|
Klyith posted:I think the main answer is privacy. If you have stuff you'd prefer nobody sees including if you get hit by a bus, encrypt it. That's not it, the threat model is offline attacks only, and that's enough of a reason to always encrypt all partitions except /boot. It's not a "I've got nothing to hide lol" thing, there's no way anyone does not have information they shouldn't make public somewhere in their / and/or data filesystems. Now when the HDD dies and can't be overwritten with zeros because the computer isn't seeing it anymore (or it's an SSD and wiping is useless anyway) there'e no need to worry about physically destroying it before disposal.
|
# ? Jun 3, 2023 12:17 |
|
|
# ? Jun 5, 2024 22:54 |
|
Kids don't even remember Hans Reiser murdering his wife, or the SCO lawsuit, or one of Linus' many meltdowns.
|
# ? Jun 3, 2023 13:21 |
|
Don't forget Stallman! Is FreeBSD's history much better? I can't remember anything that puts it on the same level
|
# ? Jun 3, 2023 13:57 |
|
I would blow Dane Cook posted:Kids don't even remember Hans Reiser murdering his wife, or the SCO lawsuit, or one of Linus' many meltdowns. Every now and again I fondly remember the edit on Wikipedia for "comparison of file systems" which added a column for the feature "Murders wife" with all file systems except reiserFS and reiser4 saying "no."
|
# ? Jun 3, 2023 15:27 |
|
Apparently his next parole hearing is in 2027.
|
# ? Jun 3, 2023 15:40 |
|
Vavrek posted:The automatic snapshots are appealing. My main concern is about adding drives to the system later, which I think I remember hearing being ... somehow complicated, maybe, with one or the other of them? I'm not sure. The fact that it's in kernel and that most of the "man, btrfs might be great but it's clunky and perpetually half-finished" all seem to be years old incline me toward it significantly. Adding drives to a parity-type (raid 5/6) array is not possible for either of them. (And if you're making a raid5/6 array, go with ZFS.) Adding a basic volume to the system is never a problem. Btrfs has very flexible options for adding and removing drives in the raid1 & raid10 area. You can convert a single-drive basic volume into a raid1 mirror while the fs is live. (I did this when converting my system from windows to linux -- moved data from ntfs volumes to a basic non-redundant btrfs volume, then added a mirror once I had free space.) It can convert between basic, raid 1, & raid 10 in any direction. Dunno if ZFS has the same capability. OTOH management of btrfs raid stuff is quite manual, including recovery if stuff goes wrong, so if you're doing anything complex that's where it gets more clunky and unfinished. Personally I haven't found it that bad, but I'm also new to living 100% on linux. A lot of trad unix stuff is clunky. Btrfs is just another thing in the list of stuff I have to make notes about as I learn. If you're just using it for your root it's transparent and ignorable. Vavrek posted:Good to hear! While catching up on the Linux Gaming Thread, I got to this post, which links this article, which makes Wayland-18-moths-ago sound better than I thought it was now. The point about multi-monitor support is particularly important, given I always run two screens and am thinking of adding a third via wall-mount. Another thing that produces a lot of difference in opinion on Wayland readiness is the GPU -- nvidia drivers were substantially worse with wayland until pretty recently and I still see people say they still have issues. Storm One posted:That's not it, the threat model is offline attacks only, and that's enough of a reason to always encrypt all partitions except /boot. This is a level of safety paranoia that's about 3 orders of magnitude than I care to live under. An offline attack against my desktop is not going to happen. My dead HDD is not going to be recovered from the trash and taken to a data recovery operation to get my PII. (But also I harvest the magnets from a dead HDD, so you'd have do it from bare platters.) I take no security precautions against the mossad in the same way that I don't worry about being hit by a meteor. If the mossad wants my data they can have it.
|
# ? Jun 3, 2023 16:02 |
|
Klyith posted:An offline attack against my desktop is not going to happen. My dead HDD is not going to be recovered from the trash and taken to a data recovery operation to get my PII. (But also I harvest the magnets from a dead HDD, so you'd have do it from bare platters.) I take no security precautions against the mossad in the same way that I don't worry about being hit by a meteor. If the mossad wants my data they can have it. You're bringing up movie plot threat models when I'm talking about bare minimum data protection: 1. laptop gets stolen, it it's encrypted offline attacks are impossible unless the password really sucks, if it's not anyone can remove the disk and mount it in another computer 2. drive has bad sectors and a corrupted filesystem, user sends it to a repair shop, anyone can run ddrescue and get most of the data out, unless of course it is encrypted 3. user buys new pc, doesn't know how computers work and sells old one on ebay as is, etc Really, not using FDE for eveything is comparable to not using an adbloker because you don't really care about seeing ads. It's just good practice, and the the less tech-literate one is the greater the potential benefit from using it.
|
# ? Jun 3, 2023 16:33 |
|
Storm One posted:You're bringing up movie plot threat models when I'm talking about bare minimum data protection: Ok, but I was replying to someone in a linux thread with a desktop. None of those three scenarios apply to either Vavrek or myself. Practical, not theoretical, answer to a question. There are definitely great reasons for FDE in a general sense. (Though TBQH I'm not sure if #2 counts as good or bad -- the number of people who want data recovery because they don't backup is much higher than the number of malicious tech shop employees. I am not really sure whether pervasive FDE backed by TPM, as per the MS model, will turn out on the whole better or worse for normal home users. There isn't exactly an epidemic of physical computer theft crime that would be thwarted by FDE.)
|
# ? Jun 3, 2023 17:05 |
|
Storm One posted:Really, not using FDE for eveything is comparable to not using an adbloker because you don't really care about seeing ads. It's just good practice, and the the less tech-literate one is the greater the potential benefit from using it. That's not a good analogy. Since I use the browser every day, not having an adblocker would be a daily nuisance. FDE on a desktop computer is protection from an unlikely threat, one that definitely should not happen daily. FDE is an additional layer that most people do not need. Hell, even having a password on the local desktop computer is overkill for most households, households where the members trust each other. Mobile computers are a different beast, sure, those do require additional protection since they're mobile and the odds of getting in the wrong hands are higher.
|
# ? Jun 3, 2023 17:08 |
|
Klyith posted:(Though TBQH I'm not sure if #2 counts as good or bad -- the number of people who want data recovery because they don't backup is much higher than the number of malicious tech shop employees. Fair point, the biggest reason NOT to use crypto of any kind is how it complicates data recovery in general, it's yet another footgun. (#2 was more from the perspective of someone who just wants the PC to function again and isn't concerned at all with recovering any of their old data but doesn't know how to reinstall the OS) Volguus posted:That's not a good analogy. Since I use the browser every day, not having an adblocker would be a daily nuisance. If it's a nuisance for you, it means you DO care about the ads; the analogy was about a tech-illiterate person who does NOT care about the ads and also doesn't know about ransomware. They would be better off with an adblocker even if they don't fully understand everything it can protect against.
|
# ? Jun 3, 2023 17:29 |
|
If you don't encrypt your harddrive this could be you:
|
# ? Jun 3, 2023 17:34 |
|
Storm One posted:If it's a nuisance for you, it means you DO care about the ads; the analogy was about a tech-illiterate person who does NOT care about the ads and also doesn't know about ransomware. They would be better off with an adblocker even if they don't fully understand everything it can protect against. A tech illiterate person cares about ads as well, since they're "in your face" all the time. They're tech illiterate, not idiots. They may put up with them if they don't know that there's an alternative, but they surely would prefer to not see them.
|
# ? Jun 3, 2023 17:52 |
|
VictualSquid posted:If you don't encrypt your harddrive this could be you: Think of the opposite. All those gay porn reviews, lost in time like tears in rain.
|
# ? Jun 3, 2023 18:07 |
|
The only drives I have encrypted are in laptops - I don't see a point to doing it on my desktops. It feels excessive even on my laptops, because I tend to avoid keeping a lot of personal information on those to begin with.
|
# ? Jun 3, 2023 20:30 |
|
Have you ever looked at your bank website? If that page was written to disk for any reason, your account number could be on there.
|
# ? Jun 3, 2023 21:49 |
|
VostokProgram posted:Have you ever looked at your bank website? If that page was written to disk for any reason, your account number could be on there. Yeah, which is why my laptops have encryption. I just don't bother on my desktops.
|
# ? Jun 3, 2023 21:53 |
|
Yeah I encrypt laptops, don't bother with desktops. I honestly can't remember the last time I signed into a banking website on a computer...
|
# ? Jun 3, 2023 22:12 |
|
You get paper statements or you just don't care how much money you have?
|
# ? Jun 3, 2023 22:16 |
|
VostokProgram posted:Have you ever looked at your bank website? If that page was written to disk for any reason, your account number could be on there. And you can drain someone's bank account just by having their account number? You'd need a false ID, or to know passwords. These scenarios are like, such a non-risk for individuals. One, that your stolen hard drive will fall into the hands of someone with forensic skills to root through things like browser caches etc. Second that they can exploit that into important compromises (assuming you aren't keeping their bank passwords in a txt file). Full disk encryption is of major importance for companies and people who have lots of other people's PII in their hands. Because when your laptop with a giant customer database gets left in a taxi, it's a giant PITA if you can't say everything is encrypted, no risk. But cybercriminals are not big into stealing random laptops in the hopes of finding "my bank accounts.txt" on the desktop.
|
# ? Jun 3, 2023 22:18 |
|
cum jabbar posted:You get paper statements or you just don't care how much money you have? I look at my balances using mobile apps. On my of banks (I have 2) doesn't even have website banking or statements at all. Mobile App only.
|
# ? Jun 3, 2023 22:20 |
|
VictualSquid posted:If you don't encrypt your harddrive this could be you: Nah, I’m nowhere near that organized with my gay porn.
|
# ? Jun 3, 2023 22:43 |
|
VictualSquid posted:If you don't encrypt your harddrive this could be you: this is all on archive.org now btw.
|
# ? Jun 3, 2023 23:09 |
|
FDE also just adds a little bit more work. I've typed far too many bitlocker recovery keys just this year, and I vaguely remember having some extra "fun" working with LUKS when trying to recover some failed system upgrade. Nice on a laptop, but on desktops I lean towards it not being worth it.
|
# ? Jun 4, 2023 01:09 |
|
Just encrypt your home directory and unlock automatically on login, best of all worlds.
|
# ? Jun 4, 2023 01:43 |
|
How does everyone typically handle a laptop with an SSD and HDD installed? Map specific folders under /home to the HDD? I've seen the recommendation to drop the entirety of /home on the HDD but that should have some performance impacts if games and that sort of thing install there.
|
# ? Jun 4, 2023 01:58 |
|
Dyscrasia posted:How does everyone typically handle a laptop with an SSD and HDD installed? Map specific folders under /home to the HDD? I've seen the recommendation to drop the entirety of /home on the HDD but that should have some performance impacts if games and that sort of thing install there. The HDD had (got rid of it thankfully) music and videos. Games (and especially /home) sit on the fastest drive I have. I compile poo poo in /home and I'm not gonna wait hours for that.
|
# ? Jun 4, 2023 02:35 |
|
Dyscrasia posted:How does everyone typically handle a laptop with an SSD and HDD installed? Map specific folders under /home to the HDD? I've seen the recommendation to drop the entirety of /home on the HDD but that should have some performance impacts if games and that sort of thing install there. This is a rough parallel with NVME and SATA drives, but I install /home and /root on the NVME, then map the SATA drive to something like /storage set to mount at boot.
|
# ? Jun 4, 2023 02:39 |
|
CaptainSarcastic posted:This is a rough parallel with NVME and SATA drives, but I install /home and /root on the NVME, then map the SATA drive to something like /storage set to mount at boot. Same, though in a desktop with nvme, sata ssd, and sata HDD. I link ~/Downloads to a downloads folder on the HDD, and also have the package manager cache on that. (Package cache can be a fair number of gigs.) The HDD is a data dump for all sorts of poo poo I don't really care about.
|
# ? Jun 4, 2023 03:06 |
|
cum jabbar posted:Is FreeBSD's history much better? In terms of personalities, Theo de Raadt is known for his opinionated outbursts. He co-founded NetBSD after disliking 386BSD and also founded OpenBSD after being forced out of NetBSD. So he's responsible for the two main BSD alternatives to FreeBSD.
|
# ? Jun 4, 2023 04:00 |
|
If Arch has done away with the community repo, should I comment it out in my pacman.conf? I already ran the command on the arch linux news page ($ pacman -Syu "pacman>=6.0.2-7")
|
# ? Jun 4, 2023 07:48 |
cum jabbar posted:Don't forget Stallman! Is FreeBSD's history much better? I can't remember anything that puts it on the same level DragonFlyBSD - which has some very interesting ideas including in-kernel message passing, and the HAMMER filesystem, and vkernels. It also meant that FreeBSD finally got rid of the notion that there should be an architectural lead, and also ended up with a democratically run project.
|
|
# ? Jun 4, 2023 08:54 |
|
VostokProgram posted:Have you ever looked at your bank website? If that page was written to disk for any reason, your account number could be on there. if people want to send me money, they should!
|
# ? Jun 4, 2023 08:58 |
|
For the 0.75 of you who are interested in the internal struggles of managing the FreeBSD project, here is a short article from 2002 about how they rearranged the core team around 2000, and how that worked out.
|
# ? Jun 4, 2023 10:39 |
|
I honestly don't even know the use case of FreeBSD. In my head it's just an OS for people who think Linux is to mainstream now and not obscure enough. The nerd version of the hipster music fan.
|
# ? Jun 4, 2023 12:11 |
|
Mega Comrade posted:I honestly don't even know the use case of FreeBSD. Also FreeBSD is the most logical successor of CSRG BSD, certainly in terms of involved personalities (McKusick).
|
# ? Jun 4, 2023 13:33 |
|
ExcessBLarg! posted:The obvious, if not main one, is that it's an OS roughly comparable to Linux in terms of feature set that's unencumbered by GPL licensing. F5's use of the FreeBSD kernel actually seems like a pretty good argument that Stallman was right.
|
# ? Jun 4, 2023 14:12 |
|
Right about what?
|
# ? Jun 4, 2023 14:14 |
|
Mega Comrade posted:I honestly don't even know the use case of FreeBSD. The PS4 and PS5 OS is FreeBSD, so there's your usage case right there. A modern operating system that you can modify to your own needs, and then put into closed source commercial products without sharing those modifications.
|
# ? Jun 4, 2023 14:34 |
|
netflix really loves using freebsd for everything.
|
# ? Jun 4, 2023 14:42 |
|
|
# ? Jun 5, 2024 22:54 |
|
I just like it for being a no-surprises server OS with native in-kernel ZFS.
|
# ? Jun 4, 2023 15:55 |