Smolt: Fedora Hardware Profiler

Michael Wiktowy michael.wiktowy at gmail.com
Thu Feb 1 16:15:59 UTC 2007


On 1/31/07, Mike McGrath <mmcgrath at fedoraproject.org> wrote:
> Current stats can be found at:
>
> http://smolt.fedoraproject.org/stats
>
> You can have your machine send its stats by installing smolt with yum
> and typing "smoltSendProfile"

Is there any mechanism in place to prevent bogus profiles being submitted?

It would be stupid and malicious for people to do that but there is no
shortage of stupid malicious people. Also there have been people who
already edited their kernel dumps to hide that they were using
binary-only modules when seeking help. So that would be another class
of people who might do this. I can't really think of a way to prevent
this sort of thing in an open system but at least there are way to
harden against it and detect some tampering and be able to purge it
from the database after.

Things I can think of to harden:
- flood protection: limit to one submission per time period per IP ...
tar pitting might make massive corruption too tedious
- whitelist of known hardware: might be hard to capture every single
different string that could be generated by your hardware detection
but at least some fields have a finite number of different things that
it could be and might prevent a lot of "D3wd ... I 0wz0r yur 57475!!!"
cpu architectures being submitted.
- stats query subset of the whole: If you set up the stats query page
to only include what the user wants to look for (rather than have
global stats including everything submitted), then you have a human in
the loop that can choose whether something looks fishy or not and
whether they want to include it in their generated stats. Then the
existence of vandalized stats won't matter since the users can easily
exclude them from their stats. So the user can query "Out of the cpu
architectures X, Y and Z, what percentage is X." as they don't care
about the "l337" cpu type and don't want to include those in the total
number.

Just some thoughts.

/Mike




More information about the fedora-devel-list mailing list