Slashdot Mirror
A "Never Reboot" Service For Linux
An anonymous reader writes "Ksplice, the company based on the MIT Ksplice project, is now offering its 'never reboot' service for Red Hat, Debian, and other Linux distros. You subscribe and get real-time kernel security updates that apply in-memory instead of rebooting. Last summer we discussed the free service for Ubuntu. Cool tech, but will people really pay $4 a month for this?"
How long till they get sued by Microsoft?
http://www.google.com/patents?id=cVyWAAAAEBAJ&dq=hotpatching
..an using some Microkernel OS in which something like this would come as a well-controlled feature, we are using a monolithic kernel and self-modifying code?
Is $4 a month too much for the benefits of instant(ish) security patches and 24/7 kernel uptime, I don't run any dedicated servers, but if i had a couple i wanted to setup and leave for years serving content without worrying about them I wouldn't mind paying ~20GBP to almost forget about a ubuntu LTS/RHEL install with autoupdates.
Would someone smarter than me please explain what is so evil about rebooting now and then?
If you want news from today, you have to come back tomorrow.
Stating the obvious, yes, they are.
But third-party companies are under no obligation to offer their products and/or services for free, and this is a service of a third-party company (Ksplice).
If there is a demand for this service, plus an unwillingness to pay Ksplice for it, it's entirely possible (and likely) that someone will come along and offer an open source equivalent. But until the itch is scratched, Ksplice is perfectly within the right to offer the service at a cost.
Immortality baby! Immortality!
UNIX? They're not even circumcised! Savages!
Maybe if it was almost 497.1 days:)
Those who do not perform scheduled reboots of their servers do not know whether their servers will come back up properly after unscheduled reboots. How often have you seen someone add a service to a machine which becomes a critical part of your infrastructure then they forget to add it into the RC system?
Color me stupid but wouldn't any application in which you'd rather not be rebooting (i.e. Router, firewall, file server, etc...) be the exact same application in which you'd NEVER want some 3rd party having access to your kernel? I mean, if a large percent of distros were using this I can just imagine it would be the A#1 target for every malicious coder in the world.
But couldn't this still have the potential to pork your system and force a reboot? Wonder what their policy is on that...
Not expensive if the technology works. My time is more valuable and down servers cost money. The cost is paltry in comparison.
The occasional reboot, under controlled circumstances, is an excellent test of what will happen in an emergency situation. Mainly, it answers the question of whether the server and required services actually will all come back up by themselves.
In Britain we burn faggots (or eat the offal variety) not try and install an OS on them.
WEIRDO!
I've said it before, and I'll say it again:
Just because it's free software, doesn't mean that it's afraid of money.
Kid-proof tablet..
Anyone else notice they do not support windows, but the Windows Update dialog is the most prominent in the background image?
99% of people I've seen bragging about long up-times tend to have perfectly patched and up-to-date OS installations on disk, and a dozen vulnerabilities still loaded into memory. And I'm not talking just about the OS kernel.
If you don't know exactly what an update touches, just reboot.
Because I can’t imagine a easier way to obtain an instant-botnet, than to “spice” such a patch. ;)
By the way: Who came up with remote updates? Why not just compile the kernel locally, like normal people do, and then use a special patching tool?
Any sufficiently advanced intelligence is indistinguishable from stupidity.
"FREE" as in "you are free to obtain the software and its source and do with them what you wish" unlike non-free software that has restrictions on its use and no access to the source code.
"Cool tech, but will people really pay $4 a month for this?"
Depends. If it's your laptop, I suspect the answer is no. If it's your server farm, I suspect the answer is yes.
As an aside: Novell used to run contests to see who had the server with the greatest uptime since its last boot. Best one I ever saw was the Netware server that ran so long that everyone forgot where it was and it was accidentally walled-up inside a closet. Wouldn't it be great if the Linux community could run this type of contest? :)
Regards;
If it weren't for companies like Redhat, Mandrake (Mandriva), (pre-Darl) Caldera, and Novell trying to find ways to convince people to pay for "free" software, how likely do you think it is that we would have a useful Linux today?
The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
I don't really personally see any use of such service. If you need FT or HA system you need to design it as such from ground up. In this case paying 4 bucks just solves some problems with rebooting after kernel upgrade. I dont have problem with that. I just reboot in next service window. In normal situation mission critical systems have some sort of redundancy not only to cope with planned service reboots but with other unplanned disasters. So usually you have a N+1 redundant cluster in which you can reboot the servers using some procedure that was worked out while DESIGNING the system. Also I see quite few security issues with patching the kernel this way. In mission critical services you usually do test everything before rolling it out to the systems so using such feature just makes things more complicated (that just simply reboot the machine with my current procedures).
I cannot find anything about security details on their webpage. They state "Ksplice Uptrack uses cryptography to authenticate the update feed.". So what? Fedora also used cryptography and once their servers got rooted the whole chain collapsed. So if I was to use their service I wish to know how exactly their security is implemented since I would be getting kernel patches (quite critical stuff) from them. At least with RHEL I know a about their security procedures (quite rigorious). From support point of view. Does f.e. Red Hat or Oracle support systems patched this way?
It is a nice feature but IMO not suitable for enterprises yet.
but telling people to check their email when their mail server is offline probably doesn't work for them.
Boffoonery - downloadable Comedy Benefit for Bletchley Park
I sure know a lot of people pay a lot more than $4 per month for "Uptime!"
This sounds more like a Microsoft solution than a Linux solution. $48 a year is exactly $48 more than I paid for my OS. But the question is: Are we so lazy that we will pay $48 a year to not have to reboot the system? I mean lay down and take a break while its rebooting and you'll be fine.
Linux is a service now?
A lot of people will think that, and it's competitors won't do anything to counter it.
"If you want the most stable version of Linux, its 4 dollars a month? And they have the nerve to call it free. After purchases Windows 8, all the patches and upgrades are free for at least 3 years."
The Kruger Dunning explains most post on
If you can't reliably restart your server on your own schedule, what makes you think it will gracefully restart when something happens that you can't control?
Well-controlled live changes are not inherent to microkernels. Monolithic design does not preclude well-controlled live changes; all you need is persistent memory and a kernel that can resume operation on that memory. Stage the new kernel and switch. This has been done for HA systems.
Can one argue that microkernels are more amenable to well-controlled live changes? Perhaps.
That's the best you can say about it. The rest is a fiction that exists exclusively in your head.
I'm not afraid of money.
I'm afraid of some startup jokers - possibly funded by TLA's - taking my money to 'root' my servers!
"Flyin' in just a sweet place,
Never been known to fail..."
I would not trust such a service. Just because a kernel can be upgraded in place doesn't necessarily guarantee that same kernel configuration will be able to boot your system in an outage. Something like a messed up GRUB configuration won't be spotted until you actually try to restart your system. I think part of a regular maintenance strategy is being able to restart your servers and make sure everything is configured to come back up automatically. The last thing you want to is to be trying to figure out what's wrong with your boot config when you have an unplanned outage.
Good work KDE, will gnome come up with Gsplice?
This sig sucks.
I was in H.S. in my pc repair/networking class (it was technically a 2 year 3 hour every day class). We had our "learning" novell server, and our 'production' novell server. The Production server was up for right at 6 years before we ended up replacing the entire system with Linux. The learning server got rebooted more often than I care to think about... But the real point is thus: Find me a Linux distro that won't crash for 6 years straight running the printserver/fileserver/ftp server/etc. with a bunch of 16-18 year old children "administering" it... I think the ability to update the kernel on the fly like this is interesting. I'd be more interested in a service that let me pick and choose the patches/etc. to determine if they work in my environment properly or not.. but 4 dollars a month for not having to reboot the system... I'd pay it *shrug*... Granted, the original point still remains that in the end this is worthless because outside of home-hacked/custom-built shit, or a true UNIX with a major support contract, there hasn't been a system since Netware that would run like that for that long w/o a reboot.
Years - I mean years - ago I was doing hot patches to Sun boxes that needed to stay up forever no questions.
Enter the mid 00's, when the cloud became useable. Enter the late 90s, when Beowulf made computational clustering with commodity products trivial. MCServiceGuard from...whatever year, etc etc etc.
Point is, anything that someone thinks is so important that they want to never reboot a system...should have 2 systems that cost half as much each running as a high-availability app cluster. Anyone with any sense knows that it is supposed to be a service that is always available, not a server. Patch it and reboot it, ya goofball. Let your load balancers and app clusters take care of the temporary loss of one of your servers. Why is this even a question? What semi-decent app doesn't have HA built in to it these days?
After all, $4/mo is pretty cheap to have a better chance of winning the BOFH penis length... er... uptime contest...
I know of a VMS system with over 150,000 hours of uptime. An old VAX 750 that just keeps running... handles satellite ephemeris data.... special solid state disks...
Makes me wonder if there's any PDP 11's in industrial apps that have just never been turned off, and long ago overflowed their uptime counters.
Patch that!
I like my neckbeard thank you very much; it keeps me warm in the server room (the servers run linux btw). And no, I don't think that applying patches to the kernel on a live production machine is typically a good idea. Sorry if that makes me a worrywart.
Get a web developer
Easier to read explanation: http://www.linux-magazine.com/w3/issue/95/052-054_ksplice.pdf. In short: it's all done with clever (Mario style) trampoline jumps.
I think the proper application of HALinux Heartbeat obviates the need for keeping a machine alive forever. There are going to be ECC parity errors that are going to take the machine down. Replacing kernel parts on-the-fly is a good ideal, though, but a higher-level view suggests that's not the real challenge for 99.999% uptime.
Kriston
If you don't know exactly what an update touches, just reboot.
Gonna be O.K,
Dah dah duh duh,
Just reboot!
The kernel babe,
Duh duh duh duh
Just reboot!
Re-re-re-re-boot...
First Microsoft is not very eager to sue anyone, second this is totally different mechanism, third Microsoft patent is an old technology - very old because it describes what we did in OS/360, OS/370 operating systems and applications a long, long time ago. Patching memory was (sometimes!) a daily routine for local systems programmer - updating live 24x7 production systems is/was fun but scary!
Anyhow - $4 is cheap when someone is doing the pre-work for you. Actually - the more modularized / structured Linux (Linux == kernel!) gets, the easier it is to support dynamic / online updates with no interruption. There are systems where you can do it already, even all(?) Unix systems allow you to change the whole object in flight if the application is written for it. Actually I designed a while ago one for Windows, load new object, kill the old and the new is automatically used for next call / request / whatever. Tandem Pathway is one very good example, Erlang as a language and a system supports it, systems with failover to another cpu / node have always supported it since Datasaab "non-stop" system from (I think?) early 70's (Cobol kernel!)
Now, giving the "skills" of current "systems programmers", I'm not sure that real time patching is a good idea? Right or wrong, today the "hard" skills, understanding operating systems, their interactions with hardware and applications, etc is very rare! Not a person problem but the documentation, the trust on products / manufacturers / providers, etc are killing the low level skills even the computers handle zeros and ones the same way as day one. And unfortunately the same problems on high level - miracle products will solve all the problems / providers and manufacturers know my problems better than my experienced employees - and I have a bridge to sell!
For home machines or desktop machines, the occasional reboot for patches is not problem.
For servers, you want to reboot after any significant change to the code running on your system, to verify the change didn't break booting. It is very annoying when a server fails to start properly after a power failure or the replacement of broken hardware, and it turns out to be due to a change someone made weeks or months ago.
It drives me crazy to see this.
Memory holes and latency go up with age on Windows.
Mainframes stay up for years and so does my themastat, DVR, and most electronic devices like it should.
http://saveie6.com/
I know at least one company which will implement it. They are a movie/video studio with a huge queue and they run Da Vinci colour correction system which runs on Linux.
Of course, machine is totally disconnected from real world (to the degree of sealed USB ports) but they could use the performance and stability enhancements of the newer kernels.
I just paid $3 for monthly last.fm service, a freaking jukebox. Some companies pay $1 M/year to IBM for Z/OS which uptime is one of the advantages... I don't understand how $4 really surprises people.
It (offering services) is in fact the GNU's answer to "How will developers make money?" question. You can even make money from your own special kernel compilations as long as you share your knowledge.
Will it also recompile my video drivers without needing to stop X?
Think of security patches for 24/7 production servers, or even servers that are only critical during office hours. Do not think pc's.
So, to get this straight: My production servers that should have as much uptime and stability as possible are going to have their kernel updated willy-nilly by a third party several times a day because I'm too STOOPID to devise my own HA solution, choose which kernel updates are appropriate and find out where can I reboot a critical server, or group of them. Yippiee hee haw! Count me in! I'm an idiot! where do I sign? It's so cheap! No more hassles! Customizable and user-friendly!
I can see banks, hospitals, oil drilling platforms, the IMF and their cousin jumping into it. Why oh why didn't I think of that BEESHNUSH MODELL before?
SHEESH! I hope they crash and burn (their client's servers and that stupid company).
...something like 20 years ago? What ever happened to the GNU OS?
http://forums.techarena.in/windows-update/984365.htm ' SP3 hangs at "Running Processes After Install" '
explorer.exe != iexplore.exe
please explain ?
Mental! I understand the need for ksplice, but would you trust a third party to "patch" your kernel for "security" flaws?
Free as in speech. not necessarily as in beer.
The newer versions of OpenSUSE use Ksplice during the installation process to switch from the kernel used on the boot CD to the kernel recently installed on your system. It's an unbelievably cool concept to patch a kernel as it's running in memory but in my experience it's not incredibly stable. I've installed 11.1 at least five times and watched the system crash at least three times during the ksplice process. It's not a big deal to me because rebooting the system lets me finish up the install, but the ksplice feature is one that I've always considered to be experimental.
I went to eat some animal crackers and the box said, "Do not eat if seal is broken." I opened the box and sure enough..
Features like this should have been integrated into Linux and Windows years ago....if they cared enough to do it.
The original company named "SCO" was the Santa Cruz Organization. They are now called Tarantella.
The Linux company formerly known as "Caldera" is the one that bought the rights to some stuff old-SCO owned, changed their name to "The SCO Group" and started sueing IBM and Novell and threatening everybody else. Thus guaranteeing their slow and painful destruction.
I don't really care what you guys say. I've been using ksplice on several servers and desktops and it simply kicks ass.
You use slashdot, google, and so forth, right? You use akamai for practically every major web site (including Microsoft.com, Apple.com, and so forth) without even knowing it. Your router probably runs linux, and even some cars are running it now. When you fly, there is an increasingly large chance that the avionics helping your pilot navigate cross-country runs Linux (Linux is rapidly growing in the avionics field).
I know I'm only feeding the troll, but the AC can't deny that Linux has proven its usefulness and stability far above and beyond what Windows has proven. The only drawbacks it has is that installers still have some level of dependency hell (but it's better than DLL Hell which still exists to some extent) and drivers are still lacking in a few areas, notably wifi, bluetooth, and custom appliances (for my example, I'll mention embroidery machines).
The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
faggots have offal in them? I thought it was just minced pork or something like that. (I can hardly search from work or I'd check thei nternet myself)
If you can't see the value in jet powered ants you should turn in your nerd card. - Dunbal (464142)
Since when has Linux ever become useful? And useful is defined beyond the needs of a bunch of neckbeards.
Flamebait? More like "funny"...
Indeed, since when has Linux ever become useful?
I think it may have been sometime around... 1994 with maturing NCSA httpd? At least Linux became useful by the time web became useful for people beyond a bunch of neckbeards, ie. in the 90's for sure.
I have a Centos server with over 1180 days of uptime, and another of 760.
They are both thrashed pretty heavily by being used as data processing servers and the 760 days one (which has a quad Xeon with 16GB RAM) was used today to perform a MySQL load test and got to 321,000 queries per second when referencing tables with over 100 million rows, running at a load of 5-6.
Never rebooting eh ? Make sure you are using ECC memory...
http://lambda-diode.com/opinion/ecc-memory
The method is exactly the same. I had a long discussion with ksplice guy at Eurosys 2009, where it was first presented.
Anyways, I do not see any reason MS would sue them... in fact, MS would love to see such a thing go into Linux main stream. Then it would say.. linux now violates 265++ patents.
I'm afraid of some startup jokers - possibly funded by TLA's - taking my money to 'root' my servers!
That's reasonable. What's also reasonable is for you to then not give them your money and not use their services.
No idea why that was so hard...
Why would you want to pay $3/month for a service when this should be a built in feature of the operating system? Maybe they should just hack the OS up into services and sell them to customers. Want multi-core support? That's another $3/month! Fuck services.
How you do it: - you separate your carrier servers from application servers. - Whenever you need to upgrade an application, you mark one application server after another as "out of service", so that new calls are not routed there. As soon as the last call leaves the application server, you could do whatever you want with it, reboot it or hammer it - your choice. - Carrier servers do not need updates as frequent, as they need reboots, so the problem is not really there to begin with.
Linux is useful?