« Schiphol again…
Sorry »

An Annus Horribilis for patches

“Interesting reading”:http://www.csoonline.com/read/080103/patch.html for the morning. Patching *is* a difficult issue to manage in large interconnected systems. It’s not so hard for a single application as long as fixed problems are documented, and there’s a procedure in place for creating new fixes.

The problem which Microsoft has is that many bugs affect system libraries and shared components. For these, there is usually no central repository to detail all the ways in which these are used. This affects QA testing. Sometimes only one library needs to be updated, sometimes multiple ones. If sufficient analysis is not performed (which is very possible considering the time frames here), a patch can have an unstated dependency on other already released patches. Patches which change common files add an ordering requirement. There are no easy answers.

This entry was posted on Tuesday, August 26th, 2003 at 10:21 am and is filed under Tech. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

2 Responses to “An Annus Horribilis for patches”

  1. Aidan Kehoe Says:
    August 27th, 2003 at 4:14 pm

    Why didn’t MS have something like a Windows-2000-release branch? And then apply patches to that? It’d be a pity if everyone working on patches had to start again from the Windows 2000 code base.

    The problems aren’t unsolvable, they just don’t get the attention they deserve. Much like where security issues were for a long time.

    (Where’s the “remember info” gone, anyway? :-)

  2. Gary Coady Says:
    August 27th, 2003 at 10:31 pm

    No matter what, your patches are tested against Windows 2000 as it was at one point in the “release branch”. There is no way of testing all possible versions, no way of testing future releases. So I’m not sure how that makes things any easier…

    And of course, there’s all the third party software, so there is no longer one single branch. And they don’t have the same kind of stability that writing to the POSIX API has. Maybe THAT’s what’s missing in what Microsoft do. If APIs are defined more strictly, regression testing can be more easily performed, and it can be checked if any problems are caused, relatively quickly. I just feel that Microsoft-based APIs are a bit fluid, which helps to break things.

    “Remember info” — ah that went in my redesign, some of the JavaScript was dynamically generated, and I wasn’t sure how to get it to work properly when included in an XHTML 1.1 page… I might rewrite that code another way, pass the dynamic bits as arguments to a function…

Leave a Reply