tutorials

External Backup Drive Encryption

14 minute read Enclosure Published

How to create secure external backups with LUKS, Borg and BLAKE2.

A friend in Bali handed me a 1 terabyte external SATA drive recently and that’s great because the device is an integral part of a 3-2-1 backup strategy I’m adopting after Apple Care suggested I make a full backup of my 15” MacBomb Pro.

The principle is simple:

3 copies, 2 different types of storage (physical and in the cloud for example) and one copy being physically separated from the others

Emanuele M. Monterosso

Of the 3 copies I needed 2 are complete. One copy is stored on MicroSD and kept with me. The other encrypted in the cloud on a Scaleway server in France. The last copy is going on the external SATA drive given to me last week which I will physically separate with and hide somewhere in Bali.

In this post I will show you how to securely store your backup data with two layers of encryption on an external drive or disk. After securing the disk we will start to automate the creation of space-efficient backups. Tools we’ll be using include GNU Parted, DMCrypt, a device-mapper crypto target, and Borgmatic to automate our backups in a expressive way.

Encrypted Internet with WireGuard

9 minute read Enclosure Updated

How to install and configure WireGuard on Manjaro Linux, a step-by-step guide.

One of the motivations behind dual-booting Linux on my MacBook Pro was to take back control of my personal data. Not just because Apple uses faux encryption on iCloud. And not because macOS has been shown to leave users open to eavesdropping exploits. But because when I use my Mac with macOS the operating system gratuitously beams out activity records1, sharing information I’d rather keep private with people I don’t personally know nor have I ever met. And without the ability to shut it off, I find my privacy – the sentient and autonomous nature of my very being – constantly under attack.

In many instances, privacy is threatened not by singular egregious acts, but by a slow series of relatively minor acts which gradually begin to add up.

I've Got Nothing to Hide and Other Misunderstandings of Privacy

In this short guide I’ll show you how to encrypt and route your local Internet traffic through a fast, modern, and secure VPN tunnel called WireGuard using a free and open source operating system called Manjaro Linux. I will explain how to install WireGuard on Manjro, share a simple means of establishing and testing an encrypted Internet connection, and leave you with next steps and personal experience to help further your understanding and gain confidence getting started.

Borg Backups with MinIO and Scaleway

8 minute read Updated

How to create encrypted system backups using S3-compatible object storage.

After switching from macOS to Manjaro on my MacBook Pro I was in need of a truly encrypted back-up solution. After considering a host of backup tools, including Restic, I opted for a less mainstream tool which supports blake2 encryption, gives you your private key, and, as an added bonus, churns out the smallest backups possible for use in cloud storage scenarios: BorgBackup.

In this post I’ll cover how to migrate encrypted Borg backups from any system which can run MinIO to a cloud services provider offering 500GB object storage for less than 6€ per month: Scaleway – a service brought to my attention by a friend and fellow After Dark user named Teo.

Read on to learn how to create Borg backups with MinIO and Scaleway.

Hugo Deploy: Migrating from S3 Website

10 minute read Published

How to install and configure Hugo for Amazon S3 deployments using Docker.
Scala is great and all though I’m not familiar with it and the maintainer of the deployment tool I’ve been using since 2016 ended active support for s3_website earlier this year. That’s too bad because s3_website was a huge breath of fresh air for me given its support for deploying both Jekyll and Hugo, among others. In addition to its support for various generators s3_website also has some novel features for deployments to AWS not trivial otherwise including:

Dual-Boot Manjaro Linux & macOS Mojave

12 minute read Updated

How to dual-boot macOS Mojave and Manjaro Linux directly from your Apple SSD.

Are you familiar with the concept of “habit fields”? They’re these magical auras we give to everyday objects, assigning them purpose and allowing us to focus our awareness to accomplish tasks faster. But habit fields can work against you as well, if you’re not careful:

If you’ve been trying to do everything from one place and one device, then you may need to make a conscious decision to divide different modes of behavior.

Jack Cheng, Habit Fields (2010)

One device you may be trying to do everything from one place is the MacBook Pro. With the beefy specs on the flagship Apple notebook it can be easy to piledrive too many activities all into one place, affecting your Mac’s habit field.

But there’s a trick you can use to divide different modes of behavior on a Mac. And that’s to add a second operating system and dual-boot. Here’s how to install and dual-boot Manjaro Linux alongside macOS Mojave on a MacBook Pro.

How to Backup & Restore macOS Mojave

17 minute read Enclosure Updated

If there's one thing computers do well, it's malfunction. Plan ahead so you don't lose data should your Mac start behaving more like a computer.

Last month, while download Mojave patches for at least two zero-day exploits a malfunction occurred and I couldn’t upgrade, leaving my machine vulnerable:

During a 10 minute chat with Apple Care it was suggested I back-up and restore Mojave. The resolution wasn’t exactly what I’d hoped for. But not a big deal as I hadn’t created a backup in 3 years and it was about that time.

Self-host Gitea on Amazon Lightsail

9 minute read Enclosure Published

Learn how to self-host Gitea on Amazon Lightsail for only $3.50 USD per month.

Shortly after the buzz of MS purchasing GitHub I started self-hosting a Gitea stack using a Docker Compose file I threw together just for the occasion. The hosting I chose at the time was a $5 Vultr VPS with the following specs:

  • CPU: 1 vCore
  • RAM: 1024 MB
  • Storage: 25 GB SSD
  • Bandwidth: 1000 GB

I chose Vultr partly because they’ve been shown to be faster than DO and Lightsail. But really I just needed a testbed to prove things out. Something I did through sharing knowledge on the Gitea Support forums before, months later, finally feeling confident enough to abandon GitHub.

But Vultr isn’t cutting it anymore. Their $5/month VPS option, while arguably a great deal, isn’t delivering enough storage. Sure I could add block storage at $0.50 per GB or even consider switching to Linode. But I don’t see the point of either when Amazon offers a 40 GB SSD option at $5 an instance with double the bandwidth offered by Vultr and half the cost of the Linode equivalent plan.

As luck would have it, last night I ran out of disk space on Vultr. What better a time to make the switch over to Amazon Lightsail? And if you’re looking to self-host Gitea on Lightsail, here’s how you can too.

Unbrick a Micro SD Card using Tails and macOS Mojave

7 minute read Published

Learn to dual-boot a Mac using a second operating system running Linux and use it to troubleshoot hardware problems by unbricking a Micro SD card.

Recently, while creating a physical back-up of my Mac, I ended up corrupting the Micro SD card I was using to perform the back-up operation. This translated into a one line cautionary alert inside the related blog post:

Caution: DO NOT attempt to remove the SD card or adapter during this process.

Turns out removing an SD card during a 100+ GB 77,000 file transfer from a Mac to an SD card isn’t the best idea – despite what a five year-old might tell you.

After several hours of toiling with Disk Utility, diskutil and dd on macOS the furthest I got was to experience the same issues as another individual who posted on Apple Exchange 3 years ago - their question unresolved, until now.

Consolidate a Jekyll site with Hugo

8 minute read Published

How to migrate a website hosted on Jekyll into an existing Hugo site.

Three years ago I started a website called hackcabin.com to scratch an itch after discovering Hugo and starting development on After Dark. At the time my primary website was running Jekyll and build times were nearing the 2-3 minute mark for little more than 70-80 blog posts.

Swarm Clusters on Digital Ocean

9 minute read Updated

How to set-up a two-node Swarm cluster on Digital Ocean using Docker Machine.

Lately I’ve been learning more about cloud architecture and related tooling. Stuff like Lambda, Serverless, AWS CLI and – now that it’s a part of Docker Machine – container orchestration with Docker Swarm clusters.

As an AWS user I’m particularly geeked about the Docker Private Beta, which makes it possible to experiment with Swarm using Amazon Web Services. But rather than waiting for a private beta we’re going to experiment with Docker Swarm using one of my favorite prototyping tools apart from the RPi: Digital Ocean.

Zero to HTTP/2 with AWS and Hugo

5 minute read Updated

A step-by-step guide to creating your own JAMstack site using Amazon Web Services and the Hugo static site generator.

So you found out how Smashing Magazine got 10x faster and want to create your own JAMstack website with Hugo. If so, you’re in luck because I’m going to show you how to do it using Amazon Web Services so you don’t end up paying through the nose for hosting or locked into a provider which might disappear.