[FreeBSD-Announce] FreeBSD 12.0 end-of-life

Dale Scott dalescott at shaw.ca
Sun May 17 15:41:42 UTC 2020 

> As for “perfection is the enemy of good”, please tell me you will willingly step into a 737-MAX with its
> original s/w because it is “good enough”.  There are plenty of real world examples where perfection
> should be mandatory, and good is not enough.

Fully agree in principle, although I would say "we" have learned just demanding perfection (and testing for) is not practical, and instead demand proof of _striving_ for perfection (i.e. safety regulated industries and risk-based compliance requirements).

> I may be wrong, but I get the feeling I have been in the software industry longer than you, and maybe it is just m
> age talking, but we are arrogant in thinking that we can get away with Minimum Viable Product, and (shudder)
> “fail forward” Agile methodology. 

Well said! I hope you don't mind if you hear me use your example. :-) 


-----Original Message-----
From: owner-freebsd-questions at freebsd.org [mailto:owner-freebsd-questions at freebsd.org] On Behalf Of John Howie
Sent: Sunday, May 17, 2020 2:49 AM
To: @lbutlr <kremels at kreme.com>
Cc: FreeBSD <freebsd-questions at freebsd.org>
Subject: Re: [FreeBSD-Announce] FreeBSD 12.0 end-of-life

Respectfully, you missed my points, and your counterpoints are the regular industry talking points for why we cannot solve the problem. 

As for “perfection is the enemy of good”, please tell me you will willingly step into a 737-MAX with its original s/w because it is “good enough”.  There are plenty of real world examples where perfection should be mandatory, and good is not enough.

I may be wrong, but I get the feeling I have been in the software industry longer than you, and maybe it is just my age talking, but we are arrogant in thinking that we can get away with Minimum Viable Product, and (shudder) “fail forward” Agile methodology. Maybe, just maybe, we should take a step back and reconsider what we are trying to achieve.

John

Sent from my iPhone

> On May 16, 2020, at 23:25, @lbutlr <kremels at kreme.com> wrote:
> 
> On 16 May 2020, at 13:12, John Howie <john at thehowies.com> wrote:
>> Respectfully, the views presented are not in line with desired state.
> 
> It is in line with reality.
> 
>> We *should* be able to install s/w and forget it until the hardware eventually fails.
> 
> If the software is hardened and unmodifiable and there is no possible way for it be exploited, sure. But that is pretty much a fantasy for any complicated software like an OS.
> 
>> We are building a house of cards with tiered dependencies and upgrades are often fatal, resulting in prolonged outages. This leads administrators to just leave systems be. That represents significant risk.
>> 
>> We need to build better software, and that starts with simplicity. We need to stop putting everything, including the kitchen sink, into releases. We need to focus on code quality. Where we absolutely must update a system we should, by now, be able to hot patch it. The fact that as an industry we cannot is scandalous. We need to support distributions for many, many years. 
> 
> Software needs to balance between doing what is needed (which means. Keeping up with new technology, new use cases, new media types, etc) and being stable and secure.
> 
> If you insist that every thing be perfect from the start, you have nothing. Because perfect is the enemy of good.
> 
>> These are not FreeBSD-specific issues, but these are golden opportunities for FreeBSD to stand out from the crowd by releasing minimalist distributions, with high-quality software that is supported for many years, and includes the ability to hot patch vulnerable code.
> 
> You make something that has so far proved to be basically impossible sound super simple. If the software can be ‘hot fixed’ then the software can be modified. If it can be modified, then it must be secure. If it must be secure, you need to be able to fix bugs in the security and fix new-found exploits and move to newer security models.
> 
> There is a reason we no longer use SSL, and that is a good thing.
> 
> 
> 
> 
> --
> 'Yeah, well, I didn't sign up for world domination,' said Medium
>    Dave. 'That sort of thing gets you into trouble.' —Hogfather
> 
> 
> _______________________________________________
> freebsd-questions at freebsd.org mailing list 
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
_______________________________________________
freebsd-questions at freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"

More information about the freebsd-questions mailing list