just updated my instance to current and they still work.
1579617f-7dc9-47f9-93fa-ae1c18fed158-image.png
95300b7c-a57e-4724-bf66-ba5a25a78edf-image.png

@Pete-S said in Local Storage vs SAN ...:

@scottalanmiller said in Local Storage vs SAN ...:

vSAN is any SAN run virtualized

I think that is incorrect. The definition is virtual storage area network. A software defined storage area network if you will.

That is not the same as a virtualized storage area network.

There's some contention around the "vSAN"/"VSAN" designation.

StarWind and VMware adopted the vSAN designation for their Hyper-Converged Infrastructure solution sets IIRC. Both did.

HCI means local storage on each node, a dedicated network fabric for node to node storage I/O, and resilience/redundancy for the disks based on how many nodes and what kind of performance is needed.

Fault Domains are at the disk and node level while some products allow for a form of Stretch Cluster which could be rack to rack, DC to DC, or intra-DC within a certain amount of latency (S2D/AzSHCI is 5ms or less).

@Pete-S said in ZeroTier rules to limit freelancer access:

@dafyre said in ZeroTier rules to limit freelancer access:

@Pete-S said in ZeroTier rules to limit freelancer access:

@JaredBusch said in ZeroTier rules to limit freelancer access:

Because once a user is in said server, via any secure method, you need to have a solution inside the network to prevent access to any other server from inside.

That makes sense.

However that can be as simple as using each servers firewall to block rdp/ssh from everything but zerotier.
That prevents moving horizontally from one server to another.

Again after I've connected to SERVER5 via ZT, how do you prevent me from accessing SERVER1-4 and SERVER6-15 -- or any other internal resource since the server I'm connecting to is already inside your network's main firewall?

Let's call zerotier a VPN for simplicity and let's say we want to control ssh network access.

You prevent network access on ssh from SERVER1 to SERVER2 by setting the OS firewall on SERVER 2 to only allow ssh from IPs on the VPN subnet.

That means you can reach each servers ssh port from VPN, but not from anywhere else. So if you ssh into one server through VPN, you can't ssh from there to the next server.

Right, which is why I asked the OP to clarify what he meant by server access.

@jt1001001 said in Eaton Rack Mount 5P: power on issue:

@gjacobse Could just need new batteries maybe one of the cell's is low

While possible- it’s a new unit.

@Obsolesce said in User migration to azure:

The alternative to signing into the web browser to sync is so much worse, even in the off chance you chose to use 4 web browsers at the same time, and sign into them all with your work account to sync. Any other method is going to end up costing way more effort in the end anyways.

No real arguement from me there. But it's still 3 (IE is dead and as far as I know never had sync) accounts, one for each browser.

I use three browsers - I personally use FF, I have to use Chrome/Edge for our EMR - it refuses FF, and I use Chrome and Edge because I have need for multiple sessions in the EMR as different users... now I could do profiles in Chrome for that - but that's like making multiple accounts in Chrome.. so - meh.

@dagors said in Configure ZTE F670L for NAT on LAN Ethernet Ports:

This was it. What a dumb way to have that worded!!

Sorry, google translate.
But it's good that it was fixed.

I mean dumb way that ZTE worded it.

We find that if we rename the PC, then allow more than a day to go by before restarting, this can happen.

Also, if we rename a PC, then the user allows the PC to go into Lock mode (screen saver timeout with login required to return) they will encounter this upon wake up/re-logon.

In the above two cases a reboot usually resolves it, when it doesn't, we go in as local admin and disjoin then rejoin the domain to resolve it.

Also, in the above two cases, we did not lose the computer in active directory, so after the disjoin/rejoin you'd want to remove the orphan computer from AD.

There's an article online somewhere about why you should NOT disjoin and rejoin the domain in this case, but we have always done it this way and have never experienced ill effects.

@Pete-S said in WordPress Site Lost Its Mind - Ten Minutes of Maintenance Over and Over Again:

This is how you do that:
https://developer.wordpress.org/plugins/cron/hooking-wp-cron-into-the-system-task-scheduler/

Nice, good info. Thanks.

@scottalanmiller said in Miscellaneous Tech News:

https://www.bleepingcomputer.com/news/microsoft/microsoft-365-outage-takes-down-teams-exchange-online-outlook/?mibextid=Zxz2cZ

They had an issue on Friday that affected people with GEO blocking......After research we found some of the IP's trying to respond were based in India. Unblocking India from GEO fixed it. I imagine companies that are government or companies based in the UK would be able to sue the pants off them.

@scottalanmiller said in Bind Linux Process to Well Known Web Ports When Not Root:

If you have ever tried to run a user space program on Linux with a port below 1024 you know that this is a security problem and you are not allowed to do so. There is a simple fix for this, but it is not well known.

Once you know the binary that you will be using to open the low number (well known) port you can use this command to grant it permission to use these ports without otherwise compromising security.

setcap cap_net_bind_service+ep /my/binary/file

Now you can run your application. This is most commonly used for user space web applications that want to use port 80 or 443 without requiring that you run a reverse proxy in front of them.

Good to know!

I found this as an example of how to use it and also commands to remove the permission:
https://cwiki.apache.org/confluence/display/HTTPD/NonRootPortBinding

The setcap utility seems to be available in the libcap2-bin package on debian distros.

I haven't checked if it's installed by default.

@IRJ said in Helpdesk - PC replacement routines:

@scottalanmiller said in Helpdesk - PC replacement routines:

@IRJ said in Helpdesk - PC replacement routines:

The Helpdesk team exists to be a human shield for users. Your main job is keep users away from the rest of IT. Customer service and user support is the job. Since your Helpdesk should be made up of entry level with fair turnover, I'm not sure you're gonna ever be efficient nor is that really the goal.

I started in Helpdesk as did many others I've met in higher IT positions. The employees that you have that are really good are not meant to stay there too long. If your company doesn't have the foresite to promote top performers, they will just leave and go somewhere else.

The TLDR is Helpdesk is supposed to be a a human shield for IT. It should be a starting place for aspiring IT professionals, and if they are knowledgeable enough to improve these processes they won't be around long (one way or another).

That said, some people like the interaction and choose to stay there. But that's not the norm. But even then, it's a customer service role for sure and "performance" will always be difficult. In fact, you might dislike performance if it means less human interactions with end users.

Yep. I've seen it. There's one guy that I worked with that just loved everything about Helpdesk. Far more capable than the desk. He could be working with servers, cloud, etc. He just decided he loved what he was doing and stayed there for many years. I kept in touch for many years beyond us working together and he was always there. Big fish in little pond so to speak, and I think he likes that.

We've had staff like that. Pure gold if you find them. Someone actually happy with "what they are doing."