Blog

What's on my mind.

Infrastructure

NixOS: Installation Guide with RAID 1, encryption, and TPM unlock (part 7 - Mitigating the OS swap attack)

June 1, 2026 | 11 reading minutes

There is still a loophole where one could obtain the LUKS volume encryption key using another operating system. Let’s fix that.

May 26, 2026 | 6 reading minutes

The NixOS disk is encrypted, but a careful LUKS volume swap attack can still be used to obtain the encryption master key.

May 18, 2026 | 7 reading minutes

At last, we are going to automatically decrypt the NixOS disk using the TPM!

May 14, 2026 | 7 reading minutes

In the fourth post of our series, we are going to configure Secure Boot to ensure that only trusted operating systems can be executed.

May 11, 2026 | 3 reading minutes

I’m continuing my journey of setting up a NixOS machine with secure and redundant storage. In this post, we’re going to perform the actual OS …

May 6, 2026 | 8 reading minutes

In this post I keep on building a NixOS setup with secure storage, now going deeper into Disko, LUKS, and btrfs.

April 28, 2026 | 5 reading minutes

It is time to migrate from Ubuntu to NixOS!

July 10, 2025 | 5 reading minutes

In April 2009, 16 years ago, I received the Microsoft MVP award for the first time, and I renewed it every year. Until today.

July 2, 2025 | 27 reading minutes

The data center initiative proposed by the federal government has many problems. Let’s dive deep into them and explore alternatives.

April 2, 2025 | 9 reading minutes

In the last few days, I updated this site to Bootstrap 5. I took the opportunity to make several improvements and I want to share how that process …

March 24, 2025 | 8 reading minutes

I abandoned my favorite publishing platform and embraced the Hugo static site generator. In this post, I tell you why.