Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
med-mastodon.com is one of the many independent Mastodon servers you can use to participate in the fediverse.
Medical community on Mastodon

Administered by:

Server stats:

425
active users

med-mastodon.com: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

#luks

1 post1 participant0 posts today
Continued thread
Public
Droppie [infosec] 🐨:archlinux: :kde: :firefox_nightly: :thunderbird: :vegan:

@MsDropbear42 Weeeeeeeeell, now i've made time to investigate what ails poor lil ol' ONT, & it seems pretty terminal [boom, tish]. The failure to finish booting occurred after i did a system update after not doing so for several months. OS was #SparkyLinux Testing / semi-rolling. Afaict, whatever caused the damage did a pretty good job:

  • the #bootloader had vaporised
  • the #LUKS #encryption seems to have been damaged [even booting from a Live usb stick couldn't unlock the drive, my LUKS pswd being rejected despite absolutely certainly being correct]; it accepts my LUKS password during boot, then says "Slot 0 opened", then... just sits there, evermore. Sigh.

I considered trying to repair the bootloader via a #chroot, but even if that succeeded i frankly had little appetite to then do battle with a sulky LUKS. This pc is a very old clunker, spinning rust HDDs only, merely 8 GB RAM, i7 though old model, & i'd repurposed it to be my lounge-room media pc several months ago without bothering to change anything about its extant OS... & tbh Sparky had been wearing a bit thin on me anyway for a coupla months in this role.

So i decided not to bother attempting repairs, & instead make a clean break with an alternative distro that i feel should be just about ideal for this use as a media pc, whose only function is to run a browser, & my VPN app, for my nightly movies & shows streaming. As such, i really just don't wanna be arsed with running updates on it often, & generally mollycoddling it like i do with my real pooter [#ArchLinux #KDE #Plasma]... i just want it to live happily in the darkness of my timber cabinet, asking little of me re upkeep, & just purring away.

Thus, it now has #LinuxMint #LMDE 6. Gotta hand it to ol' Clem & Co; they've done a really nice job with it.

#ONT#PistonBroke
Replied to marczz
Public *
Christian Pietsch

@marczz

Why you should use full-disk encryption

If any of the arguments I make below apply to you, you should use full-disk encryption. I am pretty sure the first argument applies to everyone. The second argument applies at least to everyone in the EU and the US state of California. The third argument applies to everyone again.

You will fail to delete drives properly

Storage media get lost. Most people do not know how to properly delete hard disk content before selling them, or they forget it. In the case of flash drives, or SSDs, standard tools like shred don't work. hdparm may do the trick, but this is not well known. If you are lucky, the manufacturer of you SSH provides a Windows app that lets you delete it securely. Your server does not run on Windows of course.

The law demands it

#GDPR and similar data protection and privacy laws require you to store no #PII (personal data) permanently. You have to anonymize PII or delete it after a few weeks. IP addresses are PII. All servers store IP addresses by default. The GDPR also demands that you use state-of-the-art technology to protect sensitive data. Full disk encryption is the state of the art.

Law enforcement makes "mistakes"

I'm a board member of @Artikel5eV, an organisation that runs relays on the Tor network, including exit relays. Running Tor relays is perfectly legal in Germany. Nevertheless, law enforcement agencies have raided the homes of Artikel 5 e.V. board members twice. Illegally so, as a court confirmed recently. I won't run Tor relays in my home, but there is a good chance that my home will be raided one day unless all police officers and prosecutors decide to obey the law.

There is also a possibility that the rule of law might collapse in your country sooner or later. We are just witnessing it in the USA.

You already mentioned that ordinary thieves can also be a problem.

Encryption is available for free

So what is your case against disk encryption? It is obvious that it alone does not solve all IT security issues, but it is an important building block. #LUKS is reliable free and open-source software for HD encryption. If you are not using Linux, check out #VeraCrypt. The Raspberry Pi 5 comes with hardware acceleration for AES, so there no longer is a noticeable performance penalty for encryption.

#storageEncryption#hardDiskEncryption#encryptAllTheThings
Replied to Christian Pietsch
Public *
marczz

@chpietsch I was wondering if enabling #LUKS on a running server has really a benefit. Of course if thieves enter your place, unplug the server and take it the disk is protected. But this scenario is not so usual. Most often the attacker get access to your live server. Once the server is booted and the disk is unlocked, all data on the encrypted volume is accessible to anyone with access to the system. This makes encryption ineffective against attackers who compromise a running server.

Public *
Christian Pietsch

Lately I've been doing more #SelfHosting again due to the current situation. Of course, I'm paying particular attention to power consumption and noise. After good experiences with the #ARM64 architecture, even with power-hungry applications such as Mastodon, I'm now using the smartphone technology for my homeservers, too.

There are #SBCs with more open hardware, but the #RaspberryPi is widely available, well documented, powerful and inexpensive. And it is available with up to 16 GB of RAM.

Anyone operating a server on the Internet must install #security updates quickly. However, many people forget to restart running software so that the new version runs instead of the old one. The #needrestart tool helps with this on Debian-based Linux systems, which unfortunately is usually not pre-installed.

On my Raspberry Pi 4, needrestart always runs correctly (automatically after apt upgrade). On my Raspberry Pi 5, however, I first had to create a configuration file as described by the main developer here:
github.com/liske/needrestart/b
Previously, the tool always claimed that a reboot was necessary because it thought an outdated Linux kernel was running.

Next, I want to activate #LUKS hard drive encryption on both raspis. Unfortunately, this is not as easy under #Raspbian or #RaspberryPiOS as on other Debian systems. If you have managed this: Please let me know how you did it!

Mastodon, gehostet auf fedifreu.deFedifreudeDiese Mastodon-Instanz wird vom überregionalen netzaktivistischen Zusammenhang Datenfreude <https://datenfreu.de> betrieben. Dazu zählen https://datenpunks.de und https://kleindatenverein.org.
#rpi#rpi5#raspi
Public
Khurram Wadee ✅

My experience with #FlashDrives recently has been mixed. I have no problem in encrypting them with #LUKS, using #cryptsetup or with formatting a partition with #Btrfs, for instance, using #gparted and doing other tinkering with #Gnome #disks. But the problem has been with the actual drives themselves. The cheaper ones seem to have quite a few bad sectors, etc. and so they’re not really reliable for medium term storage.

1/2

#Hardware#StorageDevices#Unix
Public *
conscientious objector🇨🇭🪂

#Corona Infektionen sind ein Problem für MS Patienten.

Case Report vin 2024 aus #Luzern

#SRF: Das ist nicht relevant für die Öffentlichkeit, da chronisch Erkrankte irrelevant sind. Geht ins Restaurant! Das Plexiglas war teuer!

cureus.com/articles/334436-hig

www.cureus.comHighly Aggressive Multiple Sclerosis Relapse During Pregnancy Following SARS-CoV-2 Infection: A Case Report and Literature ReviewWe report a challenging case of a 32-year-old previously healthy pregnant woman at 17+2 weeks gestation with a new diagnosis of exceptional highly active relapsing-remitting multiple sclerosis (RRMS) triggered by a severe acute respiratory syndrome coronavirus 2 (SARS-CoV-2) infection. Remarkable clinical characteristics were the rapid clinical deterioration, the severity and the nature of the symptoms, including spastic tetraplegia, dyspnea, dysphagia, anarthria, and a severe pain syndrome, which resulted in the need for intensive care and mechanical ventilation within 24 hours. Relapse treatment, as well as symptomatic treatment, was challenging and complicated by pregnancy. Early diagnosis, consistent and persistent interdisciplinary management including six weeks stay in the intensive care unit and 3.5 months in neurorehabilitation, led to a full recovery of the patient and a healthy born child. In addition to the remarkable clinical characteristics, we report the challenging therapeutic measures throughout the hospitalization. This case report could, therefore, assist others who may be confronted with a similar situation.
#Luks#Schweiz
Replied in thread
Public
boredsquirrel

@jze

Cool! Erzähl mal, wie sieht das System aus? Welche Distro, was für Sicherheitsanpassungen, Software?

Gibt es #RemoteManagement, #Ansible etc?

Wie sehen nutzeraccounts aus? Separater adminuser?

Wie kommt da Software rauf, aus welchen Quellen? Wie abgesichert?

#Antivirus? Andere Sicherheitssoftware?

#LUKS? Was für Vorgaben?

Finde das Thema super interessant und beschäftige mich viel mit Wartung, und wie es besser und sicherer sein könnte.

#Linux#OpenSource#DigitaleSouveränität
Public
Мяу Машина

TPM и Secure boot это полурак полухуй на десктопах

TPM более менее надёжно может защищать с PIN, но и тут есть проблемы, хер разбери у тебя на плате китайский камущек сделанный джунхуем за три копейки без защиты от tampering или что то реально рабочее, шифровуются ли линии - непонятно, куча нюансов, Проще тупо включить argon в luks и быть уверенным что так оно за себя постоит.

А Secure Boot, в каких случаях он хоть что то полезное делает вообще? Ядро повреждено вирусней и так вы в безопасности? Так тогда это уже пиздец и с компа уже все унесли.

Хрень это все вообщем, microsoft как обычно шизы
#linux #tpm #secure_boot #opsec #luks

Public
arutaz
It would be great if Cryptomator some day becomes Wayland native.

Currently it only supports Xorg and that hasn't got the security I need.

So for now I will continue to create LUKS vaults and upload them to the cloud.
One downside is that I have to decide the size of the vault beforehand.
Another downside is that I can only open the vault on Linux.

But I'm pretty confident in the security it provides.

#Cryptomator #LUKS #Linux #Security #Encryption #CloudStorage. #Vault #Wayland #Xorg
#xorg
Public
Anoncheg

#dailyreport #gentoo #linux #administration #security
#encryption #privacy #luks #dracut
I began to install Gentoo GNU/Linux on my new Laptop.

I use USB stick with encrypted password and boot
partition that unlock main SSD partition and boot. I use
BTRFS filesystem with submodules on LUKS2 encrypted
partition with deattached header. Partition looks like
not formatted, totally hidden.

Here is the first steps that you should do before
configuring Linux kernel for custom build:
- install usbutils pciutils
- lspci -k > lspci_installcd
- lsusb > lsusb_installcd
- lsmod > lsmod_installcd
- dmesg > dmesg_installcd
- cp /proc/config.gz livecd-config.gz
- zgrep CONFIG_ livecd-config.gz
- lscpu

My principles:
- Don't connect machines to each other, first steps
should be most careful.
- Don't put hard disk with different OS at the same time
in a single machine.
- Main password should not be visible and located at
working machine.

Public
kiwi46678

I just installed Arch manually, but now it fails to boot. It only asks to unlock nvme1n1p1, but not the root, leading to a "failed to find root" error.

fstab seems correct. I suspect the issue is in crypttab.
Does anyone know a good blog post or guide to set it up correctly? I feel like I’m close to solving this.

#ArchLinux #Btrfs #LVM #LUKS #Linux

1/2

ExploreLive feeds
About