@pete-s said in Financially hobbled for life: The elite master’s degrees that don’t pay off:

Well, the students didn't have spreadsheets on their mind when they decided to go for life crushing debt...

LOL, right. Why would they do that!

@pete-s said in Kaseya customers ransomware attack:

@obsolesce said in Kaseya customers ransomware attack:

Ransomware is a legacy tech concern, not a modern one.

What do you mean by modern? Are you talking about running kubernetes in the cloud or something else that would not be subject to ransomware?

I'm not talking about any specific product, e.g. K8s... Even with that, you could still implement poor data storage using legacy practices and technologies.

Think about it.

What important company data is being ransomware'd.... where is this data? How is the data presented? How did ransomware effect it? What technologies were used to provide and/or host the data?

@Pete-S said in Anyone here using Zoho Sprints?:

@scottalanmiller said in Anyone here using Zoho Sprints?:

Literally deploying it this morning!

Let us know how it goes.

We ended up using the functions in our hosted GitLab instead of tracking things in Zoho Sprint.

But there is always a need to re-evaluate and improve things.

We use GitLab traditionally, too, for that.

@pete-s said in Anybody here running PeerTube?:

@scottalanmiller said in Anybody here running PeerTube?:

@pete-s said in Anybody here running PeerTube?:

@dashrender said in Anybody here running PeerTube?:

Huh - I love the idea of getting away from Google and their data mongering... but I don't see this being viable.

Isn't that the problem almost all open source projects have?

You need someone with resources to market it, pour money in it and polish it for mass consumption.

That's why linux on the desktop hasn't taken off and probably never will. Nobody is marketing it and nobody is going to - unless there is money to be made in some way.

PeerTube could become a thing among geeks open source advocates though.

The issue here is not related to the source but to a service.

PeerTube isn't a service. It's a self-hosted video server that can also federate content from other PeerTube servers.

So the network of PeerTube servers is decentralized and not subject to the whims of any one company. Like email. Or the www before companies started to build closed networks inside (Facebook etc).

it is a service, just like email is a service. But as you mentioned a decentralized one.

And that's the killer - why it won't ever have mass appeal on it's own.

Now as you mentioned if someone comes along, takes the open source, pours a moon worth of dollars into it, polishes it up, etc... and mass markets it to the public... they could make it appeal-able to the masses.
the question then becomes - how do they monetize it? Ads you say? well, then you're just becoming the next Youtube, collecting data because the advertisers demand it.

@pete-s said in Windows Terminal:

But Microsoft have been pretty consistent through the years about using "console" and not "terminal" for this kind of application.

True. They do always use some weird terminology that is very specifically something else but "not when Microsoft says it."

@eddiejennings said in Shift + PgUp/PgDn in terminal?:

@pete-s said in Shift + PgUp/PgDn in terminal?:

When you use Shift + PgUp/PgDn on a linux console you can scroll the screen buffer.

Where does this behavior come from? Is it the shell, a utility on the server, is it the console client, is it the ssh client?

It's not working for me using ssh (on windows) and I realized I have no clue where to start looking...

Probably specific to the config of your terminal program, unless you’re truly talking about the console itself.

I had to alter some key bindings in Gnome Terminal to get the desired behavior from the weechat key bindings.

You were right. I was trying out Windows Terminal and running ssh inside. And shift+pgup/dn didn't work as expected.

I looked at the Windows Terminal keybindings and the default was not what I wanted.

So I added this under "actions" in the settings.json file:

// Scrollback { "command": "scrollDown", "keys": "shift+down" }, { "command": "scrollDownPage", "keys": "shift+pgdn" }, { "command": "scrollUp", "keys": "shift+up" }, { "command": "scrollUpPage", "keys": "shift+pgup" },

The added bonus is that shift+pgup/dn now also works with cmd.exe and PowerShell.

@pete-s said in DMARC monitoring services/tools?:

Found this as well, but it's $200 to $1500 per month:
https://www.valimail.com/pricing/

Actually searching for the one @VoIP_n00b mentioned and the one above, I found a list. Haven't checked all of them yet, but it's a start.

If anyone has experience using any of these services please share your opinion of it!

https://dmarc.postmarkapp.com/
https://www.valimail.com/
https://report-uri.com/products/dmarc_monitoring
https://mxtoolbox.com/Pro/DmarcSetup/f/RegisterDomain#/
https://uriports.com
https://dmarcian.com/
https://easydmarc.com
https://powerdmarc.com/power-dmarc-pricing-policy/
https://dmarcly.com
https://glockapps.com/dmarc-analyzer/
https://www.dmarcanalyzer.com/
https://ondmarc.com/pricing
https://godmarc.com/
https://250ok.com/tour/dmarc/
https://www.agari.com/products/business-fraud-protection/
https://www.fraudmarc.com/
https://www.barracuda.com/products/sentinel
https://www.symantec.com/products/messaging-gateway
https://www.proofpoint.com/us/products/email-fraud-defense

@dashrender said in Local SMTP relay?:

@pete-s said in Local SMTP relay?:

@voip_n00b said in Local SMTP relay?:

@pete-s said in Local SMTP relay?:

Do you have any pointers on how to configure postfix for this?

Lots of guides when googling "postfix smtp relay"

Here is one:
https://www.lisenet.com/2018/configure-postfix-to-relay-mail-to-an-external-smtp-server-on-centos-7/

Thanks! It looks simple enough and I hope it is.

When I looked at the postfix documention it seems like it's a lot more complicated than that.

is CentOS still where people want to be for things like this?

Not generally and never CentOS 7.

OpenSSH can use host certificates to verify the host (like SSL certs on a webserver). OpenSSH can also use user certificates to verify the user (like passwords or ssh keys).

Both these types of cert to be used independently of each other.

I've tested using user certificates to authorize user login, since that is what most
people do with keys. People never really verify the host identity.

It works great and it's actually very simple. This will be my new SOP going forward.

Before starting to add hosts and users you need to create a Certificate Authority (CA) - which is actually just a key pair. It's a one-liner.

Every time you create a new host, you just need to copy the same file to it - the public key of the CA. And change one line in sshd_config to allow ssh certificates.

Every time you have a new user on your team who need access to servers, you have to generate a certificate for him. It's a one liner. He will copy the certificate to his own machine. And the ssh client will automatically send the certificate when needed.

Generating certificates is the part that could be automated. You could for instance be given a certificate that expires in 5 minutes. That would allow you to login and stay logged in. But if you need to login again, you need to generate a new certificate.

@jaredbusch said in Bring order into IT environment in chaos:

@scottalanmiller said in Bring order into IT environment in chaos:

@pete-s said in Bring order into IT environment in chaos:

@eddiejennings said in Bring order into IT environment in chaos:

I've used DokuWiki in the past for documentation.

Yes, me too. But for this customer I will suggest they get something that is cloud based. And a little more specifically made for the purpose.

I can't find a good cloud based wiki. Either they suck or they are crazy expensive.

That has been my experience also

Confluence is quite good. Free for under 10 users, too.

@scottalanmiller said in Proxmox in production questions:

@dustinb3403 said in Proxmox in production questions:

@itivan80 said in Proxmox in production questions:

I am using a promox server with the following raid-RAIDZ-3. A variation on RAID-5, triple parity. Requires at least 5 disks. It works awesome for my VMs. It protects me fully if one disk goes down.

Raid 5 does this natively, how is this some amazing feature?

RAID 5 is single parity.
RAID 6 is double parity.
RAID 7 is triple parity.

This is RAID 7.

Sorry, I could've swore this said protects from 1 drive failure....

@Pete-S Nope. Don't sling code. That said, worked with lots of devs providing ops support. The extremely bright genius types that stand out and really had my respect, each technical team leads, were using one of:

VS Code IntelliJ EDEA

And notably, they'd seem to swap back and forth from time to time. At least long enough to trial new features of new releases. Big Company was footing the tooling bill so cost was not a consideration for them. Ymmv.

@Danp said in Need help with Autohotkey Windows:

@Pete-S Seems like someone already created the script for you -- https://www.computerhope.com/tips/tip224.htm

Edit: The above is based on this -- https://github.com/pmb6tz/windows-desktop-switcher

Thanks @Danp !

I had a look and it's complicated because you need DLLs and whatnot just to figure out which Desktop you are actually on. But then the script just runs Ctrl+Win+arrow to switch to the right Desktop.

So I borrowed that little bit but the rest went into the bin. I just run enough Ctrl+Win+Left_arrow to make sure I'm on the first desktop and then go from there.

This is what I have now (it assumes 8 virtual desktops present and uses Win+F1 to Win+F8 to switch between them):

#NoEnv #Warn #SingleInstance Force SendMode Event SetVirtualDesktop(DesktopNumber) { Sleep 100 Send #^{Left 8} if (DesktopNumber>0) { Sleep 100 Send #^{Right %DesktopNumber%} } } #F1::SetVirtualDesktop(0) #F2::SetVirtualDesktop(1) #F3::SetVirtualDesktop(2) #F4::SetVirtualDesktop(3) #F5::SetVirtualDesktop(4) #F6::SetVirtualDesktop(5) #F7::SetVirtualDesktop(6) #F8::SetVirtualDesktop(7)

@travisdh1 said in Run ls as another user?:

@Pete-S said in Run ls as another user?:

@travisdh1 said in Run ls as apache user?:

@Pete-S said in Run ls as another user?:

What's the easiest way to run ls as the apache user (which you can't login as)?

su -u apache ls

Did you mean sudo or su?

Because you can't do su apache . You get "This account is currently not available.".

I know the -u apache is needed to run a command as a user from su or sudo. I'm thinking the issue might be with the apache account being set to nologin in /etc/passwd. Just be sure to change the shell entry in passwd back when you finish up.

-u is the user for either, but sudo is a loginless command and su uses login. To use su like you are thinking, you also need -c to make it a single command. Both will work, but only sudo will work for a non-login user like this without the -c

@IRJ said in Notification mail in linux?:

@Pete-S said in Notification mail in linux?:

Or is email perhaps not a good way to get notifications when there is a problem?

Maybe email in this manner is old-skool and it would be better to use something else?
Like external log server, system monitoring (Zabbix) perhaps?

Yeah I would use SIEM. Then you'd create and manage your alerts from there. You could send to email, slack, etc.

You can use postfix for alerting as JB mentioned. I use postfix on the my personal servers because I don't manage enough to justify a SIEM.

I thought that SIEM was only used for security monitoring. What SIEMs for example are we talking about for this type of application?

@Pete-S said in Blind swap / automatic rebuild on linux:

@DustinB3403 said in Blind swap / automatic rebuild on linux:

@Pete-S said in Blind swap / automatic rebuild on linux:

@travisdh1 said in Blind swap / automatic rebuild on linux:

@Pete-S said in Blind swap / automatic rebuild on linux:

@travisdh1 said in Blind swap / automatic rebuild on linux:

@Pete-S said in Blind swap / automatic rebuild on linux:

I often see that the argument for using hardware raid is to be able to initiate an automatic rebuild by just swapping a faulty drive for a new one.
A lot of people assume that software raid can't do that. But that's incorrect.

Software raid on linux (as in md managed by mdadm) can do the exact the same thing.

It's under policy and partition policy in mdadm.conf. You'll find on the man mdadm.conf page.
The spare-same-slot option would be the one that works the same way as hardware controllers usually do.

I haven't used it myself since I prefer to initiate the rebuild myself. But I wonder if you guys have used it?

I don't think blind swap is about automatic rebuild, that's a given no matter what software/hardware RAID is running. It's more about seeing the light is red instead of green on drive 6, so you know that is the one to replace.

The only example of not having that available, that I can think of, is https://www.45drives.com/

I don't know man.
A typical SMB would have no monitoring and any server would be stuck in a closet somewhere. Nobody would notice any red lights until several months later or until something breaks and then they'd have no clue what to do about it, wouldn't know who to call and wouldn't have any idea if the server even has warranty (it never has). A spare drive wouldn't be available unless it was an old discarded drive left on the shelf from the last time something was replaced.

While probably true, that doesn't really have anything to do with blind swap.

I'm just saying those that have their server park under control doesn't really need any LEDs. And those that really needs it, doesn't look at it.

But it would actually be a small thing to make a script that would indicate faulty drives. You look at /proc/mdstat and any drive showing a _ instead of U is lit up on the drive bay. It's controlled by SGPIO or SES. That's how the raid controller does it.

I thought MD was already capable of performing this. . .

I don't think so but I could be wrong.

I mean you could run raid 1 on a pair of sd cards. Since that md works on any type of block device or partition there is no guarantee that there are any drive bay lights or anything of that nature. But it's possible that there is an option for it.

Has a quick look and it looks like the ledmon package monitors md arrays and set LEDs accordingly.
So yes, software raid can indicate what drive has an error directly on the chassis with some additional software.

@JasGot said in Creating email signatures?:

@Pete-S said in Creating email signatures?:

@JasGot said in Creating email signatures?:

For a few people to use? or for an entire organization and forced through policies?

For a small organization where everyone would change their email signature themselves or have an admin do it for them.

If we had the html for one email signature it would be simple to create a script that would create the individual email signatures.

For a relatively small group of people, most companies we work with just have one decision maker create their own, then distribute it to everyone else.

Notes:
The decision makers usually can't figure out how, so we (IT) hold their hand through the process.
Use their e-mail program of choice.
Do it in HTML.
Use standardize fonts (This doesn't mean don't use fancy fonts, it means use fonts that are likely in most OSes.)

Send it around with cut and paste instructions, asking each employee to edit the Name, Title and phone extension accordingly.

For groups under 25, we just do it, it's faster for to just do it than to teach 22 people about signatures. 🙂

Great, thanks!

Thanks, guys. It's actually the most logical solution that the ssh client side decides what keyboard layout to use.

So maybe I was mistaken then or it was something else that was off. I'll give it try with some different settings to verify how it works.

@Dashrender said in Best practice security updates linux servers?:

saying Well - Johnny is just better employee than you, so I choose to pay him more, that isn't going to make people happy, it will likely make them less happy...

You are looking at it from the employer's perspective. Of course it doesn't help the employer. It helps the employee when they can see what X work is worth. If employee 1 makes X for a job, and employee 2 wants to know their own value, they have something to go on. If you don't know what others are paid you have almost nothing to go on.

Remember on Spiceworks when loads of people would claim that $65K was the IT industry cap? Imagine if people (and companies) were able to repeat that without anyone speaking up! People would surmise that if $65K is the top for a CIO, that a system admin must cap out at $50K and a helpdesk tech at $9/hr!

But in the real world, we know that CIOs make well into the seven figure range, admins can get well into the multiple six figures. Even good help desk leads can hit six figures. If we didn't have others to compare against, it's easy to see people misunderstanding the scope of the industry by an order of magnitude.

@Pete-S said in Detect problems with OneDrive, Dropbox and other synced cloud storage?:

@JaredBusch said in Detect problems with OneDrive, Dropbox and other synced cloud storage?:

@Pete-S said in Detect problems with OneDrive, Dropbox and other synced cloud storage?:

@Dashrender said in Detect problems with OneDrive, Dropbox and other synced cloud storage?:

@Pete-S said in Detect problems with OneDrive, Dropbox and other synced cloud storage?:

We've recently started using Zoho Workdrive and I think it works about the same as every other cloud storage that can sync folders and files.

I'm wondering what happens if a client for any reason doesn't sync the data to the cloud anymore. Is there a way for admins to detect that, for instance in OneDrive?

On the client side there definitely is, not sure if there is on the server side.

I was thinking server-side. So if you have hundreds of users you could be certain that all of them are actually syncing their data (on a regular basis) and not just working on local files without sync.

Yes, O365 has reporting for that.
https://docs.microsoft.com/en-us/microsoft-365/admin/activity-reports/onedrive-for-business-usage?view=o365-worldwide
The server has to know when user have connected or not.

No idea for ZoHo.

Thanks, activity report makes sense! I guess if someone has no activity that could be an indication that something might be wrong.

Zoho Workdrive has that as well. https://help.zoho.com/portal/en/kb/workdrive/admin-console/activity-report/articles/activity-report

The O365 activity is based on file changes. not just "connected"