Announcement

Collapse
No announcement yet.

Learn More About Systemd-Homed For How Linux Home Directories Are Being Reinvented

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Learn More About Systemd-Homed For How Linux Home Directories Are Being Reinvented

    Phoronix: Learn More About Systemd-Homed For How Linux Home Directories Are Being Reinvented

    Coming with the imminent systemd 245 is systemd-homed that is making fundamental changes to Linux home directories. Systemd lead developer Lennart Poettering presented at FOSDEM 2020 last weekend on systemd-homed and that video recording is now up...

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite

  • #2
    I was quite looking forward for this as systemd developers trying to solve another Linux mess, but now after I saw the video with the "Security above everything" including usability, I don't think I will like this.
    Locking the session and not being able to hear the music continuing in background and having the info and buttons to change the song or having a download in background not being possible anymore it's insane.
    I would rather not encrypt home or leave the computer unlocked than to interrupt a possibly long download.
    And how the fuck is more secure to leave someone at your computer with the session completely unlocked so they can change the song in the music player compared to having the session locked and they change the song from the lock screen?
    If thsese usability problems are real than I think it will be way better to leave out the whole Systemd-Homed completely and use Plasma Vaults or Veracrypt to encrypt only the important stuff.
    Last edited by Danny3; 07 February 2020, 02:50 AM.

    Comment


    • #3
      As long as I have the option to continue using traditional home directories on my encrypted disk, they can do whatever they please.

      Comment


      • #4
        Originally posted by Danny3 View Post
        I was quite looking forward for this as systemd developers trying to solve another Linux mess, but now after I saw the video with the "Security above everything" including usability, I don't think I will like this.
        Locking the session and not being able to hear the music continuing in background and having the info and buttons to change the song or having a download in background not being possible anymore it's insane.
        I would rather not encrypt home or leave the computer unlocked than to interrupt a possibly long download.
        And how the fuck is more secure to leave someone at your computer with the session completely unlocked so they can change the song in the music player compared to having the session locked and they change the song from the lock screen?
        If thsese usability problems are real than I think it will be way better to leave out the whole Systemd-Homed completely and use Plasma Vaults or Veracrypt to encrypt only the important stuff.
        Weren't those sorts of problems one of the big reasons given for needing to invent Wayland? That allowing things like using the media keys on the keyboard while the screen was locked would break the X11 spec too badly?
        Last edited by ssokolow; 07 February 2020, 03:31 AM.

        Comment


        • #5
          Originally posted by Danny3 View Post
          [...]
          Locking the session and not being able to hear the music continuing in background and having the info and buttons to change the song or having a download in background not being possible anymore it's insane.
          I would rather not encrypt home or leave the computer unlocked than to interrupt a possibly long download.[...]
          I spoke with Lennart after the talk he held at DevConf, and there seems to be a surprisingly big misconception on when the encryption is actually locked again. Locking the screen/session isn't supposed to instantly re-encrypt your homedrive, though I can't imagine that it'd be impossible to add a hook for that.
          The default - from systemd - is supposed to be encrypting only when your computer suspends/hibernates/shuts down - or after a timeout when no inhibitions are active, not when your screensaver starts or something inane like that. Though the default from your dist might be something completely different, as with all systemd settings.

          If you're worried about losing downloads, then you should make sure your download tool knows to add a power saving inhibition during a download, otherwise you're already likely to lose them in case your computer wants to power save. Homed should not change this in the slightest, only add some additional security to after your computer has decided that it's no longer in active use.

          Comment


          • #6
            Originally posted by Danny3 View Post
            I was quite looking forward for this as systemd developers trying to solve another Linux mess, but now after I saw the video with the "Security above everything" including usability, I don't think I will like this.
            Locking the session and not being able to hear the music continuing in background and having the info and buttons to change the song or having a download in background not being possible anymore it's insane.
            I would rather not encrypt home or leave the computer unlocked than to interrupt a possibly long download.
            And how the fuck is more secure to leave someone at your computer with the session completely unlocked so they can change the song in the music player compared to having the session locked and they change the song from the lock screen?
            If thsese usability problems are real than I think it will be way better to leave out the whole Systemd-Homed completely and use Plasma Vaults or Veracrypt to encrypt only the important stuff.
            I totally agree. The key word is 'security'. But I'm not a monkey (sorry monkeys, clever animals), I don't believe to everything I hear. So, what should I do everytime I hear the word secure or unsecure, to became crazy for searching for a solution to a non-existent problem? The same with browsers. If browsing is tagged as non-secure the problem is the browser itself, or it is an invented problem. The browser must not send back any info about the user, never. If a site want user infos back than there is something wrong with that site or the whole web.

            In my own opinion, everyone (I've just read about Canonical and certified devices) are pushing for monetize their being part of the Linux word. My question is: do we really need all these actors? Do we are the users, we are the public.
            Last edited by Guest; 07 February 2020, 04:28 AM.

            Comment


            • #7
              Originally posted by frank007 View Post
              (I've just read about Canonical and certified devices)
              I did too. The idea is basically that, if a Dell laptop ships with "20.04 but a newer kernel than the stock 20.04 one", and you reinstall from a 20.04 CD, they want to automatically re-enable that newer kernel so you don't wind up with potentially broken drivers on reinstall.

              It's basically a compromise between "LTS is supposed to be stable enough to calm the fears of enterprise users... which means it may be stale by more ordinary people's standards" with "Hardware manufacturers may deploy their officially Linux-compatible devices with newer drivers than what LTS ships with".

              As far as I can tell, it's "Certified" as in "We, Dell, certify that this laptop will work with Ubuntu"... which means that it's perfectly fair for Canonical to adjust their installers so that they'll help you get the right drivers reinstalled.

              Comment


              • #8
                Originally posted by Danny3 View Post
                Locking the session and not being able to hear the music continuing in background and having the info and buttons to change the song or having a download in background not being possible anymore it's insane.
                LUKS locking occurs on suspend, how are you listening to music with you PC suspended? XD

                Comment


                • #9
                  Originally posted by frank007 View Post
                  The same with browsers. If browsing is tagged as non-secure the problem is the browser itself, or it is an invented problem.
                  Ok boomer, when everyone and their dog is using free wifi hotspots that have no encryption so I can sniff all their traffic and passwords it's an invented problem.


                  In my own opinion, everyone (I've just read about Canonical and certified devices) are pushing for monetize their being part of the Linux word. My question is: do we really need all these actors? Do we are the users, we are the public.
                  What does this communist crap even mean. Software development isn't free. They either find a way to monetize it or we are stuck with barely usable hobby projects. People don't usually donate for something they can get for free.

                  Comment


                  • #10
                    Originally posted by starshipeleven View Post
                    Ok boomer, when everyone and their dog is using free wifi hotspots that have no encryption so I can sniff all their traffic and passwords it's an invented problem.
                    Browsing != connecting for browsing
                    Originally posted by starshipeleven View Post
                    What does this communist crap even mean. Software development isn't free. They either find a way to monetize it or we are stuck with barely usable hobby projects. People don't usually donate for something they can get for free.
                    Maybe you forget all the persons who make the Linux world great with all their free work. The actual path betrays all those persons, and all those persons still believe in Linux.

                    Comment

                    Working...
                    X