Best posts made by Dashrender

@wrcombs I actually want HTML - that tag you mention is meant to tell the browser to display the contents as HTML content, not Text content.

@pete-s said in sending custom CDR from FreePBX:

@travisdh1 said in sending custom CDR from FreePBX:

@pete-s said in sending custom CDR from FreePBX:

@jaredbusch said in sending custom CDR from FreePBX:

@pete-s said in sending custom CDR from FreePBX:

Long time since I saw that one
It had a name but I have forgotten it. What was it called?

I was serious this time.

I looked it up - it was called Clippy (or officially Clippit).
https://en.wikipedia.org/wiki/Office_Assistant

You're too young to remember the horror of Clippy?

1. Get off my lawn!
2. Consider yourself lucky!

I am lucky! Not because I'm too young but because I'm too old - too old to remember every irritating thing Microsoft managed to come up with...

Clippy - how could you possibly forget about Clippy? Now - if you said you forgot about MS Bob - that I could understand.

@scottalanmiller said in Whack a mole: Dealing with Spam/Phishing:

@pete-s said in Whack a mole: Dealing with Spam/Phishing:

I believe that using the email providers spam and fraud detection has the potential to be better than any external gateway.

I am of that opinion as well. And SO much easier. I have no idea why people choose these external, and expensive, and generally flaky, tools. We deal with some of these all the time, and I know Trend Micro specifically is useless crap.

I recently tried to get rid of ours - sadly our insurance provider required a third party spam/virus filter that is not our email provider to qualify for the coverage.
No, I wasn't given the chance to tell them to look at other insurance where they don't have dumb rules like that.

Anyone seen this newer Volume Management Device BIOS/UEFI feature on newer machine?

Several of the new HP's I've purchased have this option and it's enabled by default - and when you try to install an image on it- the storage isn't seen by the system.
VMD requires the use of Intel Rapid Storage Technology driver - aka fake RAID.

@scottalanmiller said in Centralized Log Management:

@braswelljay said in Centralized Log Management:

Does not collect server, application and network logs sufficiently to respond to and investigate a cybersecurity incident

This is not a bad thing. Collecting logs is good, centrally is best. But only if you have a team that can use them. If you had that, likely you'd already be doing this. So the question is... before doing this, do you have a team ready to leverage it? Or is this just a way to potentially spend more money with the "cyber security" guys because there's no better way to make money than getting paid to read logs.

He was audited by what we assume is a third party likely strickly pointing out best practices. These pointed out items likely don't take the specific company and their current setup into mind at all.

While it's not bad for the audit to show these things - the OP and their management should be asking - OK - logs - do we need them? maybe it's something we should have been doing, and now decide we will - ok now that we will - what will it take to do what needs to be done with them?
or they could decide - the cost of personal checking the logs and remediating discovered issues isn't worth it.. so while we understand we aren't following the generic best practices - we are following what is good for us.

@scottalanmiller said in Email retention for non-regulated businesses?:

@pete-s In the US they tend to say "as short as possible." Email is always a legal quagmire and the best thing to do is to delete is as quickly as possible. Which, of course, can't be that fast. So we are generally talking 1-2 years. But you rarely want to keep it longer not because it likely contains details of people breaking the law, but because a legal discovery request is extremely expensive and a great way to attack even otherwise honorable businesses. It's a huge cost you can leverage against someone that they can only reasonably mitigate by not having much email to go through.

Man - that would be so awesome. But even if management did agree that - you'd have people that would be looking for ways to maintain the data for a much longer period - like printing and saving in a cabinet.. shudder.

@pete-s said in Email retention for non-regulated businesses?:

@dashrender said in Email retention for non-regulated businesses?:

@pmoncho said in Email retention for non-regulated businesses?:

@dashrender said in Email retention for non-regulated businesses?:

@scottalanmiller said in Email retention for non-regulated businesses?:

@pete-s In the US they tend to say "as short as possible." Email is always a legal quagmire and the best thing to do is to delete is as quickly as possible. Which, of course, can't be that fast. So we are generally talking 1-2 years. But you rarely want to keep it longer not because it likely contains details of people breaking the law, but because a legal discovery request is extremely expensive and a great way to attack even otherwise honorable businesses. It's a huge cost you can leverage against someone that they can only reasonably mitigate by not having much email to go through.

Man - that would be so awesome. But even if management did agree that - you'd have people that would be looking for ways to maintain the data for a much longer period - like printing and saving in a cabinet.. shudder.

I like many of the replies I get about cleaning out email. "Why, its free!" "Why, my 50 GB of email is nothing when we have 16TB drives for $200" "Why do I have to remove email older than 13 years, it isn't hurting anyone" "Why would I do that, I may need it later (Medicare Newsletters prior to 2010)" and the list goes on and on.

Exactly!

But you do have a reply as to - Why - it's not hurting anyone - yes, yes it is.. it's hurting the company if we ever get sued and have to do a legal discovery through that data - not only is it time consuming - the information could be damning either for the thing they are looking for or something completely unrelated.

Then my next question is - if something is so important that you need to keep it - why is it in email in the first place? Why can't you get that data someplace else more related to whatever it is you're saving it for? (That said, I realize that other documentation for something simply don't exist).

Maybe because it's so difficult to get it out of the email system.

Let's say you want to make document in pdf or something of an email conversation that you want to keep.

The emails you received is in some folder somewhere or tagged with something and the ones you sent is in the sent folder. If you have a threaded view the email client show them together.

But is there an easy way to push a button and get that conversation with every email in the right order into one pdf document? Usually not.

I understand that - and keeping things like that for a short time - say 2 years is fine... but if it needs to be more ephemeral than that, shouldn't there be some kind of policy or whatever it's about created to document such an important thing?

@scottalanmiller said in Centralized Log Management:

@braswelljay said in Centralized Log Management:

I was hoping to see what others might be doing to address these kind of issues.

Most people don't have those issues. Retaining logs of a year is pretty much unheard of. Even Wall St. firms don't do that. Military might of course. But very few places can utilize a server log in real time, let alone a week old one and to start pouring through year old logs.... totally pointless.

While there are times this might make sense, dollars to donuts your "cybersecurity" team has no idea what they are doing and making completely bogus requirements because they sound good to management but have no technical (ergo security) merit. No one responds to an incident a year later. That's ridiculous.

Storing logs is expensive. Really expensive. No one does it. Not like that. It makes no sense. I'd ask for a pretty serious business explanation of how the cost of building, maintaining, and storing all that data is justified from their security response position. I guarantee once you ask them to explain, they'll be forced to admit they have no idea what they are doing.

Now - while the year is likely ridiculous for most, you definitely "hear in the news" all the time about so and so was hacked, and the hackers got in 3+ months ago though Jody's PC when she opened an email. So logs going back three months doesn't seem unreasonable - if you want to be able to go back that far forensically.

@scottalanmiller said in CentOS - What is the current opinion here?:

@pete-s said in CentOS - What is the current opinion here?:

@jaredbusch said in CentOS - What is the current opinion here?:

But this is the thing, not all applications are designed to run on various operating systems. So you do not always have the luxury.

That's true, you have to run what works. But most of the time you can stick to one OS.

Not that we've found. Finding an environment where you are running Linux, and can avoid all variation is pretty rare, I think. So many apps only work on Ubuntu XOR CentOS. It's a mes out there.

You can say that again.

@hobbit666 said in Centralized Log Management:

@scottalanmiller said in Centralized Log Management:

OpenSearch from Amazon. They took the ELK stack, made it 100% open source, and back it by Amazon. It is so good both in technical product and in licensing, that essentially it is the only game in town now.

Interesting take from ELK side
https://www.elastic.co/what-is/opensearch

Our products remain free and open, but Amazon can no longer freely use Elasticsearch and Kibana products without collaborating with us. Rather than collaborate with us and contribute back, Amazon created its own forked projects, which are less mature, not ready for production use, and provide inferior capabilities compared to Elasticsearch and Kibana.

LOL - someone sounds like they are just complaining that their toy was taken.

@scottalanmiller It was never the creators intent to make versions for something other than Windows Server. He published the spec and expected others to pick it up and run with it.

yeah - in retrospect that was dumb. Someone has to be the champion of a project otherwise it will get no legs.

And with no champion, well, clearly it's just withered...

I gave up on Freshdesk - just didn't like it.

I am currently using Spiceworks hosted version.

@dbeato The user selected everything in the area, pasted into Word and then printed what they wanted.

I suggested that this area is not really meant for printing - and if documents need to be printed - that the items should be attachments, not free text.

I also said I'd put it out to the world and google and see if someone had a better answer.

I'm assuming to provide specifics we'd need an idea of that the workloads are on your VDI infrastructure.

@danp said in MS Teams file attachments and changing primary email address:

Can't you just leave their primary email address alone and simply assign an alias to their account?

Sadly MS is way behind the curve when it comes to more than a single email address attached to an account. There is no way I've been able to find to Send as those other addresses, which I'm assuming is what the client wants in this case.

I know much of what Scott posted most recently in this thread is things he's said before - but why not start out this way - instead of the - that's legacy way... after reading the broken wall of text it definitely comes off much less - you way is dumb, and is more inviting.

I'm really curious to know what is running on this VDI platform that makes it needed in first place - especially for 600-1000 users.

@scottalanmiller said in VDI Options - Modernization:

@pete-s said in VDI Options - Modernization:

So insert VDI to allow access to the application from any type of client device. And without having to install something locally on the client and without having sensitive data stored on the client.

AND.... low latency (in theory) between the application and the database. Remote displays are generally far less latency sensitive than database connections. So many times, this is the only way it remains functional.

Avimark is a prime example. It's a client/server system with a super inefficient database call design (every action requires a LOT of DB calls.) So ever millisecond added between the app layer and the DB causes big delays in application response. But the interface is essentially static and really basic (e.g. no photos, no fancy graphics, easy to show remotely.)

So by going to VDI or terminal services you can move the app layer super close to the database and get that DB connection round trip into the nanosecond category, and then put the onus on the remote graphics layer (RDP, VNC/RFP, Spice, PCoIP, etc.) to deal with the latency over the WAN which generally, they can do pretty well. And then any delay is a human related one, not an app one. The app happens lightning fast, even if you can't see it necessarily.

This ^, this is really the only reason I can figure that Gene's company does it. Gene and I use the same EMR product.

They are using a web based EMR - there are no local DBs
The only thing that's local is printing/scanning/medical device connected.

BUT - the interface gets super slow sometimes. I haven't been able to determine why, our internet connection isn't saturate, other websites seem to be speedy (except for M365 - man that's just a dog no matter where I use it).

That's why I mentioned for potential performance enhancement - MS has huge pipes to the internet - so perhaps their VDI can get a faster connection to the EMR (over the web) and the screen delivery is less of an issue.

@pete-s said in Will faxes ever die - cheapest way to forward a DID:

Fax will die for sure, just like telegrams and telex have died before fax.

It's said that it's the US health care system that has kept fax alive on borrowed time for years.

Fax machines have actually been dead in many parts of the western world for a decade or two already. With dead I mean that companies, hospitals and government simply don't have any fax numbers anymore and can neither send nor receive a fax. But it's different from country to country and dependent on the laws mostly.

yeah - I just don't believe that.. - other countries - yes I believe that, USA - nope.

@jaredbusch said in Looking for a remote access solution:

@dashrender said in Looking for a remote access solution:

@pete-s said in Looking for a remote access solution:

@dashrender said in Looking for a remote access solution:

@jaredbusch said in Looking for a remote access solution:

Put zerotier on the box in the DC and the user's box. restrict it to only RDP.

Done.

I really like this - sadly - our insurance policy requires MFA for remote access. I'll have to see if ZT has anything for that.

If you can't run over VPN due to latency, you can't run over Zerotier. It will be exactly the same.

Jared is saying to RDP into the PC in the DC I mentioned as an option.

Which you can also do with VPN solutions.

ZT is a VPN solution.