SpaceCadet

SpaceCadet, 1 year ago

Besides, if anyone tries to boot any other OS which is not mine, the keys are erased.

There are forensic tools that can capture the contents of RAM, and so access your decrypted LUKS encryption key.

I guess it depends on who you are protecting against, but if for example law enforcement wants evidence against you for what they think is a serious enough crime, they just may go through the trouble to do it.

SpaceCadet, 1 year ago (edited 1 year ago)

they cannot access the data from software because it is blocked by login screen

The system may still be vulnerable to over the network exploits. So for example, if the system is running sshd, and a couple of months from now a root exploit is found (à la heartbleed), the attacker may get inside.

It’s somewhat of a long shot, but it’s still a much larger attack surface than butting your head against a LUKS encrypted drive that’s at rest.

they cannot access the data from hardware because it is protected by FDE.

RAM is not protected by FDE. There are (obviously non-trivial) ways to dump the RAM of a running system (Cold Boot attacks, and other forensic tools exist). So if the attacker is dedicated enough, there are ways.

One of the misconceptions I had before is that I assumed that the disk will be decrypted when you enter the LUKS password. This is not true, the password is loaded into the ram, and only decrypts necessary parts to RAM. All the data on the disk is never decrypted, even when you are working in your OS.

Hah! That would be impractical :) Imagine having to decrypt your entire 32TB drive array everytime you booted your computer.

SpaceCadet, 1 year ago (edited 1 year ago)

I ditched Ubuntu LTS for my homelab virtual machines around 20.04 when they started to push snaps, netplan and cloud-init, meaning I would have to spend a significant amount of effort redoing my bootstrap scripts for no good reason and learning skills that are only applicable in the Ubuntu ecosystem. I went with debian stable instead, and was left wondering why I hadn’t done that sooner. It’s like Ubuntu without all the weirdness.

SpaceCadet, 1 year ago

nowadays egrep is not recommended to use. grep -E is a more portable synonim

Not directed at you personally, but this is the kind of pointless pedantry from upstream developers that grinds my gears.

Like, I’ve used egrep for 25 years. I don’t know of a still relevant Unix variant in existence that doesn’t have the egrep command. But suddenly now, when any other Unix variant but Linux is all but extinct, and all your shell scripts are probably full of bashisms and Linuxisms anyway, now there is somehow a portability problem, and they deem it necessary to print out a warning whenever I dare to run egrep instead of grep -E? C’mon now … If anything, they have just made it less portable by spitting out spurious warnings where there weren’t any before.

SpaceCadet, 1 year ago (edited 1 year ago)

GNU grep, the most widespread implementation, does not include egrep, fgrep and rgrep for years. Distributions (not all, but many) provide shell scripts that simply run grep with corresponding option for backward compatibility. You can learn this from official documentation.

It seems you need to read the official documentation yourself. While it’s new information to me that egrep is no longer a symlink, as it used to be a couple of years ago, but a shell script wrapper to grep -E instead, the egrep command is to this day still provided by upstream GNU grep and is installed by default if you run ./configure; make; make install from source. So it is not a backward compatibility hack provided by the distribution.

You can check for yourself. Download the source from ftp.gnu.org/gnu/grep/grep-3.11.tar.gz, unpack and look for src/egrep.sh or line 1756 of src/Makefile. Apparently the change from symlink to shell script was done in 2014, and the deprecation warning was added only last year.

In any case, my larger point is that the depreciation of egrep was a pointless and arbitrary decision that does not benefit users, especially not veterans like myself who have become accustomed to its presence. I don’t mind change, but let’s be honest, most people are not in the habit of checking the minutiae of every little command line utility they use, so a change like this violates the principle of least surprise. It’s one thing if things are changed with a good reason and the users do not only suffer the inconvenience of the change but get to reap the benefits of it as well, but so far I haven’t found any justification for it yet, nor can I think of any.

So if there is a portability problem with using egrep now, it’s a self-inflicted portability problem that they caused by deprecating egrep in the first place.

Also, my scripts are not full of bashisms, gnuisms, linuxisms and other -isms, I try to keep them portable unless it is really necessary to use some unportable command or syntax.

Good for you. Do you want a cookie or something?

SpaceCadet, 1 year ago (edited 1 year ago)

You are strawmanning, and your links are not countering any point I made. I never disputed the depreciation as fact, and I never recommended that beginners should use egrep over grep -E

I disputed your claims that the egrep command has just been a distro hack all these years, when in fact GNU to this day still distributes egrep through its source tarballs and only very recently started to warn about it through the wrapper script. And again, the only “portability problem” here is the fact that they deprecated it in the first place, i.e. a self-inflicted one.

Then as a Linux and Unix veteran I gave my subjective opinion by lamenting and criticizing the fact that this depreciation happened, and how changes like this always feel like unnecessary pedantry to me. Yes it’s an expression of frustration, but I am allowed to feel frustrated about it. I don’t need people like you invalidating how I feel about breaking changes in software that I use daily.

SpaceCadet, 1 year ago (edited 1 year ago)

Well he wrote it like he wanted to be applauded for it or something.

I also find the irony of your comment extremely funny … although that’s probably lost on you.

Later, dude.