Slashdot Mirror

← Back to Stories (view on slashdot.org)

History of Software Patches?

Posted by Cliff on from the digital-archaeology dept.

NinaBeth asks: "I'm interested in the history behind software patches for an academic paper I'm writing. In particularly, I'm wondering what motivates shrink-wrap software companies to release patches? Why send out 'broken software'? Is it purely financial? Has anyone done a cost-savings analysis of QC prior to release versus user-reported problems? Any stats on the average number of patches an application will require? Is any one particular company more patch-happy than others? I don't need much, just a reference or two would be helpful. Thanks for any suggestions!"

7 of 39 comments (clear)

  1. Funcom vs. MS by JMZero · · Score: 3, Interesting

    The wording of your question makes it very easy to think of you as a troll, though you're probably not.

    A good example of a company rushing software is Funcom's Anarchy Online. It was released in spite of huge, unresolved problems with the beta tests. However, they felt they had to go to market ahead of competitors.

    Other products are simply doomed by diminishing returns. An alpha of a new MS OS might have tens of thousands of bugs. Internal testing will get a lot at first, but the bug finding rate will wind down quickly as time goes on. After a certain point, it's more economical to let the public find the bugs than it is to hire more testers.

    There will always be some equilibrium here, though I'm guessing MS will likely try to do more testing in future releases - as the talk of insecurity is actually starting to get through to the general public.

    --
    Let's not stir that bag of worms...
  2. Software Patches by Slipped_Disk · · Score: 4, Interesting

    Well I can't say it authoritatively, but patches have probably been out since the very beginnings of programming - at the very least since the beginning of UNIX.
    When you think about it, all the Unices, commercial or free, have always released patches. In Linux and the open-source BSDs these are released as source code (diffs or checked out of CVS), in the commercial world binary patches that either replace or edit a portion of the files on your computer are often released to address security or functionality problems. I honestly can't think of any other major piece of software (OS, app suite, windowing system) that hasn't released at least one "apply this today or your computer may explode" patch.

    As for the "why" of releasing broken software, I can personally attest to the fact that most companies probably DON'T know about the problems until they come up in the real world. When my company tests software we try to think up extreme or improbable cases along with the mundane, but invariably we miss something.
    IMHO the releasing of buggy software isn't necessarially bad - but on the other hand if you KNOW a bug exists and it is fesable to resolve before a release, that should be the prefered solution (as opposed to a patch later).

    As for the average number of patches a piece of code requires, the codebase for the larges application I am currently working on has had well over 100 internal patches (things which didn't cause functionality problems but still should have been fixed). These fixes were sent to customers in 10 seperate external patches (a patch that increments the z in x.y.z versioning) which also fixed functionality problems that we discovered in additional testing or that the users reported.

    For larger-scale examples, check out the lists of patches for solaris (www.sun.com) and MS Windows (windowsupdate.microsoft.com - assuming it's back up)

    Hope this helped a little.

    --
    /~mikeg
    1. Re:Software Patches by SuiteSisterMary · · Score: 3, Interesting

      Sun is pretty cool because they patch their patches; you'll notice that every patch has a revision number. When I was doing tech support a few years back, we had a few Solaris customers call in. They were getting segfaults on execution of our product. Nobody else. Just three or four people. We checked hardware, we checked the patches we required, we checked other running software, we checked everything. Until, one day, while I'm staring at the Sun webpage for one of the patches our product required for Solaris, one of the customers, with whom I'm reviewing everything we've done up till now, says something like 'And the patch 238509 rev 5 was installed...' and the page I'm staring at says '238509 rev 6' with a release date of a week beforehand. Grabbed an archival copy of rev 5, and sure enough, it was available for something like a week, and caused the segfault.

      --
      Vintage computer games and RPG books available. Email me if you're interested.
  3. They Write The Right Stuff by yancey · · Score: 3, Interesting


    You should refer to the article http://www.fastcompany.com/online/06/writestuff.ht ml entitled "They Write The Right Stuff" for some information about the developers who write the software for the Space Shuttle. It partially addresses your question.

    "Most people choose to spend their money at the wrong end of the process," says Munson. "In the modern software environment, 80% of the cost of the software is spent after the software is written the first time -- they don't get it right the first time, so they spend time flogging it. In shuttle, they do it right the first time. And they don't change the software without changing the blueprint. That's why their software is so perfect."

    --
    Ouch! The truth hurts!
  4. Deadlines, quotas, metrics, and some history by imrdkl · · Score: 4, Interesting
    First, if you are really interested in the history of patching software, then check out the patch(1) program for applying source level patches. This was written originally by Larry Wall, also the author of perl, and a well-known cofounder of the internet (so to speak).

    If you dropped Larry a line, I'd bet he'd be willing give you some perspective, at least from the Free Software point of view. He used to release patches directly on USENET, now that was a great way to keep customers happy...

    The rest of your question can probably be answered by the first three words in the subject of my comment. If it builds and runs on the announced shipping date, and there are no (or very few) show-stopper bugs, then most companies will cut CDROMS and ship.

  5. The "Capability Maturity Model" (CMM) by Ocelot+Wreak · · Score: 2, Interesting
    One direction that has picked up a lot of credibility and support from large software developers (for big .gov and .mil projects) is the Capability Maturity Model (CMM). It has been applied to software developement for applications, computer security engineering, etc. CMM allows the software development process to be more closely managed, observed, measured, and fixed _before_ it breaks, or where errors can cause big problems in critical systems. Several good books have been writen on it, and a lot is available on the web. See:
    www2.umassd.edu/SWPI/processframework/cmm/cmm.ht ml for some general background on the process. From their web site:

    SEI Capability Maturity Model

    The CMM describes the principles and practices underlying software process maturity. It is intended to help software organizations improve the maturity of their software processes in terms of an evolutionary path from ad hoc, chaotic processes to mature, disciplined software processes. The focus is on identifying key process areas and the exemplary practices that may comprise a disciplined software process. The maturity framework provided by CMM establishes a context in which:

    Practices can be repeated, if you don't repeat an activity there is no reason to improve it. There are policies, procedures, and practices that commit the organization to implementing and performing consistently.
    Best practices can be rapidly transferred across groups. Practices are defined sufficiently to allow for transfer across project boundaries, thus providing some standardization for the organization.
    Variations in performing best practices are reduced. Quantitative objectives are established for tasks; and measures are established, taken, and maintained to form a base-line from which an assessment is possible.
    Practices are continuously improved to enhance capability (optimizing).

    Structure of CMM
    Maturity Levels
    A layered framework providing a progression to the discipline needed to engage in continuous improvement (It is important to state here that an organization develops the ability to assess the impact of a new practice, technology, or tool on their activity. Hence it is not a matter of adopting these, rather it is a matter of determining how innovative efforts influence existing practices. This really empowers projects, teams, and organizations by giving them the foundation to support reasoned choice.)

    Key Process Areas
    Key process area (KPA) identifies a cluster of related activities that, when performed collectively, achieve a set of goals considered important.

    Goals
    The goals of a key process area summarize the states that must exist for that key process area to have been implemented in an effective and lasting way. The extent to which the goals have been accomplished is an indicator of how much capability the organization has established at that maturity level. The goals signify the scope, boundaries, and intent of each key process area.

    Common Features
    Common features include practices that implement and institutionalize a key process area. These five types of common features include: Commitment to Perform, Ability to Perform, Activities Performed, Measurement and Analysis, and Verifying Implementation.

    Key Practices
    The key practices describe the elements of infrastructure and practice that contribute most effectively to the implementation and institutionalization of the key process areas.
    Good luck!
    -wjc.

    --
    "I figure you're here 'cause you need some whacko who's willing to stick his finger in the fan. So who are we helping?
  6. You should probably be taking a business class... by xarc · · Score: 3, Interesting

    Not that I am a business major, but patch levels make sense to me.

    Time is definite issue. First of all, you want to get your product out the door.

    Second, you want development to be as fast out of development and as feature rich as possible. This doesn't always allow for perfect code.

    Third, you don't want your team to burn out.

    Therefore, most (smart) software companies will release patches to their software. Also, releasing patches gives the consumer the impression that you are actually maintaining your code (whether you are or not).

    Think about trying to write Windows XP or KDE or GNOME from the ground up-- in one release. Not going to happen, unless you have a lot of dedication and a lot of time. And by the time you finish, it might well be outdated, or even unliked.

    On that note, an additional benefit of releasing software in patch levels (or SPs), is you get a large showing of customer feedback. If there are major bugs, they will be found. If your software is "good enough", you might be willing to distribute it. I suppose that's what makes Dilbert's "It compiles! Ship it!" so funny.

    Granted, this is all opinion.