The problem is that the UX on the browsers for using client certificates is horrible.

Check_mk is not a nagios/icinga fork, it's an addon that works with them. It's a host agent (like NRPE) that bundles all the local checks in a single run and submits them on Nagios as a passive check.

I believe you can count yourself among them :)

You can't use beta software and complain about stability issues.

Yeah, byobu is pretty much an opinionated tmux/screen (you can choose a backend).

Unless you automatically restart every service that is linked with a library when you update it, you are still vulnerable.

It doesnt't. There's the needsrestart package that does this though.

It's not at all strange. Security updates to publicly-facing services should be applied as fast as possible. Kernel vulnerabilities are a whole different attack surface

Kernel vulnerabilities can be combined with user space vulnerabilities. eg a buggy web script might allow an attacker shell access under a restricted UID. The attacker could then use a kernel vulnerability to elevate their permissions to root.

There is nothing to patch on the server side. You need to ensure the ssh client is updated on the machines you are sshing from.

ok thanks, that's what I figured, but it I was getting a bit worried that I was missing something.