[07:41] <lolek> alkisg: hi, last time you gave the link to a repo with scripts to have working vlan with dropbear during boot. I'm reading the readme and checking the scripts yet I'm not sure with one thing. After boot I should also properly configure the networking so the network scripts etc to have vlans and so on? [07:43] <alkisg> Hi lolek , I haven't actually used dropbear but from a quick glance I did last time, it seems to me it brings down networking on exit; so yes you're supposed to properly configure networking using netplan, vlans etc later on [07:43] <lolek> ok, that's awsome [07:43] <lolek> but hmm you said you haven't used it so you're using something else? [07:44] <alkisg> lolek: I'm very familiar with initramfs-tools because I'm developing ltsp.org, but no, I'm not using full disk encryption [07:45] <lolek> oh ok [07:45] <alkisg> Well actually I do need to unlock home automatically on some servers, but I'm using home-grown scripts to ask data from nearby servers and make sure the server is still onsite, and then I unlock it automatically, not manually [07:45] <alkisg> *encrypted home [07:46] <lolek> alkisg: the ltsp... nice... well καλημÎÏα then ;) [07:46] <alkisg> ΚαλημÎÏα! :D [07:46] <alkisg> I.e. each server provides an md5sum of its hardware (even asks some from remote locations), then they are xor'ed, then the result unlocks a gpg encoded secret, which unlocks home [07:47] <alkisg> So attackers would need to steal all servers from multiple sites to get the unlocking to work [07:50] <lolek> interesting approach [07:54] <arraybolt3[m]> alkisg: md5? I mean it should be enough, but I'd want to use SHA256 to avoid spoofing. [07:55] <alkisg> arraybolt3: the key is that they don't know the md5sum [07:55] <alkisg> Spoofing works if they know it and they want to generate a source for it [07:55] <arraybolt3[m]> Ah, makes sense. I must be tired :) === rfm_ is now known as rfm === Eickmeyer is now known as NotEickmeyer === Eickmeyer0 is now known as Eickmeyer