mintCast 307 – Encryption Part 1 (mp3)

mintCast Episode 307

 

INTRODUCTION

 

This is Leo and with me I have Joe, Moss, and the return of Rob for this episode! We’re recording on Sunday April 21st 2019.

First up, in our Wanderings, I talk Kernel 5.0 and transfer speed, Joe reformats and loses Windows but gains NVidia peace of mind, and finally Moss digests more distros and has some success with migrating Kodi

Then, our news is filled with updates from top to bottom.

In our Innards section, we dive into file and disk encryption.

And finally, the return of email feedback as well as lots of banter in the Telegram and Discord groups.

 

Bi-Weekly Wanderings

 

  • Leo
    • Testing out the 5.0.0 kernel before it is available to us in Mint on my desktop with Kubuntu. So far so stable.
    • Diving into disk and file encryption. More in the Innards.
    • Pi woes. 40mbps (5MB/s) scp transfers over LAN and 8mbps (1MB/s) transfers over WAN. Haven’t gotten a chance to test it yet.
    • Plan on recording my first Full Circle Weekly News episode today!

 

  • Joe
    • Reformatted my main drive on my laptop.  Had a bad hard drive(a different one) that needed to be replaced.  This however messed up my UEFI, maybe the UEFI partition was on it and i didnt realize.  Anyways switched from ubuntu to mint and was able to use my former write up on the topic to get the NVIDIA drivers working almost immediately.  Still need to fix the windows partition since it seems to be dangling. This however may cause problems with boot on the linux media and i may have to do it all over again.
    • Still haven’t fixed the Windows partition but I do have the USB ready to go
    • Updated to the most recent NVIDIA drivers in the hopes that it will fix my crashing problems
    • Installed Olivia
      • It is good for streaming music without video in order to limit bandwidth
      • Will cache and download the music that you play so that it is available local
      • Cannot import playlists
    • Running out of bluetooth headphones.

 

  • Moss
    • I’ve mostly just been working on Distrohoppers’ Digest, which Tony Hughes and I will be recording on April 24th. I finished my report on Solus 4 Fortitude and then blew it away to install LinuxLite for Episode 2.
    • I had my difficulties on Solus Forums, although there seems to be a variance between my view of the situation and that of others.  My view is: People tried to help me. I did not understand the help enough to do something. I got called names. After a bit of that, I stopped being able to listen to the offered help, and left the forum.
    • LinuxLite is just fine. I had the same printer problem that I’ve had with Bodhi 5.0.0, which is the printer installs fine and then doesn’t print. I assume the same fix will apply to both.
    • I copied my ~/.kodi directory from my Linux Mint /home to my Bodhi /home, as I have often threatened to attempt to do. I still had to reauthorize Trakt.tv and real-debrid, but it ran like a champ after that. Linux Lite seems to come with an old version of Kodi, so I hesitated doing the move as it might not work on the older version, and so far my attempt to install the new version it is lacking a file somewhere.
    • And has anyone else noticed that the XFCE Desktop implemented in Linux Lite 4.4 looks just like Deepin DE?
  • Tony H is sick this episode
  • Tony W is Eastering
  • Bo is Post-Birthday Partying

 

The News

 

  1. Ubuntu 19.04 is out!
    1. New Kernel 5.0!
    2. Mesa 19.0.2 (for you gamers out there)
    3. Live patching (the kernel) is a thing!

 

  1. [Leo]OpenSSH 8.0 released
    1. Officially deprecated scp.
    2. The biggest reasons being scp can clobber files with malicious ones, and sftp is more complete and secure.
    3. sftp doesn’t change workflow at all. Just change scp to sftp in your commands.

 

  1. [Moss] Update to Firefox 66.0.3
    1. This security update patches holes that might allow an attacker to confuse users with tricky prompts that would lead to crashes, reading of sensitive info, or even attempt social engineering by pop-up.
    2. A separate bug may allow for Man-in-the-Middle (MITM).

 

  1. Debian 10 Buster RC1 is out!
    1. Uses Kernel 4.19 LTS
    2. Compatible with Secure Boot
    3. Uses LUKS2 for disk encryption

 

LINUX INNARDS

 

  • Joe
    • https://gizmodo.com/why-you-should-be-encrypting-your-devices-and-how-to-ea-1798698901
    • “This is important. If we only use encryption when we’re working with important data, then encryption signals that data’s importance. If only dissidents use encryption in a country, that country’s authorities have an easy way of identifying them. But if everyone uses it all of the time, encryption ceases to be a signal.”
    • Obfuscation vs encryption
      • Obfuscation how to hide in plain sight
      • Benefits of encryption in regards to physical access.
    • Don’t be easier to get at then the next guy.
  • Not Joe (aka Leo)
    • Full disk encryption
      • No real way to set it up after the fact without a lot of legwork. Time-wise, it would probably be easier to back up your files and choose full disk encryption during a re-install.
        • In the “Installation type” window, check the “Encrypt the new Linux Mint installation for security” option. This will also force LVM on.
        • In the next window, you are prompted to create a new “security key.”
          • This key will be the way you recover your disk outside of the environment you’re installing it into at this point. Do not share it. Write it down (I know, I know), and put it somewhere safe. Your desk is not safe.
          • You also get the “overwrite empty disk space” option that will throw random data on the entire disk before installing the OS. While it’s not recommended for SSD’s, the write life on them has much improved over the years. So, as long as you’re not doing it every couple of weeks, there’s no issue.
    • Home folder encryption
      • Can be done after-the-fact, but is easiest to set up during install. In the “Who are you?” window, during install, simply check the “Encrypt my home folder” box when setting your password.
        • This will use your password as the encryption key for your home folder and must be provided to access any file within.
          • I would suggest not writing this password down except for as a fail-safe backup since it is used frequently
        • Mint also had some issues with the release of Tara that didn’t encrypt your swap partition properly.
        • So, use the following commands:
          • sudo sed -i ‘s#/target##’ /etc/crypttab
            • Removes /target from /etc/crypttab
          • sudo sed -i ‘#^/swapfile#d’ /etc/fstab
            • Removes the line containing /swapfile from /etc/fstab

 

  • sudo update-initramfs -u

 

  • Issues
    • You must provide your disk decryption password on every reboot in addition to your login password.
    • Must provide two passwords. Decryption and Login.
    • Home folder encryption, is a mixed bag, but home folder encryption is better than nothing at all!
    • Home folder encryption on installation may have swap issues, so there is more than just a check box to do if swapon –show comes back with nothing. (If it shows swap information, you’re good!)
    • Home folder encryption is safer to use with encryptfs which comes with security downsides. For multi-user setups, this may be unacceptable.
    • Moss’ trick with copying config files —  such as ~/.kodi — to other partitions/distros — will it work if the file, folder, or drive are encrypted???

 

  • Conclusion
    • As far as performance goes, full disk encryption wins hands-down.
    • Full disk encryption is easiest to install if you can afford to reinstall your system
    • Go full disk!
    • Despair, all ye who enter herein!

 

Vibrations from the Ether

 

GPG error: http://dl.google.com/linux/earth/deb stable Release: The following signatures were invalid: EXPKEYSIG 1397BC53640DB551 Google Inc. (Linux Packages Signing Authority) <[email protected]>Failed to fetch http://dl.google.com/linux/earth/deb/dists/stable/Release.gpg  

The following signatures were invalid: EXPKEYSIG 397BC53640DB551 Google Inc. (Linux Packages Signing Authority)

<[email protected]>Some index files failed to

download. They have been ignored, or old ones used instead.

 

…when I run sudo apt-get update, I get the following message:

N: Skipping acquire of configured file ‘main/binary-i386/Packages’ as repository ‘http://dl.google.com/linux/earth/deb stable InRelease’ doesn’t support architecture ‘i386’

 

Leo writes: This is a temporary issue. It may have to do with the fact that 32-bit repos are being deleted and 64-bit replacements have yet to be redirected.

 

 

Check This Out!

 

 

Announcements

 

mintCast listener Jackie Moore writes:

Everyone that is a mintCast listener is aware of Moss’s difficulties of late. I have started a go fund me to help Moss go to SELF in Charlotte NC. To donate please go to Grow Moss at Southeast Linux Fest ! This can be our way of saying Thank You for doing mintCast and Distrohoppers’ Digest!

 

You can reach us at:

 

Joe – www.Tllts.org  www.linuxlugcast.com MeWe [email protected]

Bo – undercastnetwork.com

Moss – Triad Bardic College, Peaceful Hippo, MeWe, music on Bandcamp and all over YouTube (search for OLD Moss Bliss, ignore the young black South African gospel singer of the same name), [email protected]

Tony Hughes –     HPR –  http://hackerpublicradio.org/correspondents.php?hostid=338

            Occasional Blog https://tony-hughes.blogspot.com/

            Twitter @TonyH1212

Leo – leochavez.org and @leochavez on Twitter, and now Full Circle Weekly News

Josh – edublocks.org and @all_about_code on Twitter

 

Livestream information is at mintcast.org/livestream

We’re in the mintCast channel in IRC at irc.spotchat.org

If you see something that you’d like to hear about, tell us!

    Send us email at [email protected]

    Join us on MeWe

    And Facebook

    Post at the mintCast subreddit

    Chat with us on Telegram, link

    Discord, link

    Or post directly at http://mintcast.org

Archive.org Hosting

We currently host our podcast at archive.org. If you had considered donating to mintCast, redirect those funds here.

Audacity

As an alternative we also use Audacity as our main audio editing tool so if you would prefer you can donate to them at:

https://www.audacityteam.org/donate/

mintCast on the Web

Episode Archives