Updates from January, 2018 Toggle Comment Threads | Keyboard Shortcuts

  • penguin 11:55 on 2018-01-24 Permalink | Reply
    Tags:   

    Shutter can’t edit images on Arch 

    Unfortunately shutter does no longer work (or not yet, maybe, hopefully 😉 with Wayland on Arch. But I still use it for image editing, namely screenshot annotations, for which this is the best tool by far I have ever found. Not to mention the most private one, cause everybody and his dog wants you to upload “to the cloud” nowadays.

    On a freshly installed system you will find the “Edit” button grayed out though after you installed Shutter. Reason being there’s a lib missing which is not installed by default. This is how you install it:

    And the editing continues.

    (Original source: this one. Thanks!)

     
  • penguin 14:13 on 2018-01-20 Permalink | Reply
    Tags: ,   

    Install Arch with full disk encryption, btrfs and EFI 

    I recently had to re-install my beloved Arch Linux. For security I need (and use) full disk encryption. This is a cheatsheet for the whole procedure, because although the Arch Linux Wiki is excellent, it is also huge and sometimes you must pick your stuff together from many pages.

    This is what I am doing here 🙂

    NOTE: Usually you only have to follow the one subsection I link to!

    Overview

    One after another, we will do the following steps

    • Download and prepare Arch USB stick (skipped, you should know that 😉
    • Prepare the hard disk
    • Prepare the disk partitions
    • Add LVM “inside” the crypted partition
    • Create filesystems & mount partitions
    • Install arch
    • Configure boot manager

    Prepare the hard disk

    Use parted to init the disk and …

    1. init the disk using a GPT partitioning scheme, then create
    2. a GPT boot partition and put 100% of the remaining space in another partition (the first two actions behind the link)

    Prepare the disk partitions

    Basically,

    1. use the cryptsetup command to encrypt the main (big) partition,
    2. and create a file system on the boot partition (remember: it must be FAT32 for EFI boot, and it must be unencrypted!)

    Add an LVM “inside” the encrypted partition

    Cause we want “properly” encrypted swap (you can also encrypt swap using a /dev/random key every time, but then you will not persist data between reboots and you can’t do things like suspend-to-disk), we need at least two “partitions” “inside” the crypted volume. Sounds like LVM on LUKS? It does. We already used it 🙂 .

    1. Create LVM partitions inside the encrypted volume (Don’t forget to use cryptsetup luksOpen before, usually in step 1 in the last section 🙂

    NOTE: Do not follow the above link down to “prepare the boot partition”, cause they use ext2 and we need FAT32 for EFI boot partitions. Just don’t.

    I use the name “secure” for the VG, and I use btrfs cause I am so incredibly elite, and so we don’t need to set a specific size for the / and /home “partitions” and can just use btrfs subvolumes, while still being able to wipe the system without the home directories. That’s pretty neat if you need it (I never did, but now I can ;). So that’s the final setup:

    Create filesystems & mount partitions

    Of course, Arch has already a wiki page section for that. I did it 3 times in a different way until I found it and had to do it again. So here is my summary.

    NOTE: /boot is not on an encrypted partition 😉 , and the leading “ @” is a convention for subvolumes which should be mounted somewhere. I also don’t use compress=...  parameters, cause I don’t need / want transparent compression.

    Install arch

    Then you follow up with the usual installation procedure, but you stop at the “Initramfs” section. Here we will pick up again.

    Configure boot manager

    We are using systemd-boot. Or bootctl, as the binary is called. It should be already installed. The procedure is also outlined here. We also enable TRIM support, it seems to lessen security, but it raises SSD performance and life time.

    1. First, check if your system EFI is all right.
    2. Optionally install the Intel microcode updater package if you have an Intel CPU by doing pacman -S intel-ucode.
    3. Then run … bootctl --path=/boot install to install systemd-boot.

    Now create those files (all inside /mnt and relative to it, but of course you should be in a chroot right now :):

    You can get FS_UUID in the options line above by using the blkid command. If you don’t want to copy the UUID by hand, you can start console mouse support with copy-on-mark and paste-on-middleclick with gpm -m /dev/input/mice -t imps2. Note that the FS_UUID is the UUID of the encrypted luks partition, and not the filesystem within!

    The list of normal and dm-crypt related kernel parameters … well, is also in the Arch wiki.

    The key idea is to use the “systemd” parameters instead of the “normal” ones. The full list of hooks is of course also available, and the order is important.

    Now execute:

    … and actually, that should be it.

    Edits:

    • 2018-03-27 fixed a typo in the HOOKS documentation, clarified kernel boot parameters
     
  • penguin 13:47 on 2017-06-12 Permalink | Reply
    Tags: cli, , github   

    No password prompts for GitHub “hub” client 

    GitHub has a little cli tool called “hub” which makes working with repos a bit easier (“hub pull-request” instead of a lot of clicking around on the web). Unfortunately they don’t really tell you how to prevent password inputs every time you use it.

    Unless you dig deep:

     
  • penguin 14:58 on 2017-04-20 Permalink | Reply
    Tags: , , fonts   

    Linux font rendering sucks, a.k.a “Where is Boohomil”? 

    For some reason, the maintainer behind the “*-infinality” packages in Arch Linux “has gone missing” for a while.

    Why is that important to me? Because infinality is a patch set to a bunch of font and rendering packages, which make fonts under Linux look SO much better than the default setup. (Yes, there are still a couple of things that Linux just absolutely cannot compete in with Mac and / or Win, and font rendering is one of them. Ubuntu does a reasonable job of this, every other distro just sucks.

    Except when you were using infinality. And now it’s defunct.

    Anyway, after experiencing the unbelievably ugly phenomenon described in here, I tried this guide here now, and it seems to fix it.

     
  • penguin 19:03 on 2017-04-10 Permalink | Reply
    Tags:   

    The state of things – management 

    Yep, this is the challenge why I converted from a freelancer (which I still prefer as a working model) to a “normal” employed person. I am a “manager” now. Well, I just have team responsibility. And it is crazy. This brings *so* many challenges which are so amazing (cause they’re new) and exhausting (cause I need to deal with them in a completely different way).

    Here they are.

    Challenge one – team spirit. That is something I am most happy with, because our spirit is pretty high I think. And I take this on me, shamelessly, but this is also something which is deeply connected to my “leading persona”, whatever that is. And I think this one is far from perfect.

    Challenge two – training the team. I think I know some stuff, and I keep in contact with things. And I want to learn new things. Now I have to deal with maintenance shit all day, and yet want to try out new toys and stuff. This is quite complicated: On the technical side I have to think now about a way in which people can learn the most, while making sure a fuckup can not break everything. (Which it did – once, and badly). Also I have to ensure that people learn, and have fun doing it. Which is surprisingly hard, but also surprisingly cool if you see it actually working.

    Challenge three – employee interviews. I suck at it, period. I started to ask technical questions now, because before I was under the assumption that every applicant can do the job, and it’s just about how he fits in. Bad mistake. Now I learn that personal markers are also important. Which is the next thing that I need in the team, personality-wise? And am I sure of this? And does the next candidate have it? Cra-zy.

    Challenge four – managing the big picure. Or simply put – how do I make sure that the team is always up-to-date on priorities, talk to people enough, and has a good sense of when something should be “done”? And a good sense of driving it there, btw. Which is pretty much the same as

    challenge five – processes. Which process do we choose? We tried SCRUM, didn’t really work that well, so we changed it after a couple of iterations. Now we try (some sort of) Kanban, and already I am seeing transparency risks, and I need metrics. Also you often read that Kanban needs analogue ticket boards (paper, wall) – not some fancy JIRA tooling shit or so. Now what if the company policy is “log your time in tickets”? And, even most important – how do I self-manage? And the team with it? And prioritize features if they hit me like “oh in two weeks this must be done, and sorry this came in just today”?

    For me all of this is hard. I guess I am getting there, but it is a great challenge, and I love it. But soon I will need a break. And I hope some stuff is done by then.

    Update 2017-04-14: changed challenges 1&2 a bit.

     
  • penguin 18:54 on 2017-04-10 Permalink | Reply
    Tags: current state,   

    The state of things – technology 

    It’s been a while. I am currently pretty burned out, and the work keeps getting more. This is bad. But let’s talk about some challenges right now. So this is an overview of our …

    Technical state

    We’re still using Rancher. Rancher is super cool, but has the annoying habit of completely crashing about once every two months, leading to a full cluster outage for anything between 1-3 hours. Usually about 2. I still love it, but we matured in our needs, and maybe Rancher needs time to catch up (cause our needs are sometimes a bit “special”). But the Rancher team is making great progress in the right directions, and I am fully competent that Rancher will take a place in the orchestration space. Still we’re thinking about moving to K8s, simply because so much is already there.

    We’re using Prometheus for monitoring now. Rocks. Period.

    We’re still using AWS. Many of our customers would prefer Azure Germany. If you didn’t know – Azure in Germany advertises a “Data Custodian” mode, or “Data Trustee” model, not sure how to translate this and too lazy to look it up. This means that in Germany the data centers are running the true Azure stuff, but they are actually fully operated by Deutsche Telekom.

    Advantage, you ask? Easy. When the DOJ sends one of those super secure letters to Microsoft for “give me your data”, they simply forward this to Deutsche Telekom. They will probably frame it on a wall somewhere, but I don’t think they will actually give out the data. Problem solved. (We all hope :))

    We are almost done with setting the whole cloud up using Terraform. It became a really mature project over the last year, and we are super happy with the progress it’s making. Also, with Azure in the works for us (some cusomers …) this is a cool way to just manage all with the same tooling. Infrastructure as code, eh.

    We try to migrate away from Teamcity to Jenkins. We didn’t succeed yet. Too little manpower.

    But the more interesting thing is in the next post, for me at least 😉

     
c
compose new post
j
next post/next comment
k
previous post/previous comment
r
reply
e
edit
o
show/hide comments
t
go to top
l
go to login
h
show/hide help
shift + esc
cancel