[03:10]  * Obsidian1723 Hi all...
[03:11] <h00k> OHAI THAR
[03:12] <h00k> I smell like hot tub
[03:32]  * Obsidian1723 *grumbles about this "IT company" that messed things up - badly*
[21:48] <Takyoji> I'm curious how many here use an encrypted /home partition
[23:07] <_diablo> Takyoji: I don't. I don't see a big purpose. Why not just use truecrypt if you actually care about it?
[23:07] <_diablo> I trust that encryption far more than whatever unspecified thing Ubuntu has decreed is best
[23:07] <_diablo> Do you know off hand what type of encryption algorithms they use?
[23:22] <rlaager> I have an encrypted ~, which is what I assume you mean.
[23:23] <rlaager> The big advantage of ecryptfs is that I can efficiently rsync my data to a backup server and have it be *encrypted* on that backup server.
[23:23] <rlaager> If I had a block-level encryption solution, I'd have to rsync the whole block device, including unused space.
[23:28] <_diablo> rlaager: ah, that makes sense. But rsync keeps the encryption intact?
[23:29] <rlaager> _diablo: Yes. Here's what "mount" returns for me: /home/rlaager/.Private on /home/rlaager type ecryptfs
[23:30] <_diablo> hmmm, couldn't you do the same backup from one container to another container while having both mounted?
[23:30] <rlaager> For each regular file in my home directory, there is a corresponding file in /home/rlaager/.Private. So, excluding filename encryption (which ecryptfs has now, but didn't used to), /home/rlaager/.ssh/id_dsa would be /home/rlaager/.Private/.ssh/id_dsa, which would be encrypted.
[23:30] <_diablo> ahhh
[23:30] <rlaager> Yes, you could, but then you'd have to mount the encrypted container on the remote server. This way, I don't have to trust the remote server with my data. All it ever sees is encrypted data.
[23:31] <_diablo> hmmmm, makes sense. okay, I see a potential advantage then.
[23:31] <rlaager> I'm moving from one backup server to another right now, but both of them are systems I'm sharing with co-workers. (I work at a small ISP, so we can just colo there.)
[23:31] <rlaager> Especially now, with new disks... I'm using only 50% of my drive at the moment. So I only need to sync that 50%, not the whole disk.
[23:32] <rlaager> Plus, I can easily exclude certain things. For example, I exclude ~/ubuntu-*.iso.
[23:33] <rlaager> This used to be easier than it is now that there's filename encryption (i.e. I used to be able to exclude /home/rlaager/.Private/ubuntu-*.iso.) I know how to write the script to do that; I just need to get it going.
[23:41] <_diablo> yeah, fair enough