On Thu, 23 Nov 2017 08:26:52 +0000 (UTC)
> On Wed, 22 Nov 2017, Kevin Chadwick wrote: > > > If you do it manually you are unlikely to do it when you should. > > From time to time I type: sync. I am more afraid of hardware failure, > electricity blackout, my own errors, than of hacker attacks. > Yeah, so that is additional, you wouldn't want to have to run sync manually every time, right? > > Even on an 366mhz i386 it does not take very long?? > > % time /usr/libexec/reorder_kernel > 15.430u 2.700s 0:35.24 51.4% 0+0k 1392+2984io 10429pf+0w > > This was an Intel Atom N270. I have much weaker processors. > I guess our definition of long considering the benefit differs, ;) > > Fair enough I get that but personally I would dump the 10,000 write > > flash memory. > > It is not only that with many writings EEPROM becomes ROM, but > that it is very slow, specially writing, specialy when attached > to USB, perhaps USB 1. > I have noticed that though it hasn't bothered me. However, perhaps it should be run under nice? Wondering about whether that gives a panic equipped attacker more opportunity. I guess it is a small window but not sure it is worth the risk? I feel like this is preference and not a problem that e.g. sleep may solve? > >> comment out its call in rc. The reordering of libraries can be > >> disabled, but the definition of the procedure is embedded in rc > >> and cannot be run manually. > > > > Of course it can, check out the log maybe. I had to get a fresh > > tarball from base62.tgz one time when I screwed it up though. > > I am speaking of the reordering of libraries, not KARL. > Just see reorder_libs() in rc script. You can disable it > in rc.conf, but you cannot run it manually. KARL cannot > be disabled in rc.conf. Right, I see. I presume because they are already in use so a reboot would then be needed anyway. Library re-ordering takes even less time, so I really don't see the problem. It is not like systemd that is replacing an existing system in a more complex way. There is real security benefit and that is OpenBSDs focus. Personally I believe security should be the focus of almost all software development, which would have prevented systemd in the first place. I am not a developer by the way. In case you think I speak for the project.