I just got a 2 year cert from NameCheap the other week. No issues at all anywhere, didn't even notice that cert was expired.

@black3dynamite said in Qubes:

I wonder if it works in a nested hypervisor?

Should work as long as nesting is supported.

@wirestyle22 said in Is it possible to force tag searches in addition to normal searching in Bookstack?:

@black3dynamite This is how to search. I want Bookstack to search for keywords and tags simultaneously, seamlessly

Then put in a feature request.

@scottalanmiller said in Ubiquity USG 3 Port with Centurylink Tecnicolor C-2100t:

That and removing the silly "modem" from the chain. It's direct now.

I asked that and didn’t get an answer.

@Obsolesce said in Converting a cron job to a systemd timer:

First some info as it may have impact on whether or not to do this in the first place:

I have a SaltStack deployment of 600-ish minions. Currently, I have a highstate set to run every 45 minutes via cron:

*/45 * * * * root /usr/bin/salt -b 25\% '*' state.apply

I know one of the benefits of systemd over cron is the logging, and I think this would be great to have better logging of when this runs. More can potentially be done with it automatically, like look for issues and send emails just as one easy example.

But I don't know how to test this... maybe it doesn't produce the kind of log I want, and salt may already do this in it's own log even better. Or maybe this will produce a log that's too big and cause issues later. I can watch it in the beginning either way, so it's fine.

Can that cron job be converted into a reliable systemd timer? If so, how?

600ish minions. Wow. Curious about your setup. (Types of systems, types of states, how to manage and review output of all of that, etc.” Maybe an upcoming post? 🙂

@scottalanmiller said in ADFS & Web Proxy Certificates:

https://irankon.wordpress.com/2017/08/01/azure-mfa-adfs-ssl-cert-with-lets-encrypt/

Definitely the way to go

@bbigford said in Synology-Storage Manager less than File Station:

Figured it out. Some backup software can create sparse files. File Station is reporting the size of data including sparse size, but Storage Manager is reporting only actual data on disk.

On Linux, this is often the difference between the output of df and du.

@jaredbusch said in Error While Updating Ubuntu 18.04 to 18.10:

Always reboot before doing system updates, IMO.

It was freshly powered up just to do the update. So it was.

@dustinb3403 said in Do you setup SSL for Intranet websites only:

Near-zero value in someone attacking is what I meant. Not a zero-value in what is provided by the systems. Also there is nothing confidential or needing "security" from a business perspective, which is why I ask is SSL worth it for these types of Intranet sites?

You need SSL for everything period. Even if it's a self-signed cert it's fine... just allow the exception in the web browser and be done, or use an internal certificate if your browsers are set to trust the root... or a domain wildcard cert would work just fine. It's easy to do.

You could set out a reverse proxy for use with Let's Encrypt, and use the reverse proxy for all of your internal-only web servers. On the reverse proxy, you can limit each site config to only pass internal IPs only. That's what I did for a few. For example, if you add this in:

allow 10.0.0.0/8; allow 172.16.0.0/12; allow 192.168.0.0/16; deny all;

It will not proxy anything unless it comes from an internal IP.

One of the examples in the article is that in a jury case, someone needed to explain 10% as meaning "one in ten". I think people who really get stats do this for everything in their heads all of the time - take anything and put it into the most meaningful terms. And I think those same people would be surprised to find out that other people do not do this.

@obsolesce said in Handling DNS in a Single Active Directory Domain Controller Environment:

@scottalanmiller said in Handling DNS in a Single Active Directory Domain Controller Environment:

@obsolesce said in Handling DNS in a Single Active Directory Domain Controller Environment:

@stuartjordan said in Handling DNS in a Single Active Directory Domain Controller Environment:

I believe the forest level with Samba can only be 2008R2 though.

If you're not using Windows AD, what's it matter?

If he's merging in DFS, it might. It's rare to do, but could matter.

Oh I see, so Windows AD and other services were involved at some point.

Depending on what you want to do, sometimes AD has to support it.

So what we are pretty sure we have narrowed it down to is a WiFi device that reports the temperature of the refrigerator to an online portal that sends out notifications when there is an out of range event.

There is an inside the fridge sensor and that sends the information to a receiver outside the fridge. The receiver part is what has the WiFi built in. I think the inside sensor to outside receiver communicate using 900 Mhz.

Who would have thought to check the refrigerator?

Only so serious, it's in D-Link gear. Bwahaha

@travisdh1 just use the UK for now
https://www.support.hp.com/gb-en/drivers

It works

@dyasny said in Diving into a completely new tech stack:

@flaxking said in Diving into a completely new tech stack:

@dyasny So far my only complaint is that they are lacking in kubernetes related courses

There are WAY too many k8s related resources out there. Openshift is harder to come by, but only marginally

Yeah, K8s is not a place generally lacking in resources today. If PS lacks them, that can be easily remedied.

@emad-r said in Proxies as VPN?:

@emad-r

They are using reverse proxy squid on a PFsense router as VPN. or to access company resources.

For example, I think they made LAN 7.7.7.* and put company resource like http://web/company
and only 7.7.7.* can access it in the config on PFsense.

It does not work 100% of course. As you can bypass it if you do http://web/company?32141 and access it from WAN

That works only if the resources are web only. In which case, a VPN was never appropriate in the first place. So in this case, a VPN would actually allow you to access unpublished web resources. But the reverse proxy will publish them.

Now the presumed difference to most people is that the VPN will add a layer or protection in the form of authentication, and the proxy will not. This is not correct, however, because you can add that to the proxy, too.

So, in reality, you are correct, in this specific case, the reverse proxy is actually making a VPN for just those specific web resources. It's a special case VPN, assuming you are using it as an SSL point.

@marcinozga said in W10 VPN connection via iPhone = Grrr:

I've been battling with VPN on Windows 10 ever since the latter came out. And if you do a quick google search, you'll find thousands with all kind of VPN issues on 10. Here's the only thing that worked so far, and I only discovered it yesterday.

In registry, find HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent, then add AssumeUDPEncapsulationContextOnSendRule DWORD key, and change value to 2 and reboot.

Yes, that from here:
https://support.microsoft.com/en-us/help/926179/how-to-configure-an-l2tp-ipsec-server-behind-a-nat-t-device-in-windows

I had been holding off on doing this as I was under the impression that it was an issue elsewhere.

I'll give that a go and see what happens ... ..... .... .... ...

No, that didn't help.

Off to moan to the telco.

@donahue said in Synology High-Availability Cluster:

Ah, I misread because I use NFS to plug mine into ESXi. That is the danger with synology HA. Your standard OS generally wont care of the file drop out for a time while the second synology realizes it has to become the active member. A hypervisor running VM's from it will certainly care though.

Right, it's the hypervisor not looking the time to fail over. Will hit you if you use iSCSI on the Synology, too.

I found a post where someone blamed the way chrome uses BITS for updates.

They claimed that removing chrome, then resetting BITS would solve it.

I didn’t have time to test before my trip.