Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Ksplice Offers Rebootless Updates For Ubuntu Systems

timothy posted about 5 years ago | from the uptime-preserver dept.

Security 211

sdasher writes "Ksplice has started offering Ksplice Uptrack for Ubuntu Jaunty, a free service that delivers rebootless versions of all the latest Ubuntu kernel security updates. It's currently available for both the 32 and 64-bit generic kernel, and they plan to add support for the virtual and server kernels by the end of the month, according to their FAQ. This makes Ubuntu the first OS that doesn't need to be rebooted for security updates. (We covered Ksplice's underlying technology when it was first announced a year ago.)"

cancel ×

211 comments

FIRST POAT (-1, Offtopic)

Anonymous Coward | about 5 years ago | (#28501401)

GNAA first post, etc.

GPL "terms of service"? (5, Interesting)

innocent_white_lamb (151825) | about 5 years ago | (#28501431)

They appear to be releasing this licensed as GPL v2, but they have a "terms of service" click-through, according to their screenshot.

That doesn't give me great confidence that they really understand the GPL....

The technology looks pretty cool, though.

Re:GPL "terms of service"? (4, Informative)

Ambush Commander (871525) | about 5 years ago | (#28501451)

So, they're doing the common "commercial open source" thing where the software (the application, the kernel patcher) is open source, but it's also tied to a service (the actual kernel patches) which is not so (free for Jaunty, but if you want a different kernel you'll have to pay Ksplice for support). So the Terms of Service applies to the service, which is really quite sensible.

Re:GPL "terms of service"? (0, Offtopic)

Anpheus (908711) | about 5 years ago | (#28501519)

On the other hand, I have dealt with GPL programs that ask me to agree to the GPL before I download.

Re:GPL "terms of service"? (4, Interesting)

KDR_11k (778916) | about 5 years ago | (#28501589)

Some installers are simply built to force an EULA on the user so programs that use those are tempted to put something like the GPL in there.

Re:GPL "terms of service"? (1)

kdemetter (965669) | about 5 years ago | (#28502623)

And in a sense , it's not wrong to do so : GPL doesn't exist for no reason.
It's just that most users won't need to read it . But for a developer that wants to reuse the software , it's certainly good that he knows the software is under GPL license , and what is meant by that.

The dual licensing approach is pretty common . It's one of the ways to make money with open source .

Re:GPL "terms of service"? (2, Informative)

peragrin (659227) | about 5 years ago | (#28502635)

why do you think it is called click through licensing. 99.9% of the population doesn't read them, it is there to try and force a legality that doesn't really exist.

Re:GPL "terms of service"? (1)

asdf7890 (1518587) | about 5 years ago | (#28501971)

Also the code that they have written may be dual-licensed - GPL and , with the ToS mainly declaring the terms for and letting it be known there is a choice.

Re:GPL "terms of service"? (2, Insightful)

Anonymous Coward | about 5 years ago | (#28501551)

In the broadest strokes, the GPL isn't that different from a EULA. The main difference is the scope of the agreement. When you use a typical EULA'd piece of software, you have to agree only to run it under certain conditions and not to redistribute it. When you use a GPL'd piece of software, you have to agree only to redistribute it only under certain conditions. You don't have to agree to anything to run it, but there are still terms and conditions for your use of the software (if "use" encompasses redistribution and modification).

And yes, yes, the GPL isn't a contract and a click-through token of agreement isn't actually necessary. (Instead, your agreement is implicit in the act of doing something that would be copyright infringement but for the license.) But it seems reasonable enough (if maybe unnecessary) to throw a window in front of the user and say "Hey, here's your chance to read this before you break the license terms".

Re:GPL "terms of service"? (3, Insightful)

_Sprocket_ (42527) | about 5 years ago | (#28501601)

In the broadest strokes, the GPL isn't that different from a EULA.

In the broadest strokes, an apple isn't that much different than an orange.

Re:GPL "terms of service"? (1, Funny)

Anonymous Coward | about 5 years ago | (#28501679)

But an apple isn't much different from an orange:

Edible
Fruit
Grows on trees
Spherical
Approximately the same size
Commonly available

Kinda makes that whole "comparing apples to oranges" argument pretty stupid sounding.

Re:GPL "terms of service"? (3, Funny)

_Sprocket_ (42527) | about 5 years ago | (#28501841)

Kinda makes that whole "comparing apples to oranges" argument pretty stupid sounding.

Right up to the point that you bake a pie.

Re:GPL "terms of service"? (1)

Vectronic (1221470) | about 5 years ago | (#28501881)

Re:GPL "terms of service"? (1)

_Sprocket_ (42527) | about 5 years ago | (#28501915)

Which is still going to cause trouble if what you have are, in fact, apples.

Re:GPL "terms of service"? (1)

x2A (858210) | about 5 years ago | (#28502275)

Of course, because they're different things, well spotted, if they were the same thing, there'd be no point trying to draw comparisons because there would be no differences. Just like how I can compare my house to that of one of my neighbours, but if I were to try treat their house as I do my own, I'm gonna get into trouble.

Re:GPL "terms of service"? (1)

sigxcpu (456479) | about 5 years ago | (#28502293)

Kinda makes that whole "comparing apples to oranges" argument pretty stupid sounding.

Not to a true fanatic:

Edible

An orange is highly acidic, how can you call that a real fruit?

Fruit

How can you call something who's pealing is not edible a fruit?

Approximately the same size

Approximately? need I say more?
etc. etc.

Re:GPL "terms of service"? (2, Funny)

mikechant (729173) | about 5 years ago | (#28502459)

How can you call something who's pealing is not edible a fruit?

It'd hope it's 'pealing' would be audible rather than edible.

Re:GPL "terms of service"? (0)

Anonymous Coward | about 5 years ago | (#28501721)

How is this modded 3 Insightful? It's not even tangentially related to rebootless updates.

Re:GPL "terms of service"? (4, Funny)

_Sprocket_ (42527) | about 5 years ago | (#28501805)

No kidding. This thread and the original topic is like apples and oranges.

Re:GPL "terms of service"? (3, Funny)

x2A (858210) | about 5 years ago | (#28502281)

It's not even tangerinely related?

Re:GPL "terms of service"? (3, Informative)

Anonymous Coward | about 5 years ago | (#28501627)

DLA != EULA The GPL is a Distributors License Agreement not an End User License Agreement.

Re:GPL "terms of service"? (1)

mpe (36238) | about 5 years ago | (#28502515)

In the broadest strokes, the GPL isn't that different from a EULA.

The only thing they have in common is the letter "L". You might just as well claim that an instruction manual isn't that different from a novel.

Re:GPL "terms of service"? (1)

funkatron (912521) | about 5 years ago | (#28502217)

If it's GPL cant you just edit the terms out of it?

Great! (2, Insightful)

jbacon (1327727) | about 5 years ago | (#28501469)

This could actually be really awesome if it's truly production ready. What's that? 100% uptime?! AWRIGHT!

Re:Great! (1)

Shikaku (1129753) | about 5 years ago | (#28501483)

This can be great advertising:

"Ubuntu: updating and restarting is cliche. Continue to work while staying updated and secure."

I'm not a marketing person so let someone else handle that part. But the idea is clear though.

Re:Great! (0, Troll)

FishWithAHammer (957772) | about 5 years ago | (#28501653)

Yeah, great. No restarts.

How about applications people want and desktops that aren't user-hostile? (And no, that's not a troll. I'd love to see Linux do better on the desktop. But, uh, it sure ain't making much progress. People are too busy shoving sand into their vaginas over Mono and wasting time wanking about meaningless crap rather than making it better.)

Re:Great! (2, Interesting)

MichaelSmith (789609) | about 5 years ago | (#28501737)

Constructive suggestions would be helpful. For the record I am sure you are right about that but I couldn't say for sure where the users expect to see improvements.

Re:Great! (0)

Anonymous Coward | about 5 years ago | (#28501763)

Don't feed the trolls.

Re:Great! (5, Informative)

Shikaku (1129753) | about 5 years ago | (#28501803)

What more do you want? Specific examples are key if you actually do care about trying to fix the UI.

Out of the box after you install Ubuntu from the LiveCD, by clicking the Applications (you know, the things you run?) menu:

Firefox: Good internet browser.

Evolution: Email client and reminders.

Tomboy (oops it uses mono): Keep track of notes, can load specific notes for a day. Helpful for Todo lists.

Calculator: Normal 4 function calculator with scientific mode if needed.

CD/DVD Burner: works well.

Screenshot Tool: press printscreen, save picture. Much better than Windows where you press the printscreen button and open up Paint to save it.

Pidgin: All in one IM client. Very customizable.

OpenOffice Word: can open all MS Office documents and is a good Office clone.

Rhythmbox Music Player: Keep track of music, works with lots of USB MP3 players (including iPods).

Totem Movie Player: Limited at first, but when you can't play something, it will prompt you to install the needed codec.

Add/Remove: Miles ahead of anything MacOSX and Microsoft has EVER done. Takes care of everything FOR you: downloading, updating, installing, etc. Just search for what you want through the left side or in the search tab.

It's so easy my girlfriend uses it by herself.

Drivers are handled automatically out of the box. No other OS can actually brag about having the highest device support. If it does not work instantly, chances are there will be a prompt to download and install the driver.

The only issues I think are the most common AND frustrating are installing WiFi drivers through ndiswrapper (ndiswrapper is finicky, but when you get it working it works perfect), relearning all the programs you want to use to do the same things you want to do, Windows games and using Wine, and the fact you will have to do a lot of Googling to do advanced stuff. Luckily more and more WiFi cards are being supported out of the box and Wine is getting much better.

Oh, and it's all free.

Re:Great! (0)

whereiswaldo (459052) | about 5 years ago | (#28502011)

One issue I run into often enough is a CD that won't eject through the UI. I have to open a terminal and type "eject cdrom". That's the kind of thing that would stop a novice in their tracks.

Re:Great! (1, Insightful)

Anonymous Coward | about 5 years ago | (#28502081)

One issue I run into often enough is a CD that won't eject through the UI. I have to open a terminal and type "eject cdrom". That's the kind of thing that would stop a novice in their tracks.

The majority of PC users eject CDs through a UI?

I have always seen even novice users hitting the button on the tray.

Re:Great! (0, Troll)

frednofr (854428) | about 5 years ago | (#28502129)

The novice could, you know, press the eject button.

Re:Great! (4, Funny)

darkpixel2k (623900) | about 5 years ago | (#28501707)

I can see it now... "Kid. This was your fathers laptop. Cherish it as he did. It currently has just over 6 decades of uptime. With any luck, you'll be able to reach 13 or 14..."

Nope (0)

Anonymous Coward | about 5 years ago | (#28502207)

Kid: Ever hear of Moore's Law?
Father: You insensitive clod! Get off my lawn!

Re:Great! (1)

Falcon4 (946292) | about 5 years ago | (#28502335)

And just that same year, a new wireless driver version is finally released since the last version 15 years ago, and requires a reboot.

Re:Great! (4, Funny)

smallfries (601545) | about 5 years ago | (#28502503)

Watched Pulp Fiction too many times but I can't help but read that in a Christopher Walken voice and expect you to continue:

"when he was shot down over Hanoi he had this laptop with him..."

Fedora doing this since F9.. (5, Informative)

gzipped_tar (1151931) | about 5 years ago | (#28501475)

https://admin.fedoraproject.org/pkgdb/packages/name/fedora-ksplice [fedoraproject.org]

fedora-ksplice
Script Collection for Using KSplice on Fedora Linux

fedora-ksplice is a collection of shell scripts to use ksplice in a Fedora environment.

The scripts allow to prepare a kernel for use it with ksplice.

fedora-ksplice-prepare will download the source rpm of the current installed kernel. After this the kernel sources will be created in the rpm build directory. Additional the ksplice subdirectory with the System.map file will be created.

Fedora-ksplice-create will apply a patch given as an argument to the kernel sources prepared by fedora-ksplice-prepare.

Re:Fedora doing this since F9.. (4, Informative)

Ambush Commander (871525) | about 5 years ago | (#28501609)

That's a collection of shell scripts around the free software Ksplice tool that merely automates the task of downloading the Fedora kernel. (The Ksplice software has been released for over a year, and is also packaged in Ubuntu [ubuntu.com] and in Debian [debian.org] , although the ksplice.com apt repo has newer versions.) Ksplice's Uptrack service is a way to automatically apply Ksplice updates that have been vetted for safety by the Ksplice developers, which is a much more convenient thing unless you like reading every kernel patch daily and testing the resulting Ksplice patch yourself.

Left are the Zombies.. (3, Funny)

htiawe (973440) | about 5 years ago | (#28501477)

Now we need a ksplice for zombies instead of having to reboot to clear some of the nasty zombie processes.

Re:Left are the Zombies.. (1)

pintpusher (854001) | about 5 years ago | (#28501665)

someone just posted on debian-user that the way to kill zombies is to have the parent processes try to reap them and if that fails, they should get reparented up the chain until their parent becomes init. Then doing `telinit u` will cause init to restart (while maintaining state) and all the zombies will be dropped. I haven't had the chance to try it.

Re:Left are the Zombies.. (3, Funny)

onefriedrice (1171917) | about 5 years ago | (#28501775)

Actually, it's simpler than that. A child process whose parent dies will be adopted by init immediately (not re-parented up the chain). If the process is a zombie (because of a bad-behaving parent process), removing the zombie is as simple as killing the parent, at which point init will adopt and reap the zombie because init always waits on its children. Running "telinit u" might make init reap the zombie quicker, but it will happen eventually anyway so that command is very much optional (and not recommended since zombies are harmless anyway).

Re:Left are the Zombies.. (3, Funny)

MrNaz (730548) | about 5 years ago | (#28501817)

Zombies are not harmless! You obviously don't watch enough movies.

Re:Left are the Zombies.. (2, Funny)

Tumbleweed (3706) | about 5 years ago | (#28502133)

Zombies are not harmless! You obviously don't watch enough movies.

Look, _clearly_ there are dangers inherent to zombies, but if YOU had watched enough movies, like, say, Shaun of the Dead, you'd realize they can be made into productive members of society (well, videogame consumers, anyway) if handled appropriately.

As the tshirt says, "Reduce - Reuse - Reanimate. Reduce our dependency on the funerary industrial complex." Get with the program!

Re:Left are the Zombies.. (0)

Anonymous Coward | about 5 years ago | (#28501921)

someone just posted on debian-user that the way to kill zombies is to have the parent processes try to reap them and if that fails, they should get reparented up the chain until their parent becomes init. Then doing `telinit u` will cause init to restart (while maintaining state) and all the zombies will be dropped. I haven't had the chance to try it.

Linux needs to discover 'ptree' so its users stop running around like tards wondering where zombies come from. Seriously, zombie processes aren't fucking voodoo.

  - Angry Solaris Admin

Linux has it, they just call it pstree (1)

LukeCrawford (918758) | about 5 years ago | (#28502023)

does just about the same thing.

Difference between Linux and Windows (4, Insightful)

nmb3000 (741169) | about 5 years ago | (#28501497)

This is something I've wondered for a while. Both Linux and Windows have the ability to modify images (executables and libraries) on the fly without rebooting, and most Linux updates do this but Windows usually doesn't. Now we're looking at not only that, but some pretty low level mucking around in the kernel, all while the machine is running.

I know partly why Microsoft doesn't normally do this for Windows [microsoft.com] , but why is it that Linux doesn't have the same problems described in that article? If you replace an executable you can restart it, sure, but what happens if you update libraries with various inter-dependencies?

Yes, rebooting is annoying, especially for important servers, but doesn't it make more sense to be 100% sure that the changes you're making aren't destabilizing the system (doubly for servers) than that few minutes of down time rebooting costs? Just wondering.

Re:Difference between Linux and Windows (5, Insightful)

644bd346996 (1012333) | about 5 years ago | (#28501549)

Most of the people who would want to patch a system without rebooting aren't upgrading to get new features - they're applying security fixes, which seldom break binary compatibility. That makes it pretty safe to replace an in-use library. Once the update has been installed, you can restart the affected services on a schedule of your choosing, rather than have several minutes of complete downtime. I would expect that the reason this isn't attempted as often under Windows is that DLLs don't follow any system-wide rigorous versioning system like what most Linux package managers impose. This, and the presence of closed-source software, makes it much harder to do this with confidence under Windows.

Re:Difference between Linux and Windows (1)

FishWithAHammer (957772) | about 5 years ago | (#28501673)

This is basically the reason, yes. Windows itself is not subject to being unable to move or replace a code image on-disk, of course (although it can cause some weird issues if forced--I've seen applications supposedly paged to disk try to hit up the new image from disk rather than from the page file and puke all over themselves), but really, for most uses it's just not worth the risk. .NET applications can, however, leverage the GAC to do essentially the same thing. As we see more and more movement toward the use of managed languages in the Windows ecosystem (it's going to happen), we'll see fewer and fewer reboots from updates.

Re:Difference between Linux and Windows (1)

Dog-Cow (21281) | about 5 years ago | (#28502485)

I'd like to point out that the behavior you see is actually by design. Windows does not page executable pages to the pagefile because it knows that (under normal conditions) it can swap back in from the original file. When Windows requires the memory being consumed by an executable, it will simply drop those pages and reuse them.

Linux does the exact same thing. The reason why you can replace the file while it's in use is because you are not actually overwriting the file. You are just reusing the name in the directory. The actual contents of the original exist until the file handle is closed when the process exits. That is standard Unix design, which unfortunately Windows does not implement.

Re:Difference between Linux and Windows (2, Informative)

Geoffreyerffoeg (729040) | about 5 years ago | (#28501797)

Well, let's look at the issues raised in the article.

Windows actually can replace a DLL that is in use by renaming the original then copying the new file into place. However, the Windows world prefers not to do this.

Ksplice updates the running code of your kernel (by waiting until no thread is using the function to be patched, then calling the kernel's stop_machine_run function -- the same thing it uses when loading a new module -- while it edits the object code); it doesn't touch your /vmlinuz file on disk. If you want the patches next time you reboot, either recompile /vmlinuz, or have an initscript (like Uptrack's) apply the patches at boot.

Even if you're updating just a single DLL with no dependencies, there are still potential problems since the DLL has to interoperate with previous versions of itself.

One reason Ksplice wins here is that it updates the kernel, which is a single thing, but more fundamentally it avoids this problem by atomically patching every piece of affected code at once. You could actually port the Ksplice technology to userspace, provided you do some userspace equivalent of stop_machine is and patch every process at the same time.

Even if you haven't changed the structure itself, you may have changed the meaning of some fields in the structure. If the structure has an enumeration and the new version adds a new value to that enumeration, that's still an incompatibility between the old and new.

Again, Ksplice has the advantage of updating everything atomically. But there is explicit support for having a hook to be called at patch time, that either updates all existing structures, or does something fancy to mark structures that have been updated, so you know that any unmarked structure needs to be updated before being used.

The Ksplice paper (PDF) [ksplice.com] outlines about how you'd go about writing a data structure transformer to address this (as well as talks about how to solve a host of other problems). See also the CVE evaluation [ksplice.com] , which links to some examples.

So it's not that Windows has to restart after replacing a file that is in use. It's just that it would rather not deal with the complexity that results if it doesn't. Engineering is a set of trade-offs.

which is why this engineering problem is not something Linus Torvalds personally does, but a separate company, Ksplice Inc., is working on full-time. :-)

Re:Difference between Linux and Windows (1)

Bert64 (520050) | about 5 years ago | (#28502183)

I wouldn't bother so much with applying the patches on reboot, if you're going to reboot anyway you could just install the regular updates.

Some clarifacation to parent (0)

Anonymous Coward | about 5 years ago | (#28502519)

I don't necessarily agree with everything Raymond says, but from your post I gather you missed the point a few times.
>Windows actually can replace a DLL that is in use by renaming the original then copying the new file into place. However, the Windows world prefers not to do this. Why?
Your response makes no sense. Explaining how essentially the same operation is done on Linux doesn't explain why Windows preferes not to do this, nor does it explain why it is okay on Linux.
>Even if you replace a file that is in use, there may still be code in the system that wants to use the old version. ... programs that were still using A.DLL keep using the old version, but new programs will use the new one.
Actually, all Microsoft DLLs are compiled in such a way that all their functions can be patched safely, even if the processes using the DLL are not paused. Of course, if the internals of the function influence for example communication between processes or there is some other reason that all processes need to have the same version of the function, you must still let all processes leave the function, but that is doable, at least in principle, on Windows also. Plus, Microsoft owns a technology to patch functions in DLLs that aren't specially crafted which they mainly use internally when debugging programs that don't run correctly on a new version of Windows and stuff like that.
>Now a program ... interoperating with it.
Here Raymond pretty much complains about the problem we just solved. Also note that in many cases as long as the binary protocol doesn't change you don't have to worry about these things. Followed by a snipe along the lines of "people complain that we're slow in developing patches, but we have to deal with all these problems (that we decided not to deal with after all)". I like many of Raymond's interesting and insightful articles, but sometimes he can be so boneheaded.
>So it's not that Windows has to restart after replacing a file that is in use. It's just that it would rather not deal with the complexity that results if it doesn't. Engineering is a set of trade-offs. Do you go to the effort of supporting older versions of yourself for a situation that isn't even a recommended steady-state configuration?
Translation: Windows could, but then we'd have to implement a small piece of software that coordinates the update. And we'd have to tell patch developers to mark if their patch has special needs. It's much easier for us if you reboot your machine, even if that does mean that you'll have to wait for your computer to reboot, reopen all your windows, and restart all long-running background processes, even if that means that if one of them takes longer than a month it will never be finished.

Microsoft's excuse for not updating (5, Informative)

Mask (87752) | about 5 years ago | (#28502063)

After reading Windows Can but Won't [microsoft.com] I am still unimpressed. This article tries to hide a substantial feature preset in Linux but not in Windows. Call it a misfeature, a bug, an engineering decision or a precaution but, as it seems, Microsoft's filesystems do not support file removal well. If a DLL is in use you can't remove it without dire consequence, you are left with modifying the original file.

On Linux, you can remove the DLL without destabilizing running applications. This is because the file is unlinked from the directory structure, appearing as if it was removed, and the old file contents is still accessible to running applications. On Linux, an update mechanism can remove the DLL and put a new DLL in its place without affecting any running applications. Running applications continue using the old DLL, posing no substantial stability risk.

The Linux way isn't perfect either because running applications do not benefit from the update. Such an application will effectively use the old DLL until it is restarted giving a false sense of security. If an affected service is not restarted, then the computer is still at risk.

Re:Difference between Linux and Windows (3, Interesting)

Anonymous Coward | about 5 years ago | (#28502149)

> Windows actually can replace a DLL that is in use by renaming the original then copying the new file into place. However, the Windows world prefers not to do this. Why?

Linux solves this with links. To pick a random example:

lrwxrwxrwx 1 root root 17 2009-06-21 19:04 /usr/lib/libqt-mt.so.3 -> libqt-mt.so.3.3.7
lrwxrwxrwx 1 root root 17 2009-06-21 19:04 /usr/lib/libqt-mt.so.3.3 -> libqt-mt.so.3.3.7
-rw-r--r-- 1 root root 7534253 2008-03-02 12:04 /usr/lib/libqt-mt.so.3.3.7

I'm showing here an output of ls. Say a program open libqt-mt.so.3. It gets 3.3.7. Now I install 3.3.8 while my programs are still running.

lrwxrwxrwx 1 root root 17 2009-06-21 19:04 /usr/lib/libqt-mt.so.3 -> libqt-mt.so.3.3.8
lrwxrwxrwx 1 root root 17 2009-06-21 19:04 /usr/lib/libqt-mt.so.3.3 -> libqt-mt.so.3.3.8
-rw-r--r-- 1 root root 7541660 2008-05-02 15:03 /usr/lib/libqt-mt.so.3.3.8
-rw-r--r-- 1 root root 7534253 2008-03-02 12:04 /usr/lib/libqt-mt.so.3.3.7

So when I install a package, all the new libraries get installed (and their dependencies) and after they are all installed, the symlinks get updated. If a program wants specifically 3.3.7 and is still using it, they can still have that. If they already have that library open, then it stays open. If a new program requests libqt-mt.so.3 then they get the new one.

The interesting thing in linux is that I can now delete libqt-mt.so.3.3.7. If there are any programs that have it open still, the OS will keep the file around. So only when the program quits will the file be really deleted.

For the other problems like:

> When you write code that communicates between processes, you generally expect that the same version of the code will be running in each process

Linux can never make that assumption in the first place, since you other process might not even be on the same machine (exported program) or it might be running in a scratchbox (a completely different environment) etc.

Re:Difference between Linux and Windows (1)

ettlz (639203) | about 5 years ago | (#28502327)

For the other problems like:

> When you write code that communicates between processes, you generally expect that the same version of the code will be running in each process

Why would anyone make that assumption when designing an IPC mechanism?

Windows has been doing this for 6 years (0, Flamebait)

Anonymous Coward | about 5 years ago | (#28501499)

Read up on Windows "Hot Patching". Windows Server 2003 supports this, and so has every version of NT since then.

Here are some links:

http://support.microsoft.com/kb/897341 -- Explains HotPatching, which revs of the NT kernel support it, and which patches are set up for hot patching.

http://msdn.microsoft.com/en-us/library/ms173507(VS.80).aspx -- Explains how to compile images for use with hotpatching in Visual C++

Seriously, get your facts straight. Windows has been doing this for 6 years.

Re:Windows has been doing this for 6 years (2)

Ambush Commander (871525) | about 5 years ago | (#28501599)

Note: Not all security updates support HotPatching, and some security updates that support HotPatching might require that you restart the server after you install the security updates.

Yeah. Rebootless updates. Uh-huh. [ksplice.com]

Re:Windows has NOT been doing this for 6 years (4, Informative)

Anonymous Coward | about 5 years ago | (#28501615)

I did read up on this (via your links) and discovered:

Note Not all security updates support HotPatching, and some security updates that support HotPatching might require that you restart the server after you install the security updates.

and

HotPatching is compatible with security updates that provide isolated fixes for individual functions. HotPatching is not compatible with security updates that update several interdependent functions.

    So Windows does not even theoretically support this to the extent of the ksplice offering and in practice I still (and have since it's release and for the forseeable future) have to reboot 2003 and more recent releases when I apply MS patches.

Re:Windows has been doing this for 6 years (2, Funny)

Anonymous Coward | about 5 years ago | (#28501695)

Well - that explains the reboots.

You Fa1l It.. (-1, Troll)

Anonymous Coward | about 5 years ago | (#28501505)

Hmmmm...... (1)

Maxim Kovalenko (764126) | about 5 years ago | (#28501533)

Nice idea....I just wonder how long it'll be before somebody forks it? ;)

Re:Hmmmm...... (1)

Ambush Commander (871525) | about 5 years ago | (#28501563)

That is an interesting question, no? After all, this company has made all of its software open-source, and if someone else is able generate update, they can "cut in" on Ksplice's market share. (This is forking the service, you're speaking of, not really the software.)

But this is not really a problem unique to Ksplice; it applies to any service based open-source model. And as such, what Ksplice has going for it is expertise: they were the ones who developed the Ksplice tools, they have an intimate understanding of the interplay between the kernel and hot updates, they are the ones who know how to "tweak" patches in order to make them work with the Ksplice system (as I understand, there are some nontrivial transforms necessary for certain updates).

Re:Hmmmm...... (1)

gzipped_tar (1151931) | about 5 years ago | (#28501715)

Or someone just buy them. Candidates: RH, Canonical, and Microsoft (the "extinguish" part).

Re:Hmmmm...... (1)

Ambush Commander (871525) | about 5 years ago | (#28501741)

Why would Microsoft ever want to hire a cadre of Linux kernel developers? It's more likely that Microsoft would find some-odd patent in its catalog and sue them. :-)

Interesting start (2, Interesting)

ErikTheRed (162431) | about 5 years ago | (#28501557)

It's nice to see them running it on Ubuntu 9.04, but if they want to make money they should go after the LTS releases and SLES / RedHat.

Looks cool though.

Re:Interesting start (1)

Ambush Commander (871525) | about 5 years ago | (#28501573)

I'm sure if you talk to them, they can set you up with a pricing model for update streams for these distributions. :-)

Some windows versions have this (0, Flamebait)

JeanBaptiste (537955) | about 5 years ago | (#28501607)

You could update without a box reboot in windows 3.0, 3.1 and 3.11 =P

Re:Some windows versions have this (1)

Bert64 (520050) | about 5 years ago | (#28502193)

You can update applications without rebooting on most OS's...
You couldn't update the underlying OS (DOS) which those versions of the windows application require without rebooting it.

For you geeks that don't "need" 100% uptime... (2, Interesting)

Ambush Commander (871525) | about 5 years ago | (#28501641)

Ksplice is still pretty neat, and worth playing around with (it's very very quick: after installing it's a little like boom boom boom, patches are applied). It also means that you can keep a fully patched kernel without having to compile one yourself every time a new patch comes out; a little different from being rebootless, but eminently useful for us mere mortals.

wait.... (0)

Anonymous Coward | about 5 years ago | (#28501645)

I've been bragging about this for months using kexec...

http://www.ibm.com/developerworks/linux/library/l-kexec.html

not exactly the same but does this mean that I'm not cool anymore?

Re:wait.... (1)

Lennie (16154) | about 5 years ago | (#28502155)

kexec is cool too, it's simple and it really saves a lot of time waiting.

The above is good for kernel patches, like security updates, etc. But not so much for new features, etc. So kexec is good for that.

Less that 20 second reboot. (3, Funny)

yourassOA (1546173) | about 5 years ago | (#28501657)

Isn't that kinda the big thing with Jaunty other that the cooler looking login? They make the boot time real short and two months later "Oh hey you don't need to reboot." This is pointless.

Re:Less that 20 second reboot. (1)

Ambush Commander (871525) | about 5 years ago | (#28501663)

Pointless or improvement?

Re:Less that 20 second reboot. (1)

jackharrer (972403) | about 5 years ago | (#28502685)

I'd say it's WHOOOSH! ;)

Re:Less that 20 second reboot. (1)

DMUTPeregrine (612791) | about 5 years ago | (#28501719)

Pointless, eh? It lets me install security patches when I want, without rebooting. Yet I do reboot for reasons other than patching. I run Kubuntu, FreeBSD, OpenBSD, Slackware, and Windows. I like to test programs I write before releasing them. This lets me avoid rebooting when I don't want to, and the faster reboots with Jaunty make those times when I do want to reboot easier.

Re:Less that 20 second reboot. (1)

jones_supa (887896) | about 5 years ago | (#28502033)

This is pointless.

Not necessarily. You get the best of the both worlds.

Re:Less that 20 second reboot. (0)

Anonymous Coward | about 5 years ago | (#28502105)

Idiot.

Re:Less that 20 second reboot. (1)

Gordonjcp (186804) | about 5 years ago | (#28502153)

This is pointless.

Not really. If I want to reboot, it's faster. If I don't want to reboot, I don't have to. At present I keep my system multi-booting between Jaunty and Gutsy, so I can use either the most recent version or the one with working low-latency audio. I also have a Haiku partition for testing things on real hardware without having qemu get in the way. I reboot quite a lot, and being able to get Jaunty up nice and quickly (although still too slow compared to Haiku) is useful.

One other thing to remember is that both improving boot times and having rebootless updates are both someone's project. Having one doesn't preclude having the other.

aix? (0)

Anonymous Coward | about 5 years ago | (#28501661)

AIX 6.1 seems to have been doing concurrent kernel updates for about a year now, also the power5 and 6 boxes has been doing concurrent firmware updates for better than 3 years now pretty neat features to see hope they get more mainstream.

Re:aix? (1, Insightful)

Ambush Commander (871525) | about 5 years ago | (#28501699)

As a typical geek, I don't care much about AIX's concurrent updates. If I were a corporate dude, I probably wouldn't care too much about AIX's concurrent updates (I'd have to have a lot of other good reasons for switching to AIX). As a geek who runs Jaunty, I care a lot about Ksplice. It's awesome. I can run it on all of my boxen. If I were a geek who runs another distro, I don't care much about Ksplice, except maybe for the fact that we're starting to get rebootless updates into mainstream. But if I were a corporate dude, I care a lot about Ksplice: if I pay these dudes, I can get these updates for *any* system. I don't need no special kernel. I don't need no complex process. I just fork over money and these guys make the magic happen. That's powerful.

Re:aix? (1)

timmarhy (659436) | about 5 years ago | (#28501877)

you sir, aren't fit to call your self a geek if you don't know enough about AIX to care. please leave before such ignorance infects the rest of the population.

Re:aix? (1)

Ambush Commander (871525) | about 5 years ago | (#28501891)

Don't use it, company I work for doesn't use it, don't care.

Re:aix? (0)

Anonymous Coward | about 5 years ago | (#28501951)

I don't use Linux, but I don't pretend it doesn't exist and call myself a geek.

You do NOT qualify as a geek. A geek would at least be interested in learning how different OS's work.

A geek should have the curiosity of a cat. You OTOH just might be a Linux fanboi.

Concurrent Kernel Maintenance (0)

Anonymous Coward | about 5 years ago | (#28501687)

Isn't this already available in AIX 6.1 released by IBM in which the kernel is actually mapped allowing modifications without rebooting? I believe something like 4/5 modules can be changed on the fly.
http://www.redbooks.ibm.com/redpapers/pdfs/redp4367.pdf (PDF) section 2.3.15

Ubuntu (1)

physburn (1095481) | about 5 years ago | (#28501693)

Actually I haven't found i had to reboot ubuntu many times from updates, maybe 4 times a year, after a heavy patch of the Hal or the video drivers. Haven't said that i still haven't upgraded to jaunty. I waited when It was fresh upgrade, then didn't fine the time. Guess i've no excuse now, should be quick, but you have to leave the time, just in case it buggers up your live services.

---

Question is Ksplice reliable enough for online servers. I'd rather manually upgrade and be there to fix the systems, than risk a shoody automatic system going down randomly.

---

Linux [feeddistiller.com] Feed @ Feed Distiller [feeddistiller.com]

Re:Ubuntu (1)

Korin43 (881732) | about 5 years ago | (#28501787)

Think of it in terms of uptime. 99.99% uptime means you're down for ~52 minutes per year [google.com] . Rebooting 4 times a year could mess that up.

What the hell are (1)

bruce_the_loon (856617) | about 5 years ago | (#28501945)

you running that takes 13 minutes to boot up?

I've got server rooms that come up completely from power failures in less time than that. And that's staggered starts of switches, DNS, DHCP and AD before everything else.

And if it's a planned update, then your uptime percentage ain't affected anyway.

planned outages are still outages (1)

LukeCrawford (918758) | about 5 years ago | (#28501975)

you seriously think I can tell my customers that they will get rebooted next week and expect them to be OK with that? Sure, if you are running windows, your users are used to it, but I know for me, a reboot is a reboot is a reboot; and usually it is followed by a number of customers leaving. It's not just the downtime; many customers (I provide VPSs) configure services by hand, which means that when it comes back up, it's wrong.

That said, it will be a long time before I use Ksplice on the Dom0, just 'cause a planned reboot, while bad, is still much better than an unclean shutdown. I tend to be very conservative on those boxes.

Re:planned outages are still outages (1)

Bert64 (520050) | about 5 years ago | (#28502215)

With virtual images, it should be possible to migrate images from one system to another without shutting it down, so you can upgrade your physical servers one by one without the users noticing..

do serious SLAs really exclude planned (1)

LukeCrawford (918758) | about 5 years ago | (#28501995)

outages from the uptime calculation? I thought only really shady companies; the type that put up the 'site is down for maintenance' page when something breaks, excluded planned downtime from the sla. I don't exclude planned downtime from my SLA http://book.xen.prgmr.com/mediawiki/index.php/SLA [prgmr.com] - in fact, the last time I paid out a SLA the downtime was planned; I was moving some servers from one rack to another.

I just can't imagine the phone company saying "oh, yeah. the phone outage was planned, so we still have 100% uptime"

load of wank (2, Insightful)

timmarhy (659436) | about 5 years ago | (#28501799)

if the fix affects a service i'm currently running, you still have to restart the service, so all this is doing is perpetuating the usual stupid uptime measurment of performance, which isn't indicative of the systems avaliablity.

get back to me when you have found a way to patch my network service without dropping the current open sessions, then i'll be really impressed.

Re:load of wank (2, Interesting)

Geoffreyerffoeg (729040) | about 5 years ago | (#28501889)

Actually, Ksplice provides live patches. The ones Uptrack distributes are all to the kernel, and obviously not restarting the system requires not restarting the kernel.

The Ksplice technology [ksplice.com] itself is free software, and can be ported to userspace (but that hasn't been implemented yet by the Ksplice people). But if your network service is an NFS server or something, or you're fixing a security bug in the kernel, then Ksplice can apply it to a running system without affecting existing sessions / connections.

Re:load of wank (1)

timmarhy (659436) | about 5 years ago | (#28502045)

so if i'm running NFS with 1000 users connected to my mission critical system, and i apply a patch using ksplice, it will upgade my NFS service for all new connections (immediately without a restart of the service) and won't require dropping the existing connections? the only possible way i can see this working is some kind of virtual machine system because anything else would mean 2 services sharing a port (which won't work). and if it's a virtual machine it's going to mean a performance hit, which would be unacceptable for many applications.

Re:load of wank (1)

Enleth (947766) | about 5 years ago | (#28502225)

That's right. It's modifying the in-memory binary image (that is, the machine code), while it's actively up and running.

Re:load of wank (2, Informative)

Lennie (16154) | about 5 years ago | (#28502269)

This is about patching the kernel, it usually doesn't need to change the kernel structures, but it changes the functions. So it put the new function in kernel space and changes a pointer to the function. When doing this it temporarily slows down the kernel and calls the same function as is done when loading a module. That's what I think it does, but if you must know, read the PDF: http://www.ksplice.com/doc/ksplice.pdf [ksplice.com]

For all those that think this company is doomed because they released all their code as open source, let me tell you that they released the automated tooling, but the automated tooling could in the time they tested it (from the article last year) 'only' handle 84% of the time. All the other times, on average about 17 lines of code needed to be written.

I think it would be cool if the distribution makers actually paid this company to do these patches for the distribution-kernels. Although I guess that means something like Debian may be left out ? Then again, a little more then 80% isn't bad either. ;-) And I think I've read on lwn.net they have actually improved on that number in the past year, but I'm not sure. Anyway we also have kexec to shorted the reboot time.

Re:load of wank (0)

Anonymous Coward | about 5 years ago | (#28502395)

That's not how it works - you can't live-update a kernel any more simply just because it is in a virtual machine.

The trick is something like applying a "binary patch" to the running code, in-memory that is. This wouldn't drop your connections I suppose.

Re:load of wank (-1, Troll)

Anonymous Coward | about 5 years ago | (#28501925)

Well well well another World of Warcraft dummy who has never held a job even picking up lint near a server room. The length of time of booting some servers vs restarting Apache, a massive SQL server, or a custom app server vs shutting down your services, shutting down the server, bringing the server back up (some servers are annoyingly slow with with SCSI and RAID detection) and then when your system gets into a usable state, starting your service. I don't know $SERVICE_RESTART_TIME sounds much better than $SYSTEM_REBOOT_TIME + $SERVICE_START_TIME. Go back to playing Wow with your penis in hand and leave the real work to the employed adults.

Re:load of wank (0, Troll)

timmarhy (659436) | about 5 years ago | (#28502069)

rofl, boy i have worked on more critical systems than you will ever dream of. in the real world (no not running your henati website from your home dsl) there is plenty of instances were dropping the current connections to a service is just as bad as a reboot - i've worked in processing labs where dropping database connectivity for even a second jams up 100's of insturments, or even worse on older equipment which isn't smart enough to buffer, you loose results to important tests which cost time and money to redo.

hence why i'm saying something that would allow a service restart without dropping current activity would be a god send.

Re:load of wank (1)

Repossessed (1117929) | about 5 years ago | (#28502775)

Kernel level updates normally don't take effect until you reboot and load the new kernel. This includes a fair number of security updates.

Kexec? (1)

dandart (1274360) | about 5 years ago | (#28502567)

In ANY distro, kexec can provide rebootless updates!
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...