[OpenIndiana-discuss] 3737 days of uptime
David Brodbeck
brodbd at uw.edu
Fri Apr 5 23:49:32 UTC 2013
On Wed, Mar 20, 2013 at 4:32 AM, Edward Ned Harvey (openindiana) <
openindiana at nedharvey.com> wrote:
> It would only bring a tear to my eye, because of how foolishly
> irresponsible that is. 3737 days of uptime means 10 years of never
> applying security patches and bugfixes. Whenever people are proud of a
> really long uptime, it's a sign of a bad sysadmin.
>
Depends on the environment it's running in. It might be a closed,
air-gapped network, for example -- those still exist, especially in
industrial settings. In those cases taking the risk of patching a system
that's not at risk and has been running well would be the irresponsible
thing to do. Frankly, on a server that old, powering it down will probably
destroy it -- a hard disk that's been spinning that long is unlikely to
spin up again once stopped.
I tend not to blindly patch my production machines, especially during the
academic term when it might be disruptive to students and to running
research jobs. I generally go through the update list and pick and choose
stuff that is a risk to my installation -- for example, on a file server, I
might patch Samba but ignore X, because it has no local users and will
never be running an X server. Kernel updates for security problems in
drivers for devices I don't own are another area I ignore.
Generally there has to be a security hole in the kernel that can be used to
escalate privileges before I'll do a reboot mid-term. This is especially
true of the Linux kernel, where new kernel versions often bring unexpected
regressions.
--
David Brodbeck
System Administrator, Linguistics
University of Washington
More information about the OpenIndiana-discuss
mailing list