Youtube Video

@JaredBusch said in KVM networking with libvirt (virsh) questions:

I assume that Debian 11 uses NetworkManager? I don't have a clean Debian system running KVM to check.

If so nmcli and its related commands are your friend.

Thanks Jared.

Reading about nmcli and seeing your screenshots led me to understand that macvtap devices are only active when the VM is actually running.

Using ip link I can now see the macvtap device on the host. One for each VM connected.

7ad85ba6-1b7b-40a2-aa7a-d8e12988683f-image.png

@Pete-S said in Save shell session to disk?:

That's why you should launch ssh like this:
ssh [email protected] -t screen -RR
If you don't have a session going it will create one.
If you had a session going but it was interrupted, it will reconnect to it automatically.

@JaredBusch said in Save shell session to disk?:

I do not like to launch screen for no reason.

@DustinB3403 said in Energy efficiency?:

There are likely thousands of these sitting on a dock/cargo ship just waiting to get delivered to the outlets that sell em.

Nope, been on continuous back order since first release. There is no "spare" machines in the RP universe.

@scottalanmiller said in Facebook at Work (Meta Workplace)?:

@Pete-S said in Facebook at Work (Meta Workplace)?:

@gjacobse said in Facebook at Work (Meta Workplace)?:

WHY,.. Why would you do that. That is ten times more poison them Sharepoint.

I don't know. Don't companies use Sharepoint?

I guess I'm wondering in general if companies use internal social sites. Or perhaps they just use messaging apps like Teams and Slack or just...nothing.

So OTHER social sites, yes. We've used the ones from Microsoft (Yammer) and Zoho Connect and the idea is fine. I like them. I just wouldn't use one from Meta. But conceptually, I find them slightly useful but not very.

what he said - I've never seen a company using Meta's workplace version.

@Pete-S said in Zoho Zillum - family oriented mail and cloud storage:

Are you perhaps referring to the Zoho Workplace bundles? The "Standard" tier ($3/user/month) doesn't have much cloud storage and the "Professional" is double the price ($6/user/month) but it's the closest to Zillum features and storage.

Yes, that's the standard business bundle with the features. At $3 is get more email storage but less "other" storage. Although for documents and other stuff that the platform is meant for it is unlimited. So that's quite a bit depending on how you use it.

@Pete-S said in rDNS PTR records - why?:

your own IPs

They really need to be your own IPs (reassigned because no end account ever actually owns them) and not just a randoms static IP from your ISP.

Enterprise fiber is one of the few places where i know the IP addresses are mine. I know they are, because I have the ARIN account for them.

8ab099df-0d83-49ec-962e-4113b94c535a-image.png

@Pete-S said in Mikrotik software firewall/router?:

@PhlipElder said in Mikrotik software firewall/router?:

@scottalanmiller said in Mikrotik software firewall/router?:

The same sales tactic is used to sell expensive "you have to pay the vendor extortion rates for support" over open source products that are known to be far better for decades. It's probably the best known scam in our industry. And once people overpay and get too little, the vendor has customers over a barrel and they feel that they can't expose to management that they spent a fortune and got less than they would have gotten for cheap or for free. And so the spending spree continues because no one up the chain wants to expose what they've done.

Three cluster setups:
1: Cisco Small Business Pro series Gigabit and 10GbE
2: NETGEAR Gigabit and 10GbE
3: Ubiquiti Gigabit and 10GbE
4: Mellanox/NVIDIA 10GbE, 40GbE, 50GbE, 100GbE

Guess which ones we've had the most grief with? Which one's the least?

I can't stand the suspense. Please tell!

Cisco woudl be reliably the biggest problem. Never seen anything require more support, have more problems.

Netgear is cheap, and we've seen lots of issues. Nothing is as bad as Cisco, obviously, but Netgear relies on easy to manage, easy to replace and if you have the right mindset it'll crush Cisco in the big scheme.

Worked extremely little with Mellanox. Known to be really good stuff.

Ubiquiti is definitely what I'd use most of the time. Good management, better pricing, and has the "easy to replace" advantages that take Cisco out of the serious running. Nothing Cisco could do (but doesn't anyway) could touch the safety net of being able to have spares instead of waiting for clueless engineers to putz around.

@scottalanmiller said in Is there a webcrawler issue with mangolassi.it?:

@Pete-S so odd, I wonder why they aren't indexing it any longer. I am not aware of any changes that would likely have prompted that.

Have a look at this:
https://www.bing.com/webmasters/help/why-is-my-site-not-in-the-index-2141dfab

If I remember correctly duckduckgo uses several other search engines, including bing, to compile it's results.

@Pete-S said in Production KVM server "hardening"?:

I'm thinking about running pure KVM on debian for virtualization hosts. Not Proxmox. There will be no GUI on the servers, no web interface, only ssh for management.

Do I need to do anything special to lock down the security?

I've never used KVM in production, only on my desktop and then I've had virt-manager as well as tools like virtsh. So I don't really know what is required for a pure KVM server to be as "secure" as proxmox, xcp-ng or whatever.

Keep the OS and everything updated. Keep drivers updated. Keep firmware updated. Use only key-based auth for SSH, add only specific devices to authorized_keys file. Ensure firewall configured well. Set up log alerts for access.

@Pete-S said in Live migration Proxmox?:

@JaredBusch said in Live migration Proxmox?:

@Pete-S That is what the docs say. I have never tried.

But also, why not have everything in the cluster? What is the need to make them "individual" hosts?

Pools (resource pools) as they are called in xenserver/xcp-ng will put at lot of restrictions on the hosts.

Pools are managed as one entity (through the pool master) and works best when you have shared storage.

They are however a huge hassle when you don't have shared storage. So hosts that use local storage and are individual are best kept as separate hosts. So in this case everything started out as pools but have been migrated to individual hosts.

Maybe it works differently in Proxmox, I've only used it in the lab on a single host.

I manage multiple servers through the single IP of the cluster, but you can still directly access the individual nodes if you desire.

I do not know about resource pools and such as I have not used those with Proxmox yet. Just multiple servers in a cluster, but no shared resources more than a setup for replication at one place. But that one is only for replication, so not a good example.

@travisdh1 said in TP-link business switches?:

@scottalanmiller said in TP-link business switches?:

@Dashrender said in TP-link business switches?:

@JaredBusch said in TP-link business switches?:

@scottalanmiller said in TP-link business switches?:

Yes, that's what I'm talking about. It's free and they host it for you. We've been using it for a few years. It's really quite nice. It's different than Unifi, which I can't explain. But it does a good job.

I've been using UNMS since it came out. They rebranded it to UISP a couple years ago. I had no idea, or forgot, that they had a free hosted version of it.

Yeah free hosted version as long as you have 5+ devices attached to it.

And they aren't very serious about the limits. If you are a vendor, you'll have enough to do it for free easily.

I almost have enough devices with just my personal stuff!

Exactly, it's not hard. Especially when the simplest devices count. Buy a couple for your lab and voila.

@Pete-S said in Linux alternative to FreeDOS?:

Maybe Alpine linux would be a good fit. I haven't used it as is though. Just know it has a small footprint, uses busybox which is a favorite for embedded systems and Alpine is also popular for container use.

Ubuntu fits on a stick and is well known. I'd just stick to that because it is easy and has loads of tools.

@Dashrender said in Zoho Mail has new secure sending option:

@Pete-S said in Zoho Mail has new secure sending option:

@Dashrender Good to know.

One purpose of the OTP is that you can't forward the email and have another person read it.

Not directly forward - sure, but you could screen shot it and forward that to someone.

I assume the OTP is more so that people don't have to create accounts in the Zoho system.

It looks like Zoho had the forwarding thing specifically in mind since they mentioned that on their website. A lot of people will forward messages without thinking about the sensitive information that is usually longer down in the mail. I've seen that a lot when I get emails forwarded to me with information that is clearly not intended for me.

In the MS system you have to create an account, same goes for Zix, even if you will only ever read this one message on that system.

Yeah, I hate that. It's just to get more users. I love OTP though.

I'll have to check how these secure feature works with sending huge mail attachments as well. Haven't tried it yet.

Hmm, now I'm thinking I probably should have installed Windows 11 instead...

Well, maybe not, I don't actually run it on anything else.

@Pete-S said in What do you use as an identity provider?:

@scottalanmiller said in What do you use as an identity provider?:

@Pete-S said in What do you use as an identity provider?:

You mean if you paid for M365 then you're already using Azure AD as your identity provider in which case JumpCloud serves no purpose?

For one thing, Azure AD is lacking connectors for normal things like Linux desktops. Doesn't even WORK in our environment or most of our customers, almost none. At most it works for SOME workloads.

There is another factor as well, which favors an independent identity provider and authentication. When you have everything in one place, you give too much power over your business to a single company. If you have a problem with Microsoft (or Google) all other services will be useless if you tied everything to Azure AD (or Google Identity Services).

Also changing "Office" apps from Microsoft to Google or to Zoho or whatever you might fancy will have far reaching implications. So less freedom to pick whatever is best for your company.

Excellent points.

@stacksofplates said in Organizational charts or similar info?:

This site is pretty popular form what I've seen.

theorg.com/organizations

Not sure if this is what you're asking for or not.

Thanks, that one was interesting, I'll look through it and see how detailed they charts are.