or partially unmaintained, a security nightmare and not compatible with a lot of stuff you might need to be compatible, too
boring tech is nice, if it can get your job done, is compatible with modern security standards and allows fast reliable development
sadly that isn't always the case
especially security standards have shifted a lot in the last 10+ years, partially due to attacks getting more advanced partially due to more insight into what works and what doesn't
deployment environment and pipelines have shifted a ton, too, but here most "old" approaches continue to work just fine
data privacy laws, including but not limited to GDPR, bring additional challenges wrt. logging, statistics and data storage
regulations in many places also require increased due diligence from IT companies in all kinds of ways, bringing new challenges to the software live cycle, dependency management, location of deployment. Points like 4-eye-principle, immutable audit logs, and a reasonable standard of both dynamic and static vulnerability scanning/code analysis can depending on your country and kind of business be required by law.
If your boring tech can handle all that just fine, perfect use it.
But if you just use it blindly without checking if it's still up to the task it can easily be a very costly mistake, as costly as blindly using the new wide spread hyped tech.
boring tech is nice, if it can get your job done, is compatible with modern security standards and allows fast reliable development
sadly that isn't always the case
especially security standards have shifted a lot in the last 10+ years, partially due to attacks getting more advanced partially due to more insight into what works and what doesn't
deployment environment and pipelines have shifted a ton, too, but here most "old" approaches continue to work just fine
data privacy laws, including but not limited to GDPR, bring additional challenges wrt. logging, statistics and data storage
regulations in many places also require increased due diligence from IT companies in all kinds of ways, bringing new challenges to the software live cycle, dependency management, location of deployment. Points like 4-eye-principle, immutable audit logs, and a reasonable standard of both dynamic and static vulnerability scanning/code analysis can depending on your country and kind of business be required by law.
If your boring tech can handle all that just fine, perfect use it.
But if you just use it blindly without checking if it's still up to the task it can easily be a very costly mistake, as costly as blindly using the new wide spread hyped tech.