Re: [PLUG] Linux n00b question

Rich Freeman on 8 Jan 2011 17:30:23 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Linux n00b question

From: Rich Freeman <r-plug@thefreemanclan.net>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Subject: Re: [PLUG] Linux n00b question
Date: Sat, 8 Jan 2011 20:30:17 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:sender:received :in-reply-to:references:date:x-google-sender-auth:message-id:subject :from:to:content-type; bh=tI3Is3t3TYdXmbcaxyTEsxsaDTrvf7V9T5POia5MjrI=; b=EQ3dZu+HGLDOj50yOqjCB/qCFzrt3bxdC7n9id1QWewevODkm+DVsDZ2eWOhHTMhYX kJDvgz4cpko7AMbR23rQ10CQuKZ/dhMMjaZN91sccPUcImGF9QIepEz+PT8ekeBH5oNo RTP64B2ILeN9/X4Rr6zFB6vWOpvv+57IBBLDQ=
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: plug-bounces@lists.phillylinux.org

On Sat, Jan 8, 2011 at 6:08 PM, JP Vossen <jp@jpsdomain.org> wrote:
> This is especially important
> for whole-disk encryption, which we should all have at least on our laptops,
> right?
>

I haven't messed around with full-disk encryption yet - it makes me a
bit nervous and of course there is the need to enter a password on
bootup unless you have some kind of TPM-based solution like ChromeOS.

One thing I have used is encrypted swap - it is pretty easy to setup
and while it costs you CPU there is really no risk to data, since
nothing in swap persists a reboot anyway.  Oh, this won't work if you
suspend to swap (unless you use a fixed encryption key).  On each boot
I generate a random encryption key, mount an encrypted loop with that
key, and then do a swapon.  This means that random stuff that ends up
in memory doesn't get leaked into swap (gpg keys, etc - though good
implementations of these kinds of tools will lock this memory anyway).

As far as swap size goes - I tend to be pretty liberal with swap, but
my use case is not typical.  I run Gentoo so it isn't unusual to be
running Ant or building chromium/firefox/openoffice/etc which REALLY
gobble RAM.  I also make pretty liberal use of tmpfs to speed up
compile performance (intermediate files never touch the disk unless
the build is large).  In theory tmpfs plus a ton of swap shouldn't be
any worse in performance than a regular drive.  In practice I've found
that the kernel doesn't always swap things wisely and so I do tend to
build on actual disk for things that are literally going to use
gigabytes of space (chromium comes to mind - largely due to Google's
tendency to rebundle every library that is already on your PC in it
from webkit to sqlite/etc - something Gentoo has slowly been undoing).
  They do the same with the android SDK including a version of SWT
that gives some people problems.

Rich
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] Linux n00b question
  - From: Walt Mankowski <waltman@pobox.com>
- Re: [PLUG] Linux n00b question
  - From: Art Alexion <art.alexion@gmail.com>

References:
- Re: [PLUG] Linux n00b question
  - From: JP Vossen <jp@jpsdomain.org>

Prev by Date: Re: [PLUG] Linux n00b question
Next by Date: Re: [PLUG] Linux n00b question
Previous by thread: Re: [PLUG] Linux n00b question
Next by thread: Re: [PLUG] Linux n00b question
Index(es):
- Date
- Thread