April 2009

You are currently browsing the monthly archive for April 2009.

Updating a computer is quite straight-forward.   Either type a command or click a couple of times,  wait, and reboot.  When the computer restarts, everything is back to the way is was.  Right?

Well, the truth is that this may not always be the case.   Case in point, my last Cent OS 5 update.  Without getting into the details, the end result was that a service that I relied on was not running after the reboot.  After checking the logs, I discovered that it was due to the service being locked down to running in a specific manner (the port mountd could run on was restricted).

Security patches are the reason for a majority of updates to a stable system.  The software has a security issue, the software gets patched, and then the patch is sent to the users.   The cycle happens offend, and, most of the time, without negative impact.

These is another kind of “patch”.  One that restricts what a process or a user can do.  These are important to do as they improve the overall security of the machine.  However, they can also be quite the nuisance.   Security updates in the restrictive sense cause a lot of pain.  Remember when Windows XP SP 2 came out and introduced Windows Firewall?  I do.  It was painful to adapt in some cases.  The access controls that are built into Vista are another example of this.   Again, security restrictions causing pain.

I don’t fault a software vendor for including major (user affecting and application affecting) updates when a new release goes gold.  Can anyone imagine how much more malware would be out there if Windows Firewall wasn’t on by default?  On the other hand, users and application developers prefer that their applications run correctly all the time.

A perfect OS would never need additional user or application affecting restrictions placed upon it.   It would be set and forget.  Security updates would still need to be applied, but everything that ran before the update will run after the update.   OSs on the market today are getting closer to this goal.

I’m pondering this because these are the decisions I like to make.  Do we release an update that will break users’ applications (causing them grief), or do we allow a system to run insecurely (which could cause an number of issues)?  This question comes up in the technology world _very_ frequently.  Typically, there are costs associated with both choices and a decision is made.

What is the right answer.  Well, it’s mu, of course!  And that’s why technology is challenging and fun at the same time.

Tags: