← Back to context

Comment by pjmlp

17 hours ago

There is something like live patching.

One reason mainframes and micros are still around us, is that you can change almost everything between hardware and software without downtime.

It is also available in commercial surviving UNIXes, and as paid for feature in some Linux distros, although not to the extent that those grandparent systems are capable of.

22 comments

pjmlp

Reply
da_chicken  15 hours ago

The problem with live patching is twofold.

First, you might not reload everything in memory, so it will be patched on disk but not in process.

Second, you have not tested that the system can boot to a functional system. Say you have done live patching for 5 years and never rebooted, and then you have a power loss or hardware failure/upgrade that takes the system down. When you try to bring it back up, it doesn't work. Which configuration change in the past 5 years caused that? Which backup do you use?

And, yeah, everything is hot swappable on VAX. Those machines also cost 6+ figures, and often require a service contract that includes a permanent on site tech.

  • kjs3  8 hours ago

    And, yeah, everything is hot swappable on VAX.

    Only the last generation or 2 of the highest end VAXen had any significant hot swap (VAX 9000/400 and later, which sold very poorly). The vast majority of VAX machines didn't. Even hot-swapping DSSI disks was at best iffy.

    When someone whose been there talks about VAX 'high availability', they're usually talking about VAX/VMS clustering. Very cool and generally effective approach to the problem. That was one big issue with the end-game VAXen: clustering a couple of 6-figure mid-range machine was often considered a better solution than all-in on one 7- to 8-figure VAX 'mainframe'.

    often require a service contract that includes a permanent on site tech.

    I don't recall that being common with DEC service contracts. Most of the sites I know of that had dedicated DEC techs were either very large installs or had...other...drivers (e.g. tech had to have a TS clearance to work on the machines).

  • mx7zysuj4xew  10 hours ago

    Which is moot, because of the system is important enough you'll have an automatic failover to another system running on standby

    All this "we must reboot to test" is bullshit excuses by unqualified workers

    • z3t4  9 hours ago

      Had an accidental reboot, and it could not boot. Had redundancy, but the other server had failed silently days prior. Solved it with three way redundancy and extra monitoring. Systems fail in many ways at the same time. If you do not test it, there is a chance it wont work. Controlled failure is preferred over unknowns, like rebooting once in a while just to make sure it works.

    • X0Refraction  8 hours ago

      Not sure I'm following honestly. Your primary goes down and it fails over to the secondary (which becomes the primary), but if you can't boot how do you then get another secondary ready to fail over to again when the new primary inevitably fails?

    • close04  5 hours ago

      Ah, spoken with the confidence of a freshly minted qualified worker :). Anything you don’t test is a wish, not a production system. You either know that your systems work end to end because you tested periodically, or you pray they will.

      How do you know the automatic failover works? How do you know the standby system works?

      I’ve seen many a “qualified workers” getting sent packing because they never fully tested the prod system because they just knew everything will work, and never tested the backup systems because qualified workers do the job right the first time, no need for backup.

  • coldtea  13 hours ago

    >First, you might not reload everything in memory, so it will be patched on disk but not in process.

    You design for this with generational tagged objects or something similar.

  • pjmlp  12 hours ago

    Yes, some things actually cost money, especially if they aren't easy to implement.

  • fragmede  2 hours ago

    You patch it in memory and on disk. What you put on disk is the patch though, so when you restart, the original unpatched version is booted, and then the same live patch is applied. This is how Ksplice worked. It has the advantage that there isn't a config file in /etc to get changed out from under it, so the second problem did not apply.

silvestrov  15 hours ago

A Danish bank found out that this can bite you in the ass.

When you hotpatch the system for years then you have no idea if the system can boot up or it will fail somewhere in the booting process.

i.e. you can only trust what you regularly test.

mesrik  10 hours ago

You should't need mainframe for 100% (or five nines if that's fine) service uptime.

You can build that way cheaper with 2-3 proper clustered load balancer units, 2-3 application servers behind those and those using persistent storage (databases,ldap, files) which allow writing multiple nodes simultaneously.

I used to work uni that we had few services from 2012 to 2025 my retirement with zero downtime. One time my manager with tech background tried to add PBR in hurry using WebUI and did not understand cli syntax and caused close to require reboot, but I was able to fix it from cli rolling back previous config and rebooting one unit at time. Upgrading software major version up to each unit supported level wasn't hard, upgrade node it joins back cluster, upgrade another node and it joins cluster, all done. Few times I had to fix manually config for some less important test backend servers that I had forgotten to change before upgrade. No big deal. No major outages during all that 13 years time happened. Some redirecting policy and action syntax was first hard to understand and learn like GeoIP, but I was very surprised how darn reliable and nice they to use and maintain.

The LB's were (Citrix) Netscalers in clustering mode (all nodes process traffic concurrently), which allowed live update one node at time without losing any connectivity through them. That wouldn't have been possible devices in just HA mode.

We had just 2 beefy units which worked very well for us, but you can have 2-32 of them in cluster and managing thousands of servers behind them if you need that. Netscalers are FreeBSD derived where quite a bit of the TCP/IP stack was rewritten adding support many some quite odd features std FreeBSD doesn't have. Much of that is IP/ethernet multicast features, PBR's, Traffic Domains (VRF's) and of many service and monitoring processes which sync cluster (or HA) and if node fails another can continue straight from there without any loss of traffic to clients being proxied.

Though I think most people in this forum are familiar with with haproxy, pound and web-server software provided reverse proxying.

A car analogy if previous were your fancy sport sedan Netscaler and F5 BigIP are formula F1 class cars ie. quite different beasts altogether.

e: And proper LB's are not just for HTTPS etc. but very nice proxying many other protocols were they TCP, UDP or something else. We did done VPN's and something like Cisco AP'S CAPWAP (DTLS ie SSL over UDP). e: typo.

  • pjmlp  10 hours ago

    > You should't need mainframe for 100% (or five nines if that's fine) service uptime.

    Hence my second paragraph.

    Thanks for sharing the story.

Scramblejams  17 hours ago

I’ve long wanted that amazing uptime and virtualization and huge I/O and all that cool stuff mainframes offered, but on the desktop or in the closet, with modern CPUs.

I think I’m gonna hafta keep waiting...

ErroneousBosh  15 hours ago

> One reason mainframes and micros are still around us, is that you can change almost everything between hardware and software without downtime.

We have some Sun V880s at work and I'm fairly sure the only part you cannot change with the power on and system running is the motherboard itself.

And I would not be surprised if some ex-Sun Gandalf Beard "well akshully"s this comment.