@jasgot said in Exchange Environment - Lab:
This is like saying you don't need to learn long division because you have a cellphone with a calculator.
No it's almost like saying you need to learn the intricacies of using one of these
Before using one of these
You can still write qbasic also, but why would you?
There's nothing wrong with understanding these languages had a purpose at one time, but don't put effort into learning them unless you have to.
@jasgot said in Exchange Environment - Lab:
it was said in Exchange Environment - Lab:
Why are you trying to learn how out dated technology?
I'm curious, why is this the de-facto "go to" question when people don't feel like helping, but still want to hear themselves talk?
Maybe... this is what he has laying around his lab, AND he wants to learn?
Why is it usually a problem that one person is learning something years after someone else has?
I just don't get it.
If someone were asking how to write dos batch files, which is decades old, it is still a good basis for understanding and developing scripts; that will help with future learning.
It won't really help with future learning. Learning things like Goto statements is a waste of your time. If you (not you specifically but the editorial you) want to advance your career you will avoid old languages and systems like this.
@scottalanmiller said in Apple plans to scan your images for child porn:
@dustinb3403 said in Apple plans to scan your images for child porn:
@scottalanmiller said in Apple plans to scan your images for child porn:
@jaredbusch said in Apple plans to scan your images for child porn:
And the pile on officially begins.
https://9to5mac.com/2021/09/09/csam-scan-encrypted-messages/
Now we know how bad it is if the UK is supporting it! The ultimate surveillance state.
China is way worse...
Sort of. It depends on what you measure. Camera, they are worse (per capita, for real.) But when it comes to far more intrusive data, they are less.
Uh that completely ignores the fact they monitor all of their internet traffic. They don't need to file data requests when they already have it?
@dbeato said in Unifi Controller Installer Script for Ubuntu 21.04:
@voip_n00b said in Unifi Controller Installer Script for Ubuntu 21.04:
@stacksofplates docker is worse than reddit. I can’t believe you would suggest such hot garbage.
How is it garbage @VoIP_n00b ? It is quite possible if someone wants to run their Controller as a container. I am not sure why you are also comparing Reddit with Docker, what is the comparison?
I think it's an attempt at trolling.
The Linuxserver docker image works pretty well.
@dustinb3403 said in RMM Service:
@irj said in RMM Service:
@notverypunny said in RMM Service:
I'd like to have more granular permissions options (like allowing users access to workstations but blocked on servers) but it's not a deal-breaker.
You aren't using a segmented network with firewall rules blocking incoming ports like RDP and SSH?
How does segmented networking affect the user permissions within Tactical. I get how it would segment the devices, but that does nothing for the RMM side. IE different teams of people to manage different equipment or resources.
He's saying if you segmented the network you wouldn't need to worry about those controls in the RMM at all.
@irj said in RMM Service:
@notverypunny said in RMM Service:
@scottalanmiller I know you've said in the past that the smallest VPS from vultr or DO should be more than sufficient for a meshcentral server. Tactial's documentation specifies 2GB of RAM, would a VPS option like the $10/mth DO shared CPU option (2GB RAM, 1CPU, 50G HDD, 2TB transfer/mth) be sufficient or should something beefier be used as a minimum setup?
Containerize it and you will only use the resources you need with the ability to scale when needed.
This would most likely be an easier setup on K8s. I wouldn't recommend running prod stuff with docker-compose. You can just set up an ingress for those three hostnames with annotations and cert-manager will generate certs for them automatically.
@scottalanmiller said in DNS Filtering Service:
@stacksofplates said in DNS Filtering Service:
@scottalanmiller said in DNS Filtering Service:
but the OP isn't looking for that.
Not sure why this is assumed. I took it to mean they wanted similar features of a pihole which include adding specific filters and reports.
Sorry, that was ambiguous. I meant that he wasn't looking "for the pihole", not that he was or wasn't looking for the whitelist/blacklist features.
I just meant that PiHole with CloudFlare was an obvious, super cheap, perfect solution - but the OP didn't want it so would need something to replicate it without being it in name.
Ah ok, no prob.
@dustinb3403 said in Where to start...:
@stacksofplates said in Where to start...:
@dustinb3403 said in Where to start...:
don't work for solutions like AutoCAD without crazy high Opex costs to get the performance to match local performance
Two things. One) autocad files aren't that big. Other cad software is larger. Two) you do realize they don't copy the whole file back and forth right? They use block level dedupe and only diff the blocks that are necessary.
You do you realize I lumped all design files in with AutoCAD, indesign files can be massive, I've personally dealt with 13GB files because of how the designers had to use them. If you want to be a pedantic dickhead go ahead, but don't expect someone to list out every possible file and how it could be accessed.
Lastly, apple computes lock every file pre-emptively when accessing a share in the hopes of speeding up performance for the user, while we don't know what user systems @mmicha has, it's also not something that has been discussed.
This feature of apple's design makes dealing with file shares that much more painful in general.
Don't get mad because you specifically named a tool. Yes direct modeling software generates larger files, but even things like Dropbox still chunk the data into 4 mb blocks. I've worked with a shop that used Dropbox to sync their solidworks data and it was fine. Not sure why you think that when @IRJ mentions running the workloads in public cloud you think that means setting up a giant SMB/NFS share that things would "access". Amazingly TeamCenter runs fine on pub cloud and I guarantee they handle larger than 13GB models.
Stop the childish attitude.
@dustinb3403 said in Where to start...:
don't work for solutions like AutoCAD without crazy high Opex costs to get the performance to match local performance
Two things. One) autocad files aren't that big. Other cad software is larger. Two) you do realize they don't copy the whole file back and forth right? They use block level dedupe and only diff the blocks that are necessary.
https://www.the-sun.com/tech/3525714/microsoft-power-apps-exposed-data-leaks/
Kind of click-baity title but power apps automatically makes a database public when you enable an API to interact with the database.
What services have you investigated? The requirements here are pretty bare.
@scottalanmiller said in DNS Filtering Service:
but the OP isn't looking for that.
Not sure why this is assumed. I took it to mean they wanted similar features of a pihole which include adding specific filters and reports.
@scottalanmiller said in DNS Filtering Service:
Gateway is a "VPN Replacement". It moves where your traffic goes. It's a huge service doing dramatic stuff. If someone wanted a VPN / Proxy system + DNS Filtering, you'd have to request that. That's 90% stuff that isn't related to DNS. Definitely not at all what the OP was asking about. The stuff that they compared to, like PiHole, is nothing like that whatsoever.
Can you give a link to the Cloudflare service you are talking about? Maybe that will clear things up here.
@dustinb3403 said in DNS Filtering Service:
@stacksofplates said in DNS Filtering Service:
@dustinb3403 said in DNS Filtering Service:
@voip_n00b said in DNS Filtering Service:
Anyone have a recommendation? Been looking at a bunch of them - looking for some first hand experience. Im looking for a hosted service not a pihole, or something like that.
A hosted service that isn't pihole.... then what is PiHole?
A self hosted application. Idk what you are trying to say here.
You can host it anywhere. Just because You host it on-premise or in AWS, Azure or wherever doesn't make it not hosted.
that's self hosted. A "hosted service" is a SaaS.
@dustinb3403 said in DNS Filtering Service:
@voip_n00b said in DNS Filtering Service:
Anyone have a recommendation? Been looking at a bunch of them - looking for some first hand experience. Im looking for a hosted service not a pihole, or something like that.
A hosted service that isn't pihole.... then what is PiHole?
A self hosted application. Idk what you are trying to say here.
So you can also run serverless on K8s. It helps alleviate some of the vendor lock in issues, but doesn't necessarily alleviate cold starts. OpenFaaS and Kubeless are two popular serverless frameworks for K8s. They both allow custom runtimes/templates so you aren't beholdant to a specific vendors security when deploying your apps.
@irj said in Greenfield Kubernetes Architecture and Security:
Also another related question, would you even use kubernetes for databases or would be better to use a hosted service like RDS?
it depends. It's valid either way. However, things like dynamodb can get stupid expensive really quickly, so it's valuable to run those in cluster and just pay for the PVCs used.
@irj said in Greenfield Kubernetes Architecture and Security:
@stacksofplates said in Greenfield Kubernetes Architecture and Security:
.
1 will get really expensive and complicated really fast.
2 is complicated in networking, but less complicated in that you need less rolebindings (also more expensive).
3 makes the most sense but adds complexity with SAs and rolebindings. Let the namespaces be the logical separation. Use a mesh like Istio/Kuma for mTLS. If you pay for Kuma you get OPA integration in the sidecar with a CRD for the policy, if you use Istio you still get OPA but I believe it's a configmap that you need to load into a central OPA I can't remember. This way you can define policy for each app but your app doesn't need to understand how authentication mechanisms work.
1.) Is that because you have masters for each cluster, but if combining all clusters your master would still need to scale out, right? Why is it complicated? It seems like to me for organizing backups and for administration it's probably the easiest?
2.) You are saying you'd have a cluster called
postgressqland then have names paces likeapp1-postgresqlapp2-postgresqlapp3-postgresql, etc. If you're backing up an entire application you would need to create some type of orchestration for restore on multiple clusters simultaneously to bring the application back up.3.) I need to do some research and reading on this before I can ask more questions
It would be more complicated because you lose the aspects of Kube that make it helpful like service discovery. If you want that you'd have to have your mesh span multiple clusters. And if you don't have a mesh, you'd have to use an ingress for every single thing that talks to your app in your cluster. And it's a big waste of resources.
I prob wouldn't recommend 2 at all. If you're running kube in a company like yours, you should be using microservices. The microservice should just have it's own database which could either just be a document store or a single table (or a couple if you really need a relation). This way the engineers can access their own db and access other info through the API contract in the other microservices. 3 tier apps are kind of legacy at this point.
