11. Maintenance is Cheap | The Axioms of Software Development
This is part of the series on the Axioms of Software Development. If you haven’t read the previous axioms - you can see them here.
It’s my aim that by helping you understand these axioms, I can help you resolve problems associated with coordinating developers, time and resources and ensuring your software project is successful.
11. Maintenance is Cheap
What do I mean by maintenance is cheap? I mean that the money you spend on maintenance is like an early payment on a loan, those payments earn interest and return much bigger dividends into the future than the initial investment.
Let’s have a look at two extreme examples to clarify this.
The first project has no maintenance done. No upgrades. No security patches. No updates to the infrastructure running it. Nothing. While this will run quite happily, maybe for years, one day something will have to be done to keep the system running, and at this point, any developer starting on it will have a massive uphill battle even to get the application in a state they can even start developing on it. Not to mention as each month without maintenance goes by, the security risk of a data breach or other problem just exponentially increases. I have seen applications like this where it was cheaper to completely restart the application in the latest versions of the underlying system and porting over the business logic resulting in spending more than the initial investment of writing it in the first place.
The second project has regular maintenance done on it. Every month a little bit is done, a bug fix here, a security upgrade there, an operating system update over there. Over the years this system is kept broadly in sync with the movement and changes to the software development landscape. When the time comes to add a new feature, any developer can rapidly get the system up and running and make the needful changes in a short period of time. Obviously maintenance does not come for free, but there are many companies out there (including reinteractive :) that provide maintenance services for all sorts of applications where you do something like purchase a block hours each month to keep your app up to date and functional.
What are The Risks of No Maintenance?
The risks of not maintaining your system include:
Data Breach - your system might have a security vulnerability from the code in your application or one of the dependent software libraries it uses that results in some or all of your users data being exposed and then sold to the highest bidder. I don’t think a week has gone by recently without a major data breach, and a majority of these are caused from out of date and unmaintained software.
Data Loss - your system could end up having a bug that just deletes data. Or has a flaw that allows an attacker to delete that data, causing your users and your company data loss requiring expensive restore processes (both in time and money).
Performance Degradation - an unmaintained system will eventually slow down as the database it is using grows in size and no performance work is done to handle this additional data.
Integration Failures - even if your system is perfect, it probably interfaces with other systems in some way or another, these other systems will be constantly improving over time and updating their APIs and processes. Without performing regular updates, your system will be left behind and eventually be unable to integrate with the systems it needs to.
Hijacking - This is where an attacker finds a flaw in your system that allows them to impersonate your users, or use your system in unintended ways that results in your site becoming a source of SPAM. One of our clients had a WordPress site that was not maintained (and it is now!). They used a compromised plug-in which was hacked. The compromised plugin sent out an email to their entire contact list with links to hard core pornographic sites. The breach, while not being particularly expensive to fix, cost them greatly in damage to their reputation, brand management and trust. Something that just wouldn’t have happened if they had a maintenance plan in place taking care of the points above.
Environment Rotting - Software itself doesn’t rot, but modern software is built on a stack of other products, all of which get updates and get improved over time. Without maintenance, it can become almost impossible to even start the application for a new developer as all the tooling that was used to build the application in the first place has changed drastically or become unsupported altogether. In addition to this, the ecosystem of blog posts, help articles and the like have all moved on to newer versions making finding the cause of some weird bug even harder to find for your development team.
Morale - Finally, the morale of your team is impacted. They see this system that they worked hard on, get neglected and left behind. Then when they are inevitably asked to fix something that’s broken, everything has to be done under a time crunch with them trying to get this application running that hasn’t been developed on in years with all the team members that built it originally long gone and no one left to know how the thing even starts. Imagine you are the driver for some car company, and the car your are assigned has no maintenance budgeted to it? You do your best to wipe down the dash and make sure you leave it out in the rain for a wash, but after years of driving, the oil would be fouled with contaminants and possibly have caused damage to the engine. If one spark plug had failed, that would have fouled that cylinder. The brakes would probably need replacing, in addition to major maintenance probably being required on the overall car. Aside from the fact it would probably be a death trap to drive, getting it fixed would be a very expensive nightmare.
Software projects often cost many times the cost of a new car, yet the idea that you would leave a new car without maintenance for years would be considered ludicrous.
Getting your software system maintained regularly is very much cheaper than leaving it to rot and break over time, even without the developer costs factored in, it can be seen as a cheap form of insurance to avoid expensive settlements, suits, blackmail costs etc due to negligence caused from criminals trying to attack your system for their profit.
What Needs to Be Maintained?
The key points to maintain are:
- Security Vulnerabilities Found
- Software Patches
- Database Maintenance (ie. vacuuming, health checks, and log management)
- Updating dependencies, plugins, libraries and language
- Updating underlying software versions to ensure continued support.
- Updating the infrastructure (operating system, servers etc)
- Updating the documentation on how to use it
- Adding more tests around core functions
- Improving how a new developer can get up to speed
Every modern software system contains dozens to hundreds (sometimes thousands) of dependent libraries in addition to the code that was written in the application itself. No matter how big or small your application is, maintenance is required to keep it healthy and functioning and safe.
As in life, in software there is no such thing as a static, steady, always the same, existence.
If something is not being improved and kept up, it will decay and eventually cease to operate if only because everything around it will continue to be improved and grow leaving your system behind.
Time and money spent on maintenance to keep your software up-to-date will ensure you don’t encounter a nasty surprise later when it ceases to perform the functions it was designed to do.
Ruby on Rails & the Axioms of Software Development
Ruby on Rails solves a lot of the problems outlined in these Axioms. It’s why we have selected it as our software language of choice for development. It allows you to stick to your knitting, rapidly build out your MVP. It allows you to have a lot of automated testing and it is built to handle large complex requirements with thousands or even millions of concurrent requests (think shopify and github).
It has a very mature history and an ongoing loyal following.
The Rails community is large with almost 4,000 developers contributing to the framework, over 168,000 software libraries we can plug in with over 300 million downloads of the Rails framework.
Let me know if we can help you with your next project.