September 24, 2019
I’d written [about using the t470s]({{ref 2017-04-14-linux-on-the-t470s}}) a while back, since then jumping to a T480s, T480, and most recently an X1 Yoga Gen4 and X1 Carbon Gen7. These two machines are extremely small and have good manufacturing feel to them. The major downside to them is the limited memory (16G) and the thermal dissipation. Ultimately I’ve become more comfortable with the X1CG7 as there wasn’t a need for me to use the touchscreen/stylus with the X1YG4.
...
April 11, 2018
WireGuard aims to be as easy to configure and deploy as SSH. You establish a VPN connection by simply exchanging public keys, and the rest is transparently handled by WireGuard.
There are many other technologies, however wireguard is uniquley interesting for:
cryptokey routing: the first principles simply mapping public keys and sets of allowed addreses, making wireguard easier to grok for deployments. endpoints and roaming: also initial principles that facilitate NAT traversal and utilization of dynamic addressing through keepalives.
...
February 20, 2018
We’ve recently gotten some significantly larger storage systems and after running some 50T pools with basically all the defaults it felt like time to dig into what common options are used to chase performance. The intended use for these systems is ultimately CIFS/NFS targets for scientists who are running simulations that generate small (1M) to large (100G) files. I’m not being rigorous and offering any benchmarks, just digging into documented performance parameters and explaining the rational.
...
October 29, 2017
If you want to be truly paranoid about authentication to services, you can implement your own Public Key Infrastructure (PKI). Many large organizations that are privacy focused have developed a digital/physical PKI strategy, for example the DoD’s Common Access Card. OpenSSL is a software that can be used to setup a “simple” PKI, however it’s command complexity is easy to get lost within. In this guide we’ll set up a “simple” PKI that we’ll use to authenticate users with, while still using the legitimately issued Let’s Encrypt Domain Validation certificates.
...
May 19, 2017
With all of the nasties we are seeing about snarfing up data, there has been a concerted effort for people to get encryption in place. For the web, it has never been easier to get these things sorted because there have been significant efforts recently to reduce the barrier. Firstly the letsencrypt project broke up the cabal of certificate authorities by providing a recognized authority that could issue certificates to verified domain operators without a transaction cost.
...
May 16, 2017
Dynamic DNS is an essential tool if you’re your provider is unwilling to provide you with a static address. On almost all residential connections with the large providers you’re not going to be able to obtain a static address unless you convert over to one of their business accounts, then pay some hefty amount like 15USD monthly.
I’ve used several DNS providers and have been with Cloudflare for a good while now due to their literal speed.
...
May 16, 2017
I’ve written before about network hardware selection, where I surmise that Ubiquiti’s EdgeMax products are what I typically rely on when building out a network. Here I’ll lay out what I think is a good design for a home network using some of the inexpensive EdgeMax and Unifi products. It might seem silly that I would include Unifi in a discussion of implementation with EdgeMax, but really you don’t have a better choice for wireless access point than what Unifi offers.
...
February 7, 2017
In this I’ll outline a simplified install procedture that will allow you to go from metal to a machine that has a graphical desktop environment. Arch has several principles, the one your should be the most aware of is versatility. Versatility is user choice to build and use systems how they want. In following this guide you’re allowing me to make a significant amount of choices for you. For many folks a first time through the ArchLinux wiki on install procedure is too much to feel like you’re comfortable to make headway.
...
February 7, 2017
In this I’ll outline a simplified install procedture that will allow you to go from metal to a machine that is managed over ssh and has ZFS. Arch has several principles, the one your should be the most aware of is versatility. Versatility is user choice to build and use systems how they want. In following this guide you’re allowing me to make a significant amount of choices for you. For many folks a first time through the ArchLinux wiki on install procedure is too much to feel like you’re comfortable to make headway.
...