I was visiting my parents for the holidays and came across this exact mindset. I usually push them to update for security, but I learned that they stopped doing that this year. Apparently some update broke/removed/changed an accessibility feature on their phone in a way that I couldn’t figure out how to revert. My mom had updated her phone first so only she was affected. My dad now refuses to update his phone and both of them have completely stopped updating for fear that something else will “break”. I can’t really blame them, but it does worry me and now I’m trying to think of what I can do to secure their devices if they’re not going to update.
The software industry has known how to do this for a very long time, but some companies refuse to do it. You maintain a "sustaining" branch just for security and other legitimately urgent fixes, and a main branch for everything else. Users are nudged more strongly to apply the sustaining fixes and the main update branch should be optional.
We have immensely powerful version control and branching at developers' disposal, much better than at any past time I can think of. Yet, most companies insist on having a single release that increments, and users must take everything or nothing whenever they update.
Phone/OS manufacturers are actually better than most, and both major operating systems do provide security updates in parallel with major (feature) updates, but only for a very short amount of time.
But it isn't this simple, because you wouldn't need a single "maintaining" branch. You would need one for each feature release that the user may stop at.
So if you release the feature branch every 3 months after a few years you will have a dozen maintaining branches to backport fixes to, and in which to carefully test that the fix actually works. The problem is linearly worse if you release the feature branch more often.
> So if you release the feature branch every 3 months after a few years you will have a dozen maintaining branches to backport fixes to, and in which to carefully test that the fix actually works. The problem is linearly worse if you release the feature branch more often.
This has been solved by LTS releases for some time. You have a newest release branch that gets feature updates immediately and an LTS branch which has a full release e.g. once every two or three years, at which point it catches up on features to the then-current newest release branch. The newest release branch doesn't have long-term support and you're expected to take the latest feature update, the LTS branch gets only security updates, the user can choose between the two or three LTS releases currently in the support window or the newest release branch.
Only if it hasn't actually been solved. LTS releases resolve the conflict between providing a stable system that receives only security updates and separately maintaining dozens of separate branches.
They don't solve the problem, though, they merely reduce its scope. Ubuntu's LTS versions only last five years for free users, and they currently have to maintain seven of them.
And now instead of having a small update every now and then that you can perhaps try to adapt to, you have a massive update every 5 years or whatever (or less if you happened to start out just before the next LTS) that'll basically guaranteed wreck everything (by design even!!) and for all intents and purposes might as well not exist cause there's no way you're upgrading to the horrible "new" mess. And we're back at people being stuck on outdated software, but now there's just absolutely no way whatsoever you'll get them to upgrade.
Never mind the problem of if you started out on a non-LTS version.
And also the problem of not getting the actually nice updates, and perhaps losing app compatibility.
This was, I believe, the problem that Microsoft wanted to resolve with their gradual burndown of WSUS - a lot of shops (including one I used to work at) would selectively roll out updates based on whether they thought they were relevant, resulting in an explosion of configurations that Microsoft had absolutely never tested against, and naturally, a lot of breakage.
This doesn't really jive with reality as Windows is plenty buggy in the presence or absence of the latest updates. Microsoft has slowly eliminated end user controls over updates because it would interfere with their ability to monetize their customer base. You can't really push a telemetry update, if updates aren't being applied.
Frankly, even the scarequotes around break feel misplaced. Your Mom can't use the device like she wants to. An accessibility feature is gone to the point you can't get it back. That feels pretty broken to me.
Yeah, you’re probably right. I just wanted to write my anecdotal experience in a way that would avoid the “you’re holding it wrong” crowd because the point is how this leads to broken trust, not whatever broken feature it is.
Gotcha. That might help somewhat but it wouldn’t solve the “never update Android or any other app” problem. I’d also have to get them used to using a new browser. It’s a larger problem that their trust in tech was easily (possibly irreversibly) broken after years of me slowly convincing them and getting them used to letting their devices update. They are even older now and having had a stint working in the senior care tech space, I know that trying to tech the older generation to use tech safely is a very high hurdle. Now that I don’t live near them, I’m not sure that’s a hurdle that can be easily overcome.
