New phone - new OS

2023-10-14 16:41:43 +0200

Google’s support for my current Pixel phone will end in a couple of weeks and though CalyxOS will probably still release updates for quite a while, it will not receive full security updates anymore. Thus I opted for a new Pixel 7a. It’s a nice phone, not too expensive, about the size of my old Pixel 4a(5G) and will be supported by Google until May 2028. Of course, I wanted to replace Google’s version of Android with a privacy respecting custom ROM again.



LUKS2 + YubiKey Bio

2023-07-16 08:17:49 +0200

Recently I got myself a YubiKey Bio which I wanted to replace the YubiKey 5 with in terms of unlocking my LUKS2 encrypted drive(s). In this setup you can then simply use your fingerprint to unlock the drive, which I consider more secure than entering a PIN. I’m not sure if it’s a good idea to add multiple FIDO2 keys to systemd’s cryptsetup - I read about some issues - so I removed the YubiKey 5 first.



Installing Nextcloud All-in-One docker image in rootless mode

2023-06-04 19:26:17 +0200

Running your own instance of Nextcloud is probably one of the best solutions for reclaiming some privacy and avoiding services hosted by Google, Apple or Microsoft. I tried to cover the task of installing Nextcloud on a Synology NAS here by using the archive file provided by Nextcloud. However, they also offer some very handy “AIO - all-in-one docker image” which will pretty much take care of everything.



Fedora 38

2023-05-06 18:49:26 +0200

With version 38 just being released I decided to give Fedora a try again. From time to time I’d like to check out how things are going with other distributions. And sometimes it’s nice to have really current versions of your favorite applications. ;-) So I replaced my beloved Debian 11 with Fedora 38.



Creating your own custom CA

2023-02-21 18:12:26 +0100

As the constant security warnings displayed by my browser when accessing my local infrastructure annoyed me already for a long time I decided to look into the task of creating my own custom CA (“certificate authority”). There is not a lot of “local infrastructure” to be honest, basically my router and NAS drive. Anyway, I tend to access those via https and thus generating a warning by my browser telling me this site has no valid certificate. Of course, devices like this run with self-signed certificates, unknown to any browser.