@Pete-S said in Run ls as another user?:

What's the easiest way to run ls as the apache user (which you can't login as)?

su -u apache ls

@scottalanmiller said in What Are You Doing Right Now:

@Dashrender said in What Are You Doing Right Now:

@scottalanmiller said in What Are You Doing Right Now:

New project to replace Veeam with Duplicati. Exciting.

you don't like Veeam any more?

Just lacks the power and features to do what we need. Don't want to have to assemble our own solution from scripts when Duplicati does everything we need in a single package. Veeam is great when you need a much more limited set of features.

Duplicati has worked great for me. Normally use it with Backblaze B2 or Wasabi.

@WrCombs said in Ipad guru/ Site connectivity issue:

@Dashrender said in Ipad guru/ Site connectivity issue:

@WrCombs said in Ipad guru/ Site connectivity issue:

@Dashrender said in Ipad guru/ Site connectivity issue:

Are customer's allowed on any SSID on this network? or only employee and business devices?

Only employees / business devices are allowed to connect.

so how many total devices are we talking about?
what is the bandwidth of the ISP connection?
what is the bandwidth utilitzation per endpoint for the application in question?
how much bandwidth is being chewed up by staff devices downloading FB, YT, updates, etc? perhaps that needs to be squeezed to next to nothing to ensure enough bandwidth for the business stuff.

I can't login to Unifi Dashboard.. it wont give me the login page.. Don't know what's going on with it.

Was it recently upgraded? A few failures were common when upgrading from 5.x.xx to 6.x.xx versions.

Going to pickup dinner for my mother in law who had surgery to remove a very large kidney stone today. Not much else planned for this weekend.

@Mario-Jakovina said in Another RDS server?:

@JaredBusch said in Another RDS server?:

None should have 8 because of his CPU only have 8 cores.

Does it mean that in my case (4-core CPU) VM should use only 3 vCPU even if it is only VM on the host?

Yes, this is correct.

@JaredBusch said in Another RDS server?:

Basically, everything should be only 1 or 2 vCPU unless specifically noted otherwise.

For DB servers and RDS servers, we use all available cores to better serve more users at the same time. Is something wrong with that?

While you can assign all cores to every virtual machine, it is a horrible idea. The virtual machines will be doing next to nothing but waiting on each other to finish background processes.

Check out
https://www.hpe.com/us/en/insights/articles/10-virtualization-mistakes-everyone-makes-1808.html
and
https://www.sqlskills.com/blogs/jonathan/cpu-ready-time-in-vmware-and-how-to-interpret-its-real-meaning/
if you want to know why.

County fair starts tomorrow, but we're not going till Monday.

@Mario-Jakovina said in Another RDS server?:

@travisdh1 said in Another RDS server?:

@Mario-Jakovina said in Another RDS server?:

@JaredBusch said in Another RDS server?:

None should have 8 because of his CPU only have 8 cores.

Does it mean that in my case (4-core CPU) VM should use only 3 vCPU even if it is only VM on the host?

Yes, this is correct.

Does it mean than in 1:1 virtualisation, you always "lose" one core?

Ah, I was thinking you had both VMs running on a single host. My bad.

@gjacobse said in What Are You Doing Right Now:

Pains me to say - I may be going 'consumer grade' for a router as I now find that my 16port switch is lost as well.

This is due to cost and turn around.

You can still find 16 port switches for reasonable cost, they're just harder to find. I recently got a 16 port PoE TPLink switch from Amazon that wasn't overpriced or impossible to actually get.

Why would you consider consumer grade routers? At the very least, you can get ER-X from MicroCenter. There are a few other quality options around that are better than consumer c*** now as well.

@wrcombs said in Ipad guru for Site connectivity issue:

@dustinb3403 said in Ipad guru for Site connectivity issue:

@wrcombs He's facepalming the fact that someone, thought adding APs (regardless of settings) would fix the issue.

In particular the fact that these are so close together.

I couldn't tell if it was directed at me for saying "nope.." or if it was directed at the APs (which is exactly what I did when I looked at the APs.. by the way)

It was directed at the APs, specifically after you answered that there are no obstructions between the two.

@nadnerB said in What Are You Doing Right Now:

@dbeato said in What Are You Doing Right Now:

@nadnerB Haven't had that much bad luck with them as switches goes and they have lasted more than Dell and HP for us.

When other people have bought TP-Link kit, it's been pretty good.
At work (pre-merger) we had some things that APs, switch etc, they seemed to keep going.
Opposite story at home I've had, i think I'm up to, 3 DOA modem routers, and one that was dieing a slow death. IMO, I have bad luck with TP-Link, so I've stopped buying their stuff.

Other people don't seem to have the issue.

Any of their home gear (routers, modems, etc) is generally trash.

Switches and enterprise gear is much better.

I've heard good things about their Omada products as well, but haven't used any yet myself.

@wirestyle22 said in UniFi Product stream:

@travisdh1 said in UniFi Product stream:

I forget off the top of my head which device it is,

The UniFi Access system consists of four elements:

UA Controller: The control center for your Access system, hosted on the UniFi Dream Machine Pro (UDM-Pro). Your UA controller is easily upgradable and offers a host of features that simplify access policymaking as well as personnel, space, and device management.

UA-Hub: A secure I/O hub that authenticates inputs registered by your Access readers (UA-Pro & UA-Lite), push buttons, and sensors. Your UA Hub can also control door locks, alarms, and motorized door openers.

UA-Pro and UA-Lite: The Access system's card or motion reading devices that unlock doors with a swipe of an NFC card or NFC-enabled mobile phone. Please refer to the Current and Future Access Modes section below for more information on current and future access methods.

UA-Card: A NFC card that is specific to your Access system and encrypted with a special algorithm that cannot be replicated, unlike other NFC cards. Your Access system will support any NFC card, so you can retain your current access cards.

It was the Dream Machine Pro I was thinking of. The reviews I've seen all say that if you have to buy a Dream Machine Pro just for the access control that you're better off going with the competition who's overall price will be lower.

I just got a ticket for Ohio Linux Fest. I'll only be able to attend Saturday, but looks like some interesting things happening.

https://olfconference.org/ if anyone else is interested.

@scottalanmiller said in Re-add Server/Computer to AD:

@siringo said in Re-add Server/Computer to AD:

@scottalanmiller Ah yes. Just got onto the console with Mesh Central.

Still don't have an account to log in with though.

We use the terminal to make local admin accounts all the time. It's the best.

net user /add account password or net user /add account *

And better not forget a local admin

net localgroup administrators /add account

@scottalanmiller said in What Are You Doing Right Now:

@nadnerB said in What Are You Doing Right Now:

@travisdh1 said in What Are You Doing Right Now:

Cursing the existence of SIP-ALG.

The only way to disable it on a FortiGate is the command line. I'm fine with that, but most people won't even be aware it exists and is turned on!

Interesting choice to exclude that from their interface.
Even an alert to confirm that you want it left on would be better than completely excluding it.

This implies to me that they are getting paid by ISPs or similar vendors to create problems on their behalf.

Wouldn't surprise me. They're pricing structure reminds me of Cisco, you have to license the most basic stuff.... 2fa, that's an additional license!

@brandon220 said in Virtualization Host:

@irj It requires 10g networking to the data repository for performing analytics on collected data. There will be large amounts of data eventually. The software developer requires 8 cores and 32g of ram minimum. I don't see how that much compute can be done in containers. I don't use them so I can't speculate on how well or not it would work.

10g network to the data repository? That shouldn't even come into the conversation here, at all, ever. Single server should be local storage only, I can almost guarantee this application is not anything special that would change that standard rule. If they have to have shared storage, I'd use another VM on the host with an NFS share.

As for the choice of hypervisor to use, either KVM or Proxmox should be fine. Converting the virtual drives will be the same for either one.

Or just tell them your running bare metal and use a VM anyway if you don't want to deal with converting the vdisk.

Cursing the existence of SIP-ALG.

The only way to disable it on a FortiGate is the command line. I'm fine with that, but most people won't even be aware it exists and is turned on!

@irj said in Changing subnet mask?:

@travisdh1 said in Changing subnet mask?:

@irj said in Changing subnet mask?:

@siringo said in Changing subnet mask?:

Sorry if this is a dumb question but ...

Inherited an old SBS network which has been upgraded, but is still using the 10.0.0.0 /8 setup.

I was thinking of changing the subnet to /24.

Currently all devices still have 10.0.0.x addresses.

Some of the their network gear is managed and I need to arrange with them to change settings within their Cisco gear to /24.

If I get the Cisco gear changed, prior to me changing the servers, PCs, printers etc to /24 will everything remain working??

For example, If I get the Cisco gear changed to /24 on weekend 1, will everything still communicate & work fine until I can change the other gear on weekend 2??

I know the subnets are different, but with all devices having 10.0.0.x addresses I'm thinking they still may be seen by the /24 devices????

Does that make sense?

Create /24 VLANs. Separate severs, printers, workstations with different VLANs. Then you can block workstations from even seeing server VLAN.

Seems like a lot of work with no business need from what we know.

Can you expand on this?

How is this alot of work and how is there no business need to segregate important data?

Because in my experience data security is pretty damn important from a business perspective.

You're conflating VLANs with security. VLANs themselves provide zero additional security, just network segmentation. It takes seconds for someone with network access to scan for any active VLAN and tag packets with different ones.

If you want additional security, you need to move to a zero trust model.

Finally updated my laptop. Now running Fedora 37, and have a few Steam games installing. So much easier than previous versions of Fedora I tried Steam on.

@stacksofplates said in Changing subnet mask?:

@dashrender said in Changing subnet mask?:

@travisdh1 said in Changing subnet mask?:

@jaredbusch said in Changing subnet mask?:

@travisdh1 said in Changing subnet mask?:

You're conflating VLANs with security.

You need to realize who you are talking to.

@IRJ is probably the most skilled security person on the community.

I know this, and statements like he made give me headaches after having to explain to other people that VLAN does nothing for security if you don't have firewall/access rules as well.

The types of places @IRJ has worked at, I agree that it would be insane to have a flat network.

This is my thoughts - most small businesses don't need/want more complexity than a flat network.

Most small businesses don't want to deal with ransomware. What they want is immaterial. They should be doing what they need.

Yep, and most small businesses shouldn't be running their own server in the first place, and most of our clients are actually moving to all hosted services. So no need to segment the network.

@siringo said in What Are You Doing Right Now:

what's another reputable pwd manager??

Bitwarden is what I chose. It has all the basic features needed in the open-source version. I chose a paid tier, but you are able to host it yourself if you wish.