I've stumbled over Lars Wirzenius' article Debian Lessons (Subtitle: Project management lessons from the Debian project) today. The article is from 2000 (updated 2004), but is still very, very relevant nowadays. Here's the table of contents (reading this alone would already help many projects out there, I think):
Make sure to read the whole article. This compilation of tips should prove useful for many community-driven Free Software project out there.
As I have bought a new 300 GB external USB disk drive on Friday, I have tried something new this time: disk encryption using dm-crypt / LUKS. It has been suggested to me multiple times that dm-crypt is superior to loop-aes, however I didn't get a real reason. Yes, it doesn't require any kernel patches and is easier to setup. But has any serious cryptographer looked at it sharply, yet? Did it withhold his eye contact?
Anyways, here's how I encrypted my 300 GB drive. I largely followed the guide at the EncryptedDeviceUsingLUKS wiki page...
badblocks -c 10240 -s -w -t random -v /dev/sdb
/dev/sdbwith whatever is correct on your system. If you're really paranoid, and are willing to wait one or two days, do this:
dd if=/dev/urandom of=/dev/sdb
apt-get install cryptsetup
cryptsetup --verbose --verify-passphrase luksFormat /dev/sdb1
cryptsetup luksOpen /dev/sdb1 samsung300gb
mkfs.ext3 -j -m 1 -O dir_index,filetype,sparse_super /dev/mapper/samsung300gb
mount /dev/mapper/samsung300gb /mnt/samsung300gb
/mnt/samsung300gbwill be encrypted transparently.
cryptsetup luksClose /dev/mapper/samsung300gb
After unmounting, nobody will be able to see your data without knowing the correct passphrase. Drive is stolen? No problem. Drive is broken, and you want to send it in for repair without the guys there poking in your data? No problem. You leave the USB drive at home and some jerk breaks into your house, steals your drive, rapes your wife, and kills your kids? No problem. Well, sort of, but you get the idea ;-)
There's more things you can do, thanks to LUKS: have multiple passphrases which unlock your data, change/add/remove passphrases as you see fit, etc.
Update 2006-04-17: You have to use cryptsetup from unstable if you want LUKS support. cryptsetup in testing does not support this (thanks Ariel).
Linus Torvalds is a Debian developer now. No, really.
I recently had trouble installing/running Debian on my Sun Sparc Ultra 10. Lessons learned:
In related news: Sun has released the design of the OpenSparc T1 under the terms of the GPL. Great news, thanks Sun!