[OpenIndiana-discuss] 3737 days of uptime

David Brodbeck brodbd at uw.edu
Fri Apr 5 23:49:32 UTC 2013


On Wed, Mar 20, 2013 at 4:32 AM, Edward Ned Harvey (openindiana) <
openindiana at nedharvey.com> wrote:

> It would only bring a tear to my eye, because of how foolishly
> irresponsible that is.  3737 days of uptime means 10 years of never
> applying security patches and bugfixes.  Whenever people are proud of a
> really long uptime, it's a sign of a bad sysadmin.
>

Depends on the environment it's running in. It might be a closed,
air-gapped network, for example -- those still exist, especially in
industrial settings.  In those cases taking the risk of patching a system
that's not at risk and has been running well would be the irresponsible
thing to do.  Frankly, on a server that old, powering it down will probably
destroy it -- a hard disk that's been spinning that long is unlikely to
spin up again once stopped.

I tend not to blindly patch my production machines, especially during the
academic term when it might be disruptive to students and to running
research jobs.  I generally go through the update list and pick and choose
stuff that is a risk to my installation -- for example, on a file server, I
might patch Samba but ignore X, because it has no local users and will
never be running an X server.  Kernel updates for security problems in
drivers for devices I don't own are another area I ignore.

Generally there has to be a security hole in the kernel that can be used to
escalate privileges before I'll do a reboot mid-term. This is especially
true of the Linux kernel, where new kernel versions often bring unexpected
regressions.


-- 
David Brodbeck
System Administrator, Linguistics
University of Washington


More information about the OpenIndiana-discuss mailing list