[Server-devel] [PATCH] Detect school network, fix sleep and race, fix AC

Michael Stone michael at laptop.org
Mon Jun 16 22:11:59 EDT 2008 

On Mon, Jun 16, 2008 at 06:34:15PM -0400, Martin Langhoff wrote:
> On Mon, Jun 16, 2008 at 6:09 PM, Michael Stone <michael at laptop.org> wrote:
> > Are you saying that you think the overhead of starting a single extra
> > python interpreter is too high?

> $ time python -c 'exit'
> 
> real    0m0.110s
> user    0m0.090s
> sys     0m0.010s

Argh. Martin and I just straced python -c 'import os; os._exit(0)' and
found that it makes over 10 times any many syscalls as bash does in
order to run 'exit 0'; perhaps or more or less depending on your
particularly libraries. (Martin was unsurprised.) (Michael observed that
python -S gives cuts off 75% of the initial syscalls but leaves you in
an unusual environment and is still slow to start. Grr!)

Perhaps we could arrange to leave the bits of state that Martin wants to
check lying around on a tmpfs somewhere so that he can check them with a
handful of syscalls instead of a few hundred?

> Will do if I get back on to relying on network topology - atm it looks
> like a dead end :-/
> 
> >> In any case, this isn't compatible with Uy or with NYC, so it has to
> >> go. We are back to trying to resolve "schoolserver" via DNS and
> >> claiming victory if the RSA keys of the server match our expectations.
> >
> > Ick. Emiliano was asking me how we could include UY-XS detection in our
> > initramfs so that we can make our theft-deterrence protocol work for
> > them. Thoughts?
> 
> Not many at the moment  - but maybe we can talk about it and flesh
> something out :-/

I'm very uncomfortable relying on DNS as our means of XS discovery
because we really, really, really want to be able to acquire activation
leases over the network from a central repository like an XS from our
initramfs before we've run unsigned code and I can't, for the life of
me, figure out a satisfying way to perform correct network configuration
for everybody in the initramfs.

In response to this concern, Martin basically suggested that we create a
separate authentication channel for special use by the initramfs with a
recognizable SSID. Polychronis replied with some ways that we could use
Ethernet broadcasts to create a 'network buoy' to direct XOs. I'll leave
it to the two of them to flesh out their proposals in more detail over
the next few weeks.

Michael

More information about the Server-devel mailing list