The Hermit Project - Update
I tried being a hermit in the Alps this week as a test for a period of seclusion. Ok, not a real hermit, but I’ve stayed in a small village, and reduced my human interactions to the bare minimum. I am still a city girl; perhaps a cabin alone in the mountains is too much. But compared to being in London, a small apartment in a small village at 1000mt feels like being a hermit.
Needless to say, I reduced my on-line presence to the bare minimum and I’ve used my Hermit Project partition. That made me face the emptiness I described in the post The Big Depression. Having almost zero interactions with the outside world wasn’t challenging, but facing my own issues and being away from someone I care about was very difficult.
I’ve made some additions to the Hermit Project, and I wanted to update you after a few months.
Perhaps my most significant update is using my YubiKey for ZFS encryption. I haven’t used it in the traditional way, like an HSM, with its library or through challenge-response as you might have expected. I’m using YubiKey’s capability of storing two random strings (or passwords) using its button with a short or long touch. I’ll probably write a separate post about why I am using passwords instead of key files for my servers, Long story short, I discovered that the length of those passwords in bytes is similar to a recommended ZFS key file. So, in theory, such a password might offer similar protection, although the key file, being binary, is capable of a broader set of random data compared to a limited set of what ASCII can offer. The ZFS passphrase is a concatenation of a password with one set of random strings stored in the YubiKey. I’m not a crypto expert, and many experts would say, “Hey, you shouldn’t do that; it’s not secure”. That is true, using the Yubi as HSM would be far more secure. I’m using generated strings rather than attempting to use the YubiKey as an HSM or challenge-response because I can share the generated string with someone I trust in case my YubiKey is lost or stolen. In this way, I can still access my laptop data while on the road until I can replace the YubiKey.
The other addition to the Hermit Project is Wireguard. I have my own VPN server, separated from the VPN server to access my internal systems, which I use on my mobile device to provide secure outbound Internet access when I join public wireless hotspots, such as cafes. Hotels and rented apartments have Wi-Fi access and can’t be trusted in the same way as cafes. I don’t use much data when I use the Hermit partition, but I still want my data to be secure when I do.
Last but not least, two small Text User Interface (TUI) applications. The first is Frogmouth, a console-based markdown viewer/browser capable of opening HTTP/HTTPS URLs. That’s useful when I want to access my local notes in Markdown, or access my on-line Wiki. Plus iamb, a Matrix chat client that Eva suggested me, and it has the same “vim-like” approach as sc-im. I’m using iamb on FreeBSD already, but it’s not yet fully operational on Hermit. This will allow me to chat with the people I care about. However, given the current status of things with governments wanting chat control, an IRC or XMPP server on a private system under VPN sounds more appalling by the day.
Here’s my laptop with the Hermit project on my desk in the Alps, along with Mx Liebe, the stuffed bear always with me when I travel.
The date of this post is non-coincidental. Two years ago today, an event changed my life for the better. I’ve been through heavy storms in the past two years, but that wonderful surprise has been a constant in my life ever since. And I can’t imagine a life without.