What Are You Doing Right Now

scottalanmiller

Better to use the effort to learn good prioritization

EddieJennings

@scottalanmiller For me, no learning is wasted. We deployed a CA a couple of years ago to use certificates for part of the authentication for our LT2P/IPSEC vpn.

wirestyle22

Is MediaWiki still the standard? What are you preferences Mangolassi and why?

scottalanmiller

All learning comes with a cost of lost opportunity. Learning something useless or nearly so instead of something good is in relative terms negative learning.

scottalanmiller

@wirestyle22 said in What Are You Doing Right Now:

Is MediaWiki still the standard? What are you preferences Mangolassi and why?

It's the biggest player. That's for sure. But it's ugly and a pain.

coliver

@wirestyle22 said in What Are You Doing Right Now:

Is MediaWiki still the standard? What are you preferences Mangolassi and why?

Mediawiki requires the full LAMP stack. I believe that DokuWiki requires just LAP. We use Confluence for much of our documentation.

wirestyle22

@scottalanmiller said in What Are You Doing Right Now:

@wirestyle22 said in What Are You Doing Right Now:

Is MediaWiki still the standard? What are you preferences Mangolassi and why?

It's the biggest player. That's for sure. But it's ugly and a pain.

So the question becomes should I learn it? It sounds like I should.

Obsolesce

@scottalanmiller said in What Are You Doing Right Now:

@wirestyle22 said in What Are You Doing Right Now:

Is MediaWiki still the standard? What are you preferences Mangolassi and why?

It's the biggest player. That's for sure. But it's ugly and a pain.

Hah, MediaWiki is what we just moved off of. Been using it for YEARS, just got so sick of it.

Now using Wordpress with a wiki theme and a few extremely useful plugins, such as WYSIWYG, copy/paste in pictures directly in to editor, lightbox, ToC, and some others that make wikitizing extremely easy, fast, convenient, and over all good experience.

scottalanmiller

@coliver said in What Are You Doing Right Now:

@wirestyle22 said in What Are You Doing Right Now:

Is MediaWiki still the standard? What are you preferences Mangolassi and why?

Mediawiki requires the full LAMP stack. I believe that DokuWiki requires just LAP. We use Confluence for much of our documentation.

Correct.

scottalanmiller

@wirestyle22 said in What Are You Doing Right Now:

@scottalanmiller said in What Are You Doing Right Now:

@wirestyle22 said in What Are You Doing Right Now:

Is MediaWiki still the standard? What are you preferences Mangolassi and why?

It's the biggest player. That's for sure. But it's ugly and a pain.

So the question becomes should I learn it? It sounds like I should.

Meh. Note what I just said about the cost of lost opportunity in learning.

coliver

@wirestyle22 said in What Are You Doing Right Now:

@scottalanmiller said in What Are You Doing Right Now:

@wirestyle22 said in What Are You Doing Right Now:

Is MediaWiki still the standard? What are you preferences Mangolassi and why?

It's the biggest player. That's for sure. But it's ugly and a pain.

So the question becomes should I learn it? It sounds like I should.

In that you should learn the LAMP stack yes. But you could do the same with a few other tools. I like @Tim_G's suggestion of Wordpress with a wiki plugin.

Obsolesce

@coliver said in What Are You Doing Right Now:

@wirestyle22 said in What Are You Doing Right Now:

@scottalanmiller said in What Are You Doing Right Now:

@wirestyle22 said in What Are You Doing Right Now:

Is MediaWiki still the standard? What are you preferences Mangolassi and why?

It's the biggest player. That's for sure. But it's ugly and a pain.

So the question becomes should I learn it? It sounds like I should.

In that you should learn the LAMP stack yes. But you could do the same with a few other tools. I like @Tim_G's suggestion of Wordpress with a wiki plugin.

Also, definitely worth looking at an addon called TablePress. Turn your ugly and time-consuming mediawiki table into something real... searchable, manageable. Like if you have a server list with associated info in a table, copy/paste it to excel, then import it to tablepress. Add to wordpress post and be amazed!

EddieJennings

@scottalanmiller The other part of the problem is there are two things I'm wanting to secure.

1. Traffic from client to my dokuwiki, which I agree can be easily accomplished with Lets Encrypt, despite this site not being public-facing.

2. Traffic between my dokuwiki and domain controller (for authentication), since LDAP is sent in the clear. I suppose I could use Let's Encrypt to give the domain controller a certificate, so the certificate it presents to dokuwiki is from a trusted root CA. Or I issue and install certs with our internal CA that's already in place.

I suppose there's a third option as well, which is what was mentioned yesterday: Do I really care that AD credentials are sent in the clear if this traffic is only on my local network (or travelling to a user at home over a VPN tunnel)? Which, for me, the answer is "yes." I don't think it's a good idea to pass credentials in the clear over a network in general.

EddieJennings

Or maybe a 4th option and figure out how to authenticate against AD using kerberos.

coliver

@EddieJennings said in What Are You Doing Right Now:

Traffic between my dokuwiki and domain controller (for authentication), since LDAP is sent in the clear. I suppose I could use Let's Encrypt to give the domain controller a certificate, so the certificate it presents to dokuwiki is from a trusted root CA. Or I issue and install certs with our internal CA that's already in place.

I don't believe you need a client certificate for LDAPS, not a registered one. Just used a self signed one.

coliver

@EddieJennings said in What Are You Doing Right Now:

I suppose there's a third option as well, which is what was mentioned yesterday: Do I really care that AD credentials are sent in the clear if this traffic is only on my local network (or travelling to a user at home over a VPN tunnel)? Which, for me, the answer is "yes." I don't think it's a good idea to pass credentials in the clear over a network in general.

You may want to watch @scottalanmiller's discussion on LANless design.

scottalanmiller

@EddieJennings said in What Are You Doing Right Now:

Or maybe a 4th option and figure out how to authenticate against AD using kerberos.

Is there another way?

scottalanmiller

@coliver said in What Are You Doing Right Now:

@EddieJennings said in What Are You Doing Right Now:

Traffic between my dokuwiki and domain controller (for authentication), since LDAP is sent in the clear. I suppose I could use Let's Encrypt to give the domain controller a certificate, so the certificate it presents to dokuwiki is from a trusted root CA. Or I issue and install certs with our internal CA that's already in place.

I don't believe you need a client certificate for LDAPS, not a registered one. Just used a self signed one.

That's what I would guess.

coliver

@scottalanmiller said in What Are You Doing Right Now:

@coliver said in What Are You Doing Right Now:

@EddieJennings said in What Are You Doing Right Now:

Traffic between my dokuwiki and domain controller (for authentication), since LDAP is sent in the clear. I suppose I could use Let's Encrypt to give the domain controller a certificate, so the certificate it presents to dokuwiki is from a trusted root CA. Or I issue and install certs with our internal CA that's already in place.

I don't believe you need a client certificate for LDAPS, not a registered one. Just used a self signed one.

That's what I would guess.

I'm trying to find documentation on it. But really it's just LDAP riding over SSL. So no special certificates or anything are really needed.

scottalanmiller

@EddieJennings said in What Are You Doing Right Now:

@scottalanmiller The other part of the problem is there are two things I'm wanting to secure.

1. Traffic from client to my dokuwiki, which I agree can be easily accomplished with Lets Encrypt, despite this site not being public-facing.

2. Traffic between my dokuwiki and domain controller (for authentication), since LDAP is sent in the clear. I suppose I could use Let's Encrypt to give the domain controller a certificate, so the certificate it presents to dokuwiki is from a trusted root CA. Or I issue and install certs with our internal CA that's already in place.

I suppose there's a third option as well, which is what was mentioned yesterday: Do I really care that AD credentials are sent in the clear if this traffic is only on my local network (or travelling to a user at home over a VPN tunnel)? Which, for me, the answer is "yes." I don't think it's a good idea to pass credentials in the clear over a network in general.

For point 1 you can do any cert. but LE is the only one I would ever use.