image caption: A Microsoft Windows screen showing “Active Hours” with start time set to 12 AM and end time set to 12 AM and an error that says “Choose an end time that’s no more than 18 hours from the start time”.
image caption: A Microsoft Windows screen showing “Active Hours” with start time set to 12 AM and end time set to 12 AM and an error that says “Choose an end time that’s no more than 18 hours from the start time”.
Linux can patch the executables on disk (as can Windows, with more trickery) while the system is running, but this still leaves the running processes in a vulnerable state.
The Linux kernel can be replaced on the fly, but this isn’t enabled on most distros. Even with it enabled, kpatch/livepatch isn’t a universal fix.
Replacing /usr/bin/firefox doesn’t fix anything if you don’t restart Firefox itself. The write lock on a running process isn’t what’s preventing Windows from being patched without a reboot.
On my box updating firefox and then restarting it won’t even launch the new version because NixOS knows I’m logged in and won’t just change things in my environment. But unless there’s a kernel update yes
nixos rebuild switchfollowed by logging out and logging in is equivalent to rebooting as it will automatically shut down and restart all system services, I think even systemd itself. Modulo some wibbles around kernel modules but those fall under kernel updates in my book.Contrast Ubuntu, which really likes to prompt your for reboots. The difference between a distro primarily for desktop use and one that can also do desktop because also devops want a desktop. Hey I could spin up 1000 cloud instances of my desktop with a couple of keystrokes isn’t that impressively useless :)