Comment by testartr
18 hours ago
every week when I login into my Ubuntu with unattended updates enabled I see this: "system restart required".
the hot patch feature you mentioned is paid
18 hours ago
every week when I login into my Ubuntu with unattended updates enabled I see this: "system restart required".
the hot patch feature you mentioned is paid
On Ubuntu, when this message is shown, most of the updates except the kernel are already applied so you are mostly pretty secure. And you can choose when that will happen. And it’s just a normal reboot.
On Windows, IIRC, you are blocked during the whole update process which can take several minutes.
Ubuntu's stable builds do not upgrade kernel and its close vicinity every week, AFAIK. I have a couple of servers with unattended updates enabled, and they do not greet me with "System Reboot Required" banner every week, and if that's required, the server is back with all services running <30 seconds.
OTOH, I upgraded my parents' PC yesterday, after three months of downtime. It really took at least two hours and four reboots. The machine was screaming and the task manager showed a blue rectangle for CPU load (uninterrupted 100%) and a green one for the disk load (again, uninterrupted 100%) while nothing was usable all the time.
Same process takes <10m in Linux (specifically Debian), and an optional reboot, without any hardware load drama.
Weird. My windows PC updates like your Linux machine. How often do update vs your parents? Maybe they had some larger “half” releases pending (I.e. closer to a major macOS release, which also take time)
5 replies →
Not to derail but there are issues with kernel patching. If it does work you start building a very large matrix of various levels of hot patches and then sometimes it just doesn’t.
If my company was worth a trillion dollars and an entire multi-billion dollar industry (cybersecurity) had grown because of my security inadequacies I would figure it out.
In fact, they already figured out hotpatching and will sell it to you for server 2025.
It is also paid for windows. It shouldn't be.
Off topic, but I'm pretty sure that Ubuntu's livepatching is just kpatch under the hood,
https://ubuntu.com/blog/an-overview-of-live-kernel-patching
Note, that you can also keep the userspace unchanged by hibernating and then choosing the new kernel on boot. It is not truly live patching, since you have still downtime, but pretty close.