So full-disk encryption on a Linux laptop is basically bullshit, isn’t it?
*gasps from the audience* *angry shouting*
Lock your computer: unencrypted
Sleep: unencrypted
Suspend: unencrypted
Hand your locked/sleeping/suspended computer to a customs agent or leave it unattended at a cafe: it’s unencrypted.
And we call this secure.
So I guess that’s the first thing to fix before we can recommend these devices to everyday people instead of Macs (see FileVault for a proper implementation).
@aral
I just shut down my laptop whenever I can't keep my eye on it.
@aral
Oh, yes it's certainly inconvenient.
Power button to usable desktop: 48 seconds
Power button to screen off: 7 seconds
So, there's a minute wasted every time I use my laptop.
Is FileVault (2) really secure? It's certainly more convenient (and without publically known exploits), but FileVault 1 wasn't.