Plum

@plumpan

he/him

I occasionally write long posts but you should assume I'm talking out of my ass until proved otherwise. I do like writing shit sometimes.

50/50 chance of suit pictures end up here or on the Art Directory account. Good luck.

Be 18+ or be gone you kids act fuckin' weird.

pfp by wackyanimal

I tag all of my posts complaining about stuff #complaining, feel free to muffle that if you'd like a more positive cohost experience.

Art and suit stuff: @PlumPanAD

"DMs":
Feel free to message as long as you have something to talk about!

Plum @plumpan10/5/2023, 5:30 PM

I am going to ask this question very deliberately and explicitly, please read the whole thing before answering.

Why is the expectation that security and feature updates can not be completely separate?

That's the question, now here's the bit you need to read before the answer. I imagine the problem is because things aren't built separately; updated code in one place expects to communicate with an updated version elsewhere. I didn't take compsci classes, there's probably already a documented explanation to this, specifically how feature and security changes can't be isolated. It probably has a name too.

But in my head I'm thinking, this is a problem that could be designed around. It's just that the extra work is substantial and requires a level of organization and... discipline? That no company that pays it's programmers would be willing to put up.

Back on the topic of "someone probably already researched this", I'm sure there's a word for the constant feature and UI churn that most programs succumb to nowadays as well. I know we all like "enshittification" around here but I'm sure it's been going on for FAR longer than that.

All of that being said, serious answers only please. "Companies dumb and don't do shit right" may be correct but it's not helpful if I'm actually trying to pin down the words for all of this stuff.

You must log in to comment.

in reply to @plumpan's post:

@aune10/5/2023, 5:44 PM

It's time consuming. That's the only reason. I work on enterprise software that does on premise deployment and it means you have to maintain multiple forks of the codebase, test them all separately, and manage release processes independently.

Edit, which feels dumb when I've already chain responded: I'm not sure if there's a special name for it, we don't seem to have one even.

@aune10/5/2023, 5:45 PM

To be clear, we do do it, and try to find the line of what features can go into stability releases. But it can get messy.

ꙮ tatybara ꙮ @tati10/5/2023, 5:47 PM

Why is the expectation that security and feature updates can not be completely separate?

Sometimes they are kept separate, like with LTS versions, but basically it's kind of a hassle to do and there's not really an incentive to do this unless you're selling a specific type of reliability. I think it's more common with B2B stuff.

I'm sure there's a word for the constant feature and UI churn that most programs succumb to nowadays as well.

feature creep.

ꙮ tatybara ꙮ @tati10/5/2023, 6:02 PM

also relevant: second-system effect

The second-system effect or second-system syndrome is the tendency of small, elegant, and successful systems to be succeeded by over-engineered, bloated systems, due to inflated expectations and overconfidence

Plum @plumpan10/5/2023, 6:06 PM

I really need to read The Mythical Man-Month. Almost upsetting how all of this stuff was correctly identified in the 70s and we still succumb to it.

likes your comments

Sugar Meowth @dosmeow10/5/2023, 5:48 PM

What would a "feature" update be that does not involve security beyond something so minor like "We changed the colors/order of the buttons"

@aune10/5/2023, 5:52 PM

Oh, there's lots of options there, unless you're extending it out generically enough that you include anything that broadens potential attack surface means "security update"

Plum @plumpan10/5/2023, 6:07 PM

Frankly there's so much "we moved the buttons around!" alone that I could narrow it down to that.

Pinned Tags