Topics created by Pete.S

@scottalanmiller said in Is there a webcrawler issue with mangolassi.it?:

@Pete-S so odd, I wonder why they aren't indexing it any longer. I am not aware of any changes that would likely have prompted that.

Have a look at this:
https://www.bing.com/webmasters/help/why-is-my-site-not-in-the-index-2141dfab

If I remember correctly duckduckgo uses several other search engines, including bing, to compile it's results.

@Pete-S said in Production KVM server "hardening"?:

I'm thinking about running pure KVM on debian for virtualization hosts. Not Proxmox. There will be no GUI on the servers, no web interface, only ssh for management.

Do I need to do anything special to lock down the security?

I've never used KVM in production, only on my desktop and then I've had virt-manager as well as tools like virtsh. So I don't really know what is required for a pure KVM server to be as "secure" as proxmox, xcp-ng or whatever.

Keep the OS and everything updated. Keep drivers updated. Keep firmware updated. Use only key-based auth for SSH, add only specific devices to authorized_keys file. Ensure firewall configured well. Set up log alerts for access.

@Pete-S said in Live migration Proxmox?:

@JaredBusch said in Live migration Proxmox?:

@Pete-S That is what the docs say. I have never tried.

But also, why not have everything in the cluster? What is the need to make them "individual" hosts?

Pools (resource pools) as they are called in xenserver/xcp-ng will put at lot of restrictions on the hosts.

Pools are managed as one entity (through the pool master) and works best when you have shared storage.

They are however a huge hassle when you don't have shared storage. So hosts that use local storage and are individual are best kept as separate hosts. So in this case everything started out as pools but have been migrated to individual hosts.

Maybe it works differently in Proxmox, I've only used it in the lab on a single host.

I manage multiple servers through the single IP of the cluster, but you can still directly access the individual nodes if you desire.

I do not know about resource pools and such as I have not used those with Proxmox yet. Just multiple servers in a cluster, but no shared resources more than a setup for replication at one place. But that one is only for replication, so not a good example.

@travisdh1 said in TP-link business switches?:

@scottalanmiller said in TP-link business switches?:

@Dashrender said in TP-link business switches?:

@JaredBusch said in TP-link business switches?:

@scottalanmiller said in TP-link business switches?:

Yes, that's what I'm talking about. It's free and they host it for you. We've been using it for a few years. It's really quite nice. It's different than Unifi, which I can't explain. But it does a good job.

I've been using UNMS since it came out. They rebranded it to UISP a couple years ago. I had no idea, or forgot, that they had a free hosted version of it.

Yeah free hosted version as long as you have 5+ devices attached to it.

And they aren't very serious about the limits. If you are a vendor, you'll have enough to do it for free easily.

I almost have enough devices with just my personal stuff!

Exactly, it's not hard. Especially when the simplest devices count. Buy a couple for your lab and voila.

@Pete-S said in Linux alternative to FreeDOS?:

Maybe Alpine linux would be a good fit. I haven't used it as is though. Just know it has a small footprint, uses busybox which is a favorite for embedded systems and Alpine is also popular for container use.

Ubuntu fits on a stick and is well known. I'd just stick to that because it is easy and has loads of tools.

@Dashrender said in Zoho Mail has new secure sending option:

@Pete-S said in Zoho Mail has new secure sending option:

@Dashrender Good to know.

One purpose of the OTP is that you can't forward the email and have another person read it.

Not directly forward - sure, but you could screen shot it and forward that to someone.

I assume the OTP is more so that people don't have to create accounts in the Zoho system.

It looks like Zoho had the forwarding thing specifically in mind since they mentioned that on their website. A lot of people will forward messages without thinking about the sensitive information that is usually longer down in the mail. I've seen that a lot when I get emails forwarded to me with information that is clearly not intended for me.

In the MS system you have to create an account, same goes for Zix, even if you will only ever read this one message on that system.

Yeah, I hate that. It's just to get more users. I love OTP though.

I'll have to check how these secure feature works with sending huge mail attachments as well. Haven't tried it yet.

Hmm, now I'm thinking I probably should have installed Windows 11 instead...

Well, maybe not, I don't actually run it on anything else.

@Pete-S said in What do you use as an identity provider?:

@scottalanmiller said in What do you use as an identity provider?:

@Pete-S said in What do you use as an identity provider?:

You mean if you paid for M365 then you're already using Azure AD as your identity provider in which case JumpCloud serves no purpose?

For one thing, Azure AD is lacking connectors for normal things like Linux desktops. Doesn't even WORK in our environment or most of our customers, almost none. At most it works for SOME workloads.

There is another factor as well, which favors an independent identity provider and authentication. When you have everything in one place, you give too much power over your business to a single company. If you have a problem with Microsoft (or Google) all other services will be useless if you tied everything to Azure AD (or Google Identity Services).

Also changing "Office" apps from Microsoft to Google or to Zoho or whatever you might fancy will have far reaching implications. So less freedom to pick whatever is best for your company.

Excellent points.

@stacksofplates said in Organizational charts or similar info?:

This site is pretty popular form what I've seen.

theorg.com/organizations

Not sure if this is what you're asking for or not.

Thanks, that one was interesting, I'll look through it and see how detailed they charts are.

@pmoncho said in Email retention for non-regulated businesses?:

@dashrender said in Email retention for non-regulated businesses?:

@pmoncho said in Email retention for non-regulated businesses?:

@dashrender said in Email retention for non-regulated businesses?:

@scottalanmiller said in Email retention for non-regulated businesses?:

@pete-s In the US they tend to say "as short as possible." Email is always a legal quagmire and the best thing to do is to delete is as quickly as possible. Which, of course, can't be that fast. So we are generally talking 1-2 years. But you rarely want to keep it longer not because it likely contains details of people breaking the law, but because a legal discovery request is extremely expensive and a great way to attack even otherwise honorable businesses. It's a huge cost you can leverage against someone that they can only reasonably mitigate by not having much email to go through.

Man - that would be so awesome. But even if management did agree that - you'd have people that would be looking for ways to maintain the data for a much longer period - like printing and saving in a cabinet.. shudder.

I like many of the replies I get about cleaning out email. "Why, its free!" "Why, my 50 GB of email is nothing when we have 16TB drives for $200" "Why do I have to remove email older than 13 years, it isn't hurting anyone" "Why would I do that, I may need it later (Medicare Newsletters prior to 2010)" and the list goes on and on.

Exactly!

Then my next question is - if something is so important that you need to keep it - why is it in email in the first place? Why can't you get that data someplace else more related to whatever it is you're saving it for? (That said, I realize that other documentation for something simply don't exist).

Don't you dare get me started down this path. I had HUGE arguments about this with an ex-employee over the period of 10 years. The user could not/would not understand her email box is not a document database / DMS. The last I counted, she had over 300 different nested folders in her email.

Now that the user is gone, their mail copied to a shared mailbox for management to hunt/search and waste their time with if they choose.

It probably easier to have retention policy in place from the start.

If you know email retention is time-limited, you'd have to come up with some other way to store things.

But some people are just hopeless no matter what...

@gjacobse said in Launching Windows settings, screen shot etc from URI:

Interesting - I created a batch file that launches all of my daily applications in the office. It'll be interesting to see what I can move to this method...

You can look at what URI are registered to what applications by searching for protocol and you'll find "Choose default application by protocol".

That's how Windows knows what program to launch when it finds something like mailto:

You can also add your own URI to launch whatever app you want. That's done in the registry.

BTW, ubuntu and others have the same capability to handle URIs.

@pete-s said in What do you think about .app domain names?:

@scottalanmiller said in What do you think about .app domain names?:

If it is under the hood, why bother. If it isn't under the hood, I think customers get confused.

So you mean if it's customer facing it's better to stick to .com and there will be no confusion?

That is the only aspect that matters tbh, what people / customers think of it. All other aspects have zero impact.

@dashrender said in Where are MSP managed on-prem workloads moving?:

@pete-s said in Where are MSP managed on-prem workloads moving?:

Thanks, it does makes sense to move to SaaS solutions for a single customer that is doing their own IT.

But a MSP is in a different position because they, besides know-how, have a larger scale. So it can make economic sense to host things for their customers that doesn't make sense for each individual customer.

For instance does it makes sense for a company to have a server to host their website on? No, it doesn't. But if you're an MSP and your customers have a thousand websites that needs to live somewhere, it might make sense for you to host them.

I guess it also depends if you're an MSP that just manages things or if you also have your own hosting/cloud infrastructure or use another provider for that.

All good points. I have no view into that world, the few ITSPs I know are using other companies solutions, not rolling their own, or even hosting their own. Though some of them, we'll take JB for example, do manage all the stuffs other than hypervisor and hardware for things like a Ubiquiti controller, and PBXs.

If you really do have need to host 1000's of websites (or really massive sites, it could make sense to manage the whole stack, but then again, it could be better to get services from someone like Vultr, or in extreme cases like Amazon/Azure.

It's possible that ITSP/MSPs in the SMB space in general don't own any infrastructure themselves.

I know large companies that fully outsource their workloads to service providers. Those service providers host the workloads primarily in their own datacenters but also on public cloud infrastructure. But these service providers are often large companies themselves so they have scale.

@pete-s said in Yealink T41P and T41S difference?:

I've actually found one difference and that is that the T41S has a USB port and I don't think T41P has one.

Additionally, the general difference between the G and S line was the USB port and the ability to handle the OPUS codec. I would assume the T41P did not have OPUS support either.

@travisdh1 said in Best practice MFP scanning to email for M365 shop?:

@dashrender said in Best practice MFP scanning to email for M365 shop?:

@travisdh1 said in Best practice MFP scanning to email for M365 shop?:

@pete-s said in Best practice MFP scanning to email for M365 shop?:

@dashrender said in Best practice MFP scanning to email for M365 shop?:

@gjacobse
what brand MFPs are those?

My Canon's do fine with 1.2 to MS.

Do you set up the MFP with credentials from a M365 user?

Yep, need a licensed account, and the lowest priced one doesn't work. I forget what it's called at the moment, but you need a license that includes the local apps.

Even if you go with option 1, not sure why the lowest account with an email account wouldn't work?

Because the lowest cost email account is online only. A local device can't login.

I don't understand - why can't a local device login? Sure it likely can't use modern auth - but normal SMTP logon should work (though I think MS is killing that)

Also, as I mentioned - i'm using a totally free account (a shared account - shared only with me :P) through option 2 in the link I provided.

@hobbit666 said in AMD Epyc Gen 4 will have 128 cores, 5nm tech:

@pete-s said in AMD Epyc Gen 4 will have 128 cores, 5nm tech:

@obsolesce said in AMD Epyc Gen 4 will have 128 cores, 5nm tech:

What's the price going to be for one of these?

The top of the line AMD Gen 3 today is the 64 core EPYC 7763 2.45 GHz base clock and 3.5GHz turbo boost. 256MB L3 cache and 280W TDP.

That one is $8K list so the 96 core will be north of that. So maybe $12K or so.

With these prices I feel the line in that snippet is a bit false advertising. I wouldn't consider a 12k processor a "General Propose" computer. That would be more a specific use case in workstations 😜

EPYC are server processors, and these are standard general use. Balanced workload use with high thread count for virtualization.

Anything associated with Windows 8 was bound to fail.