@gjacobse said in NextCloud: Chmod user folders:

Oh - no - the syntax is incorrect for ownership.

sudo chown

Yes,

chown to change owner chmod to change mode (permission)

Remember you can always do man chown to see the syntax.

@gjacobse said in Parental Control options: AD, LDAP, piHole, Other:

Was asks recently about what options he could look at to try to keep his kids on task with the up coming school year and the high likelihood of having to contin he with non-traditional instruction, ie: classes at home.

His first though was of course some kind of Domain; costly and hardly worth setting up for a maximum of five computers.

Another option that came up was LDAP - which I will admit I dont have much experience with.

And then there is piHole, knowing that this is a great tool to blacklist ads, and harmful sights, but could likely be a simple solution.

He’s recently admitted that one of the kids has managed to hack a cell phone to by-pass some or many of the parental settings that had been set.

Costs are of course a factor ,...

We have a domain here at home. But then, I'm in the industry. 😉

We also have a SonicWALL TZ300 set up with security and site monitoring.

DC DNS is set to check OpenDNS (we have a subscription). Root Hints are disabled.

DC provides DNS for the home network. Firewall is set to allow TCP/UDP 53 from the DC only (this is default for client setups anyway).

This catches about 90% of everything that could possible. OpenDNS helps with the search stuff too. It filters out stuff they should be seeing.

We have Microsoft Family set up on all of the kid's machines.

NOTE: Tech companies have deemed themselves owners of our kids. How? When the kid turns 13 they can turn off monitoring. I was right p*ssed off when I figured that out as I wasn't getting parental reports for my eldest son. That changed RPQ.

Use Microsoft Parental Monitoring on all Windows devices. It is helpful though not perfect. We schedule device usage time.

RULE: No. Devices. In. The. Bedroom. PERIOD
RULE: All device work must be done such that the screens face public.
RULE: Devices are Tools not Toys (No gaming here. Go outside, Build something, Clean something)

Note: We home school. Our main goal was, and is, to give our kids the best d*mned education that we can versus the cookie cutter factory schools that teach closet Marxism/Socialism here. Eldest daughter is an amazing artist at 16, 13yo son is into REVIT, Fusion 360, SolidWorks, stress engineering and more, while our youngest just is. They are turning out great.

@gjacobse said in Vultr Mobile App:

I can update, even rescan the files to update the file dB all from ssh- which I do via Termius.

These aren't things that the app would allow anyway. It's a Vultr app, not an SSH app.

Turns out I had a snapshot, restoring it and then regrouping...

Maybe this?

https://superuser.com/questions/819329/terminal-server-rdp-with-local-admin

@gjacobse said in Power shell syntax: Get- Map drives:

@Obsolesce said in Power shell syntax: Get- Map drives:

Why not do it via Group Policy or other similar means?

It's the state - I don't have access to GP... or much really - and the few scripts I have made, I pulled out since they 'refuse' to use anything with logic...

Then why bother with it?

@stacksofplates said in Termius cross platform sync:

@scottalanmiller said in Termius cross platform sync:

@stacksofplates said in Termius cross platform sync:

@scottalanmiller said in Termius cross platform sync:

@JaredBusch said in Termius cross platform sync:

@stacksofplates said in Termius cross platform sync:

@gjacobse said in Termius cross platform sync:

@stacksofplates said in Termius cross platform sync:

@IRJ said in Termius cross platform sync:

Remina is great on Linux platforms, but the question for me is why is this a need?

This seems like everyone could and should manage this independently. All you need is DNS name or IP to initiate a remote connection. In my opinion, it's better for IT team to know exactly where they are trying to go instead of clicking the wrong button or sending the wrong command

Yeah I agree. I'm assuming it's for syncing credentials across devices. Which means you'd have to trust their cloud service with your system credentials.

While yes, it would be nice to sync the entire session - connection and UserID / password. I'm more concerned with the connection itself. Yes, I can keep track of the addresses - but it gets to be a pain.. UserId / Passwords are different. I could care less - I mainly want the address; IP address or dns name..

I mean, honestly what's the difference between a word document/text file and the syncing at that point?

Right. An besides, even Windows has native SSH now. So why use anything else anyway?

Right, I've not used PuTTY in quite some time. Not that it isn't good, I just don't see the point of installing third party software that doesn't do anything any better than the built in tool that is always there and ready to go. And quite frankly, I find PowerShell's terminal to work far better for me.

I can't stand PuTTY. I'm not sure why, I've just always hated it.

I hate that it lacks a local shell and you have to launch the damn thing for every connection!

Maybe that's what it is. Tunnelling is a pain, I just find it awkward.

That, too. Other than doing a good job rendering fonts and being available back in an era when nothing else was, PuTTY really doesn't offer anything positive.

@IRJ

This is the screen I get.
dd696ce9-3138-470c-a826-18571bfcfa73-image.png

I deleted everything. Then you re-enter the gateway, and it will ask you for your password.

4fc4c919-de3e-4f1c-8d4c-fa87de0f5009-image.png

@gjacobse said in NextCloud Shared Folder, not seen:

JEEZE -

Though I had checked - it's been two months or more since then.

Some how the permissions had fallen off and just needed to be added to the folder again.

Solved!

Enjoy the easy ones

It is a 64GB USB drive, your even thinking about it was not worth it.

@Dashrender said in Is there a thing as to much security:

@IRJ said in Is there a thing as to much security:

This sounds pretty standard to me.

This is exactly the kind of tasks I would expect PC support team to do. This is pretty standard in an enterprise environment. Your environment may be a bit smaller than the typical enterprise, but still this stuff is pretty standard nowadays.

NAC is standard in enterprises? I don't work in one, and haven't in 20 years... so maybe that's the case.

I'd guess it's more likely that you'd have a LANLess setup and competely distrust the local LAN, seems a lot easier. But that's likely harder to secure when it comes to using AD.

It's all dependent on requirements. I worked in one where it was required and am in one where it isn't now. If it's ISE prob the reason for moving it is because it doesn't have the certificate when PXE booting so it can't verify. However you can override that with MAC assignments.

@gjacobse said in Aliexpress:

Has anyone ordered items from Aliexpress?

The order I have placed with them is on hold, they want some financial information I don’t feel they need, but since we are talking about another country wanted to ask.

They want a photo copy of my card statement, drover’s license or passport,...

Seems odd to me,....

Never had any issues. Think of AliExpress as eBay + clearance platform. The question is: Who is asking? AE or the vendor? I would simply contact AE's customer support.

@gjacobse said in Large MBOX file:

@DustinB3403 said in Large MBOX file:

@gjacobse said in Large MBOX file:

Thunderbird wants you to create the mailbox settings first.

This is part of a state investigation, so, no gmail account is available. This needs to be a free standing solution. While MBOX reports the ability to handle a 4GB file, it never finishes indexing.

you can add literally anything in, and bypass the process to actually create an account with Thunderbird.

So-

Yes, it worked. I found that it was also an issue the the file name. It was longer than Mozilla wanted. I wonder now if the MBOX viewer would open it now also...

I see.

@black3dynamite said in NextCloud: Scan local files into db:

Why haven’t Nextcloud change occ to ncc?

Would break scripts and stuff. Now sure, links, but that gets messy. OCC doesn't cause a problem, keeping it is the right thing.

Well - that was easy... not as easy as have you tried to turn it off and back on?

Seems like there was a issue with the password, so clearing and resetting all that on the phone resolved it.

You have the answer in the logs you posted. Nginx can't connect to php handler daemon on port 9000, most likely php-fpm.

@gjacobse said in (Air Gapped) Data Storage and security:

Can you (how do you) Air gap and secure data and still be able to make it available to a (end user)

Once the user can get to it, it's not air gapped any longer.

@gjacobse said in Designing for tech startup: Network, AD, Backup etc:

@DustinB3403 said in Designing for tech startup: Network, AD, Backup etc:

I suppose you could use Storage Spaces Direct (all windows across the entire thing) but I wouldn't consider SSD at all mature nor production ready, especially at this scale.

Thanks, had not heard of this.

DataOn solutions fully support this and vice versa. They are experienced with this kind of scale and much larger.