@wrcombs said in Certificate Authorization Error:

Any ideas?

Also, update windows and Chrome.

@JaredBusch said in Proxmox VE Setup:

@black3dynamite said in Proxmox VE Setup:

I switched the default file system from ext4 to xfs.
With older versions I did experiment with changing the other default settings like swap and root partition size but that’s about it.

XFS on LVM is the default now.

I just reinstalled. No, it is still ext4 by default. my bad.. too many times reinstalling. it is all blurring together.

@scottalanmiller said in Nextcloud 23:

It came up, but had to refresh over and over and go through minor updates on 22 first. Eventually it came up.

You always have to be on the last minor patch before the updater will let you go to the next release. This has been like that for as long as I can remember.

I've upgraded a few systems to 23 already.

@pete-s said in Yealink T41P and T41S difference?:

I've actually found one difference and that is that the T41S has a USB port and I don't think T41P has one.

Additionally, the general difference between the G and S line was the USB port and the ability to handle the OPUS codec. I would assume the T41P did not have OPUS support either.

@pete-s said in Yealink T41P and T41S difference?:

Does anyone know what the difference is between Yealink T41P and T41S?

I know T41S is newer but what is the actual difference? They look identical.

The T41P is End of Life Since April 2020
https://www.yealink.com/product/voice-communication-t41p

@pmoncho said in ER-X firmware Upgrade:

Can I go directly to v2.0.9-hotfix.2? Are the hotfix's cumulative?

Yes and yes.

@pmoncho said in ER-X firmware Upgrade:

@jaredbusch said in ER-X firmware Upgrade:

@pmoncho said in ER-X firmware Upgrade:

The part that bugs me is I had check the storage issue prior to upgrade. Had 58% free so I figured I would be ok.

At some point, Ubiquiti updated the firmware upgrade process of the ER-X to pre-delete the old version. I have no idea what "space" should be available, but I always deleted the backup firmware prior to upgrading until I was on the 2.X line.

This has been a known issue with the ER-X from day 1.

I have now updated my upgrade process. Backup config, confirm download of currently loaded firmware is available, reboot, delete backup firmware, update firmware.

Now that I am on the 2.X line with all devices, I simply click the upgrade button within UNMS (now UISP).

Full Process:

• Log in to UNMS
• Click to reboot router
• Wait for it to come back online
• Click upgrade

@dashrender said in SPF records - for all A records?:

I'm reading up on SPF/DKIM/DMARC and ran across several posts where people indicate they create SPF records for all all A records in their DNS (not sure why they would skip C Names?)

Because people are stupid? Nothing in SPF prevents any bad actor from doing anything with any domain or sub domain.

Sure, for the systems that listen to SPF, it will drop the inbound mail. But it still has to process the inbound mail to check the SPF before it decides to not deliver it. So there is no help in slowing what hits your system.

Today, most systems also will flag anything without valid SPF as high risk of SPAM already, so there is really not much difference.

So I have a need to move a few scrips beyond basic bash shell scripts.

Typical OS is Fedora ecosystem, second most used is Debian.

The script will need to execute other applications like ffmpeg and scp/rsync.

What language should I use?

I assume the first answer will be python, which I am not a fan of, but can use.
Maybe go? Seriously open to suggestions.

@scottalanmiller said in New customer - greenfield setup:

Well you CAN'T do it without seriously breaking the law (and pulling some magic super computing stuff.) It's federally criminal to attempt without the customer voluntarily handing over their computer to you which absolutely no one will do. And it's a lot of work for someone just sitting in an office trying to watch porn.

Most common people will simply get the portal, tap anything it says and thus agree to it all. So yeah, you are wrong that no one does it.

@scottalanmiller said in New customer - greenfield setup:

These days, people will just use their cellular service anyway while in your office.

From the random stuff I see, I would say that is a 50/50 shot.

@scottalanmiller said in Mobile Range Extender:

@krzykat said in Mobile Range Extender:

Yes, they want carrier independent. As for WIFI it is either there or can be, but then there is the issue of MMS doesn't work over WIFI. That is something they are looking for. The one's that I've done in the past were for specific use cases that were locked to the carrier (but that's not the use case here).

MMS doesn't work over wifi? It works here over wifi.

You have T-Mobile (or did), they do everything over WiFi if the device supports it. Not all carriers do that.

@beta said in Is xByte still recommended for server purchases around here?:

I just wanted to check in with you all to see if they are still recommended for quality gear?

Yes

@dashrender said in Volume Management Device (VMD) on HP devices:

VMD requires the use of Intel Rapid Storage Technology driver - aka fake RAID.

Dell uses AHCI in RAID mode which causes similar issues with some boot media.

I always disable it when I get a new laptop.

@pete-s said in FreePBX DAHDI card not connecting:

@wls-itguy said in FreePBX DAHDI card not connecting:

@pete-s

Doesn't FreePBX use their own distro though? Or is that something different?

I don't know. I was always under the impression it was CentOS, which until recently is the same as RedHat Enterprise Linux.

I'm sure @JaredBusch knows more.

FreePBX is Sangoma 7, a fork of CentOS 7.
They had a private alpha of FreePBX 15 or 16 built on CentOS 8 that was never public. That was killed when RedHat killed CentOS 8.

FreePBX 16 is still Sangoma 7, but with PHP 7.4 ported in and a few other updates.

There has been no announcement yet, but a few threads on, choosing a new fork to go forward with.

@adamf said in CentOS - What is the current opinion here?:

Is anyone using CentOS stream in a production scenario?

I don't but I would, but then I already use Fedora in production.

@openit said in Offsite backup and CentOS Upstream - looking for suggestions.:

CentOS Upstream: Isn't okay for Production Servers anymore?

I assume you mean CentOS Stream?

Honestly it is a more viable solution for a Linux server than CentOS ever was as it is no longer so out dated.

But, I would give the entire RHEL ecosystem a wide berth at this point.

@dashrender said in Computer Name Issue: Domain Joined:

@scottalanmiller said in Computer Name Issue: Domain Joined:

@dashrender said in Computer Name Issue: Domain Joined:

@gjacobse Weird is right.

the closest I've seen is when 'nix boxes get a DHCP - they send this number that is some form of extended MAC as the hardware ID.

Interested to hear what you find out.

DHCP seems reasonable. Or there was a conflict.

in my case it's something in the way many Linux's now work. This thread talks about it.
https://community.spiceworks.com/topic/2288212-strange-extra-long-linux-mac-address-in-dhcp-active-leases

Not clicking the link, but it is the last 4 sets of the MAC address and the machine id as noted in /etc/machine-id. It is part of the DHCP RFC.

@dashrender said in Looking for a remote access solution:

@pete-s said in Looking for a remote access solution:

@dashrender said in Looking for a remote access solution:

@jaredbusch said in Looking for a remote access solution:

Put zerotier on the box in the DC and the user's box. restrict it to only RDP.

Done.

I really like this - sadly - our insurance policy requires MFA for remote access. I'll have to see if ZT has anything for that.

If you can't run over VPN due to latency, you can't run over Zerotier. It will be exactly the same.

Jared is saying to RDP into the PC in the DC I mentioned as an option.

Which you can also do with VPN solutions.

@dashrender said in Looking for a remote access solution:

@jaredbusch said in Looking for a remote access solution:

Put zerotier on the box in the DC and the user's box. restrict it to only RDP.

Done.

I really like this - sadly - our insurance policy requires MFA for remote access. I'll have to see if ZT has anything for that.

Then put the 2fa on the Windows RDP login with a service like Duo.
https://duo.com/docs/rdp
https://duo.com/editions-and-pricing/duo-free

Just use ZT to lower (all but remove) the attack surface.