@Pete-S Not me. I have no need for top of rack quality gear at any clients.

I generally avoid Dell network hardware just because HP usually has a comparable solution.

https://forum.xda-developers.com/android/apps-games/galaxy-playstore-alternative-t3739733

@tonyshowoff said in Thicket files in Windows - how are they "linked"?:

@Dashrender said in Thicket files in Windows - how are they "linked"?:

I recall seeing this ages ago. It happened when I would save a website onto my computer. I found that the directory had copies of the images (and perhaps other files) that the HTM file referenced.

@Pete-S
Indeed this has been true since at least Windows 98 when IE had the feature (maybe still does) "Read web page offline" and also as a part of the Save... feature, and other browsers copied that same implementation when saving the assets. In the end it doesn't matter where it came from, how it was created, etc nor whether 9x or NT. If there's a .htm(l) file and a directory with _files in the name they are treated as linked in Explorer, but not in CMD (IIRC).

Thanks. I made the same observation - that it is the name that link the directory and file together and it is only in Explorer it is treated as a link.

Sweet.

@stacksofplates said in Documenting rack, servers, drives, CPU, RAM etc:

@dbeato said in Documenting rack, servers, drives, CPU, RAM etc:

I use https://www.draw.io/ and I know a tool that @stacksofplates recommended for Cloud Diagrams.

Draw.io recently implemented one that looks almost identical to the one I was using so I've been playing with that. The other was cloudcraft.co.

For rack diagrams, phpIPAM isnt too bad. And you get the benefit of IPAM software with it.

Draw.io is in NextCloud too.

I should have noted that grep likely wouldn't like complicated RE patterns. Sed, however, supports the full gamut and is installed by default on pretty much every linux variant; not sure if pcregrep is.

It seems everyone likes the link I posted for the RE builder so I'll paste two others that I use:
https://regex101.com/
http://leaverou.github.io/regexplained/

Cheers!

@scottalanmiller said in PVLAN (private VLAN) in the switch - are you using it?:

PVLAN, or Port Isolation as I think most of us know it, is one of the better uses of VLAN tech. The idea is for extreme environments (not really SMB generally) when normal security measures are not enough, that you make an individual VLAN for every single device on the network so that you control via central firewall a second layer of access for every single port that there is.

There are certainly legit cases for this. And I've worked for one of those places. But it's super rare. It is a lot of work, requires gear that supports it, and adds a lot of complication that you have to consider. It also adds a good deal of security.

In the SMB, most places have over the top security already and zero day threats rarely threaten OS level firewalls. So PVLAN, while legit, rarely has appreciable value to an SMB. But when you need that "second firewall per device", then yes, it's definitely the way to go.

Makes sense, but I'm thinking it doesn't have to be that much more work if you can apply automation to switch management as well.

I think you can do port isolation on the virtual switches in VM hosts in the same way as the physical ones. I understand that at least VMware has had it for a long time so assume other have it now as well.

Cheap meaning low cost, of course.

@black3dynamite said in Automation with Ansible, Salt etc - at what point?:

@obsolesce said in Automation with Ansible, Salt etc - at what point?:

@black3dynamite said in Automation with Ansible, Salt etc - at what point?:

@scottalanmiller said in Automation with Ansible, Salt etc - at what point?:

@black3dynamite said in Automation with Ansible, Salt etc - at what point?:

@obsolesce said in Automation with Ansible, Salt etc - at what point?:

@black3dynamite said in Automation with Ansible, Salt etc - at what point?:

@scottalanmiller said in Automation with Ansible, Salt etc - at what point?:

@pete-s said in Automation with Ansible, Salt etc - at what point?:

Ansible seems to be the least complicated to get started with so I guess that'll be as good as anything.

Syntactically yes.

Salt has the simpler architecture, because it is clients reaching the server, not the server reaching the clients.

That’s the main thing I like about salt. But damn, if the minion service is hosed for whatever reason can be a real pain.

SaltStack can do agentless as well, like Ansible.

Ansible uses winrm to manage Windows. Can Salt do the same? Because Salt agentless uses SSH, so I would need to setup ssh server on Windows.
https://docs.saltstack.com/en/getstarted/ssh/index.html

Why would you want to do that, though? The agent is the key reason to be on Salt in the first place.

I'm all good with using the agent. But until I figured out the problem I'm having the agent on my Windows machines, Ansible will be used.

I've got the agent deployed across 700 win7, Win10, win server, and Hyper-V servers at work. All working, installed via chocolatey.

What is the issue you are having?

Edit: 50-100 of those 700 are Linux.

Its probably something stupid on my part but It's only happening on some of my Windows 10 1803 machines. They are installed via chocolatey too.
The service gets stuck in a paused state. It is working great on the other Windows 10, 7, servers, Hyper-V and Linux.

I think that means it has no contact with the salt master.

The place that I see them most is in DCs that allow questionable public access rather than having dedicated, screened DC workers only getting access.

@donahue said in My first computer:

@travisdh1 said in My first computer:

@scottalanmiller said in My first computer:

@travisdh1 said in My first computer:

@scottalanmiller said in My first computer:

@pete-s said in My first computer:

Which reminds me of IBM's PS/2.

What a train wreck that thing was.

Guess what made up the entire computer lab in my high school... Yep IBM PS/2. They actually network booted.

That's crazy. that must be all that IBM ever managed to sell.

My theory is that some company bought a whole bunch of them, realized they were terrible, and donated them to the school for a tax write off.

They had all apple IIe's at my computer labs growing up. I was always told it was because apple basically gave them to schools for near free, maybe at cost or something, and that it was part of the strategy to get people on one particular platform at an early age. It was always inconvenient because the files were never compatible between our home PC and the ones at the schools.

That and the Apple ][ were just awful.

I still have the one from my elementary school.

@fateknollogee said in Small colo infrastructure - rack layout feedback:

@pete-s The fs.com website is what every decent supplier should strive for.
Quantity in stock is shown clearly, no guessing needed! They tell you when the stuff will ship!!

Yes, that's the way it should be.

I saw that they also do custom orders so if I need 200 purple power cables that are exactly 5.5 ft long they can do that.

I'm already putting together my first order from them 🙂

@travisdh1 said in How secure are databases in general?:

They are vulnerable, but mostly because applications use a single authenticated user to access a given database. So most of the vulnerabilities are in the web pages and/or applications using a database.

That's application security, not related to the database. Same risk would exist with no database.

@dave247 said in Questions on redundant switch setup:

@pete-s said in Questions on redundant switch setup:

@dave247 said in Questions on redundant switch setup:

@pete-s said in Questions on redundant switch setup:

@jaredbusch said in Questions on redundant switch setup:

@dave247 said in Questions on redundant switch setup:

@pete-s

What kind of firewall and switches are you running?

One option: if you're switches have stacking, then you can put them in a single stack and then create a port group that spans the two switches and then connect that to your NIC teams on the other end. This guards against switch failure, switchport failure, server NIC port failure, Ethernet cable failure, etc..

0_1538492722247_2c736016-a7ca-4c86-96bc-9550d33aa58b-image.png

This adds a level of complexity that you don't have to deal with when using a simple team. But the plus side is higher bandwidth per connected server.

The "switch independant team" what bonding mode is that in linux? Is it mode 1, active/backup policy?

You will have to look at your individual network card's drivers and management software with regards to Linux. AKA, read the manual. My guess is that you're running Broadcom NICs and the management software that I've seen/used is called "Broadcom Advanced Control Suite 4" and the "switch independent mode" or team type is called, "Smart Load Balancing and Failover (SLB)".

I'm all Intel on the NIC side in this case as Supermicro is predominately intel NICs and they are very well supported both in freebsd and linux.

Contrary to Windows, linux actually have bonding of different types in the kernel (a module called bonding). So the drivers don't have to do bonding.

oh nice. I have no idea. I haven't done much with Linux lately. Still, I would read the NIC documentation as it pertains to Linux.

Looking at Dell switches it seems like Dell N1124 will do the job. It's 24x1G switch with 4x10G for uplinks and stacking and has most of the features of it's bigger brothers in the N2000, N3000 series.
Pricing looks very attractive where I'm at (<$400 USD per switch), otherwise it's $1259 in the dell.com store.
I've never used Dell switches though.

@stuartjordan said in Freelance websites?:

You have two good companies that would be able to help you from this forum:
NTG or Bundy Associates, give them a shout.

LOL yep I was late 😛

Alright, I took another approach at this.

Looking directly at the source for different kernels over at kernel.org I can see that the NVMe driver has SR-IOV support from kernel version 4.8.
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/drivers/nvme/host/pci.c?h=v4.8#n2015

It's very interesting for virtualized workloads because SR-IOV means you can assign the NVMe disk to different VMs directly and bypass the hypervisor. This is the same for NICs at 10/25/40/100 gigabit. There will be a significant performance drop if you don't use SR-IOV.

@dustinb3403 said in Small colo infrastructure for SaaS:

@pete-s said in Small colo infrastructure for SaaS:

This is how @dustinb3403 suggested replicating VMs between hosts:

0_1537834749485_colocation_network_vmreplication.png

While this is accurate, it also misses on the fact that he would still have his NLS server sitting, collecting backups on whatever schedule.

Other than that it is accurate. In Scott's proposal you are making the shift from migrating the entire workload (which is essentially instant) to migrating the database only.

In his case, the load balancer is the weak link in the chain. Granted these don't fail often but it isn't something you have control over either unless you provide your own for the COLO.

2 haproxy VMs (one per host) and keepalived for failover

@Donahue said in Why you don't need a VPN or not?:

@scottalanmiller said in Why you don't need a VPN or not?:

@coliver said in Why you don't need a VPN or not?:

@Dashrender said in Why you don't need a VPN or not?:

But I don't see that working very well for large files - say AutoCAD or even some graphics files.

AutoDesk and Dessault both have toolkits to get around SMB limitations. I think most CAD vendors do actually.

Yes, CAD is something that basically always does LANless on its own. It has special needs and normally handles them. You don't use NextCloud or anything like it, nor do you use SMB or anything like that.

only for a premium, but they are rarely if ever rolled into the base product, at least not fully featured

Technically, all fire sharing is a sort of premium somewhere.

That's better... Run directly on XenServer host

L0yOxMF.png

@jaredbusch said in Veeam drops the ball, exposes 440M Customer E-mails:

@dbeato said in Veeam drops the ball, exposes 440M Customer E-mails:

@phlipelder said in Veeam drops the ball, exposes 440M Customer E-mails:

@dbeato said in Veeam drops the ball, exposes 440M Customer E-mails:

@phlipelder said in Veeam drops the ball, exposes 440M Customer E-mails:

https://www.veeam.com/executive-blog/veeam-data-incident-resolved.html

I did not see anything about it in our Partner communications until this thread and I sent a quick question to our rep. The above was their reply.

And you didn't get the email?

No. I just went through all of our Veeam correspondence with nothing about it there.

Interesting, I got the email the afternoon of that day. But anyhow.

He's not a customer.

He is a partner, I understood that.