This thought struck me today, out of the blue.

There are two ways of running servers:

  1. Keep it rock solid, by avoiding change as much as possible. This is quite excellent: nothing changes, so minimal effort is required and costs are cheap. Those relying on the server can just assume it is there. However, when there is a necessary change, such as a kernel security update, it is quite disruptive. Everything stops, people get nervous, and deodorant sales go up.
  2. Make frequent changes, and build everything on the assumption that the server may be out of service at any time. Replicate services, avoid keeping state unnecessarily, and do anything else you need to do to handle the constant rebooting and other outages. This is more expensive to build, and to run, but perhaps not a lot more, and a kernel update will barely even be noticed. It is not disruptive at all. You will save a lot on deodorant.

Now, I do not run many servers, so this may be bogus.