Cinnamon Mint 18: I like what I see... :)

[scorp123]

Long time no see I guess? (... old-timers will still remember me, LOL ...). And awwwwww, all my sticky posts about "don't do this, don't do that, please do it this way..." are still here? Sweet.

Anyway... I "distro-hopped" a lot in those past years. Debian, Ubuntu, Kubuntu, Xubuntu, Lubuntu, OpenSUSE, CentOS, back to Ubuntu ... then I found "Zorin OS". And then I needed to replace my old broken Nvidia card with a new one ... and this is where my frustrations began. Thanks to some weird combination of kernel bug, 'nouveau' not supporting this new graphics card yet and the proprietary Nvidia driver and the kernel not getting along I experienced soooo many system freezes and crashes ... :/

One of my coworkers recommended I try this distro he had "run into": Linux Mint.

LOL

But OK... why not? It's been a loooooong time so why not try it again?

The verdict:

Oh man, I *really* love what I see here!!

You guys can safely assume I'm still the undiplomatic brutally direct guy I was in 'the old days'... so me making a compliment means I really do mean it. (I don't dish out compliments lightly... )

Stability problems: gone. This OS just works, it's full of polish, bells and whistles, offers plenty of customisation features.... Awwwww, wonderful

The only major bug I've found is the one which all Ubuntu-based distros have since Ubuntu 15.04: "systemd" prevents eCryptFS-encrypted home directories from properly being unmounted ...

The result is that even when you log out, your home directory stays open! e.g. anyone having any other account on the system can still read the contents of your home folder, especially if they have access to the "root" account, either directly or via "su" or "sudo". The expected behaviour would be that once you log off your home folder goes back into its encrypted state .... but nope!! This bug is preventing it. On a desktop system this might not be a big deal ... but on a laptop this means your files could be accessed + stolen if anyone can get their hands on your device.

Recommended workaround:

Create a "cron" job for super-user "root" that runs once every minute and which will try to unmount your eCryptFS-encrypted home directory. If you're still logged in nothing will happen as the binary will run into a "device busy" error (which is silently discarded with the help of 'pipes' so log files etc. don't get filled up with redundant messages). If however you happen to be logged out in that moment the home directory will return to its encrypted state, e.g. we get the desired result again.

Launch the 'crontab' editor as super-user "root":

Code: Select all

sudo crontab -e

Then fill in this line, replace "YOURUSERNAMEHERE" with your username; this location should point to your eCryptFS-encrypted home directory folder:

Code: Select all

*/1 * * * * /sbin/umount.ecryptfs /home/YOURUSERNAMEHERE > /dev/null 2>&1

What the above line does: It tries to unmount your encrypted home directory once every minute (" */1 " above) and it tries this in every hour, every day, every month, every year (hence why all the other " * " are up there...). The rest discards every output or error message ( " > /dev/null 2>&1" ) as these messages would only fill up log files and what not and become really really annoying.

So until Canonical and/or the people around "systemd" finally fix this stupid bug this little workaround above should do the trick.

Cheers

[Portreve]

I have no doubt whatsoever this is going to bring me some flak, but that's ok because I've got broad shoulders and I wouldn't suggest this for use in an exposed environment anyhow...

I'm still a pretty big fan of TrueCrypt. Yes, it's dated, yes, it's no longer maintained, and yes its last remaining developer(s) put a warning in it and on their web site that it shouldn't be considered secure.

However, it's the only decent, multi-platform-supporting, libre license-using encryption system I'm aware of.

(Now, scorp123, if you want to raise hell about this suggestion, go right ahead. Educate me if you dare!)

[Fred Barclay]

Portreve: what about VeraCrypt? It's being actively developed and I like what I've seen.

OP: Of course I remember you, or at any rate remember reading your posts. Welcome back!

[scorp123]

I have no doubt whatsoever this is going to bring me some flak, but that's ok because I've got broad shoulders and I wouldn't suggest this for use in an exposed environment anyhow...

What are you referring to? eCryptFS? It's good enough to keep thieves from simply copying all your files if ever they manage to get hold of your device. I think that's the main goal here and also why it's important that this thing should automatically unmount your home directory once you're logged off. That's at least what I use this for. It probably won't stop government-funded pro's (but then again very few things would stop those guys anyway...) but it will stop average smartass 'Joe Doenogood' from obtaining a copy of your e-mails, passwords and what not.

I'm still a pretty big fan of TrueCrypt.

I wouldn't trust it anymore at this point. I'd rather use something like GPG if it has to be cross-platform.

Windows UI client:
https://www.gpg4win.org/

Linux UI client:
https://apps.ubuntu.com/cat/application ... /seahorse/

(Now, scorp123, if you want to raise hell about this suggestion, go right ahead. Educate me if you dare!)

Your files, your privacy, your problem.

Feel free to use what works for you, LOL

[exploder]

Nice to see you scorp123!

[pcpunk]

Welcome back scorp!

[SVTX]

A friend of mine said something about encryption the other day that won't leave my head. He said all current algorithms are flawed because they are known systems (and mostly developed by the NSA). He said if you want your stuff to be secure, write your own encryption algorithm. It doesn't have to be good or complex, it only needs to be unique. I don't know how true that is because if I was a cryptographer I would probably be working for the NSA by now but it sounded reasonable and made me think about encryption from a different (moderately paranoid) perspective

[scorp123]

He said if you want your stuff to be secure, write your own encryption algorithm. It doesn't have to be good or complex, it only needs to be unique.

That's bull and proven NOT to work!

And besides, the claim that "every" modern encryption scheme out there was "invented by the NSA" isn't even true. There are plenty which were invented way outside government circles. Take AES aka "Rijndael" for example which was invented by two Belgians (Vincent Rijmen, Joan Daemen) at a Belgian university.

Snowden's leaked documents had several pages in there where NSA people complained how "problematic" some of those encryption schemes are ... because they can't crack them... yet.

So... what is good encryption?

Use a known-to-be-still-good algorithm (e.g. AES, PGP, BlowFish, TwoFish, OpenSSL, ...) and use a sufficient key length. These days I wouldn't go below 2048 bit. 4096 bit may be even better. And for passwords: Make sure they are long (the longer, the better), are not dictionary words, and contain lots of special characters.

A few weeks ago we had a "Security Community Event" at my company and we had a guest speaker - Mrs. Kelly Richdale from IDQuantique:
http://www.idquantique.com/about-idq/management-team/

Their company is in the business of doing Quantum encryption and building highly specialised security appliances. Basically ... they expect that by 2030 anyone will be able to pretty much instantly crack most of the currently encrypted stuff if the key lengths are shorter than 2048 bit (e.g. AES-256, SHA256, RSA1024, etc.) and/or the chosen algorithms are known to be pitifully weak (e.g. SHA1 or DES which should no longer be used under any circumstances!).

During her talk she also touched on the topic of encrypting things in a "quantum-safe" way, e.g. choose your encryption in such a way so that even the Quantum encryption / decryption appliances of the near future can not crack anything.

If you pick your algorithm well (e.g. AES) and pick a sufficiently long key length (4096 bits or more) then they expect that even with Quantum devices it would still take several decades to break such encryption.

That's still "good enough".

[felemur]

I'm not a computer expert, and don't pretend to be one, but my simple-minded take on this is:

I use Veracrypt for files I don't want anyone who might steal one of my SSD/HDD's to see - in other words, it is to keep criminals out.

Could the NSA crack it? Whether they can or can't, I just assume they could. Anything in my encrypted files they could get other ways if they really wanted to anyway. Things I want to keep from the NSA (like buying and selling nuclear weapons), I don't use a computer for - period...I do that in person.