Alt255 Blog

February 20, 2019

Restic

Intro I’ve been using the restic backup system for a bit over a year now. It seems to be working well, was easy to configure, and is speedy. It’s got the cryptos (client-side!), deduplication, snapshotting, and supports bacically all the cloud backends. I haven’t had any disasters to recover from yet, so the recovery system isn’t battle-tested from my perspective, but for one-off file recoveries, it’s worked well. Just like other common utilities, like rsync, it’s easy to configure a backup destination, called a “repository” in restic-speak, to help facilitate learning and debugging usage before committing uplink bandwidth and storage costs. ... Read more

December 30, 2017

OSX Bash Upgrade

Notes on getting bash completion to work on OSX and upgrade bash along the way. Using brew, install bash-completion: $ brew install bash-completion Update .bashrc to include: if [ -f /usr/local/etc/bash_completion ] && . /usr/local/etc/bash_completion If you receive errors like this: bash: compopt: command not found, your version of bash is likely outdated. Check the version using bash --version. compopt apparently requires version 4.0 or above. To upgrade bash using brew: ... Read more

December 17, 2017

Forwarding GPG over SSH

Here’s a guide to forwarding GPG over SSH. This is helpful to not only assist with remote GPG operations, but will also work to forward SSH credentials which were loaded via gpg-agent. Prerequisites With modern versions of GPG (eg GnuPG 2.1), the gpg-agent will automatically create sockets in $HOME/.gnupg: $ ls -l $HOME/.gnupg/S.gpg-agent* srwx------ 1 jburke staff 0 Dec 17 10:22 /Users/jburke/.gnupg/S.gpg-agent= srwx------ 1 jburke staff 0 Dec 17 10:22 /Users/jburke/. ... Read more

June 29, 2017

sshcheck

ssh
Today I discovered a terrific website for checking an SSH server’s configuration: sshcheck. Point sshcheck at an SSH server and it will produce a report about the server’s key exchange, encryption, and MAC algorithms, indicating if any are considered insecure. Once I had an idea of what needed to be fixed, I cross-checked settings with Mozilla’s OpenSSH Security Guidelines. What I ended up with for my own server: KexAlgorithms [email protected],diffie-hellman-group-exchange-sha256 MACs hmac-sha2-512,hmac-sha2-256,[email protected] ... Read more

May 28, 2017

mosh is amazaballs

I finally got around to trying out mosh, a “replacement for SSH”. Mosh is pretty darned amazing as well as easy to setup. The immediate benefit I’m seeing is being able to establish a connection from my laptop to a server, close the laptop for minutes/hours, then be able to resume my previous connections right where I left off; no need to ~. close the hung SSH connection, no need to reauthenticate, no need to plug in my YubiKey to access the SSH private key. ... Read more

February 18, 2017

Time Machine Backups to a Linux Server

There are many writeups on how to backup a Mac using Time Machine to a Linux server. These are my notes. First, create a user on the Linux system to which the Mac will login: $ sudo useradd -m macbook $ sudo passwd macbook Next, install the necessary servers and libraries. Most sites I looked at showed downloading and source code for netatalk specifically to compile in encryption support (which may have be required by OSX). ... Read more

February 5, 2017

Posix ACLs (on ZFS)

This started out with having installed several programs within a LXC container, all running under separate user accounts that need to access a shared data pool. Growing tired of manually flipping permission bit so that the programs could all work together, I wanted a way to ensure that files created by one program could both be renamed and moved by another program (running as a different user). Turns out that POSIX ACLs provided what I needed: going beyond the standard user/group/other UNIX permission model, POSIX ACLs allow you to define additional user or group permissions. ... Read more