This is enough for me to tell it's a bad idea that should never be implemented. It's either reliable, or it goes in the trash.

It's so stupid I love it.

So it's not a bug. It's a feature!

This would be very easy to manipulate if you are controlling the majority of the threads.

Good sources of non-deterministic entropy that almost all systems have: Flash IO timings. IRQ timings. Cross-core cache access timings. DRAM timings when thrashing the cache. Stack data when the IRQs run. GPIO latency timings. SPI bus latency timings. Even highly deterministic platforms with MCU cores like Arm M4 will be able to accumulate entropy from those sources.

Part of the problem with the current Linux random device performance is that it returns the actual accumulated entropy bits. If instead it accumulated a pool of 64k entropy bits, supplied up to 32k of hash-derived bits, then perturbed the pool with the bits accumulated while supplying that 32kbits (ie flip bits in the 64kbit pool as they come then MD5 stream the block), then there wouldn't be any problems with a shortage of crypto-secure entropy bits, and the CPU cost of those entropy bits wouldn't be quite so insanely high as it is now. And no quantum computer will ever break the unknowable 32kbits of the pool.

It depends on the cpu as well. Some cpu with speculative exeuction do use hardware randomisation to decide what paths to speculative execute.

Yes some silicon and setups it would be deterministic.

That's as long as there is some sort of input (e.g. keyboard, mouse or network) that will cause context switches. Otherwise it can be somewhat (theoretically) deterministic.