Skip Navigation

clif

@ clif @lemmy.world

Posts
32
Comments
153
Joined
2 yr. ago

Just a geek, finding my way in the fediverse.

  • What do you want to be when you grow up? USA vs UK vs China

    Jump

  • Not an engineer but I took calculus 1, 2, 3, discrete math, linear algebra, statics, dynamics, and probably others I'm forgetting.

    Since school, I needed one trig function for calculating distance between lat/long coordinates that I looked up on Wikipedia and plugged in to a program.

    ... Statics was fucking cool though.

  • My friend got hacked and of course microsoft will not even try to help

    Jump

  • They will, however, ask you for the account info/receipt to recover it. When you reply, a different help desk person will reply asking for that info you just sent. When you reply, a different help desk person will reply asking for that info you just sent. When you reply, a different help desk person will reply asking for that info you just sent.

    ... I got to five replies (in a chain, with history and all requested info attached) before I gave up. Just another reason I hate microsoft

  • Not stupid if it works

    Jump

  • I'm with you...

    Cut the lock shackle, remove lock from brake and ring... Nothing happens??

    Or if you're paranoid, cut the grenade ring first, then cut the lock.

  • [DONE] LUKS decrypt at boot over SSH!

    Jump

  • I am not a smart person and it wasn't the right tool for my job so I didn't research it further once that was established. Maybe if somebody told me one more time it'd stick.

    EDIT : In case anyone is curious : https://github.com/latchset/clevis

  • [DONE] LUKS decrypt at boot over SSH!

    Jump

  • I hadn't heard of Dropbear until I started researching this... cool project. That seems to be the ticket if you're wanting manual intervention to unlock the disk. If you want automatic unlock via another server on the network, sounds like Clevis may be the thing.

  • Linux @lemmy.ml
    clif @lemmy.world
    DONE

    LUKS decrypt at boot over SSH!

  • AWS is having a bad day

    Jump

  • One of our client support people told an angry client to open a Jira with urgent priority and we'd get right on it.

    ... the client support person knew full well that Jira was down too : D

    At least, I think they knew. Either way, not shit we could do about it for that particular region until AWS fixed things.

  • Printers leave a watermark on each page indicating the exact printer that it came from. Are there any other examples of these privacy violations that aren't common knowledge?

    Jump

  • Probably a good idea to go see how much storage will be necessary...

    Jump

  • You're awesome. Keep up the good work.

  • Probably a good idea to go see how much storage will be necessary...

    Jump

  • It makes me really happy that people can say "500gb ... not too much of an ask" these days.

  • Probably a good idea to go see how much storage will be necessary...

    Jump

  • Yeah, I feel the same in that it's assuredly doable, but how hard is it?

    If you're able to dig into and make some progress, please tag me because I'm interested but don't have much time these days.

  • Probably a good idea to go see how much storage will be necessary...

    Jump

  • You'll definitely beat me to it : D

    Do me a favor and tag me when you post your how to?

  • Probably a good idea to go see how much storage will be necessary...

    Jump

  • What other services are you running?

    @[email protected] asked what else I was running in a sibling comment to yours and I didn't have an answer because I'm not... yet : )

  • Probably a good idea to go see how much storage will be necessary...

    Jump

  • That's a good question (and good idea) that I hadn't really thought about past a collection of ZIMs. The one I built advertises it's own AP SSID that anyone can connect to and then access the ZIMs that are served via kiwix-serve on HTTP/80. That is, I wanted a single, low power, headless device that multiple people could use simultaneously via wifi and browser rather than a personal device.

    I hadn't really thought about other helpful services past that. I mean, we've got a (wee) server so why not use it? I like the idea of OSM and their website is open source but has a lot of dependencies :

    openstreetmap-website is a Ruby on Rails application that uses PostgreSQL as its database, and has a large number of dependencies for installation

    A fully-functional openstreetmap-website installation depends on other services, including map tile servers and geocoding services, that are provided by other software. The default installation uses publicly-available services to help with development and testing.

    I wonder how hard it would be to host everything it needs locally/offline... and what that would do to power consumption : )

    Thanks for the idea - something to look into, for sure.

  • Probably a good idea to go see how much storage will be necessary...

    Jump

  • Last time I updated it was closer to 120GB but if you're not sweating 100 GB then an extra 20 isn't going to bother anyone these days.

    Also, thanks for reminding me that I need to check my dates and update.

    EDIT: you can also easily configure a SBC like a Raspberry Pi (or any of the clones) that will boot, set the Wi-Fi to access point mode, and serve kiwix as a website that anyone (on the local AP wifi network) can connect to and query... And it'll run off a USB battery pack. I have one kicking around the house somewhere

  • LUKS decrypt at boot over SSH?

    Jump

  • Just one... For now :)

    It's a Lenovo Tiny refurb and came with a 1TB NVMe which is plenty for playing around but I'll have to expand if I move my Jellyfin instance to it.

  • LUKS decrypt at boot over SSH?

    Jump

  • Good to hear. This will be going on a Debian server too.

    I just set up tailscale on the RPi that controls my printer so I've got a jump host on the LAN now... Just need to make time to setup dropbear (and keys) on the server.

  • LUKS decrypt at boot over SSH?

    Jump

  • I'd imagine that if you have physical access and don't mind plugging in a USB then that's the easier route.

    My personal goal is to be able to unlock it remotely in two main scenarios :

    1. I'm lazy and don't want to have to awkwardly fumble at plugging in something. So, SSH to it from the same room and unlock it from my desktop.
    2. Server got rebooted while I'm away from home but I would really like it to be up and running again for something I need but I don't have physical access at the time.

    Both of those situations lean towards a remote unlock with no USB. The first one is absolutely doable because I have local access and could plug a device in, it's just awkward. On the second, physical access is impossible so it must be done remotely.

    I mentioned it in another comment but the remote unlock while away from home presents extra challenges for me because I access my server externally via Tailscale. Since Tailscale isn't available at boot (pre-decrypt), then I'll have to tailnet+ssh to another machine on the LAN (that doesn't require a boot password/unlock) and then SSH from that machine to the server to enter the LUKS password to allow boot to continue. Sounds feasible, though perhaps a little clunky. That's my current plan and hoping to try it out this weekend if time permits.

  • LUKS decrypt at boot over SSH?

    Jump

  • Great, thanks for checking my understanding of it.

  • LUKS decrypt at boot over SSH?

    Jump

  • If I'm reading the docs correctly, Clevis can rely on a separate Tang server for retrieving the decryption key, right? So in that scenario I'd need to have another machine for Tang that can also auto-boot without entering a boot/LUKS password. Otherwise, if both machines (server+clevis and Tang server) were in the same room and restarted due to power loss, neither would be able to boot if both were encrypted... or did I misunderstand something important?

    And I don't think I actually want "automatic" unlocking. I just want to be perform the unlock (enter LUKS password) remotely. I realize that comes with manual intervention (entering the password remotely) but I'm okay with that. I should probably have clarified that by "home server" I mean a machine the serves nice to have stuff, nothing mission critical. Plus I'm really the only one who uses it currently so I'll notice it's down when something doesn't work and can then initiate the remote unlock/boot : D

    Clevis is interesting but I don't think it matches my specific situation. Glad I know about it now though, thanks for the info.

  • Linux @lemmy.ml
    clif @lemmy.world

    LUKS decrypt at boot over SSH?

  • Ask Lemmy @lemmy.world
    clif @lemmy.world

    Use for empty small propane tanks?

  • Arkansas @lemmy.world
    clif @lemmy.world

    RTX (Raytheon) is building a factory in AR

    www.ualrpublicradio.org /local-regional-news/2023-10-27/missile-factory-coming-to-arkansas
  • Arkansas @lemmy.world
    clif @lemmy.world

    Continued coverage of Sarah Huckabee Sander's podium

    abcnews.go.com /US/wireStory/scrutiny-arkansas-governors-19000-lectern-deepens-after-new-103877812
  • Arkansas @lemmy.world
    clif @lemmy.world

    New ballot initiative aims to end Arkansas’ “tampon tax”

    www.ualrpublicradio.org /local-regional-news/2023-09-30/new-ballot-initiative-aims-to-end-arkansas-tampon-tax
  • Arkansas @lemmy.world
    clif @lemmy.world

    Arkansas legislature passes bill restricting FOIA request

    www.thv11.com /article/news/local/amended-foia-bill-passed-arkansas-senate/91-35a7985c-222e-4095-9126-33d773f89670
  • Arkansas @lemmy.world
    clif @lemmy.world

    Governor Signs Bill That Bans Vaccine Mandates In Arkansas

    www.huffpost.com /entry/sarah-huckabee-sanders-bans-vaccine-mandates_n_65049b16e4b0208b8ffad7a0
  • Arkansas @lemmy.world
    clif @lemmy.world

    Federal judge blocks state's new law banning Delta 8 THC products

    www.arkansasonline.com /news/2023/sep/07/federal-judge-blocks-states-new-law-banning-delta-8-thc-products/
  • Linux @lemmy.ml
    clif @lemmy.world

    Topics for a Linux intro course

  • Arkansas @lemmy.world
    clif @lemmy.world

    KUAR/KLRE rebrands as Little Rock Public Radio

    www.ualrpublicradio.org /news-about-public-radio/2023-08-28/introducing-little-rock-public-radio
  • Arkansas @lemmy.world
    clif @lemmy.world

    Arkansas drops AP African American Studies course

    www.ualrpublicradio.org /npr-news/2023-08-23/arkansas-drops-ap-african-american-studies-course
  • Arkansas @lemmy.world
    clif @lemmy.world

    Maggie Ryan named host of KUAR's All Things Considered

    www.ualrpublicradio.org /news-about-public-radio/2023-08-25/ryan-named-local-host-of-kuars-all-things-considered
  • Arkansas @lemmy.world
    clif @lemmy.world

    New AR Board of Education Member Appointed

    www.ualrpublicradio.org /local-regional-news/2023-08-04/gov-sanders-announces-new-board-of-education-member
  • Arkansas @lemmy.world
    clif @lemmy.world

    ASO breaks ground on new music center

    www.ualrpublicradio.org /local-regional-news/2023-08-10/arkansas-symphony-orchestra-breaks-ground-on-new-music-center
  • Arkansas @lemmy.world
    clif @lemmy.world

    Hundreds of new Arkansas laws took effect August 1st

    www.ualrpublicradio.org /local-regional-news/2023-08-01/hundreds-of-new-arkansas-laws-set-to-take-effect-aug-1
  • Arkansas @lemmy.world
    clif @lemmy.world

    Conway Corp begins testing at new solar farm

    www.kark.com /news/business/conway-corp-begins-power-testing-at-solar-farm/
  • Arkansas @lemmy.world
    clif @lemmy.world

    UAMS Radiation Oncology Center Now Open

    www.ualrpublicradio.org /local-regional-news/2023-07-18/uams-radiation-oncology-center-opens
  • Arkansas @lemmy.world
    clif @lemmy.world

    Brandon Adams named new AFGC commission member

    www.ualrpublicradio.org /local-regional-news/2023-07-05/sanders-names-new-arkansas-game-and-fish-commission-member
  • Arkansas @lemmy.world
    clif @lemmy.world

    Arkansas ends fiscal year with a $1.161 billion tax surplus

    www.ualrpublicradio.org /local-regional-news/2023-07-05/arkansas-ends-fiscal-year-with-a-1-161-billion-tax-surplus