In a lot of these discussions the point gets raised about the work to maintain a...

josephcsible · 2024-06-19T20:45:00 1718829900

Do you enable unattended upgrades and kernel live patching? If not, then that doesn't seem secure.

cutler · 2024-06-19T21:56:03 1718834163

`dnf upgrade` or `apt update && apt upgrade` once a month isn't so much work. If either includes a kernel upgrade then it's `reboot now` and I'm done.

josephcsible · 2024-06-19T22:38:40 1718836720

But if you're doing that, it's not just sitting there, and you'd never get anywhere close to years of uptime.

poincaredisk · 2024-06-20T07:36:32 1718868992

I'm most cases people stress uptime too much. Developers worry about downtime during restarts and overcomplicate everything because of it. Meanwhile, my national railway reservation system has an hour of planned downtime daily and life carries on.

pixl97 · 2024-06-19T18:14:16 1718820856

I mean, typically hosting a static site that's fine, but with the number of exploits these days and the ability for people to chain them together, maybe you don't even realize your box has been exploited?

Uptimes in years means your box, especially without updates has something it could be targeted with.

graemep · 2024-06-19T18:26:37 1718821597

Most of those that are find for a static site but not dynamic are those that are not fixed by just applying updates from the distro.

You still need to update your app code even if you are using someone elses servers, so its the same either way.

pixl97 · 2024-06-19T22:06:10 1718834770

Note that the parent said "uptimes measured in years", so they are either using a more complex system with multiple servers, or they are not doing security updates.

graemep · 2024-06-20T06:40:39 1718865639

I agree I would not endorse uptimes measures in years, which means not doing kernel updates - but OP does qualify that with "in some cases".