Droppiea bit of a digital flap
Administered by:
#luks
0 posts0 participants0 posts today
Replied to marczz
Why you should use full-disk encryption
If any of the arguments I make below apply to you, you should use full-disk encryption. I am pretty sure the first argument applies to everyone. The second argument applies at least to everyone in the EU and the US state of California. The third argument applies to everyone again.
You will fail to delete drives properly
Storage media get lost. Most people do not know how to properly delete hard disk content before selling them, or they forget it. In the case of flash drives, or SSDs, standard tools like shred don't work. hdparm may do the trick, but this is not well known. If you are lucky, the manufacturer of you SSH provides a Windows app that lets you delete it securely. Your server does not run on Windows of course.
The law demands it
#GDPR and similar data protection and privacy laws require you to store no #PII (personal data) permanently. You have to anonymize PII or delete it after a few weeks. IP addresses are PII. All servers store IP addresses by default. The GDPR also demands that you use state-of-the-art technology to protect sensitive data. Full disk encryption is the state of the art.
Law enforcement makes "mistakes"
I'm a board member of @Artikel5eV, an organisation that runs relays on the Tor network, including exit relays. Running Tor relays is perfectly legal in Germany. Nevertheless, law enforcement agencies have raided the homes of Artikel 5 e.V. board members twice. Illegally so, as a court confirmed recently. I won't run Tor relays in my home, but there is a good chance that my home will be raided one day unless all police officers and prosecutors decide to obey the law.
There is also a possibility that the rule of law might collapse in your country sooner or later. We are just witnessing it in the USA.
You already mentioned that ordinary thieves can also be a problem.
Encryption is available for free
So what is your case against disk encryption? It is obvious that it alone does not solve all IT security issues, but it is an important building block. #LUKS is reliable free and open-source software for HD encryption. If you are not using Linux, check out #VeraCrypt. The Raspberry Pi 5 comes with hardware acceleration for AES, so there no longer is a noticeable performance penalty for encryption.
Replied to Christian Pietsch
@chpietsch I was wondering if enabling #LUKS on a running server has really a benefit. Of course if thieves enter your place, unplug the server and take it the disk is protected. But this scenario is not so usual. Most often the attacker get access to your live server. Once the server is booted and the disk is unlocked, all data on the encrypted volume is accessible to anyone with access to the system. This makes encryption ineffective against attackers who compromise a running server.
Lately I've been doing more #SelfHosting again due to the current situation. Of course, I'm paying particular attention to power consumption and noise. After good experiences with the #ARM64 architecture, even with power-hungry applications such as Mastodon, I'm now using the smartphone technology for my homeservers, too.
There are #SBCs with more open hardware, but the #RaspberryPi is widely available, well documented, powerful and inexpensive. And it is available with up to 16 GB of RAM.
Anyone operating a server on the Internet must install #security updates quickly. However, many people forget to restart running software so that the new version runs instead of the old one. The #needrestart tool helps with this on Debian-based Linux systems, which unfortunately is usually not pre-installed.
On my Raspberry Pi 4, needrestart always runs correctly (automatically after apt upgrade). On my Raspberry Pi 5, however, I first had to create a configuration file as described by the main developer here:
https://github.com/liske/needrestart/blob/master/README.raspberry.md
Previously, the tool always claimed that a reboot was necessary because it thought an outdated Linux kernel was running.
Next, I want to activate #LUKS hard drive encryption on both raspis. Unfortunately, this is not as easy under #Raspbian or #RaspberryPiOS as on other Debian systems. If you have managed this: Please let me know how you did it!
Mastodon, gehostet auf fedifreu.deFedifreudeDiese Mastodon-Instanz wird vom überregionalen netzaktivistischen Zusammenhang Datenfreude <https://datenfreu.de> betrieben. Dazu zählen https://datenpunks.de und https://kleindatenverein.org.
My experience with #FlashDrives recently has been mixed. I have no problem in encrypting them with #LUKS, using #cryptsetup or with formatting a partition with #Btrfs, for instance, using #gparted and doing other tinkering with #Gnome #disks. But the problem has been with the actual drives themselves. The cheaper ones seem to have quite a few bad sectors, etc. and so they’re not really reliable for medium term storage.
1/2
www.cureus.comHighly Aggressive Multiple Sclerosis Relapse During Pregnancy Following SARS-CoV-2 Infection: A Case Report and Literature ReviewWe report a challenging case of a 32-year-old previously healthy pregnant woman at 17+2 weeks gestation with a new diagnosis of exceptional highly active relapsing-remitting multiple sclerosis (RRMS) triggered by a severe acute respiratory syndrome coronavirus 2 (SARS-CoV-2) infection. Remarkable clinical characteristics were the rapid clinical deterioration, the severity and the nature of the symptoms, including spastic tetraplegia, dyspnea, dysphagia, anarthria, and a severe pain syndrome, which resulted in the need for intensive care and mechanical ventilation within 24 hours. Relapse treatment, as well as symptomatic treatment, was challenging and complicated by pregnancy. Early diagnosis, consistent and persistent interdisciplinary management including six weeks stay in the intensive care unit and 3.5 months in neurorehabilitation, led to a full recovery of the patient and a healthy born child. In addition to the remarkable clinical characteristics, we report the challenging therapeutic measures throughout the hospitalization. This case report could, therefore, assist others who may be confronted with a similar situation.
Apparently, you can just resize/grow your #LUKS #crypto partition, as well as the #btrfs filesystem, without rebooting!
Since i continue to #fail to add external storage to the #Steam #Flatpack, i might as well allocate the whole SSD.
The screenshot shows #gparted, automating all the steps. I'm running #KDEneon #Linux. #Gaming
Each time I needed to migrate my data to a new SSD with LVM and LUKS, I struggled a lot, until I figured this out properly. I have documented all necessary steps in this document:
https://gist.github.com/andrewshadura/58098ea35471f2067bf9e5a33aec0c35
GistMigrating the system onto the new SSD with LVMMigrating the system onto the new SSD with LVM. GitHub Gist: instantly share code, notes, and snippets.
Zum ersten Mal war der Verband Angiodysplasie Schweiz beim "Rare Disease Day" im Luzerner Kantonsspital vertreten – und es mit war eine total bereichernde Erfahrung! 
Ein riesiges Dankeschön an ProRaris für die grossartige Organisation dieser besonderen Veranstaltung.
https://angiodysplasie.ch/unser-erster-tag-der-seltenen-krankheiten-in-luzern/