TODO: Difference between revisions

(2 intermediate revisions by the same user not shown)

Line 9:

** https://cryptpad.fr/pad/#/2/pad/view/v9+28PcpFVoMr4eVf-NpF64Do35ocDL3tQLbaWq2Bfk/

** NOTES:

*** for a bit of context as to why i wanted to write this in the first place, someone asked me "if i want the best security, how do i setup a LUKS partition?" and based on that question, I assume that just telling them "the defaults are fine" would not be a particularly satisfying answer. so i did my best to research everything, and tried to compile an exhaustive list of reasons why the defaults are ok. i went in assuming that there might be like, some algorithm that has a very strong performance cost for better security, but ultimately concluded, that wasn't really the case . but like , only after trying to understand everything.

*** for a bit of context as to why i wanted to write this in the first place, someone asked me "if i want the best security, how do i setup a LUKS partition?" and based on that question, I assume that just telling them "the defaults are fine" would not be a particularly satisfying answer. so i did my best to research everything, and tried to compile an exhaustive list of reasons why the defaults are OK. i went in assuming that there might be like, some algorithm that has a very strong performance cost for better security, but ultimately concluded, that wasn't really the case . but like , only after trying to understand everything.

*** "a good amount of this information is pulled from [link]" by itself sounds kinda weird, like why should someone read your post instead of just going to that link immediately? perhaps "The [cryptsetup FAQ](...) is a great in-depth resource on all the available security options, but it's pretty long and complex. This post will cover the basics so you can get set up quickly with a reasonably secure system."

*** if your system is starved of entropy, one technique i've seen is to use random.org , ~~eg `~~curl -Ss <nowiki>https://www.random.org/cgi-bin/randbyte?nbytes=16384&format=f</nowiki> > /dev/random`

*** if your system is starved of entropy, one technique I've seen is to use random.org , e.g. <code>curl -Ss <nowiki>https://www.random.org/cgi-bin/randbyte?nbytes=16384&format=f</nowiki> > /dev/random</code>

**** then you should be able to run any programs that would block on /dev/random

*** you should define what "post quantum resistant" means if you're going to mention it, ~~imo~~

*** you should define what "post quantum resistant" means if you're going to mention it, IMO

*** ZFS actually uses an authenticated encryption mode by default (~~aes~~-~~gcm~~) which is how it can detect tampering. i think this is what you meant, but saying "XTS vulnerabilities can be mitigated with ZFS or BTRFS" is a little less clear than "XTS has vulnerabilities *under certain threat models*, such as A, B and C [~~imo~~ if you're going to mention this you should also explain what the vulnerabilities are, you can't just drop this with no context~~,,,~~]. If you are concerned about these issues, you should use an authenticated encryption mode like AES-GCM, which is unfortunately not available with LUKS due to the additional space needed for the authentication tags, but can be accomplished with a supporting filesystem such as ZFS."

*** ZFS actually uses an authenticated encryption mode by default (AES-GCM) which is how it can detect tampering. i think this is what you meant, but saying "XTS vulnerabilities can be mitigated with ZFS or BTRFS" is a little less clear than "XTS has vulnerabilities '''under certain threat models''', such as A, B and C [IMO if you're going to mention this you should also explain what the vulnerabilities are, you can't just drop this with no context]. If you are concerned about these issues, you should use an authenticated encryption mode like AES-GCM, which is unfortunately not available with LUKS due to the additional space needed for the authentication tags, but can be accomplished with a supporting filesystem such as ZFS."

**** i don't remember where i read that " ~~zfs~~ and ~~brtfs~~ will help with the corruption issues of ~~xts~~ " they may not have even been talking about ~~luks~~ directly and i just got ~~cornfused~~ ( it was probably ~~wikipedia~~ )

**** i don't remember where i read that "ZFS and BTRFS will help with the corruption issues of XTS" they may not have even been talking about LUKS directly and i just got confused (it was probably Wikipedia)

*** i guess to expand on this, if you have a good idea of what your target audience is then you should be evaluating everything in the post from that point of view. suppose you are a ~~noob~~ who doesn't know anything about crypto. "XTS has vulnerabilities" and "AES-256 is post quantum" are meaningless to u without further context. maybe the context for those things isn't the point of the post, but in that case u could maybe link to further resources or have some further explanation in footnotes

*** i guess to expand on this, if you have a good idea of what your target audience is then you should be evaluating everything in the post from that point of view. suppose you are a beginner who doesn't know anything about crypto. "XTS has vulnerabilities" and "AES-256 is post quantum" are meaningless to u without further context. maybe the context for those things isn't the point of the post, but in that case u could maybe link to further resources or have some further explanation in footnotes

* A guide on how to use and navigate around the WIKI would be a very good idea

** maybe also a table of contents or something?

** TBH I'm not entirely sure how wikis are usually structured, maybe something to look into

*** from what i can remember offhand, usually the home page has some links to more specific topics, which then link out to other articles

**** probably there *shouldn't* be an orphaned articles

** we could also figure out if we want to have a more "document" focused theme for desktop like maybe [[mediawikiwiki:BlueSpice|BlueSpice]]

*** if we have something less functional than [[mediawikiwiki:BlueSpice|BlueSpice]] though, we'll want to explain in the guide how to change the default user theme if someone is interested in doing editing

** consider whether guide or documentation is a better word to use

*** probably i ended up choosing documentation because R&D ( research and documentation ) was kinda cool but TBH it's also a bit confusing, so guides are probably better

** how to use tables

** how to use templates

** how to use the WYSIWYG editor

* Braille / TTS support on linux

** [https://matrix.to/#/!dkSMcP-EtUFhf2SZZR4nwSHGI0RVq1Sr2p-zguVoLNI/$YQue0cGGqU5KXtuNEOPpbZUl_-M25V1fj46S8kJA2q0?via=chat.solarpunk.moe&via=matrix.org <nowiki>[Matrix] reference</nowiki>]

* Templates

** user profile information template (need to flesh out how this will look)

*** should have matrix account

*** should describe teams they are in and what roles they want to play

*** a description of their skills and interests

*** DRAFT : [[User:Everlastingred]]

** TODO item template? probably to gather information from relevant pages but some TODOs will likely not have a page? dunno, something to think about

** " this page is not yet completed"

** "this page is not yet completed" / "this page is a draft?"

** " this page is a placeholder "

** "this page is a placeholder"

** " this page is an accessory to another? " ( maybe see or see also cover this , ~~idk~~ )

** "this page is an accessory to another?" (maybe see or see also cover this, IDK)

@@ Line 9: / Line 9: @@
 ** https://cryptpad.fr/pad/#/2/pad/view/v9+28PcpFVoMr4eVf-NpF64Do35ocDL3tQLbaWq2Bfk/
 ** NOTES:
-*** for a bit of context as to why i wanted to write this in the first place, someone asked me "if i want the best security, how do i setup a LUKS partition?" and based on that question, I assume that just telling them "the defaults are fine" would not be a particularly satisfying answer. so i did my best to research everything, and tried to compile an exhaustive list of reasons why the defaults are ok. i went in assuming that there might be like, some algorithm that has a very strong performance cost for better security, but ultimately concluded, that wasn't really the case . but like , only after trying to understand everything.
+*** for a bit of context as to why i wanted to write this in the first place, someone asked me "if i want the best security, how do i setup a LUKS partition?" and based on that question, I assume that just telling them "the defaults are fine" would not be a particularly satisfying answer. so i did my best to research everything, and tried to compile an exhaustive list of reasons why the defaults are OK. i went in assuming that there might be like, some algorithm that has a very strong performance cost for better security, but ultimately concluded, that wasn't really the case . but like , only after trying to understand everything.
 *** "a good amount of this information is pulled from [link]" by itself sounds kinda weird, like why should someone read your post instead of just going to that link immediately? perhaps "The [cryptsetup FAQ](...) is a great in-depth resource on all the available security options, but it's pretty long and complex. This post will cover the basics so you can get set up quickly with a reasonably secure system."
-*** if your system is starved of entropy, one technique i've seen is to use random.org , eg `curl -Ss <nowiki>https://www.random.org/cgi-bin/randbyte?nbytes=16384&format=f</nowiki> > /dev/random`
+*** if your system is starved of entropy, one technique I've seen is to use random.org , e.g. <code>curl -Ss <nowiki>https://www.random.org/cgi-bin/randbyte?nbytes=16384&format=f</nowiki> > /dev/random</code>
 **** then you should be able to run any programs that would block on /dev/random
-*** you should define what "post quantum resistant" means if you're going to mention it, imo
+*** you should define what "post quantum resistant" means if you're going to mention it, IMO
-*** ZFS actually uses an authenticated encryption mode by default (aes-gcm) which is how it can detect tampering. i think this is what you meant, but saying "XTS vulnerabilities can be mitigated with ZFS or BTRFS"  is a little less clear than "XTS has vulnerabilities *under certain threat models*, such as A, B and C [imo if you're going to mention this you should also explain what the vulnerabilities are, you can't just drop this with no context,,,]. If you are concerned about these issues, you should use an authenticated encryption mode like AES-GCM, which is unfortunately not available with LUKS due to the additional space needed for the authentication tags, but can be accomplished with a supporting filesystem such as ZFS."
+*** ZFS actually uses an authenticated encryption mode by default (AES-GCM) which is how it can detect tampering. i think this is what you meant, but saying "XTS vulnerabilities can be mitigated with ZFS or BTRFS"  is a little less clear than "XTS has vulnerabilities '''under certain threat models''', such as A, B and C [IMO if you're going to mention this you should also explain what the vulnerabilities are, you can't just drop this with no context]. If you are concerned about these issues, you should use an authenticated encryption mode like AES-GCM, which is unfortunately not available with LUKS due to the additional space needed for the authentication tags, but can be accomplished with a supporting filesystem such as ZFS."
-**** i don't remember where i read that " zfs and brtfs will help with the corruption issues of xts " they may not have even been talking about luks directly and i just got cornfused ( it was probably wikipedia )
+**** i don't remember where i read that "ZFS and BTRFS will help with the corruption issues of XTS" they may not have even been talking about LUKS directly and i just got confused (it was probably Wikipedia)
-*** i guess to expand on this, if you have a good idea of what your target audience is then you should be evaluating everything in the post from that point of view. suppose you are a noob who doesn't know anything about crypto. "XTS has vulnerabilities" and "AES-256 is post quantum" are meaningless to u without further context. maybe the context for those things isn't the point of the post, but in that case u could maybe link to further resources or have some further explanation in footnotes
+*** i guess to expand on this, if you have a good idea of what your target audience is then you should be evaluating everything in the post from that point of view. suppose you are a beginner who doesn't know anything about crypto. "XTS has vulnerabilities" and "AES-256 is post quantum" are meaningless to u without further context. maybe the context for those things isn't the point of the post, but in that case u could maybe link to further resources or have some further explanation in footnotes
+* A guide on how to use and navigate around the WIKI would be a very good idea
+** maybe also a table of contents or something?
+** TBH I'm not entirely sure how wikis are usually structured, maybe something to look into
+*** from what i can remember offhand, usually the home page has some links to more specific topics, which then link out to other articles
+**** probably there *shouldn't* be an orphaned articles
+** we could also figure out if we want to have a more "document" focused theme for desktop like maybe [[mediawikiwiki:BlueSpice|BlueSpice]]
+*** if we have something less functional than [[mediawikiwiki:BlueSpice|BlueSpice]] though, we'll want to explain in the guide how to change the default user theme if someone is interested in doing editing
+** consider whether guide or documentation is a better word to use
+*** probably i ended up choosing documentation because R&D ( research and documentation ) was kinda cool but TBH it's also a bit confusing, so guides are probably better
+** how to use tables
+** how to use templates
+** how to use the WYSIWYG editor
+* Braille / TTS support on linux
+** [https://matrix.to/#/!dkSMcP-EtUFhf2SZZR4nwSHGI0RVq1Sr2p-zguVoLNI/$YQue0cGGqU5KXtuNEOPpbZUl_-M25V1fj46S8kJA2q0?via=chat.solarpunk.moe&via=matrix.org <nowiki>[Matrix] reference</nowiki>]
 * Templates
 ** user profile information template (need to flesh out how this will look)
+*** should have matrix account
+*** should describe teams they are in and what roles they want to play
+*** a description of their skills and interests
+*** DRAFT : [[User:Everlastingred]]
 ** TODO item template? probably to gather information from relevant pages but some TODOs will likely not have a page? dunno, something to think about
-** " this page is not yet completed"
+** "this page is not yet completed" / "this page is a draft?"
-** " this page is a placeholder "
+** "this page is a placeholder"
-** " this page is an accessory to another? " ( maybe see or see also cover this , idk )
+** "this page is an accessory to another?" (maybe see or see also cover this, IDK)