Technology Review
Ksplice uses new technology to build security updates for Linux that can be installed without restarting.
"Restart required." The words are guaranteed to bring a groan from computer users. And for busy system administrators, they are even more annoying: applying critical system updates to protect a machine against attack must be balanced with the demands of hundreds or even thousands of users. Software from a new company called Ksplice addresses this dilemma with updates that do not require a restart.
In order to install an update while a computer continues running, a software patch must be carefully structured so that it doesn't interfere with the operating system's current operations. This is a difficult and delicate process, and Ksplice addresses it by working at a different level of computer architecture. Most update technologies use the same programming language as the operating system itself. The computer has to translate these instructions into a lower-level language. Ksplice's software sidesteps this process, analyzing the changes that an update would make at a low level and implementing them using the lower level language.
The technology was developed by cofounder Jeff Arnold while he was a graduate student at MIT, and last week, it won the grand prize at the Institute's $100K Entrepreneurship Competition.
Waseem Daher, cofounder and chief operating officer, explains that the approach adopted by Ksplice saves it from restructuring instructions in a higher-level programming language on the fly. So far, Ksplice has developed its new update technology for the Linux operating system--which is commonly used to control server machines--although Daher says that the technology could work on other operating systems too.
Ksplice is intended to work for all security patches. "If you don't have a complete solution, it's basically useless," Daher says.
In tests conducted from May 2005 to May 2008, Ksplice was able to install 88 percent of Linux security updates automatically and without a reboot. The remaining updates could be installed without rebooting when a human programmer added a few lines of code.
Ksplice hopes to license its technology directly to software vendors, and then provide the human expertise needed to keep the system working. While Ksplice searches for deals with vendors, Daher says that the company will offer a subscription service to convert patches for clients so that they do not require a reboot.
Device drivers account for most crashes and even introduce security problems; a new testing tool could provide an early warning.
A startup hopes to help computer users tune their machines.
Security firm aims to make installing updates as painless and invisible as possible.
"Before Ksplice, everyone assumed that rebooting for updates--choosing between being secure and staying up--was just a technical necessity that nobody would overcome."
I'm not sure what rock he's been hiding under, but that's just plain false. Microkernels have been handling this sort of thing transparently for years, if not decades. Rebooting for updates is only a fact of life in the monolithic kernel world.
Manufacturing in the United States is in trouble. That's bad news not just for the country's economy but for the future of innovation.
This document is part of the “How-To Guide for Most Common Measurements” centralized resource portal. This tutorial provides a detailed guide for measurement and device considerations to take temperature measurements using thermocouples. Get an introduction to thermocouples, which are inexpensive sensing devices widely used with PC-based data acquisition systems. Also review some specific thermocouple examples and learn how thermocouples work and ways to integrate them into a data acquisition measurement system.
View full PDF >
Listen to story > 
Our list of the 50 most innovative companies, including the following:
On Twitter
Become a Fan on Facebook
Subscribe to the Feed
colinnwn
88 Comments
Linux... Reboot... What ???
This article was either poorly written, or I think Ksplice missed their market.
Unless you are talking about kernel updates only, Linux can install 95% of updates without a reboot already. Just the updated service may have to be stopped and restarted causing a second or 2 of downtime, which is completely manageable for web servers. Now if they can keep the kernel updated without a restart, that is pretty sweet stuff.
Regardless, I think they would have more immediate commercial success if they started out installing Windows Server updates, then quickly pushed it down to Windows Desktop updates. Weekly server updates causing up to 2 hours of downtime at my company get old. I think other companies, and perhaps even Microsoft, would be interested in implementing rebootless updates rather quickly.
Reply
Erica Naone
70 Comments
Re: Linux... Reboot... What ???
We are talking about kernel updates, yes.
Reply