[OpenIndiana-discuss] 3737 days of uptime
Edward Ned Harvey (openindiana)
openindiana at nedharvey.com
Sun Apr 7 11:47:01 UTC 2013
> From: Ben Taylor [mailto:bentaylor.solx86 at gmail.com]
>
> Patching is a bit of arcane art. Some environments don't have
> test/acceptance/pre-prod with similar hardware and configurations, so
> minimizing impact is understandable, which means patching only what is
> necessary.
This thread has long since become pointless and fizzled, but just for the fun of it:
I recently started a new job, where updates had not been applied to any of the production servers in several years. (By decree of former CIO). We recently ran into an obstacle where some huge critical deliverable was not possible without applying the updates. So we were forced, the whole IT team working overnight on the weekend, to apply several years' backlog of patches to all the critical servers worldwide. Guess how many patch-related issues were discovered. (Hint: none.)
Patching is extremely safe. But let's look at the flip side. Suppose you encounter the rare situation where patching *does* cause a problem. It's been known to happen; heck, it's been known to happen *by* *me*. You have to ask yourself, which is the larger risk? Applying the patches, or not applying the patches?
First thing to point out: Suppose you patch something and it goes wrong ... Generally speaking you can back out of the patch. Suppose you don't apply the patch, and you get a virus or hacked, or some data corruption. Generally speaking, that is not reversible.
For the approx twice in my life that I've seen OS patches cause problems, and then had to reverse out the patches... I've seen dozens of times that somebody inadvertently sets a virus loose on the internal network, or a server's memory or storage became corrupted due to misbehaving processes or subsystem, or some server has some kind of instability and needs periodic rebooting, or becomes incompatible with the current release of some critical software or hardware, until you apply the patches.
Patches are "bug fixes" and "security fixes" for known flaws in the software. You can't say "if it ain't broke, don't fix it." It is broke, that's why they gave you the fix for it. At best, you can say, "I've been ignoring it, and we haven't noticed any problems yet."
More information about the OpenIndiana-discuss
mailing list