• 9 Posts
  • 72 Comments
Joined 1 year ago
cake
Cake day: June 11th, 2023

help-circle


  • One thing you could do that I don’t see mentioned here is to install Virtual Box in Windows and create a Linux Mint Virtual Machine. It’s basically installing a computer within a computer. You should be able to find some tutorials online.

    This would let you try Linux Mint in a sandbox within Windows so that you could experiment a bit with everything before changing anything.

    Just keep in mind that within the VM, things will be less performant, especially graphically, and certain peripherals, etc. might not work. But it would let you test out installing the software you want, the cloud storage solution you want, browsing around, etc.

    Speaking of graphics, you’ll want to do some research about how well supported your GPU is. It will almost certainly “work” out of the box, but if you want to get the most performance out of it, like Windows, you’re going to need special drivers. I’ve heard Nvidia can be a bit of a pain, but I think it varies by model.

    I wouldn’t be too worried about the touch screen as that will probably work - or at least has on every laptop I’ve tried. I’ve had more issues with things like fingerprint scanners generally speaking. Definitely check out everything you can think of when you install, like Bluetooth, cameras, microphone, peripherals, etc. Oh and when using the laptop definitely manually knock yourself down out of performance mode using the upper-righthand corner in gnome. For me at least, it makes a huge difference in battery life if I’m in performance vs balanced vs power saver. Windows is better at automatically making those adjustments.

    I’ve also heard that lately Microsoft is making dual-boot harder - notably that Windows updates will just casually break your dual-boot and revert it to just Windows. I don’t know the details since it’s been years since I’ve done it myself, but something to keep in mind.

    Finally I’ll throw out there to make sure you have a recovery plan if the install goes south. Have all your files backed up. Have a copy of Linux and Windows installers ready. It honestly should be fine, but especially if this is your only PC you don’t want to be stuck if you have some kind of issue, accidentally blow away your laptop’s SSD, etc . Not trying to scare you or anything, but better safe than sorry, right?



  • More of a debugging step, but have you tried running lsinitrd on the initramfs afterwards to verify your script actually got added?

    You theoretically could decompress the entire image to look around as well. I don’t know the specifics for alpine, but presumably there would be a file present somewhere that should be calling your custom script.

    EDIT: Could it also be failing because the folder you are trying to mount to does not exist? Don’t you need a mkdir somewhere in your script?



  • Doubling what Klaymore said, I’ve seen this “just work” as long as all partitions have the same password, no key files necessary.

    That said, if you needed to use a key file for some reason, that should work too, especially if your root directory is one big partition. Keep in mind too that the luks commands for creating a password-based encrypted partition vs a keyfile-based encrypted partition are different, so you can’t, for example, put your plaintext password into a file and expect that to unlock a LUKS partition that was setup with a password.

    But the kernel should be trying to mount your root partition first at boot time where it will prompt for the password. After that it would look to any /etc/crypttab entries for information about unlocking the other partitions. In that file you can provide a path to your key file, and as long as it’s on the same partition as the crypttab it should be able to unlock any other partitions you have at boot time.

    It is also possible, as one of your links shows, to automatically unlock even the root partition by putting a key file and custom /etc/crypttab into your initramfs (first thing mounted at boot time), but it’s not secure to do so since the initramfs isn’t (and can’t be) encrypted - it’s kind of the digital equivalent of hiding the house key under the door mat.








  • I’ll also throw out: aging infrastructure, build systems, coding practices, etc.

    I looked into contributing to the kernel - it’s already an uphill battle to understand such a large, complex piece of software written almost entirely in C - but then you also need to subscribe to busy mailing lists and contribute code via email, something I’ve never done at 30 and I’m betting most of the younger generation doesn’t even know is possible. I know it “works” but I’m really doubting it’s the most efficient way to be doing things in 2024 - there’s a reason so many infrastructure tools have been developed over the years.

    The barriers to entry for a lot of projects is way too high, and IMO a lot of existing “grey” maintainers, somewhat understandably, have no interest in changing their processes after so much time. But if you make it too hard to contribute, no one will bother.




  • Maybe I am not thinking of the access control capability of VLANs correctly (I am thinking in terms of port based iptables: port X has only incoming+established and no outgoing for example).

    I think of it like this: grouping several physical switch ports together into a private network, effectively like each group of ports is it’s own isolated switch. I assume there are routers which allows you to assign vlans to different Wi-Fi access points as well, so it doesn’t need to be literally physical.

    Obviously the benefits of vlans over something actually physical is that you can have as many as you like, and there are ways to trunk the data if one client needs access to multiple vlans at once.

    In your setup, you may or may not benefit, organizationally. Obviously other commenters have pointed out some of the security benefits. If you were using vlans I think you’d have at a minimum a private and public vlan, separating out the items that don’t need Internet access from the Internet at all. Your server would probably need access to both vlans in that scenario. But certainly as you say, you can probably accomplish a lot of this without vlans, if you can aggressively setup your firewall rules. The benefit of vlans is you would only really need to setup firewall rules on whatever vlan(s) have Internet access.