Walt Mankowski on 8 Jan 2011 19:43:21 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Linux n00b question

On Sat, Jan 08, 2011 at 08:30:17PM -0500, Rich Freeman wrote:
> I haven't messed around with full-disk encryption yet - it makes me a
> bit nervous and of course there is the need to enter a password on
> bootup unless you have some kind of TPM-based solution like ChromeOS.
> One thing I have used is encrypted swap - it is pretty easy to setup
> and while it costs you CPU there is really no risk to data, since
> nothing in swap persists a reboot anyway.  Oh, this won't work if you
> suspend to swap (unless you use a fixed encryption key).  On each boot
> I generate a random encryption key, mount an encrypted loop with that
> key, and then do a swapon.  This means that random stuff that ends up
> in memory doesn't get leaked into swap (gpg keys, etc - though good
> implementations of these kinds of tools will lock this memory anyway).
> As far as swap size goes - I tend to be pretty liberal with swap, but
> my use case is not typical.  I run Gentoo so it isn't unusual to be
> running Ant or building chromium/firefox/openoffice/etc which REALLY
> gobble RAM.  I also make pretty liberal use of tmpfs to speed up
> compile performance (intermediate files never touch the disk unless
> the build is large).  In theory tmpfs plus a ton of swap shouldn't be
> any worse in performance than a regular drive.  In practice I've found
> that the kernel doesn't always swap things wisely and so I do tend to
> build on actual disk for things that are literally going to use
> gigabytes of space (chromium comes to mind - largely due to Google's
> tendency to rebundle every library that is already on your PC in it
> from webkit to sqlite/etc - something Gentoo has slowly been undoing).
>   They do the same with the android SDK including a version of SWT
> that gives some people problems.

While we're on the subject of RAM and swap, here's a nice little
website on how Linux reports how much free memory you have:


Attachment: signature.asc
Description: Digital signature

Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug