Posts on Learning Journey of Alexander Allgäuerhttps://bitlex.li/posts/Recent content in Posts on Learning Journey of Alexander AllgäuerHugo -- gohugo.ioen-usTue, 14 Apr 2026 00:00:00 +0000Full Disk Encryption (FDE).mdhttps://bitlex.li/posts/full-disk-encryption-fde/Tue, 14 Apr 2026 00:00:00 +0000https://bitlex.li/posts/full-disk-encryption-fde/<h3 id="insightful-articles-about-tpm">Insightful articles about TPM</h3> <p><a href="https://gist.github.com/osy/45e612345376a65c56d0678834535166?permalink_comment_id=4685731">https://gist.github.com/osy/45e612345376a65c56d0678834535166?permalink_comment_id=4685731</a>\</p> <p>From the founder of Systemd <a href="https://0pointer.net/blog/authenticated-boot-and-disk-encryption-on-linux.html">https://0pointer.net/blog/authenticated-boot-and-disk-encryption-on-linux.html</a>\</p> <p>Microsoft recommendations <a href="https://learn.microsoft.com/en-us/windows/security/operating-system-security/data-protection/bitlocker/countermeasures">https://learn.microsoft.com/en-us/windows/security/operating-system-security/data-protection/bitlocker/countermeasures</a></p>Insightful articles about TPM

https://gist.github.com/osy/45e612345376a65c56d0678834535166?permalink_comment_id=4685731\

From the founder of Systemd https://0pointer.net/blog/authenticated-boot-and-disk-encryption-on-linux.html\

Microsoft recommendations https://learn.microsoft.com/en-us/windows/security/operating-system-security/data-protection/bitlocker/countermeasures

]]>k9shttps://bitlex.li/posts/k9s/Tue, 14 Apr 2026 00:00:00 +0000https://bitlex.li/posts/k9s/<p>I never quite understood how developers come up with product names. k8s is Kubernetes, k0s is a quick and easy Kubernetes, k3s is a minimal Kubernetes , minikube is yet another mini Kubernetes.</p> <p>Anyway, k9s is phenomenal&hellip;</p> <p>Saves time while navigating the cluster.</p> <p><a href="https://k9scli.io/">https://k9scli.io/</a></p>I never quite understood how developers come up with product names. k8s is Kubernetes, k0s is a quick and easy Kubernetes, k3s is a minimal Kubernetes , minikube is yet another mini Kubernetes.

Anyway, k9s is phenomenal…

Saves time while navigating the cluster.

https://k9scli.io/

]]>Readeckhttps://bitlex.li/posts/readeck/Tue, 14 Apr 2026 00:00:00 +0000https://bitlex.li/posts/readeck/<p>The bookmark app i liked the most so far. <a href="https://readeck.org/en/">https://readeck.org/en/</a></p> <p>Is available as Docker Image <a href="https://readeck.org/en/docs/#with-docker-or-podman">https://readeck.org/en/docs/#with-docker-or-podman</a></p> <p>Browser Extension:</p> <p><a href="https://codeberg.org/readeck/browser-extension">https://codeberg.org/readeck/browser-extension</a> I would recommend to not install the prebuild extension and read the code and build it yourself.</p>The bookmark app i liked the most so far. https://readeck.org/en/

Is available as Docker Image https://readeck.org/en/docs/#with-docker-or-podman

Browser Extension:

https://codeberg.org/readeck/browser-extension I would recommend to not install the prebuild extension and read the code and build it yourself.

]]>systemd-udevd.servicehttps://bitlex.li/posts/-systemd-udevd.service/Tue, 14 Apr 2026 00:00:00 +0000https://bitlex.li/posts/-systemd-udevd.service/<p>Udev is part of systemd.</p> <p>It manages the directory /dev</p> <h1 id="default-system-rules-for-udev">Default system rules for udev</h1> <p>udev rules shipped from packages are in /usr/lib/udev/rules.d/</p> <p>here we can see what happens what happens when a attached device says it&rsquo;s a mouse. cat 70-mouse.rules <br> do not edit this file, it will be overwritten on update</p> <p>ACTION==&ldquo;remove&rdquo;, GOTO=&ldquo;mouse_end&rdquo; KERNEL!=&ldquo;event*&rdquo;, GOTO=&ldquo;mouse_end&rdquo; ENV{ID_INPUT_MOUSE}==&quot;&quot;, GOTO=&ldquo;mouse_end&rdquo;</p> <p>#mouse:<subsystem>:v<vid>p<pid>:name:<name>:* KERNELS==&ldquo;input*&rdquo;, ENV{ID_BUS}==&ldquo;usb&rdquo;, <br> IMPORT{builtin}=&ldquo;hwdb &lsquo;mouse:$env{ID_BUS}:v$attr{id/vendor}p$attr{id/product}:name:$attr{name}:&rsquo;&rdquo;, <br> GOTO=&ldquo;mouse_end&rdquo; KERNELS==&ldquo;input*&rdquo;, ENV{ID_BUS}==&ldquo;bluetooth&rdquo;, <br> IMPORT{builtin}=&ldquo;hwdb &lsquo;mouse:$env{ID_BUS}:v$attr{id/vendor}p$attr{id/product}:name:$attr{name}:&rsquo;&rdquo;, <br> GOTO=&ldquo;mouse_end&rdquo; DRIVERS==&ldquo;psmouse&rdquo;, SUBSYSTEMS==&ldquo;serio&rdquo;, <br> IMPORT{builtin}=&ldquo;hwdb &lsquo;mouse:ps2::name:$attr{device/name}:&rsquo;&rdquo;, <br> GOTO=&ldquo;mouse_end&rdquo;</p>Udev is part of systemd.

It manages the directory /dev

Default system rules for udev

udev rules shipped from packages are in /usr/lib/udev/rules.d/

here we can see what happens what happens when a attached device says it’s a mouse. cat 70-mouse.rules
do not edit this file, it will be overwritten on update

ACTION==“remove”, GOTO=“mouse_end” KERNEL!=“event*”, GOTO=“mouse_end” ENV{ID_INPUT_MOUSE}=="", GOTO=“mouse_end”

#mouse::vp:name::* KERNELS==“input*”, ENV{ID_BUS}==“usb”,
IMPORT{builtin}=“hwdb ‘mouse:$env{ID_BUS}:v$attr{id/vendor}p$attr{id/product}:name:$attr{name}:’”,
GOTO=“mouse_end” KERNELS==“input*”, ENV{ID_BUS}==“bluetooth”,
IMPORT{builtin}=“hwdb ‘mouse:$env{ID_BUS}:v$attr{id/vendor}p$attr{id/product}:name:$attr{name}:’”,
GOTO=“mouse_end” DRIVERS==“psmouse”, SUBSYSTEMS==“serio”,
IMPORT{builtin}=“hwdb ‘mouse:ps2::name:$attr{device/name}:’”,
GOTO=“mouse_end”

LABEL=“mouse_end”

User managed rules

Your own rules can be put in /etc/udev/rules.d/

https://www.linux-community.de/ausgaben/linuxuser/2019/05/unsichtbarer-helfer/3/

]]>certbothttps://bitlex.li/posts/certbot/Mon, 13 Apr 2026 00:00:00 +0000https://bitlex.li/posts/certbot/<p>Certbot is a free, open-source cli tool that automates obtaining and renewing SSL/TLS Certificates from let&rsquo;s encrypt. Domain Ownership verification via DNS-01 challenges let you fetch wildcard certificates. The API of cloudflare is compatible with DNS-01 challenges, this allows wildcard certs and getting certificates for non public facing internal webservices.</p><p>Certbot is a free, open-source cli tool that automates obtaining and renewing SSL/TLS Certificates from let&rsquo;s encrypt. Domain Ownership verification via DNS-01 challenges let you fetch wildcard certificates. The API of cloudflare is compatible with DNS-01 challenges, this allows wildcard certs and getting certificates for non public facing internal webservices.</p> Filesystem Comparison, ext4, btrfs, xfshttps://bitlex.li/posts/ext4-xfs-btrfs/Mon, 13 Apr 2026 00:00:00 +0000https://bitlex.li/posts/ext4-xfs-btrfs/<p>A good comparison between the ext4, btrfs and xfs.</p> <p><a href="https://www.linuxteck.com/linux-file-system-comparison-ext4-xfs-btrfs/">https://www.linuxteck.com/linux-file-system-comparison-ext4-xfs-btrfs/</a></p>A good comparison between the ext4, btrfs and xfs.

https://www.linuxteck.com/linux-file-system-comparison-ext4-xfs-btrfs/

]]>k0shttps://bitlex.li/posts/kubernetes/Mon, 13 Apr 2026 00:00:00 +0000https://bitlex.li/posts/kubernetes/<h2 id="k0s">k0s</h2> <p>K0s is my favourite method to quick and easy spin up a new cluster.</p> <p><a href="https://docs.k0sproject.io/stable/install/">https://docs.k0sproject.io/stable/install/</a></p> <p>I usually export the admin kubeconfig to give access to the cluster for k9s, helm etc \</p> <p>mkdir -p ~/.kube <br> k0s kubeconfig admin &gt; <del>/.kube/config <br> export KUBECONFIG=</del>/.kube/config</p>k0s

K0s is my favourite method to quick and easy spin up a new cluster.

https://docs.k0sproject.io/stable/install/

I usually export the admin kubeconfig to give access to the cluster for k9s, helm etc \

mkdir -p ~/.kube
k0s kubeconfig admin > /.kube/config
export KUBECONFIG=/.kube/config

]]>KeePassXChttps://bitlex.li/posts/keepassxc/Mon, 13 Apr 2026 00:00:00 +0000https://bitlex.li/posts/keepassxc/<p>KeePassXC is essentially KeePass with a modern UI, rebuilt from scratch to run natively on Windows, macOS, and Linux. Instead of relying on plugins like KeePass does, it ships with the most important features already built in, including:</p> <ul> <li>YubiKey support (see <a href="https://bitlex.li/tutorials/yubikey-hmac-sha1-challenge-response/">Yubikey HMAC-SHA1 Challenge-Response</a>)</li> <li>Browser integration (Chrome, Firefox, Edge, and more)</li> <li>TOTP/2FA code generation</li> <li>SSH agent support</li> <li>Have I Been Pwned breach checking</li> <li>Passkey support</li> </ul> <h2 id="links">Links</h2> <ul> <li>Source: <a href="https://github.com/keepassxreboot/keepassxc">https://github.com/keepassxreboot/keepassxc</a></li> </ul>KeePassXC is essentially KeePass with a modern UI, rebuilt from scratch to run natively on Windows, macOS, and Linux. Instead of relying on plugins like KeePass does, it ships with the most important features already built in, including:

  • YubiKey support (see Yubikey HMAC-SHA1 Challenge-Response)
  • Browser integration (Chrome, Firefox, Edge, and more)
  • TOTP/2FA code generation
  • SSH agent support
  • Have I Been Pwned breach checking
  • Passkey support
]]>YubiKey: Introductionhttps://bitlex.li/posts/yubikey/Mon, 13 Apr 2026 00:00:00 +0000https://bitlex.li/posts/yubikey/<p><strong>YubiKey</strong> is a hardware security key manufactured by <strong>Yubico</strong>.</p> <p>YubiKeys support a wide range of authentication standards, including:</p> <ul> <li>FIDO2 / WebAuthn</li> <li>FIDO U2F</li> <li>Smart card (PIV)</li> <li>OpenPGP</li> <li>OATH-TOTP / HOTP</li> <li>Yubico OTP</li> </ul> <h2 id="rule-1-always-buy-two">Rule #1: Always buy two</h2> <p>When ordering a YubiKey, always put <strong>two</strong> of them in the shopping cart. Saving a few bucks on a backup key can leave you with a single point of catastrophic failure. They come with a hole that lets you attach one to your keychain while the other stays in another safe, trusted location.</p>YubiKey is a hardware security key manufactured by Yubico.

YubiKeys support a wide range of authentication standards, including:

  • FIDO2 / WebAuthn
  • FIDO U2F
  • Smart card (PIV)
  • OpenPGP
  • OATH-TOTP / HOTP
  • Yubico OTP

Rule #1: Always buy two

When ordering a YubiKey, always put two of them in the shopping cart. Saving a few bucks on a backup key can leave you with a single point of catastrophic failure. They come with a hole that lets you attach one to your keychain while the other stays in another safe, trusted location.

The moment you set up Key 1 on any service, register Key 2 at the same time.

]]>