jeff at zingstudios.com
Tue Nov 16 13:19:38 MST 2010
> Security is way too big a concern for us, even in closed off
> environments. You do know that the linux kernel has had a butt-load
> of root level exploits in the past year, much less multiple years?
I hear that and agree with it. But when you're hosting a dedicated
server for a client and that client has absolutely forbidden that the
server be taken offline-- even for security updates-- what do you do?
I made the argument, explained the risks involved, and was told that
the priority is to keep the server up and available.
After a while you pass a point of no return-- the software on the server
is so out of date that upgrading it to the latest security patches
means changing a hundred packages on the server. And that means
downtime and (much more problematic) software on the server that no
longer works because it was built years ago atop certain libraries that
no longer exist because they've been upgraded.
It's a tough place to be. The client pays me to keep the server running
and not patched, and they're aware of the risks, so I do it.
It's still cool to see something run for four or five years straight
More information about the PLUG