Linux 4.1 Kernel Released With EXT4 Encryption, Performance Improvements

An anonymous reader writes: The Linux 4.1 kernel has been announced and its release brings expanded features for the Linux kernel including EXT4 file-system encryption, open-source GeForce GTX 750 support, performance improvements for Intel Atom / Bay Trail hardware, RAID 5/6 improvements, and other additions.

Something to look forward to

In RHEL 9

Re:Something to look forward to

[antiperimetaparalogo]

Used already for Fedora's (o.k., i know, but someone must prepare for the next RHEL!) development (a.k.a. "rawhide") version, to be released around late October as version 23.

Re:Something to look forward to

And Debian 15

Those two distros crack me up. I use up to date distros on all my servers and desktops and never have any compatibility or stability issues.

Please fix slashdot

[buck-yar]

Read More button gone. Stupid share button in its place.

Re:Please fix slashdot

Good to know I'm not the only one bugged by that, not to mention the stupid "video clips" thing they've added.

Seems like they gave up on beta but are now messing with the "classic" site.

Re:Please fix slashdot

No, they are re-implementing beta one step at a time. It's a new strategy.

Re:Please fix slashdot

[serviscope_minor]

I'm not sure I get the problem. If you click on the post title, you get exactly the same as you always did, that is the post and comments. I'm using /. classic with full noscript though...

Re:Please fix slashdot

Click the article title instead. I switched to that method years ago when the read more button started doing stupid Javascript tricks.

Really, you should be able to cope with this sort of change. It's minor, and this isn't your site. Deal with it like an adult and quit cluttering up the discussion threads with your whining.

Re:Please fix slashdot

Speaking of video clips, can they get a new one?

I'm getting tired of that scrotum-looking balloon.

Re:Please fix slashdot

[nine-times]

I'm suspicious that it was done intentionally, to prod us into posting links on social media and driving more traffic to the site. And why would I want to link my social media sites to Slashdot? I'd want to link directly to the article anyway.

Re:Please fix slashdot

[buck-yar]

Who's whining? lol

Re:Please fix slashdot

[thePsychologist]

A web workaround is just to go to http://slashdot.org/archive.pl

The headlines tell you as much as the summaries around this place, and you don't have to see the ugly front page any more.

Re:Please fix slashdot

You, you're whining.

Re:Please fix slashdot

[caseih]

Yes it still works, but it's not obvious or discoverable. And it's jarring. I typically read the blurb to decide if it's interesting, then click the read more at the bottom of the blurb to read the whole thing and the comments. Also the number of comments was right there at the bottom too, which made it nice and fast to see what were the interesting stories. Now that information is in the upper right-hand corner, so I just don't notice it straight away. I guess Dice once again has forgotten the value of slashdot and the interesting aspect of slashdot is the user-generated comments. Dice seems to be rolling out the beta site with all its crap and and its de-emphasis on user-provided content, but under the guise of the classic site. Not working guys!

If someone can post some greasemonkey scripts to fix the site, that'd be wonderful. Also if we could just turn off the video bytes stuff that would be good also. And put the polls back where they belong!

In the meantime, there is soylent. It's not been very good lately but if enough people go there and comment, and submit stories, maybe it will get better and be a proper replacement.

Re:Please fix slashdot

SD is pretty much dead anyway. Look to the front page and look at the counts (they made them nice and big anyway)

Only political drivel gets high post counts. The stuff that is worth coming here for may get 50-60 replies. Talk about how some R vs D did something stupid? 700+ count... easy.

Re:Please fix slashdot

Oh dear god, not this again.

Nobody uses "Read More" links anymore. Just click on the title, which should always have been the default behavior. Want to read the article? Click on on the article. You should NOT have to search for a "Read More" link.

Re:Please fix slashdot

[MSG]

Does slashdot provide anything that a sub-reddit wouldn't?

Re:Please fix slashdot

[c0d3g33k]

I'm not sure I get the problem. If you click on the post title, you get exactly the same as you always did, that is the post and comments. I'm using /. classic with full noscript though...

(Aside: Full noscript here too, though I don't think there's a /. classic any more, since the beta seems to be gone, or at least not actively being promoted).

The problem in part is that many people probably click on that spot due to muscle memory - I have for over a decade. Suddenly that link has been replaced by a button that does something totally different and not universally desirable. For no good reason. The paranoid cynics might think that the placement of the social media button there is deliberate to draw accidental clicks or entice people to share more, precisely because of the aforementioned muscle memory. I'm not paranoid, but I'm becoming a cynic when it comes to this site, so I could believe that. From a user interface perspective, there's no good reason for the share button to go there, replacing "Read More". The latter does belong there, because after reading the summary, that's where your eyes are looking when reading - the next line of text. Other than a mouse click, there's no break of flow in order to 'read more'.

The other problem is also UI and usability related. The "Read More" link was immediately obvious as the place to click if you wanted to ... read more. That's why so many people click there. When the share button replaced it, there were no obvious places to click from a visual perspective.

The post title links to the full story, yes, but there's no visual cue whatsoever that it's a link unless you happen to mouse over it. Once you experimentally click there, you can discover that it shares the same behaviour as the read more link, but experimental clicking is bad UI design.

The same goes for the dark blob that's supposed to be a word balloon, I guess. If you understand the symbolism derived from comics (which many probably do, I'll grant you) you know it means something about talking and dialog, so an intuitive leap would lead the user to think that it's a link to comments, or a link to make a comment. But what if the user doesn't want to comment? That's not the first choice for clicking either. It's of course also not visually a link, so the user has to discover it with the mouse like an old 'find the hotspot pixel' point-and-click adventure game. As it turns out, it also does the same thing as the former "Read More" link, so it's not even a shortcut way to jump to the comments, or make one. AND, it's grouped with a set of icons that take the user to a list of stories by topic. Cue the Sesame Street song: "One of these things is not like the others, One of these things just doesn't belong ...". Once again, bad UI design.

To summarize:
A link with the text "Read More" - immediately graspable and discoverable. Good UI design.
Awkwardly placed hidden links with no obvious purpose that have to be discovered via mouse over - poorly graspable and discoverable. Bad UI design.

*That's* the problem.

Re:Please fix slashdot

It's worth noting that there's an interesting comment in the HTML social menu, under the selector "article footer div.grid_10.l":

    <div class="popularity">
        <a href =""><i class="icon-thumbs-up-alt"></i></a>
    </div>
    <div class="popularity">
        <a href =""><i class="icon-thumbs-down-alt"></i></a>
    </div>

I'm really hoping the next step isn't to enable Reddit/Facebook style "vote up/down" popularity contest bs. This is Slashdot, if we like something, we'll comment on it.

Re:Please fix slashdot

[iONiUM]

Also try shrinking your browser (to make it the same size as any phone) and the stupid icons overlap the summary so you can't even read it.

Re:Please fix slashdot

[Culture20]

I don't think there's a /. classic any more, since the beta seems to be gone, or at least not actively being promoted

It exists, but it's well hidden in account preferences. I use a classicish mode which is good because it's the only way to read -1 moderated comments (-1 comments seem to be impossible to read from the default UI). Unfortunately, the devs test changes very rarely with classic mode, so things break often.

Re:Please fix slashdot

You can't even read the fucking headline if it is too long. Try it in a fucking iPad.
Do they even test this shit?

Re:Please fix slashdot

It doesn't have to be that small. This shit is unusable even on iPad.

Re:Please fix slashdot

-1 comments seem to be impossible to read from the default UI

I set the hidden threshold to -1 so nothing gets hidden and they start out "abbreviated". Not sure how you'll get to the configuration for that without javascript though.

Re:Please fix slashdot

You're so full of yourself, that you don't see that you are the one that is whining.

Re:Please fix slashdot

Oh, god, it's true. Looks like they're going to use a web font icon to represent "up" and "down." Probably baked into the woff file that's now included in the obscene shitload of resources that make up a pageview now. Christ, I can barely read Slashdot on my iPod as it is, because the sheer bulk of all the ads and useless shit tacked on freezes even fairly recent mobile devices. It's just tracker after tracker after tracker. Christ on a stick.

Re:Please fix slashdot

[iONiUM]

I don't understand why anyone working on a website would only test with like 1280 resolution. The first thing you always do is test at at least

Re:Please fix slashdot

[iONiUM]

Ahhhh... it read it as HTML. I put "less than or equal to 1024 at least."

Re:Please fix slashdot

[ItsJustAPseudonym]

Dice seems to be rolling out the beta site with all its crap and and its de-emphasis on user-provided content, but under the guise of the classic site.

Yeah! Fuck classic!

Re:Please fix slashdot

[Anrego]

So much this.

It's such a small change but it totally screws up a flow we've had forever and which made perfect sense. Read title, read summary, read number of comments, click to read said comments. Now it's, read title, read summary, look to upper right to see number of comments, then move mouse back to title to read them (I'm sure I'm not the only one who moves the mouse along as I read).

And yeah, the weird floating videobytes thing.. that's gotta go.

Re:Please fix slashdot

[CODiNE]

I just click the Article title. But I use classic. That and I mostly use RSS to get the articles so I've largely ignored the new interface for years.

Re:Please fix slashdot

[UnknownSoldier]

Perfect analysis of all the UI fails.

Just leave the dam site alone. It was working fine the way it was before.

Re:Please fix slashdot

[PvtVoid]

Really, you should be able to cope with this sort of change. It's minor, and this isn't your site.

But you don't understand! They moved my button! It has rendered me completely helpless!

Re:Please fix slashdot

FYI, here's what it looks like uncommented:
http://i.imgur.com/4DHWRkG.png

Re:Please fix slashdot

[0100010001010011]

The problem in part is that many people probably click on that spot due to muscle memory

I'm glad I'm not the only one. And I've been 'here' since ~2000.

Re:Please fix slashdot

[0100010001010011]

Anyone want to kickstart a new site? Between all the sites going to this and people trying to keep Voat offline so Redditor's don't have any alternative I'm ready to just go back to IRC & Usenet.

Toss on a small daemon to handle voting of Usenet articles, add a web front end for people that can't use anything else and just have a place for intelligent discussion with moderation, decentralized.

Re:Please fix slashdot

goddamn, you guys live to complain.
yeah the "share" thing is annoying as shit, but that's about it.
just be thankful its still predominantly 'classic'

Re:Please fix slashdot

That's not a goatse link. Everyone's right. Slashdot has changed.

Re:Please fix slashdot

[ultranova]

Really, you should be able to cope with this sort of change. It's minor, and this isn't your site. Deal with it like an adult and quit cluttering up the discussion threads with your whining.

There isn't all that much to clutter up anymore. People are reminiscing about the good old days while packing up their proverbial wagons. Meanwhile, the devs make random changes that won't attract new users but will help drive away the rest of the old.

It's sad, but everything has its end. And at least Slashdot also had glory days. When your grandkids ask you "Anon, what's Slashdot Effect?", you can tell them you were there, crashing those servers.

Re:Please fix slashdot

[complete+loony]

You can hide the videos with a simple adblock filter; "slashdot.org##article#firehose-000".

You could also make the share button go away (slashdot.org##div.popularity), but that does break the tags css.

Re:Please fix slashdot

Here's mine. I'm certain people can find holes in my code or better ways to do this, but it seems to work for me:

var killIt2 = document.getElementById('firehose-000');
if(killIt2)
{
    killIt2.parentNode.removeChild(killIt2);
}
var articles = document.getElementsByTagName("article");
var len = articles.length;
for(i = 0; i 0)
                {
                          numComments = cbubbles[0].childNodes[0].innerHTML;
                }
                else
                {
                        numComments = 0;
                }

                var topicID = "topic-"+idNum;
                var tIcon = document.getElementById(topicID);
                tIcon.style.right = "32px";

                var shareButtons = art.getElementsByClassName("popularity menu-trigger");
                shareButtons[0].innerHTML = "" + numComments + " Comments";
                cbubbles[0].parentNode.removeChild(cbubbles[0]);
                shareButtons[0].style.backgroundColor = "white";
                shareButtons[0].style.border = "none";
      }
} //modify stylesheet to correct color of comments link
var bob = 111;
var sheetCount = document.styleSheets.length;
var lastSheet = document.styleSheets[sheetCount-1];
var ruleCount;
if (lastSheet.cssRules)
{ // Firefox uses 'cssRules'
        ruleCount = lastSheet.cssRules.length;
}
else if (lastSheet.rules)
{ //IE uses 'rules' //I only use firefox - this is untested. is there even greasemonkey for IE?
      ruleCount = lastSheet.rules.length;
}
var newRuleA = ".popularity a:hover { color: #006666; !important;}";
var newRuleB = ".popularity a { color: #006666; !important;}";
lastSheet.insertRule(newRuleA, ruleCount);
lastSheet.insertRule(newRuleB, ruleCount + 1);

Re:Please fix slashdot

stupid comments eating things between less then and greater than. Try again:
find and replace any lESS_THAN iun code below before use!

var killIt2 = document.getElementById('firehose-000');
if(killIt2)
{
    killIt2.parentNode.removeChild(killIt2);
}
var articles = document.getElementsByTagName("article");
var len = articles.length;
for(i = 0; i LESS_THAN len; i++)
{

        var art = articles[i];
        if(art.getAttributeNode("class").value == "nosort" || art.getAttributeNode("class").value == "modal-content")
        { //there are a few 'articles' on the page which aren't stories, but I don't find offensive Ignore them for now
        }
        else
        {
                var idNum = art.getAttributeNode("data-fhid").value;
                var storyHeaders = art.getElementsByClassName("story");
                var story = storyHeaders[0];
                var titleSpans = story.childNodes[1];
                var linkA = titleSpans.childNodes[1];
                var linkDest = linkA.getAttributeNode("href").value;
                var cbubbles = art.getElementsByClassName("comment-bubble");
                var numComments = 0;
                if(cbubbles.length > 0)
                {
                          numComments = cbubbles[0].childNodes[0].innerHTML;
                }
                else
                {
                        numComments = 0;
                }

                var topicID = "topic-"+idNum;
                var tIcon = document.getElementById(topicID);
                tIcon.style.right = "32px";

                var shareButtons = art.getElementsByClassName("popularity menu-trigger");
                shareButtons[0].innerHTML = "LESS_THANa href=\"" + linkDest + "\">" + numComments + " CommentsLESS_THAN/a>";
                cbubbles[0].parentNode.removeChild(cbubbles[0]);
                shareButtons[0].style.backgroundColor = "white";
                shareButtons[0].style.border = "none";
      }
} //modify stylesheet to correct color of comments link

var sheetCount = document.styleSheets.length;
var lastSheet = document.styleSheets[sheetCount-1];
var ruleCount;
if (lastSheet.cssRules)
{ // Firefox uses 'cssRules'
        ruleCount = lastSheet.cssRules.length;
}
else if (lastSheet.rules)
{ //IE uses 'rules' //I only use firefox - this is untested. is there even greasemonkey for IE?
      ruleCount = lastSheet.rules.length;
}
var newRuleA = ".popularity a:hover { color: #006666; !important;}";
var newRuleB = ".popularity a { color: #006666; !important;}";
lastSheet.insertRule(newRuleA, ruleCount);
lastSheet.insertRule(newRuleB, ruleCount + 1);

Lots of great features and no kdbus

[FreeUser]

Building the kernel now.

Very cook feature list, with arguably the best feature being that they managed to keep kdbus and more systemd nonsense from infecting the kernel code. I'm especially looking forward to trying out ext4 encryption on my laptop.

Re:Lots of great features and no kdbus

It's become a monster. Some of it has been forced by hardware changes, but most of it has self-inflicted.

Re:Lots of great features and no kdbus

[NoNonAlphaCharsHere]

Which distro are you using that isn't already infected by systemd? I'm SO glad Gentoo still allows me to use OpenRC...

Re:Lots of great features and no kdbus

[bluefoxlucid]

I'm not sure what encryption is useful for. If my servers get hacked, they're able to read encrypted files. Malware on my Android device can read my encrypted files as soon as I get the phone properly booted. The laptop niche seems okay, except laptops get hacked just like desktops way more often than they get stolen and offlined.

Re: Lots of great features and no kdbus

Like it has done with everything else, perhaps systemd will take over the role of the Linux kernel, too. That way no code changes need to make their way into the kernel. The kernel is just no longer present at all.

Re:Lots of great features and no kdbus

[MightyMartian]

It's certainly useful when you're moving equipment or storage devices. Your complaint would apply to any encrypted storage system that mounted an encrypted file system; Bitlocker, Truecrypt, dmcrypt, etc.

I work for a company that does a lot of government contract work, and we are contractually bound in almost all cases to story certain kinds of confidential data on encrypted media. When using Linux servers, we usually use dmcrypt, but EXT4 encryption would be a nice option as well.

Re:Lots of great features and no kdbus

[itsme1234]

Huh, what is encryption good for? You don't care if your servers get stolen by a random thief and then ebayed?

If you need to RMA disks you don't have to chose between eating yourself the loss and living with the fear that your vendor might just quickly fix it and send it to some random customer together with all your data?

Re:Lots of great features and no kdbus

I'm not sure what encryption is useful for.

Think about extremely common and relatively benign cases, before you even bother getting to the topic of thieves.

You buy a hard drive with a warranty. Before the warranty expires, the drive fails. It doesn't work (or not reliably) so you can't confidently wipe it. But you can't physically destroy it either, if you want it replaced through the warranty instead of at your own expense.

So you send the drive (which contains your data) to total strangers where they will have physical access and be completely unaccountable. Even if the first group of strangers is friendly, if they have their act together, they might recycle any viable platters. Now your platter is on the market, possibly with your data on it. Or it's in a trash bin.

That data needs to be cyphertext.

Re:Lots of great features and no kdbus

[vilanye]

It seems like just another point of failure to me.

The idea that it is useful when moving equipment has some merit, but you don't need an encryption-away FS to do it.

Re:Lots of great features and no kdbus

[vilanye]

err encryption-aware

Re:Lots of great features and no kdbus

[bluefoxlucid]

Yes, but you see the point: the applications of encryption are small, mostly restricted to communication. Encrypting storage is crap. You can argue that moving physical equipment is "communication", because information moves from one place to another. This is ridiculous when moving from one rack to the rack 5 feet away; it's more pertinent when shipping backup tapes between buildings; and it makes some middling amount of sense when excessing hardware--you might throw out a whole, unwiped drive, which is communication to an unknown recipient.

I don't care about contracts; they're legal things which dictate how to do things. I care about threat models, which tells me what to write into contracts, and what unwritten actions to take so as to provide contractual guarantees. If the contracting organization tells me to encrypt disks but doesn't tell me to encrypt communications, I'm going to encrypt communications wherever possible: we've established their data's confidentiality is important, and my organization is competent enough to provide appropriate handling, as well as advice to the contracting organization about what other actions they should take to protect their data (e.g. we'll need them to prepare to receive encrypted data if we're communicating encrypted data to them).

You may be facing an unwinnable battle trying to avoid unnecessary and silly risk controls, but you should still use your full expertise to identify what risks are in play and what additional risk controls are necessary yet haven't been put into policy. These are the things you must bring up to your contracting organization: tell your client when you believe further action is needed to protect their data. You can't do that just by blindly accepting what's in the contract as "our security requirements for this project"; you need to know the effectiveness and non-effectiveness of each mitigation strategy to recognize what risks are identified and what additional risks have gone unaddressed.

Re:Lots of great features and no kdbus

[bluefoxlucid]

You don't RMA disks with such sensitive information that you need file-by-file encryption or whatnot; you shred the disks. Your OS reads data through an IO layer that decrypts it as it streams, storing it in memory as unencrypted data, which is then read by programs and integrated into memory structures; what if your OS writes program memory to unencyphered swap? Suddenly you have medical records, social security information, and credit card numbers in an unencrypted area of your hard disk.

People disassemble, degauss, and shred those disks in those contexts. Even with whole-disk encryption, there's an assumption that an attacker could bypass the encryption somehow.

What kind of thief breaks into your secure facility and steals your servers? Is this more likely than getting hacked into repeatedly?

Encryption is only good for data in transit. That often includes laptops and mobile devices, problem being even those are exposed whenever on. Theft is the most minor problem; it's just one that gets a lot of attention and a lot of questions asked.

Re:Lots of great features and no kdbus

[Bert64]

The problem is you can't always be the one to dictate the contract terms, and quite often someone utterly incompetent will have come up with the terms...
There are organisations which are burdened with the requirement to encrypt *ALL* disks, even those on servers because someone writing the contract heard the encryption buzzword, or got a kickback from a company selling a disk encryption product.

When the contract stipulates that something must be done, even if that something is stupid then it's very easy to justify the expense and negative side effects of doing so. If something is not stipulated, it can be quite difficult to justify, even if there are significant benefits it can be hard to explain these to people with a poor understanding. Many don't care and are purely concerned with complying with the given spec, while others will assume that whoever wrote the spec knows more than you do and that the spec is gospel and cannot be wrong.

Re:Lots of great features and no kdbus

[Bert64]

Security is expensive, hardware is cheap.
You can buy from vendors who are used to dealing with clients holding confidential data, and expect them to handle returns or swallow the cost of replacements without returning the dead ones. It all depends on the contract between you and the supplier.

Or you can simply not return faulty drives, just replace them and then destroy the faulty ones.
Many places will stress test the drives for a while before putting live data on them, most drives that will fail during their useful lifespan will do so early on and can be returned at this point because they don't have any worthwhile data on them yet. Drives that fail after a few years are worthless anyway, and will just be replaced with newer higher capacity drives.

The overhead of encryption means inferior performance, higher cpu utilisation, overhead of key management, cost of dedicated crypto hardware etc... This will often outweigh the cost of a couple of extra drives should some fail.

Re:Lots of great features and no kdbus

[__aaclcg7560]

People disassemble, degauss, and shred those disks in those contexts.

Or used them for target practice. A hard drive with a bullet hole or two is quite unusable.

Re:Lots of great features and no kdbus

[PvtVoid]

what if your OS writes program memory to unencyphered swap?

Luckily, encrypting the swap partition on Linux is trivially easy:

http://hydra.geht.net/tino/how...

Only an idiot would encrypt their hard drives and not their swap partition.

Re:Lots of great features and no kdbus

What kind of thief breaks into your secure facility and steals your servers?

One with a power saw

Re:Lots of great features and no kdbus

[bluefoxlucid]

You're obviously not from this planet.

Re:Lots of great features and no kdbus

How would you compare the management effort to managing self-encrypting drives?

Re:Lots of great features and no kdbus

[Tool+Man]

Hah, thought that was just me. Be nice though, and pry the circuit board off first so you don't scatter bits all over the range.
See you there!

Re:Lots of great features and no kdbus

[__aaclcg7560]

No need to go to a range. Just put the hard drives on the back fence, sit down by the porch door and aimed at an upward angle to miss the neighbor's roofline. ;)

Re:Lots of great features and no kdbus

[kosmosik]

> The laptop niche seems okay,

Except it is not an niche. Personally I haven't used a desktop/workstation computer for like 5 years. And also it have been like 5 years (or more) since notebook shipments exceeded desktop/workstations. Of course in sane IT deployments loss of client computer should not be a problem but still there could be sensitive data there. Even system level stuff like password hashes and so on. Maybe it is rare but security breaches usually involve the weakest link - and be it that if stoling a notebook is easier than breaking in your network then attackers would go and steal that laptop.

> except laptops get hacked just like desktops way more often than they get stolen and offlined

True. Probably spear-phishing or something like that would be easier than physically stealing a notebook. But stealing is still possible so you should protect also that vector of attack.

It's funny that IRRC the guy behind SilkRoad was captured using his laptop. The FBI tracked him and waited for opportunity to seize his notebook without possibility for him to shut it down (as it was encrypted). The lesson here is maybe to have some low-range personal device like bluetooth LE smartband that makes the computer to shut down where you are not close to it (like very close). And also don't tell anybody about it. ;)

Oh and for the Silkroad guy it would be wiser to operate from a country in which FBI has no jurisdiction... ;)

Re:Lots of great features and no kdbus

[swillden]

I'm not sure what encryption is useful for. If my servers get hacked, they're able to read encrypted files.

You mention laptops and mobile devices, and claim that they get hacked way more often than they get lost/stolen. This is absolutely not true. Look at the many, many instances of laptops being lost or stolen with sensitive databases on them, and the ones that get reported publicly are just a tiny fraction.

It's also not necessarily the case with ext4 encryption that a box getting hacked reveals all of the data on it. Ext4 encryption allows each user account -- or even various subdirectory, IIRC -- to have its own keys. So a hacker can only get access to the directories whose keys have been loaded into memory. So the attacker has to own the box and then maintain ownership and connectivity until the data he's after has been unlocked.

You're also ignoring implementations which use hardware-based keys (HSM or similar) with other access controls on key usage, potentially even including rate limiting. So even if an attacker manages full privilege escalation and fully owns the box, he can't get access to anything encrypted unless he can satisfy the other access control requirements, and may also be rate-limited.

Malware on my Android device can read my encrypted files as soon as I get the phone properly booted.

Only if said malware can manage a privilege escalation attack. Granted that this issue is orthogonal to disk encryption, which is all about protecting against attackers with physical access to a powered down (or, to a lesser extent) locked device.

Re:Lots of great features and no kdbus

You throw around the term "hacked" a lot. We need a more technical definition for this discussion to have any use at all. Zero day remote exploits? Zero day local exploits? Malware, misconfiguration, weak passwords, and social engineering do not qualify as "hacking" in a more practical usage for non-laymen.

Re:Lots of great features and no kdbus

How does anything you said just apply to the college student who can only afford one new HD per year? Higher CPU and dedicated crypto? Hardly. ZFS with compression and full disk encryption is looking to be pretty freaking fast in FreeBSD 11. Lots of new upgrades to increase core scaling ZFS, GELI, and CAM(SCSI/ATA kernel layer). Plus tweaks to AES-NI that allows many fewer cycles per block. A little over 1GB/s per core with very near linear scaling of cores.

Re: Lots of great features and no kdbus

Holy God! Do you mean that systemDamage might acquire device drivers? I thought I'd heard it all, but this is new.

Re:Lots of great features and no kdbus

[itsme1234]

Let me guess: you like to burn money by destroying hardware that can be replaced for free and you think automatically the sysadmins in charge of implementing encryption are incompetent. Are you working for the government?

Re:Lots of great features and no kdbus

A lot of enterprise contacts don't require you to return a dead drive. When a drive fails you pull it out and replace it with one of your spares and they mail you a new one. Didn't have enough spares? They overnight the new drive for free. You must work for a small company.

Re:Lots of great features and no kdbus

[dbIII]

Default encryption on USB sticks/drives may be a good thing for aim for before embarrassing leaks happen. That and easily stolen laptops are the only place where I see this as being of use.

it's more pertinent when shipping backup tapes between buildings

I very strongly disagree there. Adding an extra complication to backups is just asking for trouble when you really need them, especially since the person doing the restoration may effectively be somebody "grabbed off the street" when the normal staff are not available and time is pressing. Physical security is the best idea for backups and for data with a useful life of decades (eg. nobody is stupid enough to encrypt seismic data), because the details of how to decrypt something may not be available when the data is required as a matter of urgency. IMHO that's why tape drive level encryption has such little use despite being available for well over a decade. An intelligence agency with multiple people knowing the keys to decrypt the data is one thing, a commercial enterprise where everyone who knows how to read the tapes can be laid off in a single merger or reorganization is another - thus making it a disadvantage instead of an asset.

Re:Lots of great features and no kdbus

[bluefoxlucid]

Laptops usually don't contain vast stores of data. Once in a while, you hear about a laptop with millions of medical records vanishing from a coffee shop; most of us have VPNs requiring our passwords, connecting remotely into applications which connect back to databases which carry tons of data. A laptop might, at the nominal worst, contain some cached information for one or two people, accessible by hours of work dredging through cache files--if that information doesn't stay entirely within memory during access, and thus essentially vanish when gone from the screen, much less unloaded (left on-chip, but unmapped, so you need admin memory dump and might get stomped over by memory defragmentation or allocation) or rebooted.

Re:Lots of great features and no kdbus

[bluefoxlucid]

Look at the many, many instances of laptops being lost or stolen with sensitive databases on them, and the ones that get reported publicly are just a tiny fraction.

That's called the law of large numbers: every single person you'll ever meet in your life will have never come in contact with any other person who has come in contact with any other person who carries such data on a laptop; however, there are 7 billion people in the world, 2 billion in China, 300 million here in the US, more laptops than people in businesses, and "utility laptops" that float around with trucks instead of with users. Somewhere out there in that vast ocean covering 70% of the world's surface, there's 5 or 10 drops of water encasing an atom or three of plutonium. Plutonium is out there in the water.

The idea that a single counter-example invalidates a statement is flawed. It's like saying you make $3000/mo and so can afford a $1200 mortgage, but you once saw a house that had a $45,000/mo mortgage, and so only billionaires can afford to move out of their parents's basements. There are a few of those, they get a lot of attention, but they're oddities.

Ext4 encryption allows each user account -- or even various subdirectory, IIRC -- to have its own keys. So a hacker can only get access to the directories whose keys have been loaded into memory.

For the machine to be useful--to allow you to have access into a directory, to access a file, to fopen() something--you have to make the VFS layer do it. It's hard to get the kernel to fopen() and challenge the application or the user for a key (it can be done). Even if you could, think about the annoyance: your computer would require entry of a password 8000 times just to log into your desktop.

You're also ignoring implementations which use hardware-based keys (HSM or similar) with other access controls on key usage, potentially even including rate limiting.

In which case the kernel still accesses the key as part of the VFS layer, and you just fopen() the encrypted file and get unencrypted data.

Only if said malware can manage a privilege escalation attack

You mean like running as the same user that all other applications on the phone run as? You know, the user who has access to all the data on the phone? "Privilege Escalation" in this context means "run as the user", not "run as administrator". That happens if, say, you browse to a Web page that exploits a JavaScript engine bug to inject code, or install a trojaned application from the App store.

Re:Lots of great features and no kdbus

[bluefoxlucid]

Tapes being shipped by truck are often lost. There is no physical security for back-ups when you're driving down the street and prone to lose a crate of tapes. Carefirst has done that a few times. It's infrequent but, unlike laptops, every single tape floating around out there on a truck in transit to Iron Mountain is carrying a massive database of sensitive information.

Re:Lots of great features and no kdbus

[dbIII]

There is that (if it happens more than rarely they are incompetent), but the nature of backup tapes is that sometimes you need the stuff quickly and reliably. If you can't successfully explain a recovery procedure to a recent average high school student over the phone then you are doing it wrong. If someone in ten or twenty years needs to track down a key from ex-employees that have moved or died then you are doing it wrong. If things go very pear shaped your tape drives are toast and another party is going to be recovering the data you need to set up at a new site anyway.

Re:Lots of great features and no kdbus

[bluefoxlucid]

The tapes also need to be in order, and you need the right software, architecture, etc. "Use the encryption key" is the least complicated part of the DR process.

Re:Lots of great features and no kdbus

[dbIII]

FFS if any of that is less than trivial then you are doing it completely wrong. Take a look at AMANDA for an example - you can get stuff back with "dd" and "tar" if necessary instead of using the actual AMANDA software. Keys get lost. Paperwork gets lost. If you can't do it when you've got nothing but the media, a drive that can read it and ubiquitous multi-platform software then you have utterly fucked up.

Re:Lots of great features and no kdbus

[bluefoxlucid]

Take a look at AMANDA for an example - you can get stuff back with "dd" and "tar" if necessary instead of using the actual AMANDA software.

Which a McBurgerFlipper won't know how to do. Even as an experienced systems integration engineer, I would need a few hours at least to develop a plan on how to do that. I have tapes all over the place with multiple days's worth of differential backups, and I need to use dd and tar to get the data out, restore it to the appropriate systems, restore differentials and incrementals IN PROPER ORDER--meaning I have to verify I'm using the tapes in the correct order--get that data into the appropriate applications, configure the different servers on the new network so the applications can actually interact and function, and so forth.

There is no such thing as "put the tape in and tell Amanda to rebuild your data center". It's never been that way. In days of old, when servers had tape drives, you could bare-metal restore by taking the correct tape to the correct server and running restore software--requiring you to know which tape goes to which server and how to boot alternate media. When it came to banks of tapes in centralized backup, you had to configure each system to get on the network first, and to interact with your back-up system. Now we have complex PXE setups and all, which are fast, but require knowledge--even knowing how to work them, you have to know the overall engineering plan to set them up.

It's great that you take home back-ups onto an external hard drive, but we're talking about restoring data centers here.

Get with the program

You're not expected to read it, but you are expected to work for free by promoting it.

Ssd support

[Billly+Gates]

Does it support samsung 840 and 850 pros yet for production?

Re:Ssd support

What do you mean? The SSD already runs fine, I assume you're talking about a removal from TRIM blacklist?

There are a lot of systemd-free options out there

[FreeUser]

Which distro are you using that isn't already infected by systemd? I'm SO glad Gentoo still allows me to use OpenRC...

Me too! I use both funtoo and gentoo, at work and at home, but here's a pretty good sized list of options for those who like debian, arch, and other distributions:

http://without-systemd.org/wik...

If you're stuck with Red Hat, your choices have been pretty much taken from you, and you should probably be looking to change to something else, but otherwise you probably have the choice of using OpenRC or upstart, and someone has probably already figured out how for you.

Re:There are a lot of systemd-free options out the

[LVSlushdat]

Am a Debian fan, and seriously pissed that Debian decided to slide down the systemd shithole, so I decided to check out the Debian fork, Devuan.. Seems they have taken Jessie and ripped that systemd abortion out.. Am currently running it in a Virtualbox vm, time will tell if I go with Devuan over Debian....

Re:There are a lot of systemd-free options out the

What is amazing is that it didn't take them 15 years to slide down that shit hole.

Heaven forbid they provide a reasonably up to date kernel or gcc, but they have no problems adding this abortion and squelching all complaints.

Makes you wonder what RH is doing behind the scenes and why.

Who steals servers?

What kind of thief breaks into your secure facility and steals your servers?

Well, linux isn't necessarily just for servers. Can also be used for desktop and portable equipment. But let's talk servers here.

A couple of years ago, offices here in Austin, Texas were broken into for the company C3 Productions (owners of Austin City Limits and Lollapalooza music festivals). All their servers were taken. Now, I doubt they were hosting their ticketing ecommerce website from within their offices. But those servers probably contained email and files related to contracts with major entertainers. SSN and bank deposit details were likely included therein. It pretty clearly was a targetted attack and I don't think the thieves were looking to fence the hardware.

Ext4 encryption...

[mlts]

ext4 encryption has a lot of promise, and I consider this a big feature. It essentially functions like EncFS/CFS, but instead of being a secondary filesystem accessible via FUSE, it is part of the main filesystem. The closest thing it parallels is AIX's EFS.

I'm not surprised that Google coded this part. It makes perfect sense for Android. Encryption of /data can be turned on immediately during a device setup without having to worry about block level items, or if the device crashes during the /data encryption process.

Overall, an add-on which is definitely needed. Since Google mainly uses ext4, this is their best bang for the buck, and I hope the maintainers of other filesystems toss something similar in their code.

Re:There are a lot of systemd-free options out the

[dissy]

This post has no useful content. That said:

I just wanted to say thank you very much for the link FreeUser! It's been slightly frustrating at best trying to keep up with all the partial yet somehow already out of date blogs to get the same information.
It is very much appreciated.

Bad dog analogy

[PPH]

After I fixed my dog, he just sleeps alot and got fat.

The "Ads Disabled" checkbox did elimnate a lot of leg humping.

is there a howto on encrypting and mounting?

[Anomalyst]

the doc https://docs.google.com/docume... noted in the mailing list post fails.
is it as simple as issuing adding an option to the makefs.ext4 then a mount command for a partition and providing the password to a prompt?

Re:Please fix slashdot - blocking videobytes

Simple adblock filter of 'slashdot.org###firehose-000' does the trick for me (for now...). Such an eyesore and waste of space otherwise. I'm here for the text, and being able to consume the content quickly and efficiently, I don't have time to watch and listen to video/audio garbage, you can't "skim-read" such type of media to pick out the useful points quickly. Yet another mindless web-2.0-ification waste of time as far as I'm concerned. Sure video/audio has it's places in communicating some forms of information e.g. complex gaming walkthroughs where it's easier to show something in pictures than describe in text, but this place doesn't seem suited for it.

Capcha: dogged

Re:There are a lot of systemd-free options out the

[armanox]

Red Hat is Linux. End of story. What Red Hat says, everyone (that matters) does.

EXT4 vs dm-crypt

[xarragon]

Does anyone know why you want encryption directly in the filesystem rather than the layered approach being offered for years by the dm-crypt kernel filesystem? The Phoronix article mentions that is intended for Android systems, so my immidiate thinking was that it had something to do with flash storage specifics. Generally I do not like it when a generic, simple solution like dm-crypt gets reimplemented at another layer, increasing complexity, but maybe there is a reason for this?
Another article mentions F2FS (Flash-Friendly File System) as a possible merge target. Suggests it serves needs for flash memory. I guess exposing the filesystem structure/metadata without actually revealing the data itself makes more efficient flash utilization possible. Or maybe it makes it easier for law enforcement to bypass it, if your tinfoil hat is on.
The mailing list entry itself is here: http://thread.gmane.org/gmane....
Links to a design document in the mailing list was dead at time of writing.

Re:EXT4 vs dm-crypt

[Anomalyst]

Without knowing the a actual mechanics of the process (see my post above), I am assuming there is a simplification of the creation and mount/umount process bypassing the LUKS wrapping commands and possibly simplifying the actual creation of an encrypted partition such as the dancesteps documented here:
http://www.cyberciti.biz/hardw...

Re:EXT4 vs dm-crypt

The mechanics are simple: it's directory-tree based, and you simply use an ioctl to enable encryption within a subtree. See https://lwn.net/Articles/639427/

It's significantly easier to setup and maintain programmatically then dm-crypt. The point is to make it easy for users and applications to setup their own encrypted directory trees with relative ease.

Re:EXT4 vs dm-crypt

[peawormsworth]

... or maybe Google knows something you don't about good ol' dm-crypt. I see your hat and raise one more.

Move the comments number BACK

[AbRASiON]

I browse in full screen mode on a 30" 2560x1600 monitor. Some would say this is folly, none the less it's what I do.
The article news headline is on the far left 1/4 of my monitor.
The comment quantity per article is over a fucking foot to my right and I have to glance at how many comments there are, per article, left, right, left right.

Put it back below where it belongs.
I don't like or care about a dopey share button - if you keep it, fine but don't make the comments number worse due to it.

I hate to cite fucking reddit of all places but isn't their score, comments and news headline all left focused? All the "important shit" is on the left, grouped together?
Cmon people fucking think would you?

Idea

[gladius17]

I've got some ideas for a new type of discussion system that has never been implemented before, but which is way better than anything anyone else is using. If someone wants to build a better slashdot, get in touch and let's talk. I'm so sick of this piece of shit. Replacing slashdot is not enough; we need to take down reddit too. Who wants to create the best forum on the internet?

Anyone else think it's stupid for a site to make people wait half a fucking hour between posting comments? Especially when said site could use all the comments it can get? Especially when one has a brand new account and would like to simply begin posting without being nannied and controlled and made to wait? Especially when the sole karma one has been able to earn over the past week is one solitary -1, Flamebait by some prick (or Dice employee) who didn't get the joke? This site is fundamentally broken in so many ways.

My email server is gmail; user is nathan.klein, with a ".17" added on before the 'at.'

(Note: anyone who attempts to argue with anything posted in this comment is wrong, and nobody here has any use for your incorrect and harmful opinion.)

Fix for Firefox users

[chris-chittleborough]

Find your profile directory. It should contain a subdirectory named chrome. Edit or create a text file there named userContent.css (ie., chrome/userContent.css relative to the profile directory). Insert the following:

@-moz-document domain(slashdot.org) {
.comment-bubble { opacity: 0.3 !important; }
}

changing the opacity value as required. Restart Firefox.

(This would be more useful as a Greasemonkey script, but I don't know how to write one of them. Volunteers?)

It's all out in the open

[dbIII]

Makes you wonder what RH is doing behind the scenes and why.

Lennart frequently blogs about how he could have been a contender and had his own linux if he'd just been born a little earlier - plus his plans of what he's doing behind the scenes to make linux HIS. It's all out in the open, lots of detail and if we don't like it we can just use somebody else's stuff.
I wish him good luck with his "world domination" but I also wish he was a bit more patient and would stop inflicting alpha level shit on us as part of the process. You'd think he would have learnt his lesson with PulseAudio and NetworkManager that crashing pre-alpha shit doesn't belong in a "stable" release and that people using the "stable" release shouldn't have to put up with three years of crashes until he finally gets his shit together.
To Lennart the linux environment has the fatal flaw that it's not under the tight control of anyone. To me that's an advantage. Previous attempts at a one size fits all environment (eg. on the desktop, CDE, supposed to be imposed on all but only really liked by people at Sun) have just demonstrated that people really do not want to be forced into a one size fits all environment.

Thanks!

Oo that's nice. I'll definitely be using this instead from now on!

Re:Lots of greMoat features and no kdbus

[mk2soldier]

https://www.flickr.com/photos/...

Tampermonkey / Greasemonkey script to fix this

Here's a Tampermonkey script to fix it:
http://pastebin.com/wZKjNi1S

I used the original HTML and CSS from the Wayback Machine which means they might remove those classes at some point in the future.

Wrong - way easier now than it ever has been

[dbIII]

Even as an experienced systems integration engineer, I would need a few hours at least to develop a plan on how to do that

Joking, newbie, selling yourself way short or completely and utterly fucking useless - what is it to be? The amusing bit is the condescending crap on the end about home backups when the situation is that if you are responsible for the gear then you are failing in your duty if you cannot do a bare metal restore of critical systems AND talk somebody with minimal experience through it. I've been there and had a complex pile of stuff only I knew how to restore properly, but I did my job and got it all down to a procedure just a few lines long with simple steps and it gets packed in with the tapes.

you have to know the overall engineering plan to set them up.

So you refine the plan so that a monkey can step through it and you document it well enough that you can read it to somebody two minutes after waking or someone with limited experience can read it themselves.
FFS - it's far easier now than it ever was before since we can boot stuff off USB drives and then remotely populate their disks with what was on their before instead of reinstalling before restore.

Since you laid on the condescending crap it's time for me to ask you a question. As a "systems integration engineer" shouldn't you be considering things from an engineering approach of improving the system that is broken instead of an ad-hoc basketweaving approach of the technician just doing what seems sort of OK a different way each time while waiting for someone to write procedures for them to follow? I don't consider myself an engineer anymore since I've been exclusively on the IT side since 2000 but I do still apply the approach that I used on engineering problems, something you self-declared engineers who do not have their title accepted by a professional body should consider if you want to be taken seriously.

Re:Wrong - way easier now than it ever has been

[bluefoxlucid]

You're ridiculous. "Oh, I can just walk into a major bank, an insurance company, or a credit card processor, and, with no foreknowledge of their systems, wave my hand and reconstruct their entire data center from back-ups, no planning required!" You'll get a non-working system.

You're one of those people who thinks he's a rockstar developer, a magic sysadmin with the Midas touch. I've watched hundreds of people like you destroy businesses and then walk off smiling to yourself about how you did a perfect job. I have been there, and I have done that; you are a child to me, an artifact from my past whose knowledge and experiences are a subset of mine.

Don't strawman me

[dbIII]

You're ridiculous. "Oh, I can just walk into a major bank

Only your stupid strawman is ridiculous, I'm suggesting that if you WORK at a major bank and you are responsible for their backups then part of that is being able to do bare metal recovery AND walk others through the process.
Yes, your strawman is stupid, but I didn't suggest anything remotely like your imaginary friend that you are shouting at and I have to admit that I think it's a very childish way to act.

While perhaps I should have been clearer and stated that with AMANDA you don't have to rely on dd and tar, the system is built in such a way that you can get by with as little as that if you have to in an emergency instead of installing and configuring that AMANDA software on a new machine first. While I wasn't clear enough I very much object to your over-reaction to that misunderstanding.

an artifact from my past whose knowledge and experiences are a subset of mine

With respect - professional engineer here, guy with a HR granted title of engineer there. You really should choose your insults a bit more carefully. I'm sure you have plenty of skills I do not have but to me IT in general is a subset of what I was doing last century, so you have only succeeded in making me laugh by puffing yourself up.

Re:Don't strawman me

[bluefoxlucid]

Only your stupid strawman is ridiculous, I'm suggesting that if you WORK at a major bank and you are responsible for their backups then part of that is being able to do bare metal recovery AND walk others through the process.

Your argument was that some stupid intern you hired might not be able to figure out how to use an encryption key, so the process should be simple; then it was that keys and documents get lost, and you should be a good enough admin to know wtf you're doing; now it's that you have the whole process memorized, being the veteran resident expert on the business's particular system and having designed it from the ground up.

Let's refresh your memory:

If you can't successfully explain a recovery procedure to a recent average high school student over the phone then you are doing it wrong. If someone in ten or twenty years needs to track down a key from ex-employees that have moved or died then you are doing it wrong.

As well,

With respect - professional engineer here, guy with a HR granted title of engineer there. You really should choose your insults a bit more carefully. I'm sure you have plenty of skills I do not have but to me IT in general is a subset of what I was doing last century, so you have only succeeded in making me laugh by puffing yourself up.

In the last decade, we've moved on to virtualization, infrastructure as a service, and document stores like MongoDB. Last decade, when you were doing this shit, you probably had huge SQL relational databases, which are like collections of giant CSV files with indexes; those databases were a step forward from LDAP, a form of hierarchical database, basically a giant file system with tiny files; while document stores are basically giant collections of XML- or JSON-like data, with indexes. Routers are now ASAs, with 10 MICROSECOND switching while deep-packet-inspecting 26 gigabytes of data per second, thanks to using ASIC logic instead of general-purpose CPUs; switches operate on layer 3, analyzing IP headers, because why not blur the line between what is a fucking switch and what is a router?

Not to say that old skill sets don't found new skill sets, but we have managed to get rather dated here rather quickly. I've compensated largely by constantly collecting more information and keeping a broad knowledge base, rather than staying current in a single technology. Everything from financial systems to devops, from back-ups to system programming, has some level of competence on my skill sheet--some of them are very low levels of competence, some (like Unix administration) are such high levels of competence that I'm over-invested, to the point that I can use awk to impressive but wholly-unnecessary effect.

I branched out into project management because this is just too much crap to use effectively any other way, which is why I have comments on long-term planning, and particularly on risk management. Losing an encryption key is one of the most minor risks I can imagine, and every scenario you suggest is patently ridiculous. Twenty-year-old back-ups? A process that hasn't changed while the data center around it has undergone disruptive transformations? Keys owned by employees, rather than static in the back-up system and transferred off-site over key exchange protocols? People overwrite tapes every year in a cycle; your back-up process would not work if not updated to keep up with your data center's needs; and any such stupidity as poor encryption key handling would be projected early in the process, or else you're completely incompetent and likely won't have working back-ups anyway.

Re:Don't strawman me

[dbIII]

Last decade, when you were doing this shit

Bit longer than that and still doing it. Why bother to quote something if you haven't read and comprehended it?

Twenty-year-old back-ups?

Indeed. Even though that's a bad idea with media life and formats there's a lot of material that fits that description, especially in the geosciences and some other applied sciences. It's something I have to deal with several times a year with some clients even providing tapes from the late 1970s.

What's with the misrepresentation?

[dbIII]

Losing an encryption key is one of the most minor risks I can imagine

It's both potentially a complete showstopper and totally unnecessary in the first place. I don't really understand why you cannot grasp the concept.
I'll restate something above in another way - if you can't work out how to do a bare metal restore on a single system with all the needed data on media that you can read and the right hardware then somebody has seriously fucked up. That guy that worked there should have put something together in such a way as someone with a moderate skillset can work it out, or someone with detailed instructions can do it with very little in the way of skills. Requiring a key that can be lost is a major fuckup waiting to happen. You suggested you wouldn't be able to work it out in a couple of hours - I think you were selling yourself short to try to make a point just as your ridiculous strawman in my name "with no foreknowledge of their systems" WHEN THE ENTIRE POINT is to PROVIDE FOREKNOWLEDGE OF THEIR SYSTEMS by having disaster recovery documents designed to be read by the least skilled person capable of doing the job.

I see the problem now

[dbIII]

I see the problem now - you didn't even try to understand my example. The point of the example is that with AMANDA the instructions on what to do with the files (eg. how to fall back as far as "dd" and "tar" if that's all you've got and you are in a hurry) are in the header as ASCII text. That's why if you can't work out how to restore a single system from that in a couple of hours you are really selling yourself very short. That's how such things should be. Self-documenting as much as possible. No arbitrary bullshit since it doesn't go down very well when half your time is taken by fending off users who want to know when you'll have things back as they were.

Re:I see the problem now

[bluefoxlucid]

You still assert that inputting an encryption key into a process is massively complex. It's not like they're performing mathematical key scheduling by hand; they have to enter a fucking password, or provide a key file from a USB drive kept with the back-ups.

This is the bar you set: someone is going to be too stupid to insert USB dongle with key. Restoring back-ups with Amanda is no trivial task; it's not rocket surgery, but it's not "turn the computer on and smile". There will be instructions, tape ordering, direction of which data to restore where, etc. Bacula is a better package at least, but same deal: there's not a one-button DR. The only people who have one-button DR have pre-built warm sites ready to go at all times.

Re:I see the problem now

[dbIII]

You still assert that inputting an encryption key into a process is massively complex.

No, just massively stupid and directly opposed to the entire operation of having something to come back from when the shit hits the fan. It's a situation for physical security and not something to keep yourself and a few others in a job because nobody else has the keys. Being one office fire away from the org never having access to some data ever again is what backups are supposed to prevent and not enforce.

This is the bar you set:

Please give up on the juvenile pissing contest and name calling and at least attempt to aspire to your HR granted appropriation of a professional qualification that you shoved in my face earlier. I wrote what I wrote above, stuff about devising procedures you should recall, stuff about self documenting you should recall, and not the words you are putting into my mouth.