Tony Norlin
@tnorlin.se
Homelabber (BSD/illumos/Linux/Kubernetes), Interests span across tech, music, photo, food (pasta & pizza napoletana), coffee and my family
I moved my mail to @proton.me, but I'm torn between Proton Drive and Nextcloud/Owncloud (and Google One I currently also pay for)
December 4, 2025 at 10:35 PM
I moved my mail to @proton.me, but I'm torn between Proton Drive and Nextcloud/Owncloud (and Google One I currently also pay for)
and the lasagna previously posted.. next up is gingerbread (dough is resting in the fridge for one week)
December 2, 2025 at 10:37 PM
and the lasagna previously posted.. next up is gingerbread (dough is resting in the fridge for one week)
sourdough bread - "levain"
December 2, 2025 at 10:34 PM
sourdough bread - "levain"
It's almost impossible to go wrong with a recipe that begins with carrots, celery and onion! Sounds and looks delicious.
December 2, 2025 at 10:32 PM
It's almost impossible to go wrong with a recipe that begins with carrots, celery and onion! Sounds and looks delicious.
Isn't that what Cloud Native Rejekts used to be?
November 17, 2025 at 10:19 PM
Isn't that what Cloud Native Rejekts used to be?
"We've added an 'AI/ML' feature to your subscription that you hever asked for and now we have our excuse to increase the subscription fee. As a bonus, from now on we will remind you to use that feature so we can showcase the demographics to the board."
November 16, 2025 at 7:16 PM
"We've added an 'AI/ML' feature to your subscription that you hever asked for and now we have our excuse to increase the subscription fee. As a bonus, from now on we will remind you to use that feature so we can showcase the demographics to the board."
I bought the Pro Max 16 poe a couple of months ago, but at last they now have a bunch of 10GbE switches such as Pro XG 10 PoE. That price though..
October 31, 2025 at 11:24 PM
I bought the Pro Max 16 poe a couple of months ago, but at last they now have a bunch of 10GbE switches such as Pro XG 10 PoE. That price though..
ssh -o CertificateFile=ed25519-${DATASET}-cert.pub -i ed25519-sk-${DATASET} zfskey@${luks_vm} | zfs load-key -n zones/${DATASET}
might not be as transparent as the curl one, but with luks, pass and a ssh certificate (with yubikey) may have moved the weakest link to another layer instead..
might not be as transparent as the curl one, but with luks, pass and a ssh certificate (with yubikey) may have moved the weakest link to another layer instead..
October 31, 2025 at 11:08 PM
ssh -o CertificateFile=ed25519-${DATASET}-cert.pub -i ed25519-sk-${DATASET} zfskey@${luks_vm} | zfs load-key -n zones/${DATASET}
might not be as transparent as the curl one, but with luks, pass and a ssh certificate (with yubikey) may have moved the weakest link to another layer instead..
might not be as transparent as the curl one, but with luks, pass and a ssh certificate (with yubikey) may have moved the weakest link to another layer instead..
Instead, I've now created a user with SSH certificates for each corresponding dataset with a forced command that extracts the key (with pass on that luks vm), so each certificate can only reach the corresponding key and not any other...
October 31, 2025 at 11:07 PM
Instead, I've now created a user with SSH certificates for each corresponding dataset with a forced command that extracts the key (with pass on that luks vm), so each certificate can only reach the corresponding key and not any other...
I ended up with replacing the https for ssh (something I meant to do years ago).. I thought about using pass or bitwarden, but those solutions seem sub optimal to distribute on each physical server..
October 31, 2025 at 11:02 PM
I ended up with replacing the https for ssh (something I meant to do years ago).. I thought about using pass or bitwarden, but those solutions seem sub optimal to distribute on each physical server..
I've felt a bit puzzled on this "issue". Still way more convenient than loop-AES (I still believe it's one of the better solutions, albeit not that smooth and transparent). And I prefer native solutions instead of having my data in a vm. While I would prefer to not have the keys in a vm..
October 31, 2025 at 11:00 PM
I've felt a bit puzzled on this "issue". Still way more convenient than loop-AES (I still believe it's one of the better solutions, albeit not that smooth and transparent). And I prefer native solutions instead of having my data in a vm. While I would prefer to not have the keys in a vm..
curl -s --key /root/.zfsencryption/user.key --cert /root/.zfsencryption/user.crt:${SSL_KEY_PASSWORD} -k ${luks_vm}/$%7BDATASET%... | zfs load-key zones/${DATASET}
October 31, 2025 at 10:54 PM
curl -s --key /root/.zfsencryption/user.key --cert /root/.zfsencryption/user.crt:${SSL_KEY_PASSWORD} -k ${luks_vm}/$%7BDATASET%... | zfs load-key zones/${DATASET}
I had a "temporary" solution, by which I created a luks-encrypted vm on which I stored the corresponding keys, and whenever (during a reboot) I needed to unlock a dataset I just booted the vm, entered the luks passphrase into the console and then..
October 31, 2025 at 10:52 PM
I had a "temporary" solution, by which I created a luks-encrypted vm on which I stored the corresponding keys, and whenever (during a reboot) I needed to unlock a dataset I just booted the vm, entered the luks passphrase into the console and then..
It can't sell well, sounds really strange with "pumpkin spice".. I know pumpkin seed on bread, but...
October 9, 2025 at 3:11 PM
It can't sell well, sounds really strange with "pumpkin spice".. I know pumpkin seed on bread, but...
Let's bring back POSIX as the golden standard.
October 9, 2025 at 2:45 PM
Let's bring back POSIX as the golden standard.