[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: duplicate popularity-contest ID

Bill Allombert <ballombe@debian.org> writes:

> Both.

> Yesterday I received the same popcon ID 2600 times, and 4700 differents
> ID were received two times and 22000 ID were received exactly once.

Hm.  I think that's still in the range of what could be explained by VM
cloning, although the 2600 with the same ID is surprising.

> I understand the need for totally identical systems, but then probably
> it does not make sense for them to report to popcon.

Marco's suggestion of hashing with /etc/machine-id is a good one.  That
file is unique per cloned VM (if the cloning is done properly), and if you
hash it with the popcon ID to form a new ID, there shouldn't be any
realistic chance of leaking a unique identifier for the system that might
be useful for other purposes.

> A related issue is that the submission time is randomized, but if 2600
> systems have identical /etc/cron.d/popularity-contest files, they will
> report at the same time, causing network spikes.

You could add a bit of per-run randomization to the cron job.  I assume an
individual report doesn't take a lot of effort to process, so even skewing
that load across 10-20 seconds might be enough.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>
Reply to: