I am uninstalling Facebook Messenger switching to Signal on my phone. I will still be checking Messenger, but only when I am logged in on a computer. If you want to catch me on-the-go, Signal is the way to go 📱
That was it. If you have other things to do, feel free to leave. If you are curious why, then read on 😊
Well.. for a number of reasons. Signal is…
Let’s dive just a bit more into details…
First: It is ad free
This was the initiating ball for me. For many years, I have been using the Messenger Lite app from Facebook / Meta. It was ad free and had way less features than the full app. Features I did not mind missing out on.
However, from September 18th 2023, Messenger Lite will be shut down, and one has to install the full Messenger app – including ads – in order to use the service (on the phone). I would like to keep my day-to-day life as ad-free as possible and thus will not be installing the full app.
One argument for accepting ads in your day-to-day life is that it is part of the internet economy. I see that, but I also envision a better way. Without going in to this discussion here, I will just note that the Signal app offers the possibility to donate to / support the app.
Second: It is open source
This is great because it gives three important benefits to the project:
Third: End-to-end encryption
It may not be something you think about in your day-to-day life and some would argue that I have nothing to hide. I don’t want to go into a deep debate here, but I have been stumbling upon a few quotes that made me favor 100% on the pro-encryption side:
WhatsApp is owned by Meta / Facebook and thus, I believe, it is only a matter of time before they “need” to start monetizing that investment.
Telegram is owned / run by the Russian-born brothers Nikolai and Pavel Durov. While they did move out of Russia it still does raise a flag. Also, Wikipedia writes that Since 2017, the company has been based in Dubai. It has a complex corporate structure of shell companies to delay complying with government subpoenas. [Quoted by this article from The New York Times, that is unfortunately hidden behind a paywall.] I am unsure whether the subpoenas in question are from Russia, or from other (western) countries. However, it does not sound promising either way.
So… while I can be found on WhatsApp and Telegram, I prefer to make (what I deem to be) the right choice from the start 😊
Jeg går lidt og drømmer om at bo i kollektiv. Eller bofællesskab. Navnet betyder ikke så meget, men folk har mange (forskellige) værdier knyttet til hvert af de ord og jeg ved derfor ikke altid hvad jeg skal vælge at bruge.
Jeg har haft drømmen nogle år, men det er ikke rigtig blevet til noget. Dels pga. det ikke passede ind i hvor jeg var i livet, dels fordi jeg oplever at det er svært at finde mit drømmekollektiv eller -bofællesskab – og derefter at komme igennem nåleøjet og komme ind. Især hvis man gerne vil bo i eksempelvis Aarhus 🙂
Men nu er det ikke helt min stil at give op, og derfor gør jeg nu forsøget med at søsætte et nyt projekt; et projekt om at skabe det hjem hvor jeg gerne selv vil bo – uanset om det så ender på -tiv eller -skab 😀
… er mange ting, men her er et par af dem 🙂 Jeg er også udmærket klar over at det er svært at få alt. Der er mange kompromiser der skal tages og måske et par kreative løsninger der skal udtænkes. Men altså… her mine drømme:
Som sagt; ovenstående er ikke en kravliste men er mere tænkt til at give et billede af hvad det er for et hjem, jeg drømmer om. Der kan være mange forskellige måder at løse de enkelte ønsker på, og selvfølgelig skal man også være indstillet på at indgå kompromiser når man starter noget fælles op.
I min jagt på det gode hus (og i overvejelserne om at købe eksisterende hus eller bygge nyt) er jeg faldet over kuppelhusene – og blevet lidt forelsket. Derfor vil jeg gerne pitche idéen om at bygge “selv” og at bygge kuppelhuse.
Jeg har haft lidt kig på Easy Domes som en mulighed – jeg synes de er super fede. Lavet i træ, med store vinduer og med højt til loftet – som selvfølgelig kan udnyttes på mange måder.
Easy Domes sælger kuppelhuse i forskellige størrelser. Jeg har leget lidt med at tegne et par kupler ind på en godt 1000m² grund (i Aarhus) for at se hvordan det ser ud:
Der er selvfølgelig mange ting at tage hensyn til – ikke mindst lokalplaner og regulativer – og kuplerne kan helt sikkert placeres bedre end min meget hurtige indsætning. Men tanken er
Dette giver et kollektiv-størrelse på 8 personer – måske lidt flere hvis der er børn. Måske lidt færre hvis vi vil prioritere gæsteværelse, et ekstra kontor, eller andet.
Der dukker straks en masse spørgsmål op – og mange af dem er der ikke endelige svar på. Det er det vi skal finde ud af sammen. Men jeg har gjort mig et par tanker (over de spørgsmål jeg tænker er klassiske) og svaret lidt løst nedenfor.
Klik på overskrifterne for at se mere.
Godt spørgsmål og tak fordi du spørger.
Jeg kunne godt tænke mig at etablere en kernegruppe på en 3-4 personer som brænder for dette projekt. Det kommer til at koste noget arbejde. Der skal blandt andet
… og derefter kommer alt det kulturmæssige arbejde der følger med når man flytter ind og starter nyt kollektiv.
Men hvis det ikke har skræmt dig væk, så send mig en ansøgning på firstname.lastname@example.orgTag mig med til et drømmeland… med en kort beskrivelse af dig selv, hvorfor du synes dette projekt er spændende, og hvad du gerne vil bidrage med. Måske også noget om en tidshorisont 🙂
Jeg tænker mange af mine værdier skinner igennem i det ovenstående, men her kommer alligevel en lidt mere formel introduktion af mig.
De obligatoriske kolde facts… 39 år, opvokset på en gård på Als, uddannet ingeniør fra DTU, arbejder med software, har boet 14 år i Kbh og omegn, og har boet i Aarhus siden 2018.
Meget af min fritid har været optaget af akroyoga de senere år; det er en fantastisk idrætsform med styrke, smidighed, koordination, og samarbejde. Akroyoga har givet mig meget socialt – både da jeg boede i København og i mine udlandsrejser – og er også en af grundene til at jeg har taget teten med at undervise hold og startet foreningen Akroyoga Aarhus – altså lige indtil Corona kom og satte det hele på pause.
En anden ting Corona har sat på pause er min elskede cykeltur til/fra arbejdet. Til gengæld har det forgangne år endelig fået sat skub i min morgenbevægelse; altså lidt yoga, håndstand, stræk, let styrke og en smule dans når jeg føler mig fri nok til det 🙂 Jeg håber det er noget jeg kan holde ved og er en af mine motivationspunkter for at få et godt træningsrum i mit næste hjem.
Når jeg ikke render rundt og løfter folk i vejret sætter jeg stor pris på et godt lejrbål, shelterture, MC-ture, foto, klaver og guitar, brætspil og en god øl i ny og næ. På min bogreol står et par bøger af Malcom Gladwell (Tipping Point og Outliers), Kahneman (Thinking – fast and slow), Rosenberg (Nonviolent communication), samt Covey (7 gode vaner). Skønlitterært holder jeg af Asimov (eks. The Complete Robot), Gaiman og Pratchet (eks. Good Omens) og Den lille prins.
Are you aware of where you position yourself (as a flyer) when you enter bird? Do you want to help your base give you a smooth entry? Check out this little tip 🙂
I recently decided to install Ubuntu Focal Fossa (currently in beta) and test it out. I use my computer(s) a lot – both home and professionally – and I enjoy getting new software installed. It is always exciting to discover new features (and bugs 😖 ) and see what’s been changed.
One of the new features in Focal Fossa is improved ZFS support; it is now possible to use it / enable it right from the installation of Ubuntu. Great ✋. I wanted to give it a go (looking forward to features such as built-in raid support and snapshots) but unfortunately it clashed a little bit with my wish to encrypt my home directory.
While this post is about home directory encryption in a setting of ZFS (and its built-in support of encryption), the general approach may also be of interest to you if you run ext4 and/or other disk encryption tools.
Why would you want to encrypt your home directory? Do you have something to hide? Why go through the troubles?
Well… there are a couple of reasons why I chose to do it1And I am sure there are more…:
The main challenge is two fold:
Ubuntu 20.04 did not provide an option to encrypt your home directory when using ZFS
Ubuntu did previously provide this option, but it used eCryptfs which was considered buggy, under-maintained, [and] not fit for main anymore and has thus been removed.
When enabling encryption manually (after installation) the decrypt action is performed before user login
The issue arises because ZFS is configured (on Ubuntu 20.04) to automatically mount all file systems on the system at boot time – including encrypted home directories. GDM has support for asking for passwords, and hence a prompt appears at boot time. This is great for system wide storage, but not so great for user directories.
PAM is a authentication system that allows programs that rely on authentication to be written independent of the underlying authentication scheme. I.e. if GDM need to authenticate me as a user, it (GDM) can be agnostic about whether my password is in a file on the hard drive or is validated against an AD on the network.
PAM is the Pluggable Authentication Module system in *nix world. If you don’t know it, don’t worry. Neither do I. It is a complex system and I have not had the time (or urge) to really dig in to it other than what I needed here:
We can use PAM to get a hold of the user password when logging in, and in turn use the password to unlock our home directory storage.
So… what we are going to do is:
This is the computer-nerdiest post I have written on this site up until now, so if you have not heard of ZFS before, nor are you considering encrypting your home directory, then I am surprised that you got this far in the text 😀
If you continue on this journey with me, then I will assume that you
Here Be Monsters. Messing around your filesystem may lead to data loss. Do back up your data. Proceed at own risk.
It is not possible to encrypt an existing dataset (filesystem) in ZFS once it has been created. Instead one has to make a little (fairly straight-forward) dance to create a new dataset (encrypted right from the beginning) and then move the data.
The command snippets below are examples from my own system; remember that you need to adapt the paths as you go.
sudo zfs set mountpoint=/home/jvc_nonenc rpool/USERDATA/jvc_tdssc
rpool/USERDATA/jvc_tdsscis the existing un-encrypted dataset for my home directory, created by the Ubuntu installation.
VAL=$(zfs get com.ubuntu.zsys:bootfs-datasets rpool/USERDATA/jvc_tdssc -H -ovalue)
sudo zfs set com.ubuntu.zsys:bootfs-datasets=$VAL rpool/USERDATA/jvc_enc
sudo zfs create -o encryption=aes-256-gcm -o keyformat=passphrase -o keylocation=prompt rpool/USERDATA/jvc_enc -o mountpoint=/home/jvc
sudo chown jvc:jvc /home/jvc
sudo -u jvc rsync -ar /home/jvc_noenc/ /home/jvc/
I did the dance and rebooted my computer, and got (as expected) this:
So yes, my home directory was encrypted. Great. But as expected, I now have to enter my password twice: Once during boot for unlocking the storage, and then once more for logging in to the system. This is an issue for me in two ways:
Fair enough… most of the time I don’t shut down my computer but only suspends it (like everyone else)… but still…
I will just show the script I use here. Assuming that you know how to read Bash, the content is fairly clear (and comments are provided in the code). The properties
dk.talldanestale.automount:user will be explained in step 4.
Save the script to
/sbin/mount-zfs-homedir and remember to set the executable bit:
#!/bin/bash set -eu # Password is given to us via stdin, save it in a variable for later PASS=$(cat -) # List all zfs volumes, listing the *local* value of the property canmount. zfs get canmount -s local -H -o name,value | while read volname canmount; do # Filter on canmount == 'noauto'. Filesystems marked 'noauto' can be mounted, # but is not done so automatically during boot. [[ $canmount = 'noauto' ]] || continue # Filter on user property dk.talldanestale.automount:user. It should match # the user that we are logging in as ($PAM_USER) user=$(zfs get dk.talldanestale.automount:user -s local -H -o value $volname) [[ $user = $PAM_USER ]] || continue # Unlock and mount the volume zfs load-key "$volname" <<< "$PASS" || continue zfs mount "$volname" || true # ignore erros done
Debug tip: You can change
set -eu to
set -eux to make Bash print out all commands as it is executing the script. In order to see the output, you also need to enable debug output in PAM. See next step.
Note: The use of here-string (the
<<< operator) instead of
echo "$PASS" | ... prevents your password from being written to the log.
The approach is to use the PAM module
pam_exec.so to pass on the user password to an unlock-script.
The PAM configuration is a set of files residing in
/etc/pam.d/. Some files are service specific3i.e. named after the service it is relevant to while others are shared (included) by the other files. On my Ubuntu system there is a file named
/etc/pam.d/common-auth that is included from other services that enable users to login4console login, gdm, ssh etc.. This is the place to add the
auth optional pam_exec.so expose_authtok /sbin/mount-zfs-homedir
This line can be read as:
That is it for PAM configuration.
Debug tip: If you need to debug things, then adding
debug log=/tmp/file.log will help you. Example:
auth optional pam_exec.so expose_authtok debug log=/tmp/file.log /sbin/mount-zfs-homedir
The unlock script used two properties, which we will explain and configure here:
The first (substantial) line of the script lists datasets in the zfs pool along with the
canmount property. We filter on values
noauto value indicates to the system that it should not be auto-mounted during boot (which is the trigger for the password prompt at boot).
In other words: We need to mark our home directory not to be auto-mounted at boot:
sudo zfs set canmount=noauto rpool/USERDATA/jvc_enc
Next, the script is filtering on a custom property
dk.talldanestale.automount:user which I use to indicate to which user this dataset (filesystem) belongs. I do not want to attempt to mount my girlfriend’s home directory using my password.
The property is one I created. The ZFS states that user properties must contain a ‘:’, but otherwise is free to choose. I like the concept of prepending (semi) global properties with organization identifier. Hence the
To set the property, execute:
sudo zfs set dk.talldanestale.automount:user=jvc rpool/USERDATA/jvc_enc
That’s it. I hope it helps you on your journey.
One of the really nice features of ZFS is the snapshot feature. It enables you to, well, take a snapshot on the fly of the filesystem for later use. Later use could be…
On Ubuntu there is a hook set up in the apt/dpkg configuration that (via zsys) creates a snapshot of the machine just before installing packages. Unfortunately something broke when I created my new home directory and now I would get the error
Couldn't find any association for the user dataset ....
Not knowing anything about zsys or how this was set up on Ubuntu I went spelunking and found the property
com.ubuntu.zsys:bootfs-datasets that was set on my old home dataset but (of course) not on my new. So… copying this property fixed the issue:
VAL=$(zfs get com.ubuntu.zsys:bootfs-datasets rpool/USERDATA/jvc_tdssc -H -ovalue) sudo zfs set com.ubuntu.zsys:bootfs-datasets=$VAL rpool/USERDATA/jvc_enc
All done. Hope it helped you as well 🙂
It turns out that this step (setting
com.ubuntu.zsys:bootfs-datasets) is not needed only for snapshotting your new home directory, but also to prevent
zsys from deleting it – as happened to Mikhail in the comments below.
It turns out that:
zsysconsiders the namespace
USERDATAto be theirs.
USERDATAbut does not have the property
zsysconsiders it eligible for deletion!
Mikhail filed a bug report to the zsys project. My stance is that it (
zsys) should never delete a filesystem unless they are absolute sure that they created it and it is no longer needed. For instance, they could tag a dataset with a zsys-named property (not just namespace USERDATA) and only manage / delete those datasets. Deleting a filesystem on the basis of a missing property is (imho) a bug.
In other words:
I was planning a small hiking trip with my girlfriend and a couple of friends when I got a little bit frustrated with the availability of map data for Danish hiking routes and sleeping facilities. Yes! We have great resources, but they all (two I will mention here) have some limitations.
Ud-i-naturen is a great overview of *everything* you could need going out into nature. The trouble is: It is a webpage and as such is not a great user experience on a small touch screen (phone) when you are hiking.
The Shelter App fixes that by being a native app, but it has another problem: It is only showing sleeping facilities and thus you need to correlate the map in the app with either another hiking map app, or a paper map.
Well, I have been enjoying Skåneleden for some years while living in Copenhagen. At that time, it was possible to download a KML file with all the tracks and shelters. This, I could import in my Locus Map app and vupti, I would have everything I needed in one view, offline (including map tiles).
Today, Skåneleden has changed strategy a bit. Instead of downloading all of the data, they created an online hiking trip planner – including planning of public transportation out and home. Impressive. You select the tracks you plan to hike, can see distances of each track, filter on difficult level and more. And in the end, you download it as a gpsx file to whatever device you like.
I still prefer the “raw” kml file (or gpsx or ???); anything better than a heavy and clumsy webpage. Yes I know… Smartphones are getting more… powerful (not smart) and internet is more ubiquitous, but still… when hiking, I like the idea of being offline – if nothing else, just to save battery life 😉
So, as I said… I was planning my hiking trip and got frustrated with the situation. I stumbled upon Book-en-shelter where you can get a map of hiking routes on Southern Fyn along with mapping of shelters (across all of Fyn) – but again… no download.
The itchy part for we was… the data is there. You can show/hide tracks and click on shelter locations.
So I took a look at the source and extracted the data into two gpx-files. One for the tracks, and one for the shelters. So… if you like me, like to carry your tracks offline, here is to you:
Note: The data was extracted April 2020. They are not updated here on this site. Please check Book-en-shelter for latest info.
Ps.: If you would like more detailed descriptions of the routes, you can find it on VisitFyn.
I was browsing through Pete Egoscue’s book Pain Free before lending it out to a friend. I feel upon his non-disclaimer and it just resonated with me (again) that I had to share it 🙂
As he writes:
Health care starts with personal responsibility. Any disclaimer that suggests otherwise does a great disservice.Pete Egoscue – Pain Free
As a small bonus, here is his Eight Laws of Physical Health:
This is still very much work-in-progress. One could even say that this is still above my level and she’s doing all the work. But still… I am happy that I got the chance to try this 🙂 🙂 🙂
Also… for inspiration… note the couple in the ropes in the background 🙂
Memories from Budapest in September. This video got a little bit more artistic in the cutting and I decided to leave in a couple of fails. You know… just for fun.
Thank you, as always, Anita for playing with me. Hope to see you again soon. ❤️️
And thank you Geri for helping record this, and to Anna for the creational work 🙂
A friend of mine is living in Rotterdam with her old high school friend. One really feel that they enjoy living together, and then – in the shower – one finds this little note block:
I liked the idea and the thought process – and before I knew it, I found I had filled a page as well:
Can’t believe that it has been more than a year since I got to film my last washing machine (The Morning Routine) but now, again thanks to Anita, here it is… Sticks ‘n’ Sushi. Hope you like it 🙂