Well, my first interview is Tuesday, even before my final pay check is due

@DustinB3403 said in What Are You Doing Right Now:

@RojoLoco said in What Are You Doing Right Now:

@DustinB3403 said in What Are You Doing Right Now:

@RojoLoco That is a totally different life style to what I was imaging...

So where do they grow their plants if they don't have land to work? Where do they sleep if they don't own or rent? And don't they ever just get an urge to have a big fat juicy steak with a side of shrimp?

The answer to all those queries is "who cares, they're filthy hippies".

hey now, hippies have a use, like human shields.... or fertilizer for feed for beef farms..

Yes, they made my news feeds again today.

https://www.bleepingcomputer.com/news/security/hardcoded-password-found-in-cisco-software/

Since Cisco keeps being so popular with the security breaches and vulnerabilities, I figured it's time they get their very own thread.

Well, looks like I will be able to make it, thanks to @DustinB3403!

Dilbert and one of the big topics around here:

Thought I'd drop one of my current projects here. It started as just wanting a way to see what the temperature in a room is without having to have someone go check. (It's another building in a locked room few people have a key for.)

We already have lots of project cases, and also already had a Raspberry Pi. The new $5 Pi would need a network connection of some sort, so figure $10 for the networked PC ($20 if you need a power supply and memory card as well). I splurged at $13 for a combination temperature and humidity sensor. I went ahead and added a door sensor as well, it was $2. I also got a Cobbler Plus GPIO Breakout for $8 and a Perma-Proto board for $6. Total cost for me was $29. If you need a Pi as well figure ~$50 for everything. Compare that to any of the commercial offerings!

I'll post the code I use for everything here, along with references where possible. After all, that's where the real cost of these little things end up being.

It might be good to add a battery backup to it as well, which is quite easy, but I have no real need for that (if the power is out, the temperature isn't going to be getting out of control.) Adafruit makes it really easy.

@eddiejennings said in What Are You Doing Right Now:

Thing learned today: Domain controller must have SMB v1 enabled for a Server 2003 member to join the domain.

I learned that I only have to get inside your LAN in order to steal all the network data.

This is mostly to make things a matter of public record, in addition to a bit of a rant.

Got a call yesterday morning. They can't process credit cards. That office happens to use Intuit/Quickbooks for everything from inventory tracking, to payment processing and accounting. I've been down the road of getting away from Intuit often. Don't know if this will push them past the edge or not.

Ok, spent 2 hours manually doing updates because the automatic ones broke along the way somewhere. Updates complete. Good, we should be up and running. They try to login, and get asked for a code. Ok, check the email address... nothing.

Now I'm calling Intuit support (bad idea, but we're basically not in business at this point.) That's a 3 hour call where I'm told something is wrong with our email server.

Fine, hang up with one unhelpful peon. Go eat lunch (3:30pm at this point, my blood sugar is about to tank.)

Get back into the office around 4:30. Enough time to find something very interesting in the server logs...

2016-10-05 14:01:56 H=lvmailappout12.intuit.com [199.16.139.22]:30939 sender verify fail for <[email protected]>: response to "RCPT TO:<[email protected]>" from mailin.intuit.com [206.108.40.19] was: 550 #5.1.0 Address rejected.
2016-10-06 11:17:10 H=mailout203.intuit.com [206.108.40.17]:49121 X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed

Now, I spent way to much time figuring out how to deal with spam, and have gotten it figured out for the most part. So, they are sending a confirmation code out using an address that their own email server does not acknowledge as being valid. Yet it's somehow my fault that the email is not being delivered.

Spent another 2 hours on the phone this morning going over the same stuff. We're working through alternatives, none of which are something the business would normally find acceptable.

This on top of them having me enable SSL2 in the browser. Uhm, these computers have to remain PCI compliant, and they just purposely made them non-compliant.

Malicious company, let it be known.

Getting noticed is easy!

Getting the right kind of notice is very hard!

http://www.bleepingcomputer.com/news/security/900-000-routers-knocked-offline-in-germany-amid-rumors-of-cyber-attack/

On Facebook, Deutsche Telekom engineers recommended that users unplug their devices, wait for 30 seconds and restart their router. If the equipment fails to connect to the company's network, engineers told users to disconnect their device from the company's network permanently.

To compensate the downtime, Deutsche Telekom is offering free mobile Internet until the technical problem is resolved.

DSL routers all over Germany, and presumably worldwide if anyone else happens to be using the same DSL Modem that got hit by this.

@thwr, hope you're still running!

@scottalanmiller said in Happy Birthday Thread:

Happy 0th Anniversary to @travisdh1

@Dashrender said in Need advise, restoring domain controller and email server.:

Great to hear you got an MS tech who was willing to help.

This has been my experience as well. They seemed to bend over backwards to assist in resolving my issues.

Sadly - it seems Scott has not had this experience.

It's like playing whack-a-mole, they do have some good people. The problem is, it's only some, and trying to find a good one is always difficult.

shibboleet

@wirestyle22 You're AD environment reminds me of this:

How to setup DNS-over-HTTPS on Fedora based PiHole.
Ref: https://bendews.com/posts/implement-dns-over-https/

Now verified. Should be good, so let me know where I messed up.

I've also written a script, because I'll want to do this a few more times, and what IT person doesn't like automation?
https://github.com/travisdh1/FedPiHSecDNS

Download Cloudflared

wget https://bin.equinox.io/c/VdrWdbjqyF/cloudflared-stable-linux-amd64.rpm

Install the downloaded rpm file

sudo dnf -y localinstall ./cloudflared-stable-linux-amd64.rpm

Add a user for cloudflared to run as

sudo useradd -s /usr/sbin/nologin -r -M cloudflared

Change the executable ownership

sudo chown cloudflared:cloudflared /usr/local/bin/cloudflared

Create /etc/default/cloudflared

sudo nano /etc/default/cloudflared 
# Commandline args for cloudflared
CLOUDFLARED_OPTS=--proxy-dns=true --proxy-dns-upstream https://1.1.1.1/dns-query --proxy-dns-upstream 
https://1.0.0.1/dns-query --proxy-dns-port 5053

Change ownership on /etc/default/cloudflared to cloudflared

sudo chown cloudflared:cloudflared /etc/default/cloudflared

Create /lib/systemd/system/cloudflared.service

sudo nano /lib/systemd/system/cloudflared.service 
[Unit]
Description=cloudflared DNS over HTTPS proxy
After=syslog.target network-online.target
[Service]
Type=simple
User=cloudflared
EnvironmentFile=/etc/default/cloudflared
ExecStart=/usr/local/bin/cloudflared $CLOUDFLARED_OPTS
Restart=on-failure
RestartSec=10
KillMode=process
[Install]
WantedBy=multi-user.target

Enable, start, and check that cloudflared is running

sudo systemctl enable cloudflared
sudo systemctl start cloudflared
sudo systemctl status cloudflared

Check that the cloudflared service is working

dig @127.0.0.1 -p 5053 google.com

Should look something like:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> @127.0.0.1 -p 5053 google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65181
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1536
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 299 IN A 243.65.127.221
;; Query time: 3 msec
;; SERVER: 127.0.0.1#5053(127.0.0.1)
;; MSG SIZE rcvd: 65

Edit /etc/dnsmasq.d/01-pihole.conf
Comment out with a # on the beginning of the line any existing 'server=' lines.

sed -i 's/server/#server/' /etc/dnsmasq.d/01-pihole.conf

Add a line containing 'server=127.0.0.1:5053'

sudo nano /etc/dnsmasq.d/01-pihole.conf
Add server=127.0.0.1:5053 on the last line

Restart the pihole-FTL service

sudo systemctl restart pihole-FTL.service

Your PiHole install is now using CloudFlare's DNS over HTTPS.

Suddenly glad I haven't purchased the ticket yet, fingers crossed.

#HelpDeskFail "“So I called up, told them I was new and I didn't understand how to get past [the portal],” the hacker told Motherboard. “They asked if I had a token code, I said no, they said ‘that's fine — just use our one.’”"

@scottalanmiller said:

Under 100 PMs now!!!

I take it the SPAMSAM project didn't go anywhere? What an oddity, an online community that can recognize a joke comment for what it is.

In addition to the 3 you listed.
glances - the shell system monitor to use, everything including temp sensors if configured. Replaced htop, iftop, and iotop for me.
screen - because it's just handy to be able to leave programs running and logout at the same time.

@aidan_walsh said in Apple Completely Redesigning the Mac Pro Again:

@scottalanmiller According to John Grubers piece on it they designed themselves into a corner

But they were forthcoming about the fact that the current Mac Pro isn’t meeting the needs of all the users who need a Mac Pro. Federighi:
"I think we designed ourselves into a bit of a thermal corner, if you will. We designed a system with the kind of GPUs that at the time we thought we needed, and that we thought we could well serve with a two GPU architecture. That that was the thermal limit we needed, or the thermal capacity we needed. But workloads didn’t materialize to fit that as broadly as we hoped.
Being able to put larger single GPUs required a different system architecture and more thermal capacity than that system was designed to accommodate. So it became fairly difficult to adjust. At the same time, so many of our customers were moving to iMac that we saw a path to address many, many more of those that were finding themselves limited by a Mac Pro through next generation iMac. And really put a lot of our energy behind that."

In other words: We thought everyone would redesign their apps to work well on our 2 mid range GPU system, and ignored the entire industry that has always said a single fast GPU is better than 2 mid range GPUs.

@MattSpeller Here I was going to offer some sort of encouragement to you, but honestly, this conversation just motivated me to finally ask that librarian I know out. Hope you have a good time, however things work out!