[jjice]

My answer is definitely not going to be impressive compared to some grey beards, but at my job in the early 2020s, they liked to say they had a "servers are cattle, not pets" mentality, but that was just the case of most of them. They had sentinel servers for each environment that held varying special meaning (only they handled certain tasks) that was poorly documented.

The CEO (the one who wrote most of the initial code but now was uninvolved in the software) never wanted to touch them - he saw the entire server as a house of cards. The problem was, not updating this thing just let to piles and piles of out of date packages and eventually past EOL for the entire distro it used. I'd say it lasted six years without an update til I showed that that it _needed_ an update when they went for SOC2. It honestly wasn't that bad to replicate - some strange edge cases, but like a day of work.

Their MySQL instance was about the same age, but they chose an older version than was stable at the time, so it also went EOL and they left it sitting there. Hell, I don't know if they've update it to this day. For some context, it's a small enough DB (in terms of size), that you could probably even get away with a long running SQL dump.

What scares me is that I have to imagine so many companies operate this way and they handle much more sensitive data. C'est la vie, I guess.