Upgrading the TPM in HP Small Form Factor PCs for use in Linux
I’ve recently bought a few Small Form Factor PCs on eBay to use as part of my backup setup. Its hard to beat the price - I’ve gotten 4 core, 16GB machines with 250G NVMe SSDs for around $50 - $60 shipped. For one of these machines, I wanted to use the TPM to seal my SSH keys, and had to upgrade it from TPM 1.2 to 2.0. These are my notes on how to do that.
read more...
Tags: linux security ssh gpm thrift
I’ve recently bought a few Small Form Factor PCs on eBay to use as part of my backup setup. Its hard to beat the price - I’ve gotten 4 core, 16GB machines with 250G NVMe SSDs for around $50 - $60 shipped. For one of these machines, I wanted to use the TPM to seal my SSH keys, and had to upgrade it from TPM 1.2 to 2.0. These are my notes on how to do that.
read more...
Tags: linux security ssh gpm thrift
Backup Tools
Table of Contents Overview Features Installation Special Considerations for the Maintenance Script License Overview Backup Tools is a pair of scripts for creating and managing append-only backups made with Borg and Restic. It supports automatically backing up a specified set of files, per-host exclusions, error reporting, and via a second script, periodic verification and compaction of the backups. Why Append-only backups? In short, so a malicious person or group, like a ransomware crew, can’t easily delete or alter your backups.
read more...
Tags: linux backup restic borg
Table of Contents Overview Features Installation Special Considerations for the Maintenance Script License Overview Backup Tools is a pair of scripts for creating and managing append-only backups made with Borg and Restic. It supports automatically backing up a specified set of files, per-host exclusions, error reporting, and via a second script, periodic verification and compaction of the backups. Why Append-only backups? In short, so a malicious person or group, like a ransomware crew, can’t easily delete or alter your backups.
read more...
Tags: linux backup restic borg
Ransomware Resistant Backups with Borg and Restic
I published my backup scripts here; this post is a bit more about how I use these scripts to manage my backups and my rationale for why I do backups the way I do. In particular, I’ve setup my backup servers to provide at least some protection against intentional deletion by a hostile party (e.g., ransomware operator, etc.) by enforcing append-only backups with Borg and Restic + Rclone. Hopefully some of these ideas will be useful to others.
read more...
Tags: linux backup restic borg
I published my backup scripts here; this post is a bit more about how I use these scripts to manage my backups and my rationale for why I do backups the way I do. In particular, I’ve setup my backup servers to provide at least some protection against intentional deletion by a hostile party (e.g., ransomware operator, etc.) by enforcing append-only backups with Borg and Restic + Rclone. Hopefully some of these ideas will be useful to others.
read more...
Tags: linux backup restic borg
Consolidated Guide to Using Yubikeys with Linux
Passwords are terrible, but Yubikeys are awesome, especially for reducing the number of passwords you need to remember and the risk of those passwords being stolen. After a fair amount of experimentation, I’ve landed on the following setup to make the most use of my Yubikeys: LUKS full disk encryption Local Linux login and sudo SSH keys for remote login Remote sudo over SSH GPG private key storage AWS CLI authentication Encrypted email with Thunderbird Using Yubikey-backed keys with Git/Github You’ll also naturally get browser-based U2F support, without having to do any extra work.
read more...
Tags: yubikey linux security u2f gpg ssh
Passwords are terrible, but Yubikeys are awesome, especially for reducing the number of passwords you need to remember and the risk of those passwords being stolen. After a fair amount of experimentation, I’ve landed on the following setup to make the most use of my Yubikeys: LUKS full disk encryption Local Linux login and sudo SSH keys for remote login Remote sudo over SSH GPG private key storage AWS CLI authentication Encrypted email with Thunderbird Using Yubikey-backed keys with Git/Github You’ll also naturally get browser-based U2F support, without having to do any extra work.
read more...
Tags: yubikey linux security u2f gpg ssh
New Workstation
After a long absence (circa 2006) from using Linux as my daily computing environment, I decided to build a new Linux workstation. I’m extremely happy with how it turned out, so I’m writing this post with some details about the hardware and software I selected and why. The short version is that everything works, including suspend to RAM, GPU drivers, sound, hardware sensors (temperature, fan speed, etc.) and all with no weird patches and only one or two custom settings.
read more...
Tags: linux hardware wayland archlinux
After a long absence (circa 2006) from using Linux as my daily computing environment, I decided to build a new Linux workstation. I’m extremely happy with how it turned out, so I’m writing this post with some details about the hardware and software I selected and why. The short version is that everything works, including suspend to RAM, GPU drivers, sound, hardware sensors (temperature, fan speed, etc.) and all with no weird patches and only one or two custom settings.
read more...
Tags: linux hardware wayland archlinux