Hello I'm Chris

Welcome to newcomers! Don't hesitate to introduce yourself.
Please don't post tech support questions here
Post Reply
User avatar
CrazyElf
Level 2
Level 2
Posts: 56
Joined: Sat Nov 12, 2016 1:16 am
Location: Ontario, Canada

Hello I'm Chris

Post by CrazyElf »

Hello world! I am Chris and I live in Canada.

Currently, I'm using Linux Mint 18 x64 Cinnamon. I've made a few minor updates (currently updating regularly to the latest Kernel, which right now I believe is 4.85, although I think 4.86 just got released a day ago; will update soon).

I'm hoping to use Linux as my main daily driver, as I have become increasingly worried about my privacy given the direction that Microsoft is going. I recently had a close friend of mine get hacked and I have been thinking about how to secure my data considering how vulnerable we all are. I would imagine that Linux Mint would take security relatively seriously given the recent attack this year on this site and that Linux overall is going to be more secure than Windows.

The only time that I plan to use Windows going forward I think will be for applications that need it. Microsoft Office 2016 (unfortunately the world of business revolves around Office and not LibreOffice) and games mostly, but there are a few other Windows only software that Wine doesn't seem to work that well with.

I would consider myself to be an intermediate user of Linux. I've been using it on and off, hopping between various distros. The main ones being OpenSUSE and Ubuntu. I have settled though on the idea of Mint being my daily driver for now though.

I built my own PC and I am thinking about how to secure right myself right now:
  • Buy a Trusted Platform Module 2.0 (it's actually hard to find the 14 pin TPM 2.0 variant here in Canada)
  • Set up LUKs for my main partition on my Mint SSD (a Samsung 850 Pro 256 GB)
  • For now encrypt my Windows disk with Bitlocker AES 256 bit (a Samsung 850 Pro 512 GB with 7.5% overprovisioning) - not a perfect solution
  • Thinking about looking for a good password manager
  • I've set up 2 factor authentication for my main email
  • I also have a personal email on my website and I'm thinking about using RSA 4096 bit for my sensitive emails
I think it's become necessary given the state of security these days.
User avatar
jimallyn
Level 18
Level 18
Posts: 8955
Joined: Thu Jun 05, 2014 7:34 pm
Location: Wenatchee, WA USA

Re: Hello I'm Chris

Post by jimallyn »

Welcome aboard, Chris!
Image

“If the government were coming for your TVs and cars, then you'd be upset. But, as it is, they're only coming for your sons.” - Daniel Berrigan
User avatar
xenopeek
Level 24
Level 24
Posts: 24971
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: Hello I'm Chris

Post by xenopeek »

Welcome to the Linux Mint forums!

Some of the things you mention are only useful to protect your data from people who have physical access to your computer, not from remote attacks while you are logged in to your computer. For most home users their web browser is the most vulnerable point of attack. You can be tricked into clicking a link or downloading something; you can improve your security is this regard by for example installing an ad blocking add-on in your browser as most malware is reportedly distributed through ad networks. Specially crafted content could also try to use known or unknown bugs to get your web browser to do things it shouldn't. Aside from 2 factor authentication on important online accounts and a good password manager (with 2FA!) your other measures don't do anything to protect you online. I would suggest you look into something like firejail, which is a security sandbox that protects your operating system and personal files from being attacked or stolen through exploits of known & unknown bugs in your programs. I would recommend to use it at least for your web browser.
Image
User avatar
The-Wizard
Level 12
Level 12
Posts: 4066
Joined: Fri Jan 28, 2011 3:12 pm
Location: Bedforshire, ENGLAND

Re: Hello I'm Chris

Post by The-Wizard »

Welcome to the Mint family forums

wizard
The idea that Bill Gates has appeared like a knight in shining armour to lead all customers out of a mire of technological chaos neatly ignores the fact that it was he who, by peddling second-rate technology, led them into it in the first place.
User avatar
Crewp
Level 9
Level 9
Posts: 2510
Joined: Sat Dec 01, 2012 8:36 pm
Location: Connecticut,USA

Re: Hello I'm Chris

Post by Crewp »

Welcome to Linux Mint, and the Mint forum.
Image
GoLinux
Level 1
Level 1
Posts: 22
Joined: Sun Oct 30, 2016 6:58 pm
Location: Somewhere in New England

Re: Hello I'm Chris

Post by GoLinux »

Welcome Chris. Enjoy the ride!
Mint 18 Mate 64bit
Samsung NP300U1A-A01US, Intel i3-2357M, 320GB HDD, 4GB RAM
User avatar
phd21
Level 19
Level 19
Posts: 9811
Joined: Thu Jan 09, 2014 9:42 pm
Location: Florida

Re: Hello I'm Chris

Post by phd21 »

Hi "CrazyElf" (Chris),

Welcome to the wonderful world of Linux Mint and its excellent forum !

It would help to know more about your system setup. If you run "inxi -Fxzd" from the console terminal prompt, highlight the results, copy and paste them back here, that should provide enough information.

Something to think about, you can go "overboard" with too much security and make your system unstable, or extremely slow, or both.
CrazyElf wrote:I'm hoping to use Linux as my main daily driver, as I have become increasingly worried about my privacy given the direction that Microsoft is going. I recently had a close friend of mine get hacked and I have been thinking about how to secure my data considering how vulnerable we all are. I would imagine that Linux Mint would take security relatively seriously given the recent attack this year on this site and that Linux overall is going to be more secure than Windows.
To help prevent hackers:
Linux and Linux Mint are much more secure than other operating systems already. The event you are referring to was a cowardly attack to the Linux Mint website, not by breaking into active Linux Mint operating systems, and they have now secured their websites. The hackers did alter some of the Linux mint download ".iso' files, but that has also been corrected, and anyone can verify the Linux Mint download files to make sure they are from the original Linux Mint developers and are okay to install and use.

Secure your hardware router (enable its firewall, allow only trusted access by network card Mac address and or IP addresses), use a good password and change its password at least monthly, Enable your Linux Mint software firewall (ufw, Gufw), Change your local ISP's Internet connection's default DNS servers to secure ones from OpenNic project, dns.watch, OpenDNS, etc... in the router or at the computer desktops, use a VPN provider for your network connection(s), use a good Linux Mint login password, use "Firejail" for all Internet enabled applications, etc... When not using your computer for extended periods of time, away from your computer for more than an hour, overnight, etc... then disconnect from your Internet connection by simply clicking the Network Manager icon in your system tray panel, and clicking "disconnect" from your Local ISP connection. You can easily re-connect to your local ISP Internet connection when you want using the same procedure. Or, just shutdown your computer when not in use...
CrazyElf wrote:The only time that I plan to use Windows going forward I think will be for applications that need it. Microsoft Office 2016 (unfortunately the world of business revolves around Office and not LibreOffice) and games mostly, but there are a few other Windows only software that Wine doesn't seem to work that well with.
LibreOffice is an excellent MS office alternative (getting better all the time with updates as well), and it can read and write all but the most complicated MS Office documents, spreadsheets, etc... You can always use MS Office Live Online for those exceptions, or Google's Docs and other Google Office stuff. You can install MS Windows into VirtualBox or VMware, and run anything related to MS Windows in that while still in Linux Mint without dual booting, including MS Office or games.

The "Steam" system that is available for Linux is a great option for gamers, and it is getting better each week ...
CrazyElf wrote:[*]Buy a Trusted Platform Module 2.0 (it's actually hard to find the 14 pin TPM 2.0 variant here in Canada)
I am not familiar with this (yet), so no comment from me.
CrazyElf wrote: [*]Set up LUKs for my main partition on my Mint SSD (a Samsung 850 Pro 256 GB)
You can setup encryption for your "/home" folder during the initial install of Linux Mint. A note of caution regarding encrypting a drive, or its partition, or the entire "/home" folder, if you encounter an error of some kind, hard drive error (bad sector, etc...), or some other kind of error, then you can easily loose access to the entire drive, partition, or your entire "/home" folder and all of its contents.
CrazyElf wrote: [*]For now encrypt my Windows disk with Bitlocker AES 256 bit (a Samsung 850 Pro 512 GB with 7.5% overprovisioning) - not a perfect solution
You can install a program like "VeraCrypt" to create a super secure area of a drive or external drive (USB flash drive stick) to put secure data and files in that.
CrazyElf wrote: [*]Thinking about looking for a good password manager
"KeePassX" (v2.x) and "KeePass2" are superb secure password managers an d are available in the Software Manager or Synaptic Package Manager (SPM).
CrazyElf wrote: [*]I've set up 2 factor authentication for my main email
I am assuming from your comment that you are using the excellent "Gmail" services. If you want to use some really good 3rd party programs for secure chat messaging, etc... then using 2 factor authentication may make that more difficult, or impossible. Of course, you can change that at anytime. The only true secure email is by using GPG (PGP) encryption which requires setting up GPG keys for you and your email contacts. Fortunately, it is an easy thing to do, and Linux Mint has applications for this "GPA", "SeaHorse" (Passwords and Keys), KGpg, Kleopatra, the console terminal command prompt, etc... Thunderbird has "Enigma", etc...
CrazyElf wrote: [*]I also have a personal email on my website and I'm thinking about using RSA 4096 bit for my sensitive emails
Again, this requires that you and your email recipients have GPG (PGP) encryption keys that you exchange with each other.

Hope this helps ...

Enjoy using Linux Mint ... :)

Have a great day !
Phd21: Mint 20 and 19.2 Cinnamon & xKDE (Mint Xfce + Kubuntu KDE) & KDE Neon 64-bit (new based on Ubuntu 20.04) Awesome OS's, Dell Inspiron I5 7000 (7573) 2 in 1 touch screen, Dell OptiPlex 780 Core2Duo E8400 3GHz,4gb Ram, Intel 4 Graphics.
User avatar
CrazyElf
Level 2
Level 2
Posts: 56
Joined: Sat Nov 12, 2016 1:16 am
Location: Ontario, Canada

Re: Hello I'm Chris

Post by CrazyElf »

Thanks everyone for the greetings!
xenopeek wrote:Welcome to the Linux Mint forums!

Some of the things you mention are only useful to protect your data from people who have physical access to your computer, not from remote attacks while you are logged in to your computer. For most home users their web browser is the most vulnerable point of attack. You can be tricked into clicking a link or downloading something; you can improve your security is this regard by for example installing an ad blocking add-on in your browser as most malware is reportedly distributed through ad networks. Specially crafted content could also try to use known or unknown bugs to get your web browser to do things it shouldn't. Aside from 2 factor authentication on important online accounts and a good password manager (with 2FA!) your other measures don't do anything to protect you online. I would suggest you look into something like firejail, which is a security sandbox that protects your operating system and personal files from being attacked or stolen through exploits of known & unknown bugs in your programs. I would recommend to use it at least for your web browser.
Yeah it's a good idea.

Right now I'm using:
  • Disconnect
  • Ublock Origin
  • No script
  • CookieMonster
  • Encrypted Web 5.15 (fork of the EFF's HTTPs everywhere)

phd21 wrote: To help prevent hackers:
Linux and Linux Mint are much more secure than other operating systems already. The event you are referring to was a cowardly attack to the Linux Mint website, not by breaking into active Linux Mint operating systems, and they have now secured their websites. The hackers did alter some of the Linux mint download ".iso' files, but that has also been corrected, and anyone can verify the Linux Mint download files to make sure they are from the original Linux Mint developers and are okay to install and use.

Secure your hardware router (enable its firewall, allow only trusted access by network card Mac address and or IP addresses), use a good password and change its password at least monthly, Enable your Linux Mint software firewall (ufw, Gufw), Change your local ISP's Internet connection's default DNS servers to secure ones from OpenNic project, dns.watch, OpenDNS, etc... in the router or at the computer desktops, use a VPN provider for your network connection(s), use a good Linux Mint login password, use "Firejail" for all Internet enabled applications, etc... When not using your computer for extended periods of time, away from your computer for more than an hour, overnight, etc... then disconnect from your Internet connection by simply clicking the Network Manager icon in your system tray panel, and clicking "disconnect" from your Local ISP connection. You can easily re-connect to your local ISP Internet connection when you want using the same procedure. Or, just shutdown your computer when not in use...
Yeah definitely something to consider - I"ll have to look into Firejail.

I just wish there was a more friendly way to do what has been done with Qubes distro.
phd21 wrote: "KeePassX" (v2.x) and "KeePass2" are superb secure password managers an d are available in the Software Manager or Synaptic Package Manager (SPM).
Thanks - will look into those. Right now I do prefer an open source password manager (a non-open source one could mean that the software developer has your password with no way for you to find out).

phd21 wrote:
CrazyElf wrote: [*]I've set up 2 factor authentication for my main email
I am assuming from your comment that you are using the excellent "Gmail" services. If you want to use some really good 3rd party programs for secure chat messaging, etc... then using 2 factor authentication may make that more difficult, or impossible. Of course, you can change that at anytime. The only true secure email is by using GPG (PGP) encryption which requires setting up GPG keys for you and your email contacts. Fortunately, it is an easy thing to do, and Linux Mint has applications for this "GPA", "SeaHorse" (Passwords and Keys), KGpg, Kleopatra, the console terminal command prompt, etc... Thunderbird has "Enigma", etc...
CrazyElf wrote: [*]I also have a personal email on my website and I'm thinking about using RSA 4096 bit for my sensitive emails
Again, this requires that you and your email recipients have GPG (PGP) encryption keys that you exchange with each other.

Hope this helps ...

Enjoy using Linux Mint ... :)

Have a great day !

Yep - that's a big problem, both sides need to have GPG keys for each other. I wish there was a more user friendly way to send GPG keys than the status quo.
dehawkinz
Level 2
Level 2
Posts: 75
Joined: Tue Sep 13, 2011 5:09 pm

Re: Hello I'm Chris

Post by dehawkinz »

Right now I do prefer an open source password manager (a non-open source one could mean that the software developer has your password with no way for you to find out).
KeePass is fairly secure in that regard, since you have both the manager and the password database on your computer, the developer has no access to the password you used to lock the database(s) with
(I actually have multiple databases and split my passwords between them - eggs in one basket and all that)
User avatar
kc1di
Level 16
Level 16
Posts: 6381
Joined: Mon Sep 08, 2008 8:44 pm
Location: Maine USA

Re: Hello I'm Chris

Post by kc1di »

Hello Chris and Welcome to Linux Mint Forums,

As you can already tell you can get a wealth of Information just for the asking.
Enjoy! :)
Easy tips : https://easylinuxtipsproject.blogspot.com/ Pjotr's Great Linux projects page.
Linux Mint Installation Guide: http://linuxmint-installation-guide.rea ... en/latest/
Registered Linux User #462608
User avatar
phd21
Level 19
Level 19
Posts: 9811
Joined: Thu Jan 09, 2014 9:42 pm
Location: Florida

Re: Hello I'm Chris

Post by phd21 »

HI "CrazyElf",
CrazyElf wrote: Yep - that's a big problem, both sides need to have GPG keys for each other. I wish there was a more user friendly way to send GPG keys than the status quo.
It is pretty easy to exchange your "public" GPG or PGP encryption keys (key certificates) with someone you want to have secure email and messaging communications with. You and your people (recipients) that you want secure encrypted communications with can just "export your "Public" GPG PGP key" (or key certificate) to a file using any of the aforementioned encryption applications in whatever operating system, then just attach that key file to an email, or a secure chat messaging application, or meet in person to exchange them, or if they are published keys, then you can just look them up and import them into your system. You might consider naming the exported key certificate file with the associated email address it is for to avoid confusion, like "YourEmailAddress.pgp" or "YourEmailAddress.asc". It is safe to exchange key certificate files because no one should have your secure key certificate password to "decrypt" any of your communications using your encryption key (they use their own encryption key and their password). And, you need each others encryption keys to "encrypt" communications with your recipient's GPG PGP keys (or key certificate). Tip: When encrypting messages, always include your own encryption key along with your recipient's encryption key, so that you can "decrypt" your own sent messages if you want to.

Hope this helps...
Phd21: Mint 20 and 19.2 Cinnamon & xKDE (Mint Xfce + Kubuntu KDE) & KDE Neon 64-bit (new based on Ubuntu 20.04) Awesome OS's, Dell Inspiron I5 7000 (7573) 2 in 1 touch screen, Dell OptiPlex 780 Core2Duo E8400 3GHz,4gb Ram, Intel 4 Graphics.
User avatar
pdhunter1987
Level 3
Level 3
Posts: 141
Joined: Wed Oct 15, 2014 5:26 am
Location: Australia

Re: Hello I'm Chris

Post by pdhunter1987 »

Welcome to the Linux Mint community Chris!...aye.
:lol: :D
-----------------
pdhunter1987
Linux Mint 18 Cinnamon 64bit
sudo apt install LinuxMint
User avatar
all41
Level 16
Level 16
Posts: 6563
Joined: Tue Dec 31, 2013 9:12 am
Location: Computer, Car, Cage

Re: Hello I'm Chris

Post by all41 »

Hi Chris--You're gonna fit right in
Here's a big welcome for you
Light travels faster than sound. That's why some people appear smart until you hear what they are saying.
You will seldom see a grey-beard wearing a tinfoil hat.
User avatar
CrazyElf
Level 2
Level 2
Posts: 56
Joined: Sat Nov 12, 2016 1:16 am
Location: Ontario, Canada

Re: Hello I'm Chris

Post by CrazyElf »

Thanks everyone.
phd21 wrote:HI "CrazyElf",
CrazyElf wrote: Yep - that's a big problem, both sides need to have GPG keys for each other. I wish there was a more user friendly way to send GPG keys than the status quo.
It is pretty easy to exchange your "public" GPG or PGP encryption keys (key certificates) with someone you want to have secure email and messaging communications with. You and your people (recipients) that you want secure encrypted communications with can just "export your "Public" GPG PGP key" (or key certificate) to a file using any of the aforementioned encryption applications in whatever operating system, then just attach that key file to an email, or a secure chat messaging application, or meet in person to exchange them, or if they are published keys, then you can just look them up and import them into your system. You might consider naming the exported key certificate file with the associated email address it is for to avoid confusion, like "YourEmailAddress.pgp" or "YourEmailAddress.asc". It is safe to exchange key certificate files because no one should have your secure key certificate password to "decrypt" any of your communications using your encryption key (they use their own encryption key and their password). And, you need each others encryption keys to "encrypt" communications with your recipient's GPG PGP keys (or key certificate). Tip: When encrypting messages, always include your own encryption key along with your recipient's encryption key, so that you can "decrypt" your own sent messages if you want to.

Hope this helps...

Yeah looking around, the only thing that could happen (and this is more for the paranoid) is if someone modified your public key with their public key, which an MD5 Checksum should rectify.

I will probably move any technical questions to the correct sub-forum going forward, but thanks for the advice.
User avatar
pdhunter1987
Level 3
Level 3
Posts: 141
Joined: Wed Oct 15, 2014 5:26 am
Location: Australia

Re: Hello I'm Chris

Post by pdhunter1987 »

Hi Chris! Welcome to the Linux Mint community!
-----------------
pdhunter1987
Linux Mint 18 Cinnamon 64bit
sudo apt install LinuxMint
Post Reply

Return to “Introduce yourself”