Hello fellow LFS users. Fist off, I am new to these lists, but I made my first LFS system several years ago. I have no idea which version it was. I didn't go very far beyond LFS at that time, and ended up going back to using Windows (god forbid) because it just worked out of the box (barely) without really having to mess with it too much. I then moved on to using Ubuntu for security reasons, having a huge lack of trust for Microsoft and really anybody in this post 9/11 era. I now assume that all Windows operating systems are just a huge government backdoor. So I tried my hardest to install a minimal Ubuntu system, but of course inevitably, you get all kinds of packages installed that you don't need.
So these past few months I've migrated back to LFS and BLFS, and I'm here to stay. I love how I can compile every package myself with verified sources. I love how I have control over every last package that is installed on my system. And I also love how much I've learned over these last few months, having built about five LFS systems, 6.6, 6.7rc1, and now 6.7. As you may have guessed by now, I am big on keeping my information private. I do not like how computers open up new doors for governments to spy on their citizens. Therefore, I try to keep my data as private as possible. That is what my possible hint would be about, and I'm writing this to find out if there are others who might be interested in my hint. I don't want to go to the trouble of writing it if nobody is going to use it. I'm also wondering about the health of the LFS community, seeing that the LiveCd project isn't happening anymore, and HLFS seems to be slowed to a crawl, and the new BLFS book has been delayed. Is this due to a lack of interest, a lack of help, or something else that I'm missing? I do hope this project continues into the indefinite future, because I don't want to use anything else for an operating system, and I lack the knowledge to build my own system without the precise, well-written instructions of the wonderful books on the LFS site... so a huge thank you goes out from me to Gerard and everyone who has contributed to this most worthwhile project. Okay, back to my hint... Here's what it is: I have installed an BLFS system, with all of the programs I want, tailored just the way I like it. But rather than keeping this system on a hard disk, which someone could examine and potentially steal my data, or learn about me and my habits... by looking at my browser cache, or forensically examining the drive for documents I've written, I use a 4GB USB thumb drive with a 128MB boot partition, and the rest of the drive (3.8GB+) is a Truecrypt-encrypted partition. My BLFS system is squashed using Squashfs and is copied to the encrypted partition. Here's how my boot process works: I plug my thumb drive into my machine and turn it on. I press F12 or whatever to boot off of the thumb drive. I have an initrd.gz in my boot directory with Truecrypt in /bin. The linuxrc calls Truecrypt to mount /dev/sdb2 (the encrypted partition). It prompts me for the password. I enter the password. The partition is mounted read-only. The linuxrc creates a 1GB+ ramdisk and then copies the entire operating system (the squashfs filestyem) from the encrypted partition to the ramdisk. Next, it dismounts the Truecrypt volume, so I can remove the USB thumb drive if I want to. Then it mounts the squashfs filesytem using AUFS, and then pivot-roots to that system. From there, the OS boots as usual. If you don't use AUFS to mount it, then the OS won't be writable, as Squashfs is a read-only filesystem, and it won't work. So what have I done? My entire OS exists in RAM. Once the machine is powered off, it's like a LiveCD in that everything is gone... not a trace of anything I've done is left. But rather than it being some LiveCd of some random Linux distro-of-the-day, it is my own, custom BLFS system. Once it is booted, I can mount my hard drive on my machine that is fully encrypted with Truecrypt. On this drive, I can have my Firefox browsing cache, or anything else. As a matter of fact, I can mount it as my home directory, so at least these things that I want to be persistent will remain persistent. In the end, if someone stole my machine, the only data they would get from me is what's in my /boot partition. Let me know if anyone has any questions or interest in my step-by-step process that I might write as an LFS hint. Thanks for reading, Maxwell -- [email protected] -- http://www.fastmail.fm - Faster than the air-speed velocity of an unladen european swallow -- http://linuxfromscratch.org/mailman/listinfo/lfs-chat FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
