Beefy Boxes and Bandwidth Generously Provided by pair Networks
We don't bite newbies here... much
 
PerlMonks  

Why update perl?

by Beatnik (Parson)
on Oct 14, 2002 at 09:25 UTC ( [id://205010]=perlmeditation: print w/replies, xml ) Need Help??

Just recently I installed a linux based firewall product with a Perl/CGI GUI. Now, once I looked under the hood, I nearly had a heartattack. Basically it runs perl 5.005_03 on there 2 week old release. When I asked on their mailing list when they'd get a newer release (I didnt ask for the latest tho), I started a whole discussion, which eventually ended in something like "NEVER". They questioned why you'd need a new version, when the code they have runs fine on 5.005_03, why tempt fate? I'm sure we've had this all before and I don't (read DONT) want to start a flamewar here but

What are valid reasons to keep updated version of perl on a mission critical box (such as a firewall)?

Greetz
Beatnik
...Perl is like sex: if you're doing it wrong, there's no fun to it.

Replies are listed 'Best First'.
Re: Why update perl?
by Tanalis (Curate) on Oct 14, 2002 at 11:45 UTC
    I think this comes down to the age-old adage of "If it ain't broke, don't fix it". We run 5.004.04 at the place I work at; it runs the scripts and does the job we need doing perfectly well.

    From a tech perspective, the scripts we run on a daily/hourly basis are far too critical to risk having them not work for even one iteration. I think that this is the major, and most compelling reason to not upgrade. "What if it goes wrong" is something too terrible to even consider.

    While I agree that a later version would probably be more fun to play with, and maybe faster, and more secure, it's more important to get the job done right than to keep at the cutting edge of new, at least in my experience.

    Just my thoughts ..
    --Foxcub

[reply]
Re: Why update perl?
by BazB (Priest) on Oct 14, 2002 at 11:48 UTC

    There are certainly reasons for not having a cutting edge Perl (or any other program) on your mission critical machines - since said program is so new, all the problems may not have crawled out of the woodwork :-)

    However, there is also an argument for having a moderately up-to-date version of most programs - you want to upgrade when there are security problems with programs (IIRC Perl v5.004 had problems), but generally security/bug-fix reasons are about the only time to upgrade.

    Upgrading only to fix security holes is not the same as never upgrading.
    I'd be quite worried if the system never got any upgrades over a substantial period of time.

    Cheers.

    BazB

[reply]
Re: Why update perl?
by johanvdb (Beadle) on Oct 14, 2002 at 12:40 UTC
    One reason to update would certainly be the ability to write better (as in more professional) code.
    In perl5.6+ you have e.g. Attributes, which are a big aid in writing professional code (I use them for making abstract methods and such).
    An other issue would be, that you can throw error objects
    die MyPackage::Exception::DeadByDawn->new
    This makes clean programming practices possible.
    And I guess a lot more stuff can be thought off ;-)

    But I guess this is only valid if you are still evolving your coding style, to get it more aligned with modern development practices. If you are happy with how you do it and you produce a stable code base then don't bother

    Johan
[reply]
      An other issue would be, that you can throw error objects.

      FYI This Perl feature was introduced in 5.005xx.

      --
      Ilya Martynov (http://martynov.org/)

[reply]
      Why do you find Attributes such a big deal? (You may want to post a new top-level thread on it) I've seen very little about them, and they've changed between versions I think.
[reply]
Re: Why update perl?
by trs80 (Priest) on Oct 14, 2002 at 14:19 UTC
    There is no reason I would imagine for 99% of their target market to need to upgrade, and the remaining 1% is capable of doing the upgrade themselves. The package (Perl) is meant to run limited services for their needs not the end user. I have been running a smoothwall box for months and have been very happy with it, even on my weak hardware (AMD 75, 32MB, 400MB HD) it has provided the function claimed by the producer.

    If you are trying to do development or production work on a firewall I really have to ask why?

    If you want to parse logs or manage the system do it from a machine behind the firewall and not on the firewall.
[reply]
      Well, actually I'm thinking about rewriting the whole CGI frontend from scratch. I'll probably end up updating perl manually on that box. I'm not claiming it sucks, it does everything they claim it does, I just want to make sure it also does what I want it too.

      Greetz
      Beatnik
      ...Perl is like sex: if you're doing it wrong, there's no fun to it.
[reply]
Re: Why update perl?
by shotgunefx (Parson) on Oct 15, 2002 at 05:36 UTC
    Sort of a double edged sword. Unless there are some modules that require a newer perl I can't think of why you would want to on an appliance. I remember when upgrading to 5.6.0 that LWP::Simple no longer worked on some requests breaking many automated tasks. The problem took awhile for me to notice and the bug is still open some 14 months later. I had to step back to my previous version and await 5.6.1

    So personally I am fairly hesitant to upgrade unless there is some new whiz-bang I need or security issues.

    -Lee

    "To be civilized is to deny one's nature."
[reply]
Re: Why update perl?
by Jeppe (Monk) on Oct 14, 2002 at 16:32 UTC
    Do you remember how perl 5.6.0 and mod_perl worked together? I use HTML::Mason, and HTML::Mason and perl 5.6.0 do not cooperate very well. In fact, you get (near) random segfaults.

    That is a specific example for why upgrading platform software can seen as rather risky. Upgrading will mean that you need to develop contingency plans etc etc. It's a hassle, and if it works, why break it? (Yes - I know. Security, security, mindshare)

[reply]
Re: Why update perl?
by mattr (Curate) on Oct 15, 2002 at 04:44 UTC
    I'd say if you have something working don't upgrade just for the heck of it. But from recent personal experience I would highly recommend upgrading perl if you are doing development.


    - newer perls let you be more free with perl grammar I find
    - better (presumably, no anecdotes though) better error diagnosis in "perl -wc"
    - When modules get updated sometimes they include code syntax or functions which are not available in old perls. -
    - "perl -MCPAN -e shell" likes to try to build perl 5.8 for you when this happens
    - but cpan is a lot easier to use than constantly building in other directories with stuff like "make pure_perl_install" etc. etc.
    - and some modules just won't build so you have to go searching changelogs for the latest version which has what you want
    - and possibly you are prey to bugs (I've seen some myself) in older perls, or even a buffer overflow (never seen one myself) in an old perl which was fixed at some time.
    - presumably better performance and robustness (no concrete info for you sorry)
    - Basically perl is as strong as its community and using an old perl is like giving yourself a lobotomy. A firewall doesn't maybe need so much in the brains department but if your brain grows you want to use the latest perl.

    With one caveat - Cobalt RaQs which seem (RaQ3) to include vintage 1999 software use perl for their web admin interface. I have seen references on the net, some perosn even says it works fine with 5.6, but you shold realize that updating perl could break a current admin program which you must have (if you don't have root access).

    Personally I now feel strongly that any product which embeds perl as part of its critical functionality should be using a separate perl installation which does not interfere with a user who wants to automatically update perl every 6 months or year without worrying about legacy code.

[reply]

Back to Meditations

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: perlmeditation [id://205010]
Approved by Bukowski
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others making s'mores by the fire in the courtyard of the Monastery: (3)
As of 2024-04-26 02:16 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found