Hacker News new | past | comments | ask | show | jobs | submit login

It's a real problem, Thomas, particularly in headless VMs cloned from a freshly-installed image.

On these machines, reading /dev/random at boot time can hang indefinitely. Your "1 line in an rc script" will make the OS appear to be broken.

It's possible the problem can be ameliorated by a combination of approaches. Educating sysadmins is clearly important. I can imagine a userspace process monitoring /dev/random at boot time and screaming if someone tries to read from it and it blocks. (Though on a headless VM, "screaming" in such a way as to reliably be heard may be nontrivial.)

The point is, work needs to be done here, by a variety of people, including the distro publishers. Getting that to happen is going to take some advocacy.




As a rather contrived example (VirtualBox, without keyboard input:

  [voltagex@arch ~]$ cat /dev/random | dd of=/dev/null
  ^C0+0 records in
  0+0 records out
  0 bytes (0 B) copied, 8.91021 s, 0.0 kB/s

  [voltagex@fedora ~]$ cat /dev/random | dd of=/dev/null
  ^C0+1 records in
  0+0 records out
  0 bytes (0 B) copied, 8.09669 s, 0.0 kB/s

  voltagex@saucy:~$ cat /dev/random | dd of=/dev/null
  ^C0+1 records in
  0+0 records out
  0 bytes (0 B) copied, 8.31898 s, 0.0 kB/s
And then after installing haveged, the following:

  voltagex@saucy:~$ sudo service haveged start
  voltagex@saucy:~$ cat /dev/random | dd of=/dev/null
  ^C0+81630 records in
  20406+0 records out
  10447872 bytes (10 MB) copied, 2.92772 s, 3.6 MB/s
Is installing haveged the right thing to do here?

Of course if I'm completely misunderstanding what you're saying, please correct me but yes this seems to be pretty bad.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: