Comment by mapontosevenths
15 hours ago
Are you aware that MS already sells an operating system that can install patches without rebooting? Are you also aware that Linux can do the same? Why can't a supposedly mature 40 year old operating system do the same? Do you have any concept of the number of man-hours it would save globally? The amount of lost work? The impact on patching compliance and security?
My guess is they don't actually believe they have any competition, and therefore don't care to improve anything that doesn't also improve their bottom line.
every week when I login into my Ubuntu with unattended updates enabled I see this: "system restart required".
the hot patch feature you mentioned is paid
On Ubuntu, when this message is shown, most of the updates except the kernel are already applied so you are mostly pretty secure. And you can choose when that will happen. And it’s just a normal reboot.
On Windows, IIRC, you are blocked during the whole update process which can take several minutes.
Ubuntu's stable builds do not upgrade kernel and its close vicinity every week, AFAIK. I have a couple of servers with unattended updates enabled, and they do not greet me with "System Reboot Required" banner every week, and if that's required, the server is back with all services running <30 seconds.
OTOH, I upgraded my parents' PC yesterday, after three months of downtime. It really took at least two hours and four reboots. The machine was screaming and the task manager showed a blue rectangle for CPU load (uninterrupted 100%) and a green one for the disk load (again, uninterrupted 100%) while nothing was usable all the time.
Same process takes <10m in Linux (specifically Debian), and an optional reboot, without any hardware load drama.
6 replies →
Not to derail but there are issues with kernel patching. If it does work you start building a very large matrix of various levels of hot patches and then sometimes it just doesn’t.
If my company was worth a trillion dollars and an entire multi-billion dollar industry (cybersecurity) had grown because of my security inadequacies I would figure it out.
In fact, they already figured out hotpatching and will sell it to you for server 2025.
It is also paid for windows. It shouldn't be.
Off topic, but I'm pretty sure that Ubuntu's livepatching is just kpatch under the hood,
https://ubuntu.com/blog/an-overview-of-live-kernel-patching
Note, that you can also keep the userspace unchanged by hibernating and then choosing the new kernel on boot. It is not truly live patching, since you have still downtime, but pretty close.
I'd wager further, is they've by this point long since bled out their top talent. Pretty soon that motor is going to run out of oil.
> Are you aware that MS already sells an operating system that can install patches without rebooting?
No. Which OS is that ? Even to update Office they throw an annoying popup and then another one to start the update and a dark pattern (close button accesible with a hidden scrollbar and no window controls) one to tell you it is finished.
Server 2025. They upsell it as a subscription because they can. Before that it was also available in Azure.
https://www.microsoft.com/en-us/windows-server/blog/2025/04/...
It is security patches only. To take all the other patches you do need to reboot, which is why it still has quarterly reboots. No real OS has solved this problem.
1 reply →