Topics created by brandon220

@Doyler3000 said in Proxmox in 2022:

I've moved most of our important stuff onto Proxmox over the last 2 to 3 years. It's been great.
I've been using the PBS as well for the backups - it's so much better than manually doing full backups of VMs (which was the case with KVM and it's tools).

So thumbs up for Proxmox from me.

We've been using PBS too for backups more recently.

@dafyre During my rsync it dropped to 101kB/s. Very strange. No other network traffic.

@brandon220 said in New PBX - Which one?:

It is 100% their fault and they realize it. It is one of those instances where the bill just kept going up each year and they kept paying it. They have had this service for decades.

That wasn't a good price in the 1990s. By 2000, it was beyond absurd. At best, it's been insane for twenty years.

@gjacobse second on Viking we use and resell them

@brandon220 I think Proxmox is a great front end for KVM. From what I see in the updates the other day, they are improving their backup server as well. The only type 1 hypervisor I don't like or not a fan of is Hyper-V. I can use it but it needs some tweaks if you don't have it joined to a domain. But there are some good backup products for it. EXI is good but see no point on me paying for it and no point in using the free version as the API's for VM backups are disabled.

@scottalanmiller
That makes sense.

@Pete-S said in Windows and NFS:

@scottalanmiller said in Windows and NFS:

@Pete-S said in Windows and NFS:

@scottalanmiller said in Windows and NFS:

@brandon220 said in Windows and NFS:

@Pete-S The locking is also what I was referring to. I will most likely set the share up for both and do some testing.

There should be locking from the filesystem so that either Samba or NFS has the file at any given moment. It's the filesystem's job to make sure that two processes can't access any given file at the same time. That the processes are NFS or Samba shouldn't matter. NFS or SMB can have another partial lock on top of that, for sure. But that should be on top of the file level lock.

That is an incorrect assumption. Read this: https://en.wikipedia.org/wiki/File_locking

Which part? I read the part of NFS, but that doesn't seem to apply. That would cause problems, but not corruption problems, right?

Just that comparing windows and *nix you see that there are different file locking mechanisms in play. That is what could cause corruption. Samba has to support Windows mechanisms while it's file system is residing on unix.

For instance from Samba 3.0 documentation (for historical context only):

Record locking semantics under UNIX are very different from record locking under Windows. Versions of Samba before 2.2 have tried to use the native fcntl() UNIX system call to implement proper record locking between different Samba clients. This cannot be fully correct for several reasons. The simplest is that a Windows client is allowed to lock a byte range up to 2^32 or 2^64, depending on the client OS. The UNIX locking only supports byte ranges up to 2^31. So it is not possible to correctly satisfy a lock request above 2^31. There are many more differences, too many to be listed here.

Samba 2.2 and above implement record locking completely independently of the underlying UNIX system. If a byte-range lock that the client requests happens to fall into the range of 0 to 2^31, Samba hands this request down to the UNIX system. No other locks can be seen by UNIX, anyway.

That's very complex. But it sounds like Samba is just... not locking the file and hoping for the best?

@brandon220 said in Browsing shares from W10 (2004) on a domain:

Thoughts?

Create a shortcut on the desktop for our user to get to the shares they need. If AD is setup, use GP to add them.

@travisdh1 said in Win 10 Pro to Fedora 32 NFS share:

@brandon220 said in Win 10 Pro to Fedora 32 NFS share:

@travisdh1 Hardwired to the switch. In the same room. It is just the default NFS from "Add Windows Features" menu. After it was enabled, I was able to see the share immediately.

That's your issue, the NFS from "Add Windows Features" is known to be slow.

Yeah, famously a bad implementation.

@travisdh1 I always read about Canonical "issues" on privacy and other things but have not kept up with it enough to have an opinion.

@scottalanmiller said in Yealink phones:

@Dashrender said in Yealink phones:

@scottalanmiller said in Yealink phones:

@Dashrender said in Yealink phones:

I don't see how useful this really is? Sure in a tiny company you might have everyone else's extension as a button/BLF on your phone, but normally you won't.

In theory, even a fair sized company has reception and physical phones with 120+ BLF keys. So that it comes up, very common. You only need 120 people that you could reasonably have to talk to (executives, sales, account managers), so that could easily be a company of over a thousand total and still have BLF for all reasonable use cases.

But even way smaller than that, we've got the call center using online switchboards and the BLF solution wouldn't work.

Sure, but you don't typically deploy sidecars to the whole company.

Of course. But in a typical org, it's only receptionists having the problem to begin with, or maybe a team manager.

For us, it's the customer service team (more or less a reception desk of sorts) seeing if techs are available. Or the sales manager seeing if sales team is available.

I feel we've drifted away from the original problem - that if a person has two or more lines on their phone, that if the person is on a secondary line, anyone calling them won't know it, and it will ring and interrupt them. The whole mentioning of BLFs and switchboards don't really help that situation, since most end users won't have either option for seeing the person's status they are calling.

@stacksofplates said in Linux Desktop Environment:

I use GNOME 3 pretty much no matter what it is. Every so often I'll use i3, but I really like GNOME.

I use Gnome 3, but only out of standardizing. I actually prefer most other options. Cinnamon just calls to me a lot.

@brandon220 said in NAS for Plex use... Again:

Looked at the server's spec sheet and it says a max of 8 - 6Tb

So you ordered larger drives than the controller can officially handle? Might be fine, but sometimes, that's an actual limit.

I need to experiment and come up with a plan. He wants to buy some new hardware too as his is getting up there in age. He knows there is better/faster equipment out there now. I already did an SSD swap in his laptop (W10) and his iMac (2012). Right now, he is talking about a new Mac Mini and multiple monitors. Parallels is installed on the iMac so he can run Win XP for some old PC games.

Virtualbox is a possibility with Linux VMs but I can't say I've ever used it on MacOS. Parallels is another option.

Great thread. I have a super simple setup for a friend and this should solve it for him easily.

Thanks for asking the question.

@scottalanmiller said in Disable USB Ports:

@gjacobse said in Disable USB Ports:

I’m sure the likely need is for USB storage or cell phones-

But does disabling USB differentiate between input devices over storage?

No, once a physical port is turned off, it never gets a chance to query the device. It's like asking a person to close their eyes, but then asking them to look to see what they are looking at before deciding what to see... can't work that way.

This is likely not what is wanted. Keyboards and mice are almost exclusively USB now... So assuming you have them, the USB ports need to be enabled for that purpose.

Then toss on the fact that some Laptops only charge via USB-C now days.. so you can't disable that feature either.

I've been using Duplicati where I need a standalone backup of a thing. Web based management interface makes it super simple to manage.

@stacksofplates said in AzureAD and shares:

@scottalanmiller said in AzureAD and shares:

@stacksofplates said in AzureAD and shares:

From what I've seen it's murky if you don't have to provide those also. I've seen some people say that things written along side of the application need to be made available also.

People claim lots of things, but if that is the case, then the risks of open source instantly apply to proprietary, and all concerns of OS are gone (relatively speaking.) Unless the risk comes solely from modifying the code itself, the open vs close debate is off as the risks become equal.

I think you're missing my point. I'm not saying one has more or less risks than the other. I'm saying that both have them. They both take understanding. You (the editorial you) can't say proprietary licensing is hard and takes a lot of time, and say open source doesn't. Same the other way around. They both take time and understanding in how the language is actually written.

Okay, that I buy. Licensing is hard, period. But it's never a reason to avoid open source. Closed source carries all risks of open source, and more. That doens't mean open source doesn't have risks, just fewer.

MySQL or MariaDB entries take like a millisecond, literally. It's so blinding fast. It's the same kind of transaction that has to happen when a filesystem writes where a file is. It's tiny and effectively instantaneous. It would be pretty while if the database writing that a file was being stored could be measured in any way through performance, as it would happen at the same time that the file is being transferred.

Compare it to driving a load of corn from New York to California. And while doing so, needed to make a not in a log book that says "Shipped Corn to California". The one action, the actual moving of the corn, takes like 40 hours. The logging in the book happens in like 15 seconds. And you can make the log entry anytime during the 40 hour process and have it happen simultaneously for zero performance impact on the shipment process.

No access to the GUI from where I am right now. But here is what I have configured to handle something similar.

In this case,
eth0 = WAN - 107.182.76.27
eth1 = LAN1 (10.8.25.0/24) - My network with webservers and stuff 10.8.25.100 = Nginx proxy
eth2 = LAN2 (10.99.0.0/24) - Friend's network with his own router behind this (yes, he's double NAT'd).

Friend uses his own DNS and thus when he tries to get to one of my webservers, he attempts to hit the public IP. The router understands this but cannot hairpin because he is on a different LAN than the port-forward rules.

set port-forward auto-firewall enable set port-forward hairpin-nat enable set port-forward lan-interface eth1 ...rules here... set port-forward wan-interface eth0

So I had to make hairpin rules for him. Your setup would be similar.

Rule 1 (port 443) and rule 2 (port 80) are looking for traffic coming in on eth2 that are destined for the WAN IP and sending the traffic to the Nginx Proxy instead.

set service nat rule 1 description 'Dwarf LAN HTTPS Hairpin' set service nat rule 1 destination address 107.182.76.27 set service nat rule 1 destination port 443 set service nat rule 1 inbound-interface eth2 set service nat rule 1 inside-address address 10.8.25.100 set service nat rule 1 inside-address port 443 set service nat rule 1 log disable set service nat rule 1 protocol tcp set service nat rule 1 type destination set service nat rule 2 description 'Dwarf LAN HTTP Hairpin' set service nat rule 2 destination address 107.182.76.27 set service nat rule 2 destination port 80 set service nat rule 2 inbound-interface eth2 set service nat rule 2 inside-address address 10.8.25.100 set service nat rule 2 inside-address port 80 set service nat rule 2 log disable set service nat rule 2 protocol tcp set service nat rule 2 type destination

I don't recall why I made masquerade rules (5001 & 5002) I am not sure these are needed. I was significantly not sober when this was implemented.

set service nat rule 5001 description 'Dwarf LAN HTTPS Hairpin' set service nat rule 5001 destination address 10.8.25.100 set service nat rule 5001 destination port 443 set service nat rule 5001 log disable set service nat rule 5001 outbound-interface eth2 set service nat rule 5001 protocol tcp set service nat rule 5001 source address 10.99.0.0/24 set service nat rule 5001 type masquerade set service nat rule 5002 description 'Dwarf LAN HTTP Hairpin' set service nat rule 5002 destination address 10.8.25.100 set service nat rule 5002 destination port 80 set service nat rule 5002 log disable set service nat rule 5002 outbound-interface eth2 set service nat rule 5002 protocol tcp set service nat rule 5002 source address 10.99.0.0/24 set service nat rule 5002 type masquerade set service nat rule 5999 description 'masquerade for WAN' set service nat rule 5999 outbound-interface eth0 set service nat rule 5999 type masquerade

No firewall rules at this time. I still need to implement that to keep his stuff off my network except for the proxy. Maybe I'll go drink with him tonight and do that.