[Info-vax] Variable declarations, was: Re: improving EDT

Kerry Main kemain.nospam at gmail.com
Tue Nov 29 21:41:41 EST 2016 

> -----Original Message-----
> From: Info-vax [mailto:info-vax-bounces at rbnsn.com] On Behalf
> Of Arne Vajhøj via Info-vax
> Sent: 28-Nov-16 10:51 PM
> To: info-vax at rbnsn.com
> Cc: Arne Vajhøj <arne at vajhoej.dk>
> Subject: Re: [Info-vax] Variable declarations, was: Re:
improving
> EDT
> 
> On 11/23/2016 10:58 AM, Kerry Main wrote:
> > Unfortunately, in the commodity OS world, due to the volume
> of monthly
> > security patches, many Operations shops have adopted a
> "patch-n-pray"
> > philosophy because there is no way the business will give the
> OPS
> > folks the corresponding amount of time to re-test important
> > applications.
> 
> By commodity OS do you mean OS where software is available for
> and security bugs get found and patched?
> 
> Arne

Arne, with all due respect, as a developer, you look at the huge
number of 20-30+ security issues found each and EVERY month on
commodity OS's as a good thing.

Sure - just have Operations install whatever is needed... no
problem.

I look at the huge number of 20-30 security issues found every
month on commodity OS's as a nightmare for Operations support who
have to read release notes, determine which ones apply and which
ones don’t (let's not forget release notes are vague for a
reason), work with App groups to re-test important Apps in
Dev/test/QA, do all of the massive paperwork for change mgmt.,
sitting through weekly CAB meetings (on par with getting teeth
pulled), configure the tools for rolling out, schedule downtime
with the Business groups (kernel patches require reboot
regardless of physical/VM), do the roll-outs (usually after
midnight), fix any issues that crop up that were not caught (if
any testing was even done).

Say you have a small to medium env of 50-200 server OS's
(physical/VM makes no difference) - now review the last
paragraph.

Say you have a large environment like Citibank who has thousands
of commodity OS's worldwide - now review the last paragraph.

And oh yes, at the same time, the Operations manager is getting
pressured to reduce his already skeleton staff and/or have
someone offshore who knows nothing about their environment do all
of these tasks.

And the world wonders - why there are so many security issues
these days?

Hence, "patch-n-pray" was born ... roll out the patches and the
hell with testing, because we all know it is Operations that will
get slapped if a break-in occurs and some server is not at the
latest patch version. Course you still have to do all of the
other tasks I mentioned above.


Regards,

Kerry Main
Kerry dot main at starkgaming dot com

More information about the Info-vax mailing list