Why Buy a Security Key? #

To simplify logins, I let my browser save passwords and enable two-factor authentication (2FA) for important accounts, such as SMS verification. However, SMS can be unreliable, sometimes taking over 30 seconds. A hardware security key is a better alternative.

I chose the YubiKey 5C NFC, which supports USB-C and NFC for easy use on both computers and phones. The Security Key NFC is also a good option but lacks OpenPGP support.

YubiKey 5C NFC Overview #

The YubiKey 5C NFC by Yubico is a hardware security key with multiple features. I mainly use FIDO U2F, FIDO2, and OpenPGP, while Smart Card and OTP are more common in enterprise settings.

In comparison to HTTP/2 and earlier versions of HTTP, HTTP/3, based on the QUIC (Quick UDP Internet Connections) protocol, achieves lower latency, improved network adaptability, and enhanced security. Enabling HTTP/3 support in Nginx can enhance performance and user experience, with the following key benefits:

1. Lower Latency: QUIC’s 0-RTT and 1-RTT handshake mechanisms reduce connection establishment and retransmission times, accelerating page loads.
2. Multiplexing: HTTP/3 allows multiple requests over a single connection via UDP, offering better recovery and reduced blocking compared to TCP.
3. Fast Recovery: QUIC uses custom congestion control algorithms to quickly recover from packet loss, improving transmission efficiency.
4. Enhanced Security: As an application-layer encryption protocol, QUIC provides end-to-end encryption, safeguarding data from man-in-the-middle attacks.
5. Improved Network Adaptability: QUIC enables changing IP addresses or ports without disrupting sessions, enhancing support for mobile devices switching between networks.

To enable QUIC support in Nginx, OpenSSL or BoringSSL must be integrated during compilation. Manual compilation is complex, using a precompiled version is more convenient.

Why change the type code of a hard disk partition? Here’s how it all started.

Ventoy is an open source tool to create bootable USB drive for ISO/WIM/IMG/VHD(x)/EFI files. There is a problem, when it create an EFI partition.

But there’s a problem, Ventoy creates an EFI partition, formatted as FAT16, and the partition type code is 0700 (correctly it should be EF00). On macOS, since the EFI partition is automatically mounted, if two USB flash drives are inserted at the same time, the second one will not be mounted correctly.

After doing some searching, I chose GPT fdisk. It is open source software (GPL) and cross-platform, supporting Linux, macOS, Windows.

For users connecting via PPPoE (Point-to-Point Protocol over Ethernet), ensuring the correct MTU (Maximum Transmission Unit) setting on their router is crucial for maintaining optimal network performance and internet access.

Understanding MTU #

MTU, which stands for Maximum Transmission Unit, is a concept related to Layer 2 networking. Its purpose is to limit the size of data (payload) within a MAC frame.

Think of data packets like goods being transported by trucks. If the goods are too large, the truck cannot transport them efficiently. Conversely, if the packaging is too light or insufficient, transportation efficiency suffers. MTU is akin to the maximum load capacity of the truck.

Enabling HTTPS on websites can deal with “HTTP hijacking” by ISPs. In most cases, using a free SSL certificate is sufficient.

Recommended CA and Issuance Tools #

ZeroSSL and Let’s Encrypt are two common CAs (Certificate Authorities). They both offer free SSL certificates with a 90-day validity period. The advantages are as follows:

• Support Wildcard Certificates (like *.example.com ).
• Support ECC certificate (ECC certificate is smaller than RSA under the same security).
• Can be issued through API, no need to apply manually.

It is recommended to use acme.sh as a certificate issuance tool. It supports ACME v2, pure shell implementation, no other dependencies, and can be used on Linux / BSD.

If you want to delete all git commit history but keep the files, you can follow the steps bellow.

IMPORTANT: Please DO NOT delete the .git folder directly, as this will cause issues with your git repository.

1. Create an Orphan Branch #

git checkout --orphan new_branch

Create an orphan branch (a branch without a parent branch), named new_branch, and switch to it.

--orphan: Create an orphan branch from starting from the current HEAD. The first commit made on this new branch will establish a new history that is entirely disconnected from all other branches and commits.