Announcement

Collapse
No announcement yet.

Learn More About Systemd-Homed For How Linux Home Directories Are Being Reinvented

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • skeevy420
    replied
    Originally posted by Zucca View Post
    I haven't toyed around, but ecryptfs and encfs sound more ideal, since those encrypt in user-space and per file.

    Someone with more knowledge can tell if those are worse or better ideas than luks.
    Depends on your needs. The TLDR is go with LUKS if your CPU supports AES, especially if you have a laptop.

    LUKS & other per disk/partition methods are good for root volumes -- hard for someone to physically add a key logger if the drive can't be decrypted. Performance penalties may occur depending on hardware and encryption method used. Especially useful with laptops since no one will be able to access the system or clone the drive to get its data.

    Per file encryption, OTOH & IMHO, is more useful if you don't have a newer system and full disk methods slow your system down (no AES). They're also useful on shared setups where LUKS is being used but you want some form of privacy...like family PC with a single user account scenarios... They're also useful on secure workstations where LUKS is pretty unnecessary and any encryption overhead, however minimal, is undesired; like a git or compile heavy workstation where a few confidential folders need to be kept secure but the rest needs pure, raw throughput.

    If you have a modern desktop system with AES support, that's basically anything x86_64 from 2010+ and quite a few ARM CPUs, there's no reason not to use LUKS or ZFS or whatever with AES since we essentially get free disk security unless you have one of those specialized environments where it isn't really required.

    Leave a comment:


  • Zucca
    replied
    Originally posted by Shiba View Post
    Now I'm wondering: what kind of performance should I expect with a stack like ext4 -> loopback -> luks -> ext4?
    I haven't toyed around, but ecryptfs and encfs sound more ideal, since those encrypt in user-space and per file.

    Someone with more knowledge can tell if those are worse or better ideas than luks.

    Leave a comment:


  • Shiba
    replied
    Originally posted by pal666 View Post
    in other words, your choice is https://en.wikipedia.org/wiki/Dancing_pigs
    More like babysitting systemd users who apparently don't know the difference between suspending and power cycling.

    Leave a comment:


  • andyprough
    replied
    I'm watching the video. This all seems Microsoft-ish in the extreme.

    Leave a comment:


  • Shiba
    replied
    Now I'm wondering: what kind of performance should I expect with a stack like ext4 -> loopback -> luks -> ext4?

    Leave a comment:


  • pal666
    replied
    Originally posted by frank007 View Post
    Maybe you forget all the persons who make the Linux world great with all their free work.
    what did they eat?

    Leave a comment:


  • pal666
    replied
    Originally posted by Danny3 View Post
    after I saw the video with the "Security above everything" including usability, I don't think I will like this.
    in other words, your choice is https://en.wikipedia.org/wiki/Dancing_pigs

    Leave a comment:


  • jo-erlend
    replied
    Originally posted by frank007 View Post
    Browsing != connecting for browsing

    Maybe you forget all the persons who make the Linux world great with all their free work. The actual path betrays all those persons, and all those persons still believe in Linux.
    You probably think that Linux is mostly volunteer work. It isn't. It's mostly commercial and that's a good thing. Neither GNU or Linux has ever been a communist project. In fact GNU and the FSF recommends against giving away software free of charge. Because developers need money. Linux has always been intended to be free of charge, but has never been anti-commercial.

    Leave a comment:


  • starshipeleven
    replied
    Originally posted by frank007 View Post
    Browsing != connecting for browsing
    https isn't a VPN, the only traffic that is encrypted is the important parts (communication to/from the server). Most of the actual page content is still sent over http.

    See some easy examples of leet haxxoring of clients in an open wifi.
    https://fractionalciso.com/wifi-pineapple/

    Maybe you forget all the persons who make the Linux world great with all their free work.
    Maybe you forget all those companies that invested billions of dollars over decades to make Linux world great with all their paid developers work.

    The actual path betrays all those persons, and all those persons still believe in Linux.
    I don't care. I need a tool that works well, and these people alone are insufficient to deliver it.

    Leave a comment:


  • frank007
    replied
    Originally posted by starshipeleven View Post
    Ok boomer, when everyone and their dog is using free wifi hotspots that have no encryption so I can sniff all their traffic and passwords it's an invented problem.
    Browsing != connecting for browsing
    Originally posted by starshipeleven View Post
    What does this communist crap even mean. Software development isn't free. They either find a way to monetize it or we are stuck with barely usable hobby projects. People don't usually donate for something they can get for free.
    Maybe you forget all the persons who make the Linux world great with all their free work. The actual path betrays all those persons, and all those persons still believe in Linux.

    Leave a comment:

Working...
X