Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security Linux

A "Never Reboot" Service For Linux 321

An anonymous reader writes "Ksplice, the company based on the MIT Ksplice project, is now offering its 'never reboot' service for Red Hat, Debian, and other Linux distros. You subscribe and get real-time kernel security updates that apply in-memory instead of rebooting. Last summer we discussed the free service for Ubuntu. Cool tech, but will people really pay $4 a month for this?"
This discussion has been archived. No new comments can be posted.

A "Never Reboot" Service For Linux

Comments Filter:
  • How long till they.. (Score:5, Interesting)

    by mystikkman ( 1487801 ) on Tuesday February 09, 2010 @07:24PM (#31080388)

    How long till they get sued by Microsoft?

    http://www.google.com/patents?id=cVyWAAAAEBAJ&dq=hotpatching [google.com]

    • by wcb4 ( 75520 ) on Tuesday February 09, 2010 @07:26PM (#31080408)

      Its a shame that MS never figured out how to actually implement this. How many times do I have to restart my computer to finish applying update?

      • by __aasqbs9791 ( 1402899 ) on Tuesday February 09, 2010 @08:26PM (#31080922)

        Yeah, I love the updates that require a reboot so they can install another update that then requires another reboot.

        • by nmb3000 ( 741169 ) on Tuesday February 09, 2010 @09:10PM (#31081278) Journal

          Yeah, I love the updates that require a reboot so they can install another update that then requires another reboot.

          Ah, see now you're confusing Microsoft with Adobe. Adobe is terrible at requiring reboots for the most trivial tasks. At one point updating Acrobat Reader from the original 7.0 release to the then-newest 7.8 release took 8 restarts.

          I'll buy rebooting the system when the kernel is updated, or core services (lsass, winlogon, csrss, etc) get patched, but Acrobat!? The people who write the installers for Adobe's products have long been my arch nemesises (nemesi?) for this very reason.

          • Re: (Score:3, Informative)

            by BZ ( 40346 )

            The correct plural is "nemeses" (it's a Greek word, not Germanic or Latin as suggested respectively by your two proposed plural forms). Similar to how one pluralizes "axis", "synthesis", "analysis", "genesis", etc, and for the same reasons.

            I should note that any sane dictionary will tell you what the plural form of a noun is. Or heck, googling "plural nemesis" in a pinch (first two hits are dictionary entries for "nemesis" that include the plural form). Just for future reference. ;)

          • Re: (Score:3, Insightful)

            ...which shows what is wrong with Microsoft's kernel

            It's supposed to be a microkernel (or nearly one) but needs rebooting if services outside the kernel need updating....

            Linux is not a mircokernel and normally only needs rebooting to update the kernel, and now not even that ...

            • Re: (Score:3, Informative)

              by jonadab ( 583620 )
              > ...which shows what is wrong with Microsoft's kernel

              It's not the kernel. It's the filesystem.

              Most filesystems, and in particular all the ones that are popular in the Unix world, have an abstraction/redirection layer sitting between a file's directory entry and the actual file contents. Unix people call them "inodes". The details vary somewhat depending on exactly what filesystem you're using, but in general the directory entry points to the inode, and the inode points to the actual file contents whe
        • Yeah, I love the updates that require a reboot so they can install another update that then requires another reboot.

          You must be talking about .net... and IE8. Every version has two or three reboots built in! It's especially noticeable if you have to reinstall from an XP SP1 disc. (happens occasionally when WGA malfunctions; SP1 has no concept of WGA, allowing you to fix it, then re-patch)

      • Re: (Score:2, Informative)

        by mysidia ( 191772 )

        Microsoft does have it (some limitations and restrictions apply -- results may vary, see inside for details, etc, etc)

        More of Microsoft's patches used to be available hotfixes.

        This is something you would need to specifically look up on their web site. If you want a hot patch, you may find that you can do one, for some security fixes, after reading up on the fix, and following the right procedures, but not through Windows update.

        Windows update by default applies security updates the safe way, by using a

      • Re: (Score:3, Interesting)

        by Curate ( 783077 )

        Oh it's implemented, in Vista (SP1 and later) / Server 2008 / Win7. It does reduce reboots, but does not eliminate them. Some reasons: 1) Not all driver updates are hotpatchable, by their nature. The Ksplice paper discusses some of these problems and omits others entirely. 2) Some of the updates distributed on Patch Tuesday are updates to third party drivers, and since third parties don't use Microsoft's hotpatching technology or some other equivalent, these often end up requiring a reboot. 3) If you'

    • by JSG ( 82708 ) on Tuesday February 09, 2010 @07:35PM (#31080498) Homepage

      The patent on this was filed in 2002. Yet in 2010 I am still making a handsome profit in overtime rebooting customer systems on a "patch Tuesday" monthly frenzy.

      Please MS, don't implement this one.

    • by tuomoks ( 246421 ) <tuomo@descolada.com> on Wednesday February 10, 2010 @12:54AM (#31082448) Homepage

      First Microsoft is not very eager to sue anyone, second this is totally different mechanism, third Microsoft patent is an old technology - very old because it describes what we did in OS/360, OS/370 operating systems and applications a long, long time ago. Patching memory was (sometimes!) a daily routine for local systems programmer - updating live 24x7 production systems is/was fun but scary!

      Anyhow - $4 is cheap when someone is doing the pre-work for you. Actually - the more modularized / structured Linux (Linux == kernel!) gets, the easier it is to support dynamic / online updates with no interruption. There are systems where you can do it already, even all(?) Unix systems allow you to change the whole object in flight if the application is written for it. Actually I designed a while ago one for Windows, load new object, kill the old and the new is automatically used for next call / request / whatever. Tandem Pathway is one very good example, Erlang as a language and a system supports it, systems with failover to another cpu / node have always supported it since Datasaab "non-stop" system from (I think?) early 70's (Cobol kernel!)

      Now, giving the "skills" of current "systems programmers", I'm not sure that real time patching is a good idea? Right or wrong, today the "hard" skills, understanding operating systems, their interactions with hardware and applications, etc is very rare! Not a person problem but the documentation, the trust on products / manufacturers / providers, etc are killing the low level skills even the computers handle zeros and ones the same way as day one. And unfortunately the same problems on high level - miracle products will solve all the problems / providers and manufacturers know my problems better than my experienced employees - and I have a bridge to sell!

  • by drolli ( 522659 ) on Tuesday February 09, 2010 @07:27PM (#31080416) Journal
    ..an using some Microkernel OS in which something like this would come as a well-controlled feature, we are using a monolithic kernel and self-modifying code?
    • by oldhack ( 1037484 ) on Tuesday February 09, 2010 @07:30PM (#31080446)
      An interesting illustration of theory (how it should be) vs. practice (how it pans out).
      • by el_tedward ( 1612093 ) on Tuesday February 09, 2010 @07:46PM (#31080626)

        Designing your own operating system isn't exactly a small feat.. Linux already has very good penetration into the server market, and offers the security that most organizations should have. Linux is what Windows should be. There's a LOT you can do with that kernel.

        Obviously complexity makes security difficult, but there's nothing wrong with making something complex if you're actually capable of managing it. Is setting up a rock solid firewall difficult for the average person in IT? Should we just get rid of anything in security that is relatively complex? I'd much rather have more options (not necessarily obfuscation) than be pigeon holed into something just because it's simple. Security is not simple, and it never will be.

    • As long as you purge ALL the memory pages used by a chunk of the kernel, nothing can go wrong, right? ;)

      Hey, it seems to work...

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      Advantages of a microkernel:

      Modules can be rebooted/maintained separately from the core kernel .... check

      The core kernel can be updated.....Nope but Linux has this anyway

      In kernel bug isolation & security....Nope

      Given there isn't a microkernel with 1/10 the other capabilities/hw support/usage of linux, doesn't it make sense to add stuff to linux instead of waiting for this mythical desktop microkernel.

    • Re: (Score:3, Insightful)

      by Blakey Rat ( 99501 )

      It would probably cost more than $4 a month to rewrite the Linux kernel to that extent. :)

  • Hell yeah! (Score:4, Funny)

    by Zocalo ( 252965 ) on Tuesday February 09, 2010 @07:34PM (#31080484) Homepage
    Immortality baby! Immortality! [xkcd.com]
  • Maybe if it was almost 497.1 days:)

  • by Dice ( 109560 ) on Tuesday February 09, 2010 @07:36PM (#31080508)

    Those who do not perform scheduled reboots of their servers do not know whether their servers will come back up properly after unscheduled reboots. How often have you seen someone add a service to a machine which becomes a critical part of your infrastructure then they forget to add it into the RC system?

    • Thats really a configuration management issue. I find the BSD startup scripts to be superior in this regard because the service won't start if it is not configured to start when the system starts.

    • I was going to post something similar from a less serious angle. I never reboot because I'm never sure the computer will reboot correctly and I'd rather not have to spend half an hour dealing with the problem. I upgrade things like grub and sysvinit more often than I reboot and until I personally test it there is no guarantee that it will work.

    • Re: (Score:3, Funny)

      by Hasai ( 131313 )

      ....How often have you seen someone add a service to a machine which becomes a critical part of your infrastructure then they forget to add it into the RC system?

      Um, never?

    • I rebooted my workstation before heading home today. Just a moment ago, I realised that eth0 isn't set to get an IP address via DHCP. It's running, but I can't connect to it from home tonight! Lesson learned... never reboot.

  • hrm... (Score:5, Insightful)

    by Charliemopps ( 1157495 ) on Tuesday February 09, 2010 @07:37PM (#31080518)
    Color me stupid but wouldn't any application in which you'd rather not be rebooting (i.e. Router, firewall, file server, etc...) be the exact same application in which you'd NEVER want some 3rd party having access to your kernel? I mean, if a large percent of distros were using this I can just imagine it would be the A#1 target for every malicious coder in the world.
  • But couldn't this still have the potential to pork your system and force a reboot? Wonder what their policy is on that...
  • 4 bucks a month? (Score:3, Insightful)

    by s4ltyd0g ( 452701 ) on Tuesday February 09, 2010 @07:41PM (#31080568)

    Not expensive if the technology works. My time is more valuable and down servers cost money. The cost is paltry in comparison.

    • Re: (Score:3, Interesting)

      by OzPeter ( 195038 )
      Thats a big *if* What it means is that you are deferring quality control assessment of patches to an outside company. I for one don't want changes made to a system without my approval or consideration.
      • If they are experts in the field and have a large userbase testing the patches, are you not perhaps suffering from a slight spell of HUBRIS in thinking you can do better?

        And who is to say you can't do QA before applying?

        • by OzPeter ( 195038 )

          My hubris (as you call it) is that a production system should remain static and changes only made at known times by predictable actions. The "experts" can't test my configuration, they can only *assume* that they have performed enough testing that they *believe* my system will not be affected.

          Allowing automatic updates to any system means that you no longer have any sort of configuration control over it. And there is no point in testing automatic updates on a test system if you are not going to apply the

        • by OzPeter ( 195038 )
          After finally RTFA I can see that you can have manual control over the update process, so you can test and deploy to production. In fact it almost looks like Windows Update! [/ducks] But IMHO running a system on automatic updates is just plain crazy
    • by radish ( 98371 )

      Why aren't you rebooting your servers? Once a week is a good schedule, it's what we do at work. Doesn't matter what OS, when reliability is essential having _planned_ downtime is MUCH better than _unplanned_. Plus, it proves your failovers really work on a weekly basis.

  • Anyone else notice they do not support windows, but the Windows Update dialog is the most prominent in the background image?

  • Ugh, just reboot (Score:3, Insightful)

    by jpmorgan ( 517966 ) on Tuesday February 09, 2010 @07:46PM (#31080628) Homepage

    99% of people I've seen bragging about long up-times tend to have perfectly patched and up-to-date OS installations on disk, and a dozen vulnerabilities still loaded into memory. And I'm not talking just about the OS kernel.

    If you don't know exactly what an update touches, just reboot.

    • That's completely true. This ensures that you have the patches in memory as well. I've been using it for about 6 months, and it's very cool. There's a few little things, like 'uname -a' gives the old version, and you can't really hibernate after an in-memory patch, but the product is great, and the company has answered any questions I've asked them.
      • Fair enough... but I'm more concerned about applications. If you're really on top of the ball then maybe this service might work.

        But generally people run servers for a reason. And just applying patches to kernels in-memory isn't really going to help you when your software stack needs a security update. You've still got to take the application down to get that fix into memory... and god help you if the patch was to a library.

        I just don't see how it's worth the effort. How much extra time does it take to do a

  • by Hurricane78 ( 562437 ) <deleted@ s l a s h dot.org> on Tuesday February 09, 2010 @07:48PM (#31080644)

    Because I can’t imagine a easier way to obtain an instant-botnet, than to “spice” such a patch. ;)

    By the way: Who came up with remote updates? Why not just compile the kernel locally, like normal people do, and then use a special patching tool?

    • by Anonymous Coward on Tuesday February 09, 2010 @08:54PM (#31081158)

      Why not just compile the kernel locally, like normal people do

      Um. Someone else want to break the news, or should I just go ahead and tell him?

      • by teslar ( 706653 ) on Wednesday February 10, 2010 @03:25AM (#31083126)

        Someone else want to break the news?

        Ok, I'll do it.

        Dear Hurricane78,

        please, do not be alarmed. You suffer from an interesting form of amnesia that makes you believe we are still living sometime in February 2010. You also thought that J Cameron's (not to be confused with the late 20th-century fictionfilmer J Cameron. This one is more like the factfilmer D Attenborough) documentary on our early days on Pandora was syfy. But that's ok.

        The fact is, however, that these days, normal people run "stock" kernels provided by "distros". It works pretty well and we think Linux is almost "ready for the desktop" now. If only we could get multiple monitors to work....

        While we're at it, I should also tell you that Ubuntu is no longer with us. They never really recovered from the unexpected Crappy Century bug after it's version numbers began to repeat in the early 2100s, turning almost all computers into a "Warty".

        This may all come as a shock to you. But do not worry. The nature of your amnesia means that you will very soon - right about now in fact - have convinced yourself that this post was humorous in nature and not actually reflective of reality. Trust me, many wish they could live in your world. The end of the 20th/beginning of the 21st century was the highlight for the human race. In fact, many of us are currently working on a project - codename "Charging" - that would result in the creation of a VR set in this glorious era. Like "Second Life", only more immersive. Now if you'll excuse me, I have to go and figure out where we'll get the energy to power this VR from....

  • Depends. (Score:5, Interesting)

    by Hasai ( 131313 ) on Tuesday February 09, 2010 @07:53PM (#31080676)

    "Cool tech, but will people really pay $4 a month for this?"

    Depends. If it's your laptop, I suspect the answer is no. If it's your server farm, I suspect the answer is yes.

    As an aside: Novell used to run contests to see who had the server with the greatest uptime since its last boot. Best one I ever saw was the Netware server that ran so long that everyone forgot where it was and it was accidentally walled-up inside a closet. Wouldn't it be great if the Linux community could run this type of contest? :)

  • by kosmosik ( 654958 ) <kos&kosmosik,net> on Tuesday February 09, 2010 @08:09PM (#31080810) Homepage

    I don't really personally see any use of such service. If you need FT or HA system you need to design it as such from ground up. In this case paying 4 bucks just solves some problems with rebooting after kernel upgrade. I dont have problem with that. I just reboot in next service window. In normal situation mission critical systems have some sort of redundancy not only to cope with planned service reboots but with other unplanned disasters. So usually you have a N+1 redundant cluster in which you can reboot the servers using some procedure that was worked out while DESIGNING the system. Also I see quite few security issues with patching the kernel this way. In mission critical services you usually do test everything before rolling it out to the systems so using such feature just makes things more complicated (that just simply reboot the machine with my current procedures).

    I cannot find anything about security details on their webpage. They state "Ksplice Uptrack uses cryptography to authenticate the update feed.". So what? Fedora also used cryptography and once their servers got rooted the whole chain collapsed. So if I was to use their service I wish to know how exactly their security is implemented since I would be getting kernel patches (quite critical stuff) from them. At least with RHEL I know a about their security procedures (quite rigorious). From support point of view. Does f.e. Red Hat or Oracle support systems patched this way?

    It is a nice feature but IMO not suitable for enterprises yet.

    • I just reboot in next service window. In normal situation mission critical systems have some sort of redundancy not only to cope with planned service reboots but with other unplanned disasters

      That is certainly true such activity often requires a bit of human babysitting, if only to verify that everything bounces back and syncs as it should. If the process really is seamless then $4 could mean your (much more expensive) engineers spend their time on other productive things.

      That said I'm not sure it's an

      • The idea is good itself but unless your OS vendor starts using it it is worthless IMHO - lets think of RHEL for example:
        * it rises security issues cruicial stuff like kernel code comes from third party which party does not give any SLA or other agreement - I don't think that security guys will like that
        * it rises support issues - does f.e. RH or Oracle support systems patched this way
        * it (paradoxically) rises the complexity of running the systems since it involves yet another way of patch, test, deploy cyc

    • At least with RHEL I know a about their security procedures (quite rigorious).

      Last I checked, crackers actually signed openssh packages sent out over RHN for RHEL 4. Also, lets compare. Redundant oracle database server, running Enterprise edition. Lets see. Server 8K. RHEL License 300 bucks. SAN so you can support RAC - 50K. Oracle licensing for an additional server, 125K. Total cost of around 183K to run RAC compared to a standalone server. That's a lot of money to justify being immune to the major cause of downtime (Kernel patches - hardware these days just doesn't fail in a

    • My guess is this service is not marketed toward those interested in truly fault tolerant systems. Rather, it is for those who are running your standard "one beige box server with some sort of regular backup" who would like to squeeze a little bit more average uptime out of it for cheap and no effort. Many many small and midsize businesses fall into this sort of infrastructure category.
  • Linux is a service now?

    A lot of people will think that, and it's competitors won't do anything to counter it.

    "If you want the most stable version of Linux, its 4 dollars a month? And they have the nerve to call it free. After purchases Windows 8, all the patches and upgrades are free for at least 3 years."

  • Reboots are useful (Score:4, Informative)

    by kisielk ( 467327 ) on Tuesday February 09, 2010 @08:51PM (#31081138)

    I would not trust such a service. Just because a kernel can be upgraded in place doesn't necessarily guarantee that same kernel configuration will be able to boot your system in an outage. Something like a messed up GRUB configuration won't be spotted until you actually try to restart your system. I think part of a regular maintenance strategy is being able to restart your servers and make sure everything is configured to come back up automatically. The last thing you want to is to be trying to figure out what's wrong with your boot config when you have an unplanned outage.

  • Years - I mean years - ago I was doing hot patches to Sun boxes that needed to stay up forever no questions.

    Enter the mid 00's, when the cloud became useable. Enter the late 90s, when Beowulf made computational clustering with commodity products trivial. MCServiceGuard from...whatever year, etc etc etc.

    Point is, anything that someone thinks is so important that they want to never reboot a system...should have 2 systems that cost half as much each running as a high-availability app cluster. Anyone with an

Sendmail may be safely run set-user-id to root. -- Eric Allman, "Sendmail Installation Guide"

Working...