stopgap for onion v2 to v3 migration

I use Tor onion services (location-hidden services) to manage a lot of my servers, since some are behind NAT or have dynamic IP addresses and onion services do excellent NAT traversal and allow access without knowing IP addresses. Alas, for security reasons the older v2-style onion addresses will deprecate in 11 days. I thought it would be trivial to generate v3 addresses for all my servers, and for most it was, but I ran into some grief.

Continue reading stopgap for onion v2 to v3 migration

keeping das Blinkenlights on

The Junkyard Server Farm has grown up. The primary data center has over 30 servers and serves a number of diverse users. As it has grown from a couple of old, junked machines on a desk, to taking up most of a walk-in closet, to a growing motley collection of machines on the floor, to getting a formal equipment rack (not a 19″ EIA rack; rack mount equipment is still way too overpriced for us), I have had opportunity to re-cable everything. Between times, as machines get added or replaced and new networking requirements (IPv6!) come into play, cables get added without the benefit of careful dressing through established channels, and things begin to look rather a mess.

Continue reading keeping das Blinkenlights on

remote authentication for whole disk encryption

the (skippable) background

Update 31August2019: Ugh. It all gets rather more complicated than I like by the time you get WiFi and the Tor hidden service running. I was thinking of creating an SD card image, but then I’d have to maintain it for each new release of Raspbian. Josh suggested that, instead, I create a bash script to do the whole install to a vanilla Raspbian. If you’ve tried creating this and got lost, stay tuned and I’ll do the installer as time allows. Email me if you want to encourage me to do it sooner.

I am a fan of whole-disk encryption. It is just about the only way to insure that a lost, stolen, confiscated, or discarded machine doesn’t leak information.

Continue reading remote authentication for whole disk encryption


TidBITS logo

I just renewed my membership to TidBITS. If you’ve never heard of TidBITS, you should check them out. They have been publishing continuously online for 28 years, and their content is second to none. They also host an amazing online discussion list, TidBITS-Talk. The site’s content is focused on Apple news and technology, but the quality of the journalism is so high and the coverage is broad enough that there is likely something there for everyone.

Membership is completely optional, so check it out. It is not hyperbole to say that TidBITS has improved the quality of my life every week for the past quarter century.