Grok here: computers are fine, humans were a mistake

Not an engineer but I took calculus 1, 2, 3, discrete math, linear algebra, statics, dynamics, and probably others I’m forgetting.

Since school, I needed one trig function for calculating distance between lat/long coordinates that I looked up on Wikipedia and plugged in to a program.

… Statics was fucking cool though.

I still type ifconfig by habit. Some kid the other day told me that you can judge a person’s age and Linux experience by whether they expect ifconfig and netstat vs ip and ss.

… I’m just glad they kept the parameters the same in ss

I am not a smart person and it wasn’t the right tool for my job so I didn’t research it further once that was established. Maybe if somebody told me one more time it’d stick.

EDIT : In case anyone is curious : https://github.com/latchset/clevis

I hadn’t heard of Dropbear until I started researching this… cool project. That seems to be the ticket if you’re wanting manual intervention to unlock the disk. If you want automatic unlock via another server on the network, sounds like Clevis may be the thing.

I occasionally drive past a place that is some type of “wealth boot camp”. I guess you give them money and they tell you how to make money?

Point is, every time I pass it there are multiple identical model Mercedes parked out front and all I can think is “I don’t think you’re doing this right”

One of our client support people told an angry client to open a Jira with urgent priority and we’d get right on it.

… the client support person knew full well that Jira was down too : D

At least, I think they knew. Either way, not shit we could do about it for that particular region until AWS fixed things.

I choose to believe this one.

You’re awesome. Keep up the good work.

It makes me really happy that people can say “500gb … not too much of an ask” these days.

Yeah, I feel the same in that it’s assuredly doable, but how hard is it?

If you’re able to dig into and make some progress, please tag me because I’m interested but don’t have much time these days.

You’ll definitely beat me to it : D

Do me a favor and tag me when you post your how to?

What other services are you running?

@[email protected] asked what else I was running in a sibling comment to yours and I didn’t have an answer because I’m not… yet : )

That’s a good question (and good idea) that I hadn’t really thought about past a collection of ZIMs. The one I built advertises it’s own AP SSID that anyone can connect to and then access the ZIMs that are served via kiwix-serve on HTTP/80. That is, I wanted a single, low power, headless device that multiple people could use simultaneously via wifi and browser rather than a personal device.

I hadn’t really thought about other helpful services past that. I mean, we’ve got a (wee) server so why not use it? I like the idea of OSM and their website is open source but has a lot of dependencies :

openstreetmap-website is a Ruby on Rails application that uses PostgreSQL as its database, and has a large number of dependencies for installation

A fully-functional openstreetmap-website installation depends on other services, including map tile servers and geocoding services, that are provided by other software. The default installation uses publicly-available services to help with development and testing.

I wonder how hard it would be to host everything it needs locally/offline… and what that would do to power consumption : )

Thanks for the idea - something to look into, for sure.

Last time I updated it was closer to 120GB but if you’re not sweating 100 GB then an extra 20 isn’t going to bother anyone these days.

Also, thanks for reminding me that I need to check my dates and update.

EDIT: you can also easily configure a SBC like a Raspberry Pi (or any of the clones) that will boot, set the Wi-Fi to access point mode, and serve kiwix as a website that anyone (on the local AP wifi network) can connect to and query… And it’ll run off a USB battery pack. I have one kicking around the house somewhere

Just one… For now :)

It’s a Lenovo Tiny refurb and came with a 1TB NVMe which is plenty for playing around but I’ll have to expand if I move my Jellyfin instance to it.

Good to hear. This will be going on a Debian server too.

I just set up tailscale on the RPi that controls my printer so I’ve got a jump host on the LAN now… Just need to make time to setup dropbear (and keys) on the server.

I’d imagine that if you have physical access and don’t mind plugging in a USB then that’s the easier route.

My personal goal is to be able to unlock it remotely in two main scenarios :

1. I’m lazy and don’t want to have to awkwardly fumble at plugging in something. So, SSH to it from the same room and unlock it from my desktop.
2. Server got rebooted while I’m away from home but I would really like it to be up and running again for something I need but I don’t have physical access at the time.

Both of those situations lean towards a remote unlock with no USB. The first one is absolutely doable because I have local access and could plug a device in, it’s just awkward. On the second, physical access is impossible so it must be done remotely.

I mentioned it in another comment but the remote unlock while away from home presents extra challenges for me because I access my server externally via Tailscale. Since Tailscale isn’t available at boot (pre-decrypt), then I’ll have to tailnet+ssh to another machine on the LAN (that doesn’t require a boot password/unlock) and then SSH from that machine to the server to enter the LUKS password to allow boot to continue. Sounds feasible, though perhaps a little clunky. That’s my current plan and hoping to try it out this weekend if time permits.

Great, thanks for checking my understanding of it.

If I’m reading the docs correctly, Clevis can rely on a separate Tang server for retrieving the decryption key, right? So in that scenario I’d need to have another machine for Tang that can also auto-boot without entering a boot/LUKS password. Otherwise, if both machines (server+clevis and Tang server) were in the same room and restarted due to power loss, neither would be able to boot if both were encrypted… or did I misunderstand something important?

And I don’t think I actually want “automatic” unlocking. I just want to be perform the unlock (enter LUKS password) remotely. I realize that comes with manual intervention (entering the password remotely) but I’m okay with that. I should probably have clarified that by “home server” I mean a machine the serves nice to have stuff, nothing mission critical. Plus I’m really the only one who uses it currently so I’ll notice it’s down when something doesn’t work and can then initiate the remote unlock/boot : D

Clevis is interesting but I don’t think it matches my specific situation. Glad I know about it now though, thanks for the info.