HACKER Q&A
📣 mcflubbins

How common is it to work on out-of-support software?


I've worked at several companies over the years and found that most of them struggle to keep things up to date. It feels like I'm almost always working on ancient versions of software and its always a monumental lift to update anything to a supported version. If you encounter a problem, the answer from the project is always: Update to the latest version.

It feels like most companies I've worked at are terrible at maintaining software over any reasonable period of time. This month I've worked on PRODUCTION applications using: .NET Core 3, Node.js v6, PHP 5, MySQL 5.7 and that's just off the top of my head. I've worked at some companies that have even been hostile to the idea of updating to a supported version of something saying it added no value and was just churn for churn's sake. Perhaps some of that is true, but it just kicks the can further down the road.

What I'm wondering is: How common is this? Is this one of the reasons (I'm sure there's many) why I get letters every couple of months saying my data was leaked/breached from some company? How do you convince management to keep up with the constantly shifting and evolving software world when they see little value in it?


  👤 lawls Accepted Answer ✓
Did the sun rise? Then, yes, today I will be working on maintaining or improving out-of-date software because it currently works. I've got better things to work on and eventually one of them will be a replace program for this outdated legacy code I cannot wait to stop supporting. I like it though, keeps me on my toes and familiar with the old stuff as we build the new.

👤 PaulHoule
I installed Office '97 so I could reproduce workflows used by our data team (ancient Access apps) Amazingly it still works in Windows 11, Clippy and all, even the attempts it make to the take over the desktop almost work.

👤 JohnFen
In my experience, it's incredibly common. I don't think I've ever worked at a place where this didn't happen.

It's not mystery as to why, either. Upgrading tools is expensive by just about every metric, not just financially but also in terms of disruption. Also, using the latest version of anything carries a real risk: the latest version is generally the one that is most likely to contain serious problems. It's better to sit at N-1 as a general rule.

Deciding not to upgrade, in the absence of a benefit that can offset the cost, is not entirely irrational.


👤 FrankWilhoit
Ultimately it is up to the auditors. They routinely force their clients to scrap homebrew systems that work in favor of name-brand ERP that does not work, but on which the auditors' people have been trained. If they say: gold bits or we won't sign, then gold bits it will be.

👤 bdangubic
maintaining an application that uses Struts version 1 which has been EOL'ed decades ago. security vulnerability were discovered after EOL ( CVE-2014-0114, CVE-2015-0899, CVE-2016-1181, CVE-2016-1182...) so you know:

- find the source online

- get the build going

- fix the security problem

- deploy to local artifact repo

- keep on trucking ...