So no idea what the exact fail combo is, but I am fully updated, and working, on a clean install.

Installed Fedora 31 Cinnamon from USB. Rebooted, I have only kernel 5.3.7-301 Removed dnf dragora GUI sudo dnf remove dnfdragora* -y Rebooted. Upgraded all but grub2 sudo dnf upgrade --refresh -y --exclude grub2* Rebooted, not I now have kernel 5.3.13-300 available and default. Upgraded grub2 sudo dnf upgrade --refresh -y, I did receive the above SELinux errors again, they may be normal? Rebooted, system working normally.

@Dashrender said in How M$ shakedown stupid corporations:

@matteo-nunziati said in How M$ shakedown stupid corporations:

@Obsolesce said in How M$ shakedown stupid corporations:

@Emad-R said in How M$ shakedown stupid corporations:

@Dashrender

You have not seen much of "real business" then, I cannot disclose info, but I think this corp is like multi-million revenue.

Thats how it is ins real world, they get bloated and move slower, thats what happen when corp grow, if you keep it startup-ish vibe and "move fast and break things" you will be running the latest but not everyone is like that.

Besides windows painfull upgrading process helps you to stick to whats running.

And no on the client side, its all Win10 ... sadly we use Win10 to manage Linux machines 😞
I hate that mremote/putty shit

This is false.

Big business makes quite an effort to stay current in the Windows world, especially if they are multi-billion $$ company. They HAVE to. It's not a choice.

It's constant change going on, all the time. 2019 is current, when a server is needed at all. Most are really going serverless when possible, lots of SaaS, Cloud, etc.

You might be thinking of U.S. defense companies. I mean they run old shit and pay millions and billions to maintain OAF software support.

I have to disagree: I've recently started a job as a GE/BH oil and gas consultant and they proudly stick on win 7...
They also stick with old unpatched software of all kinds... Maybe it is their italian BU only... But it is rather embarassing...

Proudly? What is there to be proud about running 10+ year old software? What are the chances that they are still running on the hardware from back then? Granted you fairly easily still get OEM machines with Windows 7 Pro will into 2016, if not even early 2017 - but still... The writing was on the wall.

Even with the number of hacks that happen every day, clearly enough hasn't happened to people/companies to make the rest stand up and take notice that running old software on machines that connect to the internet - and really, how much doesn't these days - to update their equipment. Unfortunately, this might be one of the first things for business where they can't use it until it dies (I'm talking about IT based technology here) - and I think that is the hard point. Of course businesses that are doing well, and understand efficiencies have been upgrading as the tech makes sense to, well before things like EOL software/hardware come into play, but then many other businesses that run on a shoe string just don't.

Sorry for the late replay. Really busy days...
They are specifically pay extra money to MS to have extra support for win7.
The "proudly" is part was mostly a joke. Reality is that big corps in Italy have very unaware decision makes.

They stick with really unprepared supplieres/staff which fill companies with tons of useless gear and SW which easily became unmanageable and a migration nigthmare. so that they easily reach a tech debt in few years (use a phisical token to auth in a vpn used to access the private github repo. Which runs over https...).
On the other side they simply check the bill to be sure it stays well under a predefined threshold simply wasting that money.

My last effort is to maintain a ui written by the wrong guy in the wrong language and used to keep alive a software whose user manual has been published in 1988!

And this is the second big corp I've knowleged of. The other one buyed the company I worked in. I've friends there and the logic is the same...

We say that their IT depts are salary factories: they leverage the ignorance of decison makers to auto feed them selves and be sure to increase the amount of men hours required to housekeep the whole infra...

This is what I do when I use nohup.
I usually create a file with the current pid just in case I need to stop it.

nohup wget 'https://example.com/fedora.iso' > wget_fedora.log 2>&1 & echo $! > wget_fedora_pid.txt kill -9 `cat wget_fedora_pid.txt` rm wget_fedora_pid.txt

@bnrstnr said in Who do you use for your domain registrar?:

@scottalanmiller said in Who do you use for your domain registrar?:

@Dashrender said in Who do you use for your domain registrar?:

@scottalanmiller said in Who do you use for your domain registrar?:

@Dashrender said in Who do you use for your domain registrar?:

Why buy at one, then move the registrar to another?

OH! Because CF doesn't let you buy, but that's where we want the account to be.

What account? CF will be the registrar, but only from transfers?
that sucks.

Yes, it's weird. You can only transfer to them, not buy directly.

You can renew there though?

yes, once you transfer you are all set. Just the initial purchase doesn't work.

@scottalanmiller
Nice, let us know how it goes.

Spanish or English would be fine. But, needs to be local to Barcelona. The only reason we are looking is for the physical side we cannot do from London or Calgary.

If you don't care what IP your guest network shows to the public, you should be able to do this.

You should simply need to create a source NAT rule for the traffic.

At various locations, I have fiber services delivered without an ISP router from the carriers. Part of that service is also a /29 block of IP addresses.

What I do in those instances is put the /30 public IP that would normally be on the ISP router on my router, then I create source and destination rules to handle the traffic.

ISP Assigned Router IP: 123.123.123.190/30
Routed IP block: 123.122.122.138/29

eth0 = WAN 123.123.123.190/30
eth3 = LAN 10.200.0.1/23
eth3.10 = Public Wifi 10.200.10.1/24

set interfaces ethernet eth0 address 123.123.123.190/30 set interfaces ethernet eth0 description 'AT&T FIber' set interfaces ethernet eth0 duplex full set interfaces ethernet eth0 firewall in name WAN_IN set interfaces ethernet eth0 firewall local name WAN_LOCAL set interfaces ethernet eth0 speed 100 set interfaces ethernet eth3 address 10.200.0.1/23 set interfaces ethernet eth3 description 'LAN' set interfaces ethernet eth3 duplex auto set interfaces ethernet eth3 firewall in name LAN_IN set interfaces ethernet eth3 firewall local name LAN_LOCAL set interfaces ethernet eth3 speed auto set interfaces ethernet eth3 vif 10 address 10.200.10.1/24 set interfaces ethernet eth3 vif 10 description 'Guest Wireless' set interfaces ethernet eth3 vif 10 firewall in name Public_WiFi_IN set interfaces ethernet eth3 vif 10 firewall local name Public_WiFi_LOCAL

Note that I do not assign the routed block to any interface.

Some firewall rules to prevent talking and such..

set firewall group address-group 10_0_0_0_8 address 10.0.0.0/8 set firewall group address-group 10_0_0_0_8 description 'Entire 10.0.0.0/8' set firewall group network-group Public_WiFI_LAN description 'Public WiFi LAN' set firewall group network-group Public_WiFI_LAN network 10.200.10.0/24 set firewall name Public_WiFi_IN default-action accept set firewall name Public_WiFi_IN description 'Public WiFi in to other interfaces' set firewall name Public_WiFi_IN rule 10 action accept set firewall name Public_WiFi_IN rule 10 description 'Allow response to existing connections' set firewall name Public_WiFi_IN rule 10 log disable set firewall name Public_WiFi_IN rule 10 protocol all set firewall name Public_WiFi_IN rule 10 state established enable set firewall name Public_WiFi_IN rule 10 state invalid disable set firewall name Public_WiFi_IN rule 10 state new disable set firewall name Public_WiFi_IN rule 10 state related enable set firewall name Public_WiFi_IN rule 20 action accept set firewall name Public_WiFi_IN rule 20 description 'Allow access to gateway' set firewall name Public_WiFi_IN rule 20 destination group address-group ADDRv4_eth3.10 set firewall name Public_WiFi_IN rule 20 log disable set firewall name Public_WiFi_IN rule 20 protocol all set firewall name Public_WiFi_IN rule 30 action drop set firewall name Public_WiFi_IN rule 30 description 'Block all other access to private networks' set firewall name Public_WiFi_IN rule 30 destination group address-group 10_0_0_0_8 set firewall name Public_WiFi_IN rule 30 log disable set firewall name Public_WiFi_IN rule 30 protocol all set firewall name Public_WiFi_IN rule 40 action drop set firewall name Public_WiFi_IN rule 40 description 'Block all SMTP' set firewall name Public_WiFi_IN rule 40 destination port 25 set firewall name Public_WiFi_IN rule 40 log enable set firewall name Public_WiFi_IN rule 40 protocol tcp set firewall name Public_WiFi_LOCAL default-action drop set firewall name Public_WiFi_LOCAL description 'Public WiFi in to router' set firewall name Public_WiFi_LOCAL rule 10 action accept set firewall name Public_WiFi_LOCAL rule 10 description 'Allow DNS' set firewall name Public_WiFi_LOCAL rule 10 destination port 53 set firewall name Public_WiFi_LOCAL rule 10 log enable set firewall name Public_WiFi_LOCAL rule 10 protocol udp set firewall name Public_WiFi_LOCAL rule 50 action accept set firewall name Public_WiFi_LOCAL rule 50 description 'Allow pings' set firewall name Public_WiFi_LOCAL rule 50 limit burst 1 set firewall name Public_WiFi_LOCAL rule 50 limit rate 62/minute set firewall name Public_WiFi_LOCAL rule 50 log enable set firewall name Public_WiFi_LOCAL rule 50 protocol icmp

Then I use NAT rules to specify how it routes out. I do not have a destination NAT rule here because there is no inbound traffic allowed. the NAT translation should handle the return traffic.

In your case, you could just tell it to use the IP on the WAN interface instead of some other IP.

set service nat rule 5995 description 'Outbound Public WiFi LAN Traffic' set service nat rule 5995 log disable set service nat rule 5995 outbound-interface eth0 set service nat rule 5995 outside-address address 123.122.122.140 set service nat rule 5995 protocol all set service nat rule 5995 source group network-group Public_WiFI_LAN set service nat rule 5995 type source

@G-I-Jones said in inetpub\wwwroot deleted somehow. OWA, ECP tanked.:

@DustinB3403 So since this appears to be in preparation for future issues, is the common practice to just audit every drive?

It depends on what you want to audit, and how much you want in your logs.

@Dashrender said in Phone solutions - something like Skype/Teams - why/why not?:

@scottalanmiller said in Phone solutions - something like Skype/Teams - why/why not?:

@Dashrender said in Phone solutions - something like Skype/Teams - why/why not?:

@scottalanmiller said in Phone solutions - something like Skype/Teams - why/why not?:

@Dashrender said in Phone solutions - something like Skype/Teams - why/why not?:

We have workflows that are station based - not person based - think call center.

Now this, Teams is not good at.

True - but often management is likely mis-sold on the idea that handsets are no longer needed, and instead the user uses their computer/cellphone as their device.

that's a totally separate issue that applies to all phone systems.

meh - it can apply to all phone systems, but I'm guessing it generally doesn't apply to those installing the Mitel/3CX's of the world. It's a mindset thing. It's also the sales person selling the stuff thing.

I don't know, 3CX pushes that pretty hard.

@maxi5005 said in Bitcoin:

I saw in some forums that Bitcoin can be availaed by Mining?

That is, indeed, how cryptocurrency works essentially by definition.

@DustinB3403 said in Unifi port blocking on specific networks:

@Dashrender said in Unifi port blocking on specific networks:

he's talking about ports - not URLS.. not sure that Pi-hole fixes this, unless he said the wrong word earlier.

I specifically mean to block ports on a specified wireless network, had I meant URL's I'd be using my pihole.

Assuming
wifi - 192.168.1.x
LAN - 192.168.2.x

You configure the router to not allow said ports on network 192.168.1.x

@iroal said in Migrate to O365 best method:

@Dashrender said in Migrate to O365 best method:

slick

I migrated 66 accounts from Exchange 2003 to O365, uploading the Pst to O365 cloud.

Hard work but worked very well.

I could see time consuming, but I would have expected it to be that hard.

Ok i found this and it looks to be a promising solution with the features I want.

Blogdown

So I set this up again on a new jump box today.

SSH attempts did not log until I changed the mode to ddos

@Pete-S said in Turns Out My New Client Has Colocation At CloudAtCost Datacenter In Waterloo:

@scottalanmiller said in Turns Out My New Client Has Colocation At CloudAtCost Datacenter In Waterloo:

@Pete-S said in Turns Out My New Client Has Colocation At CloudAtCost Datacenter In Waterloo:

But where are the proof for what you said?

Besides their corporate filings and postings online? We aren't claiming anything that they've not announced themselves. It's public info, not something in question or disputed.

Well, if it's truly the datacenter that is shady, then I would strongly urge my customer to move their gear elsewhere as quickly a possible. Locked rack or not.

Exactly, that's what we're thinking. It's the datacenter (aka Cloud@Cost) that is scary here.

@DustinB3403 said in Data Breach: PDL "Enrichment" Company 1.2B Peeps Impacted ... yeah, BILLION:

<s> To be fair, setting up SSL and a login name and password does take extra effort. . give the poor sod a break </s>

Yeah and they weren't even bothered to whitelist IPs.

They should have SSL and strict whitelist preferably to a VPN IP that requires authentication.

@Emad-R said in One Time, Non-Image, Windows Backup Client:

@scottalanmiller said in One Time, Non-Image, Windows Backup Client:

@Emad-R said in One Time, Non-Image, Windows Backup Client:

better to use it on another VM close to that VM

No other VM. If we open the only other VM, ESXi can't work. So that tool, I'd expect, couldn't actually run.

Oh you can run it from any where, as long as you can ping the ESXi or reach it. but i prefer a VM cause its faster

I see. That was a problem for us because we couldn't transfer off of the server, their network wasn't fast enough 😞

@Dashrender said in QoS on Edgerouter Lite:

@Romo said in QoS on Edgerouter Lite:

Just setup a traffic-policy shaper to test:

20% bandwidth for voip guaranteed with a ceiling of 100% bandwidth
30% bandwidth for USERS PC guaranteed with a ceiling of 100% bandwidth
50% bandwidth for ALL others guaranteed with a ceiling of 100% bandwidth

Does this sound reasonable?

if you parse off 50% for those things and they aren't in use, then the bandwidth is just being wasted... I know scott has mentioned that doing this is generally bad in the past because of the waste of resources.

You don't read clearly. He's talking minimum guarantee at 20/30/50 and max possible when available at 100 for all.