Sign in / up

back to article All grown up: Raspberry Pis running Ubuntu added to IoT patching service KernelCare

CloudLinux has added the Raspberry Pi to its KernelCare patching service, although only if you're running Ubuntu. While CloudLinux might have recently been in the headlines regarding its CentOS alternative, its KernelCare service has been ticking over quietly since 2014, patching the running kernel when needed "with zero …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Anonymous Coward
    Anonymous Coward

    We looked at KernelCare a while ago. Didn’t end up using it - patches didn’t seem to be released in a timely fashion & the comms channel was a bit of a bodge (forum or news area on their website, IIRC). Also our security folk weren’t happy with their lack of certification.

    Zero-downtime is a bit of an ops own goal too. It’s much better to check your systems & services can withstand the odd restart.

    Others’ mileage may vary and this might be a fun thing to play with on a Pi, but I’d never look at it for production systems again.

    9 0 Reply
    1. b0llchit Silver badge
      Reply Icon
      Meh

      Redundant service

      This is why you design redundancy in your infrastructure and services. If you rely on "always working on one machine" then you will get a surprise when something fails. It may be the hardware, it may be a network- or power-glitch. Something will always go wrong with a single point of failure. That is why you have hot- and cold-standby systems to take over.

      But building redundancy is both hard and expensive. That is apparently why the CxO level are such experienced people in applying apologies. And here you can see, the CxO level have redundant operational power where the 'x' in CxO may be any character from the alphabet. No real change in figurehead visible when you change the character. Now, maybe invest some of that CxO money in real technological redundancy?

      8 0 Reply
    2. Lomax
      Reply Icon

      Yeah, and reboots are pretty quick on my Devuan IoT Pis. I always run with automatic security updates, and take into account when designing the system that individual machines will reboot occasionally. Never had a problem. Oh actually, I did have an issue where my OpenVPN connection sometimes wouldn't come back up after a reboot, but I fixed that with a little bashing. I use Mosquitto for messaging, which holds messages until delivered, and Node-Red for flow control, with cold start initialisations. Rebooting is not the drama it used to be.

      5 0 Reply
  2. Pascal Monett Silver badge

    Wow

    "The system works by allocating kernel memory for the new code, pauses all processes, modifies the original functions, jumps to the new code, then resumes processing. No reboot is required. "

    Elegant, simple and efficient.

    In other words, nothing to do with Borkzilla.

    2 0 Reply
    1. thames
      Reply Icon

      Re: Wow

      Ubuntu already have live kernel patching. They call it "Livepatch". When you install Ubuntu they ask you if you want to enable it. I never have because I don't see a personal need for it.

      I don't think they have it for the Raspberry Pi yet however.

      2 0 Reply
  3. Howard Sway Silver badge

    failure to patch a connected IoT device can range from inconvenient to catastrophic

    to hilarious.

    I'm on the side of restart after patching myself. The idea that someone could reorder a struct full of pointers somewhere, and have a function resume that uses it without being aware of the fact is too nasty to contemplate.

    8 0 Reply
    1. Claptrap314 Silver badge
      Reply Icon

      Re: failure to patch a connected IoT device can range from inconvenient to catastrophic

      Yes, yes, and yes.

      As I've mentioned, my only proper brush with hacking failed at first because an OS update (on the Amiga) added a pointer to a structure that was not there before.

      What's the difference between a reboot and five minutes of network congestion, anyway? Just design your systems to actually be used.

      0 0 Reply
  4. sreynolds Silver badge

    They still sticking with Broadcom.

    That company has such a fine opensource reputation. NOT.

    0 3 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like