home automation server that doesn’t connect to the internet?
Well if uses wireless connectivity with either range broader than your place or is connected to a device that is itself online it can still be a risk. Sure it’s very VERY specific but scanning techniques also improve.
I don’t follow CVEs: when was the last time a remotely exploitable kernel bug was a concern? Ignoring the fact that this is a home server and they likely care about uptime a lot more than exploitation on their LAN.
Generally I expect kernel bugs to be LPEs so updating user space would probably be sufficient for most home servers
I’ve been running the same AIX kernel since 1993, and my ftp server is still running fine. I don’t know what the rest of these assholes are complaining about.
I can’t guess exaclty which sarcastic high fantasy themed poster, mug or t-shirt warns others away from which exact kind of action that wastes your time, but I’m confident it is present near your primary work space. (Since tone is hard in text - this assumption is meant to convey a general revernce for you and the various roles you probably fill in your communities!)
They absolutely do. There’s nothing special about them vs normal distros. Hell rolling ones probably get new kernels more often and you can only live patch so much. Some updates just hard need a reboot to take effect.
Just because you updated packages , doesnt mean those new ones are in use. Not sure what apt has, but with zypper you do a zypper ps -s and it shows you what installed packages are waiting on a reboot or service restart before they are in play… Otherwise kernel is just accessing old package libraries.
Do y’all not reboot after kernel/firmware updates?
part of the reason to use Debian is it doesn’t really need to be updated, at least not very often
Can I introduce you to OpenBSD where we measure uptime in years?
It needs to be updated at least several times a year…
depends on your use case
home automation server that doesn’t connect to the internet? nah
media server that only occasionally gets connected to the internet? maybe
anything else that regularly connects to the internet, definitely
Well if uses wireless connectivity with either range broader than your place or is connected to a device that is itself online it can still be a risk. Sure it’s very VERY specific but scanning techniques also improve.
You should install updates regardless
if it’s working and there’s no security risk, why?
(I mean, I actually agree with you, I update even normally airgapped machines because them not being updated feels wrong)
Even if there are no security risks to mitigate, updates can bring bug fixes and, god forbid, new features once in a while.
New features on Debian isn’t something that would make it into the repository. Bug fixes might but only if security relevant.
Software these days will always need security patches
What’s more is that the longer you put off updating the more things will be changed when you do end up updating.
Hmm, not my proudest moment.
16:09:15 up 1031 daysPrivate server, though.
up… date? what does that mean?
Almost 44 days last year before I needed to reboot for an update:
Wait, you guys reboot after an update?
I don’t follow CVEs: when was the last time a remotely exploitable kernel bug was a concern? Ignoring the fact that this is a home server and they likely care about uptime a lot more than exploitation on their LAN.
Generally I expect kernel bugs to be LPEs so updating user space would probably be sufficient for most home servers
I’ve been running the same AIX kernel since 1993, and my ftp server is still running fine. I don’t know what the rest of these assholes are complaining about.
Prefect response.
I can’t guess exaclty which sarcastic high fantasy themed poster, mug or t-shirt warns others away from which exact kind of action that wastes your time, but I’m confident it is present near your primary work space. (Since tone is hard in text - this assumption is meant to convey a general revernce for you and the various roles you probably fill in your communities!)
Say what now?
Rolling distros don’t need to
You absolutely do need to reboot
Laughs in kexec
It is way easier to just reboot
Ah, this brings back memories of flashing Android with various kernels and ROMs.
They absolutely do. There’s nothing special about them vs normal distros. Hell rolling ones probably get new kernels more often and you can only live patch so much. Some updates just hard need a reboot to take effect.
Just because you updated packages , doesnt mean those new ones are in use. Not sure what apt has, but with zypper you do a zypper ps -s and it shows you what installed packages are waiting on a reboot or service restart before they are in play… Otherwise kernel is just accessing old package libraries.
Are you sure? I’ve used Fedora Workstation and Fedora Server, I had to reboot. And Cannonical charges money for this feature in Ubuntu.