Skip to content

What managed updates actually means

Most servers patch themselves for security and nothing else — and even that patch can sit unapplied, waiting for a reboot nobody scheduled. Managed should mean more. Here's what your server updates on its own, what it quietly leaves to you, and what strackt handles instead.

It's easy to assume a server keeps itself up to date. Modern Linux does patch itself — a little. On a stock Ubuntu server, automatic updates are real, but they cover security fixes and nothing else, and even those stop short of the reboot that actually makes a kernel fix take effect.

Managed should mean more than that. This is what your server updates on its own, what it quietly leaves to you, and what strackt handles instead — so staying current stops being a task you have to remember.

What your server updates on its own

The automatic updates on a stock server are real, but narrow. They install security fixes, and leave almost everything else for a human to do by hand — including the things most likely to bite you later.

It does on its own

  • Installs security updates automatically — and only those.
  • Checks daily for new packages to fetch.

It waits for you to do

  • Regular, non-security updates — switched off by default.
  • Rebooting to switch on a newly patched kernel.
  • Upgrading your database, language, and tools across major versions.
  • The jump to the next OS release.

The patch that isn't protecting you yet

There's a catch even inside the part that is automatic. When a security update includes a new kernel, the fix is downloaded and unpacked — but it doesn't take effect until the machine reboots. And a stock server won't reboot itself; it leaves a note that a reboot is needed and waits for someone to notice. So the patch you think is protecting you can sit there, staged but inactive, for as long as it takes a person to log in and restart it — often weeks.

The upgrade nobody runs

The largest gap is the operating system itself. Every couple of years your server's OS reaches the end of its supported life, and moving to the next release is a manual job — the tooling walks you through it interactively, takes hours, stops partway to ask questions, and can't be cancelled once it starts. So it gets put off.

  • It's hands-on. You have to sit with it, answer prompts, and watch for things breaking.

  • It's slow and one-way. Hours of work with no cancel button once it's underway.

  • It's risky. Config conflicts and half-finished upgrades are common enough that "if it isn't broken, don't touch it" usually wins.

But a server that never makes the jump eventually stops receiving updates at all — after about five years its release falls out of support, and the security auto-updater you were relying on has nothing left to install. The safest-feeling choice, leaving it alone, is the one that quietly turns it into a liability.

What strackt does instead

strackt takes the whole update problem off your plate and closes every one of those gaps. Your server runs a single defined system that strackt keeps current from one place — not a pile of packages you have to tend by hand.

  • Security fixes are applied, not just downloaded. Updates are applied automatically, usually within a day — built ahead of time and health-checked before they go live.

  • Regular updates come too. Your server doesn't fall behind on the ordinary, non-security fixes a stock server leaves switched off.

  • A bad update reverts itself. If an update would break the server, it rolls back to the last working system on its own — you're never left with a half-updated machine.

  • The next OS release is routine. Moving to a new release is the same tested, reversible update as any patch — not a manual, all-day event you keep postponing. Your server never ages into an unsupported one.

  • Your language and database stay current. They're kept on a supported version chosen for you — nothing to pick wrong, and no major upgrade you forget to run.

About reboots

One thing strackt won't do is reboot your server behind your back. Some updates — a new kernel especially — only take full effect after a restart. Rather than let that fix sit silently unapplied, strackt tells you the moment a reboot is needed and lets you apply it in a click, when it suits you. No surprise restarts, and no security fix quietly waiting for someone to notice it's there.

Every update above lands the same careful way — built, tested, and reversible. How that works is in how strackt keeps your server in a known state; how strackt reaches your server to do any of it is in how strackt connects.