@dbeato said in Pi-hole vs. Full Web Filter:

@scottalanmiller said in Pi-hole vs. Full Web Filter:

@dbeato said in Pi-hole vs. Full Web Filter:

For me Pi-Hole has been sufficient as I did not have the hardware to run Untangle or Sophos Home, while I can run Pi-hole on 10 GB of Storage and 1 GB of RAM.

I feel like mine is on even less.

Yeah you can easily use it with 512 MB RAM.

I bet 380MB would do okay.

Now, we are getting reports from many of our own users that things are getting resolved.

However, not from the person who opened the ticket to us yet, so even our ticket for the issue (and this thread) are "open". There is more tracking in both our tickets and in ML of MS' failures than MS tracks themselves. Doesn't that alone tell us how much MS is trying to falsify the data by closing early before there is a resolution?

When they report on this in the media, they will used those closed tickets as "evidence" of the issue having been resolved earlier than it really is.

@Dashrender said in Move dns hosting to Cloudflare?:

@JaredBusch said in Move dns hosting to Cloudflare?:

@JokkeM said in Move dns hosting to Cloudflare?:

@JaredBusch

You have public DNS servers that are the authoritative source for your domains? - Yes
These servers are in our datacenter and they have like ~300 zones

By doing the "move dns hosting to CF" i would get rid of those 3 servers totally.

Do this today. I would hate to have to run public, authoritative DNS servers.
Just for DNS, I cannot imagine how CloudFlare would not be cheaper than running this yourself. Unless you are doing more than just DNS, CloudFlare is free.

They have a great API for managing things at scale.

I'm thinking the same thing - in fact, unless you've been running these servers since the mid 90's I can't see any reason why you could do that. Most registrars offered the DNS hosting as part of the cost of the domain registration. Sure they might not have had simple APIs for managing them... but damn, self hosted just seems - odd.

It actually simplifies some things (and makes others harder.) It's not common and there are good reasons to not do it, but there are good reasons to want it, too.

@JaredBusch THANKS!

@DustinB3403 said in Server license or VDI (or possibly desktop with Desktop Windows OS)?:

@pchiodo said in Server license or VDI (or possibly desktop with Desktop Windows OS)?:

Probably do not need a server license. Most of these type of apps can be run in Client/Server mode on a desktop so I think you would be fine. Bigger question is how many people are going to use the app? Just one? then a desktop or a VDI would be fine. If there is more than 5 accessing then I would move to a 3 tier with a VM using Windows Server.

The number of users is actually irrelevant. What matters is the number of concurrent connections and the type of content being hosted.

This would fall outside of what MS has allowed in the Desktop licensing.

Depends on the mode... number via SMB, doesn't matter. Number by RDP matters.

@stacksofplates said in Grub Entries cleanup and maintenance:

@travisdh1 said in Grub Entries cleanup and maintenance:

@DustinB3403 You never touch grub yourself. You let the system take care of it for you when it adds or removes kernels.

As to removing old kernels, it depends on the distribution you use. A good distro just takes care of this for you. The annoying ones make you do it manually.

RedHat/CentOS/Fedora = automatically cleans up older kernels. You don't do anything and it will keep a sane number by default. I think it's 4 and a recovery option.

Debian/Ubuntu = keeps all kernels till you manually remove them. I forget offhand what the command is besides it's an option for apt.

This is one reason I'm happily moving things from the old rental box to my new server for my home lab. The old rental box has Ubuntu with a tiny little 256MB /boot partition. It can keep ~3 kernels, and that's it, ugh!

You can install without /boot. IIRC there is a other config change with unattended-upgrades to auto remove kernels.

You normally can, yes. Since my current home lab box is a rental, I could only choose from the options they gave me at the time. Today, they'd let you use your own iso, but still wouldn't recommend them for anything other than a test lab.

So to update this, searches do not seem to work in shared folders, but they will work in group folders which is an optional app. I also had to setup the backup job in NC to be a cron job and not an ajax job, and add it to the crontab for the apache user.

crontab -u apache -e

I couldn't get the fulltextsearch:live to work properly, so I added fulltextsearch:index to the cron job too.

*/15 * * * * php -f /var/www/html/nextcloud/cron.php */15 * * * * php -f /var/www/html/nextcloud/occ fulltextsearch:index

So you downloaded a git repo, then built the project, and are you running the compiled build from that location?

@JaredBusch said in FreePBX - forward the main phone number when desired:

from Peru (Country Code 51).

lol nice.

@NerdyDad

You can use Loopback Processing also.

https://blogs.technet.microsoft.com/askds/2013/02/08/circle-back-to-loopback/

The FreePBX wiki article had a few optional settings that can be used with either version of the Trunk PEER Details I showed above.

qualifyfreqok=25000 transfer=no trunk=yes

The default qualifyfreqok is 60000. This just makes it qualify more often. This is usually less important on a trunk than an endpoint that uses IAX2.
If you are setting up an IAX2 trunk, you already have tested your internet connection and know it is stable. If not, call me.. I'm more than happy to consult...

The transfer=no is the same as the SIP allow reinvite that hands off a SIP call letting the endpoints not pass the call through the PBX any longer. Not applicable to an interoffice trunk.

The trunk=yes will shave a few Kbps off of each call after the first going over the trunk as it reduces IP header information. You can read all the gory details here. Basically it is not enough to worry about.

@Jason said in One way audio on an IAX2 trunk:

Also did you add the network for the remote site in asterisk?

Found this topic again after checking the IAX2 tag.

Thought I would update with the answer.

This was the problem

@Pete-S said in Local Encryption Scenarios:

@DustinB3403 said in Local Encryption Scenarios:

@Pete-S said in Local Encryption Scenarios:

@DustinB3403 said in Local Encryption Scenarios:

@Pete-S said in Local Encryption Scenarios:

Anyway, in the case of the CPA we are talking about material that is not really sensitive at all.

The data files could be secured the same way as any paper records. Locked in a safe when not in use.

That would be the same as being encrypted, since the lock on a safe = encryption and the physical key = the passphrase to decrypt the drive or data.

Well, in principle only. You can walk away with the encrypted computer but it would be harder with the safe.

In most cases physical security is about delaying. You can smash and grab a laptop from the office window but it would require a lot more time to break in properly and then open a safe before someone shows up.

You have those examples a bit mixed up.

The comparable scenario would be "getting to the data" The physical medium housing that data doesn't matter.

You break the lock, you get the data. If you break the encryption key you get the data.

But a physical lock is likely easier to break and get into whatever than it would to decrypt a encrypted volume.

Reminds me of this classic:
alt text

there is ALWAYS a relevant xkcd

Is there a console port on the back? Might be easiest to connect to that and figure out what the IP address is.

I couldn't find anything about the DVX-8000, but here is a manual for a DVX-1000.
ftp://ftp2.dlink.com/PRODUCTS/DVX-1000/REVA/DVX-1000_MANUAL_1.01_EN.PDF

@bnrstnr said in Pi-hole server involved in a 'DNS Amplification' DDOS Attack:

@DustinB3403 didn't you say the method above would only work for devices on the Pi-Hole's LAN?

The method linked by someone else would, yes. As it's impractical to try to do said linked approach for the open internet.

Again, it's what you would do, but isn't practical because of your scale.

Post 18.

@DustinB3403 said in Pi-hole server involved in a 'DNS Amplification' DDOS Attack:

But the reported issue is that these request appear to come from your devices. IE they are spoofed or are legitimately coming from your trusted network.

Can you setup ingress filtering for this?

This is the approach proposed by Curtis.

@Curtis said in Pi-hole server involved in a 'DNS Amplification' DDOS Attack:

https://freek.ws/2017/03/18/blocking-dns-amplification-attacks-using-iptables/

I used to use a barracuda 300 (for about 6 years) in conjunction with their cloud filtering for our on-prem Exchange 2010 server. I think there were 2 times that they had some sort of issue where they let a crap-ton of spam through, unfiltered.

I have moved to Office 365 and am exclusively using their filtering. I think barracuda was better at filtering. Especially, when it comes to phishing messages that pretend to be from Microsoft's services. You'd think that Microsoft would be able to catch those better than anyone. Not in my experience.

@scottalanmiller said in Should I bother to learn Windows Storage Spaces and what about Glances export?:

@PhlipElder said in Should I bother to learn Windows Storage Spaces and what about Glances export?:

@scottalanmiller said in Should I bother to learn Windows Storage Spaces and what about Glances export?:

@PhlipElder said in Should I bother to learn Windows Storage Spaces and what about Glances export?:

HCI or disaggregate with Hyper-V and SOFS S2D are they way we're deploying now. So, the whole conversation is essentially moot.

Not really HCI as described with the DataOn. That's just a software RAID version of the non-HC model.

HC has always meant physical convergence.

I believe I referred to the DataON setup as "Converged" or sometimes "Asymmetric" not Hyper-Converged which is what Storage Spaces Direct is when running with both Storage Spaces and Hyper-V on the nodes.

I see. Asymmetric is a decent term. What about it is converged, though? It seems "unconverged", if you will. Other than the software RAID running on the storage nodes.

"Converged" in this case refers to both Hyper-V and Storage Spaces running on the nodes to provide virtual machine and storage cluster based arbitration.

As with many things in Linux... the simple answer makes sense. Windows introduces all kinds of risk and complexity to keep you from simply copying a VM. Linux just keeps it simple.

That put 4.19.13 back and now it boots

[jbusch@naggaroth ~]$ sudo dnf upgrade --refresh [sudo] password for jbusch: Last metadata expiration check: 0:00:01 ago on Mon 07 Jan 2019 11:31:06 AM CST. Dependencies resolved. ================================================================================================================================== Package Arch Version Repository Size ================================================================================================================================== Installing dependencies: kernel x86_64 4.19.13-200.fc28 updates 102 k kernel-core x86_64 4.19.13-200.fc28 updates 24 M kernel-modules x86_64 4.19.13-200.fc28 updates 28 M Transaction Summary ================================================================================================================================== Install 3 Packages

c8f5c09a-b49c-480f-943f-1faf6c8aed5e-image.png

@scottalanmiller lol