Ostd.ksplice.talk

•Download as ODP, PDF•

0 likes•401 views

This document discusses Ksplice, a technology that allows patching of the Linux kernel without requiring a reboot. Ksplice works by comparing the old and new object code of the kernel, generating a delta patch, and using address redirection to load the new code without interrupting running processes. It was developed at MIT and later acquired by Oracle. While promising for high availability systems, questions remain around its licensing and whether it infringes any patents.

OpenSource Trends Days 2012
Ksplice
Linux kernel patching without a reboot
Udo Seidel

OpenSource Trends Days 2012
Agenda
● Who?
● Why?
● How?
● Show!
● And?

OpenSource Trends Days 2012
Me :-)
● Teacher of mathematics
and physics
● PhD in experimental physics
● Started with Linux in 1996
● Linux/UNIX trainer
● Solution engineer in HPC
and CAx environment
● Head of a international distributed sysadmin team

OpenSource Trends Days 2012
Why kernel updates?
● Business critical applications on Linux
● Bug fixing
● New functions or improvements
● External requirements
● Importance of security, e.g. PCI-DSS

OpenSource Trends Days 2012
What is 'wrong' with reboots?
● Missing HA
● Procedures, Operations, ...
● External requirements

OpenSource Trends Days 2012
Do we really need a reboot?
Question ....

OpenSource Trends Days 2012
Looking back and around
● Not new
● mainframes
● hot updates for Unix
● Early days of Linux
● Picked up 'recently'
● Rootkits

OpenSource Trends Days 2012
How?
Hotfix preparation

OpenSource Trends Days 2012
Source code comparison
● One approach for generation of hot updates
● Looks simple ... but
● High programming language skills needed
● Analysis complex
● Code replacement unclear

OpenSource Trends Days 2012
Object code comparison
● New approach for generation of hot updates
● Advantages
● Reduced need for developing skills
● Implicit patch analysis
● Can be automated
● Challenges
● Object code generation
● Code replacement

OpenSource Trends Days 2012
Ksplice arises ...
● 2008/2009
● 4 students @ MIT
– Thesis from Jeff Arnolds
● Ksplice Inc. founded
– GPLv2
– Supported: Debian, Ubuntu, Fedora, CentOS, RHEL
● July 2011
● Acquired by Oracle

OpenSource Trends Days 2012
Ksplice – high level
● Patching original source code
● Generation of new object code
● Comparison of 'old' and new object code
● Load of the delta code
● Address redirection to activate new object code

OpenSource Trends Days 2012
Ksplice – how it works part I

OpenSource Trends Days 2012
Ksplice – some first details
● Creation of dedicated sections for functions and
structures of source code
● Identical compiler recommended
● Unnecessary replacement code possible
● Memory addresses?

OpenSource Trends Days 2012
Address determination – first trial
● Symbol to address translation
● Known from core dump analysis
● /boot/System.map
● Does not work here :-(

OpenSource Trends Days 2012
Address determination by Ksplice
● Pair up object code on disk (PRE) with object
code in memory (RUN)
● Filter of 'wrong' symbols
● Analysis of unknown address in PRE objects
via RUN objects

OpenSource Trends Days 2012
Address determination by Ksplice

OpenSource Trends Days 2012
Ksplice - more details
● Cancel if unexpected event during PRE-RUN
comparison
● PRE-RUN comparison => kernel module

OpenSource Trends Days 2012
Ksplice – how it works part II

OpenSource Trends Days 2012
Last step
● Tell the kernel to use the new object code
● Kernel module ksplice.ko
● Load the new object code
● Kernel module ksplicenew.ko

OpenSource Trends Days 2012
What else
● Limitations
● Scalability
● Patch context
● Patch size
● Unclear
● Patent violation?
● license

OpenSource Trends Days 2012
How?
Hotfix application

OpenSource Trends Days 2012
Client side
● Download via Ksplice client
● Modification of depmod and modprobe
● Update of initial ram disk
● Automation via SysV init scripts

OpenSource Trends Days 2012
Client commands
Command description
uptrackinstall Install available patch(es)
uptrackremove Remove installed
patch(es)
uptrackshow Status of installed and/or
available patches
uptrackuname Effective/patched kernel
version
uptrackupgrade Install all availabe
patches

$OpenSource Trends Days 2012 Example ● CVE-2012-0207 ● Kernel 2.6.36 ● Bug in IGMP code ● Simple source code fix diff git a/net/ipv4/igmp.c b/net/ipv4/igmp.c ... @@ 875,6 +875,8 @@ static void igmp_heard_query ... ... max_delay = IGMPV3_MRC(ih3>code)*... + if (!max_delay) + max_delay = 1; /* can't mod w/ 0 */ } else { /* v3 */$

OpenSource Trends Days 2012
Summary
● Promising technology
● Available for selected Linux distributions only
● Open questions on license/patent

OpenSource Trends Days 2012
References
● http://www.ksplice.com
● http://kerneltrap.org/mail-archive/linux-
kernel/2008/4/23/1570474
● http://cve.mitre.org/cgi-bin/cvename.cgi?
name=CVE-2012-0207

So-called shared file systems are known for a long time for all IT administrators using Linux, Unix and Windows. The network based and also the cluster data systems are almost an old hat. Since a while distributed data systems become popular. The GlusterFS project is not new, but the community didn´t caught notice until the takeover of RedHat. Significant characteristics of this data system are the new approach to meta-data management and the new modular structure. This presentation gives an insight into the approaches of data systems, and will explain the architecture and describe the first steps to set up a GlusterFS-cluster.

GlusterFS Containers

Mohamed Ashiq

At Opendoor, we do a lot of big data processing, and use Spark and Dask clusters for the computations. Our machine learning platform is written in Dask and we are actively moving data ingestion pipelines and geo computations to PySpark. The biggest challenge is that jobs vary in memory, cpu needs, and the load in not evenly distributed over time, which causes our workers and clusters to be over-provisioned. In addition to this, we need to enable data scientists and engineers run their code without having to upgrade the cluster for every request and deal with the dependency hell. To solve all of these problems, we introduce a lightweight integration across some popular tools like Kubernetes, Docker, Airflow and Spark. Using a combination of these tools, we are able to spin up on-demand Spark and Dask clusters for our computing jobs, bring down the cost using autoscaling and spot pricing, unify DAGs across many teams with different stacks on the single Airflow instance, and all of it at minimal cost.

OSDC 2017 - Dr. Udo Seidel - VMwares (open source) Way of Container

NETWAYS

In the Open Source hypervisor world VMware is not a first class citizen. Things change a lot once you enter the universe of containers. VMware has started its journey there 100% open source and is continueing to do so. The most famous projects are Photon OS and Photon Controller. This talk will give some insights of VMware's way to deal with Containers: for more traditional and for more cloud-native IT landscapes. The focus will be on the Open Source projects mentioned above.

What's hot

Gluster fs architecture_&_roadmap_atin_punemeetup_2015

Atin Mukherjee

Lisa 2015-gluster fs-introduction

Gluster.org

Sdc 2012-challenges

Gluster.org

20160401 Gluster-roadmap

Cncf meetup-rook

Cncf meetup-rook

Gluster intro-tdose

Tiering barcelona

20160401 guster-roadmap

Gluster.org

Block Storage For VMs With CephThe Linux Foundation

Red Hat Gluster Storage : GlusterFS

bipin kunal

Performance optimization for all flash based on aarch64 v2.0

Ceph Community

Ceph Tech Talk: Ceph at DigitalOcean

Ceph Community

GlusterD - Daemon refactoring

Atin Mukherjee

The Future of GlusterFS and Gluster.org

John Mark Walker

Gdeploy 2.0

Sachidananda Urs

Gluster d thread_synchronization_using_urcu_lca2016

Gluster.org

Introduction to highly_availablenfs_server_on_scale-out_storage_systems_based...

Gluster.org

Gluster intro-tdose

Gluster.org

Gluster d2

Gluster.org

What's hot (20)

Gluster fs architecture_&_roadmap_atin_punemeetup_2015

Lisa 2015-gluster fs-introduction

Sdc 2012-challenges

20160401 Gluster-roadmap

Cncf meetup-rook

Gluster intro-tdose

Tiering barcelona

20160401 guster-roadmap

Block Storage For VMs With Ceph

Red Hat Gluster Storage : GlusterFS

Performance optimization for all flash based on aarch64 v2.0

Ceph Tech Talk: Ceph at DigitalOcean

GlusterD - Daemon refactoring

The Future of GlusterFS and Gluster.org

Gdeploy 2.0

Gluster d thread_synchronization_using_urcu_lca2016

Introduction to highly_availablenfs_server_on_scale-out_storage_systems_based...

Gluster intro-tdose

Gluster d2

Similar to Ostd.ksplice.talk

Scalable Clusters On Demand

Bogdan Kyryliuk

OSDC 2017 - Dr. Udo Seidel - VMwares (open source) Way of Container

NETWAYS

OSDC 2017 | VMware's (Open Source) way of Container by Dr. Udo Seidel

NETWAYS

Критика "библиотечного" подхода в разработке под Android. UA Mobile 2016.

UA Mobile

Snowflake Automated Deployments / CI/CD Pipelines

Drew Hansen

Android Study Jam

DSCMESCOE

JUC Paris 2012 — Jenkins @ Nuxeo

Julien Carsique

OSDC 2015: Dr. Udo Seidel | Developing Applications for the New Cloud Operati...

NETWAYS

Along with many other things the cloud has triggered the creation of new opensource operating systems. Some of them are still a kind of a Linux. Others have broken with many traditions in order to be the best O/S for the cloud. Even the more Linux-like ones require a change of thinking regarding setup and management. This has a knock-on effect on how to develop applications which should run on these new operating systems. Using CoreOS, OSv and MirageOS this talk will describe the design and architecture of the newcomers in the cloud O/S family. This is followed by the changes needed on the application development side. The selected examples represent the broad spectrum from 'almost no code changes needed' to 'rewrite from scratch'.

Spring shell for everyone

Ihor Banadiga

For beginners who did not work with spring shell: We will create shell application from the scratch using spring shell with spring boot and use Kotlin as a programming language. For those who have at least some experience: I’ll talk about the problems most often encountered by developers. And how to solve them. Others, who have a strong understanding of Spring Shell: I will tell about non-standard problems and their solutions. Of course, I will mention other alternatives and do some comparison. As a result of the talk, we will know how shell application can be created on JVM language. And you will know the most faced problems and solutions for fixing them.

What's New in OpenLDAPLDAPCon

Continuous integration is not a solved problem

Kristian Van Der Vliet

In a world where infrastructure is code, CI is important. Yet most Continuous Integration platforms are targeted at software developers, making them a poor fit for "non-traditional" workflows like Configuration Management. Many people struggle to fit these workflows into existing CI systems. In this talk I'll explain why I believe CI is not a solved problem, and how Config Management Camp inspired to me to finally do something about it. I'll introduce Cyclid, a Configuration Management system that tries to take some of lessons we've learned from the past 5 years of Configuration Management and apply them to Continuous Integration. Given at Config Management Camp 2017

Best Angular JS training in Hyderabad, India

N Benchmark IT Solutions

Instant developer onboarding with self contained repositories

Yshay Yaacobi

The Professional Programmer

Dave Cross

LCU14 310- Cisco ODP v2

Linaro

LCU14 310- Cisco ODP --------------------------------------------------- Speaker: Robbie King Date: September 17, 2014 --------------------------------------------------- ★ Session Summary ★ Cisco to present their experience using ODP to provide portable accelerated access to crypto functions on various SoCs. --------------------------------------------------- ★ Resources ★ Zerista: http://lcu14.zerista.com/event/member/137757 Google Event: https://plus.google.com/u/0/events/ckmld1hll5jjijq11frbqmptet8 Video: https://www.youtube.com/watch?v=eFlTmslVK-Y&list=UUIVqQKxCyQLJS6xvSmfndLA Etherpad: http://pad.linaro.org/p/lcu14-310 --------------------------------------------------- ★ Event Details ★ Linaro Connect USA - #LCU14 September 15-19th, 2014 Hyatt Regency San Francisco Airport --------------------------------------------------- http://www.linaro.org http://connect.linaro.org

DocDoku: Using web technologies in a desktop application. OW2con'15, November...

OW2

The DocdokuPLM is an open-source platform allowing its users to manage their product's lifecycle, from design to maintenance. The main application is built upon RequireJS and BackboneJS librairies for the front-end, and JEE for back-end. The GUI is quite complete, and may won't fit for all users involved in the process. This is especially the case for CAD designers who just need to commit their changes without having such a rich graphic interface. To answer this need, we developped a desktop application, interfacing our server with the CAD designer's file system : the DPLM. First, we developped a command line interface, which is very lightweight and really great for advanced users. However providing a GUI which could interface with the CLI and allow the user to manage multiple files upload at once was more than needed. Providing a consistent user experience across different platforms has been one of our challenges in the context of our application. The choice of a web framework was then a natural choice. But how could we get it run within a desktop application ? Node-Webkit brought us the ability to interact directly with the user's file system and embed the app in a webview, letting us the choice to use any web framework we wanted to use.

DocDokuPLM presentation - OW2Con 2015 Community Award winner

DocDoku

Software maintenance PyConPL 2016

Cesar Cardenas Desales

Ceph: A decade in the making and still going strong

Patrick McGarry

2.3 (Architecture) Moving to Managed CodeMicro Focus

Similar to Ostd.ksplice.talk (20)

Scalable Clusters On Demand

OSDC 2017 - Dr. Udo Seidel - VMwares (open source) Way of Container

OSDC 2017 | VMware's (Open Source) way of Container by Dr. Udo Seidel

Критика "библиотечного" подхода в разработке под Android. UA Mobile 2016.

Snowflake Automated Deployments / CI/CD Pipelines

Android Study Jam

JUC Paris 2012 — Jenkins @ Nuxeo

OSDC 2015: Dr. Udo Seidel | Developing Applications for the New Cloud Operati...

Spring shell for everyone

What's New in OpenLDAP

Continuous integration is not a solved problem

Best Angular JS training in Hyderabad, India

Instant developer onboarding with self contained repositories

The Professional Programmer

LCU14 310- Cisco ODP v2

DocDoku: Using web technologies in a desktop application. OW2con'15, November...

DocDokuPLM presentation - OW2Con 2015 Community Award winner

Software maintenance PyConPL 2016

Ceph: A decade in the making and still going strong

2.3 (Architecture) Moving to Managed Code

Recently uploaded

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

James Anderson

Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management. The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM). Speakers: Bob Boule Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle. Gopinath Rebala Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.

Generating a custom Ruby SDK for your web service or Rails API using Smithy

g2nightmarescribd

Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.

Knowledge engineering: from people to machines and back

Elena Simperl

UiPath Test Automation using UiPath Test Suite series, part 4

DianaGray10

Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap. The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies. Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques What will you get from this session? 1. Insights into SAP testing best practices 2. Heatmap utilization for testing 3. Optimization of testing processes 4. Demo Topics covered: Execution from the test manager Orchestrator execution result Defect reporting SAP heatmap example with demo Speaker: Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality

Inflectra

In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring. Learn about: • The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks. • Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective. • Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification. • Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process. Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.

From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...

Product School

Monitoring Java Application Security with JDK Tools and JFR Events

Ana-Maria Mihalceanu

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...

Product School

Securing your Kubernetes cluster_ a step-by-step guide to success !

KatiaHIMEUR1

Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster. However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks. In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

DanBrown980551

Do you want to learn how to model and simulate an electrical network from scratch in under an hour? Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)! During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook. PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides: - A fully editable and extendable library for grid component modelling; - Visualization tools to display your network; - Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses; The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well. What you will learn during the webinar: - For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills; - For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.

Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...

Ramesh Iyer

In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf

91mobiles

Epistemic Interaction - tuning interfaces to provide information for AI support

Alan Dix

Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024 https://alandix.com/academic/papers/synergy2024-epistemic/ As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.

Leading Change strategies and insights for effective change management pdf 1.pdf

OnBoard

UiPath Test Automation using UiPath Test Suite series, part 3

DianaGray10

The Art of the Pitch: WordPress Relationships and Sales

Laura Byrne

Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes? All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf

FIDO Alliance

AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...

Product School

PCI PIN Basics Webinar from the Controlcase Team

ControlCase

The Future of Platform Engineering

Jemma Hussein Allen

Recently uploaded (20)