@Dashrender said:

Also, don't take this as my saying that closed source is better - I'm not. I'm just saying that anyone who isn't already familiar with this situation needs to be aware that just because something is open source does in no way imply that anyone has ever done an audit, let along a security audit of the code.

No, but you are implying that open source is equal or worse, but it is not. It is better (or equal.) It literally has no downsides compared to closed source (for the end users, obviously what is bad for the customers might be good for the vendor) but does require customers (but not every customer) to leverage to have it still be beneficial for all (one enterprise doing an audit and checking or improving code helps everyone). The same code made open or closed will always be better or equal to the same code closed source.

You are completely correct that no one should think that the nature of a license for code visibility would mean that it is magic and that audits are automatic - but I've never heard of anyone implying or believing such a thing. I think we were all assuming that no one thought that open sourcing code was doing anything like that.

But we also have the vast majority of enterprise open source software being audited all the time. So in one way, we have to be aware of basics like source licensing does not imply an audit. At the same time we have to be understanding that major companies certainly do audit core code, especially security code, regularly and that there is a level of auditing going on on enterprise open source that exists nowhere else.

Just got it installed on the latest Ubuntu running ML.

@JaredBusch You're welcome. If any assistance with scripting is needed, feel free to reach me either here or on our community forums.

http://forums.veeam.com/

Thanks.

@Breffni-Potter said:

@Bob-Beatty said:

@Breffni-Potter I agree with everything Scott says, with the exception of stopping at strange bars in the middle of the jungle at 10:00 at night.

Are you honestly telling me it was just the "one" thing you disagreed with? 🙂

I suspect there might be a few more bar visits you would object to if you cast your mind back.

haha! I.. cant.... remember too many bar visits with Scott, or I may agree with your comment... 😛

What do you mean a comparison between the methods?

You deploy RAID the same to SSD or HDDs.

Why one is advisable and one is not was laid out here a few days ago by @scottalanmiller.

From memory a few things:

SSDs don't suffer UREs
SSD resilver time is low enough to not consider failure of another drive to be a perceived threat

These two (again from memory) are why it's considered OK to use RAID 5 with SSDs, but not with HDDs.

@dafyre said:

@marcinozga Spin up XenServer on your NUC and then try to get adTran going on it. If it works, great! If not, switch to another Hypervisor.

That's what I'm probably going to do.

@johnhooks said:

@scottalanmiller said:

@johnhooks said:

What about running a UTM in a VM? At least you can vertically scale if needed.

Of course that's an option and you get "unlimited" power in that way. But having your firewall on a VM, unless it is on a one to one dedicated piece of hardware, is generally not ideal. It basically requires that an attacker already be on your network before facing the firewall. In nearly all cases, I would recommend that you stick with the physical firewall for mainline security and put the non-routing / non-firewall scanning functions onto a VM instead.

Oh OK. I did it at home playing around. The UTM was the only VM with access to the WAN nic but I guess the dom0 is still public facing then? Never thought about that.

Could be, but shouldn't be. But the physical access still exists no matter what you expose to it.

Yes, I can download updates. The question is how is it intended to work and is it working as intended.

@johnhooks said:

@scottalanmiller said:

@johnhooks said:

I'm also quite late, but would it be appropriate to keep passwords in files with root permissions and have the script read it? Or is that just as insecure?

At some point, passwords need to exist. In most cases, you want to use keys, though. Where do you need passwords?

I was just asking if that would be a solution to the original problem while still being secure since he couldn't use keys.

Oh, in that case, they aren't concerned about security or they'd have keys. So being really secure isn't on their radar 🙂

Well I'm the admin of this mound.

🙂

As small and stinky it may be, this is mine!

Of course UEFI comes with its own risks, as we have recently seen, so it is more imperative that you trust your hardware maker when using UEFI. Not that trusting them wasn't always essential, but their toolkits for being naughty have expanded.

I've never monitored them.

The work is being done by Dom0, not the VM.

And with the resources being statically assigned I can't imagine that there is much of a hit to the performance of the VM's them self.

the log has this.

MSI (c) (B4:78) [17:12:13:571]: Opening existing patch 'C:\Windows\Installer\2450d0.msp'. MSI (c) (B4:78) [17:12:13:571]: Opening existing patch 'C:\Windows\Installer\4548bc25.msp'. MSI (c) (B4:78) [17:12:13:571]: Opening existing patch 'C:\Windows\Installer\30d2dd04.msp'. MSI (c) (B4:78) [17:12:13:571]: Opening existing patch 'C:\Windows\Installer\9b12058e.msp'. MSI (c) (B4:78) [17:12:13:586]: Opening existing patch 'C:\Windows\Installer\37a812.msp'. MSI (c) (B4:78) [17:12:13:586]: Opening existing patch 'C:\Windows\Installer\1787be.msp'. MSI (c) (B4:78) [17:12:13:586]: Opening existing patch 'C:\Windows\Installer\4db72bbb.msp'. MSI (c) (B4:78) [17:12:13:586]: Opening existing patch 'C:\Windows\Installer\2ef9d4c5.msp'. MSI (c) (B4:78) [17:12:13:774]: Original patch ==> C:\Users\aciadmin\Downloads\Exchange2007-KB3056710-x64-EN.msp

It does find these apparently..

MSI (c) (B4:78) [17:12:14:993]: PatchGUID: {72C048CD-EEE3-4D28-9140-E41E7773EDA5} ResultantVersion: 8.3.83.6 PatchFamily: E12_DAT Sequence: 8.3.279.3 Order: 0 MSI (c) (B4:78) [17:12:14:993]: PatchGUID: {3CB9909C-1466-4F1A-89C7-72B3BBD61D81} ResultantVersion: 8.3.83.6 PatchFamily: E12_DAT Sequence: 8.3.279.5 Order: 1 MSI (c) (B4:78) [17:12:14:993]: PatchGUID: {E9730840-6730-446B-BBAE-1866F024031E} ResultantVersion: 8.3.83.6 PatchFamily: E12_DAT Sequence: 8.3.297.2 Order: 2 MSI (c) (B4:78) [17:12:14:993]: PatchGUID: {C0DBC2AC-7FA8-46AF-A389-179FAB1D8102} ResultantVersion: 8.3.83.6 PatchFamily: E12_DAT Sequence: 8.3.298.3 Order: 3 MSI (c) (B4:78) [17:12:14:993]: PatchGUID: {9750A7B7-545E-473F-B2BA-5D79157CC280} ResultantVersion: 8.3.83.6 PatchFamily: E12_DAT Sequence: 8.3.327.1 Order: 4 MSI (c) (B4:78) [17:12:14:993]: PatchGUID: {193F22C5-6469-44B9-BBC3-067C725B3FE0} ResultantVersion: 8.3.83.6 PatchFamily: E12_DAT Sequence: 8.3.342.4 Order: 5 MSI (c) (B4:78) [17:12:14:993]: PatchGUID: {373F441B-FE35-42C4-8A6B-84BB431C609D} ResultantVersion: 8.3.83.6 PatchFamily: E12_DAT Sequence: 8.3.348.2 Order: 6 MSI (c) (B4:78) [17:12:14:993]: PatchGUID: {CE370EC7-8AF5-43BE-829C-73CEF5598C5D} ResultantVersion: 8.3.83.6 PatchFamily: E12_DAT Sequence: 8.3.379.2 Order: 7 MSI (c) (B4:78) [17:12:14:993]: PatchGUID: {BF73925F-9C98-444F-9455-8DC63A79B9C2} ResultantVersion: 8.3.83.6 PatchFamily: E12_DAT Sequence: 8.3.417.1 Order: 8

That looksa like it started with update rollup 8
http://social.technet.microsoft.com/wiki/contents/articles/240.exchange-server-and-update-rollup-build-numbers.aspx#D

This list precisely matches the Windows update history screen.

@johnhooks said:

This was resolved. The VM was running. After shutting it off, the interface could be removed.

Oh, just saw this. Expected behaviour when running. Same on VMware too, for example.

If it is a very specific ad that is an issue, you might want to consider blocking it manually either via IP at the router or via DNS or something similar.

I've had success with Revo uninstaller before. But I agree, I would get rid of the cracked version and just use the free version. Who knows what's been installed along with the cracked version.

Sorry for the confusion- its a development server, but i still need to make sure that these are updated with minimal downtime. I am trying to push the AD changes to some other time at least wait for the dev team to complete the tasks in hand, but not very sure if they will stop it just for us

Thank you

Got back to this myself.. http://mangolassi.it/topic/4681/veeam-endpoint-backup-is-out-of-beta-and-available/13