What I have been doing in 2020 and before doesn’t seem to work anymore, ence it is time to publish a new episode of the saga: how to remotely unlock a full disk encrypted Linux machine. dracut-sshd still works perfectly even though the surroundings changed a bit. First step is instructing dracut to add dracut-sshd into initramfs: $ sudo dnf install dracut dracut-network openssh $ git clone https://github.com/gsauthof/dracut-sshd.git $ cd dracut-sshd $ sudo cp -ri 46sshd /usr/lib/dracut/modules.d Configure grub to instruct dracut to add networking to initramfs: …

Last week I converted myself to wireless earphones. I don’t consider myself an audiophile, I don’t have any deep knowledge of music but I kinda enjoy listening to it. Because of this I have had a few decent pairs of headphones, earphones and monitor speakers in my life; they all shared a thing: cables. Last week I pulled the trigger and bought myself my very first pair of wireless earphones: Sony WF-1000XM4. The main idea was to use them with the phone and maybe with work issued laptop which is running Windows, I did not even thought they would work with my Linux laptop. But to my biggest surprise they just work on Linux, no fiddling with bluetoothhcl or btmgmt; just enable BT in Gnome settings, long press for 5 seconds on both earphones to activate pairing mode and wait for them to pair. …

For the most part I never cared much about upgrading firmware because if it works don’t mess with it is usually my rule. I also don’t care much about having installed the latest version of Intel “““NSA botnet””” Management Engine, it is a piece of trash anyway so I might as well not have the latest updates. But since I have some issues with the NVME drive (very slow reads, it is most definitely dying) I figured a system wide firmware upgrade wouldn’t be a bad thing. The interwebz says the best way to upgrade firmware on Linux is using a tool called fwupd; it basically gives the user access to a massive repository of firmware which are provided and signed by hardware companies themselves. Dealing with closed source crapware and binary blobs always gives some headhace, of course having fwupd working was not free of any hassle: it downloads everything, gives no error/warning, but after rebooting nothing gets installed. …

Wireguard is an open source software and communication protocol which aims to provide a simpler and safer alternative to OpenVPN. Compared to OpenVPN both client and server configuration are much simpler and mantaining a PKI is also not required. Performance wise Wireguard is also faster than OpenVPN. SERVER: Debian 10 (Codename Buster) As of today Wireguard is not included in Debian 10 stable repos, so it is required to enable backports to install it: …

After the CentOS fiasco (good job Redhat/IBM) and since we are more or less in lockdown I decided to invest a couple of days to migrate my home infra from CentOS 7 to Debian 10. One of my physical machines, which was also CentOS 7 based, is used as ISCSI target. Debian 10 - Server A.K.A. Target Install the required packages: $ sudo apt-get install tgt dkms Create a device backstore: …

Last year I blogged on how to remotely unlock a full disk encrypted Fedora/CentOS server. The software I used, dracut-crypt-ssh, is not supported anymore and stopped working for me on Fedora 32 and 33. A quick DDG search pointed me in the right direction and made me find a similar software that accomplishes the same task: dracut-sshd. $ sudo dnf install dracut dracut-network openssh libblkid-devel gcc $ git clone https://github.com/gsauthof/dracut-sshd.git $ cd dracut-sshd $ sudo cp -ri 46sshd /usr/lib/dracut/modules.d After compiling and installing dracut-crypt-ssh configure grub to instruct dracut to add networking to initramfs: …

Since the whole COVID19 pandemic hoax started a couple of months ago, working from home has become the new hip thing every company brags about on every social media known to humankind. The first step to be able to call yourself a proper COVID19 ready(tm) company is the ability to bother every employees with just a few mouse clicks. So here we are, with Microsoft Teams(tm) and a lot of other not very secure and massively bloated software elected as the center of the office life. Coffee break? XYZ software chatroom. Kick-off meeting? XYZ software chatroom. And so on. Because of my special snowflake syndrome and my deep hatred for all things Microsoft and especially Windows I always end up making my life a bit harder. After having used Teams in a Windows 10 VM (after all I paid for a license when I got my latest Thinkpad) for a few weeks, I decided it was time to finally try to make it work on my main OS: Fedora 31. The catch was also that I wanted to do that more or less without installing any third party non free software. The OS I use is Fedora 31, which comes with pipewire and xgd-desktop-portal both installed and configured out of the box. Since using the official closed source Electron crapware client was out of the question, the obvious choice was to make Microsoft Teams work in a regular WEB browser. The situation is the following: …

Most Western Digital hard drives’ firmware let the heads park themselves after a certain amount of seconds in case the disk is not actively performing any operation. This might be useful to keep power consumption under control but is actually harmful for disks that run 24/7 (WD Red for example). Luckily there is a way to disable head parking, this can be done directly from Linux using a tool called idle3ctl. …