Posted by: Anonymous Coward
on March 21, 2006 10:18 PM
I have to disagree. In this day and age, the ability to encrypt your data is not overkill under any circumstance. It is now standard operating procedure to seize computers or hard drives during arrests for just about anything. This is before any trial or determination of guilt or innocence. Also, any business of any size, because of the same reasons above, as well as the prevalence of identity theft and other reasons to be concerned about the security of data, needs working, seamless solutions to encryption.
The only thing this article has pointed out is that encrypting data on a GNU/Linux system is at the point where OpenOffice.org was at when it was called StarOffice 5.2
Star Office 5.2 was barely tolerable, but you knew that it was getting somewhere. You couldn't really transfer your data from/to StarOffice 5.2 because of the incompatibility of file formats at that time (though ps2pdf/pdf2ps and similar command line utilities helped), and because copying/pasting between applications was broken at that time. For those who were using GNU/Linux as their main desktop at that time will understand the comparison of the primitiveness of GNU/Linux in general at that time, and the comparison I'm making to the primitiveness of encryption today.
No mention was made of type of filesystem in use. Will TrueCrypt or the other encryption utilities mentioned work with ReiserFS? How about Reiser 4 which promises to be released and stable some time this century? What about other journaled filesystems, ext3, XFS, others? What about ext2? Or are they limited to just ext2, or all non-journaled filesystems? What about journaled filesystems that just journal their meta-data by default, like ReiserFS, instead of journaled file systems that journal their meta-data and data as well?
The article highlights that encryption on GNU/Linux is primitive and needs help. For single users, there should be the option of encrypting an entire partion (home) or directories within the partition. For a small business, the options should be to encrypt an entire partition (home) which includes every users' home partition, or to encrypt only certain directories under home (certain users' home directories), in addition to encrypting either entire partitions or directories within partitions for data such as financial data, other accounting data, bids, project financials, workers' medical records, personnel records, disciplinary records, customer data, supplier data, pricing data, and more.
Just thinking about a small business person's encryption needs, it is clear that the ability to encrypt data on an entire partition, as well as encrypting data sub-partition such as in smaller directories or at the single file level is needed. And it needs to be seamless.
Any encryption scheme that needs a GNU/Linux guru to understand/install/maintain is unacceptable in this day and age. It is acceptable and par for the course for the guru to use on his own system. But when we have Linux servers at 1/3 of Windows server share and Linux servers continuing to increase their market share at a much higher percentage rate than Windows servers, and Unix server market share still declining in a rising market, and when you consider that Linux server share may have even pulled even or surpassed Windows market share when considering all the free installations out there with Cent/OS and other distros, and you see seamless encryption on Mac systems, and seamless encryption coming to Windows Vista systems, it's time for GNU/Linux commercial distributors to lead, not follow.
It's time for Red Hat, Suse-Novell, Ubuntu, Cent/OS, Debian, Lindows-Linspire, and other distro managers with any commercial aspirations to provide funding for, or to spare the actual developers for developing a seamless encryption scheme that works with the current kernel effort and works with their respective chosen file system solutions.
It's time for distributions with commercial aspirations to lead, not follow on this important area. From HIPAA, to SEC, to various other initialed laws, policies, standards or rules, encryption on GNU/Linux needs to be seamless, built-in, and ubiquitous. While this may mean choosing one scheme over another, its the same difference with Red Hat choosing Gnome, Suse choosing KDE, and others doing the same with their desktop environment choices. Once installed, one can easily switch the default choice to his or her preference, just as one can change desktop environment defaults or which application opens<nobr> <wbr></nobr>.doc or<nobr> <wbr></nobr>.pdf as another example.
So which distro is going to lead, not follow? One other poster points to Mandriva as a disto that has encryption built in by default. While it probably isn't as advances as I stated it needed to be (encrypt files only, directories and files only, partition-wide, on-the-fly, seamless, most (including journaled) filesystems? It may not have all this, but it appears a step in the right direction, and a step that hasn't been taken by most other distros with commercial aspirations yet.
It's time to step up. Who's the player and who's the poser? Is your distro really ready for small and medium businesses? Is your distro really ready for the enterprise? If its lacking seamless encryption, its not. Time to make the change. Or the doughnuts. Your choice.
Learn about Linux
Download Linux
Get Linux help
In this day and age
Posted by: Anonymous Coward on March 21, 2006 10:18 PMThe only thing this article has pointed out is that encrypting data on a GNU/Linux system is at the point where OpenOffice.org was at when it was called StarOffice 5.2
Star Office 5.2 was barely tolerable, but you knew that it was getting somewhere. You couldn't really transfer your data from/to StarOffice 5.2 because of the incompatibility of file formats at that time (though ps2pdf/pdf2ps and similar command line utilities helped), and because copying/pasting between applications was broken at that time. For those who were using GNU/Linux as their main desktop at that time will understand the comparison of the primitiveness of GNU/Linux in general at that time, and the comparison I'm making to the primitiveness of encryption today.
No mention was made of type of filesystem in use. Will TrueCrypt or the other encryption utilities mentioned work with ReiserFS? How about Reiser 4 which promises to be released and stable some time this century? What about other journaled filesystems, ext3, XFS, others? What about ext2? Or are they limited to just ext2, or all non-journaled filesystems? What about journaled filesystems that just journal their meta-data by default, like ReiserFS, instead of journaled file systems that journal their meta-data and data as well?
The article highlights that encryption on GNU/Linux is primitive and needs help. For single users, there should be the option of encrypting an entire partion (home) or directories within the partition. For a small business, the options should be to encrypt an entire partition (home) which includes every users' home partition, or to encrypt only certain directories under home (certain users' home directories), in addition to encrypting either entire partitions or directories within partitions for data such as financial data, other accounting data, bids, project financials, workers' medical records, personnel records, disciplinary records, customer data, supplier data, pricing data, and more.
Just thinking about a small business person's encryption needs, it is clear that the ability to encrypt data on an entire partition, as well as encrypting data sub-partition such as in smaller directories or at the single file level is needed. And it needs to be seamless.
Any encryption scheme that needs a GNU/Linux guru to understand/install/maintain is unacceptable in this day and age. It is acceptable and par for the course for the guru to use on his own system. But when we have Linux servers at 1/3 of Windows server share and Linux servers continuing to increase their market share at a much higher percentage rate than Windows servers, and Unix server market share still declining in a rising market, and when you consider that Linux server share may have even pulled even or surpassed Windows market share when considering all the free installations out there with Cent/OS and other distros, and you see seamless encryption on Mac systems, and seamless encryption coming to Windows Vista systems, it's time for GNU/Linux commercial distributors to lead, not follow.
It's time for Red Hat, Suse-Novell, Ubuntu, Cent/OS, Debian, Lindows-Linspire, and other distro managers with any commercial aspirations to provide funding for, or to spare the actual developers for developing a seamless encryption scheme that works with the current kernel effort and works with their respective chosen file system solutions.
It's time for distributions with commercial aspirations to lead, not follow on this important area. From HIPAA, to SEC, to various other initialed laws, policies, standards or rules, encryption on GNU/Linux needs to be seamless, built-in, and ubiquitous. While this may mean choosing one scheme over another, its the same difference with Red Hat choosing Gnome, Suse choosing KDE, and others doing the same with their desktop environment choices. Once installed, one can easily switch the default choice to his or her preference, just as one can change desktop environment defaults or which application opens<nobr> <wbr></nobr>.doc or<nobr> <wbr></nobr>.pdf as another example.
So which distro is going to lead, not follow? One other poster points to Mandriva as a disto that has encryption built in by default. While it probably isn't as advances as I stated it needed to be (encrypt files only, directories and files only, partition-wide, on-the-fly, seamless, most (including journaled) filesystems? It may not have all this, but it appears a step in the right direction, and a step that hasn't been taken by most other distros with commercial aspirations yet.
It's time to step up. Who's the player and who's the poser? Is your distro really ready for small and medium businesses? Is your distro really ready for the enterprise? If its lacking seamless encryption, its not. Time to make the change. Or the doughnuts. Your choice.
#