Announcement

Collapse
No announcement yet.

Learn More About Systemd-Homed For How Linux Home Directories Are Being Reinvented

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • jo-erlend
    replied
    Originally posted by frank007 View Post
    But never let commercial companies to decide for us.
    Nobody is deciding anything for you. You are entirely free to create your own GNU+Linux distribution based entirely on your own decisions. You have no right to take that freedom away from others and particularly not from the people who gives you your freedom by actually paying the bills for you.

    Leave a comment:


  • jacob
    replied
    Originally posted by starshipeleven View Post
    But... But... Linux can do it too with some 300-400 LoC of shell script and a neckbeard writing them.

    Why having good things when you can hack together shit with shell scripts.
    This. As long as "muh Unix philosophy" is a thing in the Linux community, its usage on the desktop will never exceed the statistical error. Just like no-one would deliberately choose a Ford T in the age of Tesla and the Porsche Taycan just because it was "simple".

    Leave a comment:


  • starshipeleven
    replied
    Originally posted by intelfx View Post
    Just what is the "actual page content", if not "communication to/from server"?
    Sorry I was unclear. The bulk of the page content isn't sensitive information and is "public" (the same for everyone) anyway.
    I meant the user-specific bits of the page and any information that is sent back to the server from the user.

    The next Chrome builds will go as far as blocking HTTP resources embedded in a page served over HTTPS, as well as blocking HTTP downloads started from HTTPS.
    Yeah I know, Good guy Google is at it again.

    Leave a comment:


  • intelfx
    replied
    Originally posted by Ananace View Post

    I spoke with Lennart after the talk he held at DevConf, and there seems to be a surprisingly big misconception on when the encryption is actually locked again. Locking the screen/session isn't supposed to instantly re-encrypt your homedrive, though I can't imagine that it'd be impossible to add a hook for that.
    The default - from systemd - is supposed to be encrypting only when your computer suspends/hibernates/shuts down - or after a timeout when no inhibitions are active, not when your screensaver starts or something inane like that. Though the default from your dist might be something completely different, as with all systemd settings.

    If you're worried about losing downloads, then you should make sure your download tool knows to add a power saving inhibition during a download, otherwise you're already likely to lose them in case your computer wants to power save. Homed should not change this in the slightest, only add some additional security to after your computer has decided that it's no longer in active use.
    Thanks for the explanation, Ananace. Tying encryption key lifetime to the power state changes or the idle timer is pretty close to optimal.

    Do you know, on an off-chance, are they going to use the idle timer directly or just the session lock status?

    Leave a comment:


  • intelfx
    replied
    Originally posted by starshipeleven View Post
    https isn't a VPN, the only traffic that is encrypted is the important parts (communication to/from the server). Most of the actual page content is still sent over http.
    Eh?

    Just what is the "actual page content", if not "communication to/from server"?

    Browsers have been emitting warnings about mixed security content for a few years now. The next Chrome builds will go as far as blocking HTTP resources embedded in a page served over HTTPS, as well as blocking HTTP downloads started from HTTPS.
    Last edited by intelfx; 02-07-2020, 09:17 PM.

    Leave a comment:


  • M@yeulC
    replied
    Hmm, I like most of these ideas, especially encrypting on suspend.

    One thing cross my mind: couldn't we actually swap RAM the user's programs use to the encrypted home as well?
    • users can find their work again when locking their session on a multi-user system
    • protected against unexpected shutdowns/USB stick removals
    • Protect more than the decryption keys: also the decrypted data that sits in RAM

    It might require a user namespace, though, as it would cause problems if the user elevates their privileges, or explores their filesystem with elevated privileges.

    Leave a comment:


  • andyprough
    replied
    Originally posted by cjcox View Post

    Of course. Just like systemd, you are free to not use it at all. To remove systemd: Step 1 (of 3,567,888)...

    Step 1 - insert either MX or antiX live USB
    Step 2 - click Install to Hard Disk
    Step 3 -
    Step 4 - Profit!

    Leave a comment:


  • wizard69
    replied
    Originally posted by frank007 View Post

    Please, don't use my words out of context.
    I will use your words anyway I please! Your words are so misinformed that they need to be highlighted and alternate opinions should be offered for all to consider. It might not have been your intention but your posts sound like they are way out in left field.

    Leave a comment:


  • wizard69
    replied
    Originally posted by bridgman View Post
    Is it just me, or is this thread hard to follow ?
    Well obviously we have the usual people rejecting anything new SystemD related. What is funny is that some of the rejections come from people that apparently could not understand the video.

    personally I see a lot of potential in homed and can’t really reject it out of hand. I’m not a big fan of laptops but do travel around with one. This is just one possible way of dealing with moving between that laptop and the desktop. I’ve been looking into personal cloud solutions but frankly I’m not up on the security considerations. A home directory on a cloud though is one solution to the home directory problem.

    I just think many of the people that reject anything SystemD related are a bit “funny”. It seems like a knee jerk reaction in many cases. As for this new homed approach it is very interesting and might actually be a good thing. Like anything new it isn’t how it is now but how it evolves that can damn it to failure.

    Leave a comment:


  • frank007
    replied
    Originally posted by wizard69 View Post

    Well if we are expressing opinions here I might suggest that you are grossly out of touch. Developers of free software are a flighty bunch. The best thing that has ever happened to Linux is the picking up of professional developers, that is people paid to work on their niche of Linux. It doesn’t matter if that person works at Redhat, Apple or some other organization the fact that they get paid to polish that niche has resulted in massive gains in the Linux domain.

    ive been using Linux long enough to realize what happens to software where the developer can’t commit himself to the project. There are thousands of projects that died over the years because someone priority has changed. That might be mouths to feed, kids to cloth or even a desire to get back In touch with nature.

    when your job is in fact software development it is far easier to Shepard a project than some noob donating his time.
    Please, don't use my words out of context.

    Leave a comment:

Working...
X