@CloudKnight said in Rethinking Virtualization? Start with Hyper-V 2025:

I wouldn't even consider hyper v. Proxmox and xcp-ng are the future

And like, they were the "now and future" like, a decade ago. This isn't a recent thing.

@EddieJennings yeah, that would be nice for sure.

@Oksana LOL, if you are considering Hyper-V in 2025, you should be looking for a different career path.

@Oksana VMware still exists? LOL Why?

@CCWTech Looking at it, I think that it requires a client. Which isn't all bad, but limiting. The convenient web interface is paid only.

While generally not recommended, sometimes we need to back up to a USB drive or other hard mounted backup location in ProxMox.

Problem: USB and other external devices can easily lose their mount while a system is already online causing the mount point to unmount forcefully and leaving a folder where the mountpoint had been. Rarely do we want the backup function of ProxMox to backup to that local folder, we rather want the backup mechanism to fail and then have an opportunity to alert us to fix the backup location issue.

Solution: Inform ProxMox at an application level that the backup location is a mountpoint and not a local folder so that it runs detection prior to backing up.

What to do?

1. Get your list of storage locations from ProxMox
   pvesm status

2. Find your backup location NAME on that list. It is a ProxMox label, not the folder name. For many of you it might just be called something like "backup"

3. Inform ProxMox to test if the location is mounted prior to backing up. Replace the word backup in this example with the NAME you got from step 2.
   pvesm set backup --is_mountpoint yes

4. You are done if that succeeds silently, but you can double check that the change has been made by looking for it in this file:
   cat /etc/pve/storage.cfg

We have Tactical, it just automates MEshCentral poorly for Windows and doesn't work for non-Windows at all. We actually have to replace it because of that.

If you haven't played with it for tiny scale stuff, TailScale makes this SO easy to do.

@Mario-Jakovina you are correct, in bridge mode a telecom router SHOULD be essentially transparent. It's just an extra switch at that point.

MT is good. I always prefer a dedicated router/firewall. Then my APs separate.

If you run Ubuntu or other Linux system using the UFW firewall mechanism, and you probably want to limit at least some ports to only receiving traffic from CloudFlare's proxy servers. CloudFlare provides scripts for iptables, but not for UFW. But they do provide their IP list in a handy format. So here is all you need to do...

cd /tmp
wget https://www.cloudflare.com/ips-v4 -O ips-v4-$$.tmp
wget https://www.cloudflare.com/ips-v6 -O ips-v6-$$.tmp

for cfip in `cat ips-v4-$$.tmp`; do echo "ufw allow from $cfip to any port 80 proto tcp"; done
for cfip in `cat ips-v6-$$.tmp`; do echo "ufw allow from $cfip to any port 80 proto tcp"; done```

Notice this doesn't take action, it produces a handy human readable set of ufw instructions that you can audit before running. Just copy the output to a file and "bash file" to take action. Make sure to set the port to 443 in most cases, or run twice, once with 80 and once with 443.

Back in the day there was LogMeIn, but they lied about being free and it became very costly and difficult for people to get away from it. I've yet to encounter any competitor to MeshCentral that sits in the same space.

@Oksana Does it make it arbitrarily slow and buggy too? Does it break updates constantly for an "authentic' Windows experience?

If you need to remote into a Windows machine and get a list of printers without interrupting the user, this powershell command is quick and easy...

Get-Printer | Format-Table

Doing some platform updates today.

So after all of these years, just how busy is MangoLassi? Well, we are holding at 10 million views per week right now. Even with very low traffic, we are busy!

Hey guys, in Houston for the week just hanging out. Last scheduled trip to the US. Not sure when I'll be back. Updated my driver's license, did some work in my storage unit. Back to paradise in the morning.

On my live stream right now...

Youtube Video

Hey guys, sorry for the outage.

The most effective meetings are the ones that you don't have. - Quote (by me)

Turns out it is an App Armor restriction that Unity hasn't mentioned anywhere in their documentation even though we are at LEAST two releases into this problem. The fix is simple, but should be part of the install docs.

This is the error for the search engines:

No usable sandbox! Update your kernel or see Chromium Docs - Linux SUID Sandbox Development 48 for more information on developing with the SUID sandbox. If you want to live dangerously and need an immediate workaround, you can try using --no-sandbox.

To Test:

sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0

And then for the real fix: /etc/sysctl.d/unity.conf

kernel.apparmor_restrict_unprivileged_userns=0