@Jimmy9008 said in Virtual WAF:

@Dashrender said in Virtual WAF:

@Jimmy9008 said in Virtual WAF:

@Dashrender said in Virtual WAF:

@Jimmy9008 said in Virtual WAF:

@VoIP_n00b said in Virtual WAF:

Cloudflare Pro has a WAF but it's $20/month.

I don't think that would be a direction we would use. I like CF but it just wont happen here.

They can't afford $20/m to protect this? does whatever they are doing even make sense to do?

Currently correct, no budget for this. What they want to do makes sense for them, but not for an IT perspective. The applications are demo environments which are shown to potential customers. We have many of these environments to demo the solutions globally.

The product team have decided they want to cut their budget this year and have cut out the WAF which sits in front of their demo applications. I believe they had some form of Citrix solution which sat in front of the webservers to do the higher layer checking like XSS/SQL Injection and stuff like that. Due to their decision, this now sits with IT.

Essentially, this is not in the IT budget and it is rigid. So most likely will be until 2022 until any budget is allowed at all for this. Crazy I know.

Hence, wanting something between the internet and their now less protected application at no real cost. ModSecurity or something like that looks like a good start.

So they believed they needed good security - hence why they looked/had Citrix stuff before (didn't know they did that), but now, because of budget, they no longer care about it... this is completely the wrong way to do things.. wow.

Now that's not to say they shouldn't reevaluate what they are doing - and find a solution that is more cost effective, but to go from a hugely expensive system (Citrix) to a free one is just asking to be hacked.

Also, you said this is now for IT to manage - uh.. what? It's always been for IT to manage.

Perhaps in other companies, yes. But not here, until now. The teams are very well defined and IT here is kept to core infrastructure only. As this infrastructure interacts with customers it is with a different team. That team has decided to cut their budget out and remove the component, and has said "IT, its now your problem" which until now had not been the case.

Wow - in that case then, I would say - well you don't care about it, so other than my firewall, I don't care about it either.... and if I do need to care about it - then I need budget to care more than just my firewall about it.

That's a fundamental change to the company - again, that's fine, as long as they put the resources they expect to need in place... they were clearly doing that well enough in the past.. and now what - they just puke on it? what gives that department the right/ability to shift responsibility and cost vector to you?

@wirestyle22 said in What Are You Watching Now:

Laura told me last night that she has never seen Willow or Legend. This is why people don't like fantasy. They've never seen any of the good stuff.

I've seen Willow - yeah, not impressed.

@Jimmy9008 said in Virtual WAF:

@Dashrender said in Virtual WAF:

@Jimmy9008 said in Virtual WAF:

@VoIP_n00b said in Virtual WAF:

Cloudflare Pro has a WAF but it's $20/month.

I don't think that would be a direction we would use. I like CF but it just wont happen here.

They can't afford $20/m to protect this? does whatever they are doing even make sense to do?

Currently correct, no budget for this. What they want to do makes sense for them, but not for an IT perspective. The applications are demo environments which are shown to potential customers. We have many of these environments to demo the solutions globally.

The product team have decided they want to cut their budget this year and have cut out the WAF which sits in front of their demo applications. I believe they had some form of Citrix solution which sat in front of the webservers to do the higher layer checking like XSS/SQL Injection and stuff like that. Due to their decision, this now sits with IT.

Essentially, this is not in the IT budget and it is rigid. So most likely will be until 2022 until any budget is allowed at all for this. Crazy I know.

Hence, wanting something between the internet and their now less protected application at no real cost. ModSecurity or something like that looks like a good start.

So they believed they needed good security - hence why they looked/had Citrix stuff before (didn't know they did that), but now, because of budget, they no longer care about it... this is completely the wrong way to do things.. wow.

Now that's not to say they shouldn't reevaluate what they are doing - and find a solution that is more cost effective, but to go from a hugely expensive system (Citrix) to a free one is just asking to be hacked.

Also, you said this is now for IT to manage - uh.. what? It's always been for IT to manage.

@DustinB3403 said in Random Thread - Anything Goes:

@Dashrender said in Random Thread - Anything Goes:

@hobbit666 said in Random Thread - Anything Goes:

To Xen or Not to Xen that is the question

i.e. Do I install XenServer on my host or not

I say no.
The general feeling around here lately has been no, instead use Hyper-V or KVM, unless you have a specific need for ESXi.

I wouldn't say that there is a feeling to use Hyper-V or KVM, just that you have to consider what you are wanting to do. If all you need is a single host and backup capabilities XS and XO are certainly a heavy contender.

I totally disagree - your problems of the last few days shows how much of a pain XO is.

I'd argue for single host shops that ESXi free along with Veeam EndPoint protection would solve most peoples problems very well. You could also use the free Unitrends appliance, assuming it's still out there.

I haven't used ESXi 6 or newer, but 5 had a great, easy to use interface. Veeam EndPoint does suffer from needing a Windows box to fun from - so that's a negative, but a pretty small one.

I never found XS to be overly easy to deal with - sure it's not hard, but it's definitely not easy either.

@scottalanmiller said in vSAS - Value Serial Attached SCSI:

@Pete-S said in vSAS - Value Serial Attached SCSI:

For instance we pay exactly the same price for 1.92TB Samsung PM883 SATA as for the 1.92TB Samsung PM983 U2/NVMe, about $360.
It's the same class of drive from the same manufacturer but the NVMe version is much faster (540K IOPS vs 98K on random read).

Yeah, it's really just one connector or the other connector (okay, there's some logic different in the chips, but you know what I mean.) It's like which should cost more, your laptop connected to ethernet or your laptop on wifi? Same laptop, just which adapter is being used. One is much faster, but they don't cost different amounts.

I "feel" there's some huge assumptions here... why do you assume that ethernet chips cost the same as WiFi chips?
I'd ask the same about SAS vs NVMe chips... I mean, of course they might not cost different, but then again, they would be wildly apart.

@stacksofplates said in Windows Phone Apocalypse Has Begun:

@Kelly said in Windows Phone Apocalypse Has Begun:

@Jason said in Windows Phone Apocalypse Has Begun:

I really can't believe they just killed it off like that.

They just announced that they're killing support for an old version of the OS that 2.5 years old. This is equivalent to Google killing support for KitKat or Apple dropping support for iOS 7.

Kind of. However both of those have had new OS versions since then. This is the only OS that Microsoft has for the phones. To go along with what you said, it would be more like dropping support for WP7.

Until recently, the MS phones suffered the same issues as all but the iPhone, lack of carrier post sales support. So talking about the manufacturer dropping support just makes me laugh.

@Kelly said in DHCP Question...:

Another is using a utility or print server so that the end point never needs to know the current IP address of a printer.

Have you found this to work? Even on print servers, I print to IP, and the server print queue is static to that IP.
I haven't used WSD ports on a server yet - have you?

@JaredBusch said in Time for me to move on from Webroot:

@Dashrender said in Time for me to move on from Webroot:

@Jason said in Time for me to move on from Webroot:

Our company just made it against the rules to smoke even if it's legal in your state. No matter if you are doing it for recreation or medical reasons (on or off the clock)

Is that legal?

Of course it is. Pot is a federal crime still.

HA - I have no idea where Jason's company is, I was assuming he was talking about cigarettes, not weed.

@scottalanmiller said in Installing Windows 10 without a Microcoft account:

@JaredBusch said in Installing Windows 10 without a Microcoft account:

@scottalanmiller said in Installing Windows 10 without a Microcoft account:

@Dashrender said in Installing Windows 10 without a Microcoft account:

protect them from what?

Predatory sales tactics. Microsoft is trying to force more services on them.

And Google is not?

Google attempts to sell me nothing, and does not try to trick me when I go to set up a machine. Google isn't perfect, but is nothing like MS here.

Oh this is not true - they try to get you to buy more Google storage when you run out, that's a minimum. no different than apple doing the same.

There wouldn't be any more security in a powerline adapter than there would be on an ethernet cable. I suppose in ways it's worse than wireless or at least the same as unencrypted (open) wifi.

@JaredBusch said in Installing Windows 10 without a Microcoft account:

@scottalanmiller said in Installing Windows 10 without a Microcoft account:

@Dashrender said in Installing Windows 10 without a Microcoft account:

protect them from what?

Predatory sales tactics. Microsoft is trying to force more services on them.

And Google is not?

Thanks, you beat me to it.

@MattSpeller said in Random Thread - Anything Goes:

@JaredBusch said in Random Thread - Anything Goes:

@MattSpeller said in Random Thread - Anything Goes:

@Dashrender said in Random Thread - Anything Goes:

Is that an AC-Lite?

I prefer full fat AC, don't you be giving me half wave rectified or any of that DC nonsense.

For what purpose? I have zero use for full AC in the house or at any of my clients.

Obviously, it is sexy speeds, but if I am not going to be saturating it who cares? Why buy more?

This was an electricity joke, please ignore.

Edit: I have 802.11AC at home and it's sweet, highly recommend.

Doh.. LOL I completely missed the AC/DC thing

FYI, UBNT AC-Lite maxes at something like 85 Mb, where the AC protocol is something like 130, or is it 300?

@batman said in KB4512941 might break 1903 search:

@Dashrender The search problem caused by KB4512941 was fixed in KB4515384.

That's just it - they fix is apparently not really fixing it.

@Jason said in SOB, my TV died, and the new one isn't here yet.:

Most likely if power being cut killed it you have a bad capacitor somewhere.

While I hear what you are saying, other peoples work kinda say the opposite.

@DustinB3403 said in Started as Win 7 Issue.. Now Job Searching?:

@Dashrender said in Started as Win 7 Issue.. Now Job Searching?:

@DustinB3403 said in Started as Win 7 Issue.. Now Job Searching?:

@Dashrender said in Started as Win 7 Issue.. Now Job Searching?:

@bnrstnr said in Started as Win 7 Issue.. Now Job Searching?:

@scottalanmiller said in Started as Win 7 Issue.. Now Job Searching?:

. Updating or upgrading from non-genuine software with software from Microsoft or authorized sources does not make your original version or the updated/upgraded version genuine, and in that situation, you do not have a license to use the softwa"

I believe you're misinterpreting... I read this as if you're updating or upgrading non-genuine software WITH SOFTWARE FROM MICROSOFT (read MCT), you're not doing it right... You need a valid license to use MCT. Period.

Right - which if all you have is a Windows 7 licenses - means you don't have a valid license to use to install said software.

FFS pull your head out of your ass and look at the conversation and proof posted in the EULA and ToC.

i completely disagree with the path Scott took... and clearly, I am not alone.

Now - all that said - I completely agree with Scott's assessment that MS wants everyone on Windows 10 ASAP - and I myself believe MS won't prosecute anyone who used the 'upgrade' path from a legal Win 7, 8, 8.1 license to 10 - again, because they WANT people on 10, now!

that is the exact same as licensing everybody that has a Windows 7 8 or 8.1 to be freely eligible to upgrade the Windows 10 at will and be fully valid and licensed.

Wanting everyone to be there is not a legal thing in any way. So if you are claiming MS's desire to have everyone on Windows 10 ASAP, is the same as Granting a free unlimited upgrade to every Win 7, 8, 8.1 license out there - well, I simply disagree with you.

@garak0410 said in E-Mail Sending Has Stopped Working On Hardware Devices:

@Pete-S said in E-Mail Sending Has Stopped Working On Hardware Devices:

@scottalanmiller said in E-Mail Sending Has Stopped Working On Hardware Devices:

In most cases like this, we run a Postfix server on Fedora that accepts unauthenticated port 25 from the devices and then sends out authenticated through O365 or whatever. Often that's the only way.

Feels like a smtp relay for sure is the best way to handle networks where you have devices sending email.

Just imagine changing ISP or whatever and then have to go through all email capable devices to make sure they now have the proper outgoing email settings.

I believe this is going to be in my near future...just weird for it to BAM! and stop...makes me wonder if I have a network issue...I had a feedback loop a few months ago that drove me crazy until I could finally locate it...

feedback loop?

@IRJ said in AzureAD and shares:

@brandon220 said in AzureAD and shares:

@coliver They tried OneDrive and had a ton of trouble. They were constantly calling MS support to recover folders and files that were deleted in the middle of the night, when nobody was at their office. Folders were moved into random places.

It is VERY possible that it was user error on each occasion but the logs did not reflect that. They lost a ton of files too that had to be recovered from a backup. I will say that I have read about other occasions with similar results.

If they are using a single OD account, the logs aren't very helpful.

Exactly - OD isn't the right tool - ODfB is the correct solution.

@gjacobse said in Windows CLI: Net User:

@dashrender said in Windows CLI: Net User:

Are you using a admin level command prompt or powershell shell?

Neither-

Command line via ScreenConnect

Well considering that ScreenConnect is an admin tool - I would HOPE that it is running those commands at an admin village level, but really have no clue.

Are you initiating PowerShell when you try to run a PS script?

Are you using a admin level command prompt or powershell shell?

Nah, sounds like he wants a crystal ball to tell what tech is coming so he's prepared.