while searching for the icons repo i found this: https://wiki.ubuntu.com/Artwork/Incoming/Karmic/Humanity_Icons. i still think that the interface on the screenshots looks much better than modern ones.. and modern operating systems don't ask you to find your inner koala! https://wiki.ubuntu.com/Artwork/Incoming/Karmic/Finding_Your_Inner_Koala
installed ubuntu in a vm out of curiosity. its icons are awesome, i think i'll try to package them for the distro i use. it's good that the installer lets you choose a minimal install with fewer apps. but i don't understand the why they suggest that you use livepatch on a desktop system, which is presumably meant for users who don't know what a kernel is.
/: 22,3 GiB (23918297088 bytes) trimmed
and now that block is filled with zeroes :)
i created another very large file from urandom and that block got overwrited as it should've been
yay, free space on ssd wiped!
it was a journald file (!) which apparently contained my browser data. i found it by searching "infosec.exchange". now i vacuumed journals and the block no longer belongs to anyone..
well the block dump shows me that data i saw in dhex, so i got the right block number, but inside the file that i found this way there's no such data
okay so i tried to calculate the block number knowing the hex offset in bytes (= offset / 4096), found the inode using that block with
debugfs -R "icheck $block_number" /dev/sda1
then found the file for that inode using
debugfs -R "ncheck $inode_number" /dev/sda1
now let's see if i found the right file..
okay, no, it doesn't. it was a bad idea. i thought that adding it late enough would make it act as a fallback, but it overrides default rules, including those that allow local users to run poweroff/reboot/etc without authentication. so yeah, the only way is to add the homed user as an administrator in a separate rule. which isn't a clean solution.
whoa, my laptop's bios/uefi setup doesn't appear to be backdoored
i'm pretty sure it can be reset after disassembling the laptop, but at least that's something. the service manual says, if you don't remember your password, lenovo can't help you. so maybe there isn't even a jumper dedicated to resetting cmos!
yeah it does!
oh wait i could add an interactive rule, like, if subject.isInGroup("wheel"), then auth_self. that should work.
imo systemd-homed should let the admin create a temporary user password, one that would only be used for the first login, after which systemd would ask the user to submit a new password and do the encryption work itself
setting the password during user creation is no good bc the admin could set a temporary password and save generated luks headers. then the user would change their password and think they're safe, while in reality they're not.
luks works by encrypting the real encryption key using a user-supplied password or file. so changing the luks password only makes sense if you found a hardware keylogger or someone saw you enter your password, not when an adversary had access to your system? and giving each user their own password only makes sense if they don't have access to raw disk data?
a strange girl interested in infosec and coding. loves her girlfriend. interact with my posts please!
A Mastodon instance for info/cyber security-minded people.