@jt1001001 said in Softphones - complaints:

Ask your users if their kids use Steam. Most of my home users have older "kids" I tell them to have their kids stop there Steam games. The users are like what's that?? But as soon as steam is stopped their perfomance comes right back to nominal.

It would be them downloading more games, most likely.

OK - JB to the rescue again.

He saw I was marking my allowed IPs as Local - FreePBX doesn't know the 4445 service, so it's not allowed to be part of Local as far as the firewall is concerned.

So two options exist -

mark allowed IPs as Trusted, not Local create a custom service under the firewall, and set it as a local service, then IPs marked as Local will get access.

Thanks @JaredBusch

@JaredBusch said in LinPhone on android hard to answer if screen protector installed:

@Pete-S said in LinPhone on android hard to answer if screen protector installed:

@Dashrender said in LinPhone on android hard to answer if screen protector installed:

@Pete-S said in LinPhone on android hard to answer if screen protector installed:

If the screen protector is the problem then they have to remove it. It's as simple as that.

If it BYOD then it's their problem. If it's a company device, why are they having screen protectors in the first place? Rip it off.

This is definitely BYOD, we're only in this situation because of Covid-19. otherwise we'd likely never have people working at home on their own devices, just not in the management's mental wheelhouse.

Ahh, that explains it. Maybe offer them a cash reward for wear and tear of their own devices as well as a new screen protector.

You seriously would not expect logic out of @Dashrender's company, would you?

Logic could be something of a stretch I guess.

@Dashrender said in Spoofing Caller ID:

@JaredBusch said in Spoofing Caller ID:

@Dashrender WTF does this ahve to do with Caller ID?

Doximity allows licensed medical pros to spoof their outgoing number to that of their office (I'm guessing it's just a softphone into Doximity's system) so it solves the problem I have for my licensed medical personal, but not my none medical staff - like billing personal, or myself.

FFS. You are not spoofing. You own the number. You can send it.

@Obsolesce said in MFA - who pays for authentication solution?:

@JaredBusch said in MFA - who pays for authentication solution?:

@Dashrender said in MFA - who pays for authentication solution?:

@stacksofplates said in MFA - who pays for authentication solution?:

@Dashrender said in MFA - who pays for authentication solution?:

@stacksofplates said in MFA - who pays for authentication solution?:

@Dashrender said in MFA - who pays for authentication solution?:

@IRJ said in MFA - who pays for authentication solution?:

Why not just supply hardware tokens? They are not that expensive.

for multiple sites? Just what everyone wants, a pocket full of tokens.

EHR
email
2nd EHR
3rd EHR
4th EHR
5th EHR

it's PHI so I could easily see insurance companies at some point also requiring it, so that could be another 20.

This is a joke right? You can use a token across multiple sites. Especially Yubikeys.

yeah I know you can with something like a Yubikey - but that assumes that the site supports Yubikeys -and our EHR only supports Symantec VIP tokens - super lame!

I'd argue it might work anyway. Yubikeys support up to 31 or so OATH-TOTP codes (like an RSA token or Google auth app type token). It also supports any number of u2f applications and two slots for TOTP/HOTP, hmac-SHA1, and GPG keys.

As long as the VIP tokens use some standard for the way it generates the TOTP token you can scan it/enter it with the Yubikey Authenticator app and have it manage that.

Interesting.. thanks.

It is the same for using Authy instead of Google Authenticator. A lot of sites only say Google Authenticator, but they all use standards, thus Authy works just fine.

Exactly. Anything that says it uses Google Authenticator, can also use MS Authenticator. Same standards as JB said.

That part I know, but Symantec VIP uses their own what they call credential IDs, it's not a generic number like GA or MS auth uses... but I'll have to dig into it to see if it's cross compatible.

@Dashrender said in Weird thing on O365 account:

@Kelly said in Weird thing on O365 account:

@Dashrender said in Weird thing on O365 account:

Alright, the user has confirmed that she made changes yesterday, and those change could associate with GMT based time.

Anyone know if the logs are only/mainly in GMT?

Almost all O365 logs are UTC 0 regardless of the timezone of the server or requestor.

yeah, OK that makes the time line up for when the user added the rules, I'm just curious why it took MS 6 hours to send the noticed of alert?

They batch some of their processes, so it may have had to wait for the group to run rather than being on demand/occurrence.

@brandon220 said in HP EliteDesk 800 G5/G6 mini - error on windows update:

@Dashrender I had it on a new 800 mini a few weeks ago. I clicked through it and it has been running fine since. Several reboots and it never happened again.

I just updated the OP. sadly, after rebooting, the system locked up, requiring another hard reboot, another flashing of this HP screen, hit esc to bypass and the user is back up and running.

@Dashrender Yes, well of our domains ,we have several variants. It was more of a phishing attempt/scare tactic from a Russian script kiddie from what we were able to gather.

This HIPAA compliance service directly recommends never storing your PHI/PCI data in Excel specifically because it is so easy to have it accidentally be the cause of a breach.

https://pcihipaa.com/how-to-protect-your-practice-from-common-hipaa-violations-and-fines/

"A Credit Card Data Breach: Every practice handles patient credit card information. A Payment Card Industry (PCI) violation can also end up being a reportable breach under HIPAA. Securing and properly handling credit card data is imperative. Don’t store any credit card information in QuickBooks, Excel or any other software. Also make sure you are PCI certified and using EMV devices to limit chargeback liabilities." They only mention the PCI piece, because it is so much less of a concern, storing health data in there would be so much worse.

We are a mixed shop, having Mac, Windows and different Linux flavors including some weird ones. IP is the only way for us to get everything working.

But even in a pure Windows environment, I would stick to IP. WSD is crappy. WSD + some HP Devices is a noitmare.

I have postponed the laptop/desktop updates in WSUS for a week or so until this stuff is fixed. I don't want to mess with colleagues that complain they are not able to search and find something anymore 🙂

@JaredBusch said in Hardware lifecycle expectation - discussion:

@Dashrender said in Hardware lifecycle expectation - discussion:

In light of Sonos and What's App dropping support for older hardware, I'm curious what others think about forced hardware/software retirement?

What, if anything could be done (that would likely be accepted by the public) to solve the issue.

I don't know about Sonos, but What's App is dropping support for iOS 8... That is fucking ancient. I assumed that the Android version was comparably ancient.

Yeah I think it was froyo that they dropped support for. Which is from like 2009.

@scottalanmiller said in MeshCentral - device duplicating:

We get these a lot, but mostly from either major system changes or someone accidentally running the installer more than once.

OK good to know. thanks!

The yealink docs just don't say.

8c3d72fa-652f-4ea5-bd67-5a41ee0dfd10-image.png

At this point, I'm left assuming they support mode A and Mode B.

@Ylian
Any thoughts on why my system is demanding having the "cert": line added?

I did do a startup based on the install instructions

node ./node_modules/meshcentral --cert example.servername.com

Does that put the hostname somewhere other than the config.json?

@Dashrender said in Kari's Law PBX requirement:

@JaredBusch said in Kari's Law PBX requirement:

The law does not require a DID per location.

hmm... This specific statement stymies me.
Though in reading your additional information - assuming 911 is able to read extra information, I suppose it's technically correct. Instead of 911 simply relying up location data associated with DIDs, the PBX could provide the location data directly with the call.

What vendor is currently allowing this to happen, @JaredBusch and what PBXs currently support it? (I'm assuming FreePBX does though possibly only through manual creation of a dial plan?)

ClearlyIP
https://www.clearlyip.com/2020/01/13/karis-law-ray-baum-act-your-responsibilities-and-clearlyip-support-for-freepbx-and-other-business-phone-systems/

https://kb.clearlyip.com/trunking/FreePBX-PBXact-Automated-Setup-with-Module.html

@Obsolesce said in Better computer for brownfield situation:

@Dashrender

You can look into Azure File Shares
https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windows

Cool thanks - I'll take a look!
It definitely seems more normal fileshare like than SP - though SP can be webdav mapped as well.

Though - I'm curious where you'd see OD4B failing if the users are mainly using it as read-only?

@coliver said in Buttercup Password Manager:

@wrx7m said in Buttercup Password Manager:

@coliver said in Buttercup Password Manager:

@wrx7m said in Buttercup Password Manager:

@coliver Right, bitwarden.

I am.

And, how do you like it?

I like it a lot. It does everything I need it to do.

Same here. I've been using them for a few years now... Makes switching browsers a breeze.

@Dashrender said in Troubleshooting email flow issue:

Pretty sure I figured it out.

The domain in question had 2 MX records,

O365 gmail

O365 has the higher priority, and there have never been any complaints of missing messages.

I'm assuming this spam made it to google, because I know some spammers specifically use the secondary, etc MX records in hopes of bypassing spam filters. So I'm assuming that's what was happening here.

Now that said - I did see a single Twitter email in the G Suite - so I'm guessing there was glitch at O365 once, and Twitter hit it and tried the secondary...

Often, spammers will send mail to a higher MX record on purpose. There are many reason they do this, Less protected routes to a gullible user is one of them.

@JasGot said in Windows 10 1809+ Clipboard history:

@Dashrender said in Windows 10 1809+ Clipboard history:

OK, I suppose I can follow that - but you really think that CopyX is somehow more secure than Clipboard history? Don't they both use the clipboard? that thing is pretty much open to anyone, so I don't see how it would be any more or less secure - I would say they are likely both the same level of secure....

Even though they both read the clipboard whenever it changes, ClipX doesn't store the history the same way Windows Clipboard History does. Since Microsoft is a larger target, I still think they will be compromised before ClipX. 😉

what do you mean they don't store it the same way? you know that for sure?