From owner-freebsd-questions@FreeBSD.ORG Thu Feb 16 21:52:56 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EB61C16A420 for ; Thu, 16 Feb 2006 21:52:55 +0000 (GMT) (envelope-from lars@gmx.at) Received: from mail.gmx.net (mail.gmx.de [213.165.64.20]) by mx1.FreeBSD.org (Postfix) with SMTP id 3B77643D46 for ; Thu, 16 Feb 2006 21:52:55 +0000 (GMT) (envelope-from lars@gmx.at) Received: (qmail invoked by alias); 16 Feb 2006 21:52:54 -0000 Received: from 43.85.77.83.cust.bluewin.ch (EHLO [192.168.1.10]) [83.77.85.43] by mail.gmx.net (mp020) with SMTP; 16 Feb 2006 22:52:54 +0100 X-Authenticated: #912863 Message-ID: <43F4F43D.2090304@gmx.at> Date: Thu, 16 Feb 2006 22:53:01 +0100 From: lars User-Agent: Thunderbird 1.5 (Windows/20051201) MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <20060216005036.L60635@ganymede.hub.org> <20060216053725.GB15586@parts-unknown.org> <20060216085304.GA52806@storage.mine.nu> <43F4CAA3.1020501@schultznet.ca> In-Reply-To: <43F4CAA3.1020501@schultznet.ca> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Y-GMX-Trusted: 0 Subject: Re: [Total OT] Trying to improve some numbers ... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: lars@gmx.at List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Feb 2006 21:52:56 -0000 Eric Schultz wrote: > lars wrote: >> A long uptime means that the machine hasn't been rebooted for a long >> time. If that time's longer than the time to the last patch that >> required a kernel recompilation and a reboot, it means the server is not >> patched. Where's the point in advertising an unpatched machine? > > Good afternoon... > > Perhaps it means the OS doesn't need to be patched that frequently Possibly. But patch frequency means what exactly? > or has a patch mechanism that avoids reboots? Exactly, that doesn't exist (yet). Although there was something in a Usenix proceeding or somewhere else, about "micro-reboots" where, to use FreeBSD wordage, Base and Ports' programs where so modularised to allow this. Thus making only, say, a driver or some kernel component reboot, but the majority of the system stays up. Of course a reboot of the NIC's driver kills that component's "uptime". > That's certainly worth advertising (if only were true). Actually it (this website) means advertising an unpatched machine running unpatched services not available to the outside. > The top machine has been running for almost 6 years on FreeBSD 3.3 which > means the admin probably believes that "if it ain't broke, don't fix > it." Which is not necessarily the best strategy. But may be right in this case. > I would also want to advertise the longevity of an OS. You mean the ability of that OS to run so long without requiring a reboot? I'm not sure that's that relevant nowadays. How many OS aren't capable of staying up long? Even Windows doesn't need too much Viagra to keep it up. > (You might not like that last one if you're a hardware vendor :) > > Also, a lot of work-arounds for security patches amount to "lock the > front door." What do you mean by that? > So perhaps some systems don't need to be patched because > they're administered so as not to require immediate patching/upgrading. If your machine only runs an NFS daemon and is behind a firewall, ok, you don't need to patch it asap when an NFS SA and patch is issued, if all clients connecting to the machine are benign. I could also run a machine in some private net protected by firewalls and whatnot running only this uptime program. Unless I lose power or some hardware failure occurs I'll have a long uptime. A bit useless though. I think that 'uptime' and this website fail to define precisely enough what the point of the exercise is to be able to make useful conclusions about something about some OS. What exactly do you want to measure to make what decision? Do you want to find out how much [%] your OS is available whithout load just patching it with the latest SA recommended patches? Do you want to find out how much [%] your OS is available [can serve 100 FTP users simultaneously at wire speed with this NIC] just patching it with the latest SA recommended patches? Do you want see how long an unpatched OS version can keep it up without any patches or interaction whatsoever? etc.