Ubuntu ZFS: Encryption

 Computing, Linux  No Responses »
Apr 262020
 

Experimenting with Ubuntu’s “new” (relatively so) ZFS installation option is all very well, but encryption is not optional for a laptop that is taken around the place.

Whether I should have spent more time poking around the installer to find the option is a possibility, but post-install enabling encryption isn’t so difficult.

The first step is to create an encrypted filesystem – encryption only works on newly created filesystems and cannot be turned on later :-

zfs create -o encryption=on \
  -o keyformat=passphrase \
  rpool/USERDATA/ehome

You will be asked for the passphrase as it is created. Forgetting this is extremely inadvisable!

One created, reboot to check that :-

  1. You get prompted for the passphrase (as of Ubuntu 20.04 you do).
  2. That the encrypted filesystem gets mounted automatically (likewise).

At this point you should be able to create the filesystems for the relevant home directories :-

zfs create rpool/USERDATA/ehome/root
cd /root
rsync -arv . /ehome/root
cd /
zfs set mountpoint=/root rpool/USERDATA/ehome/root
(An error will result as there is something already there but it does the important bit)
zfs set mountpoint=none rpool/USERDATA/root_xyzzy
(A similar error)

Repeat this for each user on the system, and reboot. See if you can login and your files are present.

This leaves the old unencrypted home directories around (which can be removed with zfs destroy -r rpool/USERDATA/root_xyzzy). It is possible that this re-arrangement of how home directories work will break some of Ubuntu’s features – such as scheduled snapshots of home directories (which is why the destroy command needs the “-r” flag before).

But it’s getting there.

The Coolest USB Devices

 Computing  No Responses »
Oct 202012
 

If you have a look for top cool USB devices, you will find plenty of lists out there with rather boring choices. In fact most of the devices are simple memory sticks whose main means of standing out from the crowd is to have an unusual form factor. Now I like funky form factors for my memory sticks as much as the next person, and some of the memory stick designs do deserve some attention. Some other lists contain things like USB powered missile launchers, heated mugs, etc. all very fun.

But it is still a bit of a shame that you have to look so hard for really interesting USB devices. My list below has been gathered over years and frequently by accidentally discovering them. I’ll add additional ones to the list as I discover them … or if people tell me about ones that interest me :-

iStorage DatAshur

And after all that moaning about memory sticks, the very first device on my list is a memory stick! But a rather different one :-

The difference is hinted at by the little buttons on the memory stick. This is a hardware encrypted memory stick where the encryption is implemented within the stick itself rather than rely on a piece of software that may or may not work with your current operating system.

The Entropy Key

You can tell this is a more geeky product just by the fact that the sales picture shows the device naked :-

What this does is provide a source of genuinely random numbers that can be used by Linux to add entropy to the standard random numbers device. To most people, this is a pretty uninteresting device, but anyone involved with cryptography is undoubtedly saying Cool! and has probably clicked on the title link to disappear from this posting to go and get one.

The Ubertooth One

As you may very well guess from the really naked picture of this device, it is probably the geekiest device in this list. It is effectively a software radio limited to the 2.4GHz band and is intended as a device for hacking bluetooth. Think of it as a WiFi sniffer but for bluetooth; although it can do quite a bit more.

The Zalman Hard Disk Enclosure

Your average USB hard disk enclosure (for putting an appropriate spare internal hard disk in) is not exactly exciting, and this device is one of those “stealth” devices that becomes more interesting the deeper you look at it :-

Note the little LCD display. What you cannot see is a little job-wheel which is the input device to control the functions. This little box of tricks allows you to select an ISO file contained within a subdirectory named _ISO and the firmware emulates a CD-ROM with that ISO inserted into it. Yes, you can now carry around as many CDs as you want and use them to boot from.

An Open Letter To Apple/Steve Jobs Regarding Closed iPods (Encrypted Firmware, etc.)

 Computing  No Responses »
Sep 212007
 

Well this is not so much a letter as just a rant because I’m very doubtful that anyone from Apple never mind Steve Jobs is likely to read this. But it is good to get a good rant off your chest and out there (which basically explains this whole site … it is not for you … it is for me). Especially after a few glasses of port!

I currently own an iPod video and have been thinking about buying a Macbook, but I have been doing some rethinking after the announcment of the iPod Classic. It seems that Apple have encrypted the iPod Classic firmware again (the Nano 2g firmware is also encrypted) and have added a hash to iTunes just to make things a little more difficult for those who like to do “unusual” things with their iPods.

I am a Rockbox user (I haven’t even used the normal firmware on my iPod except when I’ve booted it by mistake) mostly because most of my CDs have been encoded in OGG format and I really did not want to re-encode them in any other format because of how long it would take. So Apple have made money out of me because I purchased an iPod; I’m beginning to regret that because Apple seems to be determined to be the kind of business that I don’t want to fund.

First of all there is the encryption of the firmware. I am sure that Apple is aware that hackers have produced not only alternative firmwares but also a utility to patch the default firmware to make interesting changes. So why the encryption ? Obviously to make things difficult for the hackers. In some situations smaller companies may be forced to do something similar because larger companies want to “protect their intellectual property rights”, but Apple is in a dominant position in the portable music player music market … they are the ones who will be dictating the contract terms.

Secondly Apple changed iTunes in an attempt to lock out other music managers. The fact that this protection has been hacked and is no longer a problem is irrelevant … Apple showed their colours by making it difficult to use anything other than iTunes.

A few years ago when it was trendy, Apple embraced the open source model by releasing some of their operating system as open source. Despite apparently trying to improve their operating system by incorporating a open source filesystem (ZFS), they seem to be rapidly retreating from this position. Or at least giving the appearance of doing so. So perhaps their earlier embracement of open source was just a marketing move … something you might expect from Microsoft.

Apple is giving the impression of trying to become a company as user-hostile as Microsoft.