The holy grail of 100% uptime is a little bit closer

ksplice
Whether your a systems administrator managing hundreds or thousands of machines, or a freelance designer working on your trusty laptop, chances are that a mandatory system update has, at one time or another, interrupted your day with a mandatory reboot. When it’s just your laptop, it’s not so bad — get a refill on that coffee! — but when it’s hundreds or thousands of machines, it can be a logistical nightmare. Now a new company called KSplice is looking to make all our lives a little easier by applying system updates to a running computer without requiring a reboot!

Currently available only for Linux, the KSplice secret sauce applies system updates directly to the running system, without requiring a reboot.

Ksplice allows system administrators to apply patches to their operating system kernels without rebooting. Unlike previous hot update systems, Ksplice operates at the object code layer, which allows Ksplice to transform many traditional source code patches into hot updates with little or no programmer involvement. In the common case that a patch does not change the semantics of persistent data structures, Ksplice can create a hot update without a programmer writing any new code.

Security patches are one compelling application of hot updates. An evaluation involving all significant x86-32 Linux security patches from May 2005 to May 2008 finds that most security patches—56 of 64—require no new code to be performed as a Ksplice update. In other words, Ksplice can correct 88% of the Linux kernel vulnerabilities from this interval without the need for rebooting and without writing any new code.

If a programmer writes a small amount of new code to assist with the remaining patches (about 17 lines per patch, on average), then Ksplice can apply all 64 of the security patches from this interval without rebooting.

For those so inclined, a KSplice technical paper is available for your perusal.

Via Technology Review.