• 1 Vote(s) - 1 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Why upgrade at all?

#1
Playing devil's advocate - we've been using CI 2.0.1 since 2012 and are happy with its functionality and performance.  Other than end-of-life issues for CI 2, what advantages / new features would we see by upgrading to CI 3?  As far as we can determine, CI 2 is not broken, and there is no need to fix it.

We have approximately 58,000 lines of code in our application directory, if that has any bearing on recommendations.

Thanks,
Dorsey
Reply

#2
Are you the author of these 58,000 lines? Did you check your happiness against this document https://codeigniter.com/user_guide/changelog.html ?
Reply

#3
I agree with Ivantcholakov, but I understand where you are coming from. Perhaps the time and effort does not feel warranted because it feels like a big job. Perhaps the security fixes that have been done since your version do not cause you any concern. Perhaps your server/host will continue to offer php 5 even though active support has ended for all but 5.6 which will end in 6 months time. Perhaps you do not intend to upgrade your application with any new features, or if you do are happy to work around the hundreds of bugs and issues with the old CI version 2. Some companies choose to run old vehicles and put up with the breakdowns, higher safety risks and unreliability. Some companies find their old rolling stock works fine. Some companies continue to use windows XP. Sometimes it is purely a monetary issue, where the cost appears to be too exorbitant for something that appears to be working fine, and the risks taken by running an insecure and hackable system on old, unsupported technologies are considered non mission critical.

If all your technological expertise has found no issues with CI2, and all your research into the topic can find no security problems, you can confidently stride into the future knowing that your systems are fine, and all this security lark is a bit of hype by security people selling services.

Who knows, perhaps you are right and your system will avoid a catastrophic hack, an un-fixable error, or a failure on a hosting upgrade, and will sail happily into the future for years to come. You can look back on saving yourself a week or twos work upgrading, or perhaps congratulate yourself on saving a small IT expenditure. Well done you.

Or perhaps one day you will come into work to find suddenly nothing works. Or all your data has been stolen, or destroyed, and find yourself explaining to your colleagues why, with your deep understanding of technology, and all your research, you were unable to forsee any potential risks.

Good luck,

Paul.

PS Whats your domain name? Perhaps we can have a play on your 2.0 systems? Some of the security problems were made public and we can test them for you. It might be fun taking a look at your data. Promise not to do anything naughty - you know how trustworthy the open internet can be :-)
Reply

#4
I can't allow access to any of our systems, even the test domains, without an NDA.

Thanks to the change log I now know how to find, I can make my own decision. That's what I was looking for, and not a lecture on all the rest, thank you.
Reply

#5
(07-25-2016, 09:20 AM)dorsey Wrote: Playing devil's advocate - we've been using CI 2.0.1 since 2012 and are happy with its functionality and performance.  Other than end-of-life issues for CI 2, what advantages / new features would we see by upgrading to CI 3?  As far as we can determine, CI 2 is not broken, and there is no need to fix it.

We have approximately 58,000 lines of code in our application directory, if that has any bearing on recommendations.

Thanks,
Dorsey

You're ignoring dozens of critical security issues fixed since 2.0.1.

Also, "seems to work" isn't the same as "isn't broken". A lot of things can appear to work, simply because they would produce the expected result at first glance, but that doesn't mean they aren't broken.

And finally, simply by virtue of newer CodeIgniter versions being written for newer PHP versions, you're missing out on A LOT of new and powerful PHP features.
Reply

#6
Since you've been using CI for a few years, I assume you know it well. If you read through the CI3 docs, you're going to see some enhancements. While subtle, there are some real nice things for you. I'll give you an example; the fact that you can have CI attach a query string to your pagination links. That was something you had to do by extending the pagination class in CI2.
Reply

#7
I would like to acknowledge what you are saying - Codeigniter 2 is very stable and reliable. So then why should you upgrade? Security is the primary reason. If your application is being used internally then perhaps its not as big of an issue. If its on the public web, it is a big issue and security should be taken seriously.  Its also a good opportunity to do some refactoring. And you will be able to continue to get upgrades with Codeigniter 3.

The recommended upgrade process in the documentation is somewhat overzealous. You do not need to test your app against every single version, just go straight to the latest version of 3. Here is the good news - its actually very easy to upgrade because there are very few 'breaking' changes that affect your code going from 2 to 3. My suggestion is to take one part of your application and upgrade it. Thats going to show you what/where will need to be changed and will also be a sanity check that its actually very easy. Then use a good code editor to do search/replace and upgrade in sections if you need to. And depending on your platform there are tools that will rename the controller and model files to upper case first.
Reply

#8
(07-27-2016, 01:14 PM)cartalot Wrote: I would like to acknowledge what you are saying - Codeigniter 2 is very stable and reliable.

It's abandoned, so of course it is very stable - there won't be any changes to it ever again.
But if it was reliable, there wouldn't be hundreds of bugfixes against it in 3.0.0.
Reply

#9
If you're using 2.0.1 (or even 2.1.0), you're missing roughly 4 years of bug fixes, security fixes, and improvements just in the abandoned 2.x line. Even if you think 2.x is not broken, every security note in the change log through version 2.2.6 is a message saying that 2.0.1 and 2.1.0 are very definitely broken.

Further, since many of the fixes in 3.x (and certainly all of them in the last 9 months) were never back-ported to 2.x, there are many entries in the 3.x change log that say 2.x is broken.

Before 3.0.0 was released, I was frustrated by the number of issues that went unfixed in 2.x, and even went through the trouble of back-porting some changes to 2.x. Once 3.0.0 was released, I was frustrated by the process of upgrading to 3.x, but it was worth the effort. Even if you see nothing in the 3.x user guide that makes it worth the upgrade, 3.x is more consistent, reliable, and secure.

Do yourself the favor of replacing your 2.x site, even if you don't upgrade to 3.x. The best-case scenario for staying with 2.x is that no one attempts to attack the site, you never do any further development on the site (so you're not wasting your time maintaining skills/knowledge of a dead codebase), and eventually someone takes it offline or doesn't renew the domain. The worst-case scenario for staying with 2.x is that your site will some day be compromised (and you won't find out it has been compromised for some extended period of time), you'll be forced to replace it anyway, and you'll suffer professionally and possibly financially. Personally, too many of the middle-ground cases between the best- and worst-case scenarios still end up with professional and financial consequences for me to consider staying with 2.x.
Reply

#10
If you plan on supporting this application long term its in your best interest to keep it up to date. Our application has millions of lines of code, over 5 million of which I've written myself. We've upgraded from CI2 to CI3 and are currently rewriting for my addon Cinder. When CI4 is released I will port Cinder to CI4 and we will rewrite again.

Technology moves fast, if you stay in the past so will your product.
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


Users browsing this thread:
1 Guest(s)


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2017 MyBB Group.