Skip to main content

Really Unhelpful Advice...


A quick summary of the following article - http://www.neowin.net/news/from-my-cold-dead-hands-living-without-updates - would be: Updates are bad, don't do updates.

That unhelpful advice isn't from me and is not recommended by me, nor endorsed by me. You should run from the advice this author posits.
It is is really unhelpful and a disservice to many. As such I was compelled to comment. 
To wit:
I'm sorry, but I think this article and the point of view it puts forward are irresponsible.
As a software engineer, I know (and hate to admit) there are bugs in every released piece of software. Updates to patch these problems (whether or not they are problems visible to users or IT) need to take place. An un-patched bug translates to a vulnerability. Why would you promote vulnerable systems? For instance, would you recommend leaving an Android system un-patched that is vulnerable to the StageFright security hole?
I have used known vulnerabilities in Windows XP (missing some up-to-date patches) and easy to find tools, to crack an administrator's password and create my own administrators account. Or in other words to own the system. The weak spots are where you hack and you count on people and systems having some weak spot, somewhere. You look for the easy ones first. Just because you don't know about it happening, doesn't mean it hasn't, can't or won't.
Many of the me-too comments assume threats will be on the other-side of the network, or there are Antivirus & malware protections in place on targets, or that other security measures will protect them. Defense in depth should be mantra, a guiding principle for anyone responsible for the care and feeding of a system that runs software. Why give away any level of defense?
I'll give the author "the out" to separate updates that fix problems from updates that include additional functionality. Additional functionality is usually adding bugs and is mostly related to revenue generation or market share and competitiveness. I would call the former "patches" and the later "upgrades" and I would say that they should be separate.
But a blanket "no updates"? No thanks.
Labels:

Comments

Unknown said…
I totally agree, but this requires reading on the users part and some understanding of the nomenclature used by the vendors.
10:41 AM
Post a Comment

Popular posts from this blog

Unit Testing - What to Test

This I wrote to answer a question that came up when we were discussing our software process and I was training developers on how to unit test. It seems a simple enough question, but I kept pondering it and delving deeper until I realized I needed to write this monograph. What unit tests should we write? How do we know what to test? Ideally, unit tests should cover every path through the code. It should be your chance to see every path through your code works as expected and as needed. If you are practicing Test Driven Development then it's implied everything gets a test. In the real world, you might not be allowed to test everything - for instance, if the testing suite ends up taking a week to run, then the world will have changed by the time it finishes and the test results will be obsolete. Unit testing at it's basic is testing an object, a method - the smallest unit of your code that it can test independently. It should test the inputs "goes into" an
Post a Comment
Read more

Healthcare and Health Informatics Glossary

Here is a glossary of terms useful in Healthcare and Health Informatics ACO (Accountable Care Organization) MEDICARE’s outcomes-based contracting approach Arden Syntax an approach to specifying medical knowledge and clinical decision support rules in a form that is independent of any EHR and thus sharable across hospitals ARRA (American Recovery and Reconstruction Act) the Obama administration’s 2009 economic stimulus bill Blue Button an ASCII text based standard for heath information sharing first introduced by the Veteran’s Administration to facilitate access to records stored in VistA by their patients. The newer Blue Button + format provides both human and machine readable formats. CCD (Continuity of Care Document) an XML-based patient summary based on the CDA architecture CCOW (Clinical Context Object Workshop) an HL7 standard for synchronizing and coordinating applications to automatically follow the patient, user (and other) contexts to allow the clinical u
2 comments
Read more

Files as UI

Files as UI vs API  -  compares attributes of iCloud vs Dropbox. It starts on an interesting note - the model of a file system in the UI is dying, and should be let go. Beyond that it looks at mappings of each system to a file system from an API point of view and compares the successes of each. I find the initial thread the most interesting. Drop the mental model of a file system - which maps virtual concepts of files and directories to a physical model of papers, folders and file cabinets - and replace it with...what? This is a paradigm shift for me. I have to admit, I loath, hate, nay, despise looking for things. If I can't find something easily, it's only about a minute before I start growling and muttering things my mother would disapprove of. On this basis, I like the idea that I can save myself from thinking about where to put things or, where I have already put them. But how do we do this? It's non-trivial, since humans think of "things" and once they
2 comments
Read more