On 2/21/25 01:09, to...@tuxteam.de wrote:
On Thu, Feb 20, 2025 at 02:48:21PM -0500, gene heskett wrote:
On 2/20/25 14:10, Marco Möller wrote:
To my understanding, it makes no sense to perform a TRIM on storage
which is a LUKS2 encyrypted LVM. The storage device should anyway think
that each bit is in use after it was filled with random data when
creating the space. Not only that I cannot imagine how the storage
device should Know what is happening in the encrypted space, wouldn't it
be a security issue if the OS would inform the storage device about
unused space and its location and could actually perform some kind of a
TRIM?
Am I wrong?
Yes. Generally speaking, all file systems know exactly whats in use, they
have to, otherwise they would randomly overwrite another file [...]
You are wrong here, Gene -- in a strangely indirect way.
encryption is only for the data in that allocated space. The file system
knows nothing about that data
This is wrong when you have an encrypted block device, as is the case with
LUKS. There, the file system sits "in" or "on top" of that block device and
has no say on the en- and decryption steps.
As I said, I know zip about LUKS. If LUKS replaces the file system
(working under it or substituting for it) there still remains the
requirement that something knows where the file is, and how long it is.
That means, of course, somewhat more inefficiency, but you are already paying
quite a bit of that to keep privacy. The upside is that an external observer
(even a malicious hard disk) don't get even to "see" which blocks have any
data in them).
my home net, is behind dd-wrt, in plain text. on an address block that
does not get thru a router. And in 30 years I have not been touched.
Did have a web page on this machine. but iptables grew to several
megabytes cuz every snooper on the planet downloaded the whole thing
non-stop, leaving me no bandwidth for my normal activities as they get
to the end of it and immediately start over, ignoring my robots.txt. So
a long list of them got blocked, then they started changing their
machines addy's so some got xx.yy.zz.aa/16 blockaids.
Maintaining that got to be a full time job. So when 2 new seagates
crashed at 2 weeks old, and I installed bookworm (a fuster cluck of 30+
installs) I lost the web page data and have not restarted it.
I need to as I now have a product to sell. But the cold spell in January
froze up the drain for my basement sump pump so I had up to 18" of water
in the basement for about 3 weeks before I got somebody to service it,
charging me about $1200 for a $50 sump pump. Lost my freezer and 400 lbs
of food, and still waiting on controller parts to fix my 3 year old
water heater. But I won't rewrite my web page until trixie is working.
Boolworm makes me wait at least 30 seconds to open a file I own, and in
2+ years and 30 some installs, no one can tell me why . . .
|Some day you should get a long sit down and try to pry those layers (block
device, file system, etc.) apart. It's worth it.
This is, of course, different, if you have file-level encryption. This would
sit "on top" of the file system (ISTR Ubuntu "sold" that for a while). But
why go with plastic calipers if you can get hold of metal ones?
I have quite a selection of metal ones up to 300mm long. I have a garage
full of cnc'd machines I built.
What I need is a way to combine 20T of SSD's (5 identical 4T ssd's) into
one LVM partition, on an arm64 board running armbian jammie (or nobel)
for an amanda backup syetem for everything here. With a 1T 6th as a
holding disk. That I could use some help with.
Thank you Tomas.
Cheers
Cheers, Gene Heskett, CET.
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
- Louis D. Brandeis
