Uptime Check

Jeff Schroeder jeff at zingstudios.com
Tue Nov 16 13:19:38 MST 2010


> Security is way too big a concern for us, even in closed off
> environments.  You do know that the linux kernel has had a butt-load
> of root level exploits in the past year, much less multiple years?

I hear that and agree with it.  But when you're hosting a dedicated 
server for a client and that client has absolutely forbidden that the 
server be taken offline-- even for security updates-- what do you do?  
I made the argument, explained the risks involved, and was told that 
the priority is to keep the server up and available.

After a while you pass a point of no return-- the software on the server 
is so out of date that upgrading it to the latest security patches 
means changing a hundred packages on the server.  And that means 
downtime and (much more problematic) software on the server that no 
longer works because it was built years ago atop certain libraries that 
no longer exist because they've been upgraded.

It's a tough place to be.  The client pays me to keep the server running 
and not patched, and they're aware of the risks, so I do it.

It's still cool to see something run for four or five years straight 
though. :)

Jeff


More information about the PLUG mailing list