@dave247 said in Best DNS choice for a financial institution?:

@scottalanmiller said in Best DNS choice for a financial institution?:

@jaredbusch said in Best DNS choice for a financial institution?:

@scottalanmiller said in Best DNS choice for a financial institution?:

@dave247 said in Best DNS choice for a financial institution?:

@scottalanmiller said in Best DNS choice for a financial institution?:

@dave247 said in Best DNS choice for a financial institution?:

@scottalanmiller said in Best DNS choice for a financial institution?:

@dave247 said in Best DNS choice for a financial institution?:

So then what good/safe/secure/reliable/free DNS servers should I be using?? All I know of right now is google and DNSwatch..

Google. It's what everyone uses. Unless you are going to pay for something, which is perfectly fine as things like Cisco Umbrella really do a good job, you just use Google. Google's DNS servers are screaming fast, insanely secure, and standard the world over. Google's only competition was OpenDNS' free servers and they were only competitive when they did free filtering and other tools. Without that, Google is still the best. So no reason to look around for anything else.

rips hair out google it is then

LOL, remember it is IT, "keeping it simple" is often the right answer.

Yeah I can't remember why, but for some reason I remember changing my thoughts about "just setting DNS to google" ... like it wasn't the best thing to do or something.

Best thing is likely a service like Umbrella. But for free, nothing will touch Google.

An alternative to Umbrella is Strongarm.io. They have recently added content filtering options to their service which was originally only designed to interrupt connections to malicious sites.

Yes. Probably much cheaper than Cisco, too. OpenDNS was great before Cisco bought them. I'd personally be pretty wary of using a Cisco service, my interactions with Cisco are pretty consistent that they lack integrity and so I don't see them as a company I would trust in any situation where they were involved in security. They don't seem to have a lot of ethics and that is a big deal when talking about security products - what good is their security if you can't trust the people who are the security people!

Definitely check out Strongarm.io. If you are going to be in Austin in two weeks, Strongarm will be hanging out with us on Sixth!

Same impression I get

Have you tried Strongarm? How do you like it?

@wls-itguy said in CERTBOT renewal fails:

@jaredbusch said in CERTBOT renewal fails:

How did you run certbot the first time?

You mean the very first time? I can't remember what I did 5 minutes ago 🙂

Documentation! I know it's a pain, and often takes 5x longer than actually doing anything, but it's so very needed.

We (at Scale) have done a lot of work with Workspot for easy VDI solutions on Scale HC3. We have also done a lot of testing and validation around more traditional terminal services approaches like XenApp and Microsoft RDS. Both approaches have merit and vary in their value proposition, management, and approaches. Of course, a lot of Scale customers use the "simple" VDI approach of simply running Windows 8 or Windows 10 desktop VMs on top of their cluster and using the stock RDP options to connect to them, no special VDI products needed if you want to go that route. There are free front ends for this approach as well, we know that someone here in MangoLassi has used Guacamole, instead of RDS, as a front end connection aggregator for exactly that purpose.

@nerdydad said in Hyper-V Host - Member of the domain or not:

@jaredbusch said in Hyper-V Host - Member of the domain or not:

@tim_g said in Hyper-V Host - Member of the domain or not:

@jaredbusch said in Hyper-V Host - Member of the domain or not:

@jmoore said in Hyper-V Host - Member of the domain or not:

I enable the local admin and set a secure password for everything here as sometimes machines quit responding to the Windows domain controller and I have to have a way to reset things.

By stating that you enable local admin, I want to know how it was disabled in the first place.

I don't know what the issue is here.

When you install Hyper-V Server, you can't log in any way other than local admin. Maybe after you join it to the domain you can disable the local admin account, which is weird to do...

That is entirely my point.

This was supposed to be more of a "Best Practices" question. I really don't have a problem situation in front of me, but wanted to better understand best practices when setting up a Hyper-V host.

I have setup a number of Windows 10 client devices and noticed that the local admin is disabled. I assumed (though never experienced) that the situation would be the same for a Hyper-V host.

Local Administrator account in Windows Servers and Hyper-V is enabled by default. Windows desktops has the local administrator account disabled by default.

No enterprise logistics systems run on Windows already. All major platforms either run on Unix or are literally made by the Unix vendors themselves. The leader in the space is Oracle.

@nagendra Strange, let me check.

It's not that college is always bad, it just comes with negatives that have to be weighed against the positives. The standard approach is to assume that instead of going to college (whether at 18 or mid-career) is to assume that the person will do absolutely nothing productive with their free time, accept the same stagnation and all other negatives that come with the educational process, and that they will then compete toe to toe after the one has completed college and the other has just waited for them to finish.

But in the real world, someone ambitious enough to have gone to college for career reasons is also ambitious enough to work harder at their jobs, done a side job, gotten certs, learned on their own, moved on to another job, or so forth. Those are the more realistic actions of the other person that had the option of college. So when making the comparison, you have to look at those opportunities and look at the opportunities from the degree process and weight them in that fashion.

@tim_g said in RAID 5 URE Clarity Question:

Yeah I do see.

I experienced 2 of them in almost a single week. Though they were just for testing hardware and didn't contain any real data so no losses... They were very old drives too so it was expected after forcing a rebuild.

One was a 5TB raw RAID 5 (5x 1tb drives), the other was 1tb something raw, a bunch of old 15k 300gb SAS.

Actually the 5TB one got a URE, the other one, a 2nd drive failed, not a URE.

Actually it is unknown if UREs go up over time. Likely they do, but the statistics are only average rate and don't state when or what variables contribute to higher or lower rates.

@tim_g said in Cell phones survey:

@wrx7m said in Cell phones survey:

@tim_g Remove it for a couple days and see if your freezing stops.

I'll try that.

Crossing my fingers XX

@marcinozga said in New Ransomware Strain Evades Machine Learning Security Software:

@stus said

What do you do when all filters have failed?

What do you do? You don't allow scanning to email, period. Email inboxes are not file stores. Most of these machines allow you to scan to SMB share. Users need to learn to use file shares for storing files, not their email clients.

I have only setup scanning to SMB shares, so I am hoping that I don't have to deal with this. But users always surprise you in new and horrible ways.

You can do a LUN Backup Task:
https://www.synology.com/en-us/knowledgebase/DSM/help/HyperBackup/lunbackup

Couple of posts on this as well:
https://forum.synology.com/enu/viewtopic.php?t=120277
https://forum.synology.com/enu/viewtopic.php?t=98279
https://community.spiceworks.com/topic/1120540-easily-migrate-iscsi-target-to-different-nas-volume

@gjacobse So basically you want to iterate through a list of computers the same script correct? So do you have a list of computers? What are other steps on your script? because what we can do is the following

*$computers = import-csv -Path "c:\script\computers.csv" foreach ($oldname in $computers){ Rename-Computer -NewName $newname -DomainCredential domain\admin -Restart}

This assumes you have a CSV file with a oldname and new name columns with computer names.

@scottalanmiller Ok thanks!

@olivier said in Xenserver and Storage:

And it's second time I heard about the "intelligent split brain" management on StarWind but didn't see any paper nor a start of explanation about how it works (nor even a simple link). Can you elaborate please? If it's the witness node, it's the classical thing, but I'm curious about the split brain protection without using a witness node.

My understanding is they can do multiple links, multiple heartbeats,

Or a discrete and Stateful witness service on a 3rd system that will completely solve the problem.

VMware vSAN prevents this on 2 node and stretched clsutering by keeping witness components with sequence numbers on the witness system. In a vote is called the one has a updated sequence number matching the winner that side wins. In the event a stretched cluster partitions and both have matching sequence numbers the "Primary" side wins.

I'd argue isolation behavior goes beyond the storage heartbeat to how isolation is handled at the VM and Hypervisor level. STNITH is kind of a barbaric way ot handle this in 2017.

Other fencing systems that exist in VMware are for HA. Pings between hosts (Default on management network, moved to vSAN network if in use) Isolation address's (can have multiple) and heartbeats through datastore heartbeats (a file that is updated) for non-vSAN datatsore's. Based on this you can configure different VM and host isolation responses (maintain power, power off, shut down etc).

Apple went from successful company that charges a price that the market appears willing to bear, to a greedy, grasping, company when they removed the 3.5mm jack on the iPhone and didn't put a compatible iPhone charging port on the MBP. It takes an absurd number of dongles to listen to your iPhone while charging it from a MBP. And what is the point of not having an HDMI port on the MBP? You saved an entire mm with that one Apple. THANK YOU.

I'm not salty at all.

@jaredbusch said in SIP Softswitch Real Addr vs Gave Addr:

@gjacobse said in SIP Softswitch Real Addr vs Gave Addr:

I am not sure how this will relate,.. but I am staring at our PBX and and this page. And then I see the different port numbers - It's interesting to see so many that are not 5060

No relation. this is NAT networking 101.

All of your devices connect to pbx.ntg.co:5060
But their local outbound ports cannot all be 5060. How would the router know which devices to translate it back to.

Yup,. I get that. - well anyway. moving right along...

@dashrender said in Online TV Providers:

@nerdydad said in Online TV Providers:

@dashrender said in Online TV Providers:

Of course the one thing cable doesn't give me is anywhere access to my recorded shows.

Build yourself a Plex server, get a CableCard, and buy the PassPort and now you can.

Really it's not that big of deal. When I'm not home, I rarely have time for show watching.. so having a bundle at home for a binge weekend is fine.

That said, I do want to put a Plex system together, I'm just trying to decide how much I want to spend on it.

I put together a micro ATX system with an i5 (integrated graphics), 8GB of RAM, an SSD I had lying around for OS and a spare 6 TB drive. I'm running Windows 10 on it and I hibernate it when not in use.

I am using an Android app called WOL Wake on LAN WAN https://play.google.com/store/apps/details?id=com.benfinnigan.wol&hl=en (very ugly interface but works perfectly) and I just have shortcuts on my home screen that I tap and it instantly resumes from hibernation.

To hibernate my system again, I use another Android app called Shutdown Start Remote that has a corresponding java-based client that runs on the PC at startup. https://play.google.com/store/apps/details?id=de.vrallev.shutdown.android&hl=en

EDIT: I am using either my phone, Rokus, Fire TV or web browser to access the plex server.

Well that answers that. LOL Now I will have to redeploy to everyone and maintain different versions. Oh well. PDQ Deploy to the rescue.

not having much luck...... It's Friday so giving up till Monday/Tuesday 🙂