Comments: It is no longer acceptable to be complex

> So it is no longer - I suggest - acceptable for the process of upgrades
> and installs to be seriously technical. Simplification is called for.


you are #^?$*&*#^% UTTERLY CORRECT

Posted by Jape at May 22, 2006 06:25 PM

"Everyone was calculating their risk of compromise versus work put in."

I'd love to see exactly *how* they were calculating this. Was there a framework or methodology they followed, or was it more a gut check?

Posted by Alex Hutton at May 29, 2006 09:17 AM

Alex, good question. I think there are several equations here. One is that the compromise rate on FreeBSD (and similar variants) is so low that many people are simply going with the strength. I.e., they make one calculation and stick with it for years, in terms of brand of OS. (I've been with FreeBSD for about 10 years now.)

The calculation as to when to upgrade is generally done through a number of trigger points: external ones like new hardware turning up are random for our purposes. I would hazard a guess, maybe from my own behaviour, that the major internal upgrade signals is to rapidly skim security reports and identify if any of them effect me. As most security reports effects applications that I don't use, there is nothing for me to do.

Thankfully, because I consider upgrade time to be dead time, it takes me away from productive things.

Posted by Iang at May 29, 2006 09:50 AM

Generally a good article.

I'd have to say that I like FreeBSD's way of assuming and optimising for competent users. Still there's got to be some tradeoffs, and as a professional sysadmin/programmer (ok, and company director, etc), I still find the OS upgrade process is something to be done as rarely as possible as it carries with it a significant risk of downtime, and my servers are mostly not in the same country as I am, so that risk includes possible international travel to fix things.

Recently I've started getting into using out of band management cards so that I can administer a machine remotely even without a working kernel, or with a messed up firewall. The best I've used so far have been the Dell DRAC4 cards, with which I can even install the operating system from another country, using a CD on my laptop. I can't change a bad hard drive, or add more memory, but *anything* screwed up during an OS upgrade can be recovered, and that reduces the risk of upgrades and firewall changes massively.

The binary OS upgrades have hit my radar a bit too. I haven't tried them yet, but they sound like an excellent idea.

Posted by Andrew McNaughton at May 31, 2006 07:02 AM

Hi,I'am confused for design this site,my respect.It's exciting
http://lipstick.com/user/lopid/

Posted by Carlover at July 29, 2007 06:49 AM
Post a comment









Remember personal info?






Hit Preview to see your comment.
MT::App::Comments=HASH(0x559c554f9c30) Subroutine MT::Blog::SUPER::site_url redefined at /home/iang/www/fc/cgi-bin/mt/lib/MT/Object.pm line 125.