Slashdot Mirror


Linux 4.0 Getting No-Reboot Patching

An anonymous reader writes: ZDNet reports that the latest changes to the Linux kernel include the ability to apply patches without requiring a reboot. From the article: "Red Hat and SUSE both started working on their own purely open-source means of giving Linux the ability to keep running even while critical patches were being installed. Red Hat's program was named kpatch, while SUSE' is named kGraft. ... At the Linux Plumbers Conference in October 2014, the two groups got together and started work on a way to patch Linux without rebooting that combines the best of both programs. Essentially, what they ended up doing was putting both kpatch and kGraft in the 4.0 Linux kernel." Note: "Simply having the code in there is just the start. Your Linux distribution will have to support it with patches that can make use of it."

73 of 125 comments (clear)

  1. Starting to feel old by Gumbercules!! · · Score: 4, Insightful

    I'm starting to feel old. I'm still on 2.6.x on my boxes.

    1. Re:Starting to feel old by TFlan91 · · Score: 1

      Just curious, why?

    2. Re:Starting to feel old by Flavianoep · · Score: 1

      No worries! Since Torvalds decided to number the successor of kernel 2.4.x as 2.6.x, in spite of major changes, the kernel numbering system stopped being just technical.

      --
      Linux is for people who don't mind RTFM.
    3. Re:Starting to feel old by Gumbercules!! · · Score: 3, Interesting

      Coz all my servers are production or purpose defined, and based on CentOS or VyOS. They all work. They all do their jobs - so I haven't had a compelling reason to upgrade. I did put one server briefly on CentOS 7.0 (Kernel 3.10 or something) and the client couldn't figure out how to use it, so I rolled it back.

    4. Re:Starting to feel old by NatasRevol · · Score: 5, Insightful

      Only people without servers in production/critical environments ask 'why haven't you upgraded already?'

      --
      There are two types of people in the world: Those who crave closure
    5. Re:Starting to feel old by gweihir · · Score: 1

      Senile and demented people typically think the problem is with others...

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    6. Re:Starting to feel old by theburp · · Score: 1

      At my place of work we're still running the 2.6.35 kernel. Reason: It's the latest kernel supported by our hardware (Freescale i.MX53).

    7. Re:Starting to feel old by haruchai · · Score: 4, Insightful

      And that's how my team ended up supporting 10 - 25 yr old fossilized gear running all kinds of old, insecure shit that almost noone can remember what's the login or sometimes what's it for.

      --
      Pain is merely failure leaving the body
    8. Re:Starting to feel old by Anonymous Coward · · Score: 1

      No, your workplaces complete lack of enforcing a documentation policy is why you have that mess. You're job isn't to run shiny new OS installs, your job is to keep everything running smoothly. Good documentation is a part of that.

    9. Re:Starting to feel old by NatasRevol · · Score: 2

      There's a huge difference between 'why haven't you upgraded?' and 'why haven't you upgraded already?'.

      --
      There are two types of people in the world: Those who crave closure
    10. Re:Starting to feel old by dwywit · · Score: 2

      And that's why my hourly rate goes up, up, and away when the client can't supply documentation. It doesn't decrease the frustration, but helps to make it bearable.

      --
      They sentenced me to twenty years of boredom
    11. Re:Starting to feel old by haruchai · · Score: 1

      Perhaps.
      But depending on the system or product, that difference may not be large.
      One vendor allowed us to run fully supported on a particular product version for 5+ yrs but now requires us to upgrade again, after only 2 years, by the end of 2015.

      Upgrading this system affects about 5000 users & 35 external partners and required almost 4 months of preparation & co-ordination.

      --
      Pain is merely failure leaving the body
    12. Re:Starting to feel old by Carnildo · · Score: 1

      $ uname -a
      Linux snail 2.4.37.11 #2 Tue Dec 28 14:55:32 PST 2010 i586 Pentium MMX GenuineIntel GNU/Linux

      --
      "They redundantly repeated themselves over and over again incessantly without end ad infinitum" -- ibid.
  2. Finally... by reverieee · · Score: 1

    I remember being surprised when I found out Ksplice costs money.

    1. Re:Finally... by Zan+Lynx · · Score: 1

      The kernel parts have always been free under GPL2.

      The part of this that is worth money is creating patches to apply with this system. Patches that won't crash the machine or corrupt data.

    2. Re:Finally... by Bacon+Bits · · Score: 5, Interesting

      Oracle bought it. Still surprised?

      Not only that, but Oracle bought it on July 21, 2011. The current version of Ksplice? Released on July 28, 2011. The major feature of the current release? The changelog says the only change was "Removed unnecessary zlib detection from configure." But now only Oracle Linux is supported.

      It's still available through source code, which you can find with a bit of digging (you can't navigate to it from the top level page, as far as I can tell... Ksplice isn't listed as a project). I think the amount of investment and effort put in that site makes it clear what Oracle's stance is.

      At least Microsoft extends before they extinguish....

      --
      The road to tyranny has always been paved with claims of necessity.
  3. Now it sounds like 4.x by Flavianoep · · Score: 1

    Finally, they gave us a thing for the change from 3.x to 4.x make sense.

    --
    Linux is for people who don't mind RTFM.
  4. Re:Systemd in 4.0-era, for or against? by Ol+Olsoc · · Score: 4, Funny

    Isn't there a Women in STEM or global warming thread for you to infest?

    --
    The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
  5. Re:Systemd in 4.0-era, for or against? by sumdumass · · Score: 2

    Wow, not only is the story a dupe, so is the lame attenpt to hijack it and.make it about/ whine about systemd.

    Now all we need is for aa bunch of dupes pointing this out and we can just take off for a mini vacation before we all fork the kernel and role our own and try to hijack every other linux story.

    I do not know what to think about systemd other than it seens to work but i do know i'm about sick with the people trying to inject it inti any linux related story. Perhaps someone should just move to BSD or something.

  6. Chicken, meet egg by Marginal+Coward · · Score: 5, Funny

    "Simply having the code in there is just the start. Your Linux distribution will have to support it with patches that can make use of it."

    Darn. It looks like I'm gonna have to patch and reboot so I won't have to reboot after I patch.

    1. Re:Chicken, meet egg by wonkey_monkey · · Score: 2

      Yo dawg, I heard you

      Ah, screw it.

      --
      systemd is Roko's Basilisk.
    2. Re:Chicken, meet egg by Ol+Olsoc · · Score: 1

      Yo Dawg! We heard you liked to patch. So we got you a patch to patch your patches while you're patching.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    3. Re:Chicken, meet egg by Anonymous Coward · · Score: 2, Interesting

      "Simply having the code in there is just the start. Your Linux distribution will have to support it with patches that can make use of it."

      Darn. It looks like I'm gonna have to patch and reboot so I won't have to reboot after I patch.

      FTFS: Essentially, what they ended up doing was putting both kpatch and kGraft in the 4.0 Linux kernel.

      In other words the RedHat and OpenSuse teams decided no compromise is the best compromise. GNU/Linux used to stand on principles, now it is all about corporate control and marketing.

    4. Re:Chicken, meet egg by Anonymous Coward · · Score: 1

      Yo Dawg! We heard you liked to patch. So we got you a patch to patch your patches while you're patching.

      And gamification will be forthcoming so you can earn badges and stickers if you successfully complete each rebootless patch patch patch. Damn hipsters!

      Mr. Torvalds please return Linux to its principled roots and forbid corporate control.

    5. Re:Chicken, meet egg by Ol+Olsoc · · Score: 1

      And gamification will be forthcoming so you can earn badges and stickers if you successfully complete each rebootless patch patch patch. Damn hipsters!

      Mr. Torvalds please return Linux to its principled roots and forbid corporate control.

      I like the pretty gold round ones! Yay- me for stickers!

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    6. Re:Chicken, meet egg by Ol+Olsoc · · Score: 1

      Patches? We ain't got no patches. We don't need no patches. I don't have to show you any stinking patches.

      "He said, "Patches

      I'm dependin' on you, son

      I tried to do my best

      It's up to you to do the rest"......"

      We'll see how many get that reference....

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    7. Re:Chicken, meet egg by jellomizer · · Score: 1

      Without reboots, how am I to know if I setup my rc.d scripts correctly? Or kill that background app a user ran nohup myscript.sh &
      I mean without having to reboot the system, I am expected to do real systems administration work, not just a blanket refresh everything, once in a while. Patches gave me a good excuse to do such.

      --
      If something is so important that you feel the need to post it on the internet... It probably isn't that important.
    8. Re:Chicken, meet egg by cthulhu11 · · Score: 1

      It's like Sun's Live Upgrade -- apply patches / updates to a copy of the running environment, then reboot into it. Nice enough idea. Ironically there was always a long list of patches that needed to be applied traditionally, often entailing a reboot, before LU could be run.

  7. scientific computing by e**(i+pi)-1 · · Score: 4, Interesting

    will be important for scientific computing. One of the weak points of OSX is the necessity to reboot even for minor stuff (but its also getting better there. Most upgrades in linux already do not require any reboot which is nice when having jobs running for weeks.

    1. Re:scientific computing by chuckymonkey · · Score: 4, Insightful

      If you have weeks long running jobs on your desktop you're doing it wrong. There's a reason servers exist in datacenters. I work in scientific computing and people running jobs on their desktop is a huge problem, they spend ridiculous amounts of money for something like a Mac Prol to run this stuff on when they should be buying actual servers instead. Then complain when their desktop is running like shit or their job fails because the building took an intermittent power hit. You can even put GPU compute in servers and have a lot less concern for your systems going down.

      --
      "Some books contain the machinery required to create and sustain universes."-Tycho
    2. Re:scientific computing by bill_mcgonigle · · Score: 1

      scientific computing. One of the weak points of OSX

      I would have guessed that the high price per unit work for their proprietary hardware would be the limiting factor. Can't you hire for "free" a dedicated linux admin for the cost difference between clusters?

      Or is there a specific advantage OSX is bringing to the table? XGrid is long dead, right?

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    3. Re:scientific computing by MachineShedFred · · Score: 3, Informative

      On OS X the reboot is for user convenience. If you use the command line software update tools, you can install them as you wish, and not reboot. Then you can restart services with launchctl or reload patched kexts and save yourself a reboot. Does this take a lot of extra time and testing? Sure - thus the reboot.

      --
      Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
    4. Re:scientific computing by serviscope_minor · · Score: 2

      If you have weeks long running jobs on your desktop you're doing it wrong.

      I disagree, speaking as someone who has in fact had a weeks long job running on my desktop before. I mean if you have a fast PC (desktop processors are often faster per core, at the expense of fewer cores) and it's a single threaded job (sadly, not all workloads are parallelisable) then it makes sense to run it locally.

      If power outages happen once per year (I think that's pessimistic), and the job lasts a month then that's an average of 5 of compute days wasted per year due to power outages. And that's assuming the job doesn't checkpoint itself to allow for continuation (mine did).

      That was an excessive case. Even so, a few-day job or an overnighter or so on is completely fine, but you'd still find reboots annoying.

      Then complain when their desktop is running like shit

      I've never had a problem with that on Linux. Even if you load up the CPU with one full job per core, the system stays very responsive. Hell even with one job per hyper-thread on Intel, which is overloaded by a factor of nearly 2 and it's pretty responsive, especially if you renice the jobs.

      You have to go waayyy over the capacity of the machine to make it run like crap.

      You can even put GPU compute in servers and have a lot less concern for your systems going down.

      True, but there are fewer options for those and they're often much more expensive and less good in servers compared to desktops, depending on the workload.

      --
      SJW n. One who posts facts.
    5. Re:scientific computing by bored · · Score: 2

      I disagree, speaking as someone who has in fact had a weeks long job running on my desktop before. I mean if you have a fast PC (desktop processors are often faster per core, at the expense of fewer cores)

      Well you have to differentiate whether your talking about an intel desktop machine or a "workstation" class machine. The difference at this point is the "workstation" is using xeon class processors, and has ECC. The problem is that the "workstation" has exactly the same processors as the rack mount machine running in the server room with a much better power and cooling environment.

      That said, it is possible to get something like the Xeon E5-2637 v3 which is a quad core, 3.5 Ghz (+turbo) CPU. Sure its not the the 4+Ghz you can get on a "desktop" CPU but it does have a LGA 2011v3 which will give you significantly more memory bandwidth and ECC.

      Frankly, while I think running anything besides a desktop workload on a "desktop" is silly because those kinds of workloads tend to be better handed with servers. It does seem that intel has lost its way a little when it comes to extreme single threaded performance. Particularly in the server space. Why they don't offer a 200+ watt pig clocked a few percent higher seems strange. Pretty much everyone else does it (POWER8, z13 (@ 5.2 Ghz), AMD, etc).

    6. Re:scientific computing by danbob999 · · Score: 1

      If you have weeks long running jobs on your desktop you're doing it wrong. There's a reason servers exist in datacenters. I work in scientific computing and people running jobs on their desktop is a huge problem, they spend ridiculous amounts of money for something like a Mac Prol to run this stuff on when they should be buying actual servers instead.

      I agree the Mac Pro is a bad choice (overpriced), but most servers are more expensive than a fast desktop with similar performance. Given that you need a desktop PC anyway, it often make sense to invest an extra $500 or even $1000 in it to save the costs of a server.

    7. Re:scientific computing by Penguinisto · · Score: 1

      If you have weeks long running jobs on your desktop you're doing it wrong.

      Some of us cannot afford our very own personal render farm, or justify the cost of renting time on one, merely to satisfy our little hobbies. ;)

      Personally though, it's not just work that keeps us from rebooting. On my part, it's usually a month or two between reboots on my MBP laptop, and even then patching is usually the only reason... why bother waiting for a full boot process to finish when I don't have to? Close the lid and let it go to sleep... it's only a few seconds waiting for it to wake up when I want to use it again.

      --
      Quo usque tandem abutere, Nimbus, patientia nostra?
    8. Re:scientific computing by Penguinisto · · Score: 1

      scientific computing. One of the weak points of OSX

      I would have guessed that the high price per unit work for their proprietary hardware would be the limiting factor.

      Not really - you can still buy old XServe boxes for a relatively reasonable price, pack them with RAM, and load ESXi on each one so that you can run a buttload of little OSX VMs on each one. Yes, it's perfectly legit to do exactly that under the Apple EULA (I did it for a former employer who wanted rack-mounted OSX instances for testing - it was its own little cluster in a vSphere farm, and it was far easier to clone off replacements or new VMs.)

      --
      Quo usque tandem abutere, Nimbus, patientia nostra?
    9. Re:scientific computing by nine-times · · Score: 1

      Yeah, it's also like, "In order for the update to full take effect and work correctly, we need to restart a bunch of services and applications. You should save all your work, since various things might close or stop working for a little bit." You can explain that to users, have them not pay attention, and then get pissed off because the update closed their document that they didn't save. Or you can just tell them that you're going to reboot.

      Users understand rebooting better.

    10. Re:scientific computing by Chalnoth · · Score: 1

      If you have a weeks-running job and it isn't fault-tolerant, you're doing it wrong, period. As long as it's fault-tolerant, it isn't a big deal where it's run.

      That said, if you have a job that takes days to run on a single computer, it'd be a good idea to either invest in a compute cluster or get some time on one.

    11. Re:scientific computing by dissy · · Score: 1

      If you have weeks long running jobs on your desktop you're doing it wrong. There's a reason servers exist in datacenters.
      *SNIP*
      when they should be buying actual servers instead.
      *SNIP*
      You can even put GPU compute in servers and have a lot less concern for your systems going down.

      Well since you offered, could you make your paypal payment to me about $6000 USD for a mid-range server?
      Or since you're being so generous offering to pay for servers for us, how about a nice even $10000 and I'll get one of those newfangled blade systems!

  8. What could possibly go wrong? by gb7djk · · Score: 3, Interesting

    Is it just me that is rather uncomfortable about the ability to do seamless, run time, patching on (any) operating system? Isn't there a rather large elephant of a precedent out there somewhere for the sorts of things that this facility this feature could be misused for?

    1. Re:What could possibly go wrong? by MachineShedFred · · Score: 5, Insightful

      It's been used for decades everywhere except the PC and it's server variants. It's no more a risk than current patching that requires a reboot, except that you don't have the downtime of a reboot.

      A bad patch is a bad patch. Have backups, have redundancy.

      --
      Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
    2. Re:What could possibly go wrong? by gb7djk · · Score: 2

      Yes, it's been around in server environments for years. Whilst one can see a case for adding this facility to linux servers in properly wrangled environments, my concern is on yer actual PCs, such as the one I am typing this on at the moment.

    3. Re:What could possibly go wrong? by swillden · · Score: 3, Interesting

      It's no more a risk than current patching that requires a reboot, except that you don't have the downtime of a reboot.

      Sure, if your concern is error, rather than malice. An attacker who gains root could use this to dynamically patch a backdoor into the running kernel. Rebooting the machine would potentially enable someone to notice.

      As another poster noted, though, you can already dynamically patch the kernel for malicious purposes by loading a malicious module, assuming that hasn't been disabled. In contexts where security is crucial, I would disable both dynamic module loading and run-time patching.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    4. Re:What could possibly go wrong? by ledow · · Score: 1

      At all points you can modify the kernel, there's a potential for mischief, of course.

      But what you're saying is that rebooting is somehow a magic cure-all that guarantees the system isn't infected somehow, or that there's a user (or SecureBoot) there to "notice" something amiss.

      If SecureBoot can be fooled into loading an older kernel that can then be upgraded on-the-fly, it can be fooled into doing that at boot too.

      How often do you check your machine boot-up process to ensure it's on the version that grub etc. says it's loading? Anyone could fake that and then replace on-the-fly once the OS was loaded.

      Once you're into a system at that level, persistence of the underlying system is not a defence mechanism and can be subverted. Anyone could boot up the old, insecure kernel via SecureBoot, show you boot options that claim to load the latest kernel, then when running and the live-patching facility is up and running malicious code can run and claim it's the latest version number and you'd never know.

      Live-patching is not a security mechanism, but neither is it a lack of one.

    5. Re:What could possibly go wrong? by swillden · · Score: 3, Informative

      But what you're saying is that rebooting is somehow a magic cure-all that guarantees the system isn't infected somehow

      Don't be condescending. I'm not saying rebooting is a magic anything.

      Whether or not this matters depends on the threat model and why the attacker is interested in patching the kernel. For example, one purpose would be to disable other kernel security features, such as SELinux, or dm-verity. Most SELinux rules are configured and the configuration can be altered by root, but some are compiled into the kernel and can only be modified by modifying the kernel. Altering the persistent kernel image may not be possible for a variety of reasons (read-only media, SecureBoot, etc.). In addition, in security-sensitive and mission-critical contexts an unexpected reboot may well be noticed.

      I don't understand your assertion about SecureBoot. Are you referring to some known vulnerability of some particular secure boot system? Given a decent implementation of secure/verified boot, an attacker should not be able to convince the system to boot a modified kernel image, which means that run-time modification of the kernel is the only option if the attacker needs to bypass some kernel security enforcement.

      In general, the security model of a high-security Linux system assumes that the kernel is more trustworthy than root. The ability for root to modify the running kernel invalidates this assumption, which most definitely is a security issue.

      In the context of a system without mandatory access controls there may not be any reason to care, since once an attacker has obtained root there probably isn't any limit to what he can do.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    6. Re:What could possibly go wrong? by swillden · · Score: 1

      If someone gains root, they can swap out the on-disk boot image that contains the kernel, and wait for someone else to reboot it as part of normal maintenance.

      Assuming there isn't something that prevents the boot image from being replaced. See my other, more extensive, comment in this thread.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  9. Re:Again? by OzPeter · · Score: 1

    Wasn't this posted a week or two ago?

    Yep, it was discussed in Linux Kernel Switching To Linux v4.0, Coming With Many New Addons

    --
    I am Slashdot. Are you Slashdot as well?
  10. In a world... by Anonymous Coward · · Score: 1, Funny

    In a world, where slashdot stories get repeated at least twice per week, one man had finally had enough.

    Dilbert Smith was your average computer programmer, until one day, it happened, and the world would never be the same.

    Jean Claude Van Damme is .... The UNDUPLICATOR.

  11. Re:In a parallel world. by Anonymous Coward · · Score: 1

    What's it like in your parallel world? I'm running an investment and billing platform, as well as the testing and development environments on ~60 Linux instances far more securely than if it was on Windows. We have 4 Windows servers in our platform for AD and because someone requires reporting in MS SQL, and they spend far more time patching and rebooting than the ~60 Linux instances do. That OS *is* profitable enough for someone to want to fix it, and yet it still hasn't been.

    Go spread your FUD elsewhere.

  12. Why both? by tecker · · Score: 1

    Was there general consensus that both methods complemented each other or was it one of those "ours is best so we want it in"? Having looked at how they work each has its pluses and minuses but they couldn't have come up with one? Seems to me like they were sitting around going "yea these are so different there is no way to combine them to make one... and we dont want ours to be left out so fuck it, use em both."

    --
    Procrastinating life a way at a rapid rate of speed.
  13. Re:BOYCOTT LINUS! FORK LINUX! by halivar · · Score: 1

    Hear, hear! Let's throttle that shit back to the 386, and the hell with these new-fangled 32-bit processors!

  14. Ummm by kdub007 · · Score: 1

    Didn't Torvalds talk about this last week? This is hardly news.

    --
    The correct answer is 42.
  15. You're kidding, right? by SIGBUS · · Score: 2

    He's on CentOS; they have this absurd scheme for kernels where they freeze the reported version and apply "selected patches" for 5+ years, so you never know what bugs are fixed.

    You can get the kernel changelog easily enough:

    rpm --changelog kernel

    --
    Oh, no! You have walked into the slavering fangs of a lurking grue!
    1. Re: You're kidding, right? by TheGavster · · Score: 1

      Yes, but vulnerabilities are generally described as "introduced in x" or "fixed in y". Range checking a version is much easier than searching a change log.

      --
      "Because Science" is one step from "Because old book". Try "Because of my experiment testing my falsifiable assertion".
  16. Not going to get any better by Anonymous Coward · · Score: 1

    If you were lost in the 3.0 kernels just wait until you try 4.0. Gone are the days of simply using ifconfig or adding a shell script to run on startup. Move to some form of BSD where the development process is sane. Changing for the sake of change is not a good idea.

  17. Re:So basically we're finally catching up to Novel by decsnake · · Score: 1

    sorry AC, I've got no mod points for you, but you are exactly right, except in the good old days of NW 3.x , netware admins would laugh at someone bragging about 300 days of uptime. I worked with NW sites that had servers with years of uptime. I've had unix servers that had years of uptime, not that that was a smart thing. It just meant they were running on reliable HW and hadn't been patched for years. With NW you could have servers with years of uptime and up to date SW.

    The last NW site I worked at (late 90s maybe?) was shutting down NW servers that had been up non-stop since they were deployed years before to replace them with Windows servers as part of some lame-brained management driven "server consolidation" plan. Wonder how much money they "saved" with that?

  18. We already had this with the modules... by Lumpy · · Score: 1

    Very cool that you can now patch and reload the core without a reboot, I just wonder how they handle when data structures change dramatically between major versions, will they replace the running data with predefined?

    --
    Do not look at laser with remaining good eye.
    1. Re:We already had this with the modules... by ledow · · Score: 1

      Don't quote me on it, but from my understanding of the trampoline kernel patches there's a point at which the calls to old system calls are blocked and the calls to the new replacement system calls are demanded.

      There's a lot of logic involved in determining when the system is in a state to do that such that you don't end up feeding new structures to old syscalls, or old structures to new syscalls mid-way through (by checking that their dependent / source syscalls are all upgraded by that point, etc.)

      But, mostly, things tend to stay the same. You can do an awful lot to the running kernel just by loading kernel modules. I know I added in DRBD devices to a kernel that I couldn't modify the source too (running under a Xen hypervisor that I don't have control of) just by compiling and inserting a kernel module for it.

  19. Re:So basically we're finally catching up to Novel by Lumpy · · Score: 2

    One place I worked at we had a horribly out of date NW server on the network that nobody knew where it was... I searched for weeks and could not find it. Finally years later it was found inside a wall because of previous construction it was placed out of the way and covered with a plastic tarp.

    So it was running all those years WITH NO AIRFLOW and no reboots. A testament to old SCSI hard drives.

    --
    Do not look at laser with remaining good eye.
  20. oops by SIGBUS · · Score: 1

    Make that: rpm -q --changelog kernel

    --
    Oh, no! You have walked into the slavering fangs of a lurking grue!
  21. Re:new path for virus. by ledow · · Score: 1

    To live-patch, you'd need to run code as root.

    If a malicious executable ever gets root, it can persist itself in any fashion it likes. Live-patching isn't a necessity, nor a hole in this sense.

    Even with SecureBoot, there's nothing stopping such code going through boot up again, and exploiting the same hole again through any of the millions of ways a root-running-executable could make something start at startup.

    So long as this works in tandem with facilities like cryptographic module signatures, I don't see how its any more a risk than the alternative.

    And, as always, you can always turn it off.

  22. Re:So basically we're finally catching up to Novel by ledow · · Score: 1

    Such datacentre-level facilities often take decades to come down to consumer hardware and consumer OS.

    Virtualisation is, to x86 PC's, relatively new. But we've been doing it on the proper hardware for decades.

    It's not that some things were so brilliant, it's that the features are rarely needed and take a long time to filter down to commodity OS and hardware.

    Hell, I've never needed a cluster-based filesystem, and you don't see me complaining that Windows didn't introduce one to Windows until decades after they existed.

    On-the-fly patching, like a lot of features, isn't something needed on commodity OS. Virtualised infrastructure and distributed systems and high-availability features have largely made such things pointless up until now.

    But now that we're pushing for zero downtime clouds and mobile devices that can stay on for months at a time, it's good to revisit, re-purpose and use the established technology to do so. Before? Why did we need it when Linux would barely resume from suspend reliably?

  23. Great for servers, not that much for desktops by Parker+Lewis · · Score: 1

    While the kernel can be live patched, still some fundamentals pieces will lack live patch in the desktop, like X.org and libc. Ok, reboot a desktop is not that terrible task and not inconvenient like for a server. But it'd be nice to have.

  24. Re:Systemd in 4.0-era, for or against? by serviscope_minor · · Score: 2

    Isn't there a Women in STEM or global warming thread for you to infest?

    If systemd has any bearing on women in STEM or global warming, then truly its scope has become more vast than any dared to dream or dread.

    --
    SJW n. One who posts facts.
  25. Re: Systemd in 4.0-era, for or against? by sumdumass · · Score: 2

    lol.. Just like sysV is an inherent discussion topic for anything related to linux? How about X11 or whatever it is now? Grep, and VI I guess should always be on topic too.

    I think you have too much emotionally invested in something and and it's clouding your judgement.

  26. Re:Pfff. by serviscope_minor · · Score: 1

    Wow, I get the joke wasn't funny, but it's on topic, not off topic. An "overrated" mod would be more appropriate than an "off topic" one.

    --
    SJW n. One who posts facts.
  27. Re:Systemd in 4.0-era, for or against? by Ol+Olsoc · · Score: 1

    Isn't there a Women in STEM or global warming thread for you to infest?

    If systemd has any bearing on women in STEM or global warming, then truly its scope has become more vast than any dared to dream or dread.

    Does seem to be trolls that try ot turn every topic into a referendum on systemd.

    And those three topics generate a lot of activity.

    --
    The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
  28. Re:So basically we're finally catching up to Novel by Smauler · · Score: 1

    sorry AC, I've got no mod points for you, but you are exactly right, except in the good old days of NW 3.x , netware admins would laugh at someone bragging about 300 days of uptime.

    I've had over 200 days uptime on my Vista desktop system, and that was ended by a power cut. Uptime isn't really anything to brag about any more.

  29. Application restart by manu0601 · · Score: 1

    We are heading to the situation where patching the kernel will be faster than patching applications:

    Kernel upgrade: no downtime

    Adjusting a parameter in Java application: wait for 4 minutes for Glassfish to restart

  30. Excellent news... by chris_clay · · Score: 1

    Even though the technology has been there for some time, it's good that these organizations have collaborated together and implemented this. Awesome stuff. GNU/Linux is probably the only OS that is able to accomplish this. Windows can't even touch a no-reboot OS like this. So, those using Microsoft will continue to patch and reboot their systems on a regular basis, which takes a LOT of resources. Obviously, GNU/Linux will and should excel in various markets, because it truly is better and more stable. And not having to reboot is a huge deal in the datacenter. Now, we can get this technology without various licensing requirements even though the technology has been free up until now anyway.

  31. Re:So basically we're finally catching up to Novel by x_t0ken_407 · · Score: 1

    This...this is amazing!