[sigmoid10]

And it's not like B2B doesn't get whacked by bad software or bad actors regulalry. The idea that software updates itself is vastly more benefitial than harmful in the very long term. There so many old machines running outdated software in gated corporate networks, they will get owned immediately once a single one of them is compromised in any way. They are literally trading minor inconveniences for a massive time-bomb with a random timer.

[buran77]

The two sides of your thought are going head to head. "Gated corporate networks" don't benefit from software that "updates itself" (unless we're talking about pure SaaS). It's exactly where auto-updating is completely useless because any company with a functioning IT will go out of its way to not delegate the decisions of when to update or what features are forced in out to the developer and their product manager.

Auto-updates mostly ever practically happen for software used at home or SMB which might not have a functioning IT. If security is the concern why not use auto-updates only for security updates? Why am I gaining features I explicitly did not want, or losing the ones which were the reason I bought the software in the first place? Why does the dev think I am not capable of deciding for myself if or when to update? I have a solid theory of why and it involves an MBA-type person thinking anyone using <$300 software just can't think for themselves and if this line of thought cuts some costs or generates some revenue all the better.

[sigmoid10]

You're not thinking of it long term. In the short term you might be better off deciding when to update yourself, but in the long term you will be infinitely worse off because the reality of business practice is to delay updates until something catastrophic happens just to save a few bucks in the IT department. This approach merely means your system will run smoother over short time scales, while it becomes a complete clusterfuck over long time scales.

[account42]

The reality of auto-updates is that you get your workflow broken during critical project phases.

[sigmoid10]

True, but only rarely and with foreseeable and preventable damage. The alternative leaves you open to basically infinite losses at an exponentially increasing risk over time. That tradeoff is simply not worth it if you want your company to exist long term.

[account42]

This mentality is how we get incidents like CrowdStrike. Relying on auto-updates for security is a crutch that allows insecure designs to spread.

[sigmoid10]

Crowd strike was primarily an issue of running third party software in the kernel. If you're fine with this approach ad a company, you'll always be at the mercy of other people not screwing up in the lightest. Auto update issues are actually one of the nicer things you can run into over there.