You are not logged in.
Pages: 1
Hi folks,
I am new here but not new to Devuan, I used to work on Devuan on a daily base for one year on a production VM, I left just because I can't handle stable release but I don't want leave the Debian environment either.
I am long last Debian user, and I am pretty upset with Debian that I haven't used it for one year on main machine as well, and I torturing myself with Gnome and POP!_os... ?
Since the moment Devuan is now almost paired with same pace of Debian I think I can move "stable" on "testing" (sorry for the joke... ).
I am not really angry with systemd, eventually it is just a program, but with everything that surround it, I also find disheartening the lack of leadership and orientation that pervades Debian. From the leading to follow whatever the big siblings of Linux decide.
At least Devuan has a vision: reinstating the init freedom which is not a silly point. I think a compact and dumb init system is better for a personal use, maybe systemd fits well for an admin perspective and has nice and neat features if you don't consider how it is packed; my only point against systemd and the modern Linux trends is: if the big success of Linux in the server realm has been the fact that it was not designed to behave like Windows why at IBM Hat are trying to do all the possible to make it like a Windows carbon copy?
This kind of corporate mentality will never fit into the free software...
Anyway sysv stinks hence I am thinking to use OpenRC...
I am still making my tests... I am still wondering if it is worth encrypt the disks for a domestic computer, even if it is a laptop. Complex scheme partitions, encryption, lvm make difficult clone your disk setup or repair your computer to recover your data if something get wrong.
As a matter of fact I won't be able to install Devuan very soon, but this is my first step.
See you soon from Devuan!
Offline
This kind of corporate mentality will never fit into the free software...
Wrong it fits perfectly.
Anyway sysv stinks hence I am thinking to use OpenRC...
Brilliant technical analysis... Poettering et al don't have to break into a sweat, where such useful idiots abound.
Offline
Me? Idiot? Help! And I that soo admire unarticlated, aggressive one-liners!
Offline
Wrong it fits perfectly.
Your opinion, I see a lot of resistance to adopt a GPL3 license by many companies.
Brilliant technical analysis... Poettering et al don't have to break into a sweat, where such useful idiots abound.
If for idiots you would include also people that are unable to understand irony there is always a spot available for you.
Offline
I am not really angry with systemd, eventually it is just a program, but with everything that surround it, I also find disheartening the lack of leadership and orientation that pervades Debian. From the leading to follow whatever the big siblings of Linux decide.
Honestly the thing that drove me away from Debian was the constant pandering to whatever overengineered crap GNOME and freedesktop/redhat was peddling on any given day.
Systemd is fine for those who want to use it, but because GNOME depends hard on it at compile-time it's been given special status in Debian... Where special means an unavoidable, unremovable, low-level please-link-everything-against-me bloat-kit.
I'd have much preferred that they simply stuck with XFCE and dumped GNOME3 from the repos until the relevant developers got over their NIH, one-true-way, ewontfix corporate nu-linux mentality. Then we could have kept our freedom to choose our low-level system tools, and those who want a good whacking with the UX-braindamage bat could just use fedora...
But that would have required balls, which apparently the Debian leadership lacks.
Debian has never been primarily a desktop distro, and railroading everyone running it on servers for the sake of leg-humping a DE project they don't want was a right slap in the face.
Devuan did the sensible thing and kept XFCE as the default desktop, because unlike certain others it doesn't try to dictate your choice of init system.
Hi folks,
Anyway sysv stinks hence I am thinking to use OpenRC...
I would hesitate to say stinks, but it can be a bit clunky, especially with all of Debian's mods (insserv etc) on top.
Really though, sysv is just a bit old and a bit crusty. It still does what it was meant to do, and does it tolerably well.
I haven't tried openrc on Devuan yet, but I can say it's pretty nice with Gentoo. Small, simple, cleaner configuration than sysv, and it just does what an init system should without getting in the way.
If and when Devuan ships native openrc init scripts instead of relying on sysv compatibility, it'll likely be as good as it is on Gentoo. Running openrc with sysvinit as pid1 and a bunch of sysv scripts makes no sense to me, I might as well run sysv.
I am still making my tests... I am still wondering if it is worth encrypt the disks for a domestic computer, even if it is a laptop. Complex scheme partitions, encryption, lvm make difficult clone your disk setup or repair your computer to recover your data if something get wrong.
I for one absolutely take the KISS approach to storage. Encrypted LVM does what it says on the tin, but it also adds a couple extra layers between you and what's on your disks - complicating, as you say, data recovery when (not if!) a drive dies.
As for full-disk encryption in general, I've never really seen the point. If I have sensitive data to protect, I'll encrypt that filesystem only and skip the overhead for the rest of the system.
TBH I really don't care if someone stealing my machine can read /usr/lib or not, it's irrelevant. Just, you know, don't store the keys to your encrypted /home or whatever on the unencrypted /.
Last edited by steve_v (2020-07-16 05:03:57)
Once is happenstance. Twice is coincidence. Three times is enemy action. Four times is Official GNOME Policy.
Offline
someone get some deodorant for sysv please!
Offline
Hello again Danielsan, nice to see you here
Brianna Ghey — Rest In Power
Offline
I for one absolutely take the KISS approach to storage. Encrypted LVM does what it says on the tin, but it also adds a couple extra layers between you and what's on your disks - complicating, as you say, data recovery when (not if!) a drive dies.
As for full-disk encryption in general, I've never really seen the point. If I have sensitive data to protect, I'll encrypt that filesystem only and skip the overhead for the rest of the system.
TBH I really don't care if someone stealing my machine can read /usr/lib or not, it's irrelevant. Just, you know, don't store the keys to your encrypted /home or whatever on the unencrypted /.
Thanks for your comments, this is the first time that I received such a really good answer about this topic, usually I got a lot of replies by Arch users telling how cool is their setup...
LVM is a great feature... I might put two disk in LVM and the third as separate mount, and encrypted, where storing all the sensible info, this seems the more rational approach to this problem, what do you think?
Offline
LVM is a great feature... I might put two disk in LVM and the third as separate mount, and encrypted, where storing all the sensible info, this seems the more rational approach to this problem, what do you think?
Sounds like as good a plan as any, if you actually intend to use the features of LVM.
To be fair I don't use it myself, so I'm not the one to ask about LVM layouts. As nice as it's features are I've never really needed them - if I want disk-spanning or redundancy I use mdraid or zfs, everything else is old-school partitions and mountpoints.
For me, LVM is one of those things that sounds really handy in theory, but is in reality a solution to a problem I don't have.
As for encryption, I have exactly 2 encrypted stores, one dataset using zfs native encryption on my home fileserver, and the /home partition on my laptop, using dm-crypt. Unsurprisingly, one is mostly used to back up the other.
The most important thing to remember about encryption, where it applies to any threat more serious than "some random stole my laptop", is this.
Last edited by steve_v (2020-07-17 21:51:27)
Once is happenstance. Twice is coincidence. Three times is enemy action. Four times is Official GNOME Policy.
Offline
LAs for encryption, I have exactly 2 encrypted stores, one dataset using zfs native encryption on my home fileserver, and the /home partition on my laptop, using dm-crypt. Unsurprisingly, one is mostly used to back up the other.
The most important thing to remember about encryption, where it applies to any threat more serious than "some random stole my laptop", is this.
You sure don't use Arch? -___-
ZFS is not available on the Debian/Devuan installer and always from the Debian/Devuan installer when you create an encrypted partition you have to use LVM to write on it...
Nice strip but I am more concerning about my failing memory...
Last edited by Danielsan (2020-07-18 06:24:52)
Offline
always from the Debian/Devuan installer when you create an encrypted partition you have to use LVM to write on it...
It's possible to create encrypted partitions without lvm using debian installer. It goes like this - http://distro.ibiblio.org/refracta/misc … rypt-4.ogv
I'm only a little bit surprised you don't know about this. It's not obvious or intuitive. The 4 in the filename is the number of times it took me to do it right, and I've done it many times before.
If you want more than one partition encrypted this way, you'll end up with a password (or keyfile) for each.
Online
You sure don't use Arch? -___-
Gentoo on the desktop, Devuan on the server. I did run Arch once, long ago, it's a pain in the ass and so are many of it's users.
ZFS is not available on the Debian/Devuan installer and always from the Debian/Devuan installer when you create an encrypted partition you have to use LVM to write on it...
Installers are not the last word in possible configurations... Gentoo doesn't even have one.
I don't run ZFS root anywhere* though, because it not being shipped on any install/recovery media I am aware of is a headache I don't need. There's nothing preventing you from adding it in once the base system is installed though, and it's very nice.
It's possible to create encrypted partitions without lvm using debian installer.
I'm only a little bit surprised you don't know about this. It's not obvious or intuitive.
Of course it's possible, and TBH it looked pretty obvious to me... But then I've been doing manual partitioning since Sarge. I don't think I've ever even tried the "guided" mode.
I have deep-seated trust issues when it comes to installers, and the moment I'm presented with words like "partition" or "format" I tend to make a beeline for the advanced option.
*Except on BSD, but I don't really use BSD enough to include it here.
Last edited by steve_v (2020-07-18 14:57:54)
Once is happenstance. Twice is coincidence. Three times is enemy action. Four times is Official GNOME Policy.
Offline
It's possible to create encrypted partitions without lvm using debian installer. It goes like this - http://distro.ibiblio.org/refracta/misc … rypt-4.ogv
I'm only a little bit surprised you don't know about this. It's not obvious or intuitive. The 4 in the filename is the number of times it took me to do it right, and I've done it many times before.
If you want more than one partition encrypted this way, you'll end up with a password (or keyfile) for each.
Thanks for video screencast I missed that option, I have been always creating the encryption through the menu on top. Honestly I am pretty new to encryption I started using on POP and I used this method:
https://write.snopyta.org/gnuserland/tu … encryption
Now I am doing some test with the refracta installer but it I find it a little bit convoluted for my tastes...
Gentoo on the desktop, Devuan on the server. I did run Arch once, long ago, it's a pain in the ass and so are many of it's users.
I used to do my partitions manually once, when I had plenty of time available, then I decided that a smart installer is wise and smart thing and I like very much using it, more is complete the better. And the Debian installer is really good, beside the fact that works on several platform can perform LVM and encryption; others derivatives like Ubuntu Desktop, Mint, POP!_OS, Elementary or Linux MX cannot handle installation on multiple disks. The only exception is the Ubuntu server installer.
Other distros like gentoo, also arch, are better designed to be handled manually. Recently I discovered KISS which follow the same approach, I'd like to play with it but I don't think will ever have time...
Last edited by Danielsan (2020-07-19 04:35:30)
Offline
Pages: 1