issue132:courrier
Différences
Ci-dessous, les différences entre deux révisions de la page.
Prochaine révision | Révision précédente | ||
issue132:courrier [2018/04/30 12:22] – créée auntiee | issue132:courrier [2018/05/11 14:34] (Version actuelle) – auntiee | ||
---|---|---|---|
Ligne 1: | Ligne 1: | ||
- | Encryption | + | **Encryption |
Your last edition (FCM#131) gave instructions on how to fully encrypt the entire drive rather than just the home partition, by using VeraCrypt. | Your last edition (FCM#131) gave instructions on how to fully encrypt the entire drive rather than just the home partition, by using VeraCrypt. | ||
Ligne 7: | Ligne 7: | ||
I attempted to do just this. After much help from others, I succeeded. This process encrypts both Linux and Grub — but not the very initial boot, for obvious reasons. (This unavoidable unencrypted initial point leaves open a tiny vulnerability.) The process requires UEFI on the machine. | I attempted to do just this. After much help from others, I succeeded. This process encrypts both Linux and Grub — but not the very initial boot, for obvious reasons. (This unavoidable unencrypted initial point leaves open a tiny vulnerability.) The process requires UEFI on the machine. | ||
- | For those who might find this interesting, | + | For those who might find this interesting, |
- | Unfortunately, | + | Cryptage |
+ | |||
+ | Votre dernier numéro (le FCM n° 131) donne des instructions sur le cryptage complet d'un disque dur plutôt que la seule partition home, en utilisant Veracrypt. | ||
+ | |||
+ | L'an dernier, je me demandais si Veracrypt pourrait être remplacé par LUKS, gardant à l' | ||
+ | |||
+ | J'ai essayé de le faire et, après avoir reçu beaucoup d'aide d' | ||
+ | |||
+ | Pour ceux qui trouverait ceci intéressant, | ||
+ | |||
+ | **Unfortunately, | ||
• Grub and Ubuntu don't support this natively, making the installation process lengthy and manual. Easy, but long and fiddly. | • Grub and Ubuntu don't support this natively, making the installation process lengthy and manual. Easy, but long and fiddly. | ||
• After a kernel update, you need to redo a small part of the installation (as documented in the Troubleshooting guide). Quick and easy, true, but irritating and easy to forget to do. | • After a kernel update, you need to redo a small part of the installation (as documented in the Troubleshooting guide). Quick and easy, true, but irritating and easy to forget to do. | ||
• Being unsupported, | • Being unsupported, | ||
- | • The process encrypts only Linux, not Windows or any other distribution. | + | • The process encrypts only Linux, not Windows or any other distribution.** |
- | It might work far better (only on a modern machine because of extra required resources) to use a hypervisor such as Xen or KVM (so I understand), which in turn contains Windows, Ubuntu, | + | Malheureusement, certains problèmes rendent le procédé inapproprié pour qui ne serait pas des plus déterminés, et certainement pas pour les petits nouveaux. Voici le plus important : |
+ | • Grub et Ubuntu | ||
+ | • Après une mise à jour du noyau, vous devrez refaire une petite partie de l' | ||
+ | • N' | ||
+ | • Ce procédé ne crypte que Linux, pas Windows ou une autre distribution. | ||
- | I feel that Ubuntu should support full-disk encryption out of the box, especially given all the security concerns these days. | + | |
+ | **It might work far better (only on a modern machine because of extra required resources) to use a hypervisor such as Xen or KVM (so I understand), | ||
+ | |||
+ | Cela peut fonctionner beaucoup mieux (seulement sur une machine moderne à cause des ressources supplémentaires nécessaires) en utilisant un hyperviseur tel que Xen ou KVM (pour ce que je comprends), qui, à son tour, contient Windows, Ubuntu, Mac et n' | ||
+ | |||
+ | **I feel that Ubuntu should support full-disk encryption out of the box, especially given all the security concerns these days. | ||
Even better than that, the computer manufacturer should support hardware-level encryption, eliminating the need to do this at all via software. It would also eliminate the initial unencrypted point that the software method requires. I hope that this happens soon. | Even better than that, the computer manufacturer should support hardware-level encryption, eliminating the need to do this at all via software. It would also eliminate the initial unencrypted point that the software method requires. I hope that this happens soon. | ||
Ligne 24: | Ligne 43: | ||
And, now that I'm writing this, I've just realised how to include Windows and other operating systems in the encryption, again except for the UEFI partition. | And, now that I'm writing this, I've just realised how to include Windows and other operating systems in the encryption, again except for the UEFI partition. | ||
+ | |||
+ | Paddy Landau** | ||
+ | |||
+ | Je pense qu' | ||
+ | |||
+ | Encore mieux que ça, le fabricant d' | ||
+ | |||
+ | Entre temps, je présume que Veracrypt fournit la seule méthode raisonnable, | ||
+ | |||
+ | Et, pendant que j' | ||
Paddy Landau | Paddy Landau | ||
- | Containers | + | **Containers |
- | Could be that you have already covered this and I have missed it (mea culpa, if so), but may I suggest you cover using containers to create flexible applications on Linux, in particular Web stacks? I got very tired of re-installing Ubuntu while building directly installed LAMP stacks as nearly identical as possible to those on various deployment hosts. I had to reinstall Ubuntu because I could not count on removing side effects left behind in the file system as I replaced one stack configuration with another. Encapsulating the LAMP components in containers prevented the problem, albeit at the cost of some added complication. | + | Could be that you have already covered this and I have missed it (mea culpa, if so), but may I suggest you cover using containers to create flexible applications on Linux, in particular Web stacks? I got very tired of re-installing Ubuntu while building directly installed LAMP stacks as nearly identical as possible to those on various deployment hosts. I had to reinstall Ubuntu because I could not count on removing side effects left behind in the file system as I replaced one stack configuration with another. Encapsulating the LAMP components in containers prevented the problem, albeit at the cost of some added complication.** |
+ | |||
+ | Conteneurs | ||
+ | |||
+ | Il se pourrait que vous ayez déjà parlé de ceci et que je l'aie loupé (mes excuses, si c'est le cas), mais puis-je vous proposer de parler des conteneurs pour créer des applications adaptables sur Linux, en particulier des piles Web ? Je suis tellement las de ré-installer Ubuntu quand je construis des piles LAMP, directement installées, | ||
- | I thought I would have to work this out for myself, but I found that someone had beaten me to it with an excellent free-software solution. See devilbox.org for details. | + | **I thought I would have to work this out for myself, but I found that someone had beaten me to it with an excellent free-software solution. See devilbox.org for details. |
Putting this into the form of a leading question, please ask readers how often they need to reinstall Linux because they have broken something that they do not know how to fix. | Putting this into the form of a leading question, please ask readers how often they need to reinstall Linux because they have broken something that they do not know how to fix. | ||
- | Jeff Wilson | + | Jeff Wilson** |
+ | Je pensais que j' | ||
+ | |||
+ | En d' | ||
+ | |||
+ | Jeff Wilson |
issue132/courrier.txt · Dernière modification : 2018/05/11 14:34 de auntiee