How'd you like to never have to reboot a Linux box again -- no, not even if you have to apply a kernel-level patch? That's the promise of Ksplice, a software technology for Linux (and maybe soon other platforms) designed to allow a system to be patched from the kernel level on up without having to be restarted. It's available right now for Ubuntu, and from what I can see, it's not digital snake oil.
The idea may seem complicated, but the implementation isn't. If you're running Ubuntu 9.04 or 9.10, all you need to do is install the Ksplice client, called Ksplice Uptrack, by downloading and setting up a .deb package file. Once it's installed, you'll see an icon in the system tray (the "K with the warning sign" in the picture below) which alerts you whenever there's a kernel-level update that needs to be applied. Click "Install all updates" in the client window, and the changes are applied. That's all there is to it.
The technical details for how this is accomplished are detailed in a paper presented earlier this year at the ACM SIGOPS EuroSys Conference. Since the changes don't depend on a pre-modification to the kernel, they can be applied to any running kernel -- that the current implementation is just for Ubuntu doesn't mean other flavors of Linux pose major problems.
I decided to put that to the test, and so installed Ubuntu 9.10's current release in a VirtualBox instance with the VirtualBox guest extensions compiled into the kernel. Ksplice was able to apply all of its needed patches to that kernel as well -- again, without a reboot. I'm going to continue running that box as long as I humanly can and see what the results are.
Color me impressed. If this doesn't become a standard-issue feature on Linux by, say, the end of next year, I'll be stunned.
Physical memory is a gold mine of information, and its analysis is part of several areas, including troubleshooting and forensics investigation. Attend a Black Hat Webcast on the topic. It happens Thursday, Oct. 29, 2009. Find out more and register.