You are not logged in.
Pages: 1
By the way, I made this wallpaper for Halloween last year
With Bullseye/Chimaera it took two months, which is the fastest it has been (presumably due to continued automation of previously manual tasks).
Assuming the effort required is equivalent between Bullseye and Bookworm, is there a reason to expect Daedalus before August?
It's just awful if that's the case. It makes me think about changing the main OS to Debian after that. So everyone who uses Devuan gets new updates at least two months later than the "slowest" distribution.
But I guess I will have to stay with Devuan and wait for updates
Can you provide information about the release date of the new version of Devuan?
Debian 12 provides the latest versions of Gnome and KDE.
It looks like they will be in Devuan as well.
Personally, I'm really looking forward to these updates, and hope they will save me from numerous bugs
For example the bug with square corners on round themes in KDE 5.20.5
Or the dreaded Gnome Software 3.38.1 which takes a long time to load, and does not always install flatpak applications correctly, and then they do not start
In addition, there are now many small cosmetic bugs. And the endless attempts to make the plymouth theme work on an encrypted system
The system startup itself is visually awful, such as artifacts on the dark screen before the dock appears.
So we are waiting for the update.
If your problem is that the system runs slowly then start by trying to fix that *without* disabling FDE.
A few questions to start with:
What sort of system is it? (Desktop or Laptop, make model, etc?)
What CPU has it got?
How much memory has it?
What is it's display? (Could you add a GPU if it hasn't got one?)
What is running on it? (OS, desktop env, etc?)
Is it using swap space very often? (If yes then adding memory might speed it up a lot.)Try running top and vmstat to see if they say anything interesting.
Hopefully answering that lot will point you towards a fix.
My performance is more or less fine, the only thing that applications/interface elements after reboot take a long time to appear at first start
I have a hard drive and not SSD, and it is not the fastest, so I am sure it's the encryption
Is it safe to encrypt only the home directory? - No
I have full-system encryption applied, so my applications and UI elements run slower than they could - it should not be the case. AES encryption is supported by CPU itself so the slowdown should be negligeable.
Suppose you plug a flash drive into such a system and try to retrieve as much user information as possible - your activity including logs, time etc.
More of that if your system is compromised either by inserting flash or by other means the attacker can get luks password.
Thank you, it was expected something like that, I really forgot that there are logs and they are not saved to the home folder, so I will not change my encryption
Just to be clear please tell me which way attacker can get hold of luks password.
Is it possible that it is stored in some configuration file on the disk or something like that?
I have noticed that if the system saves the password of another luks partition, it is stored in a file, in plaintext, not inside the home directory
And about performance, as I understand you mean CPU support for "AES instruction set" - https://en.wikipedia.org/wiki/AES_instruction_set
My processor doesn't support it, but it doesn't matter, I'm fine with this performance if changing the encryption would be to the detriment of security
Firstly, an attacker with physical access doesn't need viruses. (A virus is only one type of malware; they may or not use other malware.)
Second, rationalizing that a "normal user" wouldn't look in system folders is the wrong attitude - if that's the limit of your threat level, a simple password would be enough. (Similarly "advanced attacker" or "common attacker" don't mean much - anyone capable of producing a Live USB is already sufficiently advanced to be a potential concern. What matters more is motivation and opportunity.)
-
Theoretically, a determined adversary with enough time and money can break or bypass any security measures you put in place.
You want "enough" to be sufficiently higher than is available to those who want to access your data - which brings it back to the question of who you're trying to be safe from. Why is someone after your data? What opportunities do they have? Do they care about being detected?
If you can't define the threat, how do you know when you've done enough? Security is always a trade-off against usability, so you've got to decide where to draw the line.
-
Your original concern referenced performance, but I'm guessing you don't have the fastest machine available, so it will always be running "slower than it could be" - that isn't a meaningful metric.
If it's too slow that is when you first decide if you can upgrade hardware to resolve that, or if you can install more efficient software, or change the configuration of existing software, etc. If none of that helps, then decide whether the security gained by encryption is worth the cost in reduced usability.
Thanks for the reply, indeed I need to create several options from which I need to choose
1) Hardware upgrade = fast performance and malware protection
2) Encrypt /home = fast performance and vulnerability to malware
3) Remove encryption = performance and vulnerability to file copying
We're not talking about protection from FBI, multinational corporation, super hackers, etc.
Rather like an average service center worker, or a burglar who stole a computer, such data leakage happens all the time and it would be nice to be insured against it.
My HDD does take a long time to open applications after full-system encryption, and I'm ready to continue using everything as it is
I won't be upgrading the hardware (SSD) and I don't want to make my data vague either, but I don't mind doing home encryption only for the sake of speed
My question is what kind of data can theoretically be taken out of the root of the system, as I see a tradeoff between performance and protection here, that's why I created this thread
Also, it really was a mistake to call it a "virus", I meant any malicious changes introduced into the system
The architecture of an Knoppix-stick (or iso) is quite interesting in that regard.
The root file system is on a compressed ISO image - 4.5GB for the DVD-image - read only file system is the point.
If thee is space on the USB-stick, it is possible to have a home directory for files and optionally the overlay-fs can be stored (default is in the RAM until reboot). So can have security updates or even install additional programs.So: You could combine a read-only-root-fs without encryption with an encrypted overlay-fs for system updates.
(Overlay: Ralph posted yesterday about an overlay file system here https://dev1galaxy.org/viewtopic.php?pid=41386#p41386 Awesome! I was totally unaware of that and am still flashed).
That's an interesting idea, but KNOPPIX hasn't been updated in two years, and installing it on a disk is a rudiment
And for example a flash drive has a limited number of rewrite cycles, it is not meant to be used as a primary OS:
"If you simply write data to a USB flash drive and put it away in a safe place for 10 years, it will work again and all the data will still be there.
But if you continue to use it over and over again, it will definitely wear out eventually.
The life expectancy of a USB Flash Drive can be measured by the number of write or erase cycles. USB flash drives can withstand between 10,000 to 100,000 write/erase cycles, depending on the memory technology used.
When the limit is reached, some portion of the memory may not function properly, leading to lost of data and corruption.
Of course, the flash drive’s life can also end prematurely if you abuse it or subject it to extreme environmental conditions. Additionally, if low quality memory components are used, the flash drives can fail at a much earlier time."
https://www.flashbay.com/blog/usb-life-expectancy
So if anyone decides to repeat this venture, let them buy an external HDD/SSD or a regular HDD/SSD with an adapter/case for usb or other external interfaces
Most likely in my case it would be slow and not practical, I would not choose this way
ralph.ronnquist wrote:No I meant to mount an overlay of your current OS, and then install in the overlay.
In that way your lower / installation is unaffected by whatever the inscape installation from daedalus pulls in.
EDIT: change "upper" to "lower" (as it should be)
Oh, I get it now, sorry, yes that would indeed work, and be a bit less effort. This looks like a nice hack for future use.
Meanwhile, I was first trying pdfarrange - which kind of does work, except it is rather crude, and seems to only allow splitting a page vertically in the middle.
Then I saved the document as EPS and tried the original poster (which I guess pdfposter is supposed to imitate or at least is inspired from, but poster only works with EPS). This actually worked perfectly.poster -mA4 -s1 calypso_path.eps >poster-calypso.eps
yields a file of A4 pages with nice margins and cut marks, just what I needed. I suspect that must have been the same tool I used decades ago. Now I just need to uninstall pdfposter, PosteRazor and pdfarrange, and remember to never install them again...
I don't understand why you don't just install the flathub version of Inkscape?
It's updated to 1.2.2 there
su
apt install flatpak
flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
flatpak install flathub org.inkscape.Inkscape
https://flatpak.org/setup/Debian
https://flathub.org/apps/details/org.inkscape.Inkscape
Safe from who?
If your root filesystem is unencrypted, someone with physical access can read and modify files, and thus manually install whatever they like - including a script to rsync your home partition to a remote server after you've unlocked it.
[My question was, theoretically, what kind of data can a normal user get, but it doesn't seem to make sense
Since a normal user wouldn't try to look for data in the system folders, if he tries to get it the intruder is likely to plant a virus]
Okay, so let's say there are two versions of encryption and two paths of events:
---------------------------------------------------------
1) Encrypting the whole system partition
The attacker can't install a virus to compromise the system (Is that definitely impossible?)
=
This encryption protects against an advanced attacker capable of installing a virus (?)
---------------------------------------------------------
2) Encryption of home folder only
System works faster than fully encrypted
An intruder could install a virus which would compromise the system
=
This encryption protects against a common attacker who has a Live USB
---------------------------------------------------------
In that case the question arises, is it possible to install a virus in the grub boot loader with full-system encryption?
If installing a virus in grub is as difficult as installing a virus in the system, then there is no point in encrypting the entire system
If so, is there any way to protect grub?
Is there any sense and possibility to protect yourself from an advanced attacker?
I have full-system encryption applied, so my applications and UI elements run slower than they could
I am interested in whether any personal data can leak out if you encrypted only the home directory during the installation by making it a separate partition
Сonsidering the swap file will be on the home partition and there is no swap partition
Suppose you plug a flash drive into such a system and try to retrieve as much user information as possible.
What information will be retrieved?
Yes, that's the way it works. That won't happen if you go to the page where all topics for that forum are listed. You can also subscribe to your post and it will send an email when there is a response.
So it's supposed to be like this? It looks like a bug.
I created a topic and every time I go to it, the counter refills by 1
So you can get as many views as you want by going between the topic and another page, the counter does not show the actual number of people who have viewed the topic
After right-clicking on the image > "Save image as...", nothing happens
Firefox / Librewolf does not save anything, the download simply does not start, the saving folder selection window does not appear
In the browser's log it wrote an error:
Can't open portal file chooser: GDBus.Error:org.freedesktop.DBus.Error.UnknownMethod
I decided to leave the solution to this problem here because it is not found in the search engine
SOLVED!!!
You should have installed the xdg-desktop-portal-gtk package as well as the xdg-desktop-portal package (preferably)
In my case it is:
su
apt install xdg-desktop-portal-gtk xdg-desktop-portal
!!! Make sure to reboot your system afterwards !!!
Pages: 1