As a developer, it is often hard to communicate the importance of software updates to stakeholders. Websites as with all software, have a life cycle. From a website owner’s point of view, the website works. Performing updates often do not affect the way the website looks or functions at all. While it can sometimes improve performance, it very rarely does. So, what is the point in spending money to keep these systems up to date?
Back when I was studying Computer Science, there was one phrase which has always stuck with me and that is “technical debt”. You can take on debt by not keeping systems up to date and by taking shortcuts to get things done quickly and cheaply. One way or another, you will have to pay that debt back. If you refuse to pay it back, you might find the debt collectors breaking your front-door down and you now have an online service that has shattered into pieces. I’m speaking metaphorically of course, but my point is that failing to keep software up to date will eventually lead to large amounts of downtime. So why does this happen?
Websites are formed of many building blocks. Each block has a specific purpose. Without getting too technical, every website needs server software. That software is responsible for taking requests and delivering a response. A lot like a waiter taking orders for food and delivering it to you from the kitchen. That server software sits on top of an operating system. Think Windows, Linux or MacOS.
In the simplest way possible, operating systems are crucial for managing physical hardware and controlling all software installed onto a computer.
Finally, there is the database software and the programming framework that the website is built around.
There are often more building blocks than this such as firewalls and other security software, but we are just focusing on the bare minimum for now.
These building blocks come together and form what is known as a stack. I’m going to use the example of the LAMP stack. This stands for:
- Linux – Operating System
- Apache – Server Software
- MySQL – Database Manager
- PHP – Programming Language
If any one of these building blocks fail, the whole thing comes tumbling down.
Here is what typically happens when software updates are neglected. PHP has an update. As of writing this, the latest version is 8.5 and version 8.1 is about to reach its “end of life”. End of life typically means that software will no longer be supported and will no longer get any new updates. You might have a website running PHP on version 8.1 when it does reach end of life.
Despite the security concerns, you still don’t feel an impact of this yet. It will take time to update your code, so you skip upgrading. Next up, MySQL gets an update. It does not support PHP 8.1 as it is deprecated. Because of this, you don’t upgrade MySQL.
Then Apache gets an update. It does not support your version of MySQL or your version of PHP. You therefore don’t update.
Next, your operating system gets an update. Again, it does not support your version of PHP, so you do not update. See the pattern?
You quickly find your system completely abandoned. When it’s abandoned, it increasingly becomes a security risk as vulnerabilities in these services are not being patched. That’s what it means when you see “end of security support”. They will stop fixing known problems and leave you wide open to attack.
If you are not brought down by an attacker, you might eventually be forced to upgrade your operating system. Maybe it’s because you are moving providers. You move servers and now nothing works. You have a new operating system that does not support the rest of your building blocks, and you now need to upgrade everything. That could sometimes take days, and your website may be down the entire time.
We can avoid this with active maintenance. If we perform updates as and when they come in, we build stability and strength into our applications. We make sure they are ready when the next updates come in. Most importantly, we keep up with security updates that protect our services from exploitation and risk losing data. It’s always worth it in the long run to pay back that technical debt while you still have control.
In summary, “end of life” means that software is no longer supported. It becomes a security threat to your system and will prevent you from completing further updates in the future. It can eventually bring along downtime when website building blocks become incompatible with each other. This is why we should always invest in regular maintenance and updates.
