-
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
No need to say sorry. cryptsetup --integrity sets up dm-crypt on top of dm-integrity. But the modern cryptographic advice, in general, is to avoid such layered setups, because they are unnecessarily slow: AEAD is a primitive that provides both authentication and encryption in one layer, and is faster than doing the two parts separately. Unfortunately, this is not yet implemented in a good way for disk encryption.
I'd love to have physical laptop security like Lennart described in his blog some day. I feel like for this setup to be viable for lazy users like me, there needs to be more integrated support (such as this systemd-boot issue) and a new detailed installation guide that establishes a full chain of trust from boot and sets up systemd-homed without having to figure out too much on your own. With automatic signing for system updates, too, of course. Anyone else in a similar situation? I don't wanna come across as demanding, I know it's a community effort OS, but I feel like I wanna learn more about these issues to know how and when to try installing Secure Boot and encryption again.
Things like the sd-boot issue is misunderstood in my eyes. It works for container use cases (like mkosi) and shouldn't be used for personal desktops in my opinion. Obviously biased as the author of sbctl.
The main issues I think is that many of these ideas are only really compatible with an immutable OS like Fedora Silverblue and ostree-like systems. It works better where you can cut releases and say "this is the base system" while a rolling release distribution is a moving target where you will be struggling with idiosyncrasies. The mutable part would be /home on a separate partition and any tool usage would be confined into toolbox like containers.