“Restart required.” The words are guaranteed to bring a groan from computer users. And for busy system administrators, they are even more annoying: applying critical system updates to protect a machine against attack must be balanced with the demands of hundreds or even thousands of users. Software from a new company called Ksplice addresses this dilemma with updates that do not require a restart.
In order to install an update while a computer continues running, a software patch must be carefully structured so that it doesn’t interfere with the operating system’s current operations. This is a difficult and delicate process, and Ksplice addresses it by working at a different level of computer architecture. Most update technologies use the same programming language as the operating system itself. The computer has to translate these instructions into a lower-level language. Ksplice’s software sidesteps this process, analyzing the changes that an update would make at a low level and implementing them using the lower level language.
The technology was developed by cofounder Jeff Arnold while he was a graduate student at MIT, and last week, it won the grand prize at the Institute’s $100K Entrepreneurship Competition.
Waseem Daher, cofounder and chief operating officer, explains that the approach adopted by Ksplice saves it from restructuring instructions in a higher-level programming language on the fly. So far, Ksplice has developed its new update technology for the Linux operating system–which is commonly used to control server machines–although Daher says that the technology could work on other operating systems too.
Ksplice is intended to work for all security patches. “If you don’t have a complete solution, it’s basically useless,” Daher says.
In tests conducted from May 2005 to May 2008, Ksplice was able to install 88 percent of Linux security updates automatically and without a reboot. The remaining updates could be installed without rebooting when a human programmer added a few lines of code.
Ksplice hopes to license its technology directly to software vendors, and then provide the human expertise needed to keep the system working. While Ksplice searches for deals with vendors, Daher says that the company will offer a subscription service to convert patches for clients so that they do not require a reboot.
When designing an embedded system choosing which tools to use often comes down to building a custom solution or buying off-the-shelf tools.