Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Operating Systems Linux

Linux 4.1 Kernel Released With EXT4 Encryption, Performance Improvements 116

An anonymous reader writes: The Linux 4.1 kernel has been announced and its release brings expanded features for the Linux kernel including EXT4 file-system encryption, open-source GeForce GTX 750 support, performance improvements for Intel Atom / Bay Trail hardware, RAID 5/6 improvements, and other additions.
This discussion has been archived. No new comments can be posted.

Linux 4.1 Kernel Released With EXT4 Encryption, Performance Improvements

Comments Filter:
  • by Anonymous Coward on Monday June 22, 2015 @10:49AM (#49962427)
    In RHEL 9
    • Used already for Fedora's (o.k., i know, but someone must prepare for the next RHEL!) development (a.k.a. "rawhide") version, to be released around late October as version 23.
  • by buck-yar ( 164658 ) on Monday June 22, 2015 @11:00AM (#49962509)

    Read More button gone. Stupid share button in its place.

    • Re: (Score:3, Informative)

      by Anonymous Coward

      Good to know I'm not the only one bugged by that, not to mention the stupid "video clips" thing they've added.

      Seems like they gave up on beta but are now messing with the "classic" site.

      • Re: (Score:3, Insightful)

        by Anonymous Coward

        No, they are re-implementing beta one step at a time. It's a new strategy.

    • I'm not sure I get the problem. If you click on the post title, you get exactly the same as you always did, that is the post and comments. I'm using /. classic with full noscript though...

      • by caseih ( 160668 ) on Monday June 22, 2015 @11:50AM (#49962949)

        Yes it still works, but it's not obvious or discoverable. And it's jarring. I typically read the blurb to decide if it's interesting, then click the read more at the bottom of the blurb to read the whole thing and the comments. Also the number of comments was right there at the bottom too, which made it nice and fast to see what were the interesting stories. Now that information is in the upper right-hand corner, so I just don't notice it straight away. I guess Dice once again has forgotten the value of slashdot and the interesting aspect of slashdot is the user-generated comments. Dice seems to be rolling out the beta site with all its crap and and its de-emphasis on user-provided content, but under the guise of the classic site. Not working guys!

        If someone can post some greasemonkey scripts to fix the site, that'd be wonderful. Also if we could just turn off the video bytes stuff that would be good also. And put the polls back where they belong!

        In the meantime, there is soylent. It's not been very good lately but if enough people go there and comment, and submit stories, maybe it will get better and be a proper replacement.

        • Dice seems to be rolling out the beta site with all its crap and and its de-emphasis on user-provided content, but under the guise of the classic site.

          Yeah! Fuck classic!

        • by Anrego ( 830717 ) *

          So much this.

          It's such a small change but it totally screws up a flow we've had forever and which made perfect sense. Read title, read summary, read number of comments, click to read said comments. Now it's, read title, read summary, look to upper right to see number of comments, then move mouse back to title to read them (I'm sure I'm not the only one who moves the mouse along as I read).

          And yeah, the weird floating videobytes thing.. that's gotta go.

        • by CODiNE ( 27417 )

          I just click the Article title. But I use classic. That and I mostly use RSS to get the articles so I've largely ignored the new interface for years.

        • Perfect analysis of all the UI fails.

          Just leave the dam site alone. It was working fine the way it was before.

        • Find your profile directory. It should contain a subdirectory named chrome. Edit or create a text file there named userContent.css (ie., chrome/userContent.css relative to the profile directory). Insert the following:

          @-moz-document domain(slashdot.org) {
          .comment-bubble { opacity: 0.3 !important; }
          }

          changing the opacity value as required. Restart Firefox.

          (This would be more useful as a Greasemonkey script, but I don't know how to write one of them. Volunteers?)

        • You can hide the videos with a simple adblock filter; "slashdot.org##article#firehose-000".

          You could also make the share button go away (slashdot.org##div.popularity), but that does break the tags css.

      • I'm not sure I get the problem. If you click on the post title, you get exactly the same as you always did, that is the post and comments. I'm using /. classic with full noscript though...

        (Aside: Full noscript here too, though I don't think there's a /. classic any more, since the beta seems to be gone, or at least not actively being promoted).

        The problem in part is that many people probably click on that spot due to muscle memory - I have for over a decade. Suddenly that link has been replaced by a button that does something totally different and not universally desirable. For no good reason. The paranoid cynics might think that the placement of the social media button there is deliberat

        • I don't think there's a /. classic any more, since the beta seems to be gone, or at least not actively being promoted

          It exists, but it's well hidden in account preferences. I use a classicish mode which is good because it's the only way to read -1 moderated comments (-1 comments seem to be impossible to read from the default UI). Unfortunately, the devs test changes very rarely with classic mode, so things break often.

        • The problem in part is that many people probably click on that spot due to muscle memory

          I'm glad I'm not the only one. And I've been 'here' since ~2000.

    • Re: (Score:2, Informative)

      by Anonymous Coward

      Click the article title instead. I switched to that method years ago when the read more button started doing stupid Javascript tricks.

      Really, you should be able to cope with this sort of change. It's minor, and this isn't your site. Deal with it like an adult and quit cluttering up the discussion threads with your whining.

      • Who's whining? lol

      • Really, you should be able to cope with this sort of change. It's minor, and this isn't your site.

        But you don't understand! They moved my button! It has rendered me completely helpless!

      • Really, you should be able to cope with this sort of change. It's minor, and this isn't your site. Deal with it like an adult and quit cluttering up the discussion threads with your whining.

        There isn't all that much to clutter up anymore. People are reminiscing about the good old days while packing up their proverbial wagons. Meanwhile, the devs make random changes that won't attract new users but will help drive away the rest of the old.

        It's sad, but everything has its end. And at least Slashdot also had

    • by nine-times ( 778537 ) <nine.times@gmail.com> on Monday June 22, 2015 @11:28AM (#49962757) Homepage
      I'm suspicious that it was done intentionally, to prod us into posting links on social media and driving more traffic to the site. And why would I want to link my social media sites to Slashdot? I'd want to link directly to the article anyway.
      • Re: (Score:2, Interesting)

        by Anonymous Coward

        It's worth noting that there's an interesting comment in the HTML social menu, under the selector "article footer div.grid_10.l":


        <div class="popularity">
        <a href =""><i class="icon-thumbs-up-alt"></i></a>
        </div>
        <div class="popularity">
        <a href =""><i class="icon-thumbs-down-alt"></i></a

      • Anyone want to kickstart a new site? Between all the sites going to this and people trying to keep Voat offline so Redditor's don't have any alternative I'm ready to just go back to IRC & Usenet.

        Toss on a small daemon to handle voting of Usenet articles, add a web front end for people that can't use anything else and just have a place for intelligent discussion with moderation, decentralized.

    • A web workaround is just to go to http://slashdot.org/archive.pl [slashdot.org]

      The headlines tell you as much as the summaries around this place, and you don't have to see the ugly front page any more.

    • by MSG ( 12810 )

      Does slashdot provide anything that a sub-reddit wouldn't?

    • by iONiUM ( 530420 )

      Also try shrinking your browser (to make it the same size as any phone) and the stupid icons overlap the summary so you can't even read it.

    • After I fixed my dog, he just sleeps alot and got fat.

      The "Ads Disabled" checkbox did elimnate a lot of leg humping.

  • by FreeUser ( 11483 ) on Monday June 22, 2015 @11:02AM (#49962521)

    Building the kernel now.

    Very cook feature list, with arguably the best feature being that they managed to keep kdbus and more systemd nonsense from infecting the kernel code. I'm especially looking forward to trying out ext4 encryption on my laptop.

    • Which distro are you using that isn't already infected by systemd? I'm SO glad Gentoo still allows me to use OpenRC...
      • by FreeUser ( 11483 ) on Monday June 22, 2015 @11:39AM (#49962839)

        Which distro are you using that isn't already infected by systemd? I'm SO glad Gentoo still allows me to use OpenRC...

        Me too! I use both funtoo and gentoo, at work and at home, but here's a pretty good sized list of options for those who like debian, arch, and other distributions:

        http://without-systemd.org/wik... [without-systemd.org]

        If you're stuck with Red Hat, your choices have been pretty much taken from you, and you should probably be looking to change to something else, but otherwise you probably have the choice of using OpenRC or upstart, and someone has probably already figured out how for you.

        • Re: (Score:3, Informative)

          by LVSlushdat ( 854194 )

          Am a Debian fan, and seriously pissed that Debian decided to slide down the systemd shithole, so I decided to check out the Debian fork, Devuan.. Seems they have taken Jessie and ripped that systemd abortion out.. Am currently running it in a Virtualbox vm, time will tell if I go with Devuan over Debian....

          • by Anonymous Coward

            What is amazing is that it didn't take them 15 years to slide down that shit hole.

            Heaven forbid they provide a reasonably up to date kernel or gcc, but they have no problems adding this abortion and squelching all complaints.

            Makes you wonder what RH is doing behind the scenes and why.

            • by armanox ( 826486 )
              Red Hat is Linux. End of story. What Red Hat says, everyone (that matters) does.
            • Makes you wonder what RH is doing behind the scenes and why.

              Lennart frequently blogs about how he could have been a contender and had his own linux if he'd just been born a little earlier - plus his plans of what he's doing behind the scenes to make linux HIS. It's all out in the open, lots of detail and if we don't like it we can just use somebody else's stuff.
              I wish him good luck with his "world domination" but I also wish he was a bit more patient and would stop inflicting alpha level shit on us as part

        • by dissy ( 172727 )

          This post has no useful content. That said:

          I just wanted to say thank you very much for the link FreeUser! It's been slightly frustrating at best trying to keep up with all the partial yet somehow already out of date blogs to get the same information.
          It is very much appreciated.

    • Re: (Score:3, Interesting)

      I'm not sure what encryption is useful for. If my servers get hacked, they're able to read encrypted files. Malware on my Android device can read my encrypted files as soon as I get the phone properly booted. The laptop niche seems okay, except laptops get hacked just like desktops way more often than they get stolen and offlined.

      • by MightyMartian ( 840721 ) on Monday June 22, 2015 @11:19AM (#49962649) Journal

        It's certainly useful when you're moving equipment or storage devices. Your complaint would apply to any encrypted storage system that mounted an encrypted file system; Bitlocker, Truecrypt, dmcrypt, etc.

        I work for a company that does a lot of government contract work, and we are contractually bound in almost all cases to story certain kinds of confidential data on encrypted media. When using Linux servers, we usually use dmcrypt, but EXT4 encryption would be a nice option as well.

        • Yes, but you see the point: the applications of encryption are small, mostly restricted to communication. Encrypting storage is crap. You can argue that moving physical equipment is "communication", because information moves from one place to another. This is ridiculous when moving from one rack to the rack 5 feet away; it's more pertinent when shipping backup tapes between buildings; and it makes some middling amount of sense when excessing hardware--you might throw out a whole, unwiped drive, which i

          • by Bert64 ( 520050 )

            The problem is you can't always be the one to dictate the contract terms, and quite often someone utterly incompetent will have come up with the terms...
            There are organisations which are burdened with the requirement to encrypt *ALL* disks, even those on servers because someone writing the contract heard the encryption buzzword, or got a kickback from a company selling a disk encryption product.

            When the contract stipulates that something must be done, even if that something is stupid then it's very easy to

          • by dbIII ( 701233 )
            Default encryption on USB sticks/drives may be a good thing for aim for before embarrassing leaks happen. That and easily stolen laptops are the only place where I see this as being of use.

            it's more pertinent when shipping backup tapes between buildings

            I very strongly disagree there. Adding an extra complication to backups is just asking for trouble when you really need them, especially since the person doing the restoration may effectively be somebody "grabbed off the street" when the normal staff are no

            • Tapes being shipped by truck are often lost. There is no physical security for back-ups when you're driving down the street and prone to lose a crate of tapes. Carefirst has done that a few times. It's infrequent but, unlike laptops, every single tape floating around out there on a truck in transit to Iron Mountain is carrying a massive database of sensitive information.
              • by dbIII ( 701233 )
                There is that (if it happens more than rarely they are incompetent), but the nature of backup tapes is that sometimes you need the stuff quickly and reliably. If you can't successfully explain a recovery procedure to a recent average high school student over the phone then you are doing it wrong. If someone in ten or twenty years needs to track down a key from ex-employees that have moved or died then you are doing it wrong. If things go very pear shaped your tape drives are toast and another party is go
                • The tapes also need to be in order, and you need the right software, architecture, etc. "Use the encryption key" is the least complicated part of the DR process.
                  • by dbIII ( 701233 )
                    FFS if any of that is less than trivial then you are doing it completely wrong. Take a look at AMANDA for an example - you can get stuff back with "dd" and "tar" if necessary instead of using the actual AMANDA software. Keys get lost. Paperwork gets lost. If you can't do it when you've got nothing but the media, a drive that can read it and ubiquitous multi-platform software then you have utterly fucked up.
                    • Take a look at AMANDA for an example - you can get stuff back with "dd" and "tar" if necessary instead of using the actual AMANDA software.

                      Which a McBurgerFlipper won't know how to do. Even as an experienced systems integration engineer, I would need a few hours at least to develop a plan on how to do that. I have tapes all over the place with multiple days's worth of differential backups, and I need to use dd and tar to get the data out, restore it to the appropriate systems, restore differentials and incrementals IN PROPER ORDER--meaning I have to verify I'm using the tapes in the correct order--get that data into the appropriate applicat

                    • Even as an experienced systems integration engineer, I would need a few hours at least to develop a plan on how to do that

                      Joking, newbie, selling yourself way short or completely and utterly fucking useless - what is it to be? The amusing bit is the condescending crap on the end about home backups when the situation is that if you are responsible for the gear then you are failing in your duty if you cannot do a bare metal restore of critical systems AND talk somebody with minimal experience through it. I'

                    • You're ridiculous. "Oh, I can just walk into a major bank, an insurance company, or a credit card processor, and, with no foreknowledge of their systems, wave my hand and reconstruct their entire data center from back-ups, no planning required!" You'll get a non-working system.

                      You're one of those people who thinks he's a rockstar developer, a magic sysadmin with the Midas touch. I've watched hundreds of people like you destroy businesses and then walk off smiling to yourself about how you did a perfect

                    • You're ridiculous. "Oh, I can just walk into a major bank

                      Only your stupid strawman is ridiculous, I'm suggesting that if you WORK at a major bank and you are responsible for their backups then part of that is being able to do bare metal recovery AND walk others through the process.
                      Yes, your strawman is stupid, but I didn't suggest anything remotely like your imaginary friend that you are shouting at and I have to admit that I think it's a very childish way to act.

                      While perhaps I should have been clearer an

                    • Only your stupid strawman is ridiculous, I'm suggesting that if you WORK at a major bank and you are responsible for their backups then part of that is being able to do bare metal recovery AND walk others through the process.

                      Your argument was that some stupid intern you hired might not be able to figure out how to use an encryption key, so the process should be simple; then it was that keys and documents get lost, and you should be a good enough admin to know wtf you're doing; now it's that you have the whole process memorized, being the veteran resident expert on the business's particular system and having designed it from the ground up.

                      Let's refresh your memory:

                      If you can't successfully explain a recovery procedure to a recent average high school student over the phone then you are doing it wrong. If someone in ten or twenty years needs to track down a key from ex-employees that have moved or died then you are doing it wrong.

                      As well,

                      With respect - professional engineer here, guy with a HR granted title of engineer there. You really should choose your insults a bit more carefully. I'm sure you have plenty of skills I do not have but to me IT in general is a subset of what I was doing last century, so you have only succeeded in making me laugh by puffing yourself up.

                      In the last decade, we've moved on to virtualizatio

                    • Losing an encryption key is one of the most minor risks I can imagine

                      It's both potentially a complete showstopper and totally unnecessary in the first place. I don't really understand why you cannot grasp the concept.
                      I'll restate something above in another way - if you can't work out how to do a bare metal restore on a single system with all the needed data on media that you can read and the right hardware then somebody has seriously fucked up. That guy that worked there should have put something togethe

                    • by dbIII ( 701233 )

                      Last decade, when you were doing this shit

                      Bit longer than that and still doing it. Why bother to quote something if you haven't read and comprehended it?

                      Twenty-year-old back-ups?

                      Indeed. Even though that's a bad idea with media life and formats there's a lot of material that fits that description, especially in the geosciences and some other applied sciences. It's something I have to deal with several times a year with some clients even providing tapes from the late 1970s.

                    • I see the problem now - you didn't even try to understand my example. The point of the example is that with AMANDA the instructions on what to do with the files (eg. how to fall back as far as "dd" and "tar" if that's all you've got and you are in a hurry) are in the header as ASCII text. That's why if you can't work out how to restore a single system from that in a couple of hours you are really selling yourself very short. That's how such things should be. Self-documenting as much as possible. No ar
                    • You still assert that inputting an encryption key into a process is massively complex. It's not like they're performing mathematical key scheduling by hand; they have to enter a fucking password, or provide a key file from a USB drive kept with the back-ups.

                      This is the bar you set: someone is going to be too stupid to insert USB dongle with key. Restoring back-ups with Amanda is no trivial task; it's not rocket surgery, but it's not "turn the computer on and smile". There will be instructions, tape ord

                    • by dbIII ( 701233 )

                      You still assert that inputting an encryption key into a process is massively complex.

                      No, just massively stupid and directly opposed to the entire operation of having something to come back from when the shit hits the fan. It's a situation for physical security and not something to keep yourself and a few others in a job because nobody else has the keys. Being one office fire away from the org never having access to some data ever again is what backups are supposed to prevent and not enforce.

                      This is the

      • Huh, what is encryption good for? You don't care if your servers get stolen by a random thief and then ebayed?

        If you need to RMA disks you don't have to chose between eating yourself the loss and living with the fear that your vendor might just quickly fix it and send it to some random customer together with all your data?

        • You don't RMA disks with such sensitive information that you need file-by-file encryption or whatnot; you shred the disks. Your OS reads data through an IO layer that decrypts it as it streams, storing it in memory as unencrypted data, which is then read by programs and integrated into memory structures; what if your OS writes program memory to unencyphered swap? Suddenly you have medical records, social security information, and credit card numbers in an unencrypted area of your hard disk.

          People disass

          • People disassemble, degauss, and shred those disks in those contexts.

            Or used them for target practice. A hard drive with a bullet hole or two is quite unusable.

            • by Tool Man ( 9826 )

              Hah, thought that was just me. Be nice though, and pry the circuit board off first so you don't scatter bits all over the range.
              See you there!

              • No need to go to a range. Just put the hard drives on the back fence, sit down by the porch door and aimed at an upward angle to miss the neighbor's roofline. ;)
          • by Anonymous Coward

            What kind of thief breaks into your secure facility and steals your servers?

            Well, linux isn't necessarily just for servers. Can also be used for desktop and portable equipment. But let's talk servers here.

            A couple of years ago, offices here in Austin, Texas were broken into for the company C3 Productions (owners of Austin City Limits and Lollapalooza music festivals). All their servers were taken. Now, I doubt they were hosting their ticketing ecommerce website from within their offices. But those server

          • what if your OS writes program memory to unencyphered swap?

            Luckily, encrypting the swap partition on Linux is trivially easy:

            http://hydra.geht.net/tino/how... [geht.net]

            Only an idiot would encrypt their hard drives and not their swap partition.

          • Let me guess: you like to burn money by destroying hardware that can be replaced for free and you think automatically the sysadmins in charge of implementing encryption are incompetent. Are you working for the government?

      • Re: (Score:2, Insightful)

        by Anonymous Coward

        I'm not sure what encryption is useful for.

        Think about extremely common and relatively benign cases, before you even bother getting to the topic of thieves.

        You buy a hard drive with a warranty. Before the warranty expires, the drive fails. It doesn't work (or not reliably) so you can't confidently wipe it. But you can't physically destroy it either, if you want it replaced through the warranty instead of at your own expense.

        So you send the drive (which contains your data) to total strangers where they w

        • by Bert64 ( 520050 )

          Security is expensive, hardware is cheap.
          You can buy from vendors who are used to dealing with clients holding confidential data, and expect them to handle returns or swallow the cost of replacements without returning the dead ones. It all depends on the contract between you and the supplier.

          Or you can simply not return faulty drives, just replace them and then destroy the faulty ones.
          Many places will stress test the drives for a while before putting live data on them, most drives that will fail during thei

      • It seems like just another point of failure to me.

        The idea that it is useful when moving equipment has some merit, but you don't need an encryption-away FS to do it.

      • > The laptop niche seems okay,

        Except it is not an niche. Personally I haven't used a desktop/workstation computer for like 5 years. And also it have been like 5 years (or more) since notebook shipments exceeded desktop/workstations. Of course in sane IT deployments loss of client computer should not be a problem but still there could be sensitive data there. Even system level stuff like password hashes and so on. Maybe it is rare but security breaches usually involve the weakest link - and be it that if

        • Laptops usually don't contain vast stores of data. Once in a while, you hear about a laptop with millions of medical records vanishing from a coffee shop; most of us have VPNs requiring our passwords, connecting remotely into applications which connect back to databases which carry tons of data. A laptop might, at the nominal worst, contain some cached information for one or two people, accessible by hours of work dredging through cache files--if that information doesn't stay entirely within memory durin

      • I'm not sure what encryption is useful for. If my servers get hacked, they're able to read encrypted files.

        You mention laptops and mobile devices, and claim that they get hacked way more often than they get lost/stolen. This is absolutely not true. Look at the many, many instances of laptops being lost or stolen with sensitive databases on them, and the ones that get reported publicly are just a tiny fraction.

        It's also not necessarily the case with ext4 encryption that a box getting hacked reveals all of the data on it. Ext4 encryption allows each user account -- or even various subdirectory, IIRC -- to have

        • Look at the many, many instances of laptops being lost or stolen with sensitive databases on them, and the ones that get reported publicly are just a tiny fraction.

          That's called the law of large numbers: every single person you'll ever meet in your life will have never come in contact with any other person who has come in contact with any other person who carries such data on a laptop; however, there are 7 billion people in the world, 2 billion in China, 300 million here in the US, more laptops than people in businesses, and "utility laptops" that float around with trucks instead of with users. Somewhere out there in that vast ocean covering 70% of the world's surf

    • by Anonymous Coward

      Like it has done with everything else, perhaps systemd will take over the role of the Linux kernel, too. That way no code changes need to make their way into the kernel. The kernel is just no longer present at all.

    • Ext4 encryption... (Score:4, Interesting)

      by mlts ( 1038732 ) on Monday June 22, 2015 @01:21PM (#49963743)

      ext4 encryption has a lot of promise, and I consider this a big feature. It essentially functions like EncFS/CFS, but instead of being a secondary filesystem accessible via FUSE, it is part of the main filesystem. The closest thing it parallels is AIX's EFS.

      I'm not surprised that Google coded this part. It makes perfect sense for Android. Encryption of /data can be turned on immediately during a device setup without having to worry about block level items, or if the device crashes during the /data encryption process.

      Overall, an add-on which is definitely needed. Since Google mainly uses ext4, this is their best bang for the buck, and I hope the maintainers of other filesystems toss something similar in their code.

  • by Billly Gates ( 198444 ) on Monday June 22, 2015 @11:27AM (#49962737) Journal

    Does it support samsung 840 and 850 pros yet for production?

  • the doc https://docs.google.com/docume... [google.com] noted in the mailing list post fails.
    is it as simple as issuing adding an option to the makefs.ext4 then a mount command for a partition and providing the password to a prompt?
  • Does anyone know why you want encryption directly in the filesystem rather than the layered approach being offered for years by the dm-crypt kernel filesystem? The Phoronix article mentions that is intended for Android systems, so my immidiate thinking was that it had something to do with flash storage specifics. Generally I do not like it when a generic, simple solution like dm-crypt gets reimplemented at another layer, increasing complexity, but maybe there is a reason for this?
    Another article mentions F2

    • Without knowing the a actual mechanics of the process (see my post above), I am assuming there is a simplification of the creation and mount/umount process bypassing the LUKS wrapping commands and possibly simplifying the actual creation of an encrypted partition such as the dancesteps documented here:
      http://www.cyberciti.biz/hardw... [cyberciti.biz]
    • ... or maybe Google knows something you don't about good ol' dm-crypt. I see your hat and raise one more.
  • I browse in full screen mode on a 30" 2560x1600 monitor. Some would say this is folly, none the less it's what I do.
    The article news headline is on the far left 1/4 of my monitor.
    The comment quantity per article is over a fucking foot to my right and I have to glance at how many comments there are, per article, left, right, left right.

    Put it back below where it belongs.
    I don't like or care about a dopey share button - if you keep it, fine but don't make the comments number worse due to it.

    I hate to cite

Real Programmers don't eat quiche. They eat Twinkies and Szechwan food.

Working...