What Are You Doing Right Now
-
Better to use the effort to learn good prioritization
-
@scottalanmiller For me, no learning is wasted. We deployed a CA a couple of years ago to use certificates for part of the authentication for our LT2P/IPSEC vpn.
-
Is MediaWiki still the standard? What are you preferences Mangolassi and why?
-
All learning comes with a cost of lost opportunity. Learning something useless or nearly so instead of something good is in relative terms negative learning.
-
@wirestyle22 said in What Are You Doing Right Now:
Is MediaWiki still the standard? What are you preferences Mangolassi and why?
It's the biggest player. That's for sure. But it's ugly and a pain.
-
@wirestyle22 said in What Are You Doing Right Now:
Is MediaWiki still the standard? What are you preferences Mangolassi and why?
Mediawiki requires the full LAMP stack. I believe that DokuWiki requires just LAP. We use Confluence for much of our documentation.
-
@scottalanmiller said in What Are You Doing Right Now:
@wirestyle22 said in What Are You Doing Right Now:
Is MediaWiki still the standard? What are you preferences Mangolassi and why?
It's the biggest player. That's for sure. But it's ugly and a pain.
So the question becomes should I learn it? It sounds like I should.
-
@scottalanmiller said in What Are You Doing Right Now:
@wirestyle22 said in What Are You Doing Right Now:
Is MediaWiki still the standard? What are you preferences Mangolassi and why?
It's the biggest player. That's for sure. But it's ugly and a pain.
Hah, MediaWiki is what we just moved off of. Been using it for YEARS, just got so sick of it.
Now using Wordpress with a wiki theme and a few extremely useful plugins, such as WYSIWYG, copy/paste in pictures directly in to editor, lightbox, ToC, and some others that make wikitizing extremely easy, fast, convenient, and over all good experience.
-
@coliver said in What Are You Doing Right Now:
@wirestyle22 said in What Are You Doing Right Now:
Is MediaWiki still the standard? What are you preferences Mangolassi and why?
Mediawiki requires the full LAMP stack. I believe that DokuWiki requires just LAP. We use Confluence for much of our documentation.
Correct.
-
@wirestyle22 said in What Are You Doing Right Now:
@scottalanmiller said in What Are You Doing Right Now:
@wirestyle22 said in What Are You Doing Right Now:
Is MediaWiki still the standard? What are you preferences Mangolassi and why?
It's the biggest player. That's for sure. But it's ugly and a pain.
So the question becomes should I learn it? It sounds like I should.
Meh. Note what I just said about the cost of lost opportunity in learning.
-
@wirestyle22 said in What Are You Doing Right Now:
@scottalanmiller said in What Are You Doing Right Now:
@wirestyle22 said in What Are You Doing Right Now:
Is MediaWiki still the standard? What are you preferences Mangolassi and why?
It's the biggest player. That's for sure. But it's ugly and a pain.
So the question becomes should I learn it? It sounds like I should.
In that you should learn the LAMP stack yes. But you could do the same with a few other tools. I like @Tim_G's suggestion of Wordpress with a wiki plugin.
-
@coliver said in What Are You Doing Right Now:
@wirestyle22 said in What Are You Doing Right Now:
@scottalanmiller said in What Are You Doing Right Now:
@wirestyle22 said in What Are You Doing Right Now:
Is MediaWiki still the standard? What are you preferences Mangolassi and why?
It's the biggest player. That's for sure. But it's ugly and a pain.
So the question becomes should I learn it? It sounds like I should.
In that you should learn the LAMP stack yes. But you could do the same with a few other tools. I like @Tim_G's suggestion of Wordpress with a wiki plugin.
Also, definitely worth looking at an addon called TablePress. Turn your ugly and time-consuming mediawiki table into something real... searchable, manageable. Like if you have a server list with associated info in a table, copy/paste it to excel, then import it to tablepress. Add to wordpress post and be amazed!
-
@scottalanmiller The other part of the problem is there are two things I'm wanting to secure.
-
Traffic from client to my dokuwiki, which I agree can be easily accomplished with Lets Encrypt, despite this site not being public-facing.
-
Traffic between my dokuwiki and domain controller (for authentication), since LDAP is sent in the clear. I suppose I could use Let's Encrypt to give the domain controller a certificate, so the certificate it presents to dokuwiki is from a trusted root CA. Or I issue and install certs with our internal CA that's already in place.
I suppose there's a third option as well, which is what was mentioned yesterday: Do I really care that AD credentials are sent in the clear if this traffic is only on my local network (or travelling to a user at home over a VPN tunnel)? Which, for me, the answer is "yes." I don't think it's a good idea to pass credentials in the clear over a network in general.
-
-
Or maybe a 4th option and figure out how to authenticate against AD using kerberos.
-
@EddieJennings said in What Are You Doing Right Now:
Traffic between my dokuwiki and domain controller (for authentication), since LDAP is sent in the clear. I suppose I could use Let's Encrypt to give the domain controller a certificate, so the certificate it presents to dokuwiki is from a trusted root CA. Or I issue and install certs with our internal CA that's already in place.
I don't believe you need a client certificate for LDAPS, not a registered one. Just used a self signed one.
-
@EddieJennings said in What Are You Doing Right Now:
I suppose there's a third option as well, which is what was mentioned yesterday: Do I really care that AD credentials are sent in the clear if this traffic is only on my local network (or travelling to a user at home over a VPN tunnel)? Which, for me, the answer is "yes." I don't think it's a good idea to pass credentials in the clear over a network in general.
You may want to watch @scottalanmiller's discussion on LANless design.
-
@EddieJennings said in What Are You Doing Right Now:
Or maybe a 4th option and figure out how to authenticate against AD using kerberos.
Is there another way?
-
@coliver said in What Are You Doing Right Now:
@EddieJennings said in What Are You Doing Right Now:
Traffic between my dokuwiki and domain controller (for authentication), since LDAP is sent in the clear. I suppose I could use Let's Encrypt to give the domain controller a certificate, so the certificate it presents to dokuwiki is from a trusted root CA. Or I issue and install certs with our internal CA that's already in place.
I don't believe you need a client certificate for LDAPS, not a registered one. Just used a self signed one.
That's what I would guess.
-
@scottalanmiller said in What Are You Doing Right Now:
@coliver said in What Are You Doing Right Now:
@EddieJennings said in What Are You Doing Right Now:
Traffic between my dokuwiki and domain controller (for authentication), since LDAP is sent in the clear. I suppose I could use Let's Encrypt to give the domain controller a certificate, so the certificate it presents to dokuwiki is from a trusted root CA. Or I issue and install certs with our internal CA that's already in place.
I don't believe you need a client certificate for LDAPS, not a registered one. Just used a self signed one.
That's what I would guess.
I'm trying to find documentation on it. But really it's just LDAP riding over SSL. So no special certificates or anything are really needed.
-
@EddieJennings said in What Are You Doing Right Now:
@scottalanmiller The other part of the problem is there are two things I'm wanting to secure.
-
Traffic from client to my dokuwiki, which I agree can be easily accomplished with Lets Encrypt, despite this site not being public-facing.
-
Traffic between my dokuwiki and domain controller (for authentication), since LDAP is sent in the clear. I suppose I could use Let's Encrypt to give the domain controller a certificate, so the certificate it presents to dokuwiki is from a trusted root CA. Or I issue and install certs with our internal CA that's already in place.
I suppose there's a third option as well, which is what was mentioned yesterday: Do I really care that AD credentials are sent in the clear if this traffic is only on my local network (or travelling to a user at home over a VPN tunnel)? Which, for me, the answer is "yes." I don't think it's a good idea to pass credentials in the clear over a network in general.
For point 1 you can do any cert. but LE is the only one I would ever use.
-