In software engineering, laziness is a positive attribute. If one can accomplish the same task in 3 lines of code instead of 30, a good engineer opts for the 3-line version. That’s why libraries of code are so popular.
Engineers are also risk-averse. Every change you make to the system can possibly de-stabilize it, so engineers like to leave a running system alone. Fred Brooks writes in The Mythical Man-Month that every change has about a 50% chance of introducing a new bug. Two steps forward, one step backwards.
But laziness and risk-aversion can be really negative attributes. How can you ever make any progress if you never touch the system? What if WordPerfect 5.1 was still the state of the art in 2003? We’d be missing out on a decade of improvements like WYSIWYG.
Consider the hypothetical case of the guy who’s trying to get the other 599 engineers at the company to upgrade their web servers to version N, when the vast majority of folks are still running version M.
If I’m happily running version M, what’s my incentive to upgrade? Sure, the guy who maintains the web server says it’s got some great new features, is faster, gives you some better management tools, and fixes a couple of bugs. But I don’t have time to skim the README to see if any of those features would be useful to me. Version M seems just fine to me, and something could go wrong if I go to version N.
Most importantly, senior management does not require that I pay any attention to the guy who maintains the web server. Even if I procmail all of the web server guy’s messages into /dev/null, I can still get a good review at the end of the year just for keeping my crappy property up and running.
The bummer for the guy who works on the web server is that he also happens to be one of the folks who spent the past 2 years trying to improve development process at the company. He helped build a software package-management tool that can tell you in near-realtime what versions of what software are installed on what servers. And when he checks the stats, he finds out that a lot of folks are running really old versions of the web server: versions J, K, and L. Getting people to upgrade to version N is going to be even more difficult.
Maybe this explains why most of his co-workers are still running Netscape 4.08.
Is the person you’re referring to the person for whom I *did* procmail his messages to /dev/null? The one who couldn’t get that the package management solution wasn’t useful in every case?
You know who I’m talking about. 😉
If so, screw him, he gets what he deserves. *laugh*
Why Sysadmins Don’t Upgrade
So, a worm hit the internet this weekend… and then… Michael Radwin (who I found through Jeremy) posts a great
did your procmail filter just look for message bodies that contained the word “subj”?
Well, there is that other reason to patch your servers — avoiding embarassment — as Microsoft found out this week. See http://www.secadministrator.com/Articles/Index.cfm?ArticleID=37817 . I bet not updating servers will affect some people’s reviews at Microsoft this year.
As billg said in his pre-virus letter last week “stay up to date on patches” ( http://www.microsoft.com/mscorp/execmail/ ).
Heh. So that’s what the reminders have been about.
In a way I’m lucky now. I no longer work with web servers. I crunch logs (apparently) and other stuff that users never see.
Then again, mabye that’s not so good. Hard to tell.