Best posts made by bbigford

@scottalanmiller said in Lightweight Linux...:

@BBigford said in Lightweight Linux...:

@dafyre said in Lightweight Linux...:

I'd definitely check out one of the Mate GUIs. That's my go-to of choice these days, even on a hefty system with good specs.

Is Mate really that much lighter on resources than Cinnamon?

Yes, MATE doesn't require a GPU, Cinnamon does. Cinnamon is designed to be really powerful on modern, underutilized hardware with an idle GPU. Mate is a traditional desktop. IceWM, LXDE, XFCE and others are designed to be light, not just "not heavy."

Anything based on Gnome3 (Cinnamon, Unity) or KDE is going to be way too heavy for you.

Ah, well that explains the screen tearing.

@scottalanmiller said in SMB resources on the move:

@BBigford said in SMB resources on the move:

@scottalanmiller said in SMB resources on the move:

@stacksofplates said in SMB resources on the move:

So now, the only way for someone to get my info is to physically come in my house and take it (which is a different discussion).

There is always another means of compromise, just thinking that there isn't itself is a security risk. One that I guarantee AWS' security team (ranked the best in the world) doesn't make. They also have monitoring and people there 24x7 always watching everything with the best AI and the best human I that there is. Nothing you do gives you the tools that they have, nothing.

But beyond that, the fact that someone could grab your stuff physically alone is enough to end the discussion. Amazon effectively removes that risk. You can't physically target data at Amazon. You can't target it via software tools, you can't target it with guys and a trunk and guns. You have to attack through different vectors.

This.
I keep getting shot down for so many services we could have hosted because our Sprint contracts say we can't use a hosting provider because the cloud is insecure. Same goes for anything HIPPA. But cloud security and monitoring is far superior to anything I could offer on a budget. If I had a ton of time... Maybe. But I don't, and that would cost the client a ton more even if I did.

HIPAA does NOT undermine security.

I would hope not. Intentionally not looking at every secure resource is just flat out negligent and naive. But I haven't had to do anything with HIPAA, yet. I've only talked to some of the admins at our local hospital about it.

@dafyre said in VMWare OSx:

@BBigford said in VMWare OSx:

@IRJ said in VMWare OSx:

@scottalanmiller said in VMWare OSx:

@IRJ said in VMWare OSx:

@JaredBusch said in VMWare OSx:

@IRJ said in VMWare OSx:

I am curious why you would want to run OSX in a VM anyway?

What advantages does OSX give you over Windows or Linux Distros other than the obvious video or music editing which probably isn't ideal in a VM anyway?

He said a couple posts up that he hopes it was good for learning. So maybe self education.

In the IT field, that would be the last OS I would be interested in learning. Especially if your company doesn't have any so you have to download a poorly made image.

Depend what kind of support and IT you are interested in. Lots of people work in OSX support areas.

I have yet to meet one in person. Maybe it's an east coast thing. Macs seems to be much more popular in business on the west coast.

Is that how I avoid OSX in the work place? Just move to the east coast?

As long as you're not looking to work in Higher Ed ou tthis way.

Did that already. Probably won't do it again. Way too much political BS. Impossible to get fired so you end up with a bunch of dead weight (in my experience). Found that it was a lower paying job, but very cushy.

There is a metric ton of vendors out there. Some use on-premesis, some point at a cloud firewall service, and there are tons of vendors in between.

For businesses under ~20 users, what do you use for a firewall, content filtering (basic stuff like porn & gambling), VPN site-to-site?

I've used:

SonicWall
pfSense (mixed with Securly for filtering)
Sophos
Cisco (though that was getting out of the price range)
Fortinet (800C down through the small units)
WatchGuard (larger X series down through their Firebox models)

Anyone using anything cloud based? Haven't really looked into it.

@zuphzuph said in Setting up MDT/WDS for UEFI/Legacy Images & Network Boots:

Alright guys, I spent about 6 hours this week trying to get my MDT/WDS combo server to load up our Surface 4's with a 1607 Windows 10 image. Reason being is because as many of you know the BIOS for the Surface 4 only allows UEFI booting... I crawled quite a few forums and found nothing that ultimately was able to help me so I figured I'd write it up for Mango.

I have both my DHCP servers configured with the following roles:
60 PXEClient | Value: PXEClient
066 Boot Server Host Name | Value: 10.1.1.10 (Yes, it's static)
067 Bootfile Name | Value: smsboot\x64\wdsmgfw.efi

Two questions... why are you using option 060 if you are already using 066 and 067? Second is where did you even find information on the boot file name? I thought it was supposed to be boot\x64\wdsnbp.com

@zuphzuph said in Setting up MDT/WDS for UEFI/Legacy Images & Network Boots:

@BBigford said in Setting up MDT/WDS for UEFI/Legacy Images & Network Boots:

@zuphzuph said in Setting up MDT/WDS for UEFI/Legacy Images & Network Boots:

@BBigford said in Setting up MDT/WDS for UEFI/Legacy Images & Network Boots:

@zuphzuph said in Setting up MDT/WDS for UEFI/Legacy Images & Network Boots:

Alright guys, I spent about 6 hours this week trying to get my MDT/WDS combo server to load up our Surface 4's with a 1607 Windows 10 image. Reason being is because as many of you know the BIOS for the Surface 4 only allows UEFI booting... I crawled quite a few forums and found nothing that ultimately was able to help me so I figured I'd write it up for Mango.

I have both my DHCP servers configured with the following roles:
60 PXEClient | Value: PXEClient
066 Boot Server Host Name | Value: 10.1.1.10 (Yes, it's static)
067 Bootfile Name | Value: smsboot\x64\wdsmgfw.efi

Two questions... why are you using option 060 if you are already using 066 and 067? Second is where did you even find information on the boot file name? I thought it was supposed to be boot\x64\wdsnbp.com

Pretty sure boot\x64\wdsnbp.com only supports legacy network boots.
I only have 60 configured because it was stated in quite a few places to support UEFI.

Weird... ok so the first response I can understand. The second one, 060 has been used for some time. Now if you use WDS-only I see people only use 060 and not 066 or 067, so it's not really a newer concept to use 060. UEFI is a newer concept though, and apparently requires all 3 options... So is 060 an older way to configure DHCP options, but has always worked with UEFI? When I say "older" I really mean 2008 compared to 2012 R2 since UEFI came out around 2005.

I personally don't know the answer.

Well you didn't just have an epiphany, provide links! Don't make me be this guy trying to find your articles:

Speaking of Alexa... just saw this today. https://www.amazon.com/dp/B01KWDPU4K/ref=ods_gw_d_mb_ha_bbx_eb?pf_rd_m=ATVPDKIKX0DER&pf_rd_s=&pf_rd_r=9QWYG36GY2SZHFPFHBP4&pf_rd_t=36701&pf_rd_p=9b4bcd8c-efcf-4677-86a8-96080493222e&pf_rd_i=desktop

@scottalanmiller said in Serious question about Linux security...:

@BBigford said in Serious question about Linux security...:

I've been under the impression that's how it always was... Red Hat patches a vulnerability or changes something, then CentOS does.

It's how it was when CentOS wasn't part of Red Hat. Now CentOS isn't a company, just a product of Red Hat. So Red Hat is patching both. So your statement above can be rephrased to...

I was under the wrong premise. Whoops... thanks for the clarification. Did not get those answers over at SW. Another reason I love ML.

http://www.linux-magazine.com/Online/News/Red-Hat-Adopts-CentOS

@zuphzuph said in Dell R710 NIC teaming issues:

@BBigford said in Dell R710 NIC teaming issues:

I'm an idiot. I hurried through the filter and didn't see "Team View". Sorry for wasting everyone's time. You can configure the team from there. BACS 3 had Team Management on the main page, BACS 4 has a filtering option.

Holy potato, you are from Idaho...

Seriously. Some days I honestly wonder how I can even be touching anything when I can't even slow down and take a look. Everything I needed was in front of my f***ing face.

@JaredBusch said in Dell R710 NIC teaming issues:

I said to post pictures because the team view is what i showed and i cannot make a team here. Likely because i have one made in Windows, but BACS4 does not seems to know anything about it.

Ah, I missed the part where you wanted my pics. I can do that.

@JaredBusch said in AWS vs. Azure - for Education:

Stepping back, it is safe to assume you are really wanting to move everything.

In that case, just go with Office 365 across the board. This gets the email, documents, etc. You also get Azure AD if really wanted, and then look into the InTune pricing to go with it.

He's definitely looking to offload as much as possible. The legal side (whoever that might be) blessed any cloud offerings so where CIPA was a concern with another district, in the past, it's not anymore. So everything can be migrated.

@Dashrender said in Show me the $PowerShell.:

@scottalanmiller said in Show me the $PowerShell.:

@Dashrender said in Show me the $PowerShell.:

@scottalanmiller said in Show me the $PowerShell.:

@zuphzuph said in Show me the $PowerShell.:

@scottalanmiller said in Show me the $PowerShell.:

@zuphzuph said in Show me the $PowerShell.:

@travisdh1 said in Show me the $PowerShell.:

What if I work in Bash instead of PowerShell?

Can't fault you for that. But I'd call you bleeding edge.

BASH via CygWin on Windows is like 20 years old.

I was throw with the release of the BASH shell in 10, my b.

That's BASH on a Linux pseudo-VM running on top of Windows, not BASH on Windows itself. It's useless. Only working BASH is in Cygwin.

What exactly is the difference?

One is a shell on Windows, one is not. It's the difference between a steering wheel attached to the wheels of your car... and a LittleTykes plastic steering wheel on the child seat in the back seat that isn't attached to the car.

That Windows put BASH on Windows is a joke on the users. It's not what people mean, it's not a shell attached to Windows, it's no different than if you install Linux in a VM and that has BASH on it... you can't actually say that that is BASH on Windows with a straight face... and yet, they did.

I'm trying to understand what is really wanted? Do you want to run Linux compiled code on a Windows box? Wouldn't you need a Linux version of WINE on Windows for that?

Yes, you would. The reason the advertising was misleading prior to the release is because it was implied you wouldn't need any of that. Then during the release it became more clear it was nothing more than lack of compatibility.

@wrx7m said in Offline files nightmare:

@BBigford This is why I have a GPO to disable offline files. I have mostly seen it be a PITA, than actually work. I was interested in Windows Work Folders but that requires Enterprise and our laptops are only on Pro. Also, the initial server setup seemed to be pretty involved.

We're on Pro as well. After this, I won't be curious about Offline Files ever again, in any environment.

@scottalanmiller said in Offline files nightmare:

@Reid-Cooper I like a "map analogy" for that. Tell them that you need to get to point Y on a map. You are currently at X. The sunk cost fallacy would be taking into consideration "where you started from" to get to point Y rather than "where you are currently." When driving around, you never consider where you came from, that is obviously nuts. But people do this with finances all the time.

Imagine that you were driving from New York to California and got lost in Nebraska. Your GPS finds you the route from where you are in Nebraska to California. It doesn't only tell you the route from NY or send you back to NY to start over.

This is why it is a good thing that engineers make GPS system and not business people Business people would keep asking where you had left from rather than where you are and would keep giving you directions from a place that you are not in.

Haha thanks for that. I got a good laugh. Great way to put it too, definitely going to use that at some point.

@scottalanmiller said in Offline files nightmare:

@BBigford said in Offline files nightmare:

@scottalanmiller said in Offline files nightmare:

@BBigford said in Offline files nightmare:

@scottalanmiller said in Offline files nightmare:

@BBigford said in Offline files nightmare:

@wrx7m said in Offline files nightmare:

@dafyre Good to know. I was considering owncloud then it got forked(?) to nextcloud and it is still too new for me to use in production.

I honestly haven't tried NextCloud or ownCloud yet. How is that stored, is it something you can store on-premises if needed (like downloading a server-client copy), or is it only out on someone else's servers, or what? Going to do a little research, just thought I'd ask in the mean time how it realistically looks.

It's just a file server. You install it wherever you want. Same as Samba, Windows File Server, etc.

Ah, ok. So then you're still dealing with offline files? Or do people setup their instance of NextCloud/ownCloud on a web server so that users can access stuff wherever they are, without having to VPN into the network or worry about offline files?

It's just software that you install. It's a normal file server except you use the ownCloud/NextCloud protocols instead of SMB. It's got built in security, you dont use VPNs in the modern world. That's a kludge to handle LAN-centric protocols and setups like SMB and the Windows File Services.

So you just install NextCloud like any normal web server (it runs on APache, so IS a normal web server exactly) and expose it to the outside over HTTPS like any other secure site.

Geez... why would anyone use Windows file services anymore then.

THey shouldn't. I've been preaching against this conceptually for a year. It's LAN-thinking and a vestige of the 1990s. I gave the talk on this at MangoCon. HOpefully it will be posted soon (pinging @MarigabyFrias for an ETA On that.)

Things like NextCloud are the current and future (for now.) SMB is the past. Anything that relies on a LAN or VPN (VPN is just a LAN extension) is old style thinking. We can't always avoid it, but it's a dead mindset.

Some places seem to have a death grip on control/their own hardware for everything. Even companies that don't like having a private cloud on-premises "because it's cloud". That doesn't make sense to me. Literally just had that conversation at the end of last week. That's like saying you hate virtualization, or offering services with less layers of complexity/points of failure/confusion.

@dafyre said in NextCloud box:

@BBigford said in NextCloud box:

Was talking about file services/NextCloud earlier and ran across this online through unrelated search results. Pretty interesting at a low cost (~$79).

http://www.zdnet.com/article/nextcloud-box-a-cloud-for-your-office-or-living-room/

For home use, that would be great -- drop a bigger drive in there.

But for Business use, I dunno. I'll wait and see what others have to say.

When they used the term "office", I was thinking for SOHO.

@dafyre said in NextCloud box:

@gjacobse said in NextCloud box:

@dafyre said in NextCloud box:

@gjacobse said in NextCloud box:

@dafyre said in NextCloud box:

@BBigford said in NextCloud box:

Was talking about file services/NextCloud earlier and ran across this online through unrelated search results. Pretty interesting at a low cost (~$79).

http://www.zdnet.com/article/nextcloud-box-a-cloud-for-your-office-or-living-room/

For home use, that would be great -- drop a bigger drive in there.

But for Business use, I dunno. I'll wait and see what others have to say.

I agree to a degree.

At that price print (~$80 ) what is stopping you from having say four or five and rsync'ing them?

I'm not sure how the Nextcloud software would handle that.

NextCloud may not be able to... but if it's sitting on top of a Linux Distro, I would think that a cron could perform the action.

Monday - Backup to Unit 1
Tuesday - Copy Unit 1 to 2 back up to one
etc....

For case of backups, yeah, that's feasible. But I know you can't migrate files from one Nextcloud server to another without migrating the DB as well.

Just copy the DB as well during the backups then, right?

Using Windows, client uses Microsoft Edge. Everything is fully updated. I don't want to reimage for something this small. I want to spend the extra time and understand why I can't figure this out...

A user's browser sessions get hijacked by search.yahoo... there is nothing in Programs and Features as far as malicious programs installed. I've ran Malwarebytes and a couple others. Lots of PUPs uninstalled (including toolbars/hijackers like Spigot that relate to search.yahoo... there is 'spigot' even in the URL when the session is hijacked).

I've ran CCleaner and cleaned out a bunch of stuff, going through the list, I can see AppData relating to Yahoo. Here's an interesting point... the Malwarebytes report shows "restore session... https://search.yahoo.." for all browsers in AppData, but not for Edge.

I've gone through a bunch of Googling, sites constantly referencing this fix, but that is somewhat out of date as the steps are not really the same now. Plus, "search in toolbar" does use Bing (also noticed after even enabling Cortana, that you can't change the search provider). But this isn't a search provider issue since searching with Bing is what's being used. It's a launch on startup that is the problem. Even going to Home goes to a blank page. But changing the "Open Microsoft Edge With..." to Start Page, custom > https://www.google.com, etc... All still go to search.yahoo.../spigot...

Any ideas? I have lots of free time for this, the client doesn't need their computer, and I'm using this as a learning opportunity, not just simply completing the job as quickly as possible.

@scottalanmiller said in Persistent malware in Edge:

@BBigford it worked?

Sure did. So there is something infected about the link in the taskbar specifically. That's pretty interesting.

Here's an interesting part of running from command line @scottalanmiller ... In previous versions of Edge, it was still run as "spartan.exe" since it was originally Spartan. Then with (I think) 1607, it changed. It's not found in Program Files, it's in SystemApps... drilling down you find MicrosoftEdge, and program type is exe. Doing a run command, you can't run anything like MicrosoftEdge, or adding .exe... You have to run microsoft-edge and add the protocol : // (no space... it created an emoji. :D) at the end, then it will launch. Very weird. Then I noticed you can't run the same command microsoft-edge:// and have the program open from CMD, or even try to launch Edge from any of its directories.... just weird.