If you want to run Geekbench 4 on a linux server, this is how to install and run it.
Note that you need to have a working internet connection on the server.
You can run it as root or as any other user.

Let's start from the home directory and put the files there.
cd

Download the files from geekbench.com:
(change version number if needed for latest version)
wget http://cdn.geekbench.com/Geekbench-4.3.3-Linux.tar.gz

Extract the downloaded files:
tar -zxvf Geekbench-4.3.3-Linux.tar.gz

Go to the extracted folder:
cd Geekbench-4.3.3-Linux

Run the test in tryout mode, results are uploaded automatically:
./geekbench_x86_64

After a few minutes the test is completed and you'll see a link to a webpage which is unique for each test.

Upload succeeded. Visit the following link and view your results online:
https://browser.geekbench.com/v4/cpu/1234567

Just enter the link in any browser and you'll see the results of the test.

@dbeato said in NVMe and RAID?:

One of the first Dell Servers with Hotswap NVME was the R7415 so yeah
https://www.dell.com/en-us/work/shop/povw/poweredge-r7415

Not sure what others have seen.

The newer ones have a 5 in the model number, so R7515, R6515 etc.
That's the ones you want to buy. AMD Epyc 2 Rome CPUs.

Dual sockets models are R7525, R6525 etc.

And to make this complete: 6 is 1U and 7 is 2U. R7515, R6515 etc.

@jasgot said in Macbook Air for College:

Daughter wants a Mac laptop for college. Any suggestions?

Yes, take her to the store and buy the one she wants.

Buying an Apple product is not a technical issue that needs to be figured out. It's an emotional issue. Like a Gucci bag.

If you have a RAID controller with 8 ports, you can connect up to 8 SAS/SATA drives directly to the RAID controller. That's fine but if you for instance have a server with say 36 drive bays you would need a 36 port RAID controller. Those are hard or maybe even impossible to find.

Well, here is where the SAS expander comes into play. It will work somewhat like a network switch but for SAS/SATA ports.

The SAS expander IC can be integrated directly on the backplane of the drive bays or it can be a standalone card or PCIe card. These are often used when you have more than 8 drive bays and even more so when you have 16 or more drive bays.

It allows you to expand the number of drives the RAID controller is able to connect to. It's transparent to the user because the RAID cards have integrated support for SAS expanders. This is also true of HBAs (Host Bus Adapters).

The only drawback is that the maximum transfer rate is, as always, limited by the PCIe link to the RAID controller card but also by the SAS connections from the RAID controller to the SAS expander. In real life though these bottlenecks are seldom bottlenecks as it's uncommon to read from all drives at the same time and drives are also often slower, especially when using HDDs.

SAS expanders are also used heavily in external JBOD chassis which are expander chassis for drive bays that you connect to a server so you can attach more drives than fits in the standard enclosure, aka Direct Attached Storage DAS. In that case the SAS expander sits inside the JBOD chassis.

@hobbit666 said in How to Secure a Website at Home:

Why not GitHub or GitLab for free?

That was part of the etc
Also I thought GitHub was more for storing scripts and opensource stuff.

It's not generic hosting of websites as you don't have control like you would on a normal webserver.

It's simplified hosting and the github/gitlab pages was initially intended to complement the projects on there. So it would be easy to make a html website from the git repositories, for instance for documentation.

Since you can store any files on gitlab/github you could of course also use the pages for any type of static website.

Here is how to get started in the simplest way possible:
https://guides.github.com/features/pages/

Good to know about WoeUSB.

If you have windows available, rufus is an easy tool to make bootable USB drives.
Doesn't need to be installed and it's fast.
https://rufus.akeo.ie/

But in all honesty it's very easy to make a bootable windows installer USB drive manually. Just make a primary bootable FAT32 partition on the USB drive and copy the files from the ISO onto it. Done.

You can copy more files onto the drive, for instance drivers or other software. If you do that, it makes sense to make a dd image of the entire thing when you're done. That way you can easily write a new USB drive with your custom files on it.

First, ransomware is big business run by organized crime. I think about 19 billion dollar per year industry.

Everything can be compromised in different ways. There is just no way to protect your data 100% and to think otherwise is just naive.

We have chosen to go with tape as our last line of defense. Once you take it offline there is no way it can be remotely compromised. We believe that is enough to be able to recover from most attacks and the cost is reasonable.

Integrity of files

If you want to check the integrity of a bunch of files you can do it with md5deep, which can be thought of as a recursive version of md5sum. It was initially designed for forensic work.

If a file has the same hash as another file they are identical. If you save the md5 hash of a file and later recheck it, you can be sure the file hasn't been changed, corrupted or tampered with.

Installation on Debian

You'll find it in the package md5deep.

apt install md5deep

Inside the package you'll also find sha256deep and some other good stuff. Use sha256deep instead if you want to use sha256 hash. It's better and actually more secure than md5 but might be slower. You use it in the exact the same way though.

Besides linux it's also available on other OSs such as Windows, MacOS. You can build it from source too. https://github.com/jessek/hashdeep

Create MD5 signatures

md5deep -rl /check_this_dir/* > files.md5

This will create a text file (files.md5) with the md5 hash of all files (*) in the "/check_this_dir" directory.

Check MD5 signatures

md5deep -rlX files.md5 /check_this_dir/*

It will return the files that don't match. So if any file has been changed, it will show up.

Common Options

-r is to go into subdirectories as well
-l is to use local paths instead of absolute paths
-X is to do check the signatures

-e is if you want to see the progress while it's working.

Find more info on basic usage with examples here:
http://md5deep.sourceforge.net/start-md5deep.html#basic

Example

Let's check that our files in /boot and it's sub-directories stays intact.

First let's create an md5 file that we will compare with.

md5deep -r /boot/ > boot.md5

Let's verify the files have not been tampered with.

md5deep -rX boot.md5 /boot/ 

If a file or several files has been changed it will return the file and the new hash (exit code 1).
If all is good it will not return anything (exit code 0).

Maybe stop using USB drives for things they aren't designed for?

It looks like we've been down this road before.
https://mangolassi.it/topic/20070/so-xen-server-gave-me-an-error-what-do-i-do

A small SSD would do better. Something with write endurance and something that is designed to attached 24/7 in a hot environment.

If you don't have drive bays or don't want to waste them, use satadom.

Maybe I'm alone but on the top of my list:

1. Only use Microsoft as a last resort when all other options have been explored.
2. If you get paid by the hour disregard #1.

@pmoncho said in Powershell "-eq" operator and "False":

@Obsolesce said in Powershell "-eq" operator and "False":

In PowerShell, typically if it's in double quotes, it's a string. That's what you were were checking for, is if a given string equals the word "False".... instead of the boolean true/false, as $true/$false.

To find out what type of output you're dealing with, you can always use the built-in getType() method. You'll notice the Name property of String or Boolean.

Thanks, as this will be VERY helpful because it was a question burning in the back of my head.

Have a look at the difference between strings in double quotes and single quotes as well.

Best practice is to encapsulate strings in single quotes everywhere and use double quotes only when needed.

The difference is that double quoted strings are evaluated and not static. That's good when you want it but can cause unexpected behavior when you don't.

For example:

PS> $i=1

PS> echo '$i is a string' 
$i is a string

PS> echo "$i is a string"
1 is a string

@pmoncho said in Powershell "-eq" operator and "False":

Thanks for the excellent explanation. Now I just have to try an remember this.

Yes, there is always that.

Well, you can take comfort in the fact that all programming languages works about the same in this regard. So the knowledge is not wasted just on powershell.

If you get down to what the CPU is actually doing, all if-then-else statements boils down to a comparison with zero that decides what code to execute.

So the reason why false and true is really represented by zero and non-zero has a deeply technical reason.

@notverypunny said in OT / IoT asset management:

My main concern for the present effort is getting an accurate picture of what SCADA / OT etc devices we've got in the environment so that I know if action has to be taken or flagged to the appropriate controls group when vulnerabilities are flagged online.

Sounds like your needs are primarily security centric.

Give cyberx a look then. It's now called Microsoft Defender for IoT but it covers SCADA and other OT tech as well. https://azure.microsoft.com/en-us/services/iot-defender/#features

I do have a lot of experience with documentation of these kinds of system in a variety of industries, like manufacturing industry, pulp and paper, chemical plants etc.

In a lot of cases automatic discovery can be problematic and won't work.

If you have a lot of control systems, most of the manufacturers will have tools that can keep track of their own devices. Especially when it comes to DCS systems that you'll find in larger installations.

You will likely need some kind of hybrid approach.

@pmoncho

You can test how if-then statement works directly in powershell. Just type/copy it in straight on the command line,

For example:

• if ($false) { "True" } else { "False" }
• if ("False") { "True" } else { "False" }
• if ($true) { "True" } else { "False" }
• if ("True") { "True" } else { "False" }
• if ("") { "True" } else { "False" }
• if (0) { "True" } else { "False" }
• if (1) { "True" } else { "False" }

You can also do the same test by forcing powershell to convert whatever you want into a boolean. And telling you if something is true or false.

For example:

• [bool]$false
• [bool]"False"

This is called type casting. But that belongs to more advanced programming concepts.

@pmoncho said in Powershell "-eq" operator and "False":

Trying to figure out why this will not work? I'm stumped

if ($UserE.enabled -eq "False") {
   $a = read-host "Move to Disabled Accounts OU? (Y/N)"
   $answer
}

You're just confusing the logical boolean type (true or false) with string types (any text). So you're making an invalid comparison. Easy enough mistake since they look alike.

So it has nothing to do with the if statement or -eq.

Examples of logically false:

• number 0
• empty string '' or ""
• $null
• predefined variable $false

Examples of logically true:

• anything not 0
• any string that isn't empty
• predefined variable $true

As you can see a string that has the content "False" is a not an empty string. So it is logically the same as true.

What you should be doing is:

if ($UserE.enabled) {
   $a = read-host "Move to Disabled Accounts OU? Y/N)"
   $answer
}

All if-then statements test for logical true automatically. So experienced developers never make an if-then statement explicitly comparing to true or false.

You also need to consider what it is you want the documentation to actually be used for and by whom.

If you have different roles you might have network, security and sysadmin/tech (servers, devices etc). Their documentation needs are probably quite different.

For example:

• physical network layout
• switch configuration
• cabinets, racks drawings, locations and wiring
• optical fiber runs, type, length, usage/spares
• physical servers, location, warranty information
• device location, type, firmware level, IPs
• workload inventory
• application settings and configuration
• application data flow between devices, IPs and ports
• application support, contracts
• security zone config, firewall settings
• security compliance documentation

etc, etc...

@notverypunny said in OT / IoT asset management:

Anyone have any thoughts / recommendations / experience with regards to keeping tabs on an OT environment? The only thing that seems to be out there from a discovery and management perspective seems to be OT-BASE https://www.langner.com/

OT systems are in general documented in a static way and for good reasons.

The physical assets that OT controls, have a much longer lifespan than anything IT related. Think 20 years or more. So the documentation need to be around for the same amount of time and it's hard to use an asset management system when that system will likely be obsolete itself in a few years time.

In other technical areas such as electrical, mechanical, HVAC etc, they have standards for how things should be documented. Their documentation have a lifespan of many decades. Unfortunately IT and OT documentation by extension, are still in the dark ages.

My suggestion is to document manually in a markdown based wiki. That way your documentation can live on for a long time, can be transferred to different systems when needed and will be flexible enough to document whatever you might need.

Excel spreadsheets are not suitable because you really need to be able to do free text documentation for a lot of things. You will need the flexibility that a wiki has.

Besides keeping tabs of your equipment you also need data flow diagrams, what ports are in use, required firewall settings and whatnot. Markdown can't be used for drawing but the files can be linked, pdfs can be generated and everything stored in the wiki.

You should combine your manual documentation with automatic scanning to detect undocumented changes, security issues etc. You could potentially have the result of the scanning fed into wiki pages. That gives you the ability to view everything in the same wiki system.

CyberX (recently bought by Microsoft) have a system that can scan and detect security issues especially for OT/ICS/IoT systems. Probably do asset management as well. I've not heard good things about them in the past but it might be better now.

@d-cunnings said in User Profile migration Problem AAD -> AD:

I always advise customers to go easy on cloud and see where it goes.

I understand what you're saying but there is nothing to see really. It will only go one way. Microsoft want you to move everything to the cloud their cloud.

You might not want that but Microsoft will force you with their planned obsolescence scheme, vendor lock-in and if needed with unlawful business practices. That is their MO and it has worked well since the 80s.

Companies that are knee-deep in Microsoft solutions will never be able to wriggle themselves out of that situation. Not until it's too late and too costly and then they just have to abandon any resistance and go full cloud. Company attitude is how they ended up with MS in the first place.

So the reason you can't find an easy way to do move from AAD to AD is because Microsoft doesn't want you to. It's not astonishing negligence, it's the result of a well planned strategy.

@Jimmy9008 said in Is Real Estate Actually a Good Investment on Average?:

@Pete-S said in Is Real Estate Actually a Good Investment on Average?:

@Jimmy9008 said in Is Real Estate Actually a Good Investment on Average?:

But, if I know I am going to be South East UK for at least a decade, owning is the only sensible financial choice.

Right, until you get sick long-term or have a divorce and you can't afford to pay your mortgage and you can't sell your house because nobody is willing to pay what you need to pay off your loans.

Renting is the SaaS of living arrangements.

Zero capital expense, zero risk, 100% agility.

Pretty much, shit happens.

If you are worried about possible future long term sick, get ASU insurance.
If you are worried about future divorce, well that sucks. Its still better to have 50% of a house than 0%.

There are lots of real world examples of shit happening. It still doesn't change the fact that renting is paying somebody else mortgage, when you could have your own and 'hope' to gain from it.

Everything has risk.

Yeah, but a shitty investment such as a single family home isn't worth that risk. It's a lot more financially responsible to rent your home and invest your capital in something better. Something that is not coupled to your living arrangements. Something you can sell and buy when the opportunity is right, not when you want to move.

If you like real estate there are plenty of things to own. Apartment buildings, commercial real estate for example.

@Jimmy9008 said in Is Real Estate Actually a Good Investment on Average?:

But, if I know I am going to be South East UK for at least a decade, owning is the only sensible financial choice.

Right, until you get sick long-term or have a divorce and you can't afford to pay your mortgage and you can't sell your house because nobody is willing to pay what you need to pay off your loans.

Renting is the SaaS of living arrangements.

Zero capital expense, zero risk, 100% agility.