Or asked the other way around: How long do you keep your servers running without installing any software updates?
update means something like
sudo dnf update
or something …
apt-get upgrade
apt-get update
Every night at ~ 12-1am
unattended updates / transactional-update are awesome.
Stuff has been running for years, and it’s still up to date.
This guy scares me
This is the way! At least install security upgrades nightly using
unattended-upgradesand reboot from time to time to get the latest Kernel version.Tell me you’re using nightly builds as well.
Once per week for me. Works really great on openSUSE MicroOS. Had to roll back maybe a couple of times the last few years.
That said, I run basically everything in containers so the OS installed things are lean.
Whenever I ssh into it.
Every day or at least once a week. Should automate it.
Unattended-upgrade does security-only patching once every 4 hours (in rough sync with my local mirror)
Full upgrades are done weekly, accompanied by a reboot
I find that the split between security patching and feature/bug patching maintains a healthy balance knowing when something is likely to break but never being behind on the latest cve.
Automatic daily updates for system packages. Automatic daily container updates with watchtower. I normally have things pinned to a reasonable major or minor release, so I do manual upgrades for new OS release branches and usually pin to a major version for Docker containers but depends on the container.
Well, one of the reasons I’m using debian on my server is so I can kinda forget about it…
I’ll update maybe once a month, or every couple months. I don’t always restart though, so my kernel is probably a bit behind :'D
I use Debian stable and subscribe to the debian-security-announce mailing list, so I update each time I get an email from it.
That’s… Not how it works… Debian is “stable” not “secure”. You use Debian so that is easier to run updates frequently since they’ll be unlikely to break things.
If I wanted to run updates frequently I would run arch lmao. Even if I did apt update every day, debian stable doesn’t get that many updates.
I could just run auto-update but meh.
If I wanted to run updates frequently I would run arch lmao. Even if I did apt update every day, debian stable doesn’t get that many updates.
You’re not updating for features you’re updating for bug and security fixes. That’s why Debian stable doesn’t have many updates. But the ones they do are typically important.
Yeah, I know. Until I get ransomware’d and my nudes leaked, I won’t care 💅🏻✨
Clearly you don’t know.
I guess people smoke because they don’t know smoking causes cancer ;3
Are you talking about desktop use?
No, my home server. My desktop and laptop both have arch, because I do interact with them more often.
lol. Same issue for me. I run it for months, and surprisingly (for me) nothing breaks at all.
But fucking ssh shows warnings regarding some “post quantum crypto” stuff; recommending software update, that was not there before lol.
When I remember. About once a month.
Same here. No auto updates, no touching of a stable system without my manual intervention. 😅
Last thing I need in my life is a broken system at home when I don’t have time for it!
When something doesn’t work. I.e. when an app update causes incompatibility with a service. I think I have one server that’s a few years without an update (distro version may actually be EOL for all I know).
Why probably so may unpatched issues.
Ain’t broke and I can’t be bothered to update. Not accessible publicly either. It also runs some software with very specific and brittle dependencies and I don’t care to risk breaking it. If distro is EOL (probably is) then it’d be a pretty time consuming getting everything set up again.
my nixos containers and the podman containers inside them update nightly around 03:00
Apt update and upgrade happen automatically.
If I have something serious, I will set up automatic upgrades. If short downtimes are ok, also with automatic reboots when the kernel updates, but if they are not, with notifications that I should go reboot them.
If it’s not anything serious, whenever I remember to.
Daily on my Gentoo server, through a Cronjob every morning. It’s a custom script though, so there’s more than just doing an emerge update. It’ll send me ntfy notifications for the update results, if there are new news items, and if there are any time config merge updates to make. A few other things as well but that’s the main stuff.
Other servers, typically weekly or only manually when I ssh into them (for the ones I don’t really feel the need to update frequently).
Once a week. I have a bash script that does an apt update upgrade and pulls new docker images.
On Windows, almost never since it was a disruptive shitshow. Now that I’ve got everything running Linux it’s weekly. Often sooner if I happen to be remoting in and manually update.
On Alpine Linux I update my two Pi servers at 2 in the morning daily. It’s simpler compared to Debian which needs unattended-updates. Just add
apk update && apk upgradeto a cron job and you’re good to go.I only have three docker services which is simple enough to update manually.
I like to keep things as simple as possible for my already chaotic brain.
Be careful with unattended upgrades, even on alpine. A recent breaking change in python3 broke my alpine 23 ansible instance. Thankfully I have backups, but if you’re going to automate the upgrade, you should automate tests as well.
My web facing server has just enough packages installed to (kinda securely) host a Caddy and Kiwix docker container to work with my domain name and make a comfortable work environment through SSH. My Pi for my HomeAssistant docker container has less because it’s locked down to just my local network.
I also wrote my own install scripts so reinstalling everything and getting it back to a running state would take about 15 minutes for each device.
And I also wrote my own backup/restore scripts that evolved over 3/4 of a year. I use them often so I have confidence in those scripts.
I personally don’t really care too much. I have multiple ways of dealing with issues for something that’s a hobby to me. Which is why I stick to simplicity.
I’m sure this is a thing for people to worry about when dealing with more complex setups. I just wanna vibe out in my tiny corner of the internet.
