Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 11 Sep 2012 14:52:12 -0700
From:      David O'Brien <obrien@FreeBSD.org>
To:        d@delphij.net
Cc:        Arthur Mesh <arthurmesh@gmail.com>, Doug Barton <dougb@FreeBSD.org>, freebsd-rc@freebsd.org, freebsd-security@freebsd.org, RW <rwmaillists@googlemail.com>, Dag-Erling =?unknown-8bit?B?77+9?= <des@des.no>
Subject:   Re: svn commit: r239569 - head/etc/rc.d
Message-ID:  <20120911215212.GA89515@dragon.NUXI.org>
In-Reply-To: <504FAB87.3020701@delphij.net>
References:  <20120906224703.GD89120@x96.org> <50493480.8060307@FreeBSD.org> <20120911061530.GA77399@dragon.NUXI.org> <504EDC67.9070700@FreeBSD.org> <86sjao7q8c.fsf@ds4.des.no> <20120911205302.27484fd6@gumby.homeunix.com> <20120911200925.GA88456@dragon.NUXI.org> <504FA76A.5000209@delphij.net> <20120911211730.GB89188@dragon.NUXI.org> <504FAB87.3020701@delphij.net>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Sep 11, 2012 at 02:22:15PM -0700, Xin Li wrote:
> On 09/11/12 14:17, David O'Brien wrote:
> > On Tue, Sep 11, 2012 at 02:04:42PM -0700, Xin Li wrote:
> >> So if I was to implement the low grade part I'd remove the
> >> variable names from the sysctl output at minimum.
> > 
> > I've removed the MIB names in my latest diff (based on input from
> > this thread):
> > 
> > +	( dmesg; kenv; df -ib; \ +	    ps -fauxrH -o
> > majflt,minflt,nivcsw,nvcsw,nwchan,re,sl,time; \ +	    sysctl -n
> > kern.cp_times kern.geom kern.lastpid kern.timecounter \ +
> > kern.tty_nout kern.tty_nin vm vfs debug dev.cpu; \ +	    date ) \ +
> > | /sbin/sha256 -q | dd of=/dev/random bs=8k 2>/dev/null
> 
> Hmm, but this sha256 run will turn the output to 65 bytes (hex
> representation of 256 bits of hash output, 64 bytes, and one \n), so,
> only 256 bits of random data, is that intentional?

At this point, yes.  If we find better ways of condensing the output of
the better_than_nothing() commands, we should do that instead.  Even with
the command list above, its way more than 4k of output.  I got about 45k
on my test machine.

You suggested gzip, but I just don't know enough about compression
algorithms as they apply in this area to know if we should use gzip
instead or not.

-- 
-- David  (obrien@FreeBSD.org)



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120911215212.GA89515>