Ksplice Offers Rebootless Updates For Ubuntu Systems

sdasher writes "Ksplice has started offering Ksplice Uptrack for Ubuntu Jaunty, a free service that delivers rebootless versions of all the latest Ubuntu kernel security updates. It's currently available for both the 32 and 64-bit generic kernel, and they plan to add support for the virtual and server kernels by the end of the month, according to their FAQ. This makes Ubuntu the first OS that doesn't need to be rebooted for security updates. (We covered Ksplice's underlying technology when it was first announced a year ago.)"

GPL "terms of service"?

[innocent_white_lamb]

They appear to be releasing this licensed as GPL v2, but they have a "terms of service" click-through, according to their screenshot.

That doesn't give me great confidence that they really understand the GPL....

The technology looks pretty cool, though.

Re:GPL "terms of service"?

[Ambush+Commander]

So, they're doing the common "commercial open source" thing where the software (the application, the kernel patcher) is open source, but it's also tied to a service (the actual kernel patches) which is not so (free for Jaunty, but if you want a different kernel you'll have to pay Ksplice for support). So the Terms of Service applies to the service, which is really quite sensible.

Re:GPL "terms of service"?

[KDR_11k]

Some installers are simply built to force an EULA on the user so programs that use those are tempted to put something like the GPL in there.

Re:GPL "terms of service"?

[_Sprocket_]

In the broadest strokes, the GPL isn't that different from a EULA.

In the broadest strokes, an apple isn't that much different than an orange.

Re:GPL "terms of service"?

DLA != EULA The GPL is a Distributors License Agreement not an End User License Agreement.

Re:GPL "terms of service"?

[_Sprocket_]

No kidding. This thread and the original topic is like apples and oranges.

Re:GPL "terms of service"?

[_Sprocket_]

Kinda makes that whole "comparing apples to oranges" argument pretty stupid sounding.

Right up to the point that you bake a pie.

Re:GPL "terms of service"?

[x2A]

It's not even tangerinely related?

Re:GPL "terms of service"?

[iggymanz]

this thread is really persimmony off.

Fedora doing this since F9..

[gzipped_tar]

https://admin.fedoraproject.org/pkgdb/packages/name/fedora-ksplice

fedora-ksplice
Script Collection for Using KSplice on Fedora Linux

fedora-ksplice is a collection of shell scripts to use ksplice in a Fedora environment.

The scripts allow to prepare a kernel for use it with ksplice.

fedora-ksplice-prepare will download the source rpm of the current installed kernel. After this the kernel sources will be created in the rpm build directory. Additional the ksplice subdirectory with the System.map file will be created.

Fedora-ksplice-create will apply a patch given as an argument to the kernel sources prepared by fedora-ksplice-prepare.

Re:Fedora doing this since F9..

[Ambush+Commander]

That's a collection of shell scripts around the free software Ksplice tool that merely automates the task of downloading the Fedora kernel. (The Ksplice software has been released for over a year, and is also packaged in Ubuntu and in Debian, although the ksplice.com apt repo has newer versions.) Ksplice's Uptrack service is a way to automatically apply Ksplice updates that have been vetted for safety by the Ksplice developers, which is a much more convenient thing unless you like reading every kernel patch daily and testing the resulting Ksplice patch yourself.

Left are the Zombies..

[htiawe]

Now we need a ksplice for zombies instead of having to reboot to clear some of the nasty zombie processes.

Re:Left are the Zombies..

[onefriedrice]

Actually, it's simpler than that. A child process whose parent dies will be adopted by init immediately (not re-parented up the chain). If the process is a zombie (because of a bad-behaving parent process), removing the zombie is as simple as killing the parent, at which point init will adopt and reap the zombie because init always waits on its children. Running "telinit u" might make init reap the zombie quicker, but it will happen eventually anyway so that command is very much optional (and not recommended since zombies are harmless anyway).

Re:Left are the Zombies..

[MrNaz]

Zombies are not harmless! You obviously don't watch enough movies.

Difference between Linux and Windows

[nmb3000]

This is something I've wondered for a while. Both Linux and Windows have the ability to modify images (executables and libraries) on the fly without rebooting, and most Linux updates do this but Windows usually doesn't. Now we're looking at not only that, but some pretty low level mucking around in the kernel, all while the machine is running.

I know partly why Microsoft doesn't normally do this for Windows, but why is it that Linux doesn't have the same problems described in that article? If you replace an executable you can restart it, sure, but what happens if you update libraries with various inter-dependencies?

Yes, rebooting is annoying, especially for important servers, but doesn't it make more sense to be 100% sure that the changes you're making aren't destabilizing the system (doubly for servers) than that few minutes of down time rebooting costs? Just wondering.

Re:Difference between Linux and Windows

[644bd346996]

Most of the people who would want to patch a system without rebooting aren't upgrading to get new features - they're applying security fixes, which seldom break binary compatibility. That makes it pretty safe to replace an in-use library. Once the update has been installed, you can restart the affected services on a schedule of your choosing, rather than have several minutes of complete downtime. I would expect that the reason this isn't attempted as often under Windows is that DLLs don't follow any system-wide rigorous versioning system like what most Linux package managers impose. This, and the presence of closed-source software, makes it much harder to do this with confidence under Windows.

Re:Difference between Linux and Windows

> Windows actually can replace a DLL that is in use by renaming the original then copying the new file into place. However, the Windows world prefers not to do this. Why?

Linux solves this with links. To pick a random example:

lrwxrwxrwx 1 root root 17 2009-06-21 19:04 /usr/lib/libqt-mt.so.3 -> libqt-mt.so.3.3.7
lrwxrwxrwx 1 root root 17 2009-06-21 19:04 /usr/lib/libqt-mt.so.3.3 -> libqt-mt.so.3.3.7
-rw-r--r-- 1 root root 7534253 2008-03-02 12:04 /usr/lib/libqt-mt.so.3.3.7

I'm showing here an output of ls. Say a program open libqt-mt.so.3. It gets 3.3.7. Now I install 3.3.8 while my programs are still running.

lrwxrwxrwx 1 root root 17 2009-06-21 19:04 /usr/lib/libqt-mt.so.3 -> libqt-mt.so.3.3.8
lrwxrwxrwx 1 root root 17 2009-06-21 19:04 /usr/lib/libqt-mt.so.3.3 -> libqt-mt.so.3.3.8
-rw-r--r-- 1 root root 7541660 2008-05-02 15:03 /usr/lib/libqt-mt.so.3.3.8
-rw-r--r-- 1 root root 7534253 2008-03-02 12:04 /usr/lib/libqt-mt.so.3.3.7

So when I install a package, all the new libraries get installed (and their dependencies) and after they are all installed, the symlinks get updated. If a program wants specifically 3.3.7 and is still using it, they can still have that. If they already have that library open, then it stays open. If a new program requests libqt-mt.so.3 then they get the new one.

The interesting thing in linux is that I can now delete libqt-mt.so.3.3.7. If there are any programs that have it open still, the OS will keep the file around. So only when the program quits will the file be really deleted.

For the other problems like:

> When you write code that communicates between processes, you generally expect that the same version of the code will be running in each process

Linux can never make that assumption in the first place, since you other process might not even be on the same machine (exported program) or it might be running in a scratchbox (a completely different environment) etc.

Re:Windows has NOT been doing this for 6 years

I did read up on this (via your links) and discovered:

Note Not all security updates support HotPatching, and some security updates that support HotPatching might require that you restart the server after you install the security updates.

and

HotPatching is compatible with security updates that provide isolated fixes for individual functions. HotPatching is not compatible with security updates that update several interdependent functions.

    So Windows does not even theoretically support this to the extent of the ksplice offering and in practice I still (and have since it's release and for the forseeable future) have to reboot 2003 and more recent releases when I apply MS patches.

Less that 20 second reboot.

[yourassOA]

Isn't that kinda the big thing with Jaunty other that the cooler looking login? They make the boot time real short and two months later "Oh hey you don't need to reboot." This is pointless.

Re:Great!

[darkpixel2k]

I can see it now... "Kid. This was your fathers laptop. Cherish it as he did. It currently has just over 6 decades of uptime. With any luck, you'll be able to reach 13 or 14..."

Re:Great!

[Shikaku]

What more do you want? Specific examples are key if you actually do care about trying to fix the UI.

Out of the box after you install Ubuntu from the LiveCD, by clicking the Applications (you know, the things you run?) menu:

Firefox: Good internet browser.

Evolution: Email client and reminders.

Tomboy (oops it uses mono): Keep track of notes, can load specific notes for a day. Helpful for Todo lists.

Calculator: Normal 4 function calculator with scientific mode if needed.

CD/DVD Burner: works well.

Screenshot Tool: press printscreen, save picture. Much better than Windows where you press the printscreen button and open up Paint to save it.

Pidgin: All in one IM client. Very customizable.

OpenOffice Word: can open all MS Office documents and is a good Office clone.

Rhythmbox Music Player: Keep track of music, works with lots of USB MP3 players (including iPods).

Totem Movie Player: Limited at first, but when you can't play something, it will prompt you to install the needed codec.

Add/Remove: Miles ahead of anything MacOSX and Microsoft has EVER done. Takes care of everything FOR you: downloading, updating, installing, etc. Just search for what you want through the left side or in the search tab.

It's so easy my girlfriend uses it by herself.

Drivers are handled automatically out of the box. No other OS can actually brag about having the highest device support. If it does not work instantly, chances are there will be a prompt to download and install the driver.

The only issues I think are the most common AND frustrating are installing WiFi drivers through ndiswrapper (ndiswrapper is finicky, but when you get it working it works perfect), relearning all the programs you want to use to do the same things you want to do, Windows games and using Wine, and the fact you will have to do a lot of Googling to do advanced stuff. Luckily more and more WiFi cards are being supported out of the box and Wine is getting much better.

Oh, and it's all free.

Microsoft's excuse for not updating

[Mask]

After reading Windows Can but Won't I am still unimpressed. This article tries to hide a substantial feature preset in Linux but not in Windows. Call it a misfeature, a bug, an engineering decision or a precaution but, as it seems, Microsoft's filesystems do not support file removal well. If a DLL is in use you can't remove it without dire consequence, you are left with modifying the original file.

On Linux, you can remove the DLL without destabilizing running applications. This is because the file is unlinked from the directory structure, appearing as if it was removed, and the old file contents is still accessible to running applications. On Linux, an update mechanism can remove the DLL and put a new DLL in its place without affecting any running applications. Running applications continue using the old DLL, posing no substantial stability risk.

The Linux way isn't perfect either because running applications do not benefit from the update. Such an application will effectively use the old DLL until it is restarted giving a false sense of security. If an affected service is not restarted, then the computer is still at risk.

Re:Great!

[smallfries]

Watched Pulp Fiction too many times but I can't help but read that in a Christopher Walken voice and expect you to continue:

"when he was shot down over Hanoi he had this laptop with him..."