It is the "world #backup day", at least according to WorldBackupDay.com. I like the idea of having such a day, to serve as another nudge and a reminder to make and check backups, though WorldBackupDay.com is awkward, does not mention rsync in its software section. The "com" TLD looks suspicious, too, but it is better than nothing (except for potential private data leaks with online backup services).
I use primarily encrypted external HDDs (#ZFS or #LUKS with #ext4) and #rsync for personal backups, including rsync with "--dry-run --checksum" for scrubbing and checking before synchronization; quite happy that such tools are available, even though they are usually taken for granted, as are many other neat FLOSS tools we use regularly. Planning to add a USB stick to the list of storage devices, since it should be less fragile mechanically (even though less reliable otherwise).
do you have a handy #usb or #sdcard you usually travel with? they are small, light, cheap... convenient.
it's not that you store there Top Secrets (maybe!) but in case it was lost or stolen you will feel more relaxed if the drive was securely encrypted. LUKS
#LUKS implements a platform-independent standard on-disk format for use in various tools. This facilitates compatibility and interoperability among different programs and operating systems[...]
I was to write a blogpost about it, but there are plenty of them available to use LUKS encryption in any platform. Just three here:
and How to backup or restore LUKS header by @milosz ⚠️ Do this just after creating your encrypted drive and save the header in another (safe) storage. Use a password manager to create/store safe pass-phrasses (recomended for usb-luks as you most likely will have to hand write it) and passwords.
My usb-luks are automatically detected and mounted (after pass-phrase prompt) in both #archlinux :archLinux: and #debian :debian: 🥳
After more thinking related to my previous post (https://is-a.cat/@madargon/111845765590354051) I decided to add some kind of dead man's switch to my main laptop (to ensure disk #encryption would fully protect it in case of emergency). I read it could be possible to configure systemd-logind to shut down my computer automatically after long inactivity. So I tried to do it and now I have laptop shutting down in random moments, mostly after I open its lid after being long closed when turned on (as I understand it makes it suspended and systemd-logind doesn't work then), use it and then leave idle for 20-30 mins. And my goal was shutting it down after full 10+ h inactivity :blobfoxfacepalm:
I am not sure WHAT I am doing wrong :blobcatfearful2:
@krevedkokun shared a cool thread about uki-bootloader implementation for guix, which brings alternative to grub and better encrypted root support. The solution has some drawbacks, but still very nice to see this work done!
Nach Systemupdate (Lubuntu 23.04 → 23.10) bootet Grub nach Eingabe des Plattenkryptokeys ins … BIOS?! WTF?!??
Keine Fehlermeldung, keine Busybox, direkt kommentarlos ins BIOS. o_O
Also Livestick rausgekramt und erstmal rumgesucht, aber alle beantworteten Fragen trafen mein Problem nicht, und DenverCoder9 hat seine Lösung mal wieder nicht gepostet … narf
(https://xkcd.com/979/ ^_^)
Ok I'm interested to find out how many of you #Linux laptop users that use an encrypted root partition of some description actually use hibernate aka suspend to disk ?
Feel free to leave your reasons for using or not below.
After a request on the #selfhosted community on Lemmy, I wrote up how I use LUKS, Clevis, and Tang to give me network-bound encryption. This means that I can restart my servers as long as they're on my home network without worrying about having to log in to decrypt the drive, but if someone breaks in and steals my servers and turns them on anywhere else, the data on them is safe. https://i.am.eddmil.es/clevistang/
Auf einem 10 Jahre alten Desktop-Computer für Bürozwecke mit 8 GB RAM und einer 4-Kern-CPU ohne Hyperthreading habe ich einige Linux-Distributionen ausprobiert, um zu testen, ob man damit noch gut arbeiten kann.
Wie erwartet, liefen #GNOME und #KDE nicht ganz flüssig (getestet unter #DebianLive).
An MX Linux hat mich anfangs gestört, dass die von XFCE gewohnten Tastenkürzel (wie z.B. Alt-F10 zum Maximieren eines Fensters) nicht funktionierten. Die Lösung dafür war schnell gefunden:
Startmenü → Einstellungen → Fensterverwaltung → Tastatur → Klick auf [Auf Standardwerte zurückstellen].
Was mir an #mxlinux und #linuxmint auch gefällt: Im Installer ist es total einfach, die #Festplattenverschlüsselung zu aktivieren. Im aktuellen Debian-Installer ist das z.Z. komplizierter als vor ein paar Jahren.
MX Linux verwendet dabei im Unterschied zu Linux Mint und Debian komischerweise nicht #LVM + #LUKS, sondern nur LUKS.
So I'm rebuilding my main home dev system. I want everything except /𝚋𝚘𝚘𝚝 and 𝚜𝚠𝚊𝚙 to be #LUKS encrypted and #RAID1 mirrored. I'm not really interested in getting #LVM into the mix; I don't see any added value. So what's the best path? Boot from a dist #disc and set up #MD RAID1 sets, and then install onto them? Or what?
I've typically used #Fedora, but keeping current/upgrading has always been iffy or a pain. Maybe I should use #Ubuntu? #Debian users scared ne off years ago..
This allows extra cursed shit like a an encrypted & RAID-5 running NTFS - Tho that won't be useable by anything but Linix and I disrecommend it almost as hard as mixing hardware RAID controllers and/or dmraid with ZFS.
Every few weeks I meet a system I set up with full disk encryption on luks1, sendiri cari pasal, upgrade it to luks2, then :akasad: when the system doesn't boot.
In an hour of troubleshooting where I get to the verge of reinstalling the system but still myself because that's ludicrously inefficient, I remember luks2 doesn't work with grub and revert all my upgrades. System then merrily boots.
This has happened twice.
I expect my brain to forget about this again in a few weeks so this time I'm reminding myself by writing it down.
#Ubuntu 23.10 adds #TPM based Full Disk Encryption. I think this is a step in the right direction. LUKS password based encryption is not ideal for many non geeky Desktop users.
However, I personally use #LUKS with USB-stick/SD-card key based authentication so far.
@Mawoka#LUKS requires an extra password step before the user login is again so users are promoted to enter two different logins before they can access their system. Also changing the user password via settings will not change LUKS password which might lead to confusion. Also there is no simple way to change LUKS password with a few mouse clicks on most desktops. I am talking about when my parents and other elderly or non tech savvy people are using Linux. TPM based encryption eliminates some of these usability issues and provides similar experience they are used to on Windows or Macs.
There are however TPM based vulnerabilities that one needs to keep in mind if you are trying to host any sensitive data on those systems.
So TPM based may not be the most secure but provides reasonable security without adding any usability overhead.
I did the ardurous process of migrating all my stuff from #NTFS to #LUKS-encrypted #ext4 on all drives and it just works so flawlessly on every Linux machine...
I've mentioned this but I'm gonna make a real post.
If you are setting up Windows 11, select "English (World)" as your language (English Europe also works), and you will have NONE of the third party bloatware installed.
No Candy Crush, no Netflix, just the first party apps
Please do share this info with anyone who may be setting up Windows soon
Not gonna argue the lack of @tails or official @torproject#TorBrowser but to make #FullDiskEncryption viable and useable, it just can't be restricted to external media or having to manually fiddle around, cuz that's a pain in the rear.