Out-of-the-Box, Ubuntu 14.04 LTS To Support TRIM On SSDs 133
First time accepted submitter Maurits van der Schee writes "Where in older versions you had to add a cron job calling "fstrim" or mounting with the "discard" option in fstab, the new LTS (Long Term Stable) version of Ubuntu Linux will automatically enable TRIM for your SSD. Good news for hardware enthusiasts!"
Re:Defeats pleasure of unnecessary labour (Score:5, Interesting)
But surely this defeats the perceived satisfaction of tweaking and fixing it all up manually? Where's the fun in that?
If that's your thing, use Gentoo instead. At least that's what I do. In case you're being sarcastic, the fun IMHO is in learning about your system and understanding why distros make the choices they do. I think my first week with Linux taught me more about computers than years with DOS/Windows, and I still wonder how a Windows machine can be anyone's "Personal Computer".
TRIM not always good (Score:5, Interesting)
the new LTS (Long Term Stable) version of Ubuntu Linux will automatically enable TRIM for your SSD. Good news for hardware enthusiasts!"
And terrible news for encryption experts. Enabling TRIM tells your adversary which sectors contain data and which don't. It's a great asset to cryptanalysis and also destroys plausible deniability that there's a filesystem present on the drive, and how much data is present in it -- thus eliminating the "shadow volume" option of Truecrypt and others.
Re:TRIM not always good (Score:5, Interesting)
No, YOU clearly don't know what you're talking about, and yet are arrogant as all hell.
The problem arises from the fact that while HDDs have only 2 operations (read, write) and therefore have no distinction outside the file-system of what is "free" and what is "allocated", SSDs have 3 (read, write, free), because SSDs label sectors as "free" or "allocated" (that is, the hardware itself, not just the file-system). So for a standard HDD encryption, the procedure goes: overwrite hard drive with random data, create encrypted partition, install OS on encrypted partition (last step optional, of course). What this accomplishes is that an attacker who examines the disk can't tell the difference between what is and isn't written to, since the unwritten data is random and the written data is encrypted (i.e. indistinguishable from random, if done correctly). On a TRIM-enabled SSD though, the OS sees all these unused sectors and proceeds to mark them as Free. That is a huge fucking problem, for the roughly the reasons the GP stated. In particular, it's egregiously bad for users of hidden volumes, since that hidden volume will never be TRIMed, and the attacker who can rubber hose your outer volume can see a chunk of disk that hasn't been trimmed, yet isn't allocated in the partition you gave them. They can now rubber hose THAT partition as well, whereas previously there was no way to know it even existed (in theory at least, the cryptsetup guys don't buy that).
If you don't believe this is an issue, then ask the Truecrypt devs:
http://www.truecrypt.org/docs/trim-operation
or the LUKS/dm-crypt devs:
http://asalor.blogspot.com/2011/08/trim-dm-crypt-problems.html
Please be more respectful in the future, as we're wrong more often than we like to think.