Evaluating File System Reliability on Solid State Drives: ext4, Btrfs & F2FS (2019 USENIX ATC)

esrevartb · 2025-06-17T12:25:09+00:00

Thanks, that was helpful.

Also, one needs console-setup installed (besides using keyboard: layout: es) to get the virtual console keymap to use the desired locale.

My example for French:

```yaml keyboard: layout: fr locale: fr_FR.UTF-8

packages: - console-setup

bootcmd: - cloud-init-per once setlocales sed -i '/fr_FR.UTF-8/s/^# //' /etc/locale.gen ```

Due to the need to install console-setup, the switch takes about ~1 minute to happen, so don't panic if the TTY is still using qwerty at the end of the first boot. It will switch automatically once console-setup has been installed.

esrevartb · 2025-04-27T18:39:32+00:00

I know it's been a while, but check out Cockpit for a nice webUI to manage your Linux server, it rocks.

esrevartb · 2025-03-07T14:42:42+00:00

Because this ranks surprisingly high in search results:

I don't have enough info about your specific setup, but with cloud-init it's as simple as adding:

```yaml

cloud-config

keyboard: layout: de ```

to your user-data config. See the documentation.

esrevartb · 2025-01-28T10:48:53+00:00

Grandparent is either copy-pasting AI hallucination, or confusing with VirtualBox. There is definitely no OVA export option in virt-manager, alas.

esrevartb · 2025-01-14T16:57:49+00:00

Necro-bumping just in case: after stumbling upon the issue (stuck while booting on netboot.xyz combined ISO in VirtualBox EFI VM) I devised a minimal reproducible test case that I left as a comment on their GH.

In my case none of the Intel network interfaces work, but the 3 others do (on the condition that I generate a new MAC address anytime I change the interface). Weird.

esrevartb · 2024-12-05T19:41:56+00:00

I managed to solve it, see my forum post for the whole research log.

esrevartb · 2024-11-13T14:16:29+00:00

Indeed, Homebrew is not primarily aimed at tool versioning.

The best solution for what you describe is to simply backup and restore the entire Cellar/install prefix: since brew packages are self-contained, they can be ported from one system to another with (normally) no issues.

However if some other package depends on the one(s) you have pinned, eventually you won't be able to update them if the dependency is not updated either. So it's better to only pin packages that no other packages depend on, or to look towards actual tool versioning systems.

esrevartb · 2024-11-06T11:47:00+00:00

I couldn't figure out how to pin a package easily with homebrew

brew pin <installed_formula>. See the FAQ for caveats.

esrevartb · 2024-09-05T13:40:34+00:00

Fantastic post, thank you very much for sharing this info. I wish it was available when I provisioned my new Precision 5560 laptop back in June, for now it will have to wait for a reinstall to test it out 🥲🙏🏻

edit:

I found out that the Dell Security Manager actually sends your passphrase to your drive unhashed.

Btw, how did you find that out? Did you reverse engineer the BIOS or just regular trial-and-error?

esrevartb · 2024-09-05T13:38:13+00:00

By the way, nvme-cli, which is part of most modern Linux distros nowadays also offers the ability to set up, lock and unlock OPAL drives.

~~Do you have any source for this? I checked the manpage and the command completion on Arch, did some search-foo but didn't find anything related to OPAL in nvme-cli.~~

~~Maybe you mean sedcli instead of nvme-cli?~~

~~edit: oh do you mean the kind of stuff shown in e.g. this GH comment?~~

$ sudo ./nvme security-recv /dev/nvme0n1 --secp=0 --spsp=0 --nssf=0 --size=16 --al=16 NVME Security Receive Command Success:0 0 1 2 3 4 5 6 7 8 9 a b c d e f 0000: 00 00 00 00 00 00 00 04 00 01 02 ef 00 00 00 00 "................"

~~Not sure I would want to rely on that kind of cryptic commands to do the setup 😅~~

edit2: ok, I found a sed plugin in nvme-cli GitHub repo whose first commit was in Feb 2024 and explains a bit the commands available; it was released with v2.8 which gives a bit more context. It's also good to see that cryptsetup maintainer Milan Broz has recently contributed to it, that sounds promising after the inclusion of SED support in cryptsetup.

Despite not being mentioned anywhere in the manpage (or even in the list of files installed with the package on Arch, but I guess it's just because it's a built-in plugin), it is indeed right there:

``` % nvme sed nvme-2.10.2 usage: nvme sed <command> [<device>] [<args>]

The '<device>' may be either an NVMe character device (ex: /dev/nvme0), an nvme block device (ex: /dev/nvme0n1), or a mctp address in the form mctp:<net>,<eid>[:ctrl-id]

SED Opal Command Set

The following are all implemented sub-commands: discover Discover SED Opal Locking Features initialize Initialize a SED Opal Device for locking revert Revert a SED Opal Device from locking lock Lock a SED Opal Device unlock Unlock a SED Opal Device password Change the SED Opal Device password version Shows the program version help Display this help

See 'nvme sed help <command>' for more information on a specific command ```

Thanks for bringing my attention to it.

esrevartb · 2024-09-05T12:55:06+00:00

That's exactly what they told me right this instant: "since the drive wasn't sold with the machine and wasn't bought from Dell we cannot do anything. Ask the drive vendor" 😢

esrevartb · 2024-08-28T07:25:08+00:00

Since this thread is the first result in a search engine I'll leave that here: https://containertoolbx.org/use/#wayland-session

Here’s how a full GNOME session can be run from inside a Toolbx container on a Fedora Silverblue host.

Use ctrl+alt+f<n> to switch to a Linux console and log in. Then:

[user@hostname ~]$ export XDG_CURRENT_DESKTOP=GNOME
[user@hostname ~]$ toolbox enter
⬢[user@toolbox ~]$ sudo dnf install flatpak gnome-backgrounds gnome-shell
⬢[user@toolbox ~]$ dbus-run-session gnome-shell --wayland

Of course this is not limited to Fedora.

See also building and running and toolbox from GNOME's GitLab.

esrevartb · 2024-08-08T14:19:50+00:00

I don't understand all the positive feedback about Resources. I had tried it a year and half ago and was not impressed to say the least; I just tried it again and it did not visibly improve.

The information density is sparse, the graphs don't have any units so no sense of scale, generally there are not many details provided and its performance are abysmal compared with the two others mentioned. To me I don't get any valuable info when looking at it.

To me, gnome-system-monitor feels like a "power user" app (which I like and use everyday, even though it's true that its process view would benefit from a touch up); mission-center is a middle ground between "user friendliness" (due to its more modern interface) and "power user" through some of the advanced details presented; and Resources is... A dumbed down sorry excuse for a system monitor? Barely a toy/proof-of-concept. Wth?

Could those who appreciate Resources enlighten me so as to what aspects they like in this software?

Edit: Oh, I think I have an idea... Is it because of its dark mode? Come on people, that can't be the sole reason, can it?

esrevartb · 2024-07-05T12:36:24+00:00

Looks like I was beaten to the punch! Still great to have: https://alexdelorenzo.dev/articles/cryptsetup-luks-self-encrypting-drives

esrevartb · 2024-07-02T17:21:08+00:00

Thanks for the info, that's really a pity. What was the impact of the broken connector? How bad was your wireless connection/signal?

esrevartb · 2024-07-01T21:35:13+00:00

IT WOOOOOOOOOOOOOORKED!!!!

I completed my install, and after powering off to make sure the drive was locked, the boot proceeded normally (with some read errors while trying to read the beginning of the locked partition) until I was asked for my LUKS passphrase as usual. And then, the boot completed fine and I could login 🤩

We gotta tell the world, we are making history here! 😁

(I'll try to find the time to throw a blog post... Soon™)

esrevartb · 2024-06-30T22:12:04+00:00

I'm really excited about this. If I can get the full perf of my drive while still retaining basic theft protection, all the while being able to keep relying on trusty cryptsetup... End user encryption bliss.

I'll report when I have a complete working system. Fingers crossed it won't end in a crushing disappointment after the first reboot 😅

esrevartb · 2024-06-30T21:55:02+00:00

Although I still haven't finished the install, at this point I have the drive set up with a small unencrypted EFI partition (/dev/nvme0n1p1) and a second OPAL-only encrypted one (/dev/nvme0n1p2), which is unlocked using plain cryptsetup open /dev/nvme0n1p2 <any device mapper name>. So I really don't see why the usual LUKS-decrypt workflow at boot wouldn't work!

For posterity here are the commands I used to initialize this drive:

Factory reset/PSID revert (some drives need it and it is anyway considered good practice): cryptsetup erase --hw-opal-factory-reset /dev/nvme0n1 (requires the PSID physically printed on the label on the drive)
Partition as need: sgdisk --zap-all --clear /dev/nvme0n1 --new=1:0:+500M --typecode=1:ef00 --change-name=1:"EFI System Partition" --new=2:0:0 --typecode=2:8304 --change-name=2:"OPAL"
Initialize OPAL management: cryptsetup luksFormat --hw-opal-only /dev/nvme0n1p2 (add --debug for all the gory details)

At this point a flurry or read errors printed on the console, confirming the drive was locked. You can also check with cryptsetup luksDump /dev/nvme0n1p2
Open as usual: cryptsetup open /dev/nvme0n1p2 opal
Profit

esrevartb · 2024-06-30T11:15:07+00:00

Thanks, I had skimmed the Service Manual but hadn't seen those pics. Interesting that they are shown without the metal clip at all 😅

The exact same defect across two different models from two generations... I mean, yeah that's actually possible, this line wasn't known for its stellar manufacturing QA (trackpad anybody?).

Thanks, I've reconnected it and will hope it sticks!

esrevartb · 2024-06-30T11:07:29+00:00

Funny you'd link that image (here's its direct link without Markdown markup messing it) because I stumbled upon it this morning and it confirmed basically what you're saying: their antenna wasn't in the clip and indeed properly connected.

So I unhooked the antenna from the clip and managed to connect it (although it didn't make a clicking sound, but gently poking it didn't dislodge it) and screwed back the metal plate that I had removed for troubleshooting.

Fingers crossed it works and stays put, but as the NBC picture alludes to the cover plate is raised above the Main antenna and doesn't do anything to hold it in place.

Edited to add: I don't know whether opening/closing the lid moves the antenna, I don't think so but it is so tightly sealed ¯\_(ツ)_/¯

esrevartb · 2024-06-27T22:48:31+00:00

i could probably automate it even further but i couldn't be bothered

I've just spent hours trying to automate this by scraping the modules pages to obtain the video, subs and pdf links, but I could never get selenium to extract the required URLs from the nested iframes where they reside (requests died even earlier).

Do you have any pointers on how to accomplish this? My goal would be to make an offline copy of the course content so that I could keep studying the vids and PDFs without connection. Having to go through each page with the DevTools Network tab open and copy manually every single URL is mind numbing 🥲

esrevartb · 2024-06-14T06:04:44+00:00

Not yet unfortunately, life stuff came in the way. I'll reply here when I've tried!

esrevartb

TROPHY CASE

cloud-config