@pmoncho said in Email retention for non-regulated businesses?:

@dashrender said in Email retention for non-regulated businesses?:

@pmoncho said in Email retention for non-regulated businesses?:

@dashrender said in Email retention for non-regulated businesses?:

@scottalanmiller said in Email retention for non-regulated businesses?:

@pete-s In the US they tend to say "as short as possible." Email is always a legal quagmire and the best thing to do is to delete is as quickly as possible. Which, of course, can't be that fast. So we are generally talking 1-2 years. But you rarely want to keep it longer not because it likely contains details of people breaking the law, but because a legal discovery request is extremely expensive and a great way to attack even otherwise honorable businesses. It's a huge cost you can leverage against someone that they can only reasonably mitigate by not having much email to go through.

Man - that would be so awesome. But even if management did agree that - you'd have people that would be looking for ways to maintain the data for a much longer period - like printing and saving in a cabinet.. shudder.

I like many of the replies I get about cleaning out email. "Why, its free!" "Why, my 50 GB of email is nothing when we have 16TB drives for $200" "Why do I have to remove email older than 13 years, it isn't hurting anyone" "Why would I do that, I may need it later (Medicare Newsletters prior to 2010)" and the list goes on and on.

Exactly!

Then my next question is - if something is so important that you need to keep it - why is it in email in the first place? Why can't you get that data someplace else more related to whatever it is you're saving it for? (That said, I realize that other documentation for something simply don't exist).

Don't you dare get me started down this path. I had HUGE arguments about this with an ex-employee over the period of 10 years. The user could not/would not understand her email box is not a document database / DMS. The last I counted, she had over 300 different nested folders in her email.

Now that the user is gone, their mail copied to a shared mailbox for management to hunt/search and waste their time with if they choose.

It probably easier to have retention policy in place from the start.

If you know email retention is time-limited, you'd have to come up with some other way to store things.

But some people are just hopeless no matter what...

@gjacobse said in Launching Windows settings, screen shot etc from URI:

Interesting - I created a batch file that launches all of my daily applications in the office. It'll be interesting to see what I can move to this method...

You can look at what URI are registered to what applications by searching for protocol and you'll find "Choose default application by protocol".

That's how Windows knows what program to launch when it finds something like mailto:

You can also add your own URI to launch whatever app you want. That's done in the registry.

BTW, ubuntu and others have the same capability to handle URIs.

@pete-s said in What do you think about .app domain names?:

@scottalanmiller said in What do you think about .app domain names?:

If it is under the hood, why bother. If it isn't under the hood, I think customers get confused.

So you mean if it's customer facing it's better to stick to .com and there will be no confusion?

That is the only aspect that matters tbh, what people / customers think of it. All other aspects have zero impact.

@dashrender said in Where are MSP managed on-prem workloads moving?:

@pete-s said in Where are MSP managed on-prem workloads moving?:

Thanks, it does makes sense to move to SaaS solutions for a single customer that is doing their own IT.

But a MSP is in a different position because they, besides know-how, have a larger scale. So it can make economic sense to host things for their customers that doesn't make sense for each individual customer.

For instance does it makes sense for a company to have a server to host their website on? No, it doesn't. But if you're an MSP and your customers have a thousand websites that needs to live somewhere, it might make sense for you to host them.

I guess it also depends if you're an MSP that just manages things or if you also have your own hosting/cloud infrastructure or use another provider for that.

All good points. I have no view into that world, the few ITSPs I know are using other companies solutions, not rolling their own, or even hosting their own. Though some of them, we'll take JB for example, do manage all the stuffs other than hypervisor and hardware for things like a Ubiquiti controller, and PBXs.

If you really do have need to host 1000's of websites (or really massive sites, it could make sense to manage the whole stack, but then again, it could be better to get services from someone like Vultr, or in extreme cases like Amazon/Azure.

It's possible that ITSP/MSPs in the SMB space in general don't own any infrastructure themselves.

I know large companies that fully outsource their workloads to service providers. Those service providers host the workloads primarily in their own datacenters but also on public cloud infrastructure. But these service providers are often large companies themselves so they have scale.

@pete-s said in Yealink T41P and T41S difference?:

I've actually found one difference and that is that the T41S has a USB port and I don't think T41P has one.

Additionally, the general difference between the G and S line was the USB port and the ability to handle the OPUS codec. I would assume the T41P did not have OPUS support either.

@travisdh1 said in Best practice MFP scanning to email for M365 shop?:

@dashrender said in Best practice MFP scanning to email for M365 shop?:

@travisdh1 said in Best practice MFP scanning to email for M365 shop?:

@pete-s said in Best practice MFP scanning to email for M365 shop?:

@dashrender said in Best practice MFP scanning to email for M365 shop?:

@gjacobse
what brand MFPs are those?

My Canon's do fine with 1.2 to MS.

Do you set up the MFP with credentials from a M365 user?

Yep, need a licensed account, and the lowest priced one doesn't work. I forget what it's called at the moment, but you need a license that includes the local apps.

Even if you go with option 1, not sure why the lowest account with an email account wouldn't work?

Because the lowest cost email account is online only. A local device can't login.

I don't understand - why can't a local device login? Sure it likely can't use modern auth - but normal SMTP logon should work (though I think MS is killing that)

Also, as I mentioned - i'm using a totally free account (a shared account - shared only with me :P) through option 2 in the link I provided.

@hobbit666 said in AMD Epyc Gen 4 will have 128 cores, 5nm tech:

@pete-s said in AMD Epyc Gen 4 will have 128 cores, 5nm tech:

@obsolesce said in AMD Epyc Gen 4 will have 128 cores, 5nm tech:

What's the price going to be for one of these?

The top of the line AMD Gen 3 today is the 64 core EPYC 7763 2.45 GHz base clock and 3.5GHz turbo boost. 256MB L3 cache and 280W TDP.

That one is $8K list so the 96 core will be north of that. So maybe $12K or so.

With these prices I feel the line in that snippet is a bit false advertising. I wouldn't consider a 12k processor a "General Propose" computer. That would be more a specific use case in workstations 😜

EPYC are server processors, and these are standard general use. Balanced workload use with high thread count for virtualization.

Anything associated with Windows 8 was bound to fail.

@pete-s said in Microsoft VDA?:

@scottalanmiller said in Microsoft VDA?:

Otherwise, if it were free, you would just pop Hyper-V onto any PC and avoid buying the OS license (when used remotely.)

Possibly but I wouldn't call it free if you need the VDA license.

Kinda, but that's only an access license and only remote. You need some other license for it to be local separately.

@scottalanmiller said in Container core technology?:

@pete-s said in Container core technology?:

So whatever container solution you run, the core technology is the same.

It varies a lot. Docker is a super lean container tech, meant to run a process and its tightly coupled processes. But LXC includes the entire operating system sans kernel. So if you are using LXC containers, you can run Ubuntu on Fedora, Fedora on CentOS, CentOS on Ubuntu, Alpine on Ubuntu, CentOS on CentOS... the sky is the limit as long as they are okay sharing the same kernel compilation settings and version.

You can run an init process in an OCI container. It's assumed you pretty much won't but it is possible. It's helpful for testing some things and makes it work similarly to something like LXC/LXD.

@dashrender said in Slow "internet" customer says...:

have you actually loaded a single AP with 2-300 devices?

Yes. It works just fine because that is the spec it was built to handle.

@pete-s said in Is XYZ considered secure?:

But if compliance is required, don't you have to abide and make decision based on both real security as well as compliance?

Nothing makes you abide by good security other than the risk of being sued over it. So no, you don't have to abide by both. Is it best to, sure of course, if you value you company.

@pete-s said in Experience with Supermicro Microcloud servers?:

@dashrender said in Experience with Supermicro Microcloud servers?:

@pete-s said in Experience with Supermicro Microcloud servers?:

@dashrender said in Experience with Supermicro Microcloud servers?:

@pete-s said in Experience with Supermicro Microcloud servers?:

@dashrender said in Experience with Supermicro Microcloud servers?:

What's the use case?

For blades in general? It's hyperconverged infrastructure, hosting environments, container clusters etc. Basically everywhere you want to cram in as much as possible in the least amount of rack space.

I suppose - but damn - that seems like a HUGE amount of compute power next to low amount of storage. If that's the setup you need - again HUGE amount of compute and tiny storage, then it's probably just fine.

I know what you mean but it's not really that low. Consider that the server I linked to have 3.5" bays. So you can have 2 x 18TB (standard enterprise size in stock) per node or 288 TB of raw storage per 3U rack. A rack full of those will give you over 3 PB of disk or 1.5PB of SSDs (8TB ea).

There are other models too, some have 4 bays per node. So you have some options.

that storage ends up being soooo incredibly slow, the power of the CPUs seems like they would be wasted.

Now if all of the storage is hanging off a single or split between two/three nodes, then we start looking more like a Scale box, only way smaller.

I'd be worried about only having two power supplies in there too. that might be a folly on my part, but with that many drives/CPUs and only two PS's?

Today you don't need a lot of spindles in an array to get speed. Storage would be blazing fast with for example two NVMe drives per node.

8TB is readily available but you could get 16TB NVMe drives too.

yeah, NVMe would be fast... I made an assumption before looking more closely at your picture that it was limited to HDDs.
which today would just be stupid.. so my bad.

I got one of these a while back, works pretty good as a mouse/kbd or a remote.

Favormates Air Remote Mouse MX3 Pro,2.4G Backlit Kodi Remote Control,Mini Wireless Keyboard & Infrared Remote Control Learning, Best for Android Smart Tv Box HTPC IPTV PC Pad Xbox Raspberry pi 3 https://www.amazon.com/dp/B01N0SUUZS/

@pete-s said in Yealink and bluetooth headset:

By chance I discovered that TP-link UB400 works the same as Yealink's own adapter. The phone thinks it's a Yealink adapter - the same chipset I think. Difference is that it's only $10 each and TP-link is easy to find.

Good to know.

@jaredbusch said in sudo problems:

@pete-s said in sudo problems:

@jaredbusch said in sudo problems:

@scottalanmiller said in sudo problems:

@jaredbusch said in sudo problems:

@scottalanmiller said in sudo problems:

@pete-s said in sudo problems:

We want to move to using ssh certificates on our servers and remove all passwords.

That's what we do.

Since when? What do you use to manage and generate certificates?

Generate with ssh-keygen. Manage with a wiki. We are only so big, so it works fine.

That is not certificates. That is keys. Completely different.

I don't know what @scottalanmiller uses but ssh-keygen is used to generate ssh certificates as well.

From the man page:
ssh-keygen supports signing of keys to produce certificates that may be used for user or host authentication. Certificates consist of a public key, some identity information, zero or more principal (user or host) names and a set of options that are signed by a Certification Authority (CA) key. Clients or servers may then trust only the CA key and verify its signature on a certificate rather than trusting many user/host keys. Note that OpenSSH certificates are a different, and much simpler, format to the X.509 certificates used in ssl(8).

But if you are automating certificate generation, you need to wrap this in something.

No, ssh-keygen does not do this (ssh certificate generation).

As you highlight, it can be used as part of the certificate process. But it cannot, and never will, be the certificate authority. Thus it is not the tool for this this.

You're actually mistaken because I've done it many times now. A Certification Authority, when it comes to openssh certificates, is really just a key pair that you carefully guard.

You create certificates by using the CA keys to sign other public keys from users and hosts. The result is a certificate named *-cert.pub

And you do all of this with the ssh-keygen utility.

Similar to how you can create CA and everything else for the more complex x509 certificates with just openssl.