@syko24 said in Zerotier on Windows firewall rule question ...:

@BraswellJay - check which firewall profile is selected for your ZeroTier interface. Is it set for public on your computer or the computer you are trying to access?

They are set to work networks on both:

250ac923-99eb-4d16-bfdb-64b7cdd93799-image.png

All of the firewall rules are set to apply to all profiles:

12dac406-c669-430f-9b4a-e0be3bd85650-image.png

@scottalanmiller said in Intel SR2600urlxr Raid:

@Dashrender said in Intel SR2600urlxr Raid:

Can the actual backplane prevent you from having larger drives? I understand it can be a performance bottleneck, but drive size prevention?

Absolutely, always has.

To clarify, this isn't ALWAYS the case. The backplane can limit drive speed and/or size if it's an expander-type backplane.

On Supermicro, for example, if you have a chassis that ends in "TQ" this means the backplane is not an expander and is merely an input ("direct attached") board allowing SAS connections to it. I.e. you use an SF8087 fanout cable and run the 4 SAS sideband connectors to each port on the board.

Also from Supermicro is the "A" chassis which utilize a breakout backplane which takes a SF8087 input cable and then "breaks out" to 4 connections for 4 drives without modifying the instruction set from your card.

While cabling with both of these become messier than expander backplanes, they're almost forever upgradeable. So whether you bought your 32 drive chassis yesterday or 8 years ago, you can still obtain SAS2 speeds from it and large drives. One can also use a SAS3 card with a SFF8643 to SFF8087 cable, though you will be speed limited to 6Gbps.

@stacksofplates said in Path from on-prem Windows servers to hosted/cloud (Azure)?:

@dwright1542 said in Path from on-prem Windows servers to hosted/cloud (Azure)?:

I can't count the number of people in the last 12 months that we've "de-clouded" after a CIO got in there and made the switch.

Any examples?

LOL, yeah, a friend's company did something like that and laid off all their support personal, then a year later, the company bailed because service was so bad and pulled shit back inhouse..

@Pete-S said in What subdomain for web conference/meetings?:

Thanks!

meet.example.com looks more generic so I'll use that.

I agree. Seems potentially less confusing for users.

@Pete-S said in Public Web Meeting Options:

I'm thinking about setting up Jitsi on one of our colo servers.

It works great. We have one, too.

@JaredBusch said in Distro for school work?:

@Pete-S said in Distro for school work?:

Installed minecraft as well and it was really easy.

Just click on the link to the deb package and you're done. Apt package manager will pull in java and whatever else that is needed.
https://launcher.mojang.com/download/Minecraft.deb

Webcam works, tested it with cheese, which is installed by default.

All in all a smooth experience and mission accomplished.

If Roblox worked on Linux I could switch my kids. Those are the only two PC games they play at the moment.

Same

Yessir, I can help. Hit me up and we can talk options!

@stacksofplates said in RDP to RDP to RDP?:

@Pete-S said in RDP to RDP to RDP?:

@Obsolesce said in RDP to RDP to RDP?:

@Pete-S said in RDP to RDP to RDP?:

Purdue Model

Except that model is basically dead...

https://dale-peterson.com/2019/02/11/is-the-purdue-model-dead/

No, not at all. You have to listen to the whole thing if you are going to draw any conclusions. Can't just google and use the headline 🙂

It really is. It’s overly complex and has much less return on investment and security than something like the zero trust model.

I'm not an ICS infosec expert. I just know what enterprises that have big plants in the oil & gas, pulp & paper, chemical industry have and what they have is what I said they have. And if I look at Homeland Security, NIST etc what they have as best practice is what the customers are doing. Will it change in the future? Sure, everything does.

@DustinB3403 said in Virtual team ideas?:

Time sensitivity is important, people have a hard time showing up on time for a meeting physically. Making people wait with a headset on is just additional irritation that they won't take well.

I personally always show up early 1-5 minutes for a meeting. If I had to wait an additional 15 I'd be using collage rules and counting my attendance as there even if the host isn't.

I think putting a headset on is easier than going to room a people honestly.

@JaredBusch said in ? Need help getting Postcards from Skyetel working........:

when not fully setup to be agnostic and fully contained correctly, docker sucks as a deployment solution.

Exactly. It CAN be an amazing tool, when used correct. When not, it is a train wreck.

TL;DR: Docker is a tool, not the solution.

@travisdh1 said in Apple 2FA:

@Dashrender said in Apple 2FA:

@JaredBusch said in Apple 2FA:

@black3dynamite said in Apple 2FA:

Allow approval from notifications. But it's disabled if you enable Authy protection PIN.

@Dashrender read the entire fucking line....

The app supports it unless you proctect it in the first place. which you should..

It has nothing to do with the service.

I don't recall such a conversation - I'm specifically talking about push notifications - I was unaware that third parties were able to register for and receive push notifications like Google and MS (and frankly Apple) provide their MFA apps.

This is a whole other topic again.

When do you think apps stopped being able to do push notifications? That's all it is.

huh? The MS authenticator registers itself for push notifications from MS, GA does from Google - are you saying you can do that with Authy for google and microsoft services?

I completely understand that I can add TOTP to Authy for MS and Google, but I quoted and am specifically asking about push notifications from those via Authy.

My google foo is finding nothing but people bitching about how authy does NOT support push, but does support TOTP.

Now all that said - I see that Authy has created One Touch - and that One Touch as an API that allows push notifications, but I can't find anywhere that says that Google/MS have enabled that feature.

I use this 61 watt apple charger for all my USB-C charging needs.

It even works for my P1, but only slow charges that, but as you can see, USC-C dishes out high voltage and at 3 amps, as well as lower voltage for phones.

20200317_073732.jpg

If you can limit a client to just one IP and just tcp 3389 in your firewall that should be enough.

Disable shared drives or the user is able to infect the work pc with files from his home pc.

Typically when we connect with VPN to enterprise networks to do work on certain servers or what not, we get a static ip and then they have firewall rules to determine what IPs / ports we can reach. So yes, the computer we use is on their LAN but only through a very small and restricted opening that just allows RDP to just the one server we need to access. Everything else is blocked.

Oh I see. Will have to check that out too then. Thanks!

Going to work on this, finally, after dinner tonight.

Thanks for those that posted.