Posts made by 1337

@JaredBusch said in Recommended storage setup for Proxmox VE homelab:

Proxmox requires ZFS if you are going to use the built in replication.

Don't you need more than one server to have any use for replication?

@JaredBusch said in Recommended storage setup for Proxmox VE homelab:

@Pete-S said in Recommended storage setup for Proxmox VE homelab:

@JaredBusch said in Recommended storage setup for Proxmox VE homelab:

@Mario-Jakovina said in Recommended storage setup for Proxmox VE homelab:

with 4 non-hotplug 1TB HDD drives on HPE's B120i RAID controller

This means you need to just use the controller. Why waste it? I mean I am not as familiar with HP's lineup as I am with Dell, but as long as that is a real RAID controller, just use it.

From what I can gather B120i is not a real RAID controller. It just a SATA HBA with LSI chipset. It needs OS software drivers to do RAID.

Okay, if this is not real RAID on the controller, then I would pass the disk through and use ZFS. I have no issues with ZFS itself. I have issues with the Cult of ZFS asshats.

Some of the recommendations to avoid RAID controllers and use pure HBA with different forms of software RAID/RAIN stems from problems and overhead with pass-through on RAID controllers.

VSAN for example wasn't certified with any Dell RAID controller, only HBA330 last time I looked.

Since B120i is a LSI HBA it will probably work great with ZFS.

@JaredBusch said in Recommended storage setup for Proxmox VE homelab:

@Mario-Jakovina said in Recommended storage setup for Proxmox VE homelab:

with 4 non-hotplug 1TB HDD drives on HPE's B120i RAID controller

This means you need to just use the controller. Why waste it? I mean I am not as familiar with HP's lineup as I am with Dell, but as long as that is a real RAID controller, just use it.

From what I can gather B120i is not a real RAID controller. It just a SATA HBA with LSI chipset. It needs OS software drivers to do RAID.

The lack of RAID5 and RAID6 kind of gives it away.

@dbeato said in Zoho Federation, Is It Possible?:

I usually would recommend to us the External Channel like people do with Slack
https://help.zoho.com/portal/en/kb/zoho-cliq/cliq-user-guide/channel/how-to-use-channels/articles/how-do-i-invite-users-from-other-organizations-to-join-an-external-channel

With Cliq you can have group chats as well as external channels and I'm assuming it's the same with Slack.

The recommended approach by Zoho is to use group chats for ad-hoc conversations and to use channels for more permanent team communication.

I think support issues and customer conversation belongs to the one-on-one and group chats while long term project collaboration is best served by channels.

That's why I think most a lot of people can work fine without external channels. You don't get external channels in the free tier of Zoho Cliq.

@dbeato said in Anyone using yubikey, smart card or other hardware device for MFA?:

@Pete-S I have used it for DUo and Office 365 and works well. It makes it so much easier for users that refuse to have a mobile or digital device.

That sounds good. I think I'll order a pair of keys to try it myself.

@JaredBusch said in Anyone using yubikey, smart card or other hardware device for MFA?:

@Pete-S said in Anyone using yubikey, smart card or other hardware device for MFA?:

The yubikey MFA can't be phished.

And this is no different than my use of Authy and MS Authenticator not able to be phished.

Sure a MitM can get it. There are known exploits for O365 accounts that do this.

But it is as secure as a hardware key for day to use usage. Sure, if someone else knows the seed (alomst always shown when signing up) you used for the TOTP, they can also get a valid code, so I would never say it is as totally secure as a Yubikey.

No, as I understand it it's quite different. There is traditional MFA methods (like Authy) and then there is phishing resistant MFA (like yubikey). I don't understand all the details yet though.

You can read more about it here where Okta has an overview of all the different methods they support:
https://www.okta.com/blog/2022/10/the-need-for-phishing-resistant-multi-factor-authentication/

Just a few month ago there was an executive order for government to move to phishing resistant MFA.

Here is an overview on MFA by CISA (Cybersecurity & Infrastructure Security Agency):
https://www.cisa.gov/sites/default/files/publications/fact-sheet-implementing-phishing-resistant-mfa-508c.pdf

@JaredBusch said in Anyone using yubikey, smart card or other hardware device for MFA?:

@Pete-S said in Anyone using yubikey, smart card or other hardware device for MFA?:

I did some research now and one obvious difference is that yubikey can't be phished.

I am sure they can. All the attacker needs is to be MitM to get the approved session information. It is not like your Yubikey is communication non stop with the website you used it to authenticate.

OK, let me rephrase that then. The yubikey MFA can't be phished. Doesn't mean that the website or browser or traffic between them can't be hacked in other ways. The yubikey can also be stolen from you.

@pmoncho said in Anyone using yubikey, smart card or other hardware device for MFA?:

@scottalanmiller said in Anyone using yubikey, smart card or other hardware device for MFA?:

@CCWTech @pchiodo and I were discussing this just this week. @CCWTech got a classic RSA key from his bank and we were talking about what a total joke it was. It's this bulky key you have to carry around and the security on it is a joke. It shows the key at all times and is super visible. You can't hide it, you can't secure it.

Using Authy, OneAuth or Authenticator you have all this heavy security protecting access to the app, it's in a convenient place on a device that you have with you anyway, and it's only visible when you want it to be visible. And it's on a device you know if you've lost. Rather than being a key you can go months without using, easily misplace, and if someone stole it you'd likely not know for months.

(Using Authy for the last 3 years)

I have thought this for a while now but felt I was wrong somehow. With the articles I have read over the last few years it seems most point to physical hardware based tokens are more secure.

I have limited knowledge in this area, so, what the heck am I missing? Does yubikey provide better security than Authy????

I did some research now and one obvious difference is that yubikey can't be phished.

Authy uses a OTP, same as Google Authenticator and many others and a user can be tricked into entering their credentials and their OTP into a fake website. The attacker then uses that information within seconds on the real website and has now gained access.

Since yubikey is a physical device it can't be phished, because the attacker doesn't have the physical device.

Another thing is that even if someone has gained remote access to your desktop/phone, the yubikey device can't be used to authenticate - even if it's plugged in. The user has to press a physical button on it.

That's what I've gathered so far. And that Cloudflare swears by them.

On wikipedia it also says that Google, Amazon, Microsoft, Twitter, and Facebook uses yubikeys to secure employee accounts.

@scottalanmiller said in Zoho Federation, Is It Possible?:

@Pete-S said in Zoho Federation, Is It Possible?:

If you want to create a channel where multiple internal and external users can communicate, you need to be on the paid Cliq version. Then you have the option to create External channels. Those connected to your external channel do not have to be on paid Cliq version though.

BTW, if you are on Zoho Workplace for instance, you are on the free edition of Cliq. I know, it's confusing.

That's weird as we can do external now, but not external Zoho customers. Only external non-Zoho customers.

Those are called guest users in Zoho lingo.

You probably don't need external channels. You can communicate with external users just fine without having external channels.

Anyone using yubikey, smart card or other hardware device for MFA?

I wonder how it works from the users perspective. I've never used any of them myself and I wonder if it's practical or not.

And if it makes MFA more secure or not. I guess it should.

If you want to create a channel where multiple internal and external users can communicate, you need to be on the paid Cliq version. Then you have the option to create External channels. Those connected to your external channel do not have to be on paid Cliq version though.

BTW, if you are on Zoho Workplace for instance, you are on the free edition of Cliq. I know, it's confusing.

In Cliq admin settings look under Organization and Licensing.
Check if you have External channels in your plan.

The problem is that they have clicked on "+ Invite Users":

It makes sense at first but this is for inviting your colleagues only, aka those already in your Zoho Organization or new users you want to add to your organization. It's not what you want!

The proper way to add users in other organizations (aka external users), click on + under Contacts.

Add the email address to the one you want to invite.

Then you have to click on the suggested user and select the Next button that appears after you click.

Now you can add whatever message you want to the invite:

@scottalanmiller

Is this the error you get when you accept the invite?

In that case I know what the problem is.

@scottalanmiller said in Zoho Federation, Is It Possible?:

@Pete-S Yes, we've gotten external free plan people to work. But customers on Zoho as their messaging platform don't seem to work. We were invited by some today and when we try to accept it says we can't as we are in a different organization.

It's a bit tricky in Cliq because there are different ways to invite people. They are probably doing it the wrong way.

I know it works because I communicate daily with people who are on the paid plans, as well as free plans and also with non-Zoho users.

That being said, I usually invite them instead of the other way around, because it's easier.

@scottalanmiller said in Zoho Federation, Is It Possible?:

@Pete-S said in Zoho Federation, Is It Possible?:

@scottalanmiller said in Zoho Federation, Is It Possible?:

Does anyone know of a way to federate services in Zoho? For example, we use Zoho Cliq. Many of our customers also use Zoho Cliq. Is there any way to federate and approve their users or some of their users to talk to us via Cliq?

Federated services are usually federated identity. I don't think that's what you want.

There shouldn't be a problem using Cliq between different companies. You just need to add whoever you want to communicate to your contacts. That send them an invite and then you can communicate. That is how I do to communicate with other Zoho users in other companies.

Exactly what is it you want to accomplish?

A mix of things. With Zoho Invoice, we need to work as "accountants" for customers. With Cliq, we want to be able to talk to them.

I don't use Z Invoice so no clue about that but I use Cliq everyday. Why can't you communicate?

This is how I do it:
https://help.zoho.com/portal/en/kb/zoho-cliq/cliq-user-guide/contacts/contacts/articles/how-to-add-users-to-my-contacts

Note the last part on the page above:

Organization Policy
Communication can be established with an external user under the Free plan of Cliq, only if the admin has enabled the organization policy 'Allow chats with users who are not a part of this organization'.

@scottalanmiller said in Zoho Federation, Is It Possible?:

Does anyone know of a way to federate services in Zoho? For example, we use Zoho Cliq. Many of our customers also use Zoho Cliq. Is there any way to federate and approve their users or some of their users to talk to us via Cliq?

Federated services are usually federated identity. I don't think that's what you want.

There shouldn't be a problem using Cliq between different companies. You just need to add whoever you want to communicate to your contacts. That send them an invite and then you can communicate. That is how I do to communicate with other Zoho users in other companies.

Exactly what is it you want to accomplish?

@scottalanmiller said in Zoho Federation, Is It Possible?:

Or to use our Zoho accounts to manage services that they have? For example multiple customers of ours have Zoho Invoices, but we can't be added to theirs because we have our own Zoho accounts.

Thoughts?

I believe Zoho partners can manage other companies Zoho services. Basically Zoho consultants.

So you should look into that.
https://www.zoho.com/partners/

@JasGot said in Slack? What is it?:

@scottalanmiller said in Slack? What is it?:

Think XMPP for the modern era

Are there any intra-office apps for this? We have been using Spark on top of Ignite for many years.

Is there anything you like btter?

For Microsoft users Microsoft Teams is the goto intra-office messaging platform.

As Scott mentioned earlier all the business messaging apps are on parity with each other.

@gjacobse said in Management of NAS for SOHO?:

@Pete-S

First question

How much space is used and expected for growth?

I believe the old server has 4TB of usable storage and I think it's full.
So let's assume we need 8TB total.

Have a customer with a small home office that has unreliable internet access. Today there is an old fileserver, but it's completely unmanaged and we have no access into the network.

If we would move the files to a small NAS, how should we manage it?

Can we have it setup to "self manage" by auto installing updates and sending email notifications to us when it has problems? What do you recommend?