Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux 4.1 Kernel Released With EXT4 Encryption, Performance Improvements

Posted by Soulskill on from the onward-and-upward dept.

An anonymous reader writes: The Linux 4.1 kernel has been announced and its release brings expanded features for the Linux kernel including EXT4 file-system encryption, open-source GeForce GTX 750 support, performance improvements for Intel Atom / Bay Trail hardware, RAID 5/6 improvements, and other additions.

24 of 116 comments (clear)

  1. Something to look forward to by Anonymous Coward · · Score: 3, Funny

    In RHEL 9

  2. Please fix slashdot by buck-yar · · Score: 5, Insightful

    Read More button gone. Stupid share button in its place.

    1. Re:Please fix slashdot by Anonymous Coward · · Score: 3, Informative

      Good to know I'm not the only one bugged by that, not to mention the stupid "video clips" thing they've added.

      Seems like they gave up on beta but are now messing with the "classic" site.

    2. Re:Please fix slashdot by Anonymous Coward · · Score: 3, Insightful

      No, they are re-implementing beta one step at a time. It's a new strategy.

    3. Re:Please fix slashdot by serviscope_minor · · Score: 2

      I'm not sure I get the problem. If you click on the post title, you get exactly the same as you always did, that is the post and comments. I'm using /. classic with full noscript though...

      --
      SJW n. One who posts facts.
    4. Re:Please fix slashdot by Anonymous Coward · · Score: 2, Informative

      Click the article title instead. I switched to that method years ago when the read more button started doing stupid Javascript tricks.

      Really, you should be able to cope with this sort of change. It's minor, and this isn't your site. Deal with it like an adult and quit cluttering up the discussion threads with your whining.

    5. Re:Please fix slashdot by nine-times · · Score: 4, Informative

      I'm suspicious that it was done intentionally, to prod us into posting links on social media and driving more traffic to the site. And why would I want to link my social media sites to Slashdot? I'd want to link directly to the article anyway.

    6. Re:Please fix slashdot by caseih · · Score: 4, Insightful

      Yes it still works, but it's not obvious or discoverable. And it's jarring. I typically read the blurb to decide if it's interesting, then click the read more at the bottom of the blurb to read the whole thing and the comments. Also the number of comments was right there at the bottom too, which made it nice and fast to see what were the interesting stories. Now that information is in the upper right-hand corner, so I just don't notice it straight away. I guess Dice once again has forgotten the value of slashdot and the interesting aspect of slashdot is the user-generated comments. Dice seems to be rolling out the beta site with all its crap and and its de-emphasis on user-provided content, but under the guise of the classic site. Not working guys!

      If someone can post some greasemonkey scripts to fix the site, that'd be wonderful. Also if we could just turn off the video bytes stuff that would be good also. And put the polls back where they belong!

      In the meantime, there is soylent. It's not been very good lately but if enough people go there and comment, and submit stories, maybe it will get better and be a proper replacement.

    7. Re:Please fix slashdot by c0d3g33k · · Score: 2

      I'm not sure I get the problem. If you click on the post title, you get exactly the same as you always did, that is the post and comments. I'm using /. classic with full noscript though...

      (Aside: Full noscript here too, though I don't think there's a /. classic any more, since the beta seems to be gone, or at least not actively being promoted).

      The problem in part is that many people probably click on that spot due to muscle memory - I have for over a decade. Suddenly that link has been replaced by a button that does something totally different and not universally desirable. For no good reason. The paranoid cynics might think that the placement of the social media button there is deliberate to draw accidental clicks or entice people to share more, precisely because of the aforementioned muscle memory. I'm not paranoid, but I'm becoming a cynic when it comes to this site, so I could believe that. From a user interface perspective, there's no good reason for the share button to go there, replacing "Read More". The latter does belong there, because after reading the summary, that's where your eyes are looking when reading - the next line of text. Other than a mouse click, there's no break of flow in order to 'read more'.

      The other problem is also UI and usability related. The "Read More" link was immediately obvious as the place to click if you wanted to ... read more. That's why so many people click there. When the share button replaced it, there were no obvious places to click from a visual perspective.

      The post title links to the full story, yes, but there's no visual cue whatsoever that it's a link unless you happen to mouse over it. Once you experimentally click there, you can discover that it shares the same behaviour as the read more link, but experimental clicking is bad UI design.

      The same goes for the dark blob that's supposed to be a word balloon, I guess. If you understand the symbolism derived from comics (which many probably do, I'll grant you) you know it means something about talking and dialog, so an intuitive leap would lead the user to think that it's a link to comments, or a link to make a comment. But what if the user doesn't want to comment? That's not the first choice for clicking either. It's of course also not visually a link, so the user has to discover it with the mouse like an old 'find the hotspot pixel' point-and-click adventure game. As it turns out, it also does the same thing as the former "Read More" link, so it's not even a shortcut way to jump to the comments, or make one. AND, it's grouped with a set of icons that take the user to a list of stories by topic. Cue the Sesame Street song: "One of these things is not like the others, One of these things just doesn't belong ...". Once again, bad UI design.

      To summarize:
      A link with the text "Read More" - immediately graspable and discoverable. Good UI design.
      Awkwardly placed hidden links with no obvious purpose that have to be discovered via mouse over - poorly graspable and discoverable. Bad UI design.

      *That's* the problem.

    8. Re:Please fix slashdot by Anonymous Coward · · Score: 2, Interesting

      It's worth noting that there's an interesting comment in the HTML social menu, under the selector "article footer div.grid_10.l":


          <div class="popularity">
              <a href =""><i class="icon-thumbs-up-alt"></i></a>
          </div>
          <div class="popularity">
              <a href =""><i class="icon-thumbs-down-alt"></i></a>
          </div>

      I'm really hoping the next step isn't to enable Reddit/Facebook style "vote up/down" popularity contest bs. This is Slashdot, if we like something, we'll comment on it.

    9. Re:Please fix slashdot by Anrego · · Score: 2

      So much this.

      It's such a small change but it totally screws up a flow we've had forever and which made perfect sense. Read title, read summary, read number of comments, click to read said comments. Now it's, read title, read summary, look to upper right to see number of comments, then move mouse back to title to read them (I'm sure I'm not the only one who moves the mouse along as I read).

      And yeah, the weird floating videobytes thing.. that's gotta go.

  3. Lots of great features and no kdbus by FreeUser · · Score: 3, Interesting

    Building the kernel now.

    Very cook feature list, with arguably the best feature being that they managed to keep kdbus and more systemd nonsense from infecting the kernel code. I'm especially looking forward to trying out ext4 encryption on my laptop.

    --
    The Future of Human Evolution: Autonomy
    1. Re:Lots of great features and no kdbus by bluefoxlucid · · Score: 2, Interesting

      I'm not sure what encryption is useful for. If my servers get hacked, they're able to read encrypted files. Malware on my Android device can read my encrypted files as soon as I get the phone properly booted. The laptop niche seems okay, except laptops get hacked just like desktops way more often than they get stolen and offlined.

      --
      Support my political activism on Patreon.
    2. Re:Lots of great features and no kdbus by MightyMartian · · Score: 5, Interesting

      It's certainly useful when you're moving equipment or storage devices. Your complaint would apply to any encrypted storage system that mounted an encrypted file system; Bitlocker, Truecrypt, dmcrypt, etc.

      I work for a company that does a lot of government contract work, and we are contractually bound in almost all cases to story certain kinds of confidential data on encrypted media. When using Linux servers, we usually use dmcrypt, but EXT4 encryption would be a nice option as well.

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    3. Re:Lots of great features and no kdbus by Anonymous Coward · · Score: 2, Insightful

      I'm not sure what encryption is useful for.

      Think about extremely common and relatively benign cases, before you even bother getting to the topic of thieves.

      You buy a hard drive with a warranty. Before the warranty expires, the drive fails. It doesn't work (or not reliably) so you can't confidently wipe it. But you can't physically destroy it either, if you want it replaced through the warranty instead of at your own expense.

      So you send the drive (which contains your data) to total strangers where they will have physical access and be completely unaccountable. Even if the first group of strangers is friendly, if they have their act together, they might recycle any viable platters. Now your platter is on the market, possibly with your data on it. Or it's in a trash bin.

      That data needs to be cyphertext.

    4. Re:Lots of great features and no kdbus by bluefoxlucid · · Score: 2

      Yes, but you see the point: the applications of encryption are small, mostly restricted to communication. Encrypting storage is crap. You can argue that moving physical equipment is "communication", because information moves from one place to another. This is ridiculous when moving from one rack to the rack 5 feet away; it's more pertinent when shipping backup tapes between buildings; and it makes some middling amount of sense when excessing hardware--you might throw out a whole, unwiped drive, which is communication to an unknown recipient.

      I don't care about contracts; they're legal things which dictate how to do things. I care about threat models, which tells me what to write into contracts, and what unwritten actions to take so as to provide contractual guarantees. If the contracting organization tells me to encrypt disks but doesn't tell me to encrypt communications, I'm going to encrypt communications wherever possible: we've established their data's confidentiality is important, and my organization is competent enough to provide appropriate handling, as well as advice to the contracting organization about what other actions they should take to protect their data (e.g. we'll need them to prepare to receive encrypted data if we're communicating encrypted data to them).

      You may be facing an unwinnable battle trying to avoid unnecessary and silly risk controls, but you should still use your full expertise to identify what risks are in play and what additional risk controls are necessary yet haven't been put into policy. These are the things you must bring up to your contracting organization: tell your client when you believe further action is needed to protect their data. You can't do that just by blindly accepting what's in the contract as "our security requirements for this project"; you need to know the effectiveness and non-effectiveness of each mitigation strategy to recognize what risks are identified and what additional risks have gone unaddressed.

      --
      Support my political activism on Patreon.
    5. Re:Lots of great features and no kdbus by bluefoxlucid · · Score: 2

      You don't RMA disks with such sensitive information that you need file-by-file encryption or whatnot; you shred the disks. Your OS reads data through an IO layer that decrypts it as it streams, storing it in memory as unencrypted data, which is then read by programs and integrated into memory structures; what if your OS writes program memory to unencyphered swap? Suddenly you have medical records, social security information, and credit card numbers in an unencrypted area of your hard disk.

      People disassemble, degauss, and shred those disks in those contexts. Even with whole-disk encryption, there's an assumption that an attacker could bypass the encryption somehow.

      What kind of thief breaks into your secure facility and steals your servers? Is this more likely than getting hacked into repeatedly?

      Encryption is only good for data in transit. That often includes laptops and mobile devices, problem being even those are exposed whenever on. Theft is the most minor problem; it's just one that gets a lot of attention and a lot of questions asked.

      --
      Support my political activism on Patreon.
    6. Re:Lots of great features and no kdbus by kosmosik · · Score: 2

      > The laptop niche seems okay,

      Except it is not an niche. Personally I haven't used a desktop/workstation computer for like 5 years. And also it have been like 5 years (or more) since notebook shipments exceeded desktop/workstations. Of course in sane IT deployments loss of client computer should not be a problem but still there could be sensitive data there. Even system level stuff like password hashes and so on. Maybe it is rare but security breaches usually involve the weakest link - and be it that if stoling a notebook is easier than breaking in your network then attackers would go and steal that laptop.

      > except laptops get hacked just like desktops way more often than they get stolen and offlined

      True. Probably spear-phishing or something like that would be easier than physically stealing a notebook. But stealing is still possible so you should protect also that vector of attack.

      It's funny that IRRC the guy behind SilkRoad was captured using his laptop. The FBI tracked him and waited for opportunity to seize his notebook without possibility for him to shut it down (as it was encrypted). The lesson here is maybe to have some low-range personal device like bluetooth LE smartband that makes the computer to shut down where you are not close to it (like very close). And also don't tell anybody about it. ;)

      Oh and for the Silkroad guy it would be wiser to operate from a country in which FBI has no jurisdiction... ;)

  4. Ssd support by Billly+Gates · · Score: 2

    Does it support samsung 840 and 850 pros yet for production?

    --
    http://saveie6.com/
  5. There are a lot of systemd-free options out there by FreeUser · · Score: 3, Informative

    Which distro are you using that isn't already infected by systemd? I'm SO glad Gentoo still allows me to use OpenRC...

    Me too! I use both funtoo and gentoo, at work and at home, but here's a pretty good sized list of options for those who like debian, arch, and other distributions:

    http://without-systemd.org/wik...

    If you're stuck with Red Hat, your choices have been pretty much taken from you, and you should probably be looking to change to something else, but otherwise you probably have the choice of using OpenRC or upstart, and someone has probably already figured out how for you.

    --
    The Future of Human Evolution: Autonomy
  6. Re:There are a lot of systemd-free options out the by LVSlushdat · · Score: 2, Informative

    Am a Debian fan, and seriously pissed that Debian decided to slide down the systemd shithole, so I decided to check out the Debian fork, Devuan.. Seems they have taken Jessie and ripped that systemd abortion out.. Am currently running it in a Virtualbox vm, time will tell if I go with Devuan over Debian....

    --
    THANK YOU, Edward Snowden!! Americans owe you a debt of gratitude (whether they know it or not..)
  7. Ext4 encryption... by mlts · · Score: 3, Interesting

    ext4 encryption has a lot of promise, and I consider this a big feature. It essentially functions like EncFS/CFS, but instead of being a secondary filesystem accessible via FUSE, it is part of the main filesystem. The closest thing it parallels is AIX's EFS.

    I'm not surprised that Google coded this part. It makes perfect sense for Android. Encryption of /data can be turned on immediately during a device setup without having to worry about block level items, or if the device crashes during the /data encryption process.

    Overall, an add-on which is definitely needed. Since Google mainly uses ext4, this is their best bang for the buck, and I hope the maintainers of other filesystems toss something similar in their code.

  8. EXT4 vs dm-crypt by xarragon · · Score: 2

    Does anyone know why you want encryption directly in the filesystem rather than the layered approach being offered for years by the dm-crypt kernel filesystem? The Phoronix article mentions that is intended for Android systems, so my immidiate thinking was that it had something to do with flash storage specifics. Generally I do not like it when a generic, simple solution like dm-crypt gets reimplemented at another layer, increasing complexity, but maybe there is a reason for this?
    Another article mentions F2FS (Flash-Friendly File System) as a possible merge target. Suggests it serves needs for flash memory. I guess exposing the filesystem structure/metadata without actually revealing the data itself makes more efficient flash utilization possible. Or maybe it makes it easier for law enforcement to bypass it, if your tinfoil hat is on.
    The mailing list entry itself is here: http://thread.gmane.org/gmane....
    Links to a design document in the mailing list was dead at time of writing.

  9. It's all out in the open by dbIII · · Score: 2

    Makes you wonder what RH is doing behind the scenes and why.

    Lennart frequently blogs about how he could have been a contender and had his own linux if he'd just been born a little earlier - plus his plans of what he's doing behind the scenes to make linux HIS. It's all out in the open, lots of detail and if we don't like it we can just use somebody else's stuff.
    I wish him good luck with his "world domination" but I also wish he was a bit more patient and would stop inflicting alpha level shit on us as part of the process. You'd think he would have learnt his lesson with PulseAudio and NetworkManager that crashing pre-alpha shit doesn't belong in a "stable" release and that people using the "stable" release shouldn't have to put up with three years of crashes until he finally gets his shit together.
    To Lennart the linux environment has the fatal flaw that it's not under the tight control of anyone. To me that's an advantage. Previous attempts at a one size fits all environment (eg. on the desktop, CDE, supposed to be imposed on all but only really liked by people at Sun) have just demonstrated that people really do not want to be forced into a one size fits all environment.