Früher war eben doch nicht alles besser.

Ich habe dem staunenden Nachwuchs heute ein technisches Wunderwerk aus der Steinzeit der Unterhaltungselektronik vorgeführt: Den Plattenspieler. Dem Nachwuchs 1.0 zunächst unter Zuhilfenahme von Revolutions, und dem Nachwuchs 2.0 dann mit einer nicht näher datierten Sprachschallplatte vom Räuber Hotzenplotz aus den 1970ern. Bei der Gelegenheit hat sich der Nachwuchs 1.0 schrecklich fremdgeschämt in Anbetracht der Tatsache, daß ich stolzer Besiter einer Sprachschallplatte mit der Biene Maja bin.

Naja. Was ich sagen will: Wenn ihr glaubt, daß es eine Zumutung ist, daß eure Brut sich an iPod und Laptop vergreift, denkt mal an früher zurück, als ihr, kurz nach Erwerb der Fähigkeit zum aufrechten Gang, Schallplatten auf Papis Stereoanlage abgespielt habt. Wie sehr müssen sich technophile Väter damals erst gequält haben?

Everything connected, everywhere

The world has become so small. All information, no matter from which part of the world, is available at the touch of no more than a few buttons.

That is, until you’re stuck in a traffic jam in Germany and want to listen to a speech by the new president of the United States, not overdubbed with a German translation. Try to find that on the radio.

Fortunately, I was able to pick it up on AFN at 873 kHz, tuning in to AM radio for what must have been the first time in my life. It’s great to see this kind of low-tech still at work and being so useful.

“Only the Queen listens to AM, and she doesn’t have a BMW M5!” (Youtube)

Managing encrypted logical volumes

Worked on this with G. the other day.

Create the underlying logical volume:
lvcreate -n datalv_crypted -L 1G vg00

Initialize a LUKS crypto device on the logical volume:
cryptsetup luksFormat /dev/vg00/datalv_crypted

If you have lost your mind and want to keep the passphrase in a file (which is what G.’s weirdo client had asked for):
dd if=/dev/urandom of=/etc/i_am_dumb count=256
cryptsetup luksFormat /dev/vg00/datalv_crypted /etc/i_am_dumb

Bring up the crypto device from the encrypted logical volume:
cryptsetup luksOpen /dev/vg00/datalv_crypted data # optionally -d /etc/i_am_dumb

Create a file system on the crypto device, /dev/mapper/data, which has now sprung to life:
mkfs.ext3 /dev/mapper/data

Enter the crypto device in /etc/fstab:
/dev/mapper/data /data ext3 defaults 0 0

Don’t forget to create the mount point:
mkdir /data

Enter the encrypted logical volume in /etc/crypttab. Substitute “none” with /etc/i_am_dumb if you are keeping the passphrase on the system.
data /dev/vg00/datalv_crypted none luks

Reboot. You will be prompted for the passphrase on bootup, unless you’re keeping it in a file. The new file system will be mounted on /data.

The usual process for resizing file systems now has to be extended by an additional step:

lvresize -L +1G /dev/vg00/datalv_crypted
cryptsetup resize /dev/mapper/data
resize2fs /dev/mapper/data

That’s all there is to it. In another installment, I will hopefully write about encrypted physical volumes, allowing live migration of an entire volume group to encrypted storage during full operation.

With the technical details out of the way, some additional words about keeping the passphrase on-disk:

If you work for someone who wants this, he’s not neccessarily an idiot, but maybe just a bit naive. It is your duty as the expert to explain why keeping the passphrase in-band with the encrypted data is nothing more than just a waste of CPU cycles. Seriously. This, G., means you.

Gib dem Affen Zucker!

“Al-Qaida”-Drohung gegen Deutschland. Jawoll! In 8 Monaten ist Bundestagswahl.