A number of US government organizations were hacked recently, with a vulnerability in some SolarWinds management software. This was through source code backdoors slipped into updates. I wrote about it recently, with the thought that our OSes need ways to that we can monitor them with less privileges.

This was through Windows servers that were managed, which allowed Microsoft to fight back. This was a high profile attack, and Microsoft responded, unleashing a Death Star according to this article. The efforts by Microsoft show their willingness and ability to quickly work against malware, which I'm sure many appreciate.

The ability to easily change the way that software works is critical for many of us. We often use data to drive the behavior of systems, but more organizations building software are starting to ensure that they can easily manipulate how software works with feature flags or toggles. While I see plenty of customers using this, I see more not bothering to adapt their software to add them. Maybe more important, I see lots of customers not using these flags to help with deployments, especially database deployments.

I'm more of a fan of deploying the database first, but whether you deploy the database first or last, having toggles in your software that control how database changes affect your system is important. With a toggle, I can deploy database changes without the application behavior being altered. If I suspect issues, or find them with a few testers, I can roll back the database change without the application being broken for everyone.

Changing behavior on the fly, especially when you need to verify database changes, is an important tool to have at your disposal. I suspect before Microsoft made a few changes to their software, they made the change behind a feature flag that someone tested. That might be something you want to think about doing.