My Internet provider just installed a 2,5/1Gbps Internet connection and I've asked the guys to run a couple of their fiber to connect my router (HP Prodesk with OPNsense) to my server....
I've observed if I say nothing (because I simply don't know how to react), opinionated people think you agree with them, which I don't. I don't care....
Samba is amazing, Windows server is a lot less so. The problem with Windows server is that it takes tons of steps to do basic things. On Samba I had Samba tool and it was very nice and friendly. On Windows server you have a ton of different management panels....
If you are using LDAP auth for your hypervisor (vsphere as an example) how do you auth after a kaboom event and your AD server VMs have not auto started.
I remember reading somewhere (prob /r/Sysadmin) that having one bare metal AD server just incase everything goes offline.
Some background: I have a Synology NAS already with plenty of space on it. It runs my Jellyfin server in a docker container. I also have a Raspberry Pi 3b running Pihole....
So I recently discovered that the camera NVRs are majority insecure. This lead to my company failing to get PCI compliance which wasn’t all that unexpected. However, this leads to the awkward situation of me comparing mesh VPNs. I’ve been playing around with netbird but I’m looking for a more polished solution....
In all honesty of you are in a commerical environment and scale where PCI and mesh VPNs are cropping up you should consider hardware firewalls.
FortiNet has FortiGate ADVPN as part of the base image and no extra licenses required. If you include the licenses you can get PCI reports from the FortiGate.
Juniper has SRX mesh, don’t go for the cisco tax of DMVPN, Palo Alto has LSVPN
The Ukrainian government’s military intelligence service says it hacked the Russian Federal Taxation Service, wiping the agency’s database and backup copies....
That’s fine. People don’t read the article anyway and it was the support portal of Okta that was breached.
So you are effected if your IT team had a support ticket open with okta and provided a support file and even then only the user details in the support file was effected.
It depends if your POE device can communicate back to the switch to lower the power output to match its requirements.
A switch will generally push the full power over the wire unless the remote device can talk back with LLDP power management TLV to lower the power, while connecting with a wall wart the device will pull only what it needs.
At my org we have some legacy software that uses the google analytics api. As you may be aware, that api has been discontinued for some reason. This application is going to nearly impossible to port to the new api....
It’s like the people bitching about MS changing Azure AD to Entra and how they have to rewrite part of their automation flow. But the module to access Azure AD has been on the depreciation path for over a year.
How long till employers sue the government saying the labour board doesn’t have the authority to do this. Like when telcos sued the government saying the FTC doest have the authority to impose net neutrality?
Hashicorp switches from open source MPL(Mozilla Public License) to BSL(Business Source License). The new license does not allow you to use Hashicorp products if you meet both of the following conditions:...
Honestly, why not do fortiswitch with your FortiGates? Using the fortilink feature fortiswitchs can be managed from the FortiGate
In addition if you get the fortigate cloud license you are then able to use the FortiCare portal to manage the device and can still login locally to make changes. Do not get the fortimanager cloud that is a seperate offering you do not want in this case as local changes will mess with things
In normal operation a router or firewall running NAT will allow you to access the internet and receive traffic you requested and drop any unsolicited traffic originating from the internet.
If you were to access google, your PC will try to access google.com on port 443 with your PC being the source of port 5673 (any number between 1024 and 65000ish). Any traffic from Google to you will be permitted provided they are using the correct port pairings. If google then decides I am going to send you traffic on port 5677 your router/firewall will drop the traffic as it is unsolicited.
Now for the problem. Upnp allows a piece of software running somewhere in your house to register itself with your router and say “hey, if you see traffic destined for port 5555 from anywhere on the internet forward it to me, even if I didn’t start the conversation”. Considering how bad software is written this can give a threat actor a beachhead into your LAN to then vomit as much traffic back out as it wants, it could be a DDoS a mining not or just regular traffic sniffing.
I’m just going to be vulnerable for a minute here. I met the first person in real life who had similar server-y linux-y obsessions to me and we’d send eBay links of systems to drool over to eachother. They ended up being a terrible person but hid it from me pretty well until they couldn’t anymore and now I no longer have...
My company is about to shift a large workload to a vendor that uses an RD Gateway hosted at Amazon to serve access to the front-end application. It’s open to the internet at 443. There’s no MFA. How worried should I be?
Is there no conditional access for the rds portal?
Time for a CYA email to your manager, project manager, and legal voicing your concerns about the lack of security for an rds Gateway and lack of best practices.
I recently have been playing around withTacticalRMM and I am very impressed. I have tried many different products but all of them has either had a minimum of 100 endpoints or been complete garbage (sometimes both)...
The reason his responses were fumbling? He’s just a hobbyist that’s managed to get one of his projects into a good enough place to make money off of. Are you expecting a PR team level of response?
For $600/year. I kinda do. If you get to the point of selling something it is beyond a hobby and you should have some form of professional services to outsource this kind of work to.
Is it just me or are system requirements by vendor applications getting out of hand? In the past 5 years I’ve watched the minimum specs go from 2vCPU or 4vCPU with 8GB or 16GB RAM now up to a minimum of 24vCPU’s and 84GB of RAM!...
I just received a request to deploy a new VM that is going to be used for managing and provisioning switch ports on some new networking gear. The vendor has provided a document with their minimum requirements for this. 24 vCPU’s 84GB of RAM 600GB HDD with a minimum I/O speed of 200MB/s
USA: The financial meltdown is beginning. ( www.nbcnews.com )
They are keeping this quiet, but this affects 2.9% of US bank customers.
VMware customers may stay, but Broadcom could face backlash “for years to come” ( arstechnica.com )
Price hikes of over 2x widely expected under Broadcom’s VMware, survey finds...
A good leader always farts first 💨 ( aussie.zone )
From 2017 to 2020, the U.S. Department of Labor recovered $3 billion in stolen wages from employers ( medium.com )
Single mode fiber cable: which SFP module?
My Internet provider just installed a 2,5/1Gbps Internet connection and I've asked the guys to run a couple of their fiber to connect my router (HP Prodesk with OPNsense) to my server....
I this a firm and polite way to tell an opinionated coworker to stop pushing his agenda I don't care about?
I've observed if I say nothing (because I simply don't know how to react), opinionated people think you agree with them, which I don't. I don't care....
Will Billionaires Destroy Worker Rights? | Robert Reich ( www.youtube.com )
Too smol ( lemmy.world )
Isn't it a little ironic to have a "Be productive" rule in a men's rights community? **Edit: I said what I said.**
Bottom Text
I had to migrate from Samba AD to Windows Server AD and I'm sad (RIP Samba)
Samba is amazing, Windows server is a lot less so. The problem with Windows server is that it takes tons of steps to do basic things. On Samba I had Samba tool and it was very nice and friendly. On Windows server you have a ton of different management panels....
How long will the Great Lakes last?
Neighbour is cleaning their windows and someone is spooked by it. ( lemmy.world )
cross-posted from: lemmy.world/post/13297801...
Dang it, he caught me. ( lemmy.world )
Home(lab) router advice
I just recently got 1 gigabit up/down at home when they put in fiber. Now I’m looking for a router/firewall to use. I run a homelab with a few VMs....
Recommend me a mini PC for a Proxmox homelab
Some background: I have a Synology NAS already with plenty of space on it. It runs my Jellyfin server in a docker container. I also have a Raspberry Pi 3b running Pihole....
What crazy or unusual things are you guys working on?
I read someone was trying to get Samba AD working in a container and now I am curious what else you guys are working on....
Tailscale as a tool for PCI compliance (to avoid port forwarding)
So I recently discovered that the camera NVRs are majority insecure. This lead to my company failing to get PCI compliance which wasn’t all that unexpected. However, this leads to the awkward situation of me comparing mesh VPNs. I’ve been playing around with netbird but I’m looking for a more polished solution....
xkcd #2868: Label the States ( xkcd.com )
Alt text: Even with a blank map, a lot of people can only name 45-50 of the 64 states.
Broadcom ends VMware perpetual license sales, testing customers and partners ( arstechnica.com )
Just what the world needs, more software subscriptions. /s...
Ukrainian military says it hacked Russia's federal tax agency ( www.bleepingcomputer.com )
The Ukrainian government’s military intelligence service says it hacked the Russian Federal Taxation Service, wiping the agency’s database and backup copies....
New Factory: Day 1 ( poptalk.scrubbles.tech )
Today is the big day, day one of my new factory! Small beginnings, posting regular updates here. Wish me efficiency....
1Password discloses security incident linked to Okta breach ( www.bleepingcomputer.com )
Q: Is PoE energy efficient inside your home?
Is PoE more efficient than plugging in adapters for each network device?...
You have a organizational identity right? ( lemmy.zip )
McDonald's franchisee group says new $20 minimum wage California fast-food bill will cause 'devastating financial blow' ( www.cnbc.com )
Google sucks (rant)
At my org we have some legacy software that uses the google analytics api. As you may be aware, that api has been discontinued for some reason. This application is going to nearly impossible to port to the new api....
National Labor Relations Board slams union-busting tactics by employers ( www.courthousenews.com )
The new ruling forces employers found interfering with a union election to immediately recognize the union without a new election.
What the AMPTP is refusing to grant the WGA vs. their revenues ( lemmy.world )
Just bought a new toy for 100€, full 48 port gigabit POE! It's pretty nice, I like it! ( lemmy.world )
Hashicorp Adopts BSL License ( www.hashicorp.com )
Hashicorp switches from open source MPL(Mozilla Public License) to BSL(Business Source License). The new license does not allow you to use Hashicorp products if you meet both of the following conditions:...
Here is my current homelab setup (now show me yours) ( lemmy.zip )
I wish lemmy would allow for bigger images....
xkcd #2812: Solar Panel Placement ( xkcd.com )
Need suggestion for my next router and switch vendor
Simply put, what the title says....
Just how many ports does Nintendo Switch need!?
It’s been a while since I’ve played any games online with my Nintendo switch, and I quickly remembered the issues with NAT types on the Switch....
Revoking the SSH Keys of a Friend Sucks
I’m just going to be vulnerable for a minute here. I met the first person in real life who had similar server-y linux-y obsessions to me and we’d send eBay links of systems to drool over to eachother. They ended up being a terrible person but hid it from me pretty well until they couldn’t anymore and now I no longer have...
Is RD Gateway hosted by Amazon secure enough? ( aws.amazon.com )
My company is about to shift a large workload to a vendor that uses an RD Gateway hosted at Amazon to serve access to the front-end application. It’s open to the internet at 443. There’s no MFA. How worried should I be?
TacticalRMM is a god send ( github.com )
I recently have been playing around withTacticalRMM and I am very impressed. I have tried many different products but all of them has either had a minimum of 100 endpoints or been complete garbage (sometimes both)...
System Requirements Are Getting Out Of Hand
Is it just me or are system requirements by vendor applications getting out of hand? In the past 5 years I’ve watched the minimum specs go from 2vCPU or 4vCPU with 8GB or 16GB RAM now up to a minimum of 24vCPU’s and 84GB of RAM!...
Fortinet warns of critical RCE flaw in FortiOS, FortiProxy devices ( www.bleepingcomputer.com )
This is different from last week’s warning: bleepingcomputer.com/…/300-000-plus-fortinet-fire…...