IT Discussion

• V

  Tailscale
  • VoIP_n00b  

  6
  0
  Votes
  6
  Posts
  75
  Views

  

  @JaredBusch said in Tailscale: @jmoore Using wireguard instead of having to create their own software to do the encryption. But otherwise it is, basically, the same thing. so would that make it more secure than zerotier or less? would that make it more supportable than zerotier? would that make it more widely accepted than zerotier? i've just stumbled across tailscale as well, interested to hear what others think.
• 3

  RingCentral and Vonage
  • 360col  

  20
  0
  Votes
  20
  Posts
  99
  Views

  3

  Thanks for all the replies. The FreePBX instant are provided & "managed" by a telco we use and we are potentially moving away from them so that won't stay. We do not currently have access to End Point Manager due to its being a managed FreePBX platform. Also looking at the next level that involve muti-country and all that "UC" stuff (to some degree, more like using a VOIP App). I'm just arming myself with as much info as I can as I won't be the one making the call on this. Other non technical factors has also come into play so looks like we are going to trial RingCentral. We are Australian based so Scott's company won't fit into the equation. I also now found out that another of our little subsidiary have been using RingCentral so that gave them some bonus points just because. I'll report back here if we do go with RingCentral and how things goes. BTW: It turns out that we don't actually need SSO for any technical reasons at present and it was just thrown in there just because we are on the train to auth everything with Azure AD.
• P

  How to let only customers download files with wget/curl?
  • Pete.S  

  22
  0
  Votes
  22
  Posts
  129
  Views

  P

  @stacksofplates said in How to let only customers download files with wget/curl?: @Pete-S said in How to let only customers download files with wget/curl?: @stacksofplates said in How to let only customers download files with wget/curl?: @Pete-S said in How to let only customers download files with wget/curl?: have scripts serve the data and what not. Wait are you talking about CGI scripts? Yes, that's a possibility when you are using a webserver, instead of ssh. If you access a file over ssh, AFAIK the file is a static file and it is what it is. If you however access a file over https, you can have a script on the webserver delivering you the file and you can send parameters to it. For instance : wget -o install.sh "https://xyz.com/my_special_install_script.py?os=CentOS7&special=2&customer=2432" You just have a gazilion options when you connect over a webserver. Yeah I thought you were providing files through just a default webserver. So while CGI isn't insecure by itself, you have a ton of work in securing the scripts you create. You might be better off just writing a small API to hand off the info instead of trying to properly secure CGI scripts. Another option is a serverless function leveraging the providers authentication to serve the files up. Here's an example from GCP where you can just check require authentication using their IAM. Thanks, I had the intention of letting the webserver authenticate and in most cases provide a static file directly or when needed invoke a script that will provide dynamic content. I haven't checked nginx yet but apache can check client SSL certificates easily.
• P

  SSL/TLS client certificates questions
  linux ssl tls proxy https certificate mtls • • Pete.S  

  9
  0
  Votes
  9
  Posts
  65
  Views

  P

  @flaxking said in SSL/TLS client certificates questions: Domain name doesn't matter, unless you're signing with a public CA. I'd think self-signed vs internal CA vs public CA would depend on what the authentication mechanism supports and how you have to manage the certificates. (i.e. if there are going to be a ton of them it might be easier for the authentication mechanism just to trust certificates signed by a certain internal CA rather than having to make each certificate trusted. From what I've seen so far, I've come to the same conclusion.
• 

  Redoing Home Network
  • jmoore  

  118
  0
  Votes
  118
  Posts
  350
  Views

  

  @jmoore said in Redoing Home Network: @scottalanmiller I'm the same way, I get that habit from my Av days. I bought Allen & Heath mixing boards, QSC amps, and small Community speakers. This is all professional equipment and it had more options and lasted a lot longer. In fact all those pieces are still working today. Yup, I can from the audiophile world, too. And it was often cheaper to get hifi gear than to get the crappy, sounds horrible consumer junk.
• 

  pi-hole: Group Management
  vultr pi-hole installation install group management • • gjacobse  

  11
  0
  Votes
  11
  Posts
  120
  Views

  

  @scottalanmiller said in pi-hole: Group Management: @marcinozga said in pi-hole: Group Management: @stacksofplates said in pi-hole: Group Management: @stacksofplates said in pi-hole: Group Management: @marcinozga said in pi-hole: Group Management: @stacksofplates said in pi-hole: Group Management: I just use CloudFlare for families. If I need to, I can change DNS on whatever to view something. That only blocks malware and porn if you choose to. What about ads, marketing crap, tracking, etc.? I leverage what's in the browser for that stuff. That might not be 100% the best way to handle it, but I don' thave to manage and pay for a server to do it. No Raspberry Pi lying around? Who has an unused computer lying around? lol I don’t, this old box of mine is hitting its last legs...
• 

  Local Encryption ... Why Not?
  • BRRABill  

  357
  2
  Votes
  357
  Posts
  143375
  Views

  

  @stacksofplates said in Local Encryption ... Why Not?: @scottalanmiller said in Local Encryption ... Why Not?: @stacksofplates said in Local Encryption ... Why Not?: @Dashrender said in Local Encryption ... Why Not?: @scottalanmiller said in Local Encryption ... Why Not?: @jmoore said in Local Encryption ... Why Not?: I've advocated we store nothing on our laptops but so far its had little effect. We are very backward here unfortunately. I think storing mostly online is very good and makes services like Nextcloud very valuable in this scenario. It was turned on by the vendor when delivered. Nothing was stored on the device and they had no idea that there was encryption on it. A new laptop showed up that way once - I was like - wth? I think the bigger question was, it didn't get reimaged to whatever standard they're using? Ha, this is medical. Zero standards. Ever seen any medical that has a standard build? Nope. Or even standard hardware? Nope. Or even consult someone in IT within six months of having put a machine into service? Nope. Idk when I was doing my business I had a few Drs offices and I reimaged them when they got one. That's because you got to be in charge, I would assume. Here we are only "as needed" and the head of operations runs IT and only has us fix what she breaks (which is quite a lot.)
• J

  How to start taking a company to Microsoft 365 based operations.
  • JasGot  

  8
  0
  Votes
  8
  Posts
  80
  Views

  

  @JasGot said in How to start taking a company to Microsoft 365 based operations.: If a customer is asking to go "Cloud based" and they want to stay MS based. What would be you path for a customer who has standard server now. The real trick is getting them to talk about their goals. Going "cloud" or "Microsoft" aren't business goals, those are means, not ends. So we have no idea what they are trying to do, only how they think they will do it. It's like stating your goal as "using a hammer" without stating why or to accomplish what. A hammer is reasonable, maybe. But just knowing it's a hammer, you can't go any further without just making up what they might want to accomplish.
• 

  Collecting info on ZeroTier use
  • unquietwiki  

  17
  2
  Votes
  17
  Posts
  124
  Views

  

  I am currently using ZT to Route between my various networks, like a Site-to-Site VPN. It can be a pain to set up, but once it's up and going, it's great!
• 

  UBNT EdgeRouter Lite; Performance
  • gjacobse  

  9
  0
  Votes
  9
  Posts
  93
  Views

  

  @gjacobse said in UBNT EdgeRouter Lite; Performance: Performance seems best with Upload set and download off.... Those numbers seem about right for a EdgeRouter Lite. If you need QoS enabled for download, you'll either need to upgrade or just live with the slowdown.
• 

  Installing Laravel on Ubuntu 20.04
  linux ubuntu php ubuntu 20.04 laravel php 7.4 • • scottalanmiller  

  28
  2
  Votes
  28
  Posts
  64
  Views

  P

  @scottalanmiller said in Installing Laravel on Ubuntu 20.04: @Pete-S said in Installing Laravel on Ubuntu 20.04: @Pete-S said in Installing Laravel on Ubuntu 20.04: @scottalanmiller said in Installing Laravel on Ubuntu 20.04: @Pete-S said in Installing Laravel on Ubuntu 20.04: OK, if you are not running apache or nginx, you should install the php-cli package instead. So that seems to get installed anyway as a dependency on its own. Yes, it does. But by using the php package and not php-cli, you probably got apache installed on your system as well - by dependencies. You could find out by running: apt list --installed | grep apache Or systemctl status apache2 to see if it's running. Even if it was, Laravel uses Artisan's server. I'm guessing they are invoking php's built-in webserver. Regardless, the point is that if you swap php to php-cli in your install guide you don't get apache and other stuff you don't need.
• 

  SBC News
  raspberry pi arm sbc risc arduino risc-v • • scottalanmiller  

  11
  2
  Votes
  11
  Posts
  106
  Views

  

  @gjacobse said in SBC News: @scottalanmiller Guess I need to see it in action to better understand - It's the primary full container technology on the market and has been for many years. It's built into the Linux kernel and crazy powerful.
• 

  Finally leaving my job, and it's just as annoying as I thought it would be
  • guyinpv  

  413
  2
  Votes
  413
  Posts
  3508
  Views

  

  Still nothing?
• 

  Functional Options In Go
  development golang • • stacksofplates  

  2
  3
  Votes
  2
  Posts
  64
  Views

  

  So here's a playground example of using functional options and error handling: https://play.golang.org/p/cfw7axv6pjO The advantage over method chaining is that we can return our errors correctly this way. Using the following as an example, I can return my error the whole way to the function call in main() and only need to handle it in a single place. type MethodOption func(*http.Request) (*http.Request, error) func NewRequest(opt ...MethodOption) (*http.Request, error) { r := &http.Request{} var err error for _, opt := range opt { r, err = opt(r) if err != nil { return nil, err } } return r, nil } func SetURL(URL string) MethodOption { return func(r *http.Request) (*http.Request, error) { u, err := url.Parse(URL) if err != nil { return nil, err } r.URL = u return r, nil } } req, err := NewRequest( SetURL("https://google.com"), ) if err!= nil { fmt.Println(err) os.Exit(1) }
• 

  Traffic shaping issues.
  • popester  

  5
  1
  Votes
  5
  Posts
  68
  Views

  

  My plan too as soon as the Meraki license comes up next year
• 

  Anyone Using Amazon Chime Business Calling
  • syko24  

  20
  0
  Votes
  20
  Posts
  90
  Views

  

  @Skyetel said in Anyone Using Amazon Chime Business Calling: That's why they don't include CNAM or 911. No one should get CNAM from their carrier anyway. It is a silly expense to pay for no reason for many businesses.
• 

  Linux Desktop Environment
  • brandon220  

  32
  0
  Votes
  32
  Posts
  212
  Views

  

  @stacksofplates said in Linux Desktop Environment: I use GNOME 3 pretty much no matter what it is. Every so often I'll use i3, but I really like GNOME. I use Gnome 3, but only out of standardizing. I actually prefer most other options. Cinnamon just calls to me a lot.
• 

  NAS for Plex use... Again
  • brandon220  

  66
  0
  Votes
  66
  Posts
  334
  Views

  

  @marcinozga said in NAS for Plex use... Again: I had the same experience with 4k, on local storage, even before I moved to Gdrive. General consensus is not to transcode 4k files at all, because it's so taxing on your system, and just download 1080p version and keep both. I agree, I'm in the anti-transcoding camp.
• U

  This topic is deleted!
  • uniformed_tightrope  

  2
  0
  Votes
  2
  Posts
  25
  Views
• K

  Zoho Cliq
  • krzykat  

  2
  0
  Votes
  2
  Posts
  57
  Views

  

  yes, it was down this morning
• 

  Help setting up routing
  firewall routing • • Dashrender  

  21
  1
  Votes
  21
  Posts
  265
  Views

  

  @FATeknollogee said in Help setting up routing: @JaredBusch Just curious, what it the /23 on eth3, is that one of your LAN IP blocks from AT&T? AT&T can't issue private IP addresses.
• J

  Sending Secure E-Mail?
  • JasGot  

  55
  1
  Votes
  55
  Posts
  222
  Views

  P

  @JasGot said in Sending Secure E-Mail?: The dept is engaged in a grant program with the State Department of Environment…, which requires us to include our banking information on every reimbursement application. Come to think of it, banking information is not really sensitive info, is it? If you send an invoice to anyone, they have your banking information. The only risk here is a man-in-the-middle attack where banking information is changed on the application while it's being submitted. So that the money is transferred into another account. So do the company send all their invoices and ordinary mail containing banking info by registered mail in locked containers, so it is secure from end to end? If not, then email isn't any less secure.
• 

  Anyone here know of core banking vendors that are actually good for small community banks?
  • dave247  

  7
  1
  Votes
  7
  Posts
  78
  Views

  

  @brandon220 said in Anyone here know of core banking vendors that are actually good for small community banks?: The only one I've ever had dealings with starts with an F. I have listened to a few of the others give their "sales pitch" but when you are so heavily involved and invested with the same core for so many years, there is a "fear" among the C-levels that prevent them from wanting to change. Some of the ones we listened to even offered to buy out the current contract, etc. just to be awarded the contract. My biggest gripe with the above mentioned is the lack of keeping software current and not using legacy programs and software. In 2020, we still are forced to use IE11 for most of the web-based items. If you question it, you are asked to submit a feature request to update a platform. Yeah a lot of our services require IE11 and they wont even work with modern browsers. Much of the applications we have been using are terrible, slow, clunky and end of life with minimal support from our core vendor.
• 

  SOLVED Unable to mount Exchange 2013 Database
  exchange 2013 microsoft exchange dirty shutdown eseutil • • JaredBusch  

  21
  0
  Votes
  21
  Posts
  102
  Views

  

  Final verdict, it completed and showed clean shutdown. I deleted all the log files at this point and the database mounted. Email flow resumed around 4pm with no lost email as the spam filter kicked delayed messages in response to inbound email.
• 

  Issues installing vagrant-libvirt plugin on Ubuntu 20.04
  • IRJ  

  24
  0
  Votes
  24
  Posts
  132
  Views

  

  Having this issue on another Ubuntu 20.04. Same error as before, but everything seems to be installed correctly vagrant plugin list No plugins installed.
• 

  Piggy Bank
  passwords go • • stacksofplates  

  6
  3
  Votes
  6
  Posts
  131
  Views

  

  @jmoore said in Piggy Bank: If I get time tonight I will look at this and test it to see how it works for me. It's def still alpha so don't have high hopes lol.
• 

  Relative path in batch
  • gjacobse  

  10
  1
  Votes
  10
  Posts
  106
  Views

  

  @flaxking said in Relative path in batch: .\ Won't necessarily refer to the folder the script is in, it will refer to the working directory at the time that the script is launched. %~dp0 refers to the directory the script is in, but I don't recall if it works for Network shares. Good point. mapped drives would help this, even if you're mapping it long enough for the script to run, then unmapping it at the end.
• P

  Getting up and running with ER-X?
  edgerouter • • Pete.S  

  25
  0
  Votes
  25
  Posts
  339
  Views

  

  @JaredBusch Might take another look then... My FTTH comes in as a tagged VLAN and it wouldn't pick up a dhcp lease on v2, even after a few reboots but once I downgraded to v1 it picked up the lease from the ISP right away.
• B

  Office 365, compliance, and accidental data leaks if users use home devices?
  • beta  

  6
  0
  Votes
  6
  Posts
  148
  Views

  J

  O365 has this built-in. Check Exact Data Match (EDM), and Data Loss Prevention (DLP). You define what makes a document HIPAA restricted (EDM) (or for any other other reason if you wish, it does not have to be a HIPAA issue), and then you create a rule about how any document meeting that EDM can be viewed or distributed (DLP). In a nut shell; Let's say you have documents with Social Security numbers, you create an EDM to identify SS #s in documents (this happens as you access them) and it flags them as having met the criteria for one of your EDM rules. Then, your DLP rule can, for example, only allow the document to travel through email within your domain, or within a group (department, C level employees, etc). It can disallow the document from being downloaded or printed, etc..... Have a look here: https://docs.microsoft.com/en-us/microsoft-365/compliance/create-custom-sensitive-information-types-with-exact-data-match-based-classification?view=o365-worldwide
• 

  How to find "None" tags on Mesh Central
  • MC_Bol  

  1
  3
  Votes
  1
  Posts
  44
  Views

  No one has replied