Up to date: Ksplice software can be used to install updates on a Linux computer without a reboot. The green lights indicate updates that have already been installed.
Since February 2008, MIT has used the technology to update two critical servers, one of which gets more than 37 million hits each month. Greg Price, who is on the executive committee of the MIT Student Information Processing Board, which maintains the servers, says, “Before Ksplice, everyone assumed that rebooting for updates–choosing between being secure and staying up–was just a technical necessity that nobody would overcome.”
Michael Hicks, an associate professor of computer science at the University of Maryland, says that a reliable system for updating without restarting could have a major impact. However, Hicks adds that doing the job safely is a major challenge. “The whole point of live updating is to keep the system running correctly,” he says. “If applying the patch causes the system to crash or makes it run incorrectly, then we’re no better, and potentially worse, than we would be otherwise.”
While Hicks is impressed by how much Ksplice can do automatically, he says that more research is needed to make the technology useful for a broader range of patches. He is researching this himself through a project called Ginseng.
Iulian Neamtiu, an assistant professor of computer science at the University of California, Riverside, who has also worked on Ginseng, says that Ksplice is aimed at a market that sorely needs it: Internet services running on Linux, such as e-mail and Web servers. It’s of paramount importance for these services to apply security updates as soon as possible without sacrificing availability to clients, Neamtiu says. But he hopes to see similar technologies used in other contexts. “I would love to be able to update the operating system or the applications I use on my laptop, desktop, or cell phone without having to reboot,” he says.
Gain the insight you need on security at EmTech Digital.
Watch video from the event