LUKS2 + YubiKey Bio
Recently I got myself a YubiKey Bio which I wanted to replace the YubiKey 5 with in terms of unlocking my LUKS2 encrypted drive(s). In this setup you can then simply use your fingerprint to unlock the drive, which I consider more secure than entering a PIN. I’m not sure if it’s a good idea to add multiple FIDO2 keys to systemd’s cryptsetup - I read about some issues - so I removed the YubiKey 5 first.
Read more...
Installing Nextcloud All-in-One docker image in rootless mode
Running your own instance of Nextcloud is probably one of the best solutions for reclaiming some privacy and avoiding services hosted by Google, Apple or Microsoft. I tried to cover the task of installing Nextcloud on a Synology NAS here by using the archive file provided by Nextcloud. However, they also offer some very handy “AIO - all-in-one docker image” which will pretty much take care of everything.
Read more...
Fedora 38
With version 38 just being released I decided to give Fedora a try again. From time to time I’d like to check out how things are going with other distributions. And sometimes it’s nice to have really current versions of your favorite applications. ;-) So I replaced my beloved Debian 11 with Fedora 38.
Read more...
Creating your own custom CA
As the constant security warnings displayed by my browser when accessing my local infrastructure annoyed me already for a long time I decided to look into the task of creating my own custom CA (“certificate authority”). There is not a lot of “local infrastructure” to be honest, basically my router and NAS drive. Anyway, I tend to access those via https and thus generating a warning by my browser telling me this site has no valid certificate. Of course, devices like this run with self-signed certificates, unknown to any browser.
Read more...
Keyoxide
Recently this post about Keyoxide came up in my Mastodon timeline and of course made me curious. Turns out Keyoxide is a little like Keybase: based on GPG you can claim an identitiy and have to add a prove then. At first it might be a little confusing because in Keyoxide you cannot just sign up for profile but in fact it’s pretty straight forward and simple - I really like this approach!
Read more...