[throwaway613834]

> There is such a thing as finished software. With no major bugs. That does not need constant updates.

The general attitude (both on HN and elsewhere) is that if any security update exists for a product you use then you are a complete moron not to update it immediately. There is virtually no acknowledgment of any nuance on the topic in my experience.

[dvfjsdhgfv]

I think this is what people officially say, because this is the "right" thing to do, and in general it makes sense. But in real life things are different. I had to support many ancient systems with no security updates for years or even decades now. For some of them some updates were available, but we didn't even have the hardware to test them on. Yes, we were gradually moving many older parts to newer systems. Nevertheless, in the case of these older machines working in isolated networks, trying to patch them was just asking for trouble. I bet many admins on HN have similar experience.

[digi_owl]

In other words, people are "virtue signaling"...

[jamy015]

Not applying a security update is willingly leaving a known security hole in place. At best, you are making your system insecure, and at worst, you are putting others on your network and/or in your social circles at risk.

[CaptSpify]

or.... You are trying to avoid an update that is going to break your machine/workflow. If security updates were sent along a different channel than feature updates, this wouldn't be an issue. But companies keep tying these together, and there are only so many features you can carelessly break before users become aware of what you are really doing.

[jamy015]

If you are not happy with the direction a certain piece of software is heading in, you are free to switch to a competitor that fits your workflow better.

This mentality is what led to Windows XP sticking around long after being declared dead.

[CaptSpify]

If you are lucky to have a competitor. This type of thinking is so naive, I can't believe we still see it pop up every now and then.

[PatchMonkey]

I'd like you to expound upon that lack of competition. Where does it pop up?

[CaptSpify]

Android vs iPhone, any website that is moving into a "modern" framework direction. Software that runs MRI's, or CT's. Also any software that is picked by middle management, rather than the people that actually use the software: ADP, Oracle, anything in the education realm, etc.