Re: [DNG] My setup, and why I like it
On Sat, 24 Nov 2018 12:18:53 -0600 Dan Pridgeon wrote: > I look forward to your "detailed > instructions" around this issue. (Though retired out of the computer > test environment, I'm very much a newbie when it comes to the > collaborative development via the Internet environment.) I'm very > interested in the this/your topic as well as the boot process (in > atomic detail), and, the wireless access mechanism. Thanks. I posted the instructions here: https://blog.spiralofhope.com/?p=40064 Don't be put off or insulted by my extreme verbosity. I think all instructions should boil down to a list of checkboxes. :) ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] My setup, and why I like it
On Sat, 24 Nov 2018 22:47:51 +0100 Harald Arnesen wrote: > Could you have /boot on a USB stick that you carry with you when not > at the computer? Oh my, this is an elegant solution! ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] My setup, and why I like it
spiralofhope [24.11.2018 22:17]: >> Drive encryption has advantages in terms of keeping secrets and >> foiling the evil-maid scenario. > I always thought an evil maid could fiddle with the bootloader/etc or > root to wholly compromise the system somewhat easily, and then it's > just a matter of waiting for the user to use a key or passphrase. It's > two-step, but still straightforward. > > Maybe there's another term for this variation? Could you have /boot on a USB stick that you carry with you when not at the computer? -- Hilsen Harald ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] My setup, and why I like it
On Sat, 24 Nov 2018 14:45:56 -0500 Hendrik Boom wrote: > Drive encryption has advantages in terms of keeping secrets and > foiling the evil-maid scenario. I always thought an evil maid could fiddle with the bootloader/etc or root to wholly compromise the system somewhat easily, and then it's just a matter of waiting for the user to use a key or passphrase. It's two-step, but still straightforward. Maybe there's another term for this variation? ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] My setup, and why I like it
On Thu, Nov 22, 2018 at 03:14:10PM -0500, Steve Litt wrote: > Hi all, > > There are a million different ways to set up your computer. Preserving > those choices is why we use Linux instead of windoz and mac. In a > recent thread people have expressed love or disdain for various setups. > > Let me brag about my setup, which is probably wrong for most of you, > but it sure works well for me... > > My root drive is a little SSD that hosts the /usr and /etc trees. So > when I run gnumeric, it pops up quickly because it comes off the SSD. > Most other stuff is mountpoints. > > Of course /home is a mountpoint. But because I don't like mixing > valuable data with config info and cache and who knows what else, I > have two more important data trees: /d and /s. The distinction is that > the stuff on /d is stuff I woudn't worry too much if a badguy got it, > whereas the stuff no /s would be a big problem if someone else got it. > When I take a laptop to meetings, it usually has a copy of /d but > not /s. The /home, /d and /s mountpoints are mounted to spinning rust, > because they hold *a lot* of data. > > On $PATH I have a directory called /d/bats with all my homegrown > shellscripts and executables. I think some of you might be catching on > that this system is older than my Linux usage: This directory was once > D:/bats, and held all the DOS batch files I'd made. > > My machine has 16 GB RAM, so I can run VMs and lots of Chromium pages > without stopping the machine. And, as mentioned, the fact that / and > therefore /usr are on SSD makes this machine quick. > > This machine is about 4 years old. Every other machine I've ever had, > by the time it reached 4 years old (usually 3), was so slow and pokey > that it needed replacement. But this machine works fine for my needs in > 90% of its tasks. > > I don't run LVM because I don't need yet one more level of abstraction. > I don't yet run drive encryption, but may start. I won't be encrypting > anything on the root drive, so I can boot up to a useable state and > then unencrypt various partitions. > > It's not for everyone, but it's working well for me. > Drive encryption has advantages in terms of keeping secrets and foiling the evil-maid scenario. There is some cost in terms of slightly slower access time. But the real risk is that of forgetting the decryption key. For me this possibility is enough to prohibit encryption. -- hendrik > SteveT > > Steve Litt > November 2018 featured book: Manager's Guide to Technical > Troubleshooting Brand new, second edition > http://www.troubleshooters.com/mgr > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] My setup, and why I like it
On 11/24/18 11:36 AM, spiralofhope wrote: On Thu, 22 Nov 2018 15:14:10 -0500 Steve Litt wrote: I don't yet run drive encryption, but may start. I encourage it. It's straightforward, and was surprisingly good performance for me, even on rust. I did it from scratch, prepping a whole drive and then copying data from elsewhere, and holy hell did it take forever and cook that room. You don't need them, but I decided to make very detailed instructions meant for complete newbies on how to install and reinstall onto plain non-LVM encrypted root partitions without reformatting. I've been too lazy to publish it, but I'll get to that soonish. [snip] I have found this thread very educational (except for the times when someone disparages another). I look forward to your "detailed instructions" around this issue. (Though retired out of the computer test environment, I'm very much a newbie when it comes to the collaborative development via the Internet environment.) I'm very interested in the this/your topic as well as the boot process (in atomic detail), and, the wireless access mechanism. Thanks. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] My setup, and why I like it
On Thu, 22 Nov 2018 15:14:10 -0500 Steve Litt wrote: > I don't yet run drive encryption, but may start. I encourage it. It's straightforward, and was surprisingly good performance for me, even on rust. I did it from scratch, prepping a whole drive and then copying data from elsewhere, and holy hell did it take forever and cook that room. You don't need them, but I decided to make very detailed instructions meant for complete newbies on how to install and reinstall onto plain non-LVM encrypted root partitions without reformatting. I've been too lazy to publish it, but I'll get to that soonish. > I won't be encrypting > anything on the root drive, so I can boot up to a useable state and > then unencrypt various partitions. This is easy to do. I use hard drives like floppies in a tool-less dock in one case. It's useful if you carry drives off-site. -- I'm sure it's even possible to craft a sort of nuke-carrying submarine-style system where you insert a hard drive and then a specific usb stick, and then get prompted with a password. Too many moving parts for me to care about, but it's a cool idea. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] My setup, and why I like it
Hi all, There are a million different ways to set up your computer. Preserving those choices is why we use Linux instead of windoz and mac. In a recent thread people have expressed love or disdain for various setups. Let me brag about my setup, which is probably wrong for most of you, but it sure works well for me... My root drive is a little SSD that hosts the /usr and /etc trees. So when I run gnumeric, it pops up quickly because it comes off the SSD. Most other stuff is mountpoints. Of course /home is a mountpoint. But because I don't like mixing valuable data with config info and cache and who knows what else, I have two more important data trees: /d and /s. The distinction is that the stuff on /d is stuff I woudn't worry too much if a badguy got it, whereas the stuff no /s would be a big problem if someone else got it. When I take a laptop to meetings, it usually has a copy of /d but not /s. The /home, /d and /s mountpoints are mounted to spinning rust, because they hold *a lot* of data. On $PATH I have a directory called /d/bats with all my homegrown shellscripts and executables. I think some of you might be catching on that this system is older than my Linux usage: This directory was once D:/bats, and held all the DOS batch files I'd made. My machine has 16 GB RAM, so I can run VMs and lots of Chromium pages without stopping the machine. And, as mentioned, the fact that / and therefore /usr are on SSD makes this machine quick. This machine is about 4 years old. Every other machine I've ever had, by the time it reached 4 years old (usually 3), was so slow and pokey that it needed replacement. But this machine works fine for my needs in 90% of its tasks. I don't run LVM because I don't need yet one more level of abstraction. I don't yet run drive encryption, but may start. I won't be encrypting anything on the root drive, so I can boot up to a useable state and then unencrypt various partitions. It's not for everyone, but it's working well for me. SteveT Steve Litt November 2018 featured book: Manager's Guide to Technical Troubleshooting Brand new, second edition http://www.troubleshooters.com/mgr ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng