As promised... I still think it's corny, but oh well, I had fun, ha ha!

'twas the night before Christmas and all through the house
the AC was running 'cause we live in the South.

The stockings were hung by the windows with care.
Hope Santa don't find them, they need some fresh air.

The children were plastered with sweat to their beds
While visions of cold lakes danced in their heads.

And Mama in her bikini and I in my speedo
We settled out brains while watching Jay Leno.

When out in the kitchen there arose such a clatter.
I sprang from the bed to see what was the matter.

Away to the fridge I flew like a flash.
Tore open the freezer and saw more ice crash.

The moon on the deck all covered with straw.
I saw three deer and heard a crow's caw.

When what to my wondering eyes should appear
A gigantic sleigh pulled by 4 John Deere.

With a heavy old driver a thunder and crack.
I smacked my forehead, I knew it was Jack.

Louder and Louder his tractors they came
He cursed and he shouted and hollered the same.

"Aww come on you pieces of trash. Go! I'm fixen
to tear you a new one and take you to Dixon!"

To the top of the dell to the top of the hill!
Roll away, roll away, watch out for Jill!"

As dry clay before the wind blows,
I saw them take flight, to where God only knows.

So past the tree tops and hillside they flew,
There went the sleigh and even Jack too.

And then in a moment I heard a loud jingle.
On top of my house stood old Kris Kringle.

Down the chimney he flew with a crash,
He covered the room and kitchen with ash.

A bundle of what-nots and things on his back.
He opened his sack, even that was black.

His bald head did shine and sparkle by light.
His face was all red from the suntan he had.
He laughed and laughed, I thought he was mad.

His mouth drew up to curl with a smile.
I wondered if he might stop and stay for a while

I offered him a smoke from grampa's old pipe.
The tobacco, it burned, but boy was it ripe.

He had a broad face and a fat big ol' belly.
It jiggled and wiggled like marmalade jelly.

I laughed when I saw him in spite of myself.

A shake of his nose and a jerk of his thumb
Told me I could go back to bed and play dumb.

He went straight to work with a clothes pin attached.
He filled the old stockings with all kinds of snacks.

He bowed ever so slightly and gave up a nod.
In a poof he vanished leaving only fresh sod.

I heard him shout out, "My God it is hot!"
Then he bellowed and cried:
"Merry Christmas All Y'all and to all a Good night!"

ZeroTier Site-To-Site Setup

ASSUMPTIONS:

• Site A is on 192.168.10.0/24
• Site B is on 192.168.122.0/24
• Site A's VM is 192.168.10.2 for the Local Network
• Site A's VM is 10.0.0.107 on the ZT Network
• Site B is 192.168.122.1 on the Local Network
• Site B is 10.0.0.129 on the ZT Network.

Step 1: Build a Private Network on https://my.zerotier.com

Step 2: Spin up a Linux VM at each site. Connect and authorize them to the ZT Network and note their IP address. For instance:

Some folks have reported SIGNIFICANT performance improvement when using 2 cores / 2 vcpus for the Linux VMs.

Step 2B. Enable IP_Forward:

Follow your distribution's instructions to enable ip_forward and make it a permanent change... On most distros, this should work:

sudo echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf

You can then sysctl -p /etc/sysctl.conf to reload the configuration or reboot.

sysctl net.ipv4.ip_forward should return

net.ipv4.ip_forward = 1

if everything is going to work correctly.

Step 3: From either of the Linux VMs, ensure that they can ping one another on the ZT Subnet.

Step 4: Set up the Routes inside on https://my.zerotier.com

*Once you set up the routes in ZeroTier Central, you do not have to manually add them to your Linux VMs.

Step 5: Set up the Site Routes at the Routers for Site A and Site B

SITE A Main Router:

You'll notice for the router at Site A that I am using the INTERNAL network address of my Linux VM.

SITE A Linux Router VM:

[email protected] /root # ip route
default via 192.168.10.1 dev eth0 onlink
10.0.0.0/24 dev zt1  proto kernel  scope link  src 10.0.0.107
192.168.10.0/24 dev eth0 proto kernel  scope link  src 192.168.10.2
192.168.20.0/24 via 10.0.0.116 dev zt1
192.168.122.0/24 via 10.0.0.129 dev zt1

SITE B, KVM Server, no need for separate VM:

[email protected]:/root# ip route
default via <my public ip> dev eth0 onlink
10.0.0.0/24 dev zt1 scope link  #ZT Subnet
192.168.10.0/24 via 10.0.0.107 dev zt1 #SiteA, 10.0.0.107 is the ZT IP for the Linux VM at Site A
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1  #This server is Site B

**This was done on systems that do not have UFW or firewall-cmd enabled. You may have to set them up to allow traffic between your sites.

Okay... I think that's it. Mine is working.

If you have any questions or comments, ask away!

Samsung phones on their way back to the factory.

I was actually paying a little attention. I got the Dev 3 plan that's listed as $140 on the Web Site. I paid through Paypal and was only charged $70.

So it's all good. 8-)

Somewhere in another thread, somebody asked for a song about Mangolassi... So here it is. To the Tune of Beverly Hillbillies...

Now this is the story about N-T-G.
They made a forum; called it Mangolassi.
Then one day @scottalanmiller was looking for some food
@Minion-Queen showed up with a bubbling crude.
Mangos, that is.  Fruit drink, with alcohol.

Then @art_of_shred took a drink and said "Wheeeeeeee"
then they found him in the neighbor's tree.
Pecans or cherry?  I really can't see.
Then @scottalanmiller  said save some for me.

@bnrstnr said in What Are You Doing Right Now:

The VP of our company had his email hacked over the weekend. 4000+ spam emails sent from his account and a return email for each one stating that Microsoft couldn't deliver because it was flagged as spam.

I don't even know where to start with this because I know he kept plain text passwords in emails to himself. It's looking like they just hacked it to spam people, but who really knows? It appears that they had access for about a week and launched the spamming Saturday morning.

He had over 13,000 things in his deleted folder, too... I'm thinking he was using that as an archive.

He needs to wear this shirt for two weeks:

@Minion-Queen said in MangoCon 2017:

@Tracy_Burton said in MangoCon 2017:

@Minion-Queen
Sorry...When I see something posted, I assume its not still in progress.

As you should @scottalanmiller is the issue here

Pro Tip: If you want to keep a secret, don't tell @scottalanmiller .

@wirestyle22 said in Handling Downvotes:

@scottalanmiller said in Handling Downvotes:

@dbeato said in Handling Downvotes:

Imaging this on SW lol

I'm imagining a big ball of flames crashing from the sky in NJ.

Take the wheel jesus

I recently discovered a VPN-like service called ZeroTier (http://www.zerotier.com) that works similar to Hamachi or maybe Pertino (never used Pertino though!). Basically, it builds out a network within the internet... Each client would get an IP address in the IP space you specify (Private IPs, a la 192.168 or 172.16, et al). And each device in that network will be able to communicate with other devices that are connected and authorized.

The Technical FAQ on their site (https://www.zerotier.com/tech_faq.shtml) does a better job of explaining the way the nodes communicate than I can off the top of my head. The way the connection setups and everything works kinda reminds me of a P2P type application.

If you create an account on their web site and use their Controllers, the setup is quick and easy; their system provides networks that are free for up to 10 devices. You can also pay them a monthly fee of $4 per month per Network of more than 10 devices. There are currently clients for Windows (7 and up, including Server Editions), Mac, and Linux. It should also work on BSD based OSes as well, but you will have to compile it yourself. An Android version is in the works, but I am not sure about iDevices.

The software itself is open source, and you can build your own controller and create networks as large or small as you want. However, they do not offer a GUI by which to do this yet for self-hosted controllers, so you are left using the REST API for configuring the networks.

As an example, my current network runs on a hosted Linux VM as the controller, and it has my laptop, my office machine, and two other VMs connected to it. Each machine has an IP address of 192.168.y.z/24 The underlying OS sees those as actual network interfaces... IE: on my linux controller, it is listed as ztX, and in Windows, it shows up as another ethernet devie in Network & Sharing Center; I don't have a Mac to test on at the moment. You can also specify which subnet you want to use for your ZT Network, as long as it is not a publicly routable network, you should be fine.

They do have a gateway capability built in, but I have not tested it yet. It appears that you can have one of your client VMs provide access to the subnet behind it (equivalent of site to site VPN).

You can configure a network to be public or private. With the public, as the name suggests, no authorization is required and anybody that joins up will be granted an IP address. In a private network, each device that joins has to be manually authorized before it is issued an IP address on the network.

Using my own controller at the moment, things seem rather snappy. I get an average 45 - 50 ms ping time between one node and another. (I get a similar ping time using the public IP addresses between the two networks). I Copied a 2 megabyte file from SystemA to SystemB in ~3 seconds (would have been faster...but Windows...).

I did have to write my own PHP scripts for creating networks, deleting neteworks and authorizing devices (Not sure how to handle JSON in BASH / Shell scripting).

So far, it looks to be a secure VPN package with some nice level of controls. They are laying the groundwork for allowing rules (ACLs, if you will) so you can specify which devices can communicate to where, and in a true security first setup, unless you have a specific accept (allow) rule, the traffic is dropped.

The following screenshot is the admin dashboard on their site. Everything should be self explantory, but if you don't know what a setting is for ,the help menu along the right hand side provides a good enough bit of information to help.

Edit: Posted the dashboard screenshot, and fixed a few typos.

Update 8/31/2015 I got the Bridging feature that will let a ZeroTier Client become a bridge for the network that it sits in front of working. This effectively provides site-to-site or client-to-site VPN funcitonality. This feature has to be enabled for the devices using the server-side CLI if you are using your own controller.

IE: My home Network has a ZeroTier IP of 192.168.251.250, and my internal IP addresses are 192.168.10.1-254... So on my client, I add a route to 192.168.10.0/24 via my client's ZeroTier IP address... On my Linksys at home, I add a route for 192.168.251.0 via 192.168.10.10 (the LAN IP address of the ZeroTier client inside of my home network).

Hi all! I'm Brant Wells from Georgia way down south. I am currently working as an IT Minion for a college.

@rojoloco said in What Are You Doing Right Now:

@rojoloco said in What Are You Doing Right Now:

@dafyre said in What Are You Doing Right Now:

@rojoloco said in What Are You Doing Right Now:

Dealing with this....

Crypto'd? Or bad backups? .... or worse?

Looks like a password got out of sync and broke the scheduler service. All this, thankfully, is on our Cyber Recovery system, not production. And no backups were missed, but I will, of course, be monitoring it closely for 24hrs.

UPDATE:

Of course, the errors continued overnight, albeit at a slower pace. Today's fun - the scheduled production backups all failed. To the phone support, AWAAAAAAAAAYYYYYY!!!!!

Avanti!

Did you actually reset the passwords everywhere?

@dashrender said in Hello:

@dafyre said in Hello:

My wife and I were out to lunch one day and within seconds of one another, we got phone calls that appeared to be from her number.

It was hillarious. Of course, we didn't answer.

I raise holy hell with vendors who do that shit! How fucking dare you call me pretending to be my own number!!!

I guarantee if I get a call from my wife's number or my own number (has also happened once), and it is a vendor, I will be reporting them all over the place... oh, and not doing business with them ever again.

Besides, I only have once car, I don't need six warranties.

@phlipelder said in Random Thread - Anything Goes:

@dafyre said in Random Thread - Anything Goes:

@nadnerb said in Random Thread - Anything Goes:

Let me heal thy flesh wound?

I am more concerned with what looks to be a Bigfoot on his chest ...

EDIT: Oh wait! It's a CHICKEN!!!

Chicken!

My wife and I were out to lunch one day and within seconds of one another, we got phone calls that appeared to be from her number.

It was hillarious. Of course, we didn't answer.

@scottalanmiller said in Hello:

@gjacobse said in Hello:

Same here - actually got one of these on the service desk line...

I've called my brother like this once... after he did the same to me... AT&T has call screening - and I have turned on call block unless you are in my contacts.

If you run your own PBX you get that, too.

It's only a REAL problem when it shows up as coming from an internal extension, lol.

@rojoloco said in What Are You Doing Right Now:

Dealing with this....

Crypto'd? Or bad backups? .... or worse?

@nadnerb said in Random Thread - Anything Goes:

Let me heal thy flesh wound?

@notverypunny said in Random Thread - Anything Goes:

@dashrender said in Random Thread - Anything Goes:

@nadnerb said in Random Thread - Anything Goes:

Context is everything.

I took it more as globally defining variables is bad

This too.

@scottalanmiller said in Random Thread - Anything Goes:

@dafyre said in Random Thread - Anything Goes:

@phlipelder said in Random Thread - Anything Goes:

@nadnerb said in Random Thread - Anything Goes:

The lack of a light on the bottom drive # 8 is interesting.

That looks like a serious hardware failure. BTDT

I sure hope the backups were tested to bare metal/hypervisor so known good.

That looks like a server that went crazy right after I started here. RAID5 had a drive fail. Had one hot spare, so they thought they were good... until 6 more drives failed. It was funny to me.

Until. SIX. more. failed?

It was the little engine that could... until it couldn't... and then it didn't... at least until we had a dozen new drives in the system and backups were restored.

@wrcombs said in What Are You Doing Right Now:

@gjacobse said in What Are You Doing Right Now:

@wrcombs said in What Are You Doing Right Now:

I had 3 projects at the beginning of the week last week that are all now complete.

I am seeing project spawn projects that should be separate projects after the initial project is finished... It is a cascading mess...

Good on you for proving that they should reconsider they process / policy.

they wont sadly because of the "onsite" aspect of the job.
but When it's available I enjoy working from home.

So negotiate to work from home 3 days a week or something. Not that they'd let you... But it never hurts to ask.