Oddbean

A few days ago, someone asked me for advice about a slow website. Upon analysis, the server wasn't the issue—it was running #Linux #CentOS7 on bare metal. However, the site was operating on PHP 5.4 (default for CentOS 7) and was entirely custom-made. I suggested updating everything, especially since CentOS 7 is nearing its EOL, and transitioning the web application to work on PHP 8. Their response? "We don't want to do it." They wanted me to set up a new, optimized server to run PHP 5.4. I explained the risks and the nonsensical nature of this, only to hear that they found someone willing to install PHP 5.4 on a new system. So, if I refused, they'd give the job to someone else. I replied, "Good luck," and ended the conversation. It saddens me that some in the IT world would opt for such shortcuts rather than striving for a more secure web. #WebSecurity #TechEthics #ServerManagement #SysAdmin #PHP

@5f9bb1a8 Sadly I have seen this play out a lot in the past few years. People do not seem to understand that once you connect something to a global network, all the rules change. Namely: You upgrade regularly or you die.

@5f9bb1a8 I've built some bespoke beasts for special applications. Gotten paid well for them ($400k USD+). The client will pay for "life support", but they don't want to pay for ecosystem evolution. In more than one case, what we built in < 6 months was supposed to fill a temporary need until ____ (Oracle, SAP, IBM...) "Did It Right". In one case I know of, still running, that was 9 years ago and runs critical infrastructure for a country. Even RedHat stopped support. Sigh.

@5f9bb1a8 I like the way you handle such clients. Some people can't help themselves. They don't think longterm and start incurring technical debt from day one. This was was a perfect opportunity for them to pay the technical debt of the past and picking a path forward that would age better. Having a client like that can be a nightmare. 😤