atd and haveged daemons
 

The latest slackware[64]-current installs new rc.atd and rc.haveged files in /etc/rc.d which start the atd and haveged daemons respectively. These are installed as executable by default.

haveged is new. atd is not, although I am not conscious of having run the atd daemon before (possibly it ran without me noticing). I have no user packages installed which use them, so I was wondering if anyone knows whether there is anything supplied by slackware[64]-current itself which would make it desirable to start these daemons at boot-up?

haveged is generating a secure PRG (Pseudo Random Generator) to remedy the low-entropy generated by the kernel.

So it serves /dev/random? If so, I agree I should be starting it at boot-up.

Is atd used by any slackware packages do you know?

no, it provides better entropy than /dev/random i believe

atd is like cron, but only used once, not repetitive.
It's provided just in case someone needs them :)

The man page says that when the runlevel is 0 (the default), haveged "fills /dev/random when the supply of random bits falls below the low water mark of the device". The general advice seems to be to run it unless you have a hardware random generator available, so I will start it on boot up.

I don't think I will start atd. Nothing seems to use it and I certainly don't.

Even when the at daemon is started at boot, the daemon does nothing unless there is user interaction.

I use the at daemon a lot. Great for one-off tasks. :)

I do not see this approach used in other distros. Why this is needed in Slackware? I use haveged on my Slackware systems that use an SSD. I do not use haveged on other distros. This is not a flame war question. This is a technical question. Please stick to the technical discussion and do not throw mud and poop. :)

It's pretty easy to starve the kernel's /dev/urandom unless something like haveged is running. One example that was mentioned here before is a long delay at boot when sendmail starts.

Yes, I am aware of that discussion. :) I am curious only about why we have to use the daemon and other distros do not. I presume the technical answer has something to do with how other distros manage entropy. Or perhaps the way the kernel is compiled. I don't know and am asking. Just technically curious -- Slackware remains my foundation on my home LAN despite whatever else I am required to support at work. :)

Other distros start sendmail in the background or in parallel to the rest of the boot sequence. Presumably, something that generates entropy will start to happen and allow sendmail to start. (Or other distros don't use sendmail at all; hard to say.)

That is the likely explanation. Postfix is used across most distros.

Hanging at boot may be the most important reason to have haveged installed, as not everybody runs entropy eating services lateron.
Postfix,apache,pidgin,firefox etc. need entropy, more than it used to be a few years ago as everything uses https/tls nowerdays.
Missing entropy causes delays/timeouts on secure connections and probably more problems, and i believe there's no drawback having haveged, it only feeds extra entropy if entropy runs low.
In short, haveged prevents problems ;-)

Johannes

This discussion has gotten me seriously thinking about security, and how I might improve it on my own system. The addition of haveged is good, as it will increase entropy enough for the casual user. However, as a 30+ year user of computers, and having been made aware of security issues from reading about it on the web and several courses I took as a computer science major has made me hyper-aware of the issues facing computer users today. Therefore, I have opted for a hardware route, and came upon this little gem.

Personally, I like having an external hardware random number generator, and it is natively supported by the Linux kernel. Can't be too careful these days, and the cost is certainly reasonable.

It's very probably been running on your Slackware boxes for the past few years. Take a look in /etc/rc.d/rc.M.