issue132:courrier
Différences
Ci-dessous, les différences entre deux révisions de la page.
Prochaine révision | Révision précédenteDernière révisionLes deux révisions suivantes | ||
issue132:courrier [2018/04/30 12:22] – créée auntiee | issue132:courrier [2018/05/11 13:59] – andre_domenech | ||
---|---|---|---|
Ligne 1: | Ligne 1: | ||
- | Encryption | + | **Encryption |
Your last edition (FCM#131) gave instructions on how to fully encrypt the entire drive rather than just the home partition, by using VeraCrypt. | Your last edition (FCM#131) gave instructions on how to fully encrypt the entire drive rather than just the home partition, by using VeraCrypt. | ||
Ligne 7: | Ligne 7: | ||
I attempted to do just this. After much help from others, I succeeded. This process encrypts both Linux and Grub — but not the very initial boot, for obvious reasons. (This unavoidable unencrypted initial point leaves open a tiny vulnerability.) The process requires UEFI on the machine. | I attempted to do just this. After much help from others, I succeeded. This process encrypts both Linux and Grub — but not the very initial boot, for obvious reasons. (This unavoidable unencrypted initial point leaves open a tiny vulnerability.) The process requires UEFI on the machine. | ||
- | For those who might find this interesting, | + | For those who might find this interesting, |
- | Unfortunately, | + | Cryptage |
+ | |||
+ | Votre dernier numéro (FCM n° 131) donne des instructions sur le cryptage complet d'un disque dur plutôt que la seule partition home, en utilisant Veracrypt. | ||
+ | |||
+ | L'an dernier, je me demandais si Veracrypt pourrait être remplacé par LUKS, gardant à l' | ||
+ | |||
+ | J'ai essayé simplement de le faire. Après avoir reçu beaucoup d'aide des autres, j'ai réussi. Ce procédé crypte à la fois Linux et Grub, mais pas le démarreur initial, pour des raisons évidentes. (Cet inévitable élément initial non crypté laisse ouverte une petite vulnérabilité.) Le procédé nécessite UEFI sur la machine. | ||
+ | |||
+ | Pour ceux qui trouverait ceci intéressant, | ||
+ | |||
+ | **Unfortunately, | ||
• Grub and Ubuntu don't support this natively, making the installation process lengthy and manual. Easy, but long and fiddly. | • Grub and Ubuntu don't support this natively, making the installation process lengthy and manual. Easy, but long and fiddly. | ||
• After a kernel update, you need to redo a small part of the installation (as documented in the Troubleshooting guide). Quick and easy, true, but irritating and easy to forget to do. | • After a kernel update, you need to redo a small part of the installation (as documented in the Troubleshooting guide). Quick and easy, true, but irritating and easy to forget to do. | ||
• Being unsupported, | • Being unsupported, | ||
- | • The process encrypts only Linux, not Windows or any other distribution. | + | • The process encrypts only Linux, not Windows or any other distribution.** |
- | It might work far better (only on a modern machine because of extra required resources) to use a hypervisor such as Xen or KVM (so I understand), which in turn contains Windows, Ubuntu, | + | Malheureusement, certains problèmes rendent le procédé inapproprié pour qui ne serait pas des plus déterminés, et certainement pas pour les petits nouveaux. Voici le plus important : |
+ | • Grub et Ubuntu | ||
+ | • Après une mise à jour du noyau, vous devrez refaire une petite partie de l' | ||
+ | • N' | ||
+ | • Ce procédé ne crypte que Linux, pas Windows ou une autre distribution. | ||
- | I feel that Ubuntu should support full-disk encryption out of the box, especially given all the security concerns these days. | + | |
+ | **It might work far better (only on a modern machine because of extra required resources) to use a hypervisor such as Xen or KVM (so I understand), | ||
+ | |||
+ | Cela peut fonctionner beaucoup mieux (seulement sur une machine moderne à cause des ressources supplémentaires nécessaires) en utilisant un hyperviseur tel que Xen ou KVM (pour ce que je comprends), qui, à son tour, contient Windows, Ubuntu, Mac et n' | ||
+ | |||
+ | **I feel that Ubuntu should support full-disk encryption out of the box, especially given all the security concerns these days. | ||
Even better than that, the computer manufacturer should support hardware-level encryption, eliminating the need to do this at all via software. It would also eliminate the initial unencrypted point that the software method requires. I hope that this happens soon. | Even better than that, the computer manufacturer should support hardware-level encryption, eliminating the need to do this at all via software. It would also eliminate the initial unencrypted point that the software method requires. I hope that this happens soon. | ||
Ligne 24: | Ligne 43: | ||
And, now that I'm writing this, I've just realised how to include Windows and other operating systems in the encryption, again except for the UEFI partition. | And, now that I'm writing this, I've just realised how to include Windows and other operating systems in the encryption, again except for the UEFI partition. | ||
+ | |||
+ | Paddy Landau** | ||
+ | |||
+ | Je pense qu' | ||
+ | |||
+ | Encore mieux que ça, le fabricant d' | ||
+ | |||
+ | Entre temps, je présume que Veracrypt fournit la seule méthode raisonnable, | ||
+ | |||
+ | Et, pendant que j' | ||
Paddy Landau | Paddy Landau | ||
- | Containers | + | **Containers |
- | Could be that you have already covered this and I have missed it (mea culpa, if so), but may I suggest you cover using containers to create flexible applications on Linux, in particular Web stacks? I got very tired of re-installing Ubuntu while building directly installed LAMP stacks as nearly identical as possible to those on various deployment hosts. I had to reinstall Ubuntu because I could not count on removing side effects left behind in the file system as I replaced one stack configuration with another. Encapsulating the LAMP components in containers prevented the problem, albeit at the cost of some added complication. | + | Could be that you have already covered this and I have missed it (mea culpa, if so), but may I suggest you cover using containers to create flexible applications on Linux, in particular Web stacks? I got very tired of re-installing Ubuntu while building directly installed LAMP stacks as nearly identical as possible to those on various deployment hosts. I had to reinstall Ubuntu because I could not count on removing side effects left behind in the file system as I replaced one stack configuration with another. Encapsulating the LAMP components in containers prevented the problem, albeit at the cost of some added complication.** |
+ | |||
+ | Conteneurs | ||
+ | |||
+ | Il se pourrait que vous ayez déjà parlé de ceci et que je l'aie loupé (mes excuses, si c'est le cas), mais puis-je vous proposer de parler des conteneurs pour créer des applications adaptables sur Linux, en particulier des piles Web ? Je suis tellement las de ré-installer Ubuntu quand je construis des piles LAMP, directement installées, | ||
- | I thought I would have to work this out for myself, but I found that someone had beaten me to it with an excellent free-software solution. See devilbox.org for details. | + | **I thought I would have to work this out for myself, but I found that someone had beaten me to it with an excellent free-software solution. See devilbox.org for details. |
Putting this into the form of a leading question, please ask readers how often they need to reinstall Linux because they have broken something that they do not know how to fix. | Putting this into the form of a leading question, please ask readers how often they need to reinstall Linux because they have broken something that they do not know how to fix. | ||
- | Jeff Wilson | + | Jeff Wilson** |
+ | Je pensais que j' | ||
+ | |||
+ | En remettant ceci sous la forme d'une question à suivre, demandez à vos lecteurs combien de fois ils doivent ré-installer Linux parce qu'ils ont cassé quelque chose qu'ils ne savent pas comment réparer. | ||
+ | |||
+ | Jeff Wilson |
issue132/courrier.txt · Dernière modification : 2018/05/11 14:34 de auntiee