IT Team gets together and creates the hold from hell.

https://www.theregister.co.uk/2016/04/29/it_helpdesk_creates_oh_hold_hell/

https://www.reddit.com/r/VOIP/comments/dypp36/20191119_critical_freepbx_security_vulnerability/

"There has been a criticial security vulnerability discovered in FreePBX which allows remote code execution without authentication."

v14/v15 should automatically update themselves. Earlier versions will not.

@wirestyle22 said in Random Thread - Anything Goes:

thanks

This is what's keeping me busy lately. Building a Chicken Coop, though we're calling it the Palace, for our girls.



We have Leghorns (apparently pronounced LegUrns, Rhode Island Red, and Plymouth Rock (black) to start.

Construction is 2x4 insulated 8' x 8' with the run being 20' x 8'. All those years in construction back in the day always seem to pay off in some way.

Apparently, I've been elected to be the one to get them from the coop to the table when the time comes.

@JaredBusch said in Manage domains and DNS for customers?:

@Pete-S said in Manage domains and DNS for customers?:

Is there a good way to manage domain renewals and DNS settings on behalf of a customer?

Basically handle everything and then invoice the customer. But the customer should still legally own the domain(s).

Anyone granted access to log in to the registrar can become the sole owner by transferring the registration to someplace that no one else has access to.

Without any legal contracts stating clearly how it all works, the legal owner is whoever is paying for it. That would be you, not them, in the scenario listed.

IANAL, but barring things like previously trademarked names, a company would likely not win (assuming cost of litigation is not an issue) in court if you said they did not own the right to their domain registration.

We actually put it in writing that we are managing their Internet properties and services and that ownership of said properties are theirs. If they decide to move on, it's in the contract that they would pay the fee(s) for the transfer out with the unlock codes presented once that process was initiated.

@dashrender said in Random Thread - Anything Goes:

@nadnerb said in Random Thread - Anything Goes:

So sad but true!

Why do so many companies have to hear it from an outsider before they believe it?

Prophet is never known as such in their own home land.

@scottalanmiller said in Typical services and software in SMBs?:

@pmoncho said in Typical services and software in SMBs?:

On a side note (very anecdotal), being nice has its benefits. I have seen on numerous occasions and even 3 times in the last month, an ITSP/MSP are nice till they get the account then turn into being total dicks! I don't understand it but it is so close to turning into axiom.

As an MSP, while I believe we are always nice, I can tell you that the customers practically demand this scenario. Time and time again, if you are nice to the client, they dump you for the next abuse dick that comes along, makes obviously false promises, pressures you into tripling your budget and signing long contracts with no protection for you. The average client only wants a vendor that treats them bad. I can't explain it, but the better job you do, the less likely a customer is to keep you. Obviously the great customers aren't like this, but good customers are few and far between. Most want to micromanage and IT is just scapegoat for their own mistakes.

Our longest standing client was is a company I started supporting at the end of 1998. All of our clients would sign a cheque today for anything that would be needed for the IT to function as it has been since we took it over.

We divorced our last abusive client over 10 years ago. IT was a bleed for them so we did a lot of break/fix to the tune of $xKs per month but they would take 90+ days to pay and we'd have to chase them for the cheques.

After getting fed up with them not updating/upgrading their garbage and the payment situation a simple e-mail went out with the following:

• As of January 1, 2012 our rates and expectations will be:
  ** 24 Hour Response Time (Defined as our reaching back out to you)
  ** 24 Hour Response Time Rate: $225/Hour
  ** 8 Hour Response Time Rate: $275/Hour
  ** 4 Hour Response Time Rate: $295/Hour
  ** Immediate Response Time Rate: $350/Hour

Heh, within seconds of hitting SEND they called back. :0)

Boundaries are boundaries. If we get an impression with red flags, my wife and business partner is really good at picking up on them versus myself, then we'll discuss whether it's advisable to pick up the business.

That being said, when we were starting out we took the business that we could and learned through the School of Hard Knocks, sometimes to the tune of substantial loss, all the while figuring out the best way to assess incoming for those flags.

@dustinb3403 It's been a while, but there's a set of files the Mac writes to all folders it touches. .DS_Store or something like that.

We've seen busy graphics houses have their file servers brought to their knees by this "feature".

These guys: https://dea.nbird.com.au/2014/11/19/windows-server-prevent-mac-files-on-shares-ds_store-_-trashes/

@Danp Whoever made the T-Shirt was probably too intimidated to mention the grammatical error or maybe let it go because the guy was a d*ck.

@WrCombs said in DHCP Question...:

This is for a friend of mine who asked me ; And Wanted to be able to send him a link to read up on DHCP Best practices and ideas on his situation.

He came to me and said "if you set up a dhcp why do you set up .2-.254 with a gate way of .1
don't you want to keep some open for Static IPs... for example: printers?"

what can I say to him other than .1 is reserved for gateway? .1 is the gateway so it can't be used in the scenario.

He is explaining to me that this company Cybera is setting up a firewall for him at his location and is curious why they would leave it that wide and open without any reserved Static IPS.

I'm sending him the link to this thread to have him read through the answers I get.

Our rule of thumb, and it's a "we've been doing it this way since ... so we keep doing it this way" situation, is to set up the full subnet in DHCP and then set exclusions for what we want to set aside for servers, printers, and the like. We generally set printers via reservation.

Here's a simple scope setup in PowerShell:

Add-DHCPServerInDC
Add-DHCPServerv4Scope -Name "OUR Local Scope" -StartRange 10.100.10.1 -EndRange 10.100.10.254 -SubnetMask 255.255.255.0
Add-DhcpServerv4ExclusionRange -ScopeID 10.100.10.0 -StartRange 10.100.10.1 -EndRange 10.100.10.49
Add-DhcpServerv4ExclusionRange -ScopeID 10.100.10.0 -StartRange 10.100.10.200 -EndRange 10.100.10.254
Set-DhcpServerv4OptionValue -ComputerName DC.Domain.com -DnsServer 10.100.10.254 -DnsDomain Domain.com -Router 10.100.10.1

The announcement page: Starwood Guest Reservation Database Security Incident Marriott International

My thoughts on the matter though rather curtailed from what I really want to say due to polite company: Some Thoughts on the Starwood/Marriott Reservations Database Breach

@gjacobse said in Eaton Rack Mount 5P: power on issue:

@scottalanmiller said in Eaton Rack Mount 5P: power on issue:

@gjacobse said in Eaton Rack Mount 5P: power on issue:

@jt1001001 said in Eaton Rack Mount 5P: power on issue:

@gjacobse Could just need new batteries maybe one of the cell's is low

While possible- it’s a new unit.

But might have been on a shelf for a while?

True,
Pulled it down and testing it… likely will need to exchange it. Reset, pulled the battery,.. still doesn’t want to turn on… but you clearly hear it ‘running’ while charging.

Does it have a network management card installed so that you can look at the logs? It could be a controller fault, a charging circuit fault, battery, and others.

@Pete-S said in Local Storage vs SAN ...:

@scottalanmiller said in Local Storage vs SAN ...:

vSAN is any SAN run virtualized

I think that is incorrect. The definition is virtual storage area network. A software defined storage area network if you will.

That is not the same as a virtualized storage area network.

There's some contention around the "vSAN"/"VSAN" designation.

StarWind and VMware adopted the vSAN designation for their Hyper-Converged Infrastructure solution sets IIRC. Both did.

HCI means local storage on each node, a dedicated network fabric for node to node storage I/O, and resilience/redundancy for the disks based on how many nodes and what kind of performance is needed.

Fault Domains are at the disk and node level while some products allow for a form of Stretch Cluster which could be rack to rack, DC to DC, or intra-DC within a certain amount of latency (S2D/AzSHCI is 5ms or less).

@BraswellJay said in Local Storage vs SAN ...:

We are planning a server upgrade and I find myself faced with the question of whether a SAN is necessary. I know there have been many posts both here and on other forums about SANs being oversold in situations where they are not needed. My gut instinct is that my situation is one that really doesn't require a SAN, yet I still find myself unsure that I understand the various questions that I should be considering when making this decision.

I bought a copy of Linux Administration Best Practices by @scottalanmiller and am reviewing the chapters on system storage, in particular the parts on SANs, local storage and replicated local storage.

Our needs are not sophisticated. We will have only a handful of VMs. A file server, sql server, freepbx, inventory management system server, security system server and an internal application server for a few internal tools. For most of these we can afford some downtime in the event of a host failure. The exception is really the SQL server. While it would not be catastrophic for some downtime it would be far superior from a continuity perspective if it could fail over to a secondary host if necessary.

With that in mind, I had planned for two hosts so we could survive a failure of one of them. My primary confusion though is how would I accomplish replicated local storage. Is this functionality that the hypervisor must provide? The best practices book mentions several technologies (DRBD, Gluster, CEPH) that can be used for RLS but I would think that these would have to run in the hypervisor itself and not as separate VMs on the host. Is that correct?

In general, for relatively small environments such as mine, is it feasible to even attempt local storage replication? Our MSP has quoted an EMC SAN device to the tune of $25k so that VMs could be migrated between hosts with storage being on the SAN. What would an implementation without the SAN look like if I wanted to maintain the replication and the ability for the VMs to be migrated between hosts?

A Hyper-Converged Infrastructure setup would be the best way to go IMO.

Two nodes with decent AMD EPYC 16 Core 155 Watt+ CPU and 8x 64GB ECC if Rome/Milan based or 12x 64GB ECC if Genoa based.

We only do Microsoft's Storage Spaces Direct (S2D) and Azure Stack HCI with most of our HCI platforms being S2D.

The first place to start is here: www.liveoptics.com

Get a baseline for each VM. Daily highs and lows, weekly, and monthly. Get an idea of what the demands are on the current infrastructure.

With solid evidence on-hand, go to planning the HCI setup with enough IOPS to live today and into a 5 year future. That means knowing some company history to get an idea of growth.

@scottalanmiller If the timing is regular then look for a chron job running at that time. Or, is it "cron"? Meh ... *NIX skillset is pretty green.

@scottalanmiller Wow, what a set of responses.

The elephant in the room: The U got code committed to the kernel. It could have been anything and no one would be none the wiser.

Assumption is the mother of all f*ckups and anything but the above statement that is stating the obvious is superfluous. Period.

But please, continue to try justifying the results and the behaviour of the Kernel Team.

Just an FYI: It won't wash with me.

@scottalanmiller said in Microsoft script recreates shortcuts deleted by bad Defender ASR rule:

@PhlipElder said in Microsoft script recreates shortcuts deleted by bad Defender ASR rule:

The Kernel team showed a really bad side of themselves there. Very immature.

What now? So you think that Windows would just let malicious entities add changes with no ramifications? I think not. And I'm unclear why you'd want that.

I feel like you are racing to defend closed source at any cost and are getting really emotional here. And you are mixing concepts of repos, specific managers, security and other things and using all those things are proxies but then claiming it is the licensing that creates or determines those. What?

No Feelings here Scott just thoughts.

SolarWinds is a good example of the clusterf*ck that can happen with closed source.

Neither are perfect but when it comes to the balance of "trust" I think closed source has the edge.

The U publishing code their parrot could have written under the noses of the Kernel Team makes it clear that anyone with COMMIT status could do so. Anyone.

There's a big difference there as that ANYONE could be a lot more than what should be a closed loop supply chain.

In both cases, there has been a demonstrated failure to test their code prior to publishing and to operate under a zero trust paradigm.

@scottalanmiller said in Microsoft script recreates shortcuts deleted by bad Defender ASR rule:

@PhlipElder said in Microsoft script recreates shortcuts deleted by bad Defender ASR rule:

Is OSS any better? Nope.
https://www.theverge.com/2021/4/30/22410164/linux-kernel-university-of-minnesota-banned-open-source
In fact, a very big NOPE.

What? It's SO much better. And you provide a famous reference as to why it is better.

Huh?

The U published code under the noses of the Kernel Team with not a peep out of the KT until the U pointed out that they did it?

Seriously?

@Pete-S said in Microsoft script recreates shortcuts deleted by bad Defender ASR rule:

@PhlipElder said in Microsoft script recreates shortcuts deleted by bad Defender ASR rule:

So glad we're holding back on deploying Windows 11 and staying out of Microsoft's cloud where we can.

I'm trying to decide if running Windows is more like having a live virus on your computer or if it's like having a government controlled device that you bought and paid for but have no say over (it's for you own good of course).

Is OSS any better? Nope.
https://www.theverge.com/2021/4/30/22410164/linux-kernel-university-of-minnesota-banned-open-source

In fact, a very big NOPE.

At least with closed source one can "trust" to some degree that the vendor is not going to outright shoot themselves in the foot.

That story above shows that anyone and their dog can hypocrite commit and no one would be none the wiser. None. Nada. Zippo. Zilch.

The Kernel team showed a really bad side of themselves there. Very immature.

@Dashrender said in Microsoft script recreates shortcuts deleted by bad Defender ASR rule:

Microsoft script recreates shortcuts deleted by bad Defender ASR rule

Microsoft released advanced hunting queries (AHQs) and a PowerShell script to find and recover some of the Windows application shortcuts deleted Friday morning by a buggy Microsoft Defender ASR rule.

https://www.bleepingcomputer.com/news/microsoft/microsoft-script-recreates-shortcuts-deleted-by-bad-defender-asr-rule/?utm_source=spiceworks-snap

Does it work?

What a clusterf*ck of a mess. The number of folks we've seen hit by this is astounding.

So glad we're holding back on deploying Windows 11 and staying out of Microsoft's cloud where we can.

@jt1001001 said in Printer Recommendations??:

@Pete-S HP MMFP 477 they were here before I started; frequent roller issues causing problems with paper jams

We have lots of M4xx and M5xx series HP MFPs in place.

They do v4 printer drivers for their printers which is important.

They are easy to maintain. The WiFi sucks if that's needed on all HP printers. If the printer doesn't get used it drops its connection whether dynamic or static IP. Have to kick it via control panel.

They just drop in. Copiers are a PITA and usually involve contracts that require print/page count monitoring. Lately, copier providers here are requiring a third party app to be installed on the network to "monitor" their machine(s). Nope. Won't do it.

HP drop in, set up, deliver via Group Policy, and done.

We had lots of grief with Lexmark a while back so we don't do anything with them unless specifically requested to do so. Same with Brother. Blech.

Xerox Phaser but they are expensive and are expensive to run. Impeccable prints every time and essentially bulletproof. But, expensive.