If you want to run Geekbench 4 on a linux server, this is how to install and run it.
Note that you need to have a working internet connection on the server.
You can run it as root or as any other user.

Let's start from the home directory and put the files there.
cd

Download the files from geekbench.com:
(change version number if needed for latest version)
wget http://cdn.geekbench.com/Geekbench-4.3.3-Linux.tar.gz

Extract the downloaded files:
tar -zxvf Geekbench-4.3.3-Linux.tar.gz

Go to the extracted folder:
cd Geekbench-4.3.3-Linux

Run the test in tryout mode, results are uploaded automatically:
./geekbench_x86_64

After a few minutes the test is completed and you'll see a link to a webpage which is unique for each test.

Upload succeeded. Visit the following link and view your results online:
https://browser.geekbench.com/v4/cpu/1234567

Just enter the link in any browser and you'll see the results of the test.

@dbeato said in NVMe and RAID?:

One of the first Dell Servers with Hotswap NVME was the R7415 so yeah
https://www.dell.com/en-us/work/shop/povw/poweredge-r7415

Not sure what others have seen.

The newer ones have a 5 in the model number, so R7515, R6515 etc.
That's the ones you want to buy. AMD Epyc 2 Rome CPUs.

Dual sockets models are R7525, R6525 etc.

And to make this complete: 6 is 1U and 7 is 2U. R7515, R6515 etc.

If you have a RAID controller with 8 ports, you can connect up to 8 SAS/SATA drives directly to the RAID controller. That's fine but if you for instance have a server with say 36 drive bays you would need a 36 port RAID controller. Those are hard or maybe even impossible to find.

Well, here is where the SAS expander comes into play. It will work somewhat like a network switch but for SAS/SATA ports.

The SAS expander IC can be integrated directly on the backplane of the drive bays or it can be a standalone card or PCIe card. These are often used when you have more than 8 drive bays and even more so when you have 16 or more drive bays.

It allows you to expand the number of drives the RAID controller is able to connect to. It's transparent to the user because the RAID cards have integrated support for SAS expanders. This is also true of HBAs (Host Bus Adapters).

The only drawback is that the maximum transfer rate is, as always, limited by the PCIe link to the RAID controller card but also by the SAS connections from the RAID controller to the SAS expander. In real life though these bottlenecks are seldom bottlenecks as it's uncommon to read from all drives at the same time and drives are also often slower, especially when using HDDs.

SAS expanders are also used heavily in external JBOD chassis which are expander chassis for drive bays that you connect to a server so you can attach more drives than fits in the standard enclosure, aka Direct Attached Storage DAS. In that case the SAS expander sits inside the JBOD chassis.

Good to know about WoeUSB.

If you have windows available, rufus is an easy tool to make bootable USB drives.
Doesn't need to be installed and it's fast.
https://rufus.akeo.ie/

But in all honesty it's very easy to make a bootable windows installer USB drive manually. Just make a primary bootable FAT32 partition on the USB drive and copy the files from the ISO onto it. Done.

You can copy more files onto the drive, for instance drivers or other software. If you do that, it makes sense to make a dd image of the entire thing when you're done. That way you can easily write a new USB drive with your custom files on it.

First, ransomware is big business run by organized crime. I think about 19 billion dollar per year industry.

Everything can be compromised in different ways. There is just no way to protect your data 100% and to think otherwise is just naive.

We have chosen to go with tape as our last line of defense. Once you take it offline there is no way it can be remotely compromised. We believe that is enough to be able to recover from most attacks and the cost is reasonable.

Integrity of files

If you want to check the integrity of a bunch of files you can do it with md5deep, which can be thought of as a recursive version of md5sum. It was initially designed for forensic work.

If a file has the same hash as another file they are identical. If you save the md5 hash of a file and later recheck it, you can be sure the file hasn't been changed, corrupted or tampered with.

Installation on Debian

You'll find it in the package md5deep.

apt install md5deep

Inside the package you'll also find sha256deep and some other good stuff. Use sha256deep instead if you want to use sha256 hash. It's better and actually more secure than md5 but might be slower. You use it in the exact the same way though.

Besides linux it's also available on other OSs such as Windows, MacOS. You can build it from source too. https://github.com/jessek/hashdeep

Create MD5 signatures

md5deep -rl /check_this_dir/* > files.md5

This will create a text file (files.md5) with the md5 hash of all files (*) in the "/check_this_dir" directory.

Check MD5 signatures

md5deep -rlX files.md5 /check_this_dir/*

It will return the files that don't match. So if any file has been changed, it will show up.

Common Options

-r is to go into subdirectories as well
-l is to use local paths instead of absolute paths
-X is to do check the signatures

-e is if you want to see the progress while it's working.

Find more info on basic usage with examples here:
http://md5deep.sourceforge.net/start-md5deep.html#basic

Example

Let's check that our files in /boot and it's sub-directories stays intact.

First let's create an md5 file that we will compare with.

md5deep -r /boot/ > boot.md5

Let's verify the files have not been tampered with.

md5deep -rX boot.md5 /boot/ 

If a file or several files has been changed it will return the file and the new hash (exit code 1).
If all is good it will not return anything (exit code 0).

Maybe stop using USB drives for things they aren't designed for?

It looks like we've been down this road before.
https://mangolassi.it/topic/20070/so-xen-server-gave-me-an-error-what-do-i-do

A small SSD would do better. Something with write endurance and something that is designed to attached 24/7 in a hot environment.

If you don't have drive bays or don't want to waste them, use satadom.

Maybe I'm alone but on the top of my list:

1. Only use Microsoft as a last resort when all other options have been explored.
2. If you get paid by the hour disregard #1.

It sure is a dream come true - for NSA.

Thanks guys.

Unfortunately the link @dbeato provided is how you add a new disk to xenserver when you want it to be Storage Repository - a place to store VM partitions. So if you have a disk already xenserver will wipe it clean and put LVMs or EXT3 with VDI files on it.

When it's passed through as a block device to a VM it will have whatever filesystem the VM formats it with.

The problem with the info in the link @black3dynamite provided is that it's for xenserver 5.x so it doesn't work straight up with Xenserver 7.x (I'm running 7.4).

What I ended up doing was adding a raid 1 array instead of just a disk. The principle is the same though, just another name on the block device.

The array /dev/md0 is passed through to the VM as a block device.

I did it by adding a rule to /etc/udev/rules.d/65-md-incremental.rules almost at the end.

KERNEL=="md*", SUBSYSTEM=="block", ACTION=="change", SYMLINK+="xapi/block/%k", \
        RUN+="/bin/sh -c '/opt/xensource/libexec/local-device-change %k 2>&1 >/dev/null&'"

This rule will pass all md arrays to the VMs as Removable Storage in Xenserver (so you can attach it to whatever VM you want).

Note that * in KERNEL=="md*" is a wildcard. So this will match the devices /dev/md0, md1 md2 etc. Just replace md* with whatever block device you want to pass through.

The array is 2TB so I don't know if this works with bigger arrays.
After trying some larger drives I can verify that it works fine with larger than 2TB arrays.
Also the disks were empty so I'm not sure if xenserver will wipe the disk when you set this up the first time.
After some experimenting it looks like Xenserver will not touch the drive.

I'll add the complete file for reference.

KERNEL=="td[a-z]*", GOTO="md_end"
# This file causes block devices with Linux RAID (mdadm) signatures to
# automatically cause mdadm to be run.
# See udev(8) for syntax

# Don't process any events if anaconda is running as anaconda brings up
# raid devices manually
ENV{ANACONDA}=="?*", GOTO="md_end"

# Also don't process disks that are slated to be a multipath device
ENV{DM_MULTIPATH_DEVICE_PATH}=="?*", GOTO="md_end"

# We process add events on block devices (since they are ready as soon as
# they are added to the system), but we must process change events as well
# on any dm devices (like LUKS partitions or LVM logical volumes) and on
# md devices because both of these first get added, then get brought live
# and trigger a change event.  The reason we don't process change events
# on bare hard disks is because if you stop all arrays on a disk, then
# run fdisk on the disk to change the partitions, when fdisk exits it
# triggers a change event, and we want to wait until all the fdisks on
# all member disks are done before we do anything.  Unfortunately, we have
# no way of knowing that, so we just have to let those arrays be brought
# up manually after fdisk has been run on all of the disks.

# First, process all add events (md and dm devices will not really do
# anything here, just regular disks, and this also won't get any imsm
# array members either)
SUBSYSTEM=="block", ACTION=="add", ENV{ID_FS_TYPE}=="linux_raid_member", \
        RUN+="/sbin/mdadm -I $env{DEVNAME}"

# Next, check to make sure the BIOS raid stuff wasn't turned off via cmdline
IMPORT{cmdline}="noiswmd"
IMPORT{cmdline}="nodmraid"
ENV{noiswmd}=="?*", GOTO="md_imsm_inc_end"
ENV{nodmraid}=="?*", GOTO="md_imsm_inc_end"
SUBSYSTEM=="block", ACTION=="add", ENV{ID_FS_TYPE}=="isw_raid_member", \
        RUN+="/sbin/mdadm -I $env{DEVNAME}"
LABEL="md_imsm_inc_end"

SUBSYSTEM=="block", ACTION=="remove", ENV{ID_PATH}=="?*", \
        RUN+="/sbin/mdadm -If $name --path $env{ID_PATH}"
SUBSYSTEM=="block", ACTION=="remove", ENV{ID_PATH}!="?*", \
        RUN+="/sbin/mdadm -If $name"

# Next make sure that this isn't a dm device we should skip for some reason
ENV{DM_UDEV_RULES_VSN}!="?*", GOTO="dm_change_end"
ENV{DM_UDEV_DISABLE_OTHER_RULES_FLAG}=="1", GOTO="dm_change_end"
ENV{DM_SUSPENDED}=="1", GOTO="dm_change_end"
KERNEL=="dm-*", SUBSYSTEM=="block", ENV{ID_FS_TYPE}=="linux_raid_member", \
        ACTION=="change", RUN+="/sbin/mdadm -I $env{DEVNAME}"
LABEL="dm_change_end"

# Finally catch any nested md raid arrays.  If we brought up an md raid
# array that's part of another md raid array, it won't be ready to be used
# until the change event that occurs when it becomes live
KERNEL=="md*", SUBSYSTEM=="block", ENV{ID_FS_TYPE}=="linux_raid_member", \
        ACTION=="change", RUN+="/sbin/mdadm -I $env{DEVNAME}"

# Added line
# Pass-through of all /dev/md* arrays. 
# Will end up as Removable Storage that can be assigned to a VM.
KERNEL=="md*", SUBSYSTEM=="block", ACTION=="change", SYMLINK+="xapi/block/%k", \
        RUN+="/bin/sh -c '/opt/xensource/libexec/local-device-change %k 2>&1 >/dev/null&'"

LABEL="md_end"

@stacksofplates said in Managing Publicly hosted Linux Servers through Cockpit:

Solarwinds is far from "devops tooling" and that feels like a weird thing to say since most devops tooling is open source and not built in private like Solarwinds.

I didn't say that. I said that the cybercriminals are going after management tools including devops tooling. Just because it's open source doesn't make it automatically safe.

@stacksofplates said in Managing Publicly hosted Linux Servers through Cockpit:

The Solarwinds hack was from an injection during a pipeline where they modified the actual binary that was built. Ansible wouldn't be compromised that way since it's a Python package and you can just pull the Ansible source and run it. It doesn't need compiled.

Supply chain attack doesn't have to modify binaries. You could modify anything. In Ansible's case they say that the weak link is the community developed modules. That it's built on Python changes nothing.

What most people seems to miss is that the Solarwind attack was a supply chain attack.
That means that the tool itself was compromised.

That means that any tool, regardless of how you use it, is at risk for this kind of attack. It certainly doesn't have to be anything that is centrally hosted/administered.

Even ssh itself is at risk, but it's more likely to occur in tools where you have lots of source code from many sources. For instance ansible or devops tooling.

The "real" solution is to convert into SDI, which is the professional version of HDMI. Think TV station, broadcast cameras and other professional gear.

It uses coax so it's easy to install and put on connectors for whatever length you need. It can handle up to 300ft without any signal degradation. And there are converters for HDMI to SDI and back.

So if the application involves something related to live streaming, video recordings etc you might want to look into SDI. If you're just putting a TV somewhere far away, well then it doesn't matter.

An example of SDI - Canon C300 camera:

@jaredbusch said in Business number texting services:

@pete-s said in Business number texting services:

Usually you'd use a short virtual number for 2-way SMS communication

Not anymore. People want their business number to be the only number.

OK, but that is only a matter of who is the SMS gateway provider. If you for instance use Skyetel for the SIP trunk then you need to use Skyetel for the SMS gateway (since you want the same number).

And then you need software that interacts with the SMS gateway API so the users can handle the SMS.

For instance here is the setup for Textable to Skyetel API:
https://www.textable.co/docs/skyetel-setup-guide/

The real question is what the business want to do with the texting capability. And how they are going to handle it.

@JaredBusch I'm not exactly sure what you're looking for.

Are you looking for a SMS gateway or software that can communicate with a SMS gateway, for instance a help desk?

And why does the client want texting for the business numbers?
Usually you'd use a short virtual number for 2-way SMS communication. What is the use case here?

Tasks can technically speaking be shared between services that are using the iCal format. Similar to sharing calendars.

But not all services supports sharing tasks. We tried to get google tasks shared with zoho tasks but it was a no go. I think O365 and Google will work though.

Otherwise you have to move everyone to another platform. But whatever tool you select will then require you to set up accounts, add users and what not to get going. And you get a ton of functionality that the users will not need and will make it much more difficult for them.

@notverypunny said in XenCenter to XCP-NG Upgrade using Bash:

Hey @Pete-S, Have you run across anything missing in doing upgrades? Honestly wondering 'cause we've got a substantial fleet of older machines that we use with xenserver. Haven't hit any situations where it falls apart, just that some of the older processors are no longer supported. Things still work OK, it's just not a supported config from Citrix anymore since the older gear isn't on the HCL for the newer release.

No, we haven't upgraded servers using 6.x. But we've had issues on 7.x that I'm sure must have worked fine on 6.x. Both on the hardware side and on the software side.

If you run very plain hardware with a plain installation of xencenter, using recent guest OSs, I don't expect much problems with an upgrade from 6.x. I think most installations in SMB installations fall in this category.

But on older systems it's also likely you'll find a surprise such as a VM running Windows 2003 server or something like that. Things like that might get you into trouble.

@scottalanmiller said in ESXi VMware ESXTOP:

@stacksofplates said in ESXi VMware ESXTOP:

Does the esxi shell have awk?

No idea

According to this it does:
https://deepakkanda.wordpress.com/2018/07/25/shell-commands-in-vsphere-esxi/

@stuartjordan said in XenCenter to XCP-NG Upgrade using Bash:

I use XCP-NG but someone is using Xenserver 6.5. I'm not happy them using that old hypervisor. I'm going to export them VM's as precautionary backup anyway, But I wondered if anyone on here a successfully use the upgrade script built into XCP-NG?

I wouldn't upgrade xcp-ng from the shell. The recommended procedure is to do an upgrade using the ISO.

Partition layout is different from version 7 and up, but it will either be automatically upgraded to the new layout (if there is space) or kept the same using the old partitioning scheme.

That said, there are things to be careful about. Some old guest OS might have problems running on a newer version hypervisor. It's not just the guest OS but also the virtualization modes (HV,PVM, HVPVM etc). Some modes are not available anymore.

Another problem is that the old hardware on the server might not have drivers in the newer hypervisor. Some things have been deprecated.

Xenserver 6.5 was released January 2015. Assuming the server hardware is the same age, I would strongly consider getting a newer server and then reinstalling / moving the workloads from the old to the new server. That gives you time to move the workloads without causing disruption if you encounter problems.