Ksplice Offers Rebootless Updates For Ubuntu Systems

sdasher writes "Ksplice has started offering Ksplice Uptrack for Ubuntu Jaunty, a free service that delivers rebootless versions of all the latest Ubuntu kernel security updates. It's currently available for both the 32 and 64-bit generic kernel, and they plan to add support for the virtual and server kernels by the end of the month, according to their FAQ. This makes Ubuntu the first OS that doesn't need to be rebooted for security updates. (We covered Ksplice's underlying technology when it was first announced a year ago.)"

GPL "terms of service"?

[innocent_white_lamb]

They appear to be releasing this licensed as GPL v2, but they have a "terms of service" click-through, according to their screenshot.

That doesn't give me great confidence that they really understand the GPL....

The technology looks pretty cool, though.

Re:GPL "terms of service"?

[Ambush+Commander]

So, they're doing the common "commercial open source" thing where the software (the application, the kernel patcher) is open source, but it's also tied to a service (the actual kernel patches) which is not so (free for Jaunty, but if you want a different kernel you'll have to pay Ksplice for support). So the Terms of Service applies to the service, which is really quite sensible.

Re:GPL "terms of service"?

In the broadest strokes, the GPL isn't that different from a EULA. The main difference is the scope of the agreement. When you use a typical EULA'd piece of software, you have to agree only to run it under certain conditions and not to redistribute it. When you use a GPL'd piece of software, you have to agree only to redistribute it only under certain conditions. You don't have to agree to anything to run it, but there are still terms and conditions for your use of the software (if "use" encompasses redistribution and modification).

And yes, yes, the GPL isn't a contract and a click-through token of agreement isn't actually necessary. (Instead, your agreement is implicit in the act of doing something that would be copyright infringement but for the license.) But it seems reasonable enough (if maybe unnecessary) to throw a window in front of the user and say "Hey, here's your chance to read this before you break the license terms".

Re:GPL "terms of service"?

[KDR_11k]

Some installers are simply built to force an EULA on the user so programs that use those are tempted to put something like the GPL in there.

Re:GPL "terms of service"?

[_Sprocket_]

In the broadest strokes, the GPL isn't that different from a EULA.

In the broadest strokes, an apple isn't that much different than an orange.

Re:GPL "terms of service"?

DLA != EULA The GPL is a Distributors License Agreement not an End User License Agreement.

Re:GPL "terms of service"?

[_Sprocket_]

No kidding. This thread and the original topic is like apples and oranges.

Re:GPL "terms of service"?

[_Sprocket_]

Kinda makes that whole "comparing apples to oranges" argument pretty stupid sounding.

Right up to the point that you bake a pie.

Re:GPL "terms of service"?

[x2A]

It's not even tangerinely related?

Re:GPL "terms of service"?

[mikechant]

How can you call something who's pealing is not edible a fruit?

It'd hope it's 'pealing' would be audible rather than edible.

Re:GPL "terms of service"?

[peragrin]

why do you think it is called click through licensing. 99.9% of the population doesn't read them, it is there to try and force a legality that doesn't really exist.

Re:GPL "terms of service"?

[iggymanz]

this thread is really persimmony off.

Great!

[jbacon]

This could actually be really awesome if it's truly production ready. What's that? 100% uptime?! AWRIGHT!

Re:Great!

[darkpixel2k]

I can see it now... "Kid. This was your fathers laptop. Cherish it as he did. It currently has just over 6 decades of uptime. With any luck, you'll be able to reach 13 or 14..."

Re:Great!

[MichaelSmith]

Constructive suggestions would be helpful. For the record I am sure you are right about that but I couldn't say for sure where the users expect to see improvements.

Re:Great!

[Shikaku]

What more do you want? Specific examples are key if you actually do care about trying to fix the UI.

Out of the box after you install Ubuntu from the LiveCD, by clicking the Applications (you know, the things you run?) menu:

Firefox: Good internet browser.

Evolution: Email client and reminders.

Tomboy (oops it uses mono): Keep track of notes, can load specific notes for a day. Helpful for Todo lists.

Calculator: Normal 4 function calculator with scientific mode if needed.

CD/DVD Burner: works well.

Screenshot Tool: press printscreen, save picture. Much better than Windows where you press the printscreen button and open up Paint to save it.

Pidgin: All in one IM client. Very customizable.

OpenOffice Word: can open all MS Office documents and is a good Office clone.

Rhythmbox Music Player: Keep track of music, works with lots of USB MP3 players (including iPods).

Totem Movie Player: Limited at first, but when you can't play something, it will prompt you to install the needed codec.

Add/Remove: Miles ahead of anything MacOSX and Microsoft has EVER done. Takes care of everything FOR you: downloading, updating, installing, etc. Just search for what you want through the left side or in the search tab.

It's so easy my girlfriend uses it by herself.

Drivers are handled automatically out of the box. No other OS can actually brag about having the highest device support. If it does not work instantly, chances are there will be a prompt to download and install the driver.

The only issues I think are the most common AND frustrating are installing WiFi drivers through ndiswrapper (ndiswrapper is finicky, but when you get it working it works perfect), relearning all the programs you want to use to do the same things you want to do, Windows games and using Wine, and the fact you will have to do a lot of Googling to do advanced stuff. Luckily more and more WiFi cards are being supported out of the box and Wine is getting much better.

Oh, and it's all free.

Re:Great!

[smallfries]

Watched Pulp Fiction too many times but I can't help but read that in a Christopher Walken voice and expect you to continue:

"when he was shot down over Hanoi he had this laptop with him..."

Re:Great!

[Anrego]

It's a cool piece of kit, but I wouldn't use this in a production environment.

If you are relying on one server to maintain 100% uptime in a high availability (which most production environments are) situation, you are probably doing it wrong.

It's my opinion that in a ha environment, you _should_ be able to reboot a box with no loss of uptime to the system as a whole.

I would even go as far as recommending a reboot every 3 months or so to test your clustering/failover setup (because I think a lot of people set this up once, then never look at it again until they need it 2 years later). Additionally stuff like kernel updates might BREAK the way in which your box boots up. Much better to discover that right after the update than a year down the road when the box goes down because of a bad PSU. A test of your boxes ability to automatically go from power off to full availability is probably a good thing[tm]

Re:Great!

[FishWithAHammer]

Well, OK. Let's start with X.

X really is a pain in the ass to deal with. Ever tried to get dual monitors working? OK, ever tried to get dual monitors with differing resolutions working? My standard work configuration when at my desk is two widescreen monitors, one 1280x800 (my laptop panel--I don't use a desktop right now) and a 1440x900 LCD monitor, oriented vertically (great for reading or code listings, I can't recommend that enough!). I spent far too much time trying to make this system work under Linux. All indications were that it's just not possible. Which is a shame, because I find it to be the best way for me to work.

(X is also a huge problem for numerous other reasons--a friend of mine worked for nVidia and related horror stories very similar to Linux Hater's blog on the topic. Mesa, as an open-source OpenGL solution, is preposterous and while there might someday actually be accelerated 3D drivers on a level of performance with closed-source drivers, I really wouldn't bet on it. Don't give me any bullshit about patents or "they have people working just on this"--I know and I do not care. It's so unfortunate that they have a problem. Emphasis on "they" have a problem. I'm an end user. I don't give a damn about their problems, I give a damn about their solutions.

And whoever thinks DRI is still relevant today needs their fucking head examined. You can't run Compiz and a 3D-accelerated application at the same time under DRI, but it works just fine under nVidia, because nVidia's "drivers" in reality rip out most of the lower third of the X stack in order to bypass some of the X braindead failures. The DRI architecture cannot be fixed, either, which makes this even more fun. It's not like any of this is novel, though: SGI had a workable rendering system in IRIX in the late 90's. X? Still waiting!)

Moving upward: while GNOME has made some pretty significant strides over the last two years, it's still just plain not very good. It's clunky--although much of this comes from GTK+ being nearly impossible to theme in an attractive manner, and the widget set's propensity for obnoxious amounts of padding, compare MonoDevelop and Visual Studio regardless of the theme on the Linux machine using MD and you'll see what I mean. The HCI for GNOME is bugfuck retarded (are you sure? [No] [Yes]). The applications, while often functional, lack polish and the sort of pleasantness to use that you find on OS X or even Windows. (The GIMP is a prime example. Nice backend. Horrible, horrible frontend, and a community of developers who are incapable of understanding that programmers don't understand users.)

KDE used to be my preferred desktop. It was fairly good-looking (although, and I hate to say it, Vista makes 3.5.x look really crap and 4.x not much better), and was relatively pleasant to use. It was obvious that people actually put some thought into HCI, even if their conclusions were not always right. Then KDE4 happened, and made me start wishing a bus to hit Aaron Seigo. 4.x is a departure of what KDE is as far as I'm concerned, and the cavalier attitude of their developers toward their users will prevent me from going back to it.

The suggestion of WINE for anything is preposterous. While WINE is quite an impressive project (and has delived good results), it simply should not be needed. If you're pimping Linux as an alternative to Windows, you'd better have all the applications people want (and that includes games as well as Photoshop--I'd say Office, but I won't be that unreasonable).

Bringing us to games, I would argue that the lack of an organized, coherent framework for media is hurting Linux as much as anything. Where's the DirectX equivalent? Where's the one-stop-shop-for-all-your-needs? Game developers aren't going to fuck around trying to find the best solutions for a project. On Windows, it's pretty much DirectX or bust because DirectX is good enough and convenient. Convenience cannot be underrated as a factor of importance. W

Re:Great!

[FishWithAHammer]

KDE 4 really isn't as bad as you're making it out to be. There are some changes I don't necessarily agree with, but all things considered I'm pleased with the direction it's taking and look forward to when the release a feature-complete version (4.2 is getting close, though!).

It is as bad, and I'm not going near it while the current bunch of idiots is running the show.

Your last sentence is kind of comical. Have you ever _read_ the Gnome mailing lists? If you want condescending, disdainful discourse, that's a great place to start.

The GNOME mailing lists are immaterial as long as they treat their users with respect in normal discourse. I don't care what assholes they are to each other. Meanwhile, KDE insists that "they don't need users." I have contributed to KDE applications in the past, and there are two 3.5 themes on KDELook that I have authored. Fuck 'em. They don't want users, they don't want me, because I'm a user first and a contributor second, and their hedging bullshit regarding "well, contributors aren't users" is unacceptable.

Fedora doing this since F9..

[gzipped_tar]

https://admin.fedoraproject.org/pkgdb/packages/name/fedora-ksplice

fedora-ksplice
Script Collection for Using KSplice on Fedora Linux

fedora-ksplice is a collection of shell scripts to use ksplice in a Fedora environment.

The scripts allow to prepare a kernel for use it with ksplice.

fedora-ksplice-prepare will download the source rpm of the current installed kernel. After this the kernel sources will be created in the rpm build directory. Additional the ksplice subdirectory with the System.map file will be created.

Fedora-ksplice-create will apply a patch given as an argument to the kernel sources prepared by fedora-ksplice-prepare.

Re:Fedora doing this since F9..

[Ambush+Commander]

That's a collection of shell scripts around the free software Ksplice tool that merely automates the task of downloading the Fedora kernel. (The Ksplice software has been released for over a year, and is also packaged in Ubuntu and in Debian, although the ksplice.com apt repo has newer versions.) Ksplice's Uptrack service is a way to automatically apply Ksplice updates that have been vetted for safety by the Ksplice developers, which is a much more convenient thing unless you like reading every kernel patch daily and testing the resulting Ksplice patch yourself.

Left are the Zombies..

[htiawe]

Now we need a ksplice for zombies instead of having to reboot to clear some of the nasty zombie processes.

Re:Left are the Zombies..

[onefriedrice]

Actually, it's simpler than that. A child process whose parent dies will be adopted by init immediately (not re-parented up the chain). If the process is a zombie (because of a bad-behaving parent process), removing the zombie is as simple as killing the parent, at which point init will adopt and reap the zombie because init always waits on its children. Running "telinit u" might make init reap the zombie quicker, but it will happen eventually anyway so that command is very much optional (and not recommended since zombies are harmless anyway).

Re:Left are the Zombies..

[MrNaz]

Zombies are not harmless! You obviously don't watch enough movies.

Re:Left are the Zombies..

[Tumbleweed]

Zombies are not harmless! You obviously don't watch enough movies.

Look, _clearly_ there are dangers inherent to zombies, but if YOU had watched enough movies, like, say, Shaun of the Dead, you'd realize they can be made into productive members of society (well, videogame consumers, anyway) if handled appropriately.

As the tshirt says, "Reduce - Reuse - Reanimate. Reduce our dependency on the funerary industrial complex." Get with the program!

Difference between Linux and Windows

[nmb3000]

This is something I've wondered for a while. Both Linux and Windows have the ability to modify images (executables and libraries) on the fly without rebooting, and most Linux updates do this but Windows usually doesn't. Now we're looking at not only that, but some pretty low level mucking around in the kernel, all while the machine is running.

I know partly why Microsoft doesn't normally do this for Windows, but why is it that Linux doesn't have the same problems described in that article? If you replace an executable you can restart it, sure, but what happens if you update libraries with various inter-dependencies?

Yes, rebooting is annoying, especially for important servers, but doesn't it make more sense to be 100% sure that the changes you're making aren't destabilizing the system (doubly for servers) than that few minutes of down time rebooting costs? Just wondering.

Re:Difference between Linux and Windows

[644bd346996]

Most of the people who would want to patch a system without rebooting aren't upgrading to get new features - they're applying security fixes, which seldom break binary compatibility. That makes it pretty safe to replace an in-use library. Once the update has been installed, you can restart the affected services on a schedule of your choosing, rather than have several minutes of complete downtime. I would expect that the reason this isn't attempted as often under Windows is that DLLs don't follow any system-wide rigorous versioning system like what most Linux package managers impose. This, and the presence of closed-source software, makes it much harder to do this with confidence under Windows.

Re:Difference between Linux and Windows

[Geoffreyerffoeg]

Well, let's look at the issues raised in the article.

Windows actually can replace a DLL that is in use by renaming the original then copying the new file into place. However, the Windows world prefers not to do this.

Ksplice updates the running code of your kernel (by waiting until no thread is using the function to be patched, then calling the kernel's stop_machine_run function -- the same thing it uses when loading a new module -- while it edits the object code); it doesn't touch your /vmlinuz file on disk. If you want the patches next time you reboot, either recompile /vmlinuz, or have an initscript (like Uptrack's) apply the patches at boot.

Even if you're updating just a single DLL with no dependencies, there are still potential problems since the DLL has to interoperate with previous versions of itself.

One reason Ksplice wins here is that it updates the kernel, which is a single thing, but more fundamentally it avoids this problem by atomically patching every piece of affected code at once. You could actually port the Ksplice technology to userspace, provided you do some userspace equivalent of stop_machine is and patch every process at the same time.

Even if you haven't changed the structure itself, you may have changed the meaning of some fields in the structure. If the structure has an enumeration and the new version adds a new value to that enumeration, that's still an incompatibility between the old and new.

Again, Ksplice has the advantage of updating everything atomically. But there is explicit support for having a hook to be called at patch time, that either updates all existing structures, or does something fancy to mark structures that have been updated, so you know that any unmarked structure needs to be updated before being used.

The Ksplice paper (PDF) outlines about how you'd go about writing a data structure transformer to address this (as well as talks about how to solve a host of other problems). See also the CVE evaluation, which links to some examples.

So it's not that Windows has to restart after replacing a file that is in use. It's just that it would rather not deal with the complexity that results if it doesn't. Engineering is a set of trade-offs.

which is why this engineering problem is not something Linus Torvalds personally does, but a separate company, Ksplice Inc., is working on full-time. :-)

Re:Difference between Linux and Windows

> Windows actually can replace a DLL that is in use by renaming the original then copying the new file into place. However, the Windows world prefers not to do this. Why?

Linux solves this with links. To pick a random example:

lrwxrwxrwx 1 root root 17 2009-06-21 19:04 /usr/lib/libqt-mt.so.3 -> libqt-mt.so.3.3.7
lrwxrwxrwx 1 root root 17 2009-06-21 19:04 /usr/lib/libqt-mt.so.3.3 -> libqt-mt.so.3.3.7
-rw-r--r-- 1 root root 7534253 2008-03-02 12:04 /usr/lib/libqt-mt.so.3.3.7

I'm showing here an output of ls. Say a program open libqt-mt.so.3. It gets 3.3.7. Now I install 3.3.8 while my programs are still running.

lrwxrwxrwx 1 root root 17 2009-06-21 19:04 /usr/lib/libqt-mt.so.3 -> libqt-mt.so.3.3.8
lrwxrwxrwx 1 root root 17 2009-06-21 19:04 /usr/lib/libqt-mt.so.3.3 -> libqt-mt.so.3.3.8
-rw-r--r-- 1 root root 7541660 2008-05-02 15:03 /usr/lib/libqt-mt.so.3.3.8
-rw-r--r-- 1 root root 7534253 2008-03-02 12:04 /usr/lib/libqt-mt.so.3.3.7

So when I install a package, all the new libraries get installed (and their dependencies) and after they are all installed, the symlinks get updated. If a program wants specifically 3.3.7 and is still using it, they can still have that. If they already have that library open, then it stays open. If a new program requests libqt-mt.so.3 then they get the new one.

The interesting thing in linux is that I can now delete libqt-mt.so.3.3.7. If there are any programs that have it open still, the OS will keep the file around. So only when the program quits will the file be really deleted.

For the other problems like:

> When you write code that communicates between processes, you generally expect that the same version of the code will be running in each process

Linux can never make that assumption in the first place, since you other process might not even be on the same machine (exported program) or it might be running in a scratchbox (a completely different environment) etc.

Interesting start

[ErikTheRed]

It's nice to see them running it on Ubuntu 9.04, but if they want to make money they should go after the LTS releases and SLES / RedHat.

Looks cool though.

Re:Windows has been doing this for 6 years

[Ambush+Commander]

Note: Not all security updates support HotPatching, and some security updates that support HotPatching might require that you restart the server after you install the security updates.

Yeah. Rebootless updates. Uh-huh.

Re:Windows has NOT been doing this for 6 years

I did read up on this (via your links) and discovered:

Note Not all security updates support HotPatching, and some security updates that support HotPatching might require that you restart the server after you install the security updates.

and

HotPatching is compatible with security updates that provide isolated fixes for individual functions. HotPatching is not compatible with security updates that update several interdependent functions.

    So Windows does not even theoretically support this to the extent of the ksplice offering and in practice I still (and have since it's release and for the forseeable future) have to reboot 2003 and more recent releases when I apply MS patches.

For you geeks that don't "need" 100% uptime...

[Ambush+Commander]

Ksplice is still pretty neat, and worth playing around with (it's very very quick: after installing it's a little like boom boom boom, patches are applied). It also means that you can keep a fully patched kernel without having to compile one yourself every time a new patch comes out; a little different from being rebootless, but eminently useful for us mere mortals.

Less that 20 second reboot.

[yourassOA]

Isn't that kinda the big thing with Jaunty other that the cooler looking login? They make the boot time real short and two months later "Oh hey you don't need to reboot." This is pointless.

Re:Windows has been doing this for 6 years

Well - that explains the reboots.

load of wank

[timmarhy]

if the fix affects a service i'm currently running, you still have to restart the service, so all this is doing is perpetuating the usual stupid uptime measurment of performance, which isn't indicative of the systems avaliablity.

get back to me when you have found a way to patch my network service without dropping the current open sessions, then i'll be really impressed.

Re:load of wank

[Geoffreyerffoeg]

Actually, Ksplice provides live patches. The ones Uptrack distributes are all to the kernel, and obviously not restarting the system requires not restarting the kernel.

The Ksplice technology itself is free software, and can be ported to userspace (but that hasn't been implemented yet by the Ksplice people). But if your network service is an NFS server or something, or you're fixing a security bug in the kernel, then Ksplice can apply it to a running system without affecting existing sessions / connections.

Re:load of wank

[Lennie]

This is about patching the kernel, it usually doesn't need to change the kernel structures, but it changes the functions. So it put the new function in kernel space and changes a pointer to the function. When doing this it temporarily slows down the kernel and calls the same function as is done when loading a module. That's what I think it does, but if you must know, read the PDF: http://www.ksplice.com/doc/ksplice.pdf

For all those that think this company is doomed because they released all their code as open source, let me tell you that they released the automated tooling, but the automated tooling could in the time they tested it (from the article last year) 'only' handle 84% of the time. All the other times, on average about 17 lines of code needed to be written.

I think it would be cool if the distribution makers actually paid this company to do these patches for the distribution-kernels. Although I guess that means something like Debian may be left out ? Then again, a little more then 80% isn't bad either. ;-) And I think I've read on lwn.net they have actually improved on that number in the past year, but I'm not sure. Anyway we also have kexec to shorted the reboot time.

Microsoft's excuse for not updating

[Mask]

After reading Windows Can but Won't I am still unimpressed. This article tries to hide a substantial feature preset in Linux but not in Windows. Call it a misfeature, a bug, an engineering decision or a precaution but, as it seems, Microsoft's filesystems do not support file removal well. If a DLL is in use you can't remove it without dire consequence, you are left with modifying the original file.

On Linux, you can remove the DLL without destabilizing running applications. This is because the file is unlinked from the directory structure, appearing as if it was removed, and the old file contents is still accessible to running applications. On Linux, an update mechanism can remove the DLL and put a new DLL in its place without affecting any running applications. Running applications continue using the old DLL, posing no substantial stability risk.

The Linux way isn't perfect either because running applications do not benefit from the update. Such an application will effectively use the old DLL until it is restarted giving a false sense of security. If an affected service is not restarted, then the computer is still at risk.

Fruity

[ancientt]

I hear this occasionally, that tomatoes are technically fruit, that something else is or isn't, so I took the time to look it up a year or so ago.

It turns out that the term fruit means "the ripened ovary of a flowering plant" and "Any sweet, edible part of a plant that resembles seed-bearing fruit, even if it does not develop from a floral ovary" and "a product of plant growth (as grain, vegetables, or cotton." (Wikipeida, Wiktionary, Merriam-Webster)

Interesting too, my first two references are driven by Open Source and pretty good, but for authoritative information, it is the closed source system of Merriam-Webster that I turn to.

I also checked out the OED definition: "1 the sweet and fleshy product of a tree or other plant that contains seed and can be eaten as food. 2 Botany the seed-bearing structure of a plant, e.g. an acorn. 3 the result or reward of work or activity. 4 informal, derogatory, chiefly N. Amer. a male homosexual."

Re:I don't think this is accurate

[ratboy666]

You would be correct. Linux isn't the first "hot patch" system.

Multics (1965) was designed for 24/7/365 operation, and could replace any component by design. Hardware or software.

http://www.multicians.org/

Re:The GPL states it is not a EULA

[Philip_the_physicist]

It seems to have been generally established that it is the uploader who is copying, not the downloader, at least from the RIAA cases (and similar ones outside the USA), where people are being sued for uploading files. IANAL, but I think the idea is that if you get a copy of something, you aren't expected to know if it is legit or not, and that it is the distributor who is harming the copyright holder, not the recipient.