Update or not update - that is the question ...
I want to raise the issue of software updates on working machines.
I will make a reservation right away, all of the following applies primarily to GNU / Linux systems.
I think many habra people are familiar with the principle "It works - do not touch it."
So, sometimes blind adherence to this principle can fail.
Example:
at home, I have a Gentoo system, emerge world (complete rebuilding and update of all packages) is done every month.
I came to this periodicity after after a year without updates I decided to update my Gnome build. It poured me into a week of wasted time — collecting updated versions of ALL packages, rebuilding dependencies, etc.
And so - once a month only the most important thing is reassembled in 10-12 hours practically without my participation.
Someone may say: well, a home machine is one thing, a production server is another. Well, another example.
There is a server. On it a certain control control panel of accounts (for example, CPanel ) turns .
Also on this server lives Tomcat , installed through this control panel, under which a certain Java application runs.
And now the server owner forbids you to make any updates on the server - he does not want to pay programmers to fix the application after each update of the control panel, which periodically breaks the old configs of the same Tomcat for example.
It takes a year.
The major version of the control panel has already changed a couple of times - and you still maintain the old software.
And here comes the terrible: a vulnerability is terribly critical for a shared server found in the kernel. I need a kernel update. And on the new core, the old control panel will not work - you know this from ChangeLog.
And here’s the dilemma: they hope to “carry it over” and not to do anything, or to conduct a global update of everything, get up before the owner of the server.
And no matter how sad, most often the first option is chosen - as if supposedly the most economical. "It works - do not touch it." But in the end - the server that was backed up, the losses - and already a forced global update. The principle “Miserly pays twice” works here like nowhere. And praise to the system administrator who managed to persuade the owner of the server for periodic updates - thus he made life easier for himself and his employer.
And how often do you produce updates on production servers? ;)
I will make a reservation right away, all of the following applies primarily to GNU / Linux systems.
I think many habra people are familiar with the principle "It works - do not touch it."
So, sometimes blind adherence to this principle can fail.
Example:
at home, I have a Gentoo system, emerge world (complete rebuilding and update of all packages) is done every month.
I came to this periodicity after after a year without updates I decided to update my Gnome build. It poured me into a week of wasted time — collecting updated versions of ALL packages, rebuilding dependencies, etc.
And so - once a month only the most important thing is reassembled in 10-12 hours practically without my participation.
Someone may say: well, a home machine is one thing, a production server is another. Well, another example.
There is a server. On it a certain control control panel of accounts (for example, CPanel ) turns .
Also on this server lives Tomcat , installed through this control panel, under which a certain Java application runs.
And now the server owner forbids you to make any updates on the server - he does not want to pay programmers to fix the application after each update of the control panel, which periodically breaks the old configs of the same Tomcat for example.
It takes a year.
The major version of the control panel has already changed a couple of times - and you still maintain the old software.
And here comes the terrible: a vulnerability is terribly critical for a shared server found in the kernel. I need a kernel update. And on the new core, the old control panel will not work - you know this from ChangeLog.
And here’s the dilemma: they hope to “carry it over” and not to do anything, or to conduct a global update of everything, get up before the owner of the server.
And no matter how sad, most often the first option is chosen - as if supposedly the most economical. "It works - do not touch it." But in the end - the server that was backed up, the losses - and already a forced global update. The principle “Miserly pays twice” works here like nowhere. And praise to the system administrator who managed to persuade the owner of the server for periodic updates - thus he made life easier for himself and his employer.
And how often do you produce updates on production servers? ;)
')
Source: https://habr.com/ru/post/20212/
All Articles