I think “reset on hang” is an interesting feature for servers and server admins might like to manually enable it. However, for most users I think it would be desirable to have this disabled by default. Because should the VM hang, the current output might be helpful to figure out what actually caused the hang/crash. Auto reset would make debugging much harder.
A core dump is like a memory dump for diagnosing crashes. I guess users need to send that to Debian developers. You don’t touch the kernel so any bugs are likely upstream and not related to Whonix.
At worst watchdog won’t be visible to users and will only kick in when a crash happens, providing slightly more helpful information than without.
I forgot a single quote ’ around reset and thats why its not working. Should I change it or you? I’ll do that when I get the go ahead for the dump feature.
I know. And depending on the type of the core dump and privacy considerations it may or may not include private data such as contents of RAM. Perhaps that should be researched before deciding further?
I forgot a single quote ' around [b]reset[/b] and thats why its not working.
And depending on the type of the core dump and privacy considerations it may or may not include private data such as contents of RAM. Perhaps that should be researched before deciding further?
Then I’m not really enthusiastic about having it set to dump.
Watchdog would only be useful to server admins (our Hidden Service target users)
Would make things harder for others trying to figure out a crash
non experienced users most probably won’t even know how to debug a crash so it doesn’t matter
Those that know how will have the ability to disable watchdog temporarily.
Note that watchdog is added by default by I removed it in the past because of wrong security assumptions.
My opinion is to leave it as it is set to reset? If not convinced do what you think is best.
Even for experienced users, I think this auto-reset enabled by default that they have to disable first is super confusing. Then they come to the forum and say their VM restarted out of nowhere. Then we tell them to disable that auto reboot feature first so they can come back and report a bug? Not a great workflow.
Also makes debugging hard to reproduce bugs much harder.
To me it looks like a real bad idea, opt-in looks much better to me here than opt-out, but it’s up to you.