PineBook Pro: How to install Manjaro on a LUKS-encrypted NVMe SSD
06.08.2021 yahe administration linux security
Last year I got myself a PineBook Pro to have a look into ARM-based devices and ARM development in general. Thanks to the optional NVMe adapter board I was able to add an SSD to the device as well. One of the first things I always do after receiving new hardware is to fully re-install the operating system, because you should never trust a default installation. I used the manjaro-arm-installer as Manjaro currently seems to provide the best support for the Rockchip hardware.
Unfortunately, the installer did not provide the type of installation that I wanted to have.
How to create simple encrypted remote backups
30.03.2021 yahe administration linux security
Every once in while I get asked if a certain backup scheme is a good idea and oftentimes the suggested backup solution is beyond what I would use myself. Duplicity, its simplification Duply or the not-so-dissimilar contenders Borg and Restic are among those solutions that are mentioned most often, with solutions like Bacula and its offspring Bareos coming much later.
Unfortunately, I would not trust any of these tools further than I could throw a harddrive containing a backup created with them.
Cryptographic Vulnerabilities within the Nextcloud Server Side Encryption
16.11.2020 yahe publicity security
Nearly a year ago I wrote that I had an extensive look into the server side encryption that is provided by the Default Encryption Module of Nextcloud. I also mentioned that I have written some helpful tools and an elaborate description for people that have to work with its encryption.
What I did not write about at that time was that I had also discovered several cryptographic vulnerabilities.
Dropbox: Use the API in 5 Simple Steps
A few weeks ago I wrote about the new cryptographic basis of the Shared-Secrets service. What I did not write about was that one user asked if a file-sharing option could be added. I declined because sharing files is nothing that the service is meant to be there for. But I tried whether sharing files would be possible.
Shared-Secrets: Cryptography Reloaded
17.12.2019 yahe code linux security
About 3 years ago I wrote about a tool called Shared-Secrets that I had written. It had the purpose of sharing secrets through encrypted links which should only be retrievable once. Back then I made the decision to base the application on the GnuPG encryption but over the last couple of years I had to learn that this was not the best of all choices. Here are some of the problems that I have found in the meantime:
Nextcloud-Tools: Working with the Nextcloud Server-Side Encryption
02.12.2019 yahe administration code security update
At the beginning of the year we ran into a strange problem with our server-side encrypted Nextcloud installation at work. Files got corrupted when they were moved between folders. We had found another problem with the Nextcloud Desktop client just recently and therefore thought that this was also related to synchronization problems within the Nextcloud Desktop client. Later in the year we bumped into this problem again, but this time it occured while using the web frontend of Nextcloud.
twastosync: Synchronize Mastodon Toots to Twitter
Ever since I built up my own Mastodon instance and created my own account I wanted to be able to cross-post messages between the two platforms. I searched for different solutions like IFTTT but I never got them to work properly - until I found dlvr.it which worked right out of the box for me. Well, at least at the beginning...
.local, .home.arpa and .localzone.xyz
11.11.2019 yahe administration update
35 years ago the IETF defined special IPv4 addresses in RFC 1597 to be used solely in private intranets and with that created the separation between internal networks and the internet. 5 years later they proceeded to define special-use top-level domains like .example, .invalid and .test in RFC 2606. However, the IETF did not reserve a top-level domain to be used within the private intranets that they had introduced before. This lead to confusion with administrators that still persists to the current day.
Yahe.sh wechselt ins Englische
Im letzten Artikel hatte ich erklärt, weshalb ich mich dazu entschieden habe, von der Domain "weizenspr.eu" hin zur Domain "yahe.sh" zu wechseln. Hintergrund ist der Fokus der Webseite, der sich in den letzten fast 10 Jahren von Alltagserfahrungen hin zu technischen Themen gewandelt hat. Mit dem Wechsel des Themenfeldes geht jedoch auch ein Wechsel des Zielpublikums einher.
In der IT ist Englisch die Sprache der Wahl, um ein möglichst großes Publikum zu erreichen. Daher habe ich mich nach langem Ringen dazu entschlossen, auch diesen Blog zukünftig auf Englisch zu führen. Meine Hoffnung ist, dass die Leute, die auch bisher schon meine technischen Inhalte gelesen haben, der englischen Sprache mächtig sind. Zumindest in meinem Bekanntenkreis stellt der Sprachwechsel kein Problem dar, eröffnet mir jedoch die Möglichkeit einer internationalen Leserschaft.
Daher bleibt mir an dieser Stelle nur noch zu sagen: Welcome to Yahe.sh!
Goodbye WeizenSpr.eu
Am 02.02.2009 habe ich die Domain "weizenspr.eu" registriert. Der Blog, der sich dahinter verbarg, durchlebte die Blütezeit des Bloggens in Deutschland. Damals brauchten Blogs unbedingt ein Motto und so entschied ich mich für "trennt Spreu vom Weizen". Ich wollte sowohl die guten Dinge ("Weizen"), als auch die schlechten Dinge ("Spreu") im Alltag thematisieren.
Der unbeschwerte Studentenalltag wich dem stressigen Berufsalltag und damit auch die alltäglichen Themen aus dem Blog und genauso wandelten sich die kurzen Wortmeldungen zu längeren Themenartikeln. Um dem gerecht zu werden, begann ich, nicht mehr passende Artikel offline zu nehmen, um eine ausgewogenere Webseite zu erhalten. Doch die kleineren Arbeiten hier und da führten eher dazu, dass die Seite immer inkonsistenter wurde. Und das ursprüngliche Spreu-vs.-Weizen-Konzept machte keinen Sinn mehr. Ein Neuanfang musste her.
