Difference between revisions of "User talk:Indigo"

From ArchWiki
Jump to: navigation, search
(sd-encrypt: re)
(Looking for advice, WSZ skins: rm closed item)
 
(140 intermediate revisions by 17 users not shown)
Line 1: Line 1:
Feel free to leave comments about my wiki edits or other points of interest. --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 17:43, 27 September 2012 (UTC)
+
Feel free to leave comments about my wiki edits or other points of interest. Please note I have changed preferences so that the account does not automatically watch articles I edit. --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 23:31, 1 August 2015 (UTC)
  
====Comments====
+
== Comments ==
  
=====Splitting Dm-crypt_with_LUKS=====
+
== wipe-safe-at ==
Hi, I thought you may be interested in participating to [[Talk:Dm-crypt_with_LUKS#Splitting_sections_into_separate_pages]] :) -- [[User:Kynikos|Kynikos]] ([[User talk:Kynikos|talk]]) 02:56, 30 September 2013 (UTC)
+
:Oh, a new LUKS plan. Thanks for the heads up. I can't right now but will join in asap/24h. --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 05:26, 30 September 2013 (UTC)
+
  
== sd-encrypt  ==
+
Hi! If you don't mind and have time then can you help with my second man page? I have cleaned up the code in the script with necessary comments and also wrote much about code in the man page, I don't know if it is a good idea but for them who want to edit and customize the script it might be useful.
 +
[https://github.com/AndyCrowd/safe-disk-wiper/blob/master/man-page.wipe,txt man-page]
 +
(Andy Crowd - [[wikipedia:蔡依林|蔡依林]] 17:33, 29 April 2016 (UTC)).
  
I am writing this as I frequently edit disk encryption wiki pages here and want to gain some input on upcoming news and hopefully help to minimize disjunct editing:  
+
:Hi, sure, I'll reply here when I had time to look at it. --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 08:12, 30 April 2016 (UTC)
  
Systemd is evolving a lot. One recent change has been the new {{ic|systemd}} hook. It simplifies a lot of setups, but is not compatible with a number of older hooks. One of those is {{ic|encrypt}}. Now [[User:brain0]] is thankfully working on a new hook {{ic|sd-encrypt}} to remedy that. While that has one big advantage of using systemd backend, i.e. {{ic|systemd-cryptsetup-generator}}, to setup the encrypted devices, it also is not compatible in the kernel command line options. So, these and the mkinitcpio configuration advice have to be changed to show the new options on various pages.
+
:Hi, I had a look at your manpage for the tool. A number of the options don't make sense for me, i.e. I regard them as misleading. Examples of what I think is misleading:
 +
# --order mentions some command shortcuts (ddr, ddz, cprs,cpz) but these are explained nowhere.
 +
# With --show-me you require the user to use a "-e NO_DRY" .. well, have a look what [[w:Dry_run_(testing)]] usually means for a tool. Your usage of --no-dry-run (also "$NO_DRY" mentioned later in the example output) is - to my understanding - totally contrary to regular usage.  
 +
# What does --safety=2/max (default) result in, if the tool "will stop if at least one partition is mounted"? Of course there is at least one partition mounted (/).  
  
Now how do we handle this on the various wiki pages on disk encryption? Imo a reasonable way would be to add a respective alternative for the {{ic|mkinitcpio}} and bootloader sections of the disk encryption wiki pages. However, it would be good in my view to give a general advice on '''when''' and '''how''' to use the new hook. Likewise this should detail when the old encrypt should be used.  
+
:I think your tool is more a hack for yourself to perform wipe actions you frequently perform. I don't see really how a user can benefit from the wiping part, because if a user understands the bash methods output in the first place, it is simpler to perform to create a dd command than to figure the method you define. Overall, I don't think you should package the tool as is (personal opinion, do as you wish of course). It does not make things simpler for a user.
 +
:The main benefit of the tool is to provide a wrapper around dd, so that no mounted partitions can be wiped by error. Ok, but that does not require such complicated scripting, you have already contributed [[Securely wipe disk/Tips and tricks#Prevent wiping mounted partitions]] for that, which users can [[Alias]] around dd, if they so prefer.  
  
So, question (1): what should that general advice contain? E.g. which other hooks (a setup might need) are known not to be compatible with the {{ic|systemd}} and, hence, {{ic|sd-encrypt}}. Keyboard, keymap? (sd-vconsole I saw is going to be added). How about mdadm_udev, lvm and resume? Others?
+
:I can improve the english of the manpage, but with misleading options that does not mean users get help. So, I'd rather not do that. Have a think about it how to proceed. --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 20:19, 1 May 2016 (UTC)
 
+
Question (2): In my view it would be very preferable to have the general configuration advice in one place, so that the specific disk encryption pages do not have to go to lengths but can crosslink and just state the two alternatives where available. A good place for this should be [[Mkinitcpio]], which can be referred to by the disk encryption pages. But the hooks are explained there very brief in a table. Other good options?
+
 
+
Question (3): I have not tried it, but I was wondering what the new option of having a {{ic|/etc/crypttab.initramfs}} entails. What is a usecase where one might want to use that? The usual way of crypttab being parsed during boot is not affected by the change to {{ic|sd-encrypt}} I reckon.
+
 
+
Thanks for input on 1,2,3 and other points you might see. --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 20:30, 4 October 2013 (UTC)
+
 
+
:Ad (1): Basically all runtime hooks (those in {{ic|/usr/lib/initcpio/hooks/}}) are not supported by the systemd hook. I guess they would have to be ported to systemd units to be actually executed from the initrd. Some install hooks (those in {{ic|/usr/lib/initcpio/install/}}) are probably unsupported too. -- [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 06:36, 5 October 2013 (UTC)
+
::Thanks for the input. I am hoping to collect such so that we can make an appropriate wiki task for it. Of the runtime hooks  {{ic|shutdown}} appears to work. One major question appears to be the status for LVM and mdadm/_udev. Relevant link: [https://bugs.archlinux.org/task/37016] --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 13:16, 5 October 2013 (UTC)
+

Latest revision as of 19:05, 17 May 2016

Feel free to leave comments about my wiki edits or other points of interest. Please note I have changed preferences so that the account does not automatically watch articles I edit. --Indigo (talk) 23:31, 1 August 2015 (UTC)

Comments

wipe-safe-at

Hi! If you don't mind and have time then can you help with my second man page? I have cleaned up the code in the script with necessary comments and also wrote much about code in the man page, I don't know if it is a good idea but for them who want to edit and customize the script it might be useful. man-page (Andy Crowd - 蔡依林 17:33, 29 April 2016 (UTC)).

Hi, sure, I'll reply here when I had time to look at it. --Indigo (talk) 08:12, 30 April 2016 (UTC)
Hi, I had a look at your manpage for the tool. A number of the options don't make sense for me, i.e. I regard them as misleading. Examples of what I think is misleading:
  1. --order mentions some command shortcuts (ddr, ddz, cprs,cpz) but these are explained nowhere.
  2. With --show-me you require the user to use a "-e NO_DRY" .. well, have a look what w:Dry_run_(testing) usually means for a tool. Your usage of --no-dry-run (also "$NO_DRY" mentioned later in the example output) is - to my understanding - totally contrary to regular usage.
  3. What does --safety=2/max (default) result in, if the tool "will stop if at least one partition is mounted"? Of course there is at least one partition mounted (/).
I think your tool is more a hack for yourself to perform wipe actions you frequently perform. I don't see really how a user can benefit from the wiping part, because if a user understands the bash methods output in the first place, it is simpler to perform to create a dd command than to figure the method you define. Overall, I don't think you should package the tool as is (personal opinion, do as you wish of course). It does not make things simpler for a user.
The main benefit of the tool is to provide a wrapper around dd, so that no mounted partitions can be wiped by error. Ok, but that does not require such complicated scripting, you have already contributed Securely wipe disk/Tips and tricks#Prevent wiping mounted partitions for that, which users can Alias around dd, if they so prefer.
I can improve the english of the manpage, but with misleading options that does not mean users get help. So, I'd rather not do that. Have a think about it how to proceed. --Indigo (talk) 20:19, 1 May 2016 (UTC)