New phone - new OS
Google’s support for my current Pixel phone will end in a couple of weeks and though CalyxOS will probably still release updates for quite a while, it will not receive full security updates anymore. Thus I opted for a new Pixel 7a. It’s a nice phone, not too expensive, about the size of my old Pixel 4a(5G) and will be supported by Google until May 2028. Of course, I wanted to replace Google’s version of Android with a privacy respecting custom ROM again.
Read more...
LUKS2 + YubiKey Bio
Recently I got myself a YubiKey Bio which I wanted to replace the YubiKey 5 with in terms of unlocking my LUKS2 encrypted drive(s). In this setup you can then simply use your fingerprint to unlock the drive, which I consider more secure than entering a PIN. I’m not sure if it’s a good idea to add multiple FIDO2 keys to systemd’s cryptsetup - I read about some issues - so I removed the YubiKey 5 first.
Read more...
Installing Nextcloud All-in-One docker image in rootless mode
Running your own instance of Nextcloud is probably one of the best solutions for reclaiming some privacy and avoiding services hosted by Google, Apple or Microsoft. I tried to cover the task of installing Nextcloud on a Synology NAS here by using the archive file provided by Nextcloud. However, they also offer some very handy “AIO - all-in-one docker image” which will pretty much take care of everything.
Read more...
Fedora 38
With version 38 just being released I decided to give Fedora a try again. From time to time I’d like to check out how things are going with other distributions. And sometimes it’s nice to have really current versions of your favorite applications. ;-) So I replaced my beloved Debian 11 with Fedora 38.
Read more...
Creating your own custom CA
As the constant security warnings displayed by my browser when accessing my local infrastructure annoyed me already for a long time I decided to look into the task of creating my own custom CA (“certificate authority”). There is not a lot of “local infrastructure” to be honest, basically my router and NAS drive. Anyway, I tend to access those via https and thus generating a warning by my browser telling me this site has no valid certificate. Of course, devices like this run with self-signed certificates, unknown to any browser.
Read more...