In this podcast episode, KernelCare CEO Igor Seletskiy talks with Gaper.io’s Mark Allen about CloudLinux, and why it’s a fully remote company. In this article you will find a podcast recording and an overview of what they talked about during their conversation.
Continue reading “Benefits and Future of Working from Home [Podcast]”
On 18 June, KernelCare CEO Igor Seletskiy was interviewed by Adam Torres on his Mission Matters Innovation podcast. The topic was rebootless updates, and why they’re important for servers. In this blog post you will find the answer to this question and an overview of what other insights were discussed during the podcast.
Continue reading “Why Rebootless Updates are Important for Servers [Podcast]”
Updating Linux kernels is a routine – as dull as taxes and only slightly less inconvenient than death. New security vulnerabilities in the Linux kernel seem to appear with tedious regularity and even get fancy names. In most but not all cases, the patches needed to fix them follow swiftly after. There is work involved in patching the kernel the latest Linux kernel security updates, and danger if you delay–leave it too long and bad actors might take advantage of the period of vulnerability.
Continue reading “Updating Linux Kernel Without Reboots [Live Patching Tools Overview]”
For the past nine months, KernelCare’s Linux kernel live patching software has supported ARMv8 (AArch64) in addition to x86_64 (Intel IA32/AMD AMD64). To get KernelCare running on Arm, we needed a stack frame unwinder.
This article explains what they are, what they’re used for, and why we had to write our own.
Continue reading “Stack unwinding in AArch64 processors: what is it and how it works”
Live patching is a way of updating a Linux kernel without interruption. Because kernel updates don’t take effect until the system is rebooted, Linux kernel live patching is most commonly used to patch severe Linux kernel vulnerabilities without rebooting servers.
Aside from improved service continuity and uptime, organizations with large server fleets also use live patching to avoid the administrative overhead associated with the coordination and planning needed to reboot multiple systems.
This tutorial will show how to use Kpatch to change the behavior of a running Ubuntu 20.04 LTS Focal Fossa kernel without stopping it, changing the contents of
/proc/uptime (and the
uptime command) so that the system’s reported uptime is 10 years greater.
Continue reading “Developer Tutorial: Live patching Ubuntu 20.04 LTS Focal Fossa Linux kernel with Kpatch”
On 9 June, Anthony Steinhauser, an engineer at Google, made some urgent posts to the Linux kernel mailing list. In them, he pointed out that hardware bugs in Intel and AMD chips are leaving servers vulnerable to Spectre exploits–even after the kernel is patched. Fortunately, a fix for this problem is being developed by the KernelCare team. First patches will be available by the end of the week of 22 June.
Continue reading “KernelCare Patches Against Spectre Vulnerability Are On The Way”
CloudLinux is an Amazon Web Services (AWS) Advanced Technology Partner, and our live patching system, KernelCare, is currently being used to patch AWS Elastic Compute Cloud (EC2) systems.
How does KernelCare patch Linux kernels on AWS EC2 servers? Read on to find out.
Continue reading “Live Patching Linux On AWS EC2”
A new version of KernelCare ePortal allows using custom paths for certificates and uses system certificates by default, as opposed to the previous version which worked with certificates from certifi lib.
Continue reading “New Version of KernelCare ePortal has been Released”
A new CPU vulnerability known as SRBDS/CrossTalk was discovered in June 2020. The team at KernelCare is currently creating a patch to close it down. Let’s examine this new vulnerability, and explore what we’re doing to eliminate it.
Continue reading “SRBDS/CrossTalk (CVE-2020-0543) Vulnerability Being Patched By KernelCare”
Cloudlinux announces End of Life initiation for the following product series with the intent of discontinuing its availability: ePortal on CentOS 6.
Continue reading “Announcing EOL of ePortal on CentOS 6”