine still works. The IDE controller is kinda buggy and doesn't really read more than a few MB, so you need to use a CD to boot from USB (1.1, but you can get 2.0 with a PCI card). Here's an old photo if you want to see that beast:

The old beast

Cya!


  1. the original system had a Pentium II 350 MHz CPU, but a good friend in college gave me the Pentium III. Believe me, having SSE on a CPU is important. And somehow it fixed a lot of crashes (not all of them, though). Also, it originally had 32MB of RAM (-8 VRAM), but I bought more memory over time. And, hell, that was expensive! ↩︎

  2. at that time I switched a lot between the Brazilian Portuguese, English and Italian versions. Yes, I used to study Italian by myself and I was able to understand pretty much everything (written, not spoken). Yes, I forgot it all :-( ↩︎