tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Waiting for Randot (or: nia and maya were right and I was wrong)

> Date: Thu, 14 Jan 2021 10:15:41 +0000
> From: nia <>
> I still think my idea to record a second of noise from /dev/audio on
> machines that totally lack other strong sources is a good one. We did
> already put together the code and test it on a range of hardware and
> VMs.

I agree -- I think sysinst should take advantage of that if it can be
done unobtrusively, even better if it can be done reliably without
saying anything to the user.

> Overall though I'm reasonably happy with this compromise, although
> it would still make me sleep safer at night if we very conservatively
> added a bit from environmental sensors ever so often - perhaps based
> on a advance measurements from a range of hardware rather than
> runtime calculations.

We do incorporate the data; we just don't count it.  So the only
effect that this change would have is to unblock things _earlier_ than
they would otherwise unblock -- i.e., this change could only make
things `less safe'.  That said, if you have some reasonable analysis
for particular devices, I would be happy to consider it!

> The man page is very clearly written, aside from the parts that
> recommend tossing coins.

Thanks!  I know tossing coins sounds silly.  But as a fallback if you
have no other options, it really is 100% guaranteed to work, it's easy
for anyone to confidently understand, and as a bonus it avoids any
concerns with supply chain attacks on HWRNGs, &c.  So that's why I
mention it -- buried near the bottom, as a last resort.

Home | Main Index | Thread Index | Old Index