All we know is that GPO for crytolocker was broken/denied thus any protection for CryptoLocker was disabled for at most 48 hours. It was a combination of incidents lead to CryptoLocker. Don't think flash is the cause here.

@Dashrender said in Linux: Creating a Filesystem:

I'm assuming LVM will be covered separately - I'm trying to understand what it's purpose is versus just using mkfs.

It will be. And it is unrelated. mkfs and lvm do totally different things. Neither replaces the other in any way.

@marcinozga Thanks, but already tried net.inet.ip.fastforwarding in all combinations with TCP and UDP.

@thwr said in Kickstart with LUKS:

@scottalanmiller said in Kickstart with LUKS:

@thwr said in Kickstart with LUKS:

@thwr said in Kickstart with LUKS:

But if the server walks, the TPM walks with it and the security has been totally bypassed. In fact, IMHO, if you have the key on TPM and it decrypts automatically on start up and you had to state if the system was encrypted or not, at best you could say "sort of." While you might get away with saying that it is encrypted, if asked the other way "is the data wide open", the answer would also be yes because it's not encrypted when someone looks at it.

Ah, sorry, misunderstood your posting in the first place. Well, that's chicken-egg. You can either have it decrypt automatically or not. If going for automatic decryption, we have to make sure the machine can't decrypt e.g. when it gets stolen or sold.

For this, storing the key on the host alone, even with TPM, may not be enough (don't know enough about TPM at this point. Sealing to system state seems quite safe, but...). Thus, we need to bring in another factor. Let's call it "location awareness", e.g. pulling the actual key from the network and TPM stores just something to authenticate against the "key server". Server offsite -> no decryption.

Past boot, it is up to you to secure the server by traditional means. Strong passwords, no or strongly secured RS232 TTY and so on.

Exactly, something externally has to trust that the system is where it is supposed to be physically so that it will release the key. We considered using this but decided that security trumped downtime and kept the system requiring human intervention and just accepted large downtimes in the event of a reboot.

Agree, downtime due to a misconfiguration, some failure on the network or the key server would be an issue. What if we look at some back approach: If some removeable storage with a key is present at boot, LUKS will use this key. Otherwise, it tries to pull it from the key server as described above? Should be pretty solid and a backup is in place (key on USB stick) in case something goes south.

This surely is an approach for environments requiring a very high level of security, but I like the idea.

I've seen places do that, pop in a key and use that, but you have to trust that people will remove it immediately and store it somewhere.

@Jason Having just a few timers failing is odd. Custom or built-in jobs?

A little logging 101 in WSS3: https://raiumair.wordpress.com/2007/06/19/quick-a-to-z-of-sharepoint-logs/

@alex.olynyk said in Cant UNC into Workstation on LAN:

@Dashrender TO the computer

UNC to the admin shares should have still worked, assuming you were logged into the computer you were coming from with a domain admin account (or an account that had local admin rights to the one you changed).

But if you were trying to do remote admin stuff.. then yah, you found the fix.

@JaredBusch said in Adding certs to firewalls:

@scottalanmiller said in Adding certs to firewalls:

@Dashrender said in Adding certs to firewalls:

JB, now who's pulling a Scott? 😛

Yeah, don't be like that guy.

Why? There is nothing wrong with that guy.

Well except when I'm right and he's wrong of course.

Mom? Dad? It's times like these that make me believe you aren't getting a divorce

@DustinB3403 said in Linux: Checking Filesystem Usage with df:

Will there be a topic on "managing inode in linux"

Yes, but it is going to go into an "Advanced Topics" section. Just as LVM and MD will have high level "normal" admin sections and eventually delve much deeper in advanced sections. I want to cover everything in a "normal admin" capacity like you would learn from the RHCE up front. Then go back and cover the nitty gritty details that other admin books don't. So it will basically take two passes but the hope is that the first pass will take you from "starting point" to "competent Linux Admin" then the second part will go where normal admin guides don't tread.

Funny... I just ran into this yesterday:

www.iflscience.com/technology/earpiece-translator-claims-let-you-talk-people-foreign-language

IFLS = take it for what it's worth.

@BRRABill said in Video Camera Recommendation:

@wirestyle22 said

If you found a solution though that's great.

It made it the same size, and in about 1/100th of the time. 🙂

It's more likely you won't have to transcode with mp4 as well which is great.

@thwr Thanks

@Dashrender said in O365 and encrypted mail to other email systems:

I don't look at it as bleakly as you do. You in no way told the receiver they couldn't receive it, you told them they have to use a different method to receive it. Is it a good experience - I'm not going to argue that point, frankly I don't care as long as it works.

But you did... you sent them an email and the email didn't include the payload, it told you to go look in another system for the payload that didn't arrive (the princess is in another castle.) Why did you need the email if email isn't delivering the message? It's obviously similar to failure... two systems are being used for a single thing. All they want is the payload, not a message telling them about a payload elsewhere.

Well, I put this user in a rebuilt system, so no specific resolution was found.

Looks like that one is working, thanks.

Thankfully I do not have Exchange in house, and I would only be doing this process with DCs.

Constant changes are bad, it makes even the most seasoned professional stuck trying to figure things out and looking look a noob all of the time.

Thanks, fixed.