👋 Hi there.
Upgrading the TPM in HP Small Form Factor PCs for use in Linux
I’ve recently bought a few Small Form Factor PCs on eBay to use as part of my backup setup. Its hard to beat the price - I’ve gotten 4 core, 16GB machines with 250G NVMe SSDs for around $50 - $60 shipped. For one of these machines, I wanted to use the TPM to seal my SSH keys, and had to upgrade it from TPM 1.2 to 2.0. These are my notes on how to do that.
read more...
Tags: linux security ssh gpm thrift
I’ve recently bought a few Small Form Factor PCs on eBay to use as part of my backup setup. Its hard to beat the price - I’ve gotten 4 core, 16GB machines with 250G NVMe SSDs for around $50 - $60 shipped. For one of these machines, I wanted to use the TPM to seal my SSH keys, and had to upgrade it from TPM 1.2 to 2.0. These are my notes on how to do that.
read more...
Tags: linux security ssh gpm thrift
Ransomware Resistant Backups with Borg and Restic
I published my backup scripts here; this post is a bit more about how I use these scripts to manage my backups and my rationale for why I do backups the way I do. In particular, I’ve setup my backup servers to provide at least some protection against intentional deletion by a hostile party (e.g., ransomware operator, etc.) by enforcing append-only backups with Borg and Restic + Rclone. Hopefully some of these ideas will be useful to others.
read more...
Tags: linux backup restic borg
I published my backup scripts here; this post is a bit more about how I use these scripts to manage my backups and my rationale for why I do backups the way I do. In particular, I’ve setup my backup servers to provide at least some protection against intentional deletion by a hostile party (e.g., ransomware operator, etc.) by enforcing append-only backups with Borg and Restic + Rclone. Hopefully some of these ideas will be useful to others.
read more...
Tags: linux backup restic borg
Appropriate Technology in the Cloud Age
Caption: No thanks Cory Doctorow wrote a book recently called The Internet Con: How to Seize the Means of Computation, which I like and think everyone should read. At its core, the book posits a big-picture idea of forcing interoperability on tech giants to lessen their control over society. I think defanging the DMCA anti-circumvention rule, creating real penalties for abusing safe-harbor takedown notices, and just taking the Computer Fraud and Abuse Act out back and shooting it would all be excellent policy.
read more...
Tags: cloud data privacy portability appropriate technology
Caption: No thanks Cory Doctorow wrote a book recently called The Internet Con: How to Seize the Means of Computation, which I like and think everyone should read. At its core, the book posits a big-picture idea of forcing interoperability on tech giants to lessen their control over society. I think defanging the DMCA anti-circumvention rule, creating real penalties for abusing safe-harbor takedown notices, and just taking the Computer Fraud and Abuse Act out back and shooting it would all be excellent policy.
read more...
Tags: cloud data privacy portability appropriate technology
Used Hard Drives from Tech on Tech
Updates July-2024 (5 month) update - no failures on any drives. I recently had a drive failure on my NAS. While not a big deal with RAID-6, it wasn’t the first in that array, and the array as a whole was more than 3 years old. I figured with 2 out of my original 31 drives failing, and wanting a bit more horsepower on my NAS, I would just replace the whole thing.
read more...
Tags: hardware storage thrift
Updates July-2024 (5 month) update - no failures on any drives. I recently had a drive failure on my NAS. While not a big deal with RAID-6, it wasn’t the first in that array, and the array as a whole was more than 3 years old. I figured with 2 out of my original 31 drives failing, and wanting a bit more horsepower on my NAS, I would just replace the whole thing.
read more...
Tags: hardware storage thrift
Consolidated Guide to Using Yubikeys with Linux
Passwords are terrible, but Yubikeys are awesome, especially for reducing the number of passwords you need to remember and the risk of those passwords being stolen. After a fair amount of experimentation, I’ve landed on the following setup to make the most use of my Yubikeys: LUKS full disk encryption Local Linux login and sudo SSH keys for remote login Remote sudo over SSH GPG private key storage AWS CLI authentication Encrypted email with Thunderbird Using Yubikey-backed keys with Git/Github You’ll also naturally get browser-based U2F support, without having to do any extra work.
read more...
Tags: yubikey linux security u2f gpg ssh
Passwords are terrible, but Yubikeys are awesome, especially for reducing the number of passwords you need to remember and the risk of those passwords being stolen. After a fair amount of experimentation, I’ve landed on the following setup to make the most use of my Yubikeys: LUKS full disk encryption Local Linux login and sudo SSH keys for remote login Remote sudo over SSH GPG private key storage AWS CLI authentication Encrypted email with Thunderbird Using Yubikey-backed keys with Git/Github You’ll also naturally get browser-based U2F support, without having to do any extra work.
read more...
Tags: yubikey linux security u2f gpg ssh