From owner-freebsd-arch@FreeBSD.ORG Fri Nov 21 15:16:35 2014 Return-Path: Delivered-To: arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 30162925; Fri, 21 Nov 2014 15:16:35 +0000 (UTC) Received: from mho-01-ewr.mailhop.org (mho-03-ewr.mailhop.org [204.13.248.66]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id EFCF7D6D; Fri, 21 Nov 2014 15:16:34 +0000 (UTC) Received: from [73.34.117.227] (helo=ilsoft.org) by mho-01-ewr.mailhop.org with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.72) (envelope-from ) id 1Xrpwm-000Ejk-Sp; Fri, 21 Nov 2014 15:16:33 +0000 Received: from [172.22.42.240] (revolution.hippie.lan [172.22.42.240]) by ilsoft.org (8.14.9/8.14.9) with ESMTP id sALFGUuo003672; Fri, 21 Nov 2014 08:16:30 -0700 (MST) (envelope-from ian@FreeBSD.org) X-Mail-Handler: Dyn Standard SMTP by Dyn X-Originating-IP: 73.34.117.227 X-Report-Abuse-To: abuse@dyndns.com (see http://www.dyndns.com/services/sendlabs/outbound_abuse.html for abuse reporting information) X-MHO-User: U2FsdGVkX18u3Gr+1cLsHPbeT6eXnjg/ X-Authentication-Warning: paranoia.hippie.lan: Host revolution.hippie.lan [172.22.42.240] claimed to be [172.22.42.240] Subject: Re: svn commit: r274739 - head/sys/mips/conf From: Ian Lepore To: John-Mark Gurney In-Reply-To: <20141121092245.GI99957@funkthat.com> References: <201411200552.sAK5qnXP063073@svn.freebsd.org> <20141120084832.GE24601@funkthat.com> <20141121092245.GI99957@funkthat.com> Content-Type: text/plain; charset="us-ascii" Date: Fri, 21 Nov 2014 08:16:29 -0700 Message-ID: <1416582989.1147.250.camel@revolution.hippie.lan> Mime-Version: 1.0 X-Mailer: Evolution 2.32.1 FreeBSD GNOME Team Port Content-Transfer-Encoding: 7bit Cc: arch@freebsd.org, Adrian Chadd , Mark R V Murray X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Nov 2014 15:16:35 -0000 On Fri, 2014-11-21 at 01:22 -0800, John-Mark Gurney wrote: > Mark Murray wrote this message on Fri, Nov 21, 2014 at 08:25 +0000: > > > > > On 20 Nov 2014, at 08:48, John-Mark Gurney wrote: > > > > > > Should we make random standard now? We don't live in the 90's anymore, > > > and a system really can't function w/o randomness anymore??? > > > > There is a case to be made for making it default in all/most kernel > > configs. > > > > I disagree on making it compulsory in all cases, as very small embedded > > systems can easily argue for not having it. > > How will it talk w/ the out side world? w/o random, No sshd, no > https... providing randomness is a core component of a modern OS... > > If you're really going for small embeded, you don't want FreeBSD, or > if you do, you're willing to do the work to manually rip a lot more > out of the standard kernel than just the random driver... My stripped > down i386 kernel is still over 6MB in size... > > > > I'm fine w/ making the various random mixers options, but the core > > > random infrastructure and /dev/u?random should be standard now??? > > > > There is some compulsory infrastructure; this gets you the ???dummy??? > > driver which just blocks and never delivers anything. > > Plus, you'd need to turn off the entropy boot script among other > things... > > If you can demonstrate a usable system w/o much modifications that > runs w/ the dummy interface, or no boot random, that I'll drop my > suggestion... I'll try removing random tomorrow and see what breaks... > If your point is that after the recent commits you can no longer do these things, then I guess that's kind of hard to argue with given that some of us have been trying to say for a couple years that if /dev/random starts blocking to wait for entropy at startup, existing *functional* small systems will stop working. Before those changes everything worked fine on the 90mhz 64MB arm systems we build products around, which have no more than a few bits of entropy available during the boot process, and which (I'll say it again even though nobody has ever paid any attention to it) don't actually need any entropy to come up and do what it is they are designed to do. They don't use https (a few of them don't even have network connections). They use ssh for its convenience (it's better than telnet), but NOT for security. (And really, whether that makes sense to you or not, "the system must be secure" is not your decision to make.) I haven't tested a recent -current on those small systems, but we've already resigned ourselves to sticking with 8.x for those older boards just because the tide of bloat (both code and policy) is too much to swim against. -- Ian