On Thu, 23 Nov 2017 08:26:52 +0000 (UTC)

> On Wed, 22 Nov 2017, Kevin Chadwick wrote:
> > If you do it manually you are unlikely to do it when you should.  
> From time to time I type: sync. I am more afraid of hardware failure,
> electricity blackout, my own errors, than of hacker attacks.

Yeah, so that is additional, you wouldn't want to have to run sync
manually every time, right?

> > Even on an 366mhz i386 it does not take very long??  
> % time /usr/libexec/reorder_kernel
> 15.430u 2.700s 0:35.24 51.4%    0+0k 1392+2984io 10429pf+0w
> This was an Intel Atom N270. I have much weaker processors.

I guess our definition of long considering the benefit differs, ;)

> > Fair enough I get that but personally I would dump the 10,000 write
> > flash memory.  
> It is not only that with many writings EEPROM becomes ROM, but
> that it is very slow, specially writing, specialy when attached
> to USB, perhaps USB 1.

I have noticed that though it hasn't bothered me. However, perhaps
it should be run under nice? Wondering about whether that gives
a panic equipped attacker more opportunity. I guess it is a small
window but not sure it is worth the risk? I feel like this is
preference and not a problem that e.g. sleep may solve?

> >> comment out its call in rc. The reordering of libraries can be
> >> disabled, but the definition of the procedure is embedded in rc
> >> and cannot be run manually.  
> >
> > Of course it can, check out the log maybe. I had to get a fresh
> > tarball from base62.tgz one time when I screwed it up though.  
> I am speaking of the reordering of libraries, not KARL.
> Just see reorder_libs() in rc script. You can disable it
> in rc.conf, but you cannot run it manually. KARL cannot
> be disabled in rc.conf.

Right, I see. I presume because they are already in use so a reboot
would then be needed anyway. Library re-ordering takes even less time,
so I really don't see the problem. It is not like systemd that is
replacing an existing system in a more complex way. There is real
security benefit and that is OpenBSDs focus. Personally I believe
security should be the focus of almost all software development, which
would have prevented systemd in the first place.

I am not a developer by the way. In case you think I speak for the

Reply via email to