No More Need To Reboot Fedora w/ Ksplice

An anonymous reader writes "Ksplice, the technology that allows Linux kernel updates without a reboot, is now free for users of the Fedora distribution. Using Ksplice is like 'replacing your car's engine while speeding down the highway,' and it can potentially save your Linux systems from a lot of downtime. Since Fedora users often live on the bleeding edge of Linux development, Ksplice makes it even easier to do so, and without reboots!"

Awesome!

[mark72005]

But do the windows "snap" to one side of the screen? See? Simple! ($100 please)

Re:Awesome!

[armanox]

They've done that for years.

Re:Awesome!

[mark72005]

uh. whoosh.

Re:Awesome!

[AhabTheArab]

That was MY idea. I thought of it on my own and e-mailed Microsoft to tell them to make my PC simpler - and you know what? They did!

Re:Awesome!

[orient]

In Mandriva they do.

Re:Awesome!

[PixelSlut]

Swing and a miss.

Re:Awesome!

[numbski]

Ah, so Windows 6.1^H^H^H7 is all *your* fault!

Re:Awesome!

[Spugglefink]

yes they do. in kde. seriously.

Not really. Kill and restart plasma-desktop once a week or so, and maybe log all the way out and back in every couple of months. I agree the new KDE is not stable enough to run indefinitely, but it doesn't take the entire system down when it screws up, and only a few components are notoriously unstable. I've been running the same KDE login since early May. FWIW.

Hmm...

[jgagnon]

Changing your car's oil while driving down the highway could be tricky, too.

Re:Hmm...

All you gotta do is have a skateboard, a rope, a small person, and a lot of oil. Rope goes around the skateboard, small person goes on the skateboard, passenger opens hood, you look out the window and drive, passenger opens the oil and starts pouring as fast as he can, small person opens the drain while under the car, oil drains out and passenger keeps pouring until the oil leaking out goes from black to bronze. Wha La, a moving oil change. Think outside the box like this guy did.

Re:Hmm...

[by+(1706743)]

Actually, with a dry sump and a clever dual-oil filter setup, this probably wouldn't be too hard. Granted, it wouldn't change all the oil -- only the oil in the reservoir + filter.

Re:Hmm...

It's voilà. How hard is it to not look like a moron?

Re:Hmm...

[jgagnon]

You're supposed to spell that "moran" when calling someone else stupid.

Re:Hmm...

[TheRaven64]

Thanks for the clarification. Wha La isn't even close to being phonetically correct, so I wasn't sure that was what the grandparent meant.

Re:Hmm...

[MightyYar]

Idgit.

Re:Hmm...

[ScrewMaster]

Thanks for the clarification. Wha La isn't even close to being phonetically correct, so I wasn't sure that was what the grandparent meant.

Something like "vwah lah", maybe.

Re:Hmm...

[zaba]

It's voilà. How hard is it to not look like a moron?

Just because Star Trek did it ("to boldly go") does not mean you should split infinitives, especially when bagging on someone else's intelligence.

Just sayin'...

Re:Hmm...

[tuxgeek]

Changing your car's oil while driving down the highway could be tricky, too.

No problem .. but can you rotate your tires while driving down the road?

Re:Hmm...

[deek]

As much as I hate to weigh in on a grammar nazi thread, using a split infinitive is not necessarily incorrect.

http://en.wikipedia.org/wiki/Split_infinitive#Current_views

If the meaning is obvious and unambiguous, let it be, I say.

Re:Hmm...

[Sulphur]

My tires always rotate while driving down the road. If you had an axle up your ____, you would rotate too.

Re:Hmm...

[JWSmythe]

    But it would be correct in French for the feminine version of "a", "the", "her", or "it", depending on the word it was before. Wha? I have no idea. Maybe it was a "What the fuck", sometimes simply said phonetically as "wha tha?!" Or maybe English is a second language for him, and Yoda is his first. :)
   

Re:Hmm...

[Inzkeeper]

Yes! See the last half of this video:
http://www.youtube.com/watch?v=Kq_fVpPFQOI

Re:Hmm...

[zaba]

I actually agree with you, and I wasn't trying to be a grammar nazi. It was just amusing to me that an A.C. (who, granted, was replying to an A.C.) would give someone grief about... I dunno... ANYTHING regarding language and then split an infinitive.

After reading the wikipedia entry, I am even more amused for this reason:

Splitting infinitives with negations remains an area of contention:

        I want to not see you anymore.
        I soon learned to not provoke her.

Even those who are generally tolerant of split infinitives may draw the line at these.[10]

The fact that A.C. #2 even decide to respond and then split an infinitive with "to not" whatever... The point IMHO would have been better made if A.C. said

"Is it really that hard to look like a moron?"
"How hard is it to sound smart?"
"Can you you sound like more of a moron?"

et cetera, ad nauseum and so forth...

Conversationally, I am sure I split infinitives all of the time. I don't really care one way or the other. It's just the "to not" that always sticks out, whether I am reading, writing or talking.

With that, I promise to not comment on this thread again.

(You see what I did th...yeah, I am sure you did.)

Now this is even more applicable

[MrEricSir]

http://www.imagepoop.com/image/660/I-Reboot-As-Much-As-I-Get-Laid.html

Re:Now this is even more applicable

[0100010001010011]

Well it's an old technique actually. kexec have been there for ages.

How does this compare to kexec actually? I've been using it for a long time on all my Debian machines and while it's not 'instant' skipping all the BIOS, it's damn fast.

Re:Now this is even more applicable

[quercus.aeternam]

kexec restarts the entire software stack while leaving hardware running.

From what I can tell, ksplice does not require a software restart or hardware restart. This isn't explicitly stated, but it is implied by the usage instructions: http://www.ksplice.com/uptrack/using

Re:Now this is even more applicable

[RulerOf]

I imagine that the kernel is upgraded without ever actually stopping. Kexec actually switches the CPU from long or protected mode back down to real mode and then invokes your new kernel. It's a particularly neat trick for acquiring or manipulating any BIOS based x86 system with a Linux kernel prior to invoking NTLDR or the Windows Boot Manager.

A fellow named John Stumpo wrote a Windows driver called WinKexec for doing a Kexec from Windows. I compiled it but never did get it to work. Something about the INT10(?) calls seemed to make my test systems hate life :P

Re:Now this is even more applicable

The uptime obsession is crazy. Rebooting once in a while is useful, if only to see that you can still get everything running again from a complete stop. Kernel updates in particular can cause all kinds of problems at boot time. If you don't check the boot sequence, you'll almost certainly have forgotten what you changed that killed your cold boot ability when you need it for some other reason (moving servers, power failure, hardware upgrade, ...).

Re:Now this is even more applicable

[adisakp]

I Reboot As Much As I Get Laid

Man, that would be great for Windows users - not to mention they would *REALLY* look forward to Patch Tuesday.

Re:Now this is even more applicable

[rcamans]

I like to live dangerously. I'd even let this guy date my daughter.
No, wait, that is the safest thing I could possibly do.
Nevermind

Re:Now this is even more applicable

[ScrewMaster]

They actually recompile de deltas between kernels as separate modules.

Defeat of deduct went over defense before detail.

Re:It's free?

[jgagnon]

Slight motto change:

Free as in prostitute.

Scary analogy

[Xest]

"Using Ksplice is like 'replacing your car's engine while speeding down the highway,'"

So in other words it's something you'd never want to risk doing because it'd almost certainly cause a crash?

I think they should've thought about a different analogy for this one...

Re:Scary analogy

Using Ksplice is like changing your tampon while speeding down the highway

Re:Scary analogy

[EkriirkE]

It makes a bloody mess? I don't know about that...

Re:Scary analogy

[natehoy]

True. The in-place kernel upgrade is somewhat safer than their analogy might imply, but it does lead to an interesting point. Why would you want to do this?

Personally, I'm OK with having to reboot my Linux machine when I change kernels, mostly because it's the only time Linux DOES ask me to reboot. To be fair, Microsoft and especially third party Windows software vendors have gotten a lot better about this in the last few years, so infrequent need to reboot is now a pretty solid feature on both Windows and Linux.

In any case, when I get a new kernel, I can install the new kernel and continue running along on the old one as long as I wish to, then reboot to apply the new kernel at a convenient time. Rebooting Linux Mint takes less than a minute from powerdown to login, and I know I haven't run into any risky process locks or anything during the upgrade process. Plus, I like the fact that the "older" kernel is always available to me on the boot menu in case something goes horribly wrong with the new one.

But I'm not all that uptight about "uptime". It's a home computer. If I have to reboot it once a month or so to apply the latest kernel, I'll reboot it. For my purposes, I don't see any added value for the extra risk (however slight) an "in-place upgrade" would introduce.

If I were running a "must be up 24/7" machine, I could see this as a benefit, but chances are at that point I've load-balanced a couple of machines and the cluster can stand a "rolling reboot" of the machines far better than it could stand a botched upgrade.

I still love the idea, and applaud the folks who managed it, but I don't think I see a real reason for it other than "wow, that's pretty nifty". It doesn't seem possible without introducing at least a little bit of risk, and it doesn't seem that the people who would really need it would be all that tolerant of the risk.

Re:Scary analogy

[Spad]

They should have stuck with their original slogan: "Using Ksplice is like updating your kernel without rebooting"

Re:Scary analogy

[Kjella]

Well let's be honest here, the risk/gain isn't exactly working out for stable enterprise uses. They want people that can show off all the crazy things you can do with a computer and are willing to risk that their machine could go down. If they get it working for enough people over time, then it'll spread as people like the convenience of reboot-less upgrades. But right now, I'd say their analogy is just right for the market, it's the nerd version of the teenage drivers who play chicken.

Re:Scary analogy

[Spad]

Maybe the bomb will go off if you drop below 50mph...

Re:Scary analogy

[jimmyharris]

If your server only takes a few minutes to reboot, then I can see why you wouldn't be so concerned about having to reboot for kernel upgrades. We have Oracle and Sybase database servers that take over 90 minutes to start up all their services (these are 16 and 32 core machines) and not having to reboot them for kernel updates would be a huge win for us.

Re:Scary analogy

[Leebert]

And how would you know for sure that it would actually boot correctly the next time you actually *need* to?

There is nothing worse than having an actual unexpected reboot (UPS hiccup, whatever), and finding that the system that has been up for 3 years isn't booting, and not having ANY idea which patch put in place in the intervening time actually broke it.

Not that, ahem, I speak from experience, or anything...

Occasional rebooting is good, if for no other reason than making it happen in a controlled situation so you aren't surprised in an uncontrolled situation. If you really need the 100% uptime, then by all means, design a proper high availability system.

Re:Scary analogy

[hedwards]

The main reason is in cases where there's a bad vulnerability in the kernel which is sufficiently bad to warrant risking the live update rather than waiting for the next scheduled maintenance period. Personally I'm not sure how often that's going to happen as there's always the possibility of something going wrong when you do it, leaving you in the position of rebooting the machine anyways. I tend to think that most people that are that concerned with a few minutes of downtime are already using clustered servers and dynamically serving traffic from any of them to prevent worrying about it. In which case having an hour or so as several dozen machines reboot individually is probably not that big of a deal.

Re:Scary analogy

[Grishnakh]

Why would it cause a crash? Not having an engine only means you can't accelerate; you can still brake, turn, etc. It's really a lot like restarting your engine while driving, something that's quite simple and safe: clutch in, turn off engine, restart engine, clutch out.

Re:Scary analogy

[oracleguy01]

I wish I had mod points for you; this is exactly right.

Re:Scary analogy

[Simetrical]

Well let's be honest here, the risk/gain isn't exactly working out for stable enterprise uses.

Exactly backwards.

This feature replicates what mainframes have been doing for years. Specifically because businesses want zero downtime, if possible.

The difference between mainframes and regular PCs is that one mainframe's role is taken on by many PCs. With proper setup, you should have redundancy between the PCs, so you can reboot them one at a time without affecting service. You can't do that if you only have only one mainframe. Even with two, you can only do it if you can afford to double your load. So this might be needed for mainframes, but not for PCs.

Re:Scary analogy

[kiddygrinder]

sure it's accurate, but where's the love? how about "using Ksplice is like updating the kernel without rebooting and you have a nice car" or "using Ksplice is like updating the kernel in your car without rebooting your car"

Re:Scary analogy

[kumanopuusan]

Given that you mentioned Oracle and 32 core machines, I'm sure you're in a corporate environment that places severe restrictions on your ability to change existing solutions. With that said, your servers are taking more than 90 minutes to boot into a usable state. A huge win for you would be servers that can be rebooted, not servers that never need to be rebooted.

Somehow, I imagined the following conversation.

"Jimmy, are you ok?! There's blood everywhere!"
"OK?! I just had a huge win! I stain-proofed the carpet, so I don't need to worry about the blood anymore."
"Jimmy, are you hurt? Do you need a doctor?"
"What do doctors have to do with cleaning this mess off the carpet?"

(Hopefully my light-hearted tone is apparent. I have nothing but sympathy for fellow cogs still stuck in the machinery of the IT industry. I fell off of my axle and rolled out from under the machine a few years ago. Perhaps it happened because I have (am?) a loose nut. ;-)

Re:Scary analogy

[Jah-Wren+Ryel]

And how would you know for sure that it would actually boot correctly the next time you actually *need* to?

Scheduled reboots.

Now you are going to say - scheduled reboots is when you do your kernel upgrades.

The problem with that approach is overloading due to bitrot. Kernel ugprades are not the only reason a system will fail to boot. By upgrading and rebooting you are combining the two goals of patching the kernel and verifying that the system is still bootable, which means potentially more effort troubleshooting if something goes wrong. In the past you didn't have the choice to separate out those two tasks. Now you do.

Re:Scary analogy

[webmistressrachel]

I call a bluff - 32 cores taking 90 minutes to boot all services? Hmmm... what are you the NSA? I doubt it...

Also, your strategy prevents you from finding out if cold boot still works or not, which I am sure you would want to do quite regularly, also, just when do you flush all those buffers? Let's say you have megs and megs of them on this 16 and 32 core machine, 4Meg per core at least, what would happen to your data integrity if your never reboot? I doubt that cache or buffer is parity, even if it is very fast, so do you have problems with data corruption on these "oracle and sybase" servers?

Re:Scary analogy

[curtix7]

its like installing a new air-freshener at a stoplight, but more exciting.

Re:Scary analogy

[MoralHazard]

Get a little imagination, will ya? Here,I'll boil your objection down into two simple premises, for you:

1) In-place kernel upgrades are inherently RISKY to stability, compared with normal reboot upgrades.
2) Reboot upgrades are a LOW COST operation.

You seem to assume that the risk of #1 (upgrade in-place) will always outweigh the cost of #2 (rebooting to upgrade). At the moment, you MAY be correct in that assumption, but we have no basis for any conclusions, yet.

But Ksplice's current business plan is to get ahold of a massive, low-cost testing infrastructure by getting installed by default on as many popular Linux distros (Ubuntu, Fedora, etc.) as possible. Properly executed, a massive testing and development effort should improve KSplice's quality (read: stability) over time.

At some point, if KSplice does it right, in-place kernel upgrades will become stable enough to no longer entail measurably more risk than traditional reboot upgrades. If/When that happens, you'd be a fool to continue reboot upgrading, right? If there's no practical added risk, why should you have to even put up with the inconvenience of a single minute's delay, or the hassle of closing and re-opening all your SSH sessions?

Hell, it's reasonable to imagine that in-place upgrades could even become MORE stable than reboot upgrades (eventually). If that happens, you'd have to be more than a fool to continue rebooting--you'd have to be some kind of technical cargo-cultist, unwilling to offend the Machine Gods by departing from the correct rituals. (There will probably be at least a few of these people--I know some of them, I think.)

For another perspective, consider these:

  - guns vs. bows
  - automobile vs. horse-and-buggy
  - pen/paper vs. typewriter
  - typewriter vs computer
  - multiprocessing vs. single CPU

Reasonable people expect that the earliest incarnation of a new technology will be buggy, unstable, dirty, explosive, unreliable, or otherwise potentially hazardous. But given time to iron out the bugs, there's eventually a tipping point where the original technology no longer fulfills its basic purpose as well as the new-fangled competitor.

Re:Scary analogy

[cetialphav]

Personally, I'm OK with having to reboot my Linux machine when I change kernels, mostly because it's the only time Linux DOES ask me to reboot.

This isn't exactly true, though. Suppose there is an update in glibc. Just updating the library files has not helped any of your running processes. New processes will use the new library, but all the old processes will still be running the old library. If the update is for security reasons, then you have to restart every single running process. This can be done, of course, (except for init), but it is not exactly easy so you may as well reboot. You are certainly going to incur downtime no matter how you slice it.

Distributions hide this from you by applying the updates and not telling you to reboot, but you really should reboot after many updates to make sure you are actually running the updated code and not the older code. It was never as bad as Windows, of course, which might make you reboot 5 times to apply 5 updates instead of getting it all done with one reboot, but to say that only kernel updates require a reboot is a bit of an exaggeration.

Re:Scary analogy

[afidel]

Any open system that takes over 10 minutes to boot is seriously broken. Even my 16 core 256GB machines with multiple HBA's takes under 5 minutes to reboot, yes they run Oracle (Enterprise but not RAC). They even have almost two dozen LUN's mapped.

Re:Scary analogy

[Culture20]

"Using Ksplice is like 'replacing your car's engine while speeding down the highway,'"

So in other words it's something you'd never want to risk doing because it'd almost certainly cause a crash?

I think they should've thought about a different analogy for this one...

It's like pulling into the Foundation for Law And Government Mobile Unit to replace your car's engine while speeding down the highway instead of replacing your car's engine while speeding down the highway under your car's own power. Except it's really more like the latter, but without the danger.

Re:Scary analogy

[ddegirmenci]

Assuming the analogy holds, the kernel being the engine of the car and the installed software being the components that make use of it, would it work backwards? i.e. if it is almost perfectly safe to install a piece of software to one's PC today and not reboot after doing so and before using the software (which it is), is it also safe to remove a component of the car that is not the engine (e.g. the steering wheel, the shift stick, the mirrors, the seats - it's even possible to include the driver and the passengers, considering that they make use of the car and indirectly of the engine to arrive at their destination) and replace it while driving down the highway?

Re:Scary analogy

[camperslo]

Then there's the question... does one need to reboot when installing Ksplice?

Re:Scary analogy

[MightyYar]

Forgive me if I'm being naive, but couldn't you reboot ONE of your machines as a test and then just roll out the kernel patch to any other identical machines without rebooting?

Re:Scary analogy

[rcamans]

It takes you a whole minute to boot Linux Mint? You must have an ancient PC. My laptop boots Windows 7 in 15 seconds. Oops, I shouldn't have said that. I really shouldn't have said that.
Now I am going to get flamed big time.
I better get out my marshmallows.

Re:Scary analogy

[ScrewMaster]

Then there's the question... does one need to reboot when installing Ksplice?

Of course not because, as everyone knows, the chicken did in fact come before the egg.

Re:Scary analogy

[afidel]

Recovering a high transaction load system from an ungraceful shutdown is completely different from a clean shutdown and reboot. Saying that transaction rollback is the same as boot time is disingenuous.

Re:Scary analogy

[ScrewMaster]

I keep telling people NOT to reboot their database servers to fix problems but its a reflex reaction that seem to be hard-wired into the DNA of all admins.

Years of training on Windows systems ... they can't help it. Really, they can't, and it's a legitimate tactic in most Windows environments (well, often it's the only thing you can do.) Yes, it has gotten better in recent years, I must admit, but I still find myself having to reboot more often that I think is reasonable.

I've had users who reflexively re-install the application when they see something they don't like. It doesn't help matters when they do so using a four-year-old version they had lying around in a drawer. You just want to reach out and shake them, all the while shouting at the top of your lungs "WHAT on EARTH made you think that was a good idea?" It doesn't help that they generally won't admit what they've done, and I have to figure it out from what they're telling me on the phone. "What? What do you mean there's no DIAGNOSTIC menu. What version are you running, anyway?"

Then, to top it off, when they're informed that they've blown away their entire system configuration and that it's going to have to be rebuilt from scratch, they get upset want to know why we didn't make backups (???). I've often thought that might be a good value-added service we could offer, but it's not up to me anyways. Now, the vast majority of our user base is a hell of a lot smarter than that, but there are always those few who you just know had that umbilical cord wrapped around their neck.

Re:Scary analogy

[ScrewMaster]

They should have stuck with their original slogan: "Using Ksplice is like updating your kernel without rebooting"

How about "Using Ksplice is like updating your genome without having a baby"

Re:Scary analogy

[Orange+Crush]

You lose power steering and anti-lock brakes, which can still make things considerably more dangerous and control of the car more difficult. But that's not really the main issue. The main issue is it's a silly analogy.

Re:Scary analogy

[natehoy]

I know Windows 7 has improved startup times dramatically over XP, and that's great. My father has a Windows 7 machine, my mother does, several friends do, and I like it. It does start fast.

But, no, to answer your question, startup takes nowhere near a minute in Mint. Probably closer to the 15 seconds you report from Windows 7, though I'll admit I haven't timed it with a stopwatch so I can't give you an exact time.

"Boot" and "reboot" are different terms, though.

So, to be clear: My "under a minute" was from the moment I told Mint to reboot to the moment I'm back in a fully operational desktop again with my basic programs running (Firefox and Thunderbird). So that figure includes powerdown, POST, OS startup, login to my primary account, launching my programs, and being back where I started when I started telling it to shut down.

And it's probably closer to 40 seconds, if I had to guess at a more precise time. But that's a guess. And Windows Seven might still beat the pants off it, and if it does I'm happy for you if that sort of metric is important to you. Personally, I'm happy with anything pretty much under a minute or so.

The reboot-to-patch-everything treadmill really sucks, and I'm glad it's largely behind us as a computing community across most personal computing platforms.

It's also great that everyone (on all platforms) has put so much work into reducing boot times for those times when it is necessary (or safer) to just reboot rather than trying to patch-in-flight.

Re:Scary analogy

[kabloom]

I think they wanted something like "It's like R2-D2 repairing and fortifying your X-Wing while you're in flight," but they probably couldn't get the trademarks.

Re:Scary analogy

[kabloom]

You always had a choice. You could decide to reboot on a certain schedule and only update the kernel half the time.

Re:Scary analogy

[Grishnakh]

You don't need power steering at speeds over 10 mph or so, so that isn't a problem (this was about losing your engine on the freeway). Power steering is only really needed for parking lots.

You only need ABS in wet conditions, and you don't lose that either if you leave the electrical power on, as ABS is electrically operated, not driven off the engine. Also, on many newer cars, power steering is electrical, so you don't lose that either.

Sorry for picking apart the analogy, but this is Slashdot and that's how I like to pass time here :-) If I can't go off on a tangent pointing out the technical flaws in an analogy on a self-proclaimed geek/nerd forum, then where can I?

Re:Scary analogy

[Nursie]

You must have some damned fine hardware sir!

my laptop boots Win7 in a lot more than that. It's a Core 2 Duo with 4G of RAM.
Hell, my laptop's barely off the BIOS screen in 15 seconds.

Also you might want to consider that the discussion was about time for reboot after a kernel update. Win 7 shutdown and machine restart is probably approaching that.

Win 7 also does that nasty old MS trick that I hate so very much - it displays the desktop pretty quickly after login but you have to wait another couple of minutes until you can actually use the damn thing.

Now I am going to get flamed big time.

well, you did ask for it by comparing full boot time to reboot time, and making fantastic claims. I'd use win7 more if it only took 15 seconds to boot. That would be great!!

Re:Scary analogy

[ultranova]

We have Oracle and Sybase database servers that take over 90 minutes to start up all their services (these are 16 and 32 core machines)

Whiskey Tango Foxtrot.

Re:Scary analogy

[cortesoft]

Although if you have a problem upgrading your kernel, there is a good chance you will end up having to reboot.

Re:Scary analogy

[drsmithy]

2) Reboot upgrades are a LOW COST operation.

If planned restarts of individual servers are *not* "LOW COST" operations, you should probably concentrate on fixing your architecture and procedures, rather than delving into kernel mangling.

Hell, it's reasonable to imagine that in-place upgrades could even become MORE stable than reboot upgrades (eventually).

Why ? How is starting from an inherently less known and more volatile state ever going to be "MORE stable" ?

If that happens, you'd have to be more than a fool to continue rebooting--you'd have to be some kind of technical cargo-cultist, unwilling to offend the Machine Gods by departing from the correct rituals. (There will probably be at least a few of these people--I know some of them, I think.)

All systems develop runtime cruft over time and benefit from a reboot. To say nothing of how useful planned reboots are for confirming that your systems will recover from the _unplanned_ ones.

Re:Scary analogy

[eosp]

Or you could just run `ldconfig` to clean the library cache, go down to single user mode, and then back into multiuser mode. Everything but init restarts, and init can already restart itself if it detects a change.

Re:Scary analogy

[Xest]

I was actually thinking more about the changing the engine part- like, climbing out onto the front of the car, lifting the bonnet, trying to lift the engine out and replace it all whilst driving- that's the part I think would likely cause a crash! Just having the bonnet up so someone else can change it would be a little hazardous!

Re:Scary analogy

[RivenAleem]

"replacing your car's engine while speeding down the highway"

It would be like updating your Kernel while doing some graphical rendering, or video conversion.

Using Ksplice should more likely be "like replacing your car engine while parked/idling on the side of the road"

Re:Scary analogy

[LaRainette]

You're OK with it because you don't run a 24/7 server for instance.
No reboot = more uptime.

Generally speaking innovation in IT comes from people adding features a very small minority will use.

Re:Scary analogy

[juhaz]

Indeed, losing either of those two probably wouldn't cause any issues - but you also lose vacuum boosters for power brakes and that is a problem, especially if the driver doesn't know it will happen.

Re:Scary analogy

[__aazrka9419]

You apply kernel upgrades to DB production servers ??? Seriously though, our IBM Websphere Application servers takes around 45 minutes to reboot, this would be a great benefit to us as well.

Re:Scary analogy

[Grishnakh]

That's a good point. You'll still have enough vacuum for one or two pedal presses, but that's it.

Re:Scary analogy

[Simetrical]

The difference between mainframes and regular PCs is that one mainframe's role is taken on by many PCs. With proper setup, you should have redundancy between the PCs, so you can reboot them one at a time without affecting service.

This is often impossible considering the workload. This is why you see 32 core servers with many gigabytes of ram.

I run a 16-core server with 16 GB of RAM. I'm going to deploy a second one soon with automatic failover to eliminate downtime for routine administration. It's perfectly possible for the vast majority of services. I'll grant that there will always be exceptions, probably for the most part custom-written applications that weren't designed for redundancy.

You can't do that if you only have only one mainframe.

Yes you can, and that's the whole point.

You can't reboot one mainframe at a time without affecting service, if you only have one mainframe. Rebooting it's going to leave you with no running servers, and it's hard to provide service then. :) Instead, you're forced to design the system so you never have to reboot it, which is much harder.

Re:Scary analogy

[CAIMLAS]

True. The in-place kernel upgrade is somewhat safer than their analogy might imply, but it does lead to an interesting point. Why would you want to do this?

As a sysadmin, I can give you a handful of good reasons:

1) I like to sleep at night and eat dinner at 5, not having to worry about going back out to work. If I can do a (user) transparent upgrade during the day, I will. Planned outages suck.
2) Same goes for weekends. WHY would I want to come in for a couple hours to watch something complete successfully? And if it fails, well, then I've got a couple more hours ahead of me.
3) If the system crashes mid-process, I'm fixing a problem, not causing one. People seem willing to deal with outages during the day for crashes, but not for upgrades.
4) Fixing crashed systems makes you look useful and like a miracle worker. If you never have a fire to fight, you look like you're not doing your job.

Re:Scary analogy

[natehoy]

And if I wanted to talk about cold-booting times as a metric, I would have used the term "boot" or "cold boot". But I wasn't talking about performance metrics, so I didn't use that term.

I was stating an approximate amount of time that my system is unavailable to me while I apply a kernel patch, and making the point that saving that time by using a riskier patching method was undesirable in my opinion.

That time includes both the "graceful shutdown", "powering up", and in my case "logging in" portions of a reboot, since I can't bloody well use my computer while it's powering down or before I've logged in, now can I?

Re:Scary analogy

[tepples]

Recovering a high transaction load system from an ungraceful shutdown is completely different from a clean shutdown and reboot.

Clean shutdown + startup involves performing the commit before restarting the hardware. Crash-only methodology involves performing the commit afterward. How long does each take, or are we just moving the hardware restart later in the process?

Re:Scary analogy

[tepples]

If planned restarts of individual servers are *not* "LOW COST" operations, you should probably concentrate on fixing your architecture and procedures

When you restart the master server for the production database, what will the application servers query?

All systems develop runtime cruft over time

The fact that "all systems develop runtime cruft over time" is the problem.

Re:Scary analogy

[tepples]

Or you could just run `ldconfig` to clean the library cache, go down to single user mode, and then back into multiuser mode. Everything but init restarts

In a typical reboot, how much time is spent starting BIOS and the kernel compared to starting "everything but init"?

Re:Scary analogy

[tepples]

and then stop the clock when you reach the OS login screen

Ten minutes from the OS login screen to your applications starting is not acceptable either.

Re:Scary analogy

[afidel]

Because when you are applying the patch you shouldn't be going through a transaction rollback! Applying a patch should involve the graceful shutdown of the database.

Re:Scary analogy

[Khaspir]

When you restart the master server for the production database, what will the application servers query?

The next node in the cluster? If this is a critical infrastructure system where time is money (or lives, or whatever) then you DO have a redundant highly available architecture, right?
 

The fact that "all systems develop runtime cruft over time" is the problem.

This is only part of the problem (and I'm not convinced it is fact). Other problems are that hardware has a finite lifetime (be it however long), and we never have complete control over the environment, no matter how much we spend on the space.

No matter how how bulletproof the system is, nothing is completely immune to failure - I do, however, rebut the notion that rebooting and kernel updates are inevitably linked. Something /will/ crash, and murphy dictates that this will not happen when you plan it - so it is best to plan accordingly. This is a trait of a good sysadmin. This makes a reboot after a kernel upgrade a sensible precaution - but not inevitable, and perhaps the reboot is better aligned with a disaster recovery planning operation.

Ultimately, as previously noted, the major advantage to this is not skipping an otherwise obligatory reboot, rather, it is being able to segregate upgrades and reboots, and not be forced to combine those activities. Both are important, but more control of potential downtime activities is a good thing.

Re:Scary analogy

[drsmithy]

When you restart the master server for the production database, what will the application servers query?

One of the other cluster nodes.

The fact that "all systems develop runtime cruft over time" is the problem.

Only in the same sense that not having world peace is the problem.

Re:Scary analogy

[badkarmadayaccount]

More than zero.

Re:Scary analogy

[badkarmadayaccount]

Diesels have separate vacum pumps, some times electrically operated.

Re:Scary analogy

[MoralHazard]

If planned restarts of individual servers are *not* "LOW COST" operations, you should probably concentrate on fixing your architecture and procedures, rather than delving into kernel mangling.

Please, go back and re-read my original post: I make no assumptions about whether reboots are low-cost or high-cost, in the absolute sense. So, your opinion on the absolute costs of server reboots, while interesting, is entirely irrelevant to my argument.

See, I'm discussing the RELATIVE cost of server restarts. But because you started composing your reply before you read enough of my post to understand my point, you're just lecturing to yourself, here.

Why ? How is starting from an inherently less known and more volatile state ever going to be "MORE stable" ?

Again, you're just spazzing without bothering to read the entire post. To the extent that it's possible (given that we're speculating about the future, here), I already directly answered your question.

Also, note that my argument isn't premised on in-place kernel upgrades becoming MORE stable than the reboot-facilitated kind, just ALMOST AS stable (to the point where the additional risk is trivial and outweighed by the (minor) inconvenience of a reboot). So you're basically just engaging in a straw-man fallacy, here.

All systems develop runtime cruft over time and benefit from a reboot. To say nothing of how useful planned reboots are for confirming that your systems will recover from the _unplanned_ ones.

I'm sure these are interesting opinions in the context of your own personal experiences, but they're much less relevant in an abstract discussion like this. That's because my personal experiences may differ sharply from yours, just as the experiences of any particular 3rd-party observer may differ from both of ours. (In other words, why should we Big City folk care how some country boy sodbuster does things in his podunk backwater?)

So I'll refute your argument (and give you a handy little demonstration of why argument-by-anecdote is made of fail) by simply saying: In my own personal experience, it is NOT TRUE that all systems develop "runtime cruft" and benefit from reboots, OR that planned reboots are useful. (Probably because my architecture and systems management strategy differs from yours.)

So, here's a summary for your reference:

  * You need to improve your reading comprehension skills.
  * You need to control your irrelevant outbursts and focus on the specific arguments at hand.
  * You need to learn how to identify key arguments and differentiate them from side issues.

how about is linux with memory leaks?

[Joe+The+Dragon]

how about is linux with memory leaks? is the base os good? what about X? most of the apps? what about apps get stuck in background that need a reboot to unload?

Re:LOL Linux users

[jgagnon]

If it is REAL WORK then you're doing it wrong. :p

interesting

[idontgno]

this may be based on Free software (residing in the machine needing its kernel patched), but it appears that patch preparation is based on a subscription service provided by the Ksplice Uptrack people. That's the part which is (selectively) free-as-in-beer. This isn't organic to the kernel or the normal methods of kernel updating.

That means there's libre-free software and a service provided by a non-distro company which is, for selected distros, gratis-free. For now.

The technical description sounds like the ancient OS patching techniques the old mainframes I used to work on used.

And frankly, I'd still feel a little more comfortable with a reboot, since I'd worry a bit about state consistency of kernel and client processes. But, I guess smarter people than me says it OK, so what do I know?

Re:interesting

[bsDaemon]

When you have around 1500 production servers to patch, such as with the memmap 0 bug last year, doing them one-by-one, or even in small batches, remotely over IP KVM takes a long-ass time. This is nice for those types of situations.

Re:interesting

[phantomfive]

And frankly, I'd still feel a little more comfortable with a reboot, since I'd worry a bit about state consistency of kernel and client processes.

This in theory can be a problem, but each kernel update has to be prepared individually, so someone (once again, this is the theory) has looked at the kernel modifications and made sure it won't cause problems. This isn't an automatic thing that can work with any kernel (don't try to use it to go from a 2.4 kernel to a 2.6 kernel), and if there are major changes, say a new scheduler or something, then someone needs to write code that will move the data from the old scheduler to the new scheduler.

Mainly its used for security updates which are probably a line of code changed, or a function changed, and there is no difficulty with inconsistencies (unless maybe someone is in the middle of trying to exploit the buffer overflow, but they avoid that problem by making sure no threads are in the functions that are being patched). This is my understanding of how it works.

Re:interesting

[bsDaemon]

etiam, Cartago delenda est.

Re:interesting

[vlm]

When you have around 1500 production servers to patch, such as with the memmap 0 bug last year, doing them one-by-one, or even in small batches, remotely over IP KVM takes a long-ass time.

One single line using pssh, dsh, dish, or no lines at all when using a very fancied up puppet configuration?

Do you like toggle in boot code over the IP KVM like a PDP-8 or what?

The ability to do something the hard way, does not prove the lack of existence of an easier way.

Re:interesting

[bsDaemon]

OK, you see how all of those things still lead to doing a reboot? Now, imagine automating the process AND using ksplice. And I agree that automating the process would have been super awesome, but unfortunately that's just the sort of design process and forethought which was shunned at the place I worked at that time. So I left.

Re:interesting

[h4rr4r]

Or you just need better educated friends.

Re:interesting

[natehoy]

Quid quid latine dictum sit, altum videtur

Re:interesting

[Thelasko]

...it appears that patch preparation is based on a subscription service provided by the Ksplice Uptrack people.

Yeah, I'll use it when my distribution vendor of choice is the one doing the preparation.

Re:interesting

[innocent_white_lamb]

someone (once again, this is the theory) has looked at the kernel modifications and made sure it won't cause problems.
 
I can't imagine that it would be a manual process. Isn't scanning for differences between two files and creating a list of the same something that computers can do rather well on their own? (See diff and patch by way of example.)

Re:interesting

[vlm]

unfortunately that's just the sort of design process and forethought which was shunned at the place I worked at that time.

Ouch man, ouch. In the networking world we call that situation trying to solve a simple layer-8 problem using a very complicated layer-1 solution (or various other combos of numbers). I'm guessing rebooting was unacceptable because you had no backups / load balancers / load levelers / checkpointers / heartbeat monitor / hot standby disaster recovery / replication systems. Most places, reboots sound like a great time to test that gear, assuming you have it...

Re:interesting

[phantomfive]

That part is done automatically. If it is just a matter of changing a few lines of code, it happens automatically (presumably some human double-checks to make sure nothing bad will happen). The human modification comes in if there is a data-structure change, in which case custom code is written to move the data from the old structure to the new structure, since that's not something that can be automated (ok, it can be automated, but the results might not be what you want!)

Re:interesting

[TooMuchToDo]

Seriously? I patched 5500 linux servers in 24 hours *by myself*, all the while they were churning through collider data from the LHC. This would be, in my opinion, what I would call a production environment. Shortcuts are nice, but sometimes you don't need them if your environment is engineered properly.

Re:interesting

[scheme]

Seriously? I patched 5500 linux servers in 24 hours *by myself*, all the while they were churning through collider data from the LHC. This would be, in my opinion, what I would call a production environment. Shortcuts are nice, but sometimes you don't need them if your environment is engineered properly.

That's slightly different. I assume you're at a CMS or ATLAS T2 center and frankly most of those systems were worker nodes that could be taken down for a minute or too for a reboot as jobs were drained off of them and they went idle. A quick reboot and they'll show up in condor or pbs a minute or two later and start processing jobs. The gatekeepers and gateways for the SE would be more complicated but if you got them up within a minute or two, most if not all of the running jobs wouldn't notice.

Re:interesting

[TooMuchToDo]

Your post is accurate =) *shakes fist*

Re:interesting

[TooMuchToDo]

Small correction: I *was* at a T1 center for one of those detectors. I've recently moved on to a less political/bureaucratic organization.

Re:interesting

[Simetrical]

That means there's libre-free software and a service provided by a non-distro company which is, for selected distros, gratis-free. For now.

I like your Latin-based distinction of "free" better than the free-as-in-beer v.s. free-as-in-speech method. I'll have to remember it for the next time I give a speech on OSS at the Roman senate.

Libre is French. The Latin equivalent is liber.

Re:interesting

[Lemming+Mark]

I think that (basic) tools for generating ksplice patches are available as Open Source, it's just that you probably don't want to actually have to generate them yourself (and you ought to have someone qualified look over them). It probably makes most sense for a distro to generate them but as that's not happening yet these guys have their niche.

I ran ksplice on an Ubuntu box for a while without problems.

Re:interesting

Lorem ipsum dolor sit amet

Re:interesting

[bsDaemon]

No, we had to reboot. It was a fairly well-known web hosting company... I won't really say any more than that, but I'm on hiatus from web hosting for a while. Working in a more serious industry now.

Re:interesting

[ScrewMaster]

That means there's libre-free software and a service provided by a non-distro company which is, for selected distros, gratis-free. For now.

I like your Latin-based distinction of "free" better than the free-as-in-beer v.s. free-as-in-speech method. I'll have to remember it for the next time I give a speech on OSS at the Roman senate.

Mods, he's not trolling or insulting your precious open source. Geez.

Re:interesting

[ScrewMaster]

Quid quid latine dictum sit, altum videtur

Semper ubi sub ubi.

Re:interesting

[smallfries]

Pah! As if you could point to a single 24-hour period when the LHC has been up and running...

Re:LOL Linux users

[Nerdfest]

Price?

Re:how about is linux with memory leaks?

[h4rr4r]

WTF are you talking about? Kill -9 gets rid of apps if you really need too, rebooting is for windows users.

Re:It's free?

[tokul]

Isn't everything in linux?

Some non-free commercial software runs on linux.

Ubuntu has it already

[JustAnObserver]

... and it has been free for Ubuntu, as indicated on their web page (http://www.ksplice.com/pricing)

Old hat

[Kaz+Kylheku]

Lisp systems did this 30+ years ago: reload new compiled functions, and keep going. New calls go to the new function, old function becomes garbage when no more threads are executing it.

Re:Old hat

[Myopic]

Did you just equate hot-replacing a kernel with adding a function to a runtime environment? Or did I not quite understand? If I understand, then that would be more like, say, upgrading a program without having to reboot, which is unremarkable.

"Next time you open that app, it launches the new version!"

Re:Old hat

I recall reading a tale of LISP code being in one of the satellites sent out in the 70s. There was apparently a bug in the code which they were able to analyze, debug, fix, and reload - from within the current buggy version while the probe was heading off into space. I haven't messed with LISP nearly enough, but after reading that it entered the realm of Very Neat Things to me.

Re:Old hat

[maxwell+demon]

The news is not that there exists technology to update without reboot (it indeed existed for a long time), but that this technology is now available for Linux.

Re:Old hat

[imbaczek]

back then, the runtime environment on a lisp machine was pretty much the kernel.

Re:Old hat

[Shikaku]

diff mainline patch
)

Re:Old hat

[Abcd1234]

Did you just equate hot-replacing a kernel with adding a function to a runtime environment?

No, he equated hot-replacing a kernel with hot-replacing a function in a piece of software while the software was still running.

Re:Old hat

[FranTaylor]

Have you ever heard of a LISP Machine? Who says that LISP code is not in the kernel?

Re:Old hat

[Kaz+Kylheku]

No, I equated hot-replacing sets of functions in a run-time to hot-replacing a kernel (which is a set of functions).

"Next time you open that app" isn't hot-replacement if you are first required to exit the current instance, such that a new process is started.

Re:Old hat

[TheRaven64]

Actually, the Lisp version was more impressive. The entire OS on the Lisp machines was written in Lisp and was introspectable. You could, at run time, inspect the code for the running system, modify it, and have the code compiled and the new version replace the old one without any downtime. Ksplice, in contrast, requires a separate program to do the compilation and requires a user to manually do some merging of nontrivial changes.

Re:Old hat

[Kaz+Kylheku]

To the average slashdotter, there is no distinction there.

Re:Old hat

[Abcd1234]

I never said anything of the kind.

But hey, you got to show off that you know what a lisp machine is, so bully for you.

Re:Old hat

[Abcd1234]

Incidentally, Smalltalk images work similar. For a fun time, open up a Squeak image and start digging around. Now *that* is open source software.

Re:Old hat

[ScrewMaster]

Have you ever heard of a LISP Machine? Who says that LISP code is not in the kernel?

Personally, I've always thought they should have called it "Bogart".

Re:Old hat

[ScrewMaster]

To the average slashdotter, there is no distinction there.

What? It runs Linux?

Re:Old hat

[weicco]

I implemented the same with C#/.NET using dynamics. I trapped the calls in DynamicObject.TryInvokeMember method, seek out where I could find the latest implementation of the method being called and passed the call or threw an exception if method was not found. I even wrote Web Service support.

Pretty stupid idea and not very useful in the end but it was fun writing it :)

Re:Old hat

[TheRaven64]

Almost, but not quite. In Squeak, the VM itself is statically compiled (via C), so you can't modify that at run time. With SqueakNOS, you can modify device drivers, but there are still some bits that you can't modify.

This is actually pretty trivial for late-bound languages in general. With LanguageKit, we can replace methods written in Objective-C with methods written in Smalltalk or JavaScript at run time too.

Re:Old hat

[Abcd1234]

Bizarre that you got modded flamebait, but...

Almost, but not quite. In Squeak, the VM itself is statically compiled (via C), so you can't modify that at run time.

Eh, that's largely picking nits. Did the Lisp machine let you change the hardware running those lisp expressions? No? Then why would you expect to be able to modify the virtual machine running compiled Smalltalk bytecodes?

With LanguageKit, we can replace methods written in Objective-C with methods written in Smalltalk or JavaScript at run time too.

Interesting... I've fiddled with Objective-C a little, here and there, and as a Smalltalk wanker, I quite like it. I might have to go back and take another look, assuming I can find some time when I'm not oscillating between writing experimental webapps in Seaside on Squeak, and giving myself migraines with Haskell... :)

Re:Old hat

[TheRaven64]

Did the Lisp machine let you change the hardware running those lisp expressions? No?

Not exactly, but with a Lisp Machine everything other than the hardware was modifiable. The entire run-time environment was written in Lisp. The Squeak VM includes things like the frame buffer, for example, which are statically compiled.

SqueakNOS is more impressive than Squeak, because everything from the interrupt handler layer and up is written in Smalltalk and can be modified. This is pretty close to being equivalent to a Lisp Machine. The only bits you can't modify at run time are the bits that are written in assembly and set up the interrupt vectors, and a few bits of the VM that are statically compiled.

For a modern production system that does this incredibly well, take a look at the OpenFirmware implementation used in the OLPC machines. They boot to an interactive FORTH environment that lets you modify everything in the boot firmware.

The thing that makes ksplice interesting is that it does it in C. As I said in the post that was marked flamebait, this is a pretty trivial problem in late-bound languages, but a general solution in C is impossible. A specific, good-enough, solution is therefore interesting.

Re:Old hat

[plcurechax]

Lisp systems did this 30+ years ago: reload new compiled functions, and keep going.

Just to clarify you point, as in Lisp machines, not Lisp running standard hardware. That's an impressive feat, but they were not the first or only systems to do this.

I believe Forth based systems had been doing the same thing prior to that; as well IBM's mainframes were hot swapping kernels and CPUs for over 40 years I believe.

The more common mini-computer DEC VAX "clusters" circa 1980's were capable of this as well, and included being able to hot swap the CPU modules. I use quotation marks because a VAX cluster was a tightly coupled single "system" or "machine" in my understanding, not like the current concept of loosely coupled systems today, though I never operated one myself.

Re:how about is linux with memory leaks?

WTF are you talking about? Kill -9 gets rid of apps if you really need too, rebooting is for windows users.

Ideally, kill -9 gets rid of them. Sometimes it won't.

Re:It's free?

[cwrinn]

Great job reading the article... "The service for Fedora and Ubuntu Desktop is free of charge. For other distributions, the subscription fee starts at $3.95 per system a month, after a 30-day free trial."

Re:how about is linux with memory leaks?

[maxwell+demon]

Unless they are in uninterruptible sleep.

exploitable?

[codepunk]

How long before it is used to exploit machines, what could possibly go wrong.

Re:exploitable?

[maxwell+demon]

Well, if you manage to get your "updates" accepted by the machine's update process, you pwn the machine after the update anyway, even with conventional rebooting updates.

So...

[mark72005]

Linux user = more brains than money
Mac user = more money than brains
Windows user = ...?

Re:So...

[ThatMegathronDude]

Windows user = spread across the range

Re:So...

[Ironhandx]

Windows user is middle of the road. He has brains and money but not enough of either.

Re:So...

Windows user = a poverty of both

Re:So...

[Anarke_Incarnate]

Windows user = BRAAAAAAAAINS!!!

Ok, so they probably ARE zombies, used for all sorts of nasty DDoS attacks or other types of botnets :)

Re:So...

[Seth+Kriticos]

Well, Windows users usually don't directly play this game, but are used as playing figures.

Re:So...

[JohnBailey]

Linux user = more brains than money
Mac user = more money than brains
Windows user = ...?

moooore braaaaains.......

Re:So...

[ToasterMonkey]

Linux user = more brains than money
Mac user = more money than brains
Windows user = ...?

Correct, users of free stuff have less money than brains, and Mac users have waaaaaaaaaay more money.

Re:So...

[msuarezalvarez]

It was quite a while since last time slashdot made me laugh so hard. Thanks! :)

Finally!

[RevRagnarok]

I've been waiting for years!

watch uname -r

(from the man page)

Re:Finally!

[flydpnkrtn]

Well I got it and laughed, even if nobody else did :p

Tough crowd

Servers

[DreamArcher]

Other than just screwing around in your garage it's still $50 a year per server if you actually need.

Kinda Free

[chargersfan420]

FTA:

The service for Fedora and Ubuntu Desktop is free of charge. For other distributions, the subscription fee starts at $3.95 per system a month, after a 30-day free trial.

WTF? Can anyone explain why they would do it this way?

Re:Kinda Free

[b0bby]

So that you can mess around with it for free, get comfortable with it, and decide to use it on servers at work where you're willing to spend the money to avoid rebooting. That's my guess, anyway.

Re:Kinda Free

[jonescb]

Because the majority of people who use Ubuntu and Fedora aren't using them to run mission critical servers, and therefore they have no real use for the service anyway. Ksplice may be letting these users in for free so they can show the admins who are running an Enterprise server some data on how well their service works.

Re:Kinda Free

[AvitarX]

Well, it is the desktop version only (for Ubuntu, that is free), and Fedora is also primarily for desktops (bleeding edge and all that).

1) So I would say it is more, let tinkerers use it

2) have tinkerers buy it at work

Re:Kinda Free

[hedwards]

From their FAQ:

Q. How long will Ksplice Uptrack for Ubuntu Desktop be freely supported? A. Ksplice Uptrack for Ubuntu Desktop 10.04 Lucid is now available and will be freely supported for as long as Ubuntu Lucid is the newest version of Ubuntu. When the next version of Ubuntu Desktop (10.10 Meerkat) is released, we anticipate freely supporting that next version for as long as it is the newest version of Ubuntu.

Re:Kinda Free

[Swave+An+deBwoner]

They get to practice on a wide variety of desktop systems so that they can figure out what they are doing that is destroying some of those systems before they hit a paying customer with a similar configuration. And I swore off cynicism yesterday.

Re:Kinda Free

[Ossifer]

a) Software is GPL
b) Canonical, and others, could provide it, and the necessary server support for free if they choose to do so

Well, not unless you shove it up your...

[Dogtanian]

Using Ksplice is like changing your tampon while speeding down the highway

As in it's something that's unnecessary (if not nonsensical) for the majority of drivers/users anyway?

Re:Well, not unless you shove it up your...

[webmistressrachel]

Duh but not whilst driving down the highway!

Ports?

[innocent_white_lamb]

TFA says that they are making the code available to be directly included in the Fedora distribution. Fedora is pretty strict about what they include in their distribution so if it's included it will have to be Free Software.
 
Accordingly, what's to prevent anyone from taking the Fedora version and porting it to the other Linux distributions that this outfit is currently charging a user fee for?
 
Other comments above state that the use of this thing requires a specially crafted patch instead of the regular "here's a new kernel package" that you get from the distribution's repositories. If so, then wouldn't it be worthwhile to use the technology that is revealed in the Free Software Fedora version to make a patch-creating kernel update reader program (KURP - Kernel Update Reader Patch) that would scan a standard kernel update and create the required patch?
 
Then this technology could become available as a stock feature in all Linux distributions, without charge.
 
Of course, if the technology isn't Free Software then this whole scheme goes off the rails, but if it's not Free Software it won't be included in Fedora anyway.

Re:Ports?

[IRWolfie-]

It is free software. You require a subscription to any update services though. A distribution could possibly set up its own service for updates since it has the client source available

Re:Haven't touched a Fedora kernel

[Dogtanian]

Since that bug with the exec-shield patch that occasionally killed a perfectly innocent process. It will probably just add more bugs which no-one will notice or care about,

Wasn't Fedora always intended to be a test-bed for Red hat Linux anyway?

Old hat

So, Linux has finally caught up to Smalltalk-80, maybe.

Debugging in space: a case for dynamic systems.

[drainbramage]

Looks like you might be referring to this http://developers.slashdot.org/comments.pl?sid=130313&cid=10876098

Re:how about is linux with memory leaks?

Processes in the 'D' state cannot be killed, even by root. They're waiting on I/O and nothing short of giving them the I/O they're waiting for or rebooting will kill them.

Re:how about is linux with memory leaks?

[vadim_t]

No, the grandparent means uninterruptible sleep.

Processes sleep in a way that can't be interrupted in some cases. For instance, when writing to a file. The logic of that that if it was possible, the application would have to retry the interrupted call, and since a write is assumed to be uninterruptible nobody tries to check if it was interrupted.

This ocassionally creates problems, like when something in the disk subsystem goes wonky, and a write call never returns, leaving the process sleeping and unkillable forever.

There was a patch to create a killable state, that allows fatal signals to be processed in such cases, since the process would die immediately anyway. I'm not sure how fully is this integrated, but while I remember unkillable processes in the past, I don't think I had any in the last couple of years.

Re:how about is linux with memory leaks?

[bazald]

I've seen this happen to processes fairly recently. (A couple months ago.) It wouldn't have bothered me, but it meant I couldn't replace the files they were writing to. My workflow at the time was sufficiently inflexible that this basically required me to reboot to continue working when it happened. I stopped using the program that caused the problem, and improved my workflow to be more flexible. I'd hate to run into the problem again though. I'd love to see a patch like the one you pointed to become an integral part of disk I/O in the future.

That's great...

[IGnatius+T+Foobar]

...but does it have support for smooth full-screen Flash video yet?

(It's http://xkcd.com/619/ for those of you who still have question marks over your heads)

Re:That's great...

[Korin43]

It's not funny if you explain the joke..

I don't get the point

[Simetrical]

Okay, so even suppose this is perfectly reliable. Let's say I'm running a high-availability server and can't stand any downtime. Now when my kernel needs an update, I don't have to reboot, great!

So what about when, say, libc needs an update? As long as programs are still using it, they'll be using the outdated version. Am I supposed to restart all programs using libc? That will cause downtime just like a reboot (although maybe a bit less).

Or what about when I need a hardware upgrade? Or there's a hardware failure? Or what happens when that critical application requiring 100% uptime needs a security fix? What am I supposed to do then?

There's no way to avoid outages completely for any given machine. PC OSes aren't meant for that. Any high-availability service needs to be able to tolerate the failure of any one machine. So why not just reboot it when you get a critical update to the kernel or major system library? That way you know that the machine reboots properly, too.

My suspicion is that this is mainly meant to lure in Linux users who want the "please reboot your computer" messages to go away. But those messages are misleading. If you Ksplice and never reboot, your libraries will remain outdated indefinitely – it's not secure. Distros would do better to ask for reboots only on security updates, and to do so for libraries and running applications (if they can't be easily restarted) as well as kernel updates.

Re:I don't get the point

[drsmithy]

Let's say I'm running a high-availability server and can't stand any downtime.

if your service depends on a single server, it isn't HA. If you really can't stand any downtime your architecture is broken.

Re:I don't get the point

[ADRA]

Libc is easy. Install the update while the app is running. The old version of the library stays alive in ram as long as processes still have handles to it which is no big whoop unless its an exploit that you really must clean up immediately.
If application X uses libc, the next time its started it'll get the new version of the library and happily co-exist with the old one, nay?

Re:I don't get the point

[ADRA]

You could have tight capacity limitations on the existing hardware and you can't setup new servers fast enough, so having even one of a HA cluster can severely impact the cluster's throughput. Its obviously not the situation you want to be in, but it does happen. Another possibility is that there's an inherent flaw in the cluster software itself, which requires a full cluster restart. No matter how HA your HA infrastructure is, it can and does go down.

Re:I don't get the point

[afidel]

Hardware failure and hardware upgrade can be handled by VMWare FT assuming your app fits into 1 vCPU (this will probably be relaxed in the future but I have heard nothing about even experimental support for vSMP yet).

Re:I don't get the point

[Simetrical]

Hardware failure and hardware upgrade can be handled by VMWare FT assuming your app fits into 1 vCPU (this will probably be relaxed in the future but I have heard nothing about even experimental support for vSMP yet).

Okay, this is a legitimate point. If you use clustering or something, then you might be immune to most hardware failures. Even if you use regular hardware, if you have enough hardware redundancy you're only subject to CPU/RAM/motherboard failure, and most of that's hot-swappable for upgrades with the right OS. Not perfect, but say planned downtime once per five or ten years for an OS upgrade, probably acceptable. It's possible.

But it's much more common these days to just design systems you can reboot nodes without downtime, so I don't see hot-patching allowing "No More Need To Reboot" except in a very small minority of setups. Better to think of it as a tool to increase security by letting you deploy patches faster.

Re:I don't get the point

[Simetrical]

Libc is easy. Install the update while the app is running. The old version of the library stays alive in ram as long as processes still have handles to it which is no big whoop unless its an exploit that you really must clean up immediately. If application X uses libc, the next time its started it'll get the new version of the library and happily co-exist with the old one, nay?

Sure. You just have to restart everything using libc, like for instance:

$ sudo lsof -c init 2>/dev/null | grep libc
init 1 root DEL REG 251,0 269825 /lib/tls/i686/cmov/libc-2.11.1.so

Notice how it's deleted, so presumably init is using an old libc version that was upgraded. Hope it doesn't contain vulnerabilities! If you can't tolerate rebooting your system, you probably can't tolerate restarting every single process, either. And if you can leave unpatched libc running in all these daemons, why not an unpatched kernel too?

All that said, it would be nice if distros could apply patches live automatically for the benefit of regular users, who ignore the "please reboot" message (or even just take hours to notice it). At least it will reduce vulnerabilities. But this can't fairly be billed as a way to avoid rebooting altogether, which is how it's often presented: "No More Need To Reboot". Wrong.

Re:I don't get the point

[ADRA]

"Hope it doesn't contain vulnerabilities!"

Which is why I added the caveat. In reality, you don't really have to restart the system even on a fatal flaw. Init isn't terribly insecure with the old version if the exploit was a vulnerability in sockets for instance; whereas if there was a socket bug in libc and you were running Apache, sure as hell you want to reload Apache with the fresh version.

Re:I don't get the point

[Simetrical]

"Hope it doesn't contain vulnerabilities!"

Which is why I added the caveat. In reality, you don't really have to restart the system even on a fatal flaw. Init isn't terribly insecure with the old version if the exploit was a vulnerability in sockets for instance; whereas if there was a socket bug in libc and you were running Apache, sure as hell you want to reload Apache with the fresh version.

Your average sysadmin (or even your above-average sysadmin) is going to be pretty hard-pressed to figure out which services a given library vulnerability "really" affects. Without really understanding the code, it's hard to say. The only safe thing is to restart everything.

Re:I don't get the point

[drsmithy]

You could have tight capacity limitations on the existing hardware and you can't setup new servers fast enough, so having even one of a HA cluster can severely impact the cluster's throughput.

Then you're not HA. You're Mostly-A.

Its obviously not the situation you want to be in, but it does happen.

Absolutely. And the proper response is to restore HA capabilities, not mess around slapping bandaids onto a broken leg.

If your SLA is 24/7, then any dependence on a single server means you can't deliver it. *Why* that server goes down is utterly irrelevant to that fact.

Re:how about is linux with memory leaks?

[owlstead]

And you can easily put in an icon that forces a process that owns a Window to quit (it looks like a broken window on Ubuntu/GNOME). The only times I have to reboot is when X.org takes out the desktop *and* the keyboard, or when ACPI fails. Those things things still happens too often.

Re:how about is linux with memory leaks?

[vadim_t]

It shouldn't be a program's fault.

I'd check for things like filesystem corruption, disk problems and other hardware issues or network problems if over the network. Try "dmesg" and see if there's anything unusual in the log when the problem happens. If it's none of that, it may be that the program is indeed running into a kernel bug somewhere. Trying a newer/older kernel to see if it makes any difference could clarify something in such a case. And if it looks like a kernel issue, report it to the kernel developers.

userspace hotpatching is possible as well.

[Chirs]

When your kernel needs an update, you use ksplice. If libc needs an update, you hot-patch libc in the same way. "But there's no way to do that!", you say? Actually, there is--it's just proprietary. The place I work at has implemented userspace hotpatching on linux for several architectures.

Re:userspace hotpatching is possible as well.

[Simetrical]

When your kernel needs an update, you use ksplice. If libc needs an update, you hot-patch libc in the same way. "But there's no way to do that!", you say? Actually, there is--it's just proprietary. The place I work at has implemented userspace hotpatching on linux for several architectures.

And for hardware failures? Or critical service restarts? Or a bug causing an OS crash? Put it this way: you can either try to minimize the downtime of each server, or make it so that the downtime of one server doesn't affect service. The former is much more complicated and error-prone, and is still going to fail sometimes, so you need the latter regardless if you're really aiming for reliability. And the latter makes the former unnecessary.

Re:how about is linux with memory leaks?

[Col.+Bloodnok]

Interestingly, Solaris had (past tense, as it's dead) a command to remove zombie processes.

preap

I never had the chance to use it, but I thought it had a cool name.

Re:how about is linux with memory leaks?

[haruchai]

I recall seeing this problem with NFS some years back - don't know if it's still the case. The clients with open connections would freeze solid if the server abruptly dropped the connection, for whatever reason, and would stay
that way until either forcibly rebooted or until the server reconnected.
I think that the server could be mounted in a "soft" state to prevent that but was told there was too much of a performance penalty.

Slashes the cost?

[human-cyborg]

Major Linux distributions ask their users to install a kernel update roughly once each month. Before Uptrack, each such update required a reboot. Until a system can be updated, it remains vulnerable to security flaws. By allowing users to install kernel updates without downtime, Uptrack slashes the cost of system administration [...]

Slashes the cost how? So... your sysadmins are all working on putting out fires caused by attacks on vulnerabilities, since they didn't get the patches in right away? Or they're just sitting around idle, waiting for the exact, once-a-month moment to reboot the computer.

You'll still need the sysadmin to apply these updates anyway, Ksplice or not. It's not like Ksplice will come to your machine room and install the updates themselves. And it's not like applying the updates the moment they are released will guard you against all exploits either.

You need sysadmins to fix things when attackers break it. You need sysadmins to fix things when users break it. You need sysadmins to fix things when it breaks itself. Preventative maintenance, housekeeping, and not to mention updates to every other piece of software on a server other than the kernel. Seriously, rebooting a machine takes up the least amount of my time. I type `sudo reboot`, enter my password, and the machine does the rest. If I've done my job correctly I don't have to sit there and hand-hold the machine while it boots itself.

Re:LOL Linux users

[mabhatter654]

well for starters, Apple doesn't officially support using Blades or Virtual Machines (they did "allow" VMWare to do it", but only on Mac Hardware) which are where many enterprise Linux installs are living nowdays on IBM, Dell, or HP farms. Apple hardware doesn't really have an enterprise presence or connections to the type of SAN hardware running in many places. You have to ASK to buy a Mac and not many IT departments would allow that. You don't have to ASK to try out a Linux install, you can beg "forgiveness" later on because generally you won't cost the company monie$$, or at least risks they wouldn't have spent money on in the first place. While Macs are cool, as far as enterprise uses, it is still pretty limited. I have several macs (so I'm not a hater) but I could never get my IT manager to take them seriously.

Re:Hey...wait a minute....

[ScrewMaster]

I've always been told by the Linux fan-bois that they haven't rebooted their computers since 1847

It's like this, the first time you turn it on, it's called a "boot". Every time after that is called a "re-boot". If you've only had to turn it on once, you've never rebooted it.

Re:You're doing it wrong.

[afidel]

Or you're running VMS. The Irish national railway had a cluster uptime of 17 years back in 2007 when VMS turned 30 =)

Re:how about is linux with memory leaks?

[drsmithy]

WTF are you talking about? Kill -9 gets rid of apps if you really need too, rebooting is for windows users.

If you've never had a process that kill -9 couldn't kill, you can't have been using Linux (or any other UNIX-like system) for very long.

Rest assured it's quite possible to get a system into a situation where a reboot is _required_.

Re:You're doing it wrong.

[afidel]

Oh, that VMS stuff had been patched, and the hardware failures were taken care of too, I doubt any single cluster node had an uptime of more than 5-8 year =) It's precisely because they were designed around online patching, node failover, etc that such a feat could be accomplished. Of course the patching probably wasn't as time critical as a modern system that has to deal with the entire world of zero day exploits so things were probably much more rigorously tested then they can be today.

this is not the same at all

[quitte]

if you cared to look at your own link, you'd see that it is about patching files without the need to reboot. On a running system the kernel is entirely in the memory.
Also the statistics Microsoft is giving aren't impressive at all. From your link:

The following examples demonstrate possible savings from reboot reduction:

        * Of the 22 updates that shipped for Windows Server 2003 RTM between April 2005 and August 2005, 15 of them required a reboot. Eight of these could have been hotpatched. This would have reduced the number of reboots by 53%.

        * Of the 14 updates that shipped for Windows Server 2003 Service Pack 1 (SP1) prior to August 2005, ten of them required a reboot. Four of these could have been hotpatched. This would have reduced the number of reboots by 40%.

It seems to me, after some googling, that while Windows actually does have mechanisms to patch functions of the in-memory kernel and libraries, that what hotpatching means in the context of Windows is pretty much a normal upgrade without a reboot.

It's software

[Yfrwlf]

Please stop calling software "technology". Live change-overs should be a feature implemented into Linux distros, though, something I've wanted for a long time though my idea was on more of a complex Linux (the kernel) level, a 2nd kernel being able to start up along side an existing one, and then the live kernel passing off the necessary info and handling to it on all-the-fly. Something like that. :P

Anything is possible in software.

Web and DB on same machine

[tepples]

You apply kernel upgrades to DB production servers ???

To save costs, a lot of smaller shops run the web application server on the same hardware as the database server, but these are typically running PostgreSQL or Oracle MySQL instead of Oracle Database. When a flaw is discovered in the RDBMS or the kernel it's running on, how is it safe not to upgrade? Or are you claiming that all software should work around known, fixed RDBMS bugs at the application level instead of updating the database server?

Nothing is cost-free

[tepples]

how much time is spent starting BIOS and the kernel compared to starting "everything but init"?

More than zero.

That's not what I asked. True, the time to restart the BIOS and kernel is greater than zero. But what (positive) fraction of the restart time involves the BIOS and kernel? And does the nonzero cost of this time necessarily exceed the benefits of restarting, such as clearing out stale caches and the like?

Re:LOL Linux users

[soppsa]

You probably need a new IT manager.