In all honesty, I've had to deal with very few of them, and only indirectly. Most notably the heartbleed thing recently. And you know what? It was senior management and IT managers who made that call and accepted the risks. (I'm primarily inside the firewall, so usually not my issue.)

There are times when you have to weigh risks and make choices.

But generally speaking, I don't apply a patch which is fresh and steaming immediately, and then I deploy to a lab and do some testing first.

Assume the worst, and do your best to plan against it. I learned this at the knee of an old neckbeard who'd seen it all, and I think it's served me quite well.

Occasionally, someone accuses me of being a worrier and overly paranoid -- and infrequently someone will override me. On a few of those occasions when it blew up in our faces, I was the one saying this is why I don't do it that way.

There's probably a larger number of times where it would have probably worked just fine.

But I don't get paid to take risks with someone else's stuff, and I work on stuff with a pretty low risk threshold.

So, for me, I will always err on the side of caution of it's an important system.

Like Herd-immunity that only works if most people don't do it.

Sure, and there will always be those who do it right away.

But I have no intention of being the first lemming off the cliff. I've been in IT way too long to trust a fresh patch for any vendor.

There was a time when release cycles were much longer, nowadays, you're just as likely to end up in the situation of a busted environment.

At the very least you have non-prod systems which you use as guinea pigs. But I've met people who apply new patches to Production machines right away -- and almost invariably end up getting burned by it.

I'll stick with my old school, overly paranoid approach to release engineering/configuration management. What others do with systems they're in charge of is their own problem.

As a customer, how would you feel with a very simple product (much simpler than the competition but still a bit complex) that has no documentation?

So, I guess first off if your product is open source, do you have customers or do you have users?

Second, say I'm evaluating a new product, and I stumble on yours. After looking around I conclude there is no documentation at all.

Now, do you think I'm going to download and install your software so I can play with it and see if it might possibly be useful for me? Or am I going to look at the absence of documentation as a sign that I should look elsewhere?

My honest answer, is I'm going to assume you're like every other open source project with no documentation and keep looking. Because it smacks of either amateur hour, or the bad old days of open source where all you got for help was "RTFM" (which in this case there wouldn't be), or "figure it out for yourself".

If you've got 250 apps with no documentation, what you have is a sea of unintelligible stuff which nobody is going to want to get anywhere near.

And if this is supposed to be a business suite, how are people going to pitch it to decision makers when you say "um, well, there's no actual documentation". If any business lets their IT folks roll out a project based on software with no documentation, they'd be complete idiots.

If you're not documenting it, people who aren't already users of it will never use it.

And, really, 250 frickin' apps without documentation?? Yeah, no.

Yet again, those people who get all stroppy about "you should install updates the SECOND they come out".... real life hits you again.

I've never understood that mentality ... usually I give patches from any vendor a few weeks or more to have a shakedown period.

Let someone else do the beta testing.

I've seen more problems caused by applying fresh steaming patches than I have seen problems solved by it.

Gartner is useless. However you can pay them money and they'll increase your company's rating and this will fool people who trust Gartner's opinions.

Agreed, they make their money evaluating how well people are doing in the overhyped buzzword sector, and making predictions which are of dubious value.

So if they have a section on overhyped buzzwords, it's pressy astounding.

To me, if Gartner is saying this, it's kind of like Bernie Madoff saying an investment is a little sketchy.

I look at 90% of what comes out of Gartner and think "what overhyped drivel", so them saying the same thing boggles the mind.

They essentially are making biological weapons in violation of international treaties, but they're saying it's all OK because it's for research?

Sorry, but what? If someone in Iran was doing this people would be calling for airstrikes.

The hubris of thinking "it's OK, I'm a trained professional, nothing bad can happen" is mind boggling.

How is it even legal to be making deadlier strains of viruses?

You mean like when you wrote that it was a cliche, a phrase which itself is so overused as to in fact be one?

Ironic, isn't it? ;-)

And, cliche isn't a phrase, it's a word.

Know what else is a cliche? People whining about the relative meaning of a phrase which originated in the 16th century (and was apparently a bad translation from Latin), and a more modern phrase which uses some of the same words.

Unless you are specifically in a context where you're doing formal logic or debating, the former is rarely used. And, if you're in that context, everybody knows the difference between those two things. If you're not, people probably mean the more modern version of it.

So, dealeth with it, lest thee gets presumed for man of excessive pedantry and retentiveness of the sphincter.

Dost thou propose that thine language shall never evolve and change in any manner unless it be so approveth by thee and thine ilk of the Nazis of Grammar? Shall thine language become static and fixed as the firmament and the heavens? Or hath the pinnacle of grammarian excellence been such obtained as to negate further change, owing to it's divine revelation and celestial perfection?

Would such change undo the works that man has wrought under heaven? Would thine countenance still continue as blessed and calm as days of yore? I beseech you, good sir, to ponder the myriad ways in which ones speech no longer resembles that of our forefathers, even as thou pines for a return to the olden ways.

Methinks thine bloomers may have come become ill adjusted leading to your distemper. I prithee, settle thine dyspeptic mood and swallow your bile, lest ye strain thyself. These ill spirits do not become you, and place much strain upon your liver.

I do believe the gentleman doth protest too much over matters of trifling importance.

If you have ever said "let me google that", then you too are guilty of this. If you have ever used any expression which is newer than the dark ages, you're certainly guilty of this.

Language evolves, and the fact that a second entire expression which sounds similar to the first is not the fault of the expression or the people who use it.

Yes, there is the logical fallacy of "begging the question". But there is also the more modern "begs the question" implying "that causes us to ask this", and it has been in use for decades.

Whether the grammar nazis among us accept or not is a different issue.

So, yo dawg, chill and stop griefing, peeps be speaking differently than before. Deal with it.

At best English is a bastardization of a several languages, thrown together with a hodge podge of rules which require you to know which language gave us the word and why, and it is entirely possible to construct phrases which sound similar but which convey an entirely different meaning.

My advice to you, get over it.

Cargo shorts are ubiquitous.

Piercing, tattoos and henna are part of the hacking culture these days though

looks down Hmmmm ... I'm not wearing any henna now, and my hair is my natural color, and I no longer have an eyebrow ring ... but really, this has been nerd chic since I was in junior high school, which is really only a subset of shabby punk from the 70s.

Or as I like to call it, clothing.

As far as wizards and elves

Mmmmm .... Skyrim ...

ZOMG, I 4m teh hax0r!! Or, as my wife puts it ... " hey dork".

Let's be honest here, this isn't exactly new.

Damn, suddenly I was a lot more interested in attending ... who doesn't like disco-bondage headgear, leather, and steampunk?

Yes honey, I have to go to Vegas for work. No, I really do need my steampunk goggles and leather chaps, it's for, um, safety. Yes, for safety. Have you seen my cape?

Yeah, like I'm supposed to believe he had a heart.

That's just where they topped up the evil. ;-)

Nerds in t-shirts and glasses, now that's what I expected ... the whole leather thing threw me a little.

"my wizard impales your elf".

I don't even know where to start with how wrong that statement is.

Why, thank you.

still tons of leather, piercing, and body art

Is this a security convention, or an S&M one?

I'm confused ... I've never been to one, is this one of those 'it can be two things' deals?

Is everybody walking around in their disco-bondage headgear and steampunk outfits talking about security?

I'm just imagining a keynote speaker in leather chaps, and suddenly I'm very afraid. No wonder the rest of the world still thinks we're all running around playing D&D and shouting "my wizard impales your elf".