👋 Hi there.
Ransomware Resistant Backups with Borg and Restic
I published my backup scripts here; this post is a bit more about how I use these scripts to manage my backups and my rationale for why I do backups the way I do. In particular, I’ve setup my backup servers to provide at least some protection against intentional deletion by a hostile party (e.g., ransomware operator, etc.) by enforcing append-only backups with Borg and Restic + Rclone. Hopefully some of these ideas will be useful to others.
read more...
Tags: linux backup restic borg
I published my backup scripts here; this post is a bit more about how I use these scripts to manage my backups and my rationale for why I do backups the way I do. In particular, I’ve setup my backup servers to provide at least some protection against intentional deletion by a hostile party (e.g., ransomware operator, etc.) by enforcing append-only backups with Borg and Restic + Rclone. Hopefully some of these ideas will be useful to others.
read more...
Tags: linux backup restic borg
Appropriate Technology in the Cloud Age
Caption: No thanks Cory Doctorow wrote a book recently called The Internet Con: How to Seize the Means of Computation, which I like and think everyone should read. At its core, the book posits a big-picture idea of forcing interoperability on tech giants to lessen their control over society. I think defanging the DMCA anti-circumvention rule, creating real penalties for abusing safe-harbor takedown notices, and just taking the Computer Fraud and Abuse Act out back and shooting it would all be excellent policy.
read more...
Tags: cloud data privacy portability appropriate technology
Caption: No thanks Cory Doctorow wrote a book recently called The Internet Con: How to Seize the Means of Computation, which I like and think everyone should read. At its core, the book posits a big-picture idea of forcing interoperability on tech giants to lessen their control over society. I think defanging the DMCA anti-circumvention rule, creating real penalties for abusing safe-harbor takedown notices, and just taking the Computer Fraud and Abuse Act out back and shooting it would all be excellent policy.
read more...
Tags: cloud data privacy portability appropriate technology
Used Hard Drives from Tech on Tech
Updates July-2024 (5 month) update - no failures on any drives. August-2024 (6 month) update - still no failures on my drives from tech on tech, but I had another of my original Seagate Exos NAS drives fail - that’s now a 100% failure rate in less than 4 years. I recently had a drive failure on my NAS. While not a big deal with RAID-6, it wasn’t the first in that array, and the array as a whole was more than 3 years old.
read more...
Tags: hardware storage thrift
Updates July-2024 (5 month) update - no failures on any drives. August-2024 (6 month) update - still no failures on my drives from tech on tech, but I had another of my original Seagate Exos NAS drives fail - that’s now a 100% failure rate in less than 4 years. I recently had a drive failure on my NAS. While not a big deal with RAID-6, it wasn’t the first in that array, and the array as a whole was more than 3 years old.
read more...
Tags: hardware storage thrift
Consolidated Guide to Using Yubikeys with Linux
Passwords are terrible, but Yubikeys are awesome, especially for reducing the number of passwords you need to remember and the risk of those passwords being stolen. After a fair amount of experimentation, I’ve landed on the following setup to make the most use of my Yubikeys: LUKS full disk encryption Local Linux login and sudo SSH keys for remote login Remote sudo over SSH GPG private key storage AWS CLI authentication Encrypted email with Thunderbird Using Yubikey-backed keys with Git/Github You’ll also naturally get browser-based U2F support, without having to do any extra work.
read more...
Tags: yubikey linux security u2f gpg ssh
Passwords are terrible, but Yubikeys are awesome, especially for reducing the number of passwords you need to remember and the risk of those passwords being stolen. After a fair amount of experimentation, I’ve landed on the following setup to make the most use of my Yubikeys: LUKS full disk encryption Local Linux login and sudo SSH keys for remote login Remote sudo over SSH GPG private key storage AWS CLI authentication Encrypted email with Thunderbird Using Yubikey-backed keys with Git/Github You’ll also naturally get browser-based U2F support, without having to do any extra work.
read more...
Tags: yubikey linux security u2f gpg ssh
New Workstation
After a long absence (circa 2006) from using Linux as my daily computing environment, I decided to build a new Linux workstation. I’m extremely happy with how it turned out, so I’m writing this post with some details about the hardware and software I selected and why. The short version is that everything works, including suspend to RAM, GPU drivers, sound, hardware sensors (temperature, fan speed, etc.) and all with no weird patches and only one or two custom settings.
read more...
Tags: linux hardware wayland archlinux
After a long absence (circa 2006) from using Linux as my daily computing environment, I decided to build a new Linux workstation. I’m extremely happy with how it turned out, so I’m writing this post with some details about the hardware and software I selected and why. The short version is that everything works, including suspend to RAM, GPU drivers, sound, hardware sensors (temperature, fan speed, etc.) and all with no weird patches and only one or two custom settings.
read more...
Tags: linux hardware wayland archlinux