probonopd
commented
3 years ago Nice, just hope that … it can be used at the corporate!
Out of the box, helloSystem is designed for end users, not for system administrators or corporate lockdown officers. That being said, it is open source and just FreeBSD under the hood, so normal FreeBSD system administration skills do apply.
there is, I believe, a genuine need for some degree of encryption
I agree. Making this really nice and seamless (no Terminal needed) would be a welcome addition.
maybe wait until (without GELI) FreeBSD can boot from encrypted OpenZFS
Agree!
Keywords: privacy, security
From https://www.youtube.com/watch?v=PlPTVbhrKYM&lc=Ugx3Jc3jbkLTS7ps-Ux4AaABAg yesterday:
I do hope so, although password-less
sudois causing corporate IT security managers worldwide to suffer nervous twitches at their Christmas dinner tables. Feuerzangenbowle accidents have been reported.Jokes and corporate use cases aside: there is, I believe, a genuine need for some degree of encryption. Home directory on a USB flash drive or whatever is fine, until that medium falls into the wrong hands … and so on.
Brainstorming
37
Consider the approach that's currently taken by NomadBSD. From https://nomadbsd.org/handbook/handbook.html#firstboot:
If I recall correctly: the wizard offers to encrypt both system startup and the home directory; I chose both, then in everyday use I'm typically prompted just once.
The GELI-based implementation is fine, but might be a distraction during early development of helloSystem …
… maybe wait until (without GELI) FreeBSD can boot from encrypted OpenZFS; #32