Piero V.

Debian on an encrypted microSD on a Surface Pro 2017

Wow, I have not needed to write a guide about installing a Linux system for years (well, these are my notes rather than a complete guide).

Partly because I found it quite easy in the latest… 5 years? Partly because I avoid reinstalling my systems unless strictly needed.

This time is different: I am targeting a peculiar device (a Surface Pro 2017) with a microSD (I am too lazy to repartition its SSD) and full disk encryption (including /boot).

But I am happy because I have learned a lot! For example, if you choose the expert installation for Debian, you can disable the source repositories immediately!

Big caveat: my initial plan was to install GRUB on the microSD, but it did not work. If I understood correctly, the Surface cannot boot from SDs. So, I used the ESP of the SSD. If you wanted a completely autonomous system on a microSD that disappears as soon as you remove it, I fear you cannot get one.

Preparing the install drive

After I discovered Rufus, I have always used it to prepare installation drives on Windows.

But Debian ISOs have a feature I really appreciate: in UEFI mode, you can just extract the image to a FAT32 partition. The advantages are that you do not need Windows, and you do not have to format the drive, you do not lose any existing data. And, on top of that, secure boot worked at the first try (with Microsoft & 3rd party CAs, but I do not remember if it is the default). I have tried with other distributions, but none worked in the same way. … [Leggi il resto]

hubiC as a Duplicity backend in 2022

Warning: these instructions are given without any warranty.

If you decide to follow them, you are on your own, and it is your responsibility to verify that everything works as expected.

I do not take any responsibility for data losses or any other consequences.

TL; DR

Duplicity supports Rclone as a backend, and Rclone is compatible with hubiC in turn.

First, follow these instructions to configure a hubiC remote in Rclone.

Then pass something like rclone://hubic:/your-backup-container to Duplicity as a target.

Notice the second colons! Firstly, I missed the second one, and it did not work for this reason.

Also, notice the lack of a trailing slash: if you add it, the first backup will succeed, but the following ones will fail.

Fortunate and unfortunate coincidences

You know they say «💩️💩️💩️💩️ happens.». For example, data centers catch fire.

That happened last year to OVH, and my VPS was hosted at the said data center. … [Leggi il resto]

Linux cryptsetup and rEFInd

TL; DR: create a /boot/refind_linux.conf file with the following content:

"Boot with standard options"  "root=UUID=uuid-of-unencrypted-root-partition ro cryptdevice=UUID=uuid-of-luks-partition:volume-name:allow-discards quiet"
"Boot to single-user mode"    "root=UUID=uuid-of-unencrypted-root-partition ro cryptdevice=UUID=uuid-of-luks-partition:volume-name:allow-discards quiet single"
"Boot with minimal options"   "root=UUID=uuid-of-unencrypted-root-partition ro cryptdevice=UUID=uuid-of-luks-partition:volume-name:allow-discards"

The rest of the article is a nice story about why I needed this 😄️.

More fast storage!

I built my current desktop two years ago with the first money I earned during my internship. So, I was on a budget, and cheapening on the storage is always a way to save some bucks.

Therefore, I bought a WD Black 250GB SSD to dual boot my systems and a 2TB hard disk for the data.

Recently I changed job, and now I use my personal desktop to work. And I need more fast storage.

So, since I was already upgrading, I finally switched to full-disk encryption and btrfs. … [Leggi il resto]

Finally, I booted GC-Linux

The platinum GameCube and Pokémon Colosseum, that I had since I was a kid, and the memory card, SD gecko and microSD card that I bought for this adventure

An obsession for half of my life

When I was a very little kid, my neighbor had a PlayStation One, and I wanted one as as well. I knew almost nothing about video games, I just thought they were cool. Then the PlayStation 2 came out, and I started wanting it.

So, after many years of requests, when I was like 8 or 9, on the Saturday before Christmas, my Dad took me and my syster to a shop close to our home… and we bought a GameCube. He liked a Logitech steering wheel that was for the GC, and, influenced by a shop assistant, we bought the bundle of a platinum GameCube with Mario Kart: Double Dash!!. … [Leggi il resto]

WireGuard e NetworkManager

Contestualizzazione

Mentre ero in Erasmus in Norvegia, avevo provato WireGuard per rimanere connesso alla rete di casa, in cui si trova il mio NAS.

Da allora, ho continuato a usarlo abbastanza. Qualche volta ho usato ancora OpenVPN, ma preferisco parecchio WireGuard, principalmente perché è molto più leggero e evita che il mio router faccia da collo di bottiglia, e perché è molto più semplice da configurare.

Altre caratteristiche a suo favore sono che a Marzo di quest’anno è stato direttamente integrato nel kernel Linux e che a tal proposito il suo autore ha fatto fare una verifica di sicurezza a terze parti, che hanno espresso un giudizio positivo. Si può volere di più?

Be’, in realtà sì. Per diverso tempo, per avviare la VPN ho usato uno script shell, che aveva bisogno di essere eseguito da root. Questa soluzione non mi entusiasmava troppo, e avrei preferito un’integrazione con Network Manager, possibilmente con la GUI. … [Leggi il resto]