Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
toad.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Mastodon server operated by David Troy, a tech pioneer and investigative journalist addressing threats to democracy. Thoughtful participation and discussion welcome.

Administered by:

Server stats:

300
active users

toad.social: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.8

#luks

0 posts0 participants0 posts today
Continued thread
Public
Droppie [infosec] 🐨:archlinux: :kde: :firefox_nightly: :thunderbird: :vegan:

@MsDropbear42 Weeeeeeeeell, now i've made time to investigate what ails poor lil ol' ONT, & it seems pretty terminal [boom, tish]. The failure to finish booting occurred after i did a system update after not doing so for several months. OS was #SparkyLinux Testing / semi-rolling. Afaict, whatever caused the damage did a pretty good job:

  • the #bootloader had vaporised
  • the #LUKS #encryption seems to have been damaged [even booting from a Live usb stick couldn't unlock the drive, my LUKS pswd being rejected despite absolutely certainly being correct]; it accepts my LUKS password during boot, then says "Slot 0 opened", then... just sits there, evermore. Sigh.

I considered trying to repair the bootloader via a #chroot, but even if that succeeded i frankly had little appetite to then do battle with a sulky LUKS. This pc is a very old clunker, spinning rust HDDs only, merely 8 GB RAM, i7 though old model, & i'd repurposed it to be my lounge-room media pc several months ago without bothering to change anything about its extant OS... & tbh Sparky had been wearing a bit thin on me anyway for a coupla months in this role.

So i decided not to bother attempting repairs, & instead make a clean break with an alternative distro that i feel should be just about ideal for this use as a media pc, whose only function is to run a browser, & my VPN app, for my nightly movies & shows streaming. As such, i really just don't wanna be arsed with running updates on it often, & generally mollycoddling it like i do with my real pooter [#ArchLinux #KDE #Plasma]... i just want it to live happily in the darkness of my timber cabinet, asking little of me re upkeep, & just purring away.

Thus, it now has #LinuxMint #LMDE 6. Gotta hand it to ol' Clem & Co; they've done a really nice job with it.

#ONT#PistonBroke
Replied to marczz
Public *
Christian Pietsch

@marczz

Why you should use full-disk encryption

If any of the arguments I make below apply to you, you should use full-disk encryption. I am pretty sure the first argument applies to everyone. The second argument applies at least to everyone in the EU and the US state of California. The third argument applies to everyone again.

You will fail to delete drives properly

Storage media get lost. Most people do not know how to properly delete hard disk content before selling them, or they forget it. In the case of flash drives, or SSDs, standard tools like shred don't work. hdparm may do the trick, but this is not well known. If you are lucky, the manufacturer of you SSH provides a Windows app that lets you delete it securely. Your server does not run on Windows of course.

The law demands it

#GDPR and similar data protection and privacy laws require you to store no #PII (personal data) permanently. You have to anonymize PII or delete it after a few weeks. IP addresses are PII. All servers store IP addresses by default. The GDPR also demands that you use state-of-the-art technology to protect sensitive data. Full disk encryption is the state of the art.

Law enforcement makes "mistakes"

I'm a board member of @Artikel5eV, an organisation that runs relays on the Tor network, including exit relays. Running Tor relays is perfectly legal in Germany. Nevertheless, law enforcement agencies have raided the homes of Artikel 5 e.V. board members twice. Illegally so, as a court confirmed recently. I won't run Tor relays in my home, but there is a good chance that my home will be raided one day unless all police officers and prosecutors decide to obey the law.

There is also a possibility that the rule of law might collapse in your country sooner or later. We are just witnessing it in the USA.

You already mentioned that ordinary thieves can also be a problem.

Encryption is available for free

So what is your case against disk encryption? It is obvious that it alone does not solve all IT security issues, but it is an important building block. #LUKS is reliable free and open-source software for HD encryption. If you are not using Linux, check out #VeraCrypt. The Raspberry Pi 5 comes with hardware acceleration for AES, so there no longer is a noticeable performance penalty for encryption.

#storageEncryption#hardDiskEncryption#encryptAllTheThings
Replied to Christian Pietsch
Public *
marczz

@chpietsch I was wondering if enabling #LUKS on a running server has really a benefit. Of course if thieves enter your place, unplug the server and take it the disk is protected. But this scenario is not so usual. Most often the attacker get access to your live server. Once the server is booted and the disk is unlocked, all data on the encrypted volume is accessible to anyone with access to the system. This makes encryption ineffective against attackers who compromise a running server.

Public *
Christian Pietsch

Lately I've been doing more #SelfHosting again due to the current situation. Of course, I'm paying particular attention to power consumption and noise. After good experiences with the #ARM64 architecture, even with power-hungry applications such as Mastodon, I'm now using the smartphone technology for my homeservers, too.

There are #SBCs with more open hardware, but the #RaspberryPi is widely available, well documented, powerful and inexpensive. And it is available with up to 16 GB of RAM.

Anyone operating a server on the Internet must install #security updates quickly. However, many people forget to restart running software so that the new version runs instead of the old one. The #needrestart tool helps with this on Debian-based Linux systems, which unfortunately is usually not pre-installed.

On my Raspberry Pi 4, needrestart always runs correctly (automatically after apt upgrade). On my Raspberry Pi 5, however, I first had to create a configuration file as described by the main developer here:
github.com/liske/needrestart/b
Previously, the tool always claimed that a reboot was necessary because it thought an outdated Linux kernel was running.

Next, I want to activate #LUKS hard drive encryption on both raspis. Unfortunately, this is not as easy under #Raspbian or #RaspberryPiOS as on other Debian systems. If you have managed this: Please let me know how you did it!

Mastodon, gehostet auf fedifreu.deFedifreudeDiese Mastodon-Instanz wird vom überregionalen netzaktivistischen Zusammenhang Datenfreude <https://datenfreu.de> betrieben. Dazu zählen https://datenpunks.de und https://kleindatenverein.org.
#rpi#rpi5#raspi
Public
Khurram Wadee ✅

My experience with #FlashDrives recently has been mixed. I have no problem in encrypting them with #LUKS, using #cryptsetup or with formatting a partition with #Btrfs, for instance, using #gparted and doing other tinkering with #Gnome #disks. But the problem has been with the actual drives themselves. The cheaper ones seem to have quite a few bad sectors, etc. and so they’re not really reliable for medium term storage.

1/2

#Hardware#StorageDevices#Unix
Public *
conscientious objector🇨🇭🪂

#Corona Infektionen sind ein Problem für MS Patienten.

Case Report vin 2024 aus #Luzern

#SRF: Das ist nicht relevant für die Öffentlichkeit, da chronisch Erkrankte irrelevant sind. Geht ins Restaurant! Das Plexiglas war teuer!

cureus.com/articles/334436-hig

www.cureus.comHighly Aggressive Multiple Sclerosis Relapse During Pregnancy Following SARS-CoV-2 Infection: A Case Report and Literature ReviewWe report a challenging case of a 32-year-old previously healthy pregnant woman at 17+2 weeks gestation with a new diagnosis of exceptional highly active relapsing-remitting multiple sclerosis (RRMS) triggered by a severe acute respiratory syndrome coronavirus 2 (SARS-CoV-2) infection. Remarkable clinical characteristics were the rapid clinical deterioration, the severity and the nature of the symptoms, including spastic tetraplegia, dyspnea, dysphagia, anarthria, and a severe pain syndrome, which resulted in the need for intensive care and mechanical ventilation within 24 hours. Relapse treatment, as well as symptomatic treatment, was challenging and complicated by pregnancy. Early diagnosis, consistent and persistent interdisciplinary management including six weeks stay in the intensive care unit and 3.5 months in neurorehabilitation, led to a full recovery of the patient and a healthy born child. In addition to the remarkable clinical characteristics, we report the challenging therapeutic measures throughout the hospitalization. This case report could, therefore, assist others who may be confronted with a similar situation.
#Luks#Schweiz
Public
Jonathan Matthews

#TIL that whilst having a too-long-running #Linux machine with #LUKS #FDE already unlocked, but where I've /maybe/ forgotten the passphrase (so won't be able to boot it successfully), it's possible to check if I've remembered the passphrase correctly with:

# cryptsetup open --verbose --test-passphrase DEV
Enter passphrase for DEV:
Key slot 0 unlocked.
Command successful.

Public
Multi Purr Puss :verified:

In one of your recent stream VODs, @tomlawrence, someone asked, whether they could run #ZFS on #LUKS - i can answer that; YES*, with an *asterisk.

I did this for quite some time, until i've decided that it's rather inconvenient to type in my password on every reboot. Now, i'm running LUKS on ZVOLs, in #Ubuntu / #qemu / #libvirt.

It's a small home server, and i need a few "privacy insensitive" VMs to auto-start after power-fail.

All one needs is a block dev, zpool create, done! 😉 …technically

Public
Kamalavelan

I am kinda confused about choosing the #encryption system for use with #zfs should it be ZFS native encryption or shall I put ZFS on top of #LUKS. LUKS seems to be the more 'mature' option and the performance is hardly 10% lesser than native. Does anyone have experience with using ZFS native encryption?

Public *
Crazy-to-Bike

Ich muss es mal wieder in aller Deutlichkeit sagen:
Ich ❤️ #Linux

Im #Notebook meiner Frau war noch eine relativ kleine #SSD. Seit einem Jahr macht sie mega viele Fotos mit dem #Smartphone und bei der letzten Sicherung auf's Notebook waren nur noch 4 GB frei.

Ich habe das mit #LUKS vollverschlüsselte #Ubuntu kurzerhand mit Linux #Bordmitteln auf eine größere SSD umgezogen:

1. alte SSD mit dd auf neue SSD 1:1 geklont
2. neue SSD ins Notebook eingebaut und Ubuntu gestartet
3. im laufenden System unbenutzten Speicherplatz mit #gparted der verschlüsselten Root-Partition hinzugefügt.
4. im laufenden System das #LVM vergrößert
5. im laufenden System das Dateisystem vergrößert

Fertig.

Effektiver Arbeitsaufwand: 5 min

Man versuche das mal mit #BigTech #Microsoft #Windows. 🤣

#OpenSource #FOSS #digitaleSelbstbestimmung #digitaleSouveränität #Terminal

ExploreLive feeds
About