skip to main content.

this weekend, the apv zo visited the wildpark bruderhaus in winterthur. the weather was great, and except for the lynxes, we saw all animals we planned to see: sika deer and fallow deer, european bisons, wild boars, red deer, przewalski’s horses and gray wolves.

while staying in val bregaglia, we also visited the engadine soap box derby from st. moritz down to celerina. unfortuntely, on that day, the weather was quite crappy – it was quite wet. (apparently it was dry before we arrived… hope it wasn’t us who brought bad weather :) )
anyway, we watched one of the rounds, and i took some photos. here’s a small selection:

last week, we were in vacation in val bregaglia, a valley half belonging to graubünden, switzerland and sondrio, italy. we were staying in vicosoprano on the swiss side.

most of the time, we had fabulous weather, except two rainy days and one pretty cloudy day.

via bregaglia.

the first hike we did was going by postauto up the maloja pass to maloja village, walking from there to the giant’s kettles nearby and from there to the belvedere tower, and then down the pass towards the san gaudenzio ruin and finally until casaccia, from where we continued by postauto.

this is the first leg of the via bregaglia route. this leg is really nice, with some glimpses over the valley (for example, at belvedere tower, and above casaccia, where you have a good view on the albignia lake dam), a lot of forests and shade, and nice rivers. parts of it go quite steep downhill, but even for untrained beginners as us, it was quite manageable.

via panoramica.

the second bigger hike we did was the via panoramica (the yellow path there) from the power plant löbbia towards northwest of vicosoprano, from where we descended back down to vicosoprano. near the power plant, we saw a sign forbidding arnie to walk on the water:

whyever they put up that sign… crossing the bridge from the löbbia stop to the other side of the water basin, one enters the via panoramica and can continue to roticcio and from there on to eventually soglio. we left the path somewhere northwest of vicosoprano. (if you have a map, it’s the leftmost path leaving the via panoramica descending downwards to vicosoprano.) this is a really beautiful hike, with lots of nice overviews over the valley and on the mountains.

albignia.

another day, we took up the cable car to the albignia lake dam. one can also hike all the way up or down, but i think that one is a bit over our capabilities… so instead, we enjoyed the little tiny cable car. on the top, one could still find patches of snow, and one has a beautiful panorama both over the valley and over the lake.

unfortunately, on that day, it was pretty cloudy, so we decided to not hike to the albignia hut (that’s something we’ll do next time…), but take the cable car back down and hike from there back to vicosoprano:

soglio.

one day, we took the postauto up to soglio, a cute mountain town:

afterwards, we returned by postauto to promontogno and had dinner there.

castasegna.

another trip we did was to visit castasegna. they have a beautiful chestnut exploration path, which shows how chestnuts are planted, harvested and dried. also with a chance to buy honey from around there at a self-service stand.

back in town, we bought some drinks and met a nice cat with wonderful blue eyes.

chiavenna.

after being in castasegna, we visited chiavenna, the largest town in val bregaglia, ending the valley at the italian side. we had dinner there, but unfortunately, the restaurant we chose didn’t start serving dinner before 19:00, and the last postauto left short after 20:00…

hotel helvetia.

in vicosoprano, we stayed in hotel helvetia, a former hotel west of the city. while parts of it are used for offices, the other part is rented as holiday flats. it is equiped with a simple kitchen for self-catering, and without much luxury features everything one needs to have a good week there. and in case one is too lazy to cook for oneselves, there are two hotels with restaurants in town, for example hotel corona, where we had three excellent dinners.

today, i finally got around to try arch linux with xfce4 on my laptop. and considering how it looks, i will also install it on my desktop computer on the next reinstall. (currently, it still has ubuntu with xfce4 installed. and in case you wonder why i decided to try out a new system on my laptop: i’ve been using linux mint 14 the last couple of months, and was pretty unhappy both during install – setting up full disk encryption was somewhat annoying – and finally when trying to install wine recently, which simply didn’t work.)

i followed the beginner’s guide, which essentially told me what to enter on the console to set up arch linux. (note that arch linux does not come with a graphical install, you have to type a lot of commands in yourself. but apart from that, it actually works like a charm. so if you’re not scared by using the command line, it’s worth a try.)

there’s also a arch wiki entry about encrypting a lvm setup, which is what i was doing and wanted to continue doing – for example, to not again restart by copying all my data to the machine, but by simply re-using the encrypted partitions layout set up before. for the way i (and ubuntu) was doing it, that wiki entry pointed to a blog post by simon dittlmann, which explains how to set up a huge encrypted partition, which will contain a lvm (logical volume manager) group with root, home and swap partition. unfortunately, the blog post is somewhat older, and apparently the whole installation procedure of arch linux changed somewhat, so i had to improvise.

in order to create an up to date documentation on how to install arch linux with full disk encryption, both discussing how to create such a setup and how to install arch linux in an already existing such setup.

beginning installation: creating the encrypted partition.

first, follow the beginner’s guide up to the step “prepare the storage drive”. at this step, you have to do something else.

(in case you already have a working set-up, skip the next steps until the mark.)

follow the steps described in the beginner’s guide, create a small boot partition – this one will not be encrypted. i assume that it will be /dev/sda1. it should be a simple ext3/ext4 partition. (i usually give it 256 or 512 megabytes.)

then, create another partition (i assume it will be /dev/sda2), which consumes the whole left-over space on the hard disk. first, you should clear everything on that partition, preferably with random bits. you can for example do:
dd if=/dev/urandom of=/dev/sda2
this will take quite some time, though. alternatively, you can skip this step, and later, after encrypting the partition, overwrite the encrypted partition with zeros. (look down below for that.) afterwards, set up encryption on /dev/sda2:

1modprobe dm-crypt
2cryptsetup --verbose --cipher aes-xts-plain64 --key-size 512 --verify-passphrase luksFormat /dev/sda2

you will have to enter a passphrase (twice), which you will need later on every boot to unlock the disk. (note that you can later on change the passphrase as you like; look at the section passphrase management in an older blog-post by me.)

(edit: since there is now a successful attack on the aes-cbc-essiv encryption mentioned here earlier, i changed it to aes-xts-plain64, using a different approach.)

(mark: skip until here if you already have a working set-up.)

now you can unlock the encrypted disk:
cryptsetup luksOpen /dev/sda2 lvm

setting up the logical volumes.

(skip almost everything of this section if you already have a working set-up. the only thing you should not skip is the mounting below and enabling swap with swapon.)

after unlocking the encrypted volume, you have to create a volume group and logical volumes inside it. first, begin by creating a physical volume, which will contain the logical volumes. for that, we use the encrypted partition /dev/sda2, whose contents can be accessed by /dev/mapper/lvm. do the following:

1lvm pvcreate /dev/mapper/lvm
2lvm vgcreate vgroup /dev/mapper/lvm

you can replace vgroup with any name you want. i replaced it with the (future) hostname of my laptop. now you can use the following commands to create logical volumes. there should be at least one volume for root (/) and swap. i recommend to also create a volume for /home, so that your personal files are separated from the operating system and you can simply wipe out the operating system when you want to install a new one by formatting root, but not home. for such a setting, the commands are as follows:
1lvm lvcreate -L 16GB -n root vgroup
2lvm lvcreate -L 16GB -n swap vgroup
3lvm lvcreate -l 100%FREE -n home vgroup

(my machine has 16 gigabyte ram, whence i created a 16 gigabyte swap partition.)
don’t forget to replace vgroup if you used a different name above. you can also choose different names after -n. the next step is to format the data partitions as in the beginner’s guide:
1mkfs.ext4 /dev/mapper/vgroup-root
2mkfs.ext4 /dev/mapper/vgroup-home

to set up the swap, proceed as follows:
1mkswap /dev/mapper/vgroup-swap
2swapon /dev/mapper/vgroup-swap

finally, let us mount the partitions to install arch linux on them:

1mount /dev/mapper/vgroup-root /mnt
2mkdir -p /mnt/home /mnt/boot
3mount /dev/mapper/vgroup-home /mnt/home
4mount /dev/sda1 /mnt/boot

(you only need the mkdir if you created a new set-up. also, in case you created more logical volumes, you have to adjust the commands above.)

continue arch linux installation.

from this point on, you can follow the beginner’s guide to install arch linux from this point on. continue until the point of creating an initial ramdisk environment. there, you must edit /etc/mkinitcpio.conf and modify the HOOKS statement from
HOOKS="base udev autodetect modconf block filesystems keyboard fsck"
(or something similar) to
HOOKS="base udev autodetect modconf block encrypt lvm2 filesystems keyboard fsck"
note that you must insert encrypt lvm2 in precisely this order somewhere before filesystems. afterwards, continue with running mkinitcpio -p linux (or continue editing the config file if necessary).

now you can continue with setting the root password.

the next step where you have to pay attention is the step where you set up the boot loader. i chose grub here. set it (or syslinux) up as described in the beginner’s guide. in the case of syslinux, you have to modify /boot/syslinux/syslinux.cfg, and in the case of grub, you have to modify /boot/grub/grub.cfg. in the case of syslinux, you should have two entries (regular system and fallback)
APPEND root=/dev/mapper/vgroup-root ro
for syslinux and
linux /vmlinuz-linux root=/dev/mapper/vgroup-root ro quiet
for grub, or something similar. for all such entries, insert cryptdevice=/dev/sda2:vgroup between root=… and ro; that is, the entries should look like
APPEND root=/dev/mapper/vgroup-root cryptdevice=/dev/sda2:vgroup ro
for syslinux and
linux /vmlinuz-linux root=/dev/mapper/vgroup-root cryptdevice=/dev/sda2:vgroup ro quiet
for grub.

change (2014/04/13): in case you want to use grub, it is better to proceed as follows. edit the line GRUB_CMDLINE_LINUX in /etc/default/grub and add cryptdevice=/dev/sda2:vgroup there. then, run grub-mkconfig -o /boot/grub/grub.cfg as described in the beginner’s guide. this automatically adds this to all entries in grub.cfg. end of change.

afterwards, continue with the beginner’s guide. after the next reboot, you should be asked for a password to unlock the volumes. after entering it correctly, the system should boot up as normal.

a couple of weeks ago, the meadow behind our house was freshly mowed, and our cats were playing. it was beautiful weather, and i grabbed my camera to watch them playing a bit:

also on last weekend, we did an excursion around the zürcher oberland. we started by taking the historic steam locomotive train (the same as last time) from hinwil up to neuthal, were we continued to a lake to barbecue. later, we continued by the same train to bäretswil and walked down the kemptner tobel to kempten, ate some ice cream there and finally continued home. the weather was fantastic (even though the forecast warned that there might be rain), it was sunny and warm the whole time.

here are some impressions:

last weekend, we revisited obersaxen for a waffle party. (sorry, no photos of the waffles, but they were really tasty!) again, the weather was great, even though it was sometimes pretty cloudy and sometimes even showers came down.

some time ago, we visited oldenburg to visit some friends who build a house. after quite some time of bad weather, we all were quite happy to have a sunny weekend. we first explored the city by bike, visiting the place where i used to live as well as both campuses of the university, before returning downtown and doing some shopping. here are some impressions:

nowadays, there are quite some fair trade products customers can choose when buying stuff. there’s fair chocolate, fair bananas, fair t-shirts, etc. one common denominator of these products is that they consist of not too many things, that they are not too complex. essentially for all kind of products which are too complex – think of electronics – virtually no fair products exist. and in fact, producing a 100% fair electronic device is essentially impossible without a huge amount of ressources available. there are just too many different tasks to ensure.
but fortunately, there are some projects which at least try. most notably, there are two projects i want to write about today. first, there’s the german faire maus, a (somewhat) fair mouse. the precise list of pieces need to assemble one can be found here, together with information what problems can arise in their production, which problems are (essentially) solved for the fair mouse, and which are still unsolved. so, while not 100% fair, at least the process is very transparent and it is possible to identity points where the process is still not exactly fair.
another project is the fairphone, a project from the netherlands trying to produce a fairer smartphone. compared to a simple mouse, a smartphone is way more complex, and depends on a much larger range of different parts. well, as a consequence, it is also much harder to make it fair. the fairphone project still tries hard. besides fair, they also try to be very transparent about where everything is from and under which conditions it was obtained/created. for example, there’s conflict-free tin from a congolese mine involved.
the fairphone project is currently trying to get enough advance orders to produce the first batch of fairphones. they need 5000 orders, and so far, they just got around 1640. the number is increasing now and then, but i’m wondering if it will reach the required 5000 early enough. in september, the fairphone team wants to inform about a possible delivery date, which will hopefully be in october. so if you’re planning to get a (new) smartphone somewhen in the near future, you should think about supporting that project. the price of 325 euros is quite in range, and you’re supporting a good cause. (and if it doesn’t work out, you’ll get your money back somewhen in fall.)
actually, i just ordered one fairphone last week. (well, and also two fair mouses.) not that i suddenly like the idea of having a smartphone (i still don’t), but then, i can still install linux on it – after all, i will be allowed to do that, as opposed to most other smartphones which you don’t really own when buying them. (isn’t that another reason?)