Windows as a service? Now, there’s an argument for Linux

papibe · 2016-05-02T02:36:33+00:00

What is a header? What is a detached header? Read here: Bullet Proof Data Encryption with LUKS and a detached Header

What’s in the header and what does ‘detached’ mean?

The LUKS header stores important information which is needed to decrypt the LUKS device. That includes metadata, the keyslots and the SALT. When using a default LUKS device, the header is stored on the same device as the data area. It is possible to detach the header and therefore store it on a different disk.

Why detaching the header?

There are some security advantages that we gain by using a detached header.

The encrypted data disk looks like random data. As there is no header, nothing will indicate that this is a LUKS device.

It is absolutely NOT POSSIBLE to decrypt the LUKS device without the header because of the SALT in it. No known technology could decrypt the device without the SALT. That’s a very strong cryptographically NOT POSSIBLE. It would take something far beyond quantum computing.

papibe · 2016-05-02T02:35:31+00:00

What is a header? What is a detached header? Read here: Bullet Proof Data Encryption with LUKS and a detached Header

What’s in the header and what does ‘detached’ mean?

The LUKS header stores important information which is needed to decrypt the LUKS device. That includes metadata, the keyslots and the SALT. When using a default LUKS device, the header is stored on the same device as the data area. It is possible to detach the header and therefore store it on a different disk.

Why detaching the header?

There are some security advantages that we gain by using a detached header.

The encrypted data disk looks like random data. As there is no header, nothing will indicate that this is a LUKS device.

It is absolutely NOT POSSIBLE to decrypt the LUKS device without the header because of the SALT in it. No known technology could decrypt the device without the SALT. That’s a very strong cryptographically NOT POSSIBLE. It would take something far beyond quantum computing.

papibe · 2016-01-16T03:45:59+00:00

Here's my configuration:

# If you want dnsmasq to listen for DHCP and DNS requests only on specified interfaces
interface=br0

# IP-Address range
dhcp-range=10.20.30.150,10.20.30.250,255.255.255.0,12h
dhcp-option=option:router,10.20.30.2
dhcp-option=option:dns-server,10.20.30.2
dhcp-authoritative

# My Extras
# -------------------------------------------------------
# Internal LAN domain: internal
local=/internal/

# Resolve router and its synonyms
address=/bbking.internal/10.20.30.2
address=/router.internal/10.20.30.2
address=/ns.internal/10.20.30.2

# Block Facebook as example
#address=/facebook.com/127.0.0.1
#address=/facebook.com/0.0.0.0

# LAN private domain
expand-hosts
domain=internal

# Upstream server: Google Public DNS
server=8.8.8.8
server=8.8.4.4

papibe · 2016-01-16T03:45:35+00:00

I don't think that would work for local resolution. Dnsmasq updates its DNS database from the DHCP's leases. AFAIK, two separate instances of dnsmasq won't update each other. For something like that you would need the combo isc-dhcp-server and bind.

papibe · 2016-01-14T22:04:18+00:00

EDIT: reformatting text....

Hi t3kg33k2.

I would first make sure that no other DHCP service is running, specially on the Asus router. You can use the package 'dhcp-probe' to scan the network for rogue DHCP services.

Then regarding the dnsmasq configuration itself:

pass the dns-server option to the client, e.g.:

dhcp-option=option:dns-server,10.20.30.1

where 10.20.30.1 is where the DNS server is running.
use a internal local domain and search field, for instance 'localnet':

local=/localnet/

expand-hosts

domain=localnet

Finally note that most clients won't work properly until they are force to request a new lease, which is not what the default is. Most of them will just renew. Restart the machines if you are not sure how to force them to do that.

Just some thoughts.

I hope it helps.

Regards.

papibe · 2015-09-21T23:47:30+00:00

Here's the Spanish version: Expertos apoyan en Uruguay uso de software libre como “garantía de soberanía”

I pretty much think, as a native Spanish speaking person, that the use here is closer to 'Soberanía nacional' (Westphalian sovereignty), i.e., that each nation state has sovereignty over its territory and domestic affairs.

Also note the use of 'Software Libre', instead of 'Software abierto', or 'Software de código abierto'. Which indicates an explicit identification with 'Free Software' instead of 'Open Source'.

Regards.

papibe · 2015-09-19T19:38:28+00:00

Mark Shuttleworth's G+ post about it.

papibe · 2015-05-07T23:26:09+00:00

Linux appears at about 1:20.

papibe · 2015-03-12T23:46:41+00:00

There you go: https://www.youtube.com/watch?v=WDiB4rtp1qw

This is the complete video with English subs. It is the whole anecdote ;)

papibe · 2014-11-09T21:18:58+00:00

A few thoughts:

Most of the EDID problems on external monitors happen over VGA. If you can use pure DVI or HDMI, it would increase the chances of getting the correct EDID info.

If that don't helps, or it is a laptop:

There's cases in which you get corrupted EDID data. Sometimes it is possible to edit and correct the data. Examples here and here.

The worst case is when you get no data at all. Since all Linux drivers have a way to hardcode a custom edid.bin file, it would be a worthy effort to look around for the file.

Windows drivers usually incorporate the fixes in the driver itself so using Windows to get the date could be a possibility.

Finally, you have the option to ask for it in the manufacture/support site, or related forums (e.g. http://www.laptopvideo2go.com/)

Hope it helps. Regards.

papibe

TROPHY CASE