Documentation

Automatically Mounting Secondary Encrypted Disk/Partition at Boot

There are a wide variety of use-cases for disk encryption, and the idea of automatically mounting an encrypted disk/partition without user intervention is an anathema to many of those - anyone who can take physical possession of your system will have the disk auto-mount for them.

However, there is a very simple use-case which benefits from being able to automount a second encrypted disk.

If you're storing data unencrypted on a drive and it fails, you're now potentially left with something of an issue, particularly if you intend to RMA it (return it under warranty) - could the drive be fixed, allowing someone else to pull that data off the drive (bearing in mind the manufacturer may fix the drive and sell as refurbished)?

Similarly, when you need to expand your storage, you hit a similar conundrum - do you trust disk wipes sufficiently to be willing to sell/pass the disk on (a particular concern with SSDs where data may previously have been written to a now bad block, so won't be overwritten by your wipe), or do you feel you have to physically destroy the disk, un-necessarily generating e-waste.

Using Full Disk Encryption (FDE) addresses both of these situations - the manufacturer might fix the disk, but without the key the data's just random bytes, similarly, for whoever buys your disk off ebay.

But, FDE can quickly become a major inconvenience at boot - your system will stop booting and ask you to provide the decryption passphrase. That's particularly problematic if you're talking about a headless system like a NAS, where you want things to come up working following a power cycle.

It's possible (trivial even) to configure so that the system uses a key stored on another disk (like your root filesystem, or if you prefer, a USB flash drive) so that the partition is automagically mounted.

This documentation details how to set up ecryptfs on a disk (or partition) and add it to /etc/fstab so that it automatically mounts at boot

All commands are run as root, so use sudo -i/su

 

Read more ...

Configuring Unbound for Downstream DoT

Quite some time ago, I wrote some documentation on how to stand up a DNS-over-TLS server using a Nginx reverse streams proxy to terminate the SSL.

However, since then (in fact, back in 1.6.7) Unbound released support for directly terminating TLS connections.

This documentation details the (simple) config changes necessary to configure Unbound to service DNS over TLS (RFC 7858) queries.

 

Read more ...

Saab Keycase Battery Replacement

If you're sometimes finding that the remote buttons on your Saab key don't work, it's probably that the battery is coming up for replacement.

The key on both the Saab 93 and Saab 95 is essentially a large plastic sheath around a hidden key, with some rubberised buttons on the front.

Replacement of the battery is quick and easy, and follows much the same process as replacing the keycase itself.

Read more ...

Xiaomi MIUI "Can't Connect To Internet" on Wireless Network

Google's Android OS used to have an annoying feature - smart network switch - which would inevitably lead to it sitting there, not using your wireless network, displaying the message "No network access".

This usually happened as you got home, because it had picked up your wifi at the very extreme edge of it's reach, and the test probes had failed as a result.

The functionality works by placing some test HTTP requests when connected to a wifi network - if those requests fail, it's considered that the wifi doesn't have network access. This (fairly flawed) methodology doesn't properly account for a range of possible failures in the test itself.

 

Xiaomi

Unfortunately, Xiaomi appear to have felt the need to replicate this behaviour in MIUI - the only real difference is that Xiaomi's functionality displays "Can't Connect to Internet" on the wifi network.

The result is that having previously been to the margins of your coverage, you'll eventually notice that your phone is relying on mobile data instead of wifi, and has eaten your battery (and your data allowance) as a result.

Anecdotally, the issue seems to have become more prevalent recently.

Read more ...

Finding Vauxhall Paint Codes

Cars come in a weird and wonderful array of colours, which is great until you need to find out which exact shade of touch-up/repair paint you need to order after an issue.

Most manufacturers give shades both a name and a code - "Black Sapphire" (20R) , "Flame Red" (79L) - but, there may be multiple codes/shades within a name.

This documentation details how to find the paint code for a Vauxhall car. In this case, it's a Corsa but the information is available on all models, it's only the location which may change.

Read more ...