alt Hacker NewsYes, I remember feeling pride in the stability of my systems when I saw a large uptime. I had a server that had 1000 days of uptime, once. Now when I see a large uptime, I'm terrified of what security patches the kernel may be missing!
Replies
I still remember the days of servers as pets, rather than cattle, and I was harping about server uptime. A wizened server admin piped in and said he rebooted his servers once a week. Said, if you do it any less frequently, then the odds of catching an error causing change while the person who made said change (possibly himself) is still around and can remember what they did go down precipitously. So, to avoid headaches and potential downtime when it mattered, he would just take servers out of rotation and reboot them, and make sure they came back online.
Live Kernel Patching has been around for about 20 years[-1] now.
Red Hat Enterprise Linux[1] and Oracle (Enterprise Linux) Unbreakable Linux[2] both use it as a selling point.
This feature is still a bit ad hoc because, in most setups, rebooting a system isn't a huge burden and is much simpler than using boutique commands to live-patch it.
[-1] https://en.wikipedia.org/wiki/Ksplice
[1] https://www.redhat.com/en/topics/linux/what-is-linux-kernel-...
Thankfully there's livepatching (e.g. https://ubuntu.com/security/livepatch )
8:59PM up 1858 days, 22:51, 1 user, load averages: 1.69, 2.21, 1.60
dblrabbit@cookie:~ $ uname -a
FreeBSD cookie.server 12.2-BETA1 FreeBSD 12.2-BETA1 r365618 GENERIC amd64
9:05PM up 1859 days, 13 mins, 1 user, load averages: 1.19, 1.32, 1.39
dblrabbit@mookie:~ $ uname -a
FreeBSD mookie.server 12.2-BETA1 FreeBSD 12.2-BETA1 r365618 GENERIC amd64
9:14PM up 245 days, 8:46, 1 user, load averages: 1.26, 0.97, 0.91
dblrabbit@dragoness:~ $ uname -a
FreeBSD dragoness 16.0-CURRENT
5years; I'm 37 now, I was 32. Life seemed easier then.
Ksplice came out of MIT in 2008, which updates your kernel while it's running. No need to reboot! Supports Ubuntu.
I worked in a place with a lot of Solaris servers with years-long uptime. It would be my job to patch them. Having no idea what config changes that may have happened over the last 3 years which would take effect on boot was always terrifying.