it0 2017-02-27 09:03:58
Hi everyone, hope you're all doing fine ;)
CutMeOwnThroat 2017-02-27 09:04:22
huh, hope you checked what all the stuff was that you removed
stoned 2017-02-27 09:05:12
I have my configs backed up. worst come to worst, I'll reinstall from stretch.
stoned 2017-02-27 09:05:16
shouldn't though.
stoned 2017-02-27 09:34:19
I have tried so many installed in so many distrubituions
stoned 2017-02-27 09:34:27
debian is the best installer , no nonsense.
Xorin_5s5 2017-02-27 09:35:05
Hi guys, can someone advise what's the best practice in configuring an office server (for two web sites, ftp and file server). Making two vm's in KVM, one for web and one for storage is a good approach? I have no experience designing a server for an office.
greycat 2017-02-27 09:35:39
Why ... in the hell ... would you just straight to "hey let's make VMs"
greycat 2017-02-27 09:35:56
How about you just install Debian and configure the services you want to run?
stoned 2017-02-27 09:35:59
greycat: no experience
jasonwc 2017-02-27 09:36:09
Virtualization is going to hurt storage performance from the benchmarks I've seen
jasonwc 2017-02-27 09:36:29
unless you're giving it raw devices to work with
jasonwc 2017-02-27 09:37:20
I don't see what the benefit would be of two VMs here.
jasonwc 2017-02-27 09:37:20
are you doing it for security?
somiaj 2017-02-27 09:38:09
Xorin_5s5: virtualization is useful if you want to isolate stuff from each other a little more, but will come at a preformance cost. In your case it may not be needed since one debian install can do multiple things, as greycat pointed out.
missmbob 2017-02-27 09:40:55
Xorin_5s5: there's no reason for it. you're just doing it because "advisers" told you VM's are cool
Xorin_5s52 2017-02-27 09:41:09
Thanks a lot guy's I think you all made it very clear
nickgaw 2017-02-27 09:56:25
Hi, I have a western digital my book with encryption turned on using their smart ware tool under windows is there a way under linux I can access my encrypted drive if I know the password or do I have to turn off encryption every time I wish to use it under linux?
SerajewelKS 2017-02-27 09:59:02
nickgaw: the encryption/unlocking is done in hardware, using a proprietary driver. to my knowledge, there is no linux implementation.
PryMar56 2017-02-27 09:59:42
nickgaw, if there is no linux support here, then good luck: http://support.wdc.com/product.aspx?ID=136
nickgaw 2017-02-27 09:59:47
Have you heard of drives like this before?
SerajewelKS 2017-02-27 10:01:11
nickgaw: it's reminiscent of iomega zip drives and their locking feature, though WD drives actually do AES-256 (but poorly)
jasonwc 2017-02-27 10:01:11
The RC bug count for Stretch appears to have gone up in the last few days but the main page says, "NO release-critical bugs were closed and NONE were opened." Am I misremembering
missmbob 2017-02-27 10:01:11
jasonwc: it's gone up. i saw 212
jasonwc 2017-02-27 10:01:11
yeah, now it's 231
nkuttler 2017-02-27 10:01:17
jasonwc: severity can change
jasonwc 2017-02-27 10:01:20
although it was much higher at this point in the Jessie and Wheezy development cycle
SerajewelKS 2017-02-27 10:01:30
nickgaw: unless they have addressed it prior to the manufacture of your drive, there are only 2^40 possible drive encryption keys, which can be pretty easily brute-forced
nickgaw 2017-02-27 10:01:39
So just unlock the drive or contact western digital and ask them about why they don't have a linux driver? as their phone support is pritty much useless?
SerajewelKS 2017-02-27 10:01:52
nickgaw: so drive encryption is only going to protect you from people who don't know what they are doing (kids, friends, etc.)
jasonwc 2017-02-27 10:02:04
SerajewelKS: Isn't there an open standard for hardware encryption of harddrives and SSDs that WD could have used?
jasonwc 2017-02-27 10:02:16
SED/
jasonwc 2017-02-27 10:02:17
?
SerajewelKS 2017-02-27 10:02:43
jasonwc: possibly, i'm not sure it would have mattered. the problem is that the PRNG chip that generates the drive encryption key is not cryptographically secure.
SerajewelKS 2017-02-27 10:03:00
any crypto system is more or less useless with an insecure PRNG
jasonwc 2017-02-27 10:03:43
I'm thinking of this: https://en.wikipedia.org/wiki/Hardware-based_full_disk_encryption
nickgaw 2017-02-27 10:03:58
I know my password so I can always turn off encryption then turn it back on later but the entire point of buying this drive was because of the encryption and I don't want to use software based encryption
jasonwc 2017-02-27 10:04:29
dm-crypt uses AES-NI, so it should be very fast
jasonwc 2017-02-27 10:04:59
so, not sure why the hardware encryption is needed
SerajewelKS 2017-02-27 10:05:09
nickgaw: you should have purchased a drive with non-broken and linux-compatible hardware encryption then ;)
SerajewelKS 2017-02-27 10:05:09
jasonwc: i think portability to a windows system might also be a requirement. not outright stated, but implied.
SerajewelKS 2017-02-27 10:05:09
in which case dm-crypt would not be a solution
jasonwc 2017-02-27 10:05:09
nickgaw: Why don't you want to use hardware encryption? On an overclocked core i5, I can do 4 GB/sec encryption/decrypiton with AES-NI
jasonwc 2017-02-27 10:05:09
SerajewelKS: In that case, veracrypt?
SerajewelKS 2017-02-27 10:05:09
nickgaw: maybe you should take a step back and tell us what you are trying to accomplish at a high level
nickgaw 2017-02-27 10:05:09
I do want to use hardware encryption not software only encryption
jasonwc 2017-02-27 10:05:09
nickgaw: Why?
jasonwc 2017-02-27 10:05:17
SerajewelKS just informed you that the PRNG the drive uses is broken, so it's not secure
jasonwc 2017-02-27 10:05:44
I assumed you wanted hardware encryptoin due to overhead, so I just told you the overhead on modern hardware is minimal
jasonwc 2017-02-27 10:05:49
Why else would you want a black box system?
SerajewelKS 2017-02-27 10:05:58
if i'm reading this right, there are also backdoors that can be used by commercial forensic tools
nickgaw 2017-02-27 10:07:04
well the drive was cheap at the time.
SerajewelKS 2017-02-27 10:07:10
now you know why it was cheap ;)
jasonwc 2017-02-27 10:07:10
you can use veracrypt or dm-crypt with any drive
jasonwc 2017-02-27 10:07:10
and both are going to give you hardware accelerated encryption with AES-NI
jasonwc 2017-02-27 10:07:10
supported by any recent linux kernel
jasonwc 2017-02-27 10:07:10
out of the box
nickgaw 2017-02-27 10:07:10
the fact it only works in windows is not a major issue as I have windows 10 pro 64 bits I just was wondering if linux had a method for accessing it.
jasonwc 2017-02-27 10:07:20
I was just curious what was attractive about the feature in the first place :)
nickgaw 2017-02-27 10:07:42
so people who I don't want accessing my data can not access it.
SerajewelKS 2017-02-27 10:07:47
WD has not given linux a means to unlock the drive
jasonwc 2017-02-27 10:08:21
nickgaw: I wasn't referring to encryption. I was referring to the use of WD's encryption versus a more open software solution that uses hardware acceleration on the CPU (pretty much all of them_
conspacer 2017-02-27 10:08:39
I have edited visudo (as root) adding timestamp_timeout=-1. Even after a reboot sudo users still get 5 mins timeout. BVery frustrating
conspacer 2017-02-27 10:08:42
Jessie latest stable
SerajewelKS 2017-02-27 10:09:24
nickgaw: the part we aren't understanding is how hardware encryption is a part of that requirement
SerajewelKS 2017-02-27 10:09:35
nickgaw: as though software encryption is weak
SerajewelKS 2017-02-27 10:09:53
(on the contrary, software encryption can be more easily audited and proven to correctly operate)
nickgaw 2017-02-27 10:10:21
why should I have to install third party or any software to encrypt or decrypt the drive when if the drive had an open method I could use it are there any drives I can look into that do give linux access to their drives?
jasonwc 2017-02-27 10:10:22
If anything, software encryption is far more secure
jasonwc 2017-02-27 10:10:25
it's more likely to be audited
jasonwc 2017-02-27 10:10:53
An expert can figure out exactly what the software is doing and the CPU provides the acceleration via AES-NI, so you don't even get a speed advantage really from the hardware solutions
jasonwc 2017-02-27 10:10:55
they're just a black box
missmbob 2017-02-27 10:11:12
nickgaw: we're not WD. it's their fault. asking why in here wont help much
jasonwc 2017-02-27 10:11:30
nickgaw: that was actually the question I asked. I believe there is an open standard, used in enterprise drives and SSDs, but I don't know what the support is on Linux
nickgaw 2017-02-27 10:11:34
understandable so you are saying software encryption that encrypts the entire drive is better?
jasonwc 2017-02-27 10:11:44
nickgaw: This - https://en.wikipedia.org/wiki/Hardware-based_full_disk_encryption
missmbob 2017-02-27 10:11:48
nickgaw: that's what most of us use
jasonwc 2017-02-27 10:12:01
i've seen it referred to as OPAL
nickgaw 2017-02-27 10:13:06
What good tools work with only the command line under linux but provide similar abilties as dead truecrypt?
missmbob 2017-02-27 10:13:25
dm-crypt
SerajewelKS 2017-02-27 10:13:32
nickgaw: that depends whether you need to access the encryption volume from other platforms (windows) too, or if it will only ever be used with a linux system
nickgaw 2017-02-27 10:13:33
is there a windows 10 equivolent?
jasonwc 2017-02-27 10:13:33
FYI, OPAL - the open standard for drive encryption - IS supported on Linux
jasonwc 2017-02-27 10:13:33
See https://wiki.archlinux.org/index.php/Self-Encrypting_Drives
teraflops 2017-02-27 10:13:33
luks
jasonwc 2017-02-27 10:13:44
https://github.com/t-d-k/LibreCrypt
jasonwc 2017-02-27 10:14:00
I thin there is Windows support for LUKS
nickgaw 2017-02-27 10:14:35
the entire idea is to be able to encrypt the data on one platform and then access it on other platforms like I can with my unencrypted drives.
jasonwc 2017-02-27 10:15:47
nickgaw: If it's just a secondary drive, Veracrypt replaces Truecrypt, and works easily in Linux and Windows.
jasonwc 2017-02-27 10:16:36
LibreCrypt can open LUKS encrypted drives, so that would even work with full-disk-encryption for your OS drive
jasonwc 2017-02-27 10:16:39
"Compatible with Linux encryption: dm-crypt and LUKS. Linux shell scripts support deniable encryption on Linux."
nickgaw 2017-02-27 10:16:47
can I encrypt my drive with the data in place or will I need to reformat it?
jasonwc 2017-02-27 10:19:03
You would have to research that. I don't know.
CutMeOwnThroat 2017-02-27 10:19:03
what deniable encryption
dragoonis 2017-02-27 10:19:03
I want to use Debian Stretch on AWS - using one of the available AMIs
dragoonis 2017-02-27 10:19:03
Who's doing this already?
dragoonis 2017-02-27 10:19:03
AWS has this - but i'm unsure if it's a good choice, bcoz it has 2016 on it.
dragoonis 2017-02-27 10:19:03
debian-stretch-amd64-hvm-2016-09-23-08-48-ebs - ami-2f40bd40
dragoonis 2017-02-27 10:19:07
and jessie (which is older) has 2017 version for it.
stoned 2017-02-27 10:20:07
Just downloaded 1gb of debian packets
stoned 2017-02-27 10:20:12
let the upgrade begin!
SuperTramp83 2017-02-27 10:20:22
\o/
CutMeOwnThroat 2017-02-27 10:21:01
then it'll be a jessie with somewhat up-to-date security updates and a stretch/testing from last year
SuperTramp83 2017-02-27 10:21:45
nickgaw, pretty sure you'll have to reformat it
nickgaw 2017-02-27 10:22:09
If I were to encrypt it using bitlocker under windows can linux unlock those drives?
missmbob 2017-02-27 10:23:11
nickgaw: http://www.hsc.fr/ressources/outils/dislocker/
CutMeOwnThroat 2017-02-27 10:27:27
yeah
nickgaw 2017-02-27 10:28:41
does this channel not like talking about Microsoft windows operating system as lots of people want to access their data across operating systems?
somiaj 2017-02-27 10:29:21
nickgaw: we don't support windows, though if the question was something like ways to access data on windows from a dual boot situation many would have some advise
teraflops 2017-02-27 10:29:35
nickgaw: it's just this channel is focused on debian support
somiaj 2017-02-27 10:29:50
but we try to sick to only supporting the debian boot of a dual boot, though things like debian can read ntfs with ntfs-3g or windows has drivers for ext4 is useful to know.
nickgaw 2017-02-27 10:30:03
I wish to encrypt my hard drive in either linux or windows but have a method for accessing it from either operating system.
jhutchins_wk 2017-02-27 10:32:10
nickgaw: As far as I know, windows disk encryption is not compatible with linux by design.
jhutchins_wk 2017-02-27 10:32:34
nickgaw: There _may_ be windows versions of linux encryption programs.
jhutchins_wk 2017-02-27 10:32:55
nickgaw: A lot of OS software gets ported.
frostschutz 2017-02-27 10:34:01
well, truecrypt/veracrypt is supported by cryptsetup (to some extent)
SerajewelKS 2017-02-27 10:34:09
veracrypt in theory works on both windows and linux, though i have not personally used it
nickgaw 2017-02-27 10:34:56
I was going to reinstall debian stable with LVM encryption but don't want to have to wait the several hours it takes to random out the drive before allowing me to do the restof the setup can you stop the process and just go on with the installation and not have to wait forever if I don't care about the old data?
SerajewelKS 2017-02-27 10:35:25
nickgaw: the purpose isn't to destroy the old data as much as it's to make the encrypted volume entirely opaque
SerajewelKS 2017-02-27 10:35:35
(AIUI)
dannyLopez 2017-02-27 10:35:38
Hi.
nickgaw 2017-02-27 10:36:05
understandable but what if I don't care and just want the quick encryption method is this possible?
SerajewelKS 2017-02-27 10:36:16
nickgaw: if you are creating an encrypted volume over an old one, for example, an attacker looking at the raw data on disk could probably fairly easily tell which blocks are used by the encrypted volume
stoned 2017-02-27 10:36:36
/var/cache/apt/archives/nvidia-legacy-check_375.26-2_amd64.deb
stoned 2017-02-27 10:36:37
E: Sub-process /usr/bin/dpkg returned an error code (1)
SerajewelKS 2017-02-27 10:36:39
nickgaw: it might be, i'm not sure if it is from the installer
stoned 2017-02-27 10:36:43
it returns an error here
jhutchins_wk 2017-02-27 10:36:47
nickgaw: I've seen that asked many times and I've never seen a positive answer.
stoned 2017-02-27 10:36:48
I tried stretch upgrade
stoned 2017-02-27 10:36:59
jessie to stretch, and it fails on nvidia legacy check package
nickgaw 2017-02-27 10:37:35
so I guess the answer is to wait for the encryption to finish?
frostschutz 2017-02-27 10:37:39
if you turn your monitor 90 degrees the progress bar might go faster thanks to gravity
jhutchins_wk 2017-02-27 10:37:39
stoned: You might ask in #debian-next on oftc.net - higher concentration of testers.
SerajewelKS 2017-02-27 10:37:58
nickgaw: that's what i would recommend. if all of the tools for accomplishing X also do Y as part of the process, i would be very hesitant to try to get them to skip Y.
stoned 2017-02-27 10:37:59
oh right
stoned 2017-02-27 10:38:02
It's n ot stable yet
stoned 2017-02-27 10:38:03
just frozen
SerajewelKS 2017-02-27 10:38:08
because the authors of those tools probably have pretty good reasons for trying to make Y happen
dontknow 2017-02-27 10:38:14
nickgaw, there is an option to not erase disk before encryption
dontknow 2017-02-27 10:38:25
at least in netinstall
SerajewelKS 2017-02-27 10:39:10
nickgaw: if you are doing this in the debian installer, note that the volume will not be accessible from a windows system
stoned 2017-02-27 10:40:12
Well I just did apt-get fix install and it's cointuing to setup the rest of the upgrade.
stoned 2017-02-27 10:40:18
that was goofy.
nickgaw 2017-02-27 10:41:39
it is an internal drive not an external drive for the debian installlation the operating system drive so where is that option in the debian installer even at low priority I don't see it?
CarlFK 2017-02-27 10:41:51
apt install nfs-kernel-server; then create /etc/exports; do I need to re/start the nfs server before clients can mount it?
nickgaw 2017-02-27 10:41:53
to not erase the drive
CutMeOwnThroat 2017-02-27 10:42:33
hm. maybe I should also enter the exciting world of testing while one can still fix stuff one cares about
dannyLopez 2017-02-27 10:44:54
Anybody use Awesome WM?
