[Info-vax] Variable declarations, was: Re: improving EDT

[David Froble]

Kerry Main wrote:
>> -----Original Message-----
>> From: Info-vax [mailto:info-vax-bounces at rbnsn.com] On Behalf
>> Of Arne Vajhøj via Info-vax
>> Sent: 28-Nov-16 10:51 PM
>> To: info-vax at rbnsn.com
>> Cc: Arne Vajhøj <arne at vajhoej.dk>
>> Subject: Re: [Info-vax] Variable declarations, was: Re:
> improving
>> EDT
>>
>> On 11/23/2016 10:58 AM, Kerry Main wrote:
>>> Unfortunately, in the commodity OS world, due to the volume
>> of monthly
>>> security patches, many Operations shops have adopted a
>> "patch-n-pray"
>>> philosophy because there is no way the business will give the
>> OPS
>>> folks the corresponding amount of time to re-test important
>>> applications.
>> By commodity OS do you mean OS where software is available for
>> and security bugs get found and patched?
>>
>> Arne
> 
> Arne, with all due respect, as a developer, you look at the huge
> number of 20-30+ security issues found each and EVERY month on
> commodity OS's as a good thing.
> 
> Sure - just have Operations install whatever is needed... no
> problem.
> 
> I look at the huge number of 20-30 security issues found every
> month on commodity OS's as a nightmare for Operations support who
> have to read release notes, determine which ones apply and which
> ones don’t (let's not forget release notes are vague for a
> reason), work with App groups to re-test important Apps in
> Dev/test/QA, do all of the massive paperwork for change mgmt.,
> sitting through weekly CAB meetings (on par with getting teeth
> pulled), configure the tools for rolling out, schedule downtime
> with the Business groups (kernel patches require reboot
> regardless of physical/VM), do the roll-outs (usually after
> midnight), fix any issues that crop up that were not caught (if
> any testing was even done).
> 
> Say you have a small to medium env of 50-200 server OS's
> (physical/VM makes no difference) - now review the last
> paragraph.
> 
> Say you have a large environment like Citibank who has thousands
> of commodity OS's worldwide - now review the last paragraph.
> 
> And oh yes, at the same time, the Operations manager is getting
> pressured to reduce his already skeleton staff and/or have
> someone offshore who knows nothing about their environment do all
> of these tasks.
> 
> And the world wonders - why there are so many security issues
> these days?
> 
> Hence, "patch-n-pray" was born ... roll out the patches and the
> hell with testing, because we all know it is Operations that will
> get slapped if a break-in occurs and some server is not at the
> latest patch version. Course you still have to do all of the
> other tasks I mentioned above.
> 
> 
> Regards,
> 
> Kerry Main
> Kerry dot main at starkgaming dot com

Really Kerry, a lot of the usage today just really doesn't care about patches 
and such.  Hey, we got 30 more, just roll them in.  Testing?  We don't do no 
stinkin testing.

Yeah, that's par for many places.  And it's going to continue that way where 
there isn't so much to lose.


But let's look elsewhere.

Perhaps a nuclear power station.  You think they do anything that hasn't been 
tested and approved?  Not a chance.  Of course, the stuff running ops most 
likely isn't connected to outside networks.

Steel mill, steel running at 60 MPH maybe.  Ain't gonna "patch-n-pray".

Look at the space shuttle.  The software team had to sign off on the software 
before every launch.

Now I'm going to assume some will say "those are exceptions and they don't 
matter".  Yes, but it just shows that there are applications that can't afford 
to use untested software.

Arne keeps looking for VMS to go away.  Well, maybe it's an exception also. 
Used when thing really matter.