When it comes to the question of whether to upgrade software, there’s no doubt you’ve heard or thought the argument…
“But it’s working just fine. Why should I risk breaking something?”
Combine this with the fact that upgrades cost time and money and often create at least some level of disruption to the way a piece of software works, and it’s no wonder many businesses find themselves behind a version or two when it comes to software.
In short, the reality is that a wheel that doesn’t squeak often doesn’t get the grease it actually needs.
But therein lies the danger. By the time your business software lets out its first squeak, you might be facing a long and expensive updating process to catch it back up to speed.
Whether you’re considering an update for your personal iPhone, or a major software version overhaul that will cost your business time and money, many of the reasons to update software apply across the board.
Here are three big reasons:
Outdated software with unpatched security holes is a gold mine for web exploits. When new software releases become available, they often come with update notes that reveal previously known exploits that have already been patched. When this information becomes public knowledge, it can leave applications that are not updated especially vulnerable. While this is especially true for operating system updates, it also applies across the board.
“Just visiting a compromised website with a vulnerable version of Internet Explorer can allow attackers to access to your computer and install software that steals your personal information. Being infected like this is known as a drive-by download. The software that infects computers through this vulnerability collects information, including user names and passwords for various sites, including bank and email accounts,” reports CITES Security.
This isn’t just a problem with your phone or desktop. It can happen to your business application as well. Take this example from last year, when hackers exploited a six-year old vulnerability in an SAP software product. These stories happen more often than anyone would like.
2. Fixing Bugs
When a new piece of software is rolled and more users begin to use it and provide feedback, bugs are identified. This is often one main reason for updates: to fix the bugs and make the software more efficient. If you continue to run business software with known (and un-fixed) problems, it can lead to more support requests and system downtime—which costs money.
If you’re going to spend money on software in the first place, shouldn’t you have access to all its features? And benefit from its speed and responsiveness? This is another main reason for updates. Developers aim to create software that meets the preferences and requirements of its customers, and as those needs are identified and refined, updates are released to meet them.
New versions of software often unlock new features, or sometimes more efficient ways to implement existing functionality. Both of these add punch to your software at a fraction of the cost, and they can often justify the ROI of the expense of version upgrades on their own.
A Closer Look: Python and Django
Python is a programming language, and Django is a web development framework built using Python. These are the primary programming languages and frameworks we use at Worthwhile.
Here’s how version releases are numbered for both:
* Versions are numbered A.B or A.B.C.
* A is the major version number—it is only incremented for really major changes in the language.
* B is the minor version number, incremented for less earth-shattering changes.
* C is the micro-level—it is incremented for each bugfix release.
At this writing, Python’s most current version is 3.6, and Django’s is 1.10 (with 1.11 on the way soon).
Whether or not a new version is compatible with previous releases often depends on the level of that version. For example, in Django:
* A.B versions will be mostly backward compatible with the previous release. Exceptions to this rule are listed in the notes for each release.
* C versions will be 100% backward-compatible with the previous patch release. The only exception is when a security or data loss issue can’t be fixed without breaking backward-compatibility.
It’s also important to check whether versions of one software or language are compatible with versions of other software. Case in point—when Django 2.0 is released, it will only support Python 3.0 and up. So if you fall behind in your version updates, you may have to update versions of multiple software at once—adding to your expense.
At any moment in time, a developer team will only support a set of releases to varying levels. Python 2, for example, started in 2000 and is expected to lose all its support in 2020. For any software, if a version is no longer supported, this implies there will be no bug fixes moving forward—which is reason enough to upgrade.
Yet, the industry was relatively slow to adopt Python 3, especially considering some early code problems. Many of those initial issues have been fixed, and after Python 2.7, new features and security updates will be from the Python 3 development branch. Therefore, while Python 2 is still popular, it will certainly phase out in the foreseeable future. We are regularly moving clients from Python 2.7 to Python 3.0 at this point in time.
It’s a similar situation for older versions of Django. One IT professional wrote in to an online forum that one of his Django-based projects was stuck at version 1.6.11, mainly because in 1.7, Python 2.6 support was dropped. He was especially concerned that no security fixes had been available to 1.6 for quite a long time. Yet, convincing the project’s leadership of the need for a major update was proving to be challenging. This is the big problem with falling far behind in version updates.
It’s worth pointing out here that some versions of Django are LTS (long time support versions). Usually, once a version two numbers higher is released, the security patches for a version cease. That means when Django 1.9 was released, 1.7 stopped receiving security updates. However, because Django 1.8 is LTS, it will receive security updates until April 2018, even with the recent release of Django 1.10.
Delaying version updates can also create a domino effect with dependent software (dependencies). Therefore, it’s usually necessary to upgrade to the latest version of Django-related dependencies. If dependencies are not well maintained, they may not yet support a new version of Django, and parts of your software will simply stop working.
Before upgrading to a new version of Django, you should also resolve any deprecation warnings. Fixing these before upgrading ensures you’re informed about areas of the code that need altering.
Even with the best-laid plans, the unfortunate reality is that, while software upgrades are often a pain, they are critical in keeping your business operating effectively.
With that in mind, here are a few suggestions that will hopefully make your life a little easier when preparing for a major (or even minor) upgrade of any software…
* Keep all documentation up to date.
* Upgrade modules incrementally if possible.
* Maintain a pip requirements file that includes required version numbers so you can manage dependencies.
* Stay familiar with your software’s release notes announcements and other relevant online forums.
When we do biannual reviews with our clients at Worthwhile, we always mention version updates as a key issue. That’s because we’ve learned how falling far out of date leads to costlier updates in the future. We now offer our clients support packages that include version updates to avoid the bigger problems we’ve mentioned in this post.
Just as you need to change the oil in your car, or change the air filter in your home, consider version updates as the kind of regular maintenance that keeps software working well. And make a plan to stay ahead of the game in this crucial area.