A "Never Reboot" Service For Linux 321
An anonymous reader writes "Ksplice, the company based on the MIT Ksplice project, is now offering its 'never reboot' service for Red Hat, Debian, and other Linux distros. You subscribe and get real-time kernel security updates that apply in-memory instead of rebooting. Last summer we discussed the free service for Ubuntu. Cool tech, but will people really pay $4 a month for this?"
How long till they.. (Score:5, Interesting)
How long till they get sued by Microsoft?
http://www.google.com/patents?id=cVyWAAAAEBAJ&dq=hotpatching [google.com]
Re:How long till they.. (Score:5, Insightful)
Its a shame that MS never figured out how to actually implement this. How many times do I have to restart my computer to finish applying update?
Re:How long till they.. (Score:5, Insightful)
Yeah, I love the updates that require a reboot so they can install another update that then requires another reboot.
Re:How long till they.. (Score:4, Interesting)
Yeah, I love the updates that require a reboot so they can install another update that then requires another reboot.
Ah, see now you're confusing Microsoft with Adobe. Adobe is terrible at requiring reboots for the most trivial tasks. At one point updating Acrobat Reader from the original 7.0 release to the then-newest 7.8 release took 8 restarts.
I'll buy rebooting the system when the kernel is updated, or core services (lsass, winlogon, csrss, etc) get patched, but Acrobat!? The people who write the installers for Adobe's products have long been my arch nemesises (nemesi?) for this very reason.
Re: (Score:3, Informative)
The correct plural is "nemeses" (it's a Greek word, not Germanic or Latin as suggested respectively by your two proposed plural forms). Similar to how one pluralizes "axis", "synthesis", "analysis", "genesis", etc, and for the same reasons.
I should note that any sane dictionary will tell you what the plural form of a noun is. Or heck, googling "plural nemesis" in a pinch (first two hits are dictionary entries for "nemesis" that include the plural form). Just for future reference. ;)
Re: (Score:3, Insightful)
...which shows what is wrong with Microsoft's kernel
It's supposed to be a microkernel (or nearly one) but needs rebooting if services outside the kernel need updating....
Linux is not a mircokernel and normally only needs rebooting to update the kernel, and now not even that ...
Re: (Score:3, Informative)
It's not the kernel. It's the filesystem.
Most filesystems, and in particular all the ones that are popular in the Unix world, have an abstraction/redirection layer sitting between a file's directory entry and the actual file contents. Unix people call them "inodes". The details vary somewhat depending on exactly what filesystem you're using, but in general the directory entry points to the inode, and the inode points to the actual file contents whe
Re: (Score:3)
Yeah, I love the updates that require a reboot so they can install another update that then requires another reboot.
You must be talking about .net... and IE8. Every version has two or three reboots built in! It's especially noticeable if you have to reinstall from an XP SP1 disc. (happens occasionally when WGA malfunctions; SP1 has no concept of WGA, allowing you to fix it, then re-patch)
Re: (Score:2, Informative)
Microsoft does have it (some limitations and restrictions apply -- results may vary, see inside for details, etc, etc)
More of Microsoft's patches used to be available hotfixes.
This is something you would need to specifically look up on their web site. If you want a hot patch, you may find that you can do one, for some security fixes, after reading up on the fix, and following the right procedures, but not through Windows update.
Windows update by default applies security updates the safe way, by using a
Re: (Score:3, Interesting)
Oh it's implemented, in Vista (SP1 and later) / Server 2008 / Win7. It does reduce reboots, but does not eliminate them. Some reasons: 1) Not all driver updates are hotpatchable, by their nature. The Ksplice paper discusses some of these problems and omits others entirely. 2) Some of the updates distributed on Patch Tuesday are updates to third party drivers, and since third parties don't use Microsoft's hotpatching technology or some other equivalent, these often end up requiring a reboot. 3) If you'
Re: (Score:3, Insightful)
dont you mean once or twice a month?
these emergency IE patches are getting tiresome.
Re: (Score:3, Insightful)
You don't use IE actively??? Do you ever browse for files? You are using IE.
Re:How long till they.. (Score:5, Insightful)
The patent on this was filed in 2002. Yet in 2010 I am still making a handsome profit in overtime rebooting customer systems on a "patch Tuesday" monthly frenzy.
Please MS, don't implement this one.
Re:How long till they.. Never.. (Score:4, Informative)
First Microsoft is not very eager to sue anyone, second this is totally different mechanism, third Microsoft patent is an old technology - very old because it describes what we did in OS/360, OS/370 operating systems and applications a long, long time ago. Patching memory was (sometimes!) a daily routine for local systems programmer - updating live 24x7 production systems is/was fun but scary!
Anyhow - $4 is cheap when someone is doing the pre-work for you. Actually - the more modularized / structured Linux (Linux == kernel!) gets, the easier it is to support dynamic / online updates with no interruption. There are systems where you can do it already, even all(?) Unix systems allow you to change the whole object in flight if the application is written for it. Actually I designed a while ago one for Windows, load new object, kill the old and the new is automatically used for next call / request / whatever. Tandem Pathway is one very good example, Erlang as a language and a system supports it, systems with failover to another cpu / node have always supported it since Datasaab "non-stop" system from (I think?) early 70's (Cobol kernel!)
Now, giving the "skills" of current "systems programmers", I'm not sure that real time patching is a good idea? Right or wrong, today the "hard" skills, understanding operating systems, their interactions with hardware and applications, etc is very rare! Not a person problem but the documentation, the trust on products / manufacturers / providers, etc are killing the low level skills even the computers handle zeros and ones the same way as day one. And unfortunately the same problems on high level - miracle products will solve all the problems / providers and manufacturers know my problems better than my experienced employees - and I have a bridge to sell!
So instead of doing it right... (Score:3, Interesting)
Re:So instead of doing it right... (Score:4, Interesting)
Re:So instead of doing it right... (Score:4, Insightful)
Designing your own operating system isn't exactly a small feat.. Linux already has very good penetration into the server market, and offers the security that most organizations should have. Linux is what Windows should be. There's a LOT you can do with that kernel.
Obviously complexity makes security difficult, but there's nothing wrong with making something complex if you're actually capable of managing it. Is setting up a rock solid firewall difficult for the average person in IT? Should we just get rid of anything in security that is relatively complex? I'd much rather have more options (not necessarily obfuscation) than be pigeon holed into something just because it's simple. Security is not simple, and it never will be.
Re: (Score:3)
As long as you purge ALL the memory pages used by a chunk of the kernel, nothing can go wrong, right? ;)
Hey, it seems to work...
Re: (Score:2, Insightful)
Advantages of a microkernel:
Modules can be rebooted/maintained separately from the core kernel .... check
The core kernel can be updated.....Nope but Linux has this anyway
In kernel bug isolation & security....Nope
Given there isn't a microkernel with 1/10 the other capabilities/hw support/usage of linux, doesn't it make sense to add stuff to linux instead of waiting for this mythical desktop microkernel.
Re:So instead of doing it right... (Score:4, Insightful)
Re: (Score:3, Insightful)
A mythical desktop microkernel [wikipedia.org]?
What, you mean like this [apple.com]?
Re: (Score:3, Informative)
No, xnu is not a microkernel. See this. [wikipedia.org]
Re: (Score:3, Insightful)
It would probably cost more than $4 a month to rewrite the Linux kernel to that extent. :)
Re: (Score:3, Funny)
Hell yeah! (Score:4, Funny)
4/month to keep your uptime? (Score:2)
Maybe if it was almost 497.1 days:)
Rebooting is a Good Thing... (Score:3, Insightful)
Those who do not perform scheduled reboots of their servers do not know whether their servers will come back up properly after unscheduled reboots. How often have you seen someone add a service to a machine which becomes a critical part of your infrastructure then they forget to add it into the RC system?
Re: (Score:2)
Thats really a configuration management issue. I find the BSD startup scripts to be superior in this regard because the service won't start if it is not configured to start when the system starts.
Re: (Score:2)
I was going to post something similar from a less serious angle. I never reboot because I'm never sure the computer will reboot correctly and I'd rather not have to spend half an hour dealing with the problem. I upgrade things like grub and sysvinit more often than I reboot and until I personally test it there is no guarantee that it will work.
Re: (Score:3, Funny)
....How often have you seen someone add a service to a machine which becomes a critical part of your infrastructure then they forget to add it into the RC system?
Um, never?
Re: (Score:2)
I rebooted my workstation before heading home today. Just a moment ago, I realised that eth0 isn't set to get an IP address via DHCP. It's running, but I can't connect to it from home tonight! Lesson learned... never reboot.
hrm... (Score:5, Insightful)
Re: (Score:2)
One thinks that this is a rootkit server looking for a kernel marked X.
Pardon my ignorance (Score:2)
4 bucks a month? (Score:3, Insightful)
Not expensive if the technology works. My time is more valuable and down servers cost money. The cost is paltry in comparison.
Re: (Score:3, Interesting)
Re: (Score:2)
If they are experts in the field and have a large userbase testing the patches, are you not perhaps suffering from a slight spell of HUBRIS in thinking you can do better?
And who is to say you can't do QA before applying?
Re: (Score:2)
My hubris (as you call it) is that a production system should remain static and changes only made at known times by predictable actions. The "experts" can't test my configuration, they can only *assume* that they have performed enough testing that they *believe* my system will not be affected.
Allowing automatic updates to any system means that you no longer have any sort of configuration control over it. And there is no point in testing automatic updates on a test system if you are not going to apply the
Re: (Score:2)
Re: (Score:2)
Why aren't you rebooting your servers? Once a week is a good schedule, it's what we do at work. Doesn't matter what OS, when reliability is essential having _planned_ downtime is MUCH better than _unplanned_. Plus, it proves your failovers really work on a weekly basis.
Windows? (Score:2)
Anyone else notice they do not support windows, but the Windows Update dialog is the most prominent in the background image?
Re: (Score:2)
Ugh, just reboot (Score:3, Insightful)
99% of people I've seen bragging about long up-times tend to have perfectly patched and up-to-date OS installations on disk, and a dozen vulnerabilities still loaded into memory. And I'm not talking just about the OS kernel.
If you don't know exactly what an update touches, just reboot.
Re: (Score:2)
Re: (Score:2)
Fair enough... but I'm more concerned about applications. If you're really on top of the ball then maybe this service might work.
But generally people run servers for a reason. And just applying patches to kernels in-memory isn't really going to help you when your software stack needs a security update. You've still got to take the application down to get that fix into memory... and god help you if the patch was to a library.
I just don't see how it's worth the effort. How much extra time does it take to do a
They better be encrypted! (Score:3, Interesting)
Because I can’t imagine a easier way to obtain an instant-botnet, than to “spice” such a patch. ;)
By the way: Who came up with remote updates? Why not just compile the kernel locally, like normal people do, and then use a special patching tool?
Re:They better be encrypted! (Score:5, Funny)
Why not just compile the kernel locally, like normal people do
Um. Someone else want to break the news, or should I just go ahead and tell him?
Re:They better be encrypted! (Score:5, Funny)
Ok, I'll do it.
Dear Hurricane78,
please, do not be alarmed. You suffer from an interesting form of amnesia that makes you believe we are still living sometime in February 2010. You also thought that J Cameron's (not to be confused with the late 20th-century fictionfilmer J Cameron. This one is more like the factfilmer D Attenborough) documentary on our early days on Pandora was syfy. But that's ok.
The fact is, however, that these days, normal people run "stock" kernels provided by "distros". It works pretty well and we think Linux is almost "ready for the desktop" now. If only we could get multiple monitors to work....
While we're at it, I should also tell you that Ubuntu is no longer with us. They never really recovered from the unexpected Crappy Century bug after it's version numbers began to repeat in the early 2100s, turning almost all computers into a "Warty".
This may all come as a shock to you. But do not worry. The nature of your amnesia means that you will very soon - right about now in fact - have convinced yourself that this post was humorous in nature and not actually reflective of reality. Trust me, many wish they could live in your world. The end of the 20th/beginning of the 21st century was the highlight for the human race. In fact, many of us are currently working on a project - codename "Charging" - that would result in the creation of a VR set in this glorious era. Like "Second Life", only more immersive. Now if you'll excuse me, I have to go and figure out where we'll get the energy to power this VR from....
Depends. (Score:5, Interesting)
"Cool tech, but will people really pay $4 a month for this?"
Depends. If it's your laptop, I suspect the answer is no. If it's your server farm, I suspect the answer is yes.
As an aside: Novell used to run contests to see who had the server with the greatest uptime since its last boot. Best one I ever saw was the Netware server that ran so long that everyone forgot where it was and it was accidentally walled-up inside a closet. Wouldn't it be great if the Linux community could run this type of contest? :)
Re:Depends. (Score:4, Interesting)
The following article Linux Watch [linux-watch.com] details a couple of old SCO systems which did the same thing.
Now, before you slam SCO, remember that before 1995 SCO wasn't "The SCO Group" which is infamous for the lawsuit. Back then SCO make some damn fine systems. I had a 80286 system running 32 users for one customer, at a time when Microsoft said it was impossible. That was running SCO Xenix, which was the first good Unix port to the PC.
Re:Depends. (Score:4, Informative)
Ironically, Xenix was Microsoft's UNIX product, SCO was just a reseller.
What is the use of such service? (Score:3, Insightful)
I don't really personally see any use of such service. If you need FT or HA system you need to design it as such from ground up. In this case paying 4 bucks just solves some problems with rebooting after kernel upgrade. I dont have problem with that. I just reboot in next service window. In normal situation mission critical systems have some sort of redundancy not only to cope with planned service reboots but with other unplanned disasters. So usually you have a N+1 redundant cluster in which you can reboot the servers using some procedure that was worked out while DESIGNING the system. Also I see quite few security issues with patching the kernel this way. In mission critical services you usually do test everything before rolling it out to the systems so using such feature just makes things more complicated (that just simply reboot the machine with my current procedures).
I cannot find anything about security details on their webpage. They state "Ksplice Uptrack uses cryptography to authenticate the update feed.". So what? Fedora also used cryptography and once their servers got rooted the whole chain collapsed. So if I was to use their service I wish to know how exactly their security is implemented since I would be getting kernel patches (quite critical stuff) from them. At least with RHEL I know a about their security procedures (quite rigorious). From support point of view. Does f.e. Red Hat or Oracle support systems patched this way?
It is a nice feature but IMO not suitable for enterprises yet.
Re: (Score:2)
That is certainly true such activity often requires a bit of human babysitting, if only to verify that everything bounces back and syncs as it should. If the process really is seamless then $4 could mean your (much more expensive) engineers spend their time on other productive things.
That said I'm not sure it's an
Re: (Score:2)
The idea is good itself but unless your OS vendor starts using it it is worthless IMHO - lets think of RHEL for example:
* it rises security issues cruicial stuff like kernel code comes from third party which party does not give any SLA or other agreement - I don't think that security guys will like that
* it rises support issues - does f.e. RH or Oracle support systems patched this way
* it (paradoxically) rises the complexity of running the systems since it involves yet another way of patch, test, deploy cyc
Re: (Score:2)
At least with RHEL I know a about their security procedures (quite rigorious).
Last I checked, crackers actually signed openssh packages sent out over RHN for RHEL 4. Also, lets compare. Redundant oracle database server, running Enterprise edition. Lets see. Server 8K. RHEL License 300 bucks. SAN so you can support RAC - 50K. Oracle licensing for an additional server, 125K. Total cost of around 183K to run RAC compared to a standalone server. That's a lot of money to justify being immune to the major cause of downtime (Kernel patches - hardware these days just doesn't fail in a
Re: (Score:2)
Re: (Score:2)
Does Ksplice Uptrack use cryptography?
Yes. All network traffic is encrypted, and all updates are
cryptographically signed.
http://www.ksplice.com/uptrack/faq [ksplice.com]
Look harder next time.
Sooo (Score:2)
Linux is a service now?
A lot of people will think that, and it's competitors won't do anything to counter it.
"If you want the most stable version of Linux, its 4 dollars a month? And they have the nerve to call it free. After purchases Windows 8, all the patches and upgrades are free for at least 3 years."
Reboots are useful (Score:4, Informative)
I would not trust such a service. Just because a kernel can be upgraded in place doesn't necessarily guarantee that same kernel configuration will be able to boot your system in an outage. Something like a messed up GRUB configuration won't be spotted until you actually try to restart your system. I think part of a regular maintenance strategy is being able to restart your servers and make sure everything is configured to come back up automatically. The last thing you want to is to be trying to figure out what's wrong with your boot config when you have an unplanned outage.
hi, let me introduce you to the year 2010 (Score:2)
Years - I mean years - ago I was doing hot patches to Sun boxes that needed to stay up forever no questions.
Enter the mid 00's, when the cloud became useable. Enter the late 90s, when Beowulf made computational clustering with commodity products trivial. MCServiceGuard from...whatever year, etc etc etc.
Point is, anything that someone thinks is so important that they want to never reboot a system...should have 2 systems that cost half as much each running as a high-availability app cluster. Anyone with an
Re: (Score:3, Insightful)
Then... why did you go with this particular vendor instead of one that meets your needs?
Yes, they are. (Score:5, Informative)
Stating the obvious, yes, they are.
But third-party companies are under no obligation to offer their products and/or services for free, and this is a service of a third-party company (Ksplice).
If there is a demand for this service, plus an unwillingness to pay Ksplice for it, it's entirely possible (and likely) that someone will come along and offer an open source equivalent. But until the itch is scratched, Ksplice is perfectly within the right to offer the service at a cost.
Re: (Score:2, Informative)
Actually, if I'm not mistaken ksplice already is completely free and open source. They operate kind of like Red Hat--what you're paying for is support. From what I can tell though, there's one crucial difference--ksplice can't function without support. Now in either case you are free to provide your own support, but I think the task of providing ksplice patches is just nontrivial enough (due to the nature of the problem, not ksplice's design), that the economies here significantly favor everyone paying one
Re:Yes, they are. (Score:4, Interesting)
Very true. However, the Linux kernel is GPL'ed.
They provide binary patches which contain code that is a derivative work of the Linux kernel. What makes the binary ksplice patches derivative is they are converting patches that were created by other people under GPL terms, into a binary form suitable for use with ksplice.
This means those binary patches must be distributed under the GPL, allowing recipients to share those binary patches.
It also means they must make machine-readable source code available to all their patches, along with any changes they have made, and they must provide all compilation scripts, tools, and configuration files they use to build those patches. per the clause [gnu.org] of the GPL that states:
I can see a lot of people willing to pay $5 or so per month for access to the patches for each distinct OS their systems run.
And some big enterprises paying a per-system fee to ensure everything is fully supported, and that they can always call them for help if something goes wrong with any system.....
However, I don't see that it can be legal for them to force you to agree to pay a per-system fee to use a binary patch.
That would seem to be in violation of your GPL rights.
Given we've already established the binary patch files must be distributed under GPL.
Any kernel-mode components of the patcher must also be under GPL, and also any user-mode components that are specific to the kernel design.
The rest can be reverse-engineered.
Re: (Score:2)
actually, if they provide all the code and tools, then the service they provide is creating the diffs. There's nothing stopping your from creating your own diffs.
Re:Yes, they are. (Score:4, Informative)
The diffs themselves only exist in binary form, they are directly derived from the source code already made available by the distributor.
There is absolutely nothing stopping you from using the already available open source ksplice tools to create the exact same binary diffs. The service these guys are offering provides some value-add to this process, namely:
External support - that imaginary finger of blame that companies like to be able to point, even tho it means nothing... Especially important if you value uptime enough to use a system like ksplice in the first place.
Testing - loading untested stuff into your kernel is generally a bad idea, with this service i would know someone else has tried this and made sure it worked.
Time - how much will it cost to have your in house engineers compile and test these patches?
Not free - some people think that anything free is worthless, so they won't even consider this unless it has a price tag.
Re: (Score:3, Insightful)
Re:Free? (Score:4, Insightful)
I've said it before, and I'll say it again:
Just because it's free software, doesn't mean that it's afraid of money.
Re: (Score:2, Interesting)
I'm not afraid of money.
I'm afraid of some startup jokers - possibly funded by TLA's - taking my money to 'root' my servers!
Re: (Score:2)
If it weren't for companies like Redhat, Mandrake (Mandriva), (pre-Darl) Caldera, and Novell trying to find ways to convince people to pay for "free" software, how likely do you think it is that we would have a useful Linux today?
Re:Huh? (Score:5, Informative)
I do tech support at a school. The moment that something goes offline (like our mail server), we start getting calls telling us that things are messed up.
Before anyone asks: Yes, we try our best to only reboot after-hours, and yes, we tell everyone when a service will be down.
Re: (Score:2)
Set your voicemail to "Yes, we know this is down. Check your e-mail." or some such and shut your ringer off. Works for me.
That might work for you (Score:5, Funny)
Re: (Score:2)
"Have you tried turning it off and on again?"
"Is it definitely plugged in?"
Re: (Score:3, Funny)
I just place blame on the user. And when they get defensive, I point out their defensiveness as proof of their guilt. Pretty soon, they learn not to complain.
Re: (Score:2)
Would someone smarter than me please explain what is so evil about rebooting now and then?
Some organizations who have operational requirements to provide a service continuously. For them there is no acceptable downtime. Having said that I think their safety managers would have a few things to say about software which auto updates kernels on the fly, but that is a different issue. Their preference would be to never update their systems.
Re: (Score:3, Insightful)
Some organizations who have operational requirements to provide a service continuously. For them there is no acceptable downtime.
And they've designed their systems properly such that not only the planned - but also unplanned - outage of a single server is both non-disruptive, and transparent.
"Service" and "server" are not synonymous. This is especially true once you move outside of trivial environments. If your HA service can't sustain the outage of an individual server, then its *fundamental architect
Re: (Score:2)
Yeah but how do you make your user interface redundant and load balancing? It is the most important part of the system.
Re: (Score:2)
I am not talking about web servers.
Re: (Score:2)
Same goes for any other type of server, you just make sure that any non deterministic parts of your server calls are shared among the cluster. How you do this is up to you (memcached/database) just make sure it's 100% replicated.
Then when one machine stops doing what it's supposed to (or looks like it might), your heartbeat script writen for the occasion kicks in, rotates the offending machine out of the cluster and, if you really have the budget, rotates a spare into it's place which then syncs with the ot
Re: (Score:2)
I am not even talking about servers. How about when there is an actual person sitting in front of a screen which is attached to the system you are updating. If it is going down you need to move that actual person (and their infrastructure: communications, etc) to a different screen, or move their job to a different person; and all without interrupting the task at hand. Thats not easy.
Re: (Score:3, Insightful)
In the ATC application I support the workstations are very important. They are used 100% of the time and unanticipated downtime is a critical problem.
Firstly, patching is in no way "unanticipated downtime".
Secondly, if your environment can't sustain workstations being unavailable *even on a schedule*, then it's not meeting the requirements it was supposedly designed for.
Re: (Score:3, Interesting)
You run a server of any kind. In the old days of novell, we had severs with 6 year uptimes. Not possible today simply from patches, not crashes.
This service has the potential to get us closer to that ever distant 100% uptime. It could definately stack another 9 on 99.999
Re: (Score:3, Informative)
NetWare was bulletproof, for what it did.
http://www.novell.com/coolsolutions/netware/img/bartb_uptime.gif [novell.com]
http://www.theregister.co.uk/2001/04/12/missing_novell_server_discovered_after/ [theregister.co.uk]
Re: (Score:3, Informative)
3.x Netware was pretty darn bulletproof, provided you didn't mind copying the Bindery stuff to every different server, and one had to use IPX or nothing.
There are three things from it that were notable:
1: If a user doesn't have access to something, it doesn't show up in a listing. No directories or files with "access denied" messages, just making them more curious.
2: The OS was simple and had very limited functionality. Want some feature? Buy a third party NLM. Netware 3.11 had next to no attack surfa
It can be quite beneficial (Score:3, Interesting)
The occasional reboot, under controlled circumstances, is an excellent test of what will happen in an emergency situation. Mainly, it answers the question of whether the server and required services actually will all come back up by themselves.
Re: (Score:2)
Re:It can be quite beneficial (Score:5, Insightful)
The occasional reboot, under controlled circumstances, is an excellent test of what will happen in an emergency situation. Mainly, it answers the question of whether the server and required services actually will all come back up by themselves.
More importantly, if your service architecture can't handle the scheduled outage of individual servers, then it is unquestionably broken.
If you are concerned with individual server uptimes having a bearing on anything except your e-penis, then You're Doing It Wrong.
Re: (Score:2)
Would someone smarter than me please explain what is so evil about rebooting now and then?
Downtime just KILLS a system's availability requirement.
Re: (Score:2, Insightful)
At an individual computer level it's not so bad, but in an enterprise it can be troubling.
A couple of examples: a zero-day exploit of Microsoft Windows (surely this would never happen) requires a patch be applied and the computers rebooted for thousands of users. Even assuming that the reboot can be enforced with 100% reliability (seldom to never), the 1-3 minutes will impact productivity for at least some users. Sure, desktops can be rebooted at night, but laptop users that take their machines with them an
Re: (Score:2)
It depends on what your system is doing. If you're an end user running desktop apps, mostly it's just a pain in the ass. If you're maintaining a server that does something that has to be available all the time, the results range from expensive to disastrous. If the server in question handles credit card transactions for a bank, downtime costs the bank money -- they profit from transaction fees -- and it also costs vendors that use the bank's services. If the server handles air traffic control, the operation
Re:Huh? (Score:4, Interesting)
For a server running, say, a big web site, or a database, or something else where time is money, and there are a lot of zeros involved, uptime is crucial. When a stock broker's trading floor system goes down, the loss is measured in millions of dollars per second (disclaimer, my brother used to work for a Wall Street firm, his wife used to work for another, and I have two close friends who still work at a third; my estimate is based on things they have told me). Downtime is just not acceptable under some circumstances.
Sure, if my GoDaddy-hosted web site goes off the air for a minute or two while the virtual server gets rekicked, I can't really complain. I end up rebooting my laptop once or twice per week. My desktop gets rebooted maybe twice per year for some hardware update. Users of single-user machines are generally far more tolerant of reboots since, nominally, they are the ones making the decision to reboot. When there are many users, though, rebooting needs to be coordinated, at the very least, so as not to interrupt work in progress. And, as alluded to above, when there's real money involved, sometimes reboots are not ever acceptable.
For you, rebooting might not be evil, but some people do actually depend on high availability of their computers, and some of them are running Linux.
Re: (Score:2)
> When a stock broker's trading floor system goes down, the loss is
> measured in millions of dollars per second
Ksplice does not protect you from servers going down.
> Downtime is just not acceptable under some circumstances.
Still - ksplice does not make your servers highly avialable or fault tolerant. It just allows you to patch the server without rebooting.
Any decently designed HA or FT system should have such things like service reboots implemented by design since it is natural and obvious that yo
Re: (Score:3, Funny)
Re: (Score:2)
Aren't most of the air traffic control servers still using hardware with tubes? I wouldn't be surprised if they haven't updated a kernel in the last 30 years.
Re:Huh? (Score:4, Interesting)
No, they're not.
You see, one radar installation can feed multiple stations, and it's quite common for modern ATCOs to sit at a screen that has feeds from multiple radar sources.
In fact, in the UK we recently pulled out all the old PDPs out of West Drayton and transferred radar control down to Swanwick running on relatively new equipment. I believe this was not done by "clearing the skies" first, they just handed over control to the new guys.
I've heard things about US traffic control being old and antiquated, but I'd hazard a guess to say the vast majority aren't using vacuum tubes, CRTs or the like. I imagine many have converted to electronic paper strip bays for the flight plans too.
Re: (Score:2)
How recent? Which models? Are the old machines being made available on eBay?
Re: (Score:2)
How recent? Which models? Are the old machines being made available on eBay?
I could have found you a dozen 11/84s and four or so 11/83s in Melbourne. They ran the traffic signal system. All I salvaged was one 19 inch rack. It holds servers at my place now.
Re: (Score:2)
Aren't most of the air traffic control servers still using hardware with tubes? I wouldn't be surprised if they haven't updated a kernel in the last 30 years.
Older hardware would be alphas or comparable hardware expected to run unix. Newer machines are more likely to be commodity servers. Kernels in use won't be cutting edge from Linus's git tree. They will be a few versions behind and integrated for the application.
Generally in ATC you can have downtime for maintenance but you have to be able to say when it will happen. As the other poster said you can reconfigure to hand off traffic to another center or another part of the same center, but it takes planning or
Re: (Score:2)