On Thu, Oct 20, 2016 at 5:25 PM, Jamon Camisso via talk <talk@gtalug.org> wrote:

So this just got announced: https://www.ubuntu.com/server/livepatch

From this write up it sounds like a pretty clean implementation of kpatch: http://blog.dustinkirkland.com/2016/10/canonical-livepatch.html

Free for up to 3 machines beats any of the Suse, RHEL, or Oracle offerings.

I've got it running, so far no changes, but hopefully there'll be an update for CVE-2016-5195 soon:

sudo canonical-livepatch status --verbose machine-id: <snip> last-check: 2016-10-20T11:35:01.408858488+01:00 boot-time: 2016-10-20T11:28:11+01:00 uptime: 10h48m6s status: - kernel: 4.8.0-25.27-generic running: false livepatch: state: nothing-to-apply version: "" fixes: "" - kernel: 4.4.0-36.55-generic running: true livepatch: state: nothing-to-apply version: "" fixes: "" ---

$ sudo canonical-livepatch status --verbose [21:54:42] client-version: "5" machine-id: 963de5a265d08aeeefc44c45541797b8 machine-token: 3a520e3c95df4e0b8b3aaf54e88397df architecture: x86_64 cpu-model: AMD Athlon(tm) II X4 640 Processor last-check: 2016-10-20T21:50:46.793914632-04:00 boot-time: 2016-09-12T14:50:01-04:00 uptime: 919h4m48s status: - kernel: 4.4.0-36.55-generic running: true livepatch: state: applied version: "13.3" fixes: "" --- huh. did that really just happen? It does seem kind of amazingly cool.