[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sheflug] Linux Security
- To: sheflug@xxxxxxxxxxxxxx
- Subject: Re: [Sheflug] Linux Security
- From: John Southern <linuxtarragon@xxxxxxxxx>
- Date: Tue, 9 Jul 2024 14:05:30 +0100
- Delivery-date: Tue, 09 Jul 2024 14:06:06 +0100
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sheflug.org.uk; s=default; h=Sender:Content-Transfer-Encoding:Content-Type: Reply-To:List-Subscribe:List-Help:List-Post:List-Unsubscribe:List-Id:Subject: To:Message-ID:Date:From:In-Reply-To:References:MIME-Version:Cc:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner:List-Archive; bh=ir8o24oaGoljQRR2F9ESt2EaVnJ5n8IY3/lr70wO1uM=; b=FhzZjlEly5dwOicrDdcyHX5c42 4fiX7CBIpFq/1A1xgfI6ltMvJzUee+DE0DFqxs0+mPN+n9txPqDCVDfkv+EmAw21WjMl8nlmFGBjL 1YP7F+ql+KB0xe5D/oW7AIxeYWYYE0b239QZFCuc2Fgf3O0oV3TzWGnLFDmtcm6EJX+p0L46OA1+H L8BUOS96lNJ0QHAfKP4XQoItQg3Qr29BPUE4VuokBdF3QYgnPYHvEyINhh1AYI1fuJMpnG2d+vCGA TVM/V0jQc2OzZlEpj6IeYyMNDeVc5rwhAy5/KEjCDk01/9Wt5zwH/wVm+m4B4S602agZ7Gd5cvx1J fxMVwXjA==;
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1720530343; x=1721135143; darn=sheflug.org.uk; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=evaLZOo32yXtG6B1eOBc6TrWVKQ85gMWQeOzU3Ur/xg=; b=bSDGPiASoJF9Qp7rMEKg/+WpIV1eyDGiOB1Lm7BxmAdU+MGDkX7MLD7gzX0OkShIGl S6KPDJzHdXygPIB+umSuSoNqytF1GfQp5pwCyeoHoLQVcA4PYfTamrboNfZYaqIApOpe UCQWJOxXrxz6ZB9QrlJ1wDkeKjNV7RxNagvorA7noAYR45VYVoSohMwEHUUxst4aJHpB GNWexCONtd+zFcVyRf9E8UMjpQ2+l9gtYsXNMAXMn5zdGJMmZsNpWH02P0ZS6qHhCNao kv7Xms+xWvEFk9xTDLKl0/MEDrMymiaL8LuFFNo/w+Tyw7KvkZq0rFvyQYKQH9UrWA3j 7How==
- Envelope-to: sheflug@xxxxxxxxxxxxxx
- List-help: <mailto:sheflug-request@sheflug.org.uk?subject=help>
- List-id: <sheflug.sheflug.org.uk>
- List-post: <mailto:sheflug@sheflug.org.uk>
- List-subscribe: <http://sheflug.org.uk/mailman/listinfo/sheflug_sheflug.org.uk>, <mailto:sheflug-request@sheflug.org.uk?subject=subscribe>
- List-unsubscribe: <http://sheflug.org.uk/mailman/options/sheflug_sheflug.org.uk>, <mailto:sheflug-request@sheflug.org.uk?subject=unsubscribe>
- Reply-to: sheflug@xxxxxxxxxxxxxx
- Sender: "Sheflug" <sheflug-bounces@xxxxxxxxxxxxxx>
Hi Matt, Ben,
Perfect. That is just what I wanted.
I need to rebuild some of the laptops I have around here, so I will give
LUKS a try. I am fortunate enough that I only tend to use a laptop for
Linux meetings or visiting Hackspace, so nothing that the world could not
see.
I tend to use rsync for backups, but the Borg looks interesting because of
the deduplication and the Restic because I could practice with S3 buckets.
I have just installed both Borg and Restic to try tonight.
At the moment I am using a mixture of SSDs and Spinning Rust. I tend to use
Spinning Rust for off line storage because they tend to be about 1/3rd
cheaper and so I can have multiple copies. SSDs I tend to use for OSes on
the grounds that when they do fail, it is an easy replacement and
reinstall. I have not had an SSD fail yet and most are around 18000 hours.
Regards
John
On Tue, 9 Jul 2024 at 12:20, Ben Oliver <ben@xxxxxxxxxxxx> wrote:
> On 2024-07-09 12:08:33, Matt Marsh wrote:
> >You mentioned that you have a concern about your whole data being
> dependant
> >on the small part of the drive where the keys are stored. I understand
> the
> >concern, but these days SSDs rarely fail - and if they do, it is often
> all or
> >nothing. It's not quite the same as in the days of spinning platters. And
> of
> >course, you should have an adequate backup strategy in place for these
> sorts
> >of eventualities anyway...
>
> This is my thought too. You can and should backup your LUKS header, but
> also
> your data.
>
> These days backups can also be done versioned and encrypted using a tool
> like
> borg [0] or restic [1]
>
> I've had drive failures but encryption has never been an obstacle to
> recovering data.
>
> However I really do like having peace of mind that if someone were to
> pinch my
> device the data on it remains private.
>
> [0] - https://www.borgbackup.org/
> [1] - https://restic.net/
>
> _______________________________________________
> Sheffield Linux User's Group
> http://sheflug.org.uk/mailman/listinfo/sheflug_sheflug.org.uk
> FAQ at: http://www.sheflug.org.uk/mailfaq.html
>
> GNU - The Choice of a Complete Generation
>
_______________________________________________
Sheffield Linux User's Group
http://sheflug.org.uk/mailman/listinfo/sheflug_sheflug.org.uk
FAQ at: http://www.sheflug.org.uk/mailfaq.html
GNU - The Choice of a Complete Generation