@scottalanmiller said in Any Experience with BeeLink Mini PCs?:

I'm looking at Intel NUC and Beelink for small desktops. Tiny size and non-descript are pretty important for our market. I won't be buying until December, so not quite ready yet. But I've been looking at Beelink for a while because they offer Intel NUC-like form factors with dual HDMI outputs and AMD processors. The NUCs almost always push you to proprietary video stuff that causes issues in this market, so that's a pain to work around and makes them more fragile and expensive. Wondering if anyone has used Beelink and has some experience with them?

Man I would love to see steam decks used for these type of tasks. The specs on these isn't too far from steam deck, actually. Steam deck runs Linux, so it seems like a decent choice for NTG.

I wonder if valve will get more into business small form factor Linux workstations..

I'm gonna play devils advocate here, and say it's a complete waste of time to build a hardware lab. If you want to work SMB for 100 employee company, then fine whatever. They want to pay you to monkey around with hardware for a few servers instead of doing Colo or cloud.

Everyone on here giving the advice is passionate about their work and thorough, but unless you want to do IT service work or be one man IT shop, there isn't really any value in this stuff. Get an edge router and buy a cheap hardware device as @Pete-S recommended.

I actually had to check the date a few times on this thread and make sure it wasn't nearly a decade old. Because man this is dated way to learn. You'll find very little of what you want to learn, has to do with hardware or even a specific Colo or cloud. Notice how everyone talked about sever configuration or networking. Neither of those pertain to actual hardware. The implementation you'll be doing in the real world is both hardware and cloud agnostic.

@gjacobse said in PS ISE: Unsaved Projects:

Right now, I'll have to pencil GIT onto the project list. I just don't have the bandwidth to investigate it right now. If the unsaved scripts are lost,... they are lost - my own fault and I recognize that. I had some hope that I could recover them.

I just have to much going on to take on another project I can't truly invest time into. If I start something, I'll just have to ensure I save it - I think I saw something about making PS:ISE autosave....

Thank you for the suggestions and recommendations.

It took more time to write this post, then it would to create a git repo.

I would restrict ssh to very specific hosts. If you want to be flexible on your location, you could just allow a bastion host and/or VPN. Both solutions are very low cost as bastion and VPN server uses very little resources. If you want to implement a solution that's even more proactive you could use a service like Okta that has MFA and short term token access to ssh sessions.

As far as host level, use CIS benchmarks as a good base for hardening template. Removing unnecessary packages can also help and limit potential vulnerabilities on the system. Also, the usual stuff like sending logs to SIEM.

@scottalanmiller said in Steam Deck - The Linux mobile hardware and OS we have always wanted:

@IRJ said in Steam Deck - The Linux mobile hardware and OS we have always wanted:

I got a Steam Deck last week, and to say I am loving it is an understatement. This thing is a laptop killer for my uses, anyway. It runs a modified version of Debian and has read only file system. Read more about it here.
https://store.steampowered.com/steamos

The Steam Decks runs in too different modes:
Game Mode
Desktop Mode

Game Mode is basically the Steam App optimized for the Steam Deck. It is similar to Microsoft's Xbox interface as far as functionality and what we expect for gaming consoles.

Desktop Mode is a full KDE environment. In this mode, you use the touchpad on the deck to navigate like you would on a laptop. It works as expected (basically a laptop with a small screen), but it definitely isnt optimized for controller use.

That's so awesome. I REALLY want one. And interesting that they chose KDE.

My first thought was why KDE as well. In reality though, no desktop environment is a perfect fit. Using any of them will just feel like using a laptop TouchPad on a Nintendo switch form factor.

What SteamOS does is integrate controller support in their limited desktop environment. In just a few short months after release, it feels pretty awesome and capable. I would love to see gnome integrate controller support not just for the deck, but with that form factor in mind going forward.

@gjacobse said in Steam Deck - The Linux mobile hardware and OS we have always wanted:

Curious - I would have a serious learning curve with it as I am a KB/M gamer. ..

Hard to say, I've gamed both ways for so long its not hard for me to play either way

While I'd like to get one, I don't know if I could justify it with the level of gaming I do,... unless it will do more....

It does everything a laptop can do

Microsoft has been one of the leaders in embracing the Deck.

Microsoft has two awesome tutorials that allowed me to really unlock the power of the deck. The deck is fine in desktop mode, but it really shines in optimized game mode.

Microsoft has an awesome tutorial on how to do cloud gaming and get it working in game mode with the deck. I have been playing all my Microsoft Gamepass games on the deck!

Cloud gaming runs in edge via kiosk mode. You are able to create other "apps" using kiosk mode like Youtube, GoPro, Facebook, Email, etc. You just create another link to Edge set kiosk mode and adjust the URL.

This may sound like just favorites management, but browser with control pad is much faster than touch or touchpad. It is really awesome to make mobile "apps" without there being any apps for the device.

Also you can run Edge with all desktop extensions in game mode. Especially awesome if you use tools like Bitwarden.

Any flatpak can be made to launch in game mode, some dont work great but others do like the "discovery app" for downloading new flatpaks. That works amazing with controller support in game mode. (Not sure why steam didnt do that by default). I figured it out playing around.

https://support.microsoft.com/en-us/topic/xbox-cloud-gaming-in-microsoft-edge-with-steam-deck-43dd011b-0ce8-4810-8302-965be6d53296

I got a Steam Deck last week, and to say I am loving it is an understatement. This thing is a laptop killer for my uses, anyway. It runs a modified version of Debian and has read only file system. Read more about it here.
https://store.steampowered.com/steamos

The Steam Decks runs in too different modes:
Game Mode
Desktop Mode

Game Mode is basically the Steam App optimized for the Steam Deck. It is similar to Microsoft's Xbox interface as far as functionality and what we expect for gaming consoles.

Desktop Mode is a full KDE environment. In this mode, you use the touchpad on the deck to navigate like you would on a laptop. It works as expected (basically a laptop with a small screen), but it definitely isnt optimized for controller use.

I've been playing the Steam Deck over the past few days and I'm loving it!

@BraswellJay we don't allow public Docker images to be loaded on our network. What we do is download any images that are needed and upload them to our own Docker registry. We use GCR on Google cloud, but you could use AWS or Azure as well. Each of those providers have vulnerability scanners built-in so anytime you upload an image, it is scanned automatically.

@gjacobse said in Does this speak to you?:

In Dec I was informed I was going Month to Month at the end of the six months..

I think that's you're answer. They feel like they need to revaluate month to month. I would have argued for at least 3-6 month contracts or been looking to leave within a month or two max

@gjacobse said in Does this speak to you?:

Keep in mind - I'm a contractor - brought on with the idea of six months to hire.... Six months was the end of December.

1. Do you want FTE? Did you talk to them in December about it?

2. Do you make considerably more than you would as a FTE?

3. If the answers to 1=yes and 2=no then it's clear they do not want to bring you on full time. After being there for a year, it's time to move on. If the answers to 1=no and 2=yes then there is no issue. Some contractors don't want FTE because they can make considerably more as a contractor.

@scottalanmiller said in Restrict access to parent folder but allow child folder access:

At some point permissions and folders are just difficult and there's no way around it. What we do is we don't use mapped drives / SMB shares but instead use a modern cloud based solution (Zoho WorkDrive in our case, but they are mostly the same) and there aren't child folders only top level folders (that have perms.) It forces you to keep all perms at the top folder level (like at the share level.) Far less granular, but it is a lot cleaner. I feel we are far less likely to overlook something or give permission that we don't know about. Since only folders that someone has access to become visible, it actually works decently well.

That and we avoid "Files" as a mechanism in the company. Essentially everything is access to an application with a database behind it. Files are a "mistake" in IT terms, a fallback for a gap in application design, so the general but rarely spoken theory of good IT is to minimize files as a thing people would want. We do this very, very strictly and have only a handful of files left in the company... mostly media files or PDF archives, so this minimizes the problem making it far more manageable.

This is called object storage. There are alot of advantages to object storage vs file storage on both user and administrative level. It's so much easier to use a
, and encourage stricter permissions since sharing is done per object. You can still share folders (a collection of objects).

https://www.ibm.com/cloud/learn/object-storage

Here's a good comparison.

https://www.ibm.com/cloud/blog/object-vs-file-vs-block-storage

@pete-s said in Wsus for remote vpn and on-premise users:

@fredtx

If you are considering having clients download updates from Microsoft directly then that means that you are going to apply all updates, doesn't it?

If that is the case, what functionality does WSUS bring to the table?

95% of WSUS administration is blindly approving updates anyway. Just let them auto update and be done.

@gjacobse said in Chrome: unable to play YT Video; weirdness:

Well now that we have porn and the 'porn mode' out of the way...

Are there any thoughts on what could be causing this, how to prevent it, and on (a reminder) of how to rectify the issue? Preferably I would like to not lose saved passwords and such, or book marks. but I know where bookmarks are so that is easy enough.

I'd reinstall the browser. It's easy to backup all that stuff to your Google account or do it manually.

Also I'd recommend not saving passwords in Chrome.

@scottalanmiller said in Job offer:

Has anything changed to make you feel it is worth accepting now when it wasn't a few days ago?

I feel like shitty employer isn't a reason to do anything out of fear or just to get out. For me accepting a new role is always a well calculated decision. Sure, he should make the decision that he's gonna leave his current employer. That's an easy one to make.

However, the decision of choosing the new role needs to be well thought out and calculated as a career move. Not a knee jerk reaction.

If someone truly devoted themselves to finding a job in 6 weeks, you can do it if you have the actual skill set required for your new role. In 6 weeks time you should have received several offers.

@pete-s said in ZeroTier & Security:

@notverypunny

If you assume that being connected to an ZeroTier network is the same as having the host sitting directly on the internet, you'll be fine.

That is the basic premise of the zero trust security model - assuming that the network is hostile.

Yes this ^

@stacksofplates said in VDI Options - Modernization:

@jimmy9008 said in VDI Options - Modernization:

@jt1001001 said in VDI Options - Modernization:

@jimmy9008 We have a use case involving a legacy client/server app that we've determined we're going to have to go VDI for in order to secure it. One lousy app for approx 5 users that I hope we eventually move away from. We are currently reviewing Azure VDI for this and it so far will fit the bill though we had to go throught a lot of "hoops" to configure networking, VPN back into our infrastructure, etc. We have not yet presented budget numbers to the bean counters but Im hoping when we do they will see the $$$$$ wasted for 5 users and will force them to a new product.

What other products do you plan to look at? Still VDI or something else? Any experience of VMWare Horizon?

We have around 600 - 1000 users globally (mostly developers) on the VDI I need to replace. The company dictates that the VDI must be in the same datacenter as the rest of the developers environments, so I don't think Azure VDI would work for us because of that mandate.

I know this isn't VDI, but what about something like GitPod, Eclipse Che, Coder, etc? In everyone's defense, developing over VDI truly sucks. This would keep the development environments in the same data center, but would give a much better experience.

Yeah I agree. Putting developers on VDI is a total waste. But it sounds like OP doesn't want a different solution and is not interested in thinking outside the box to implement IT based on strategy vs this is way things were always done.

That's why these people won't be calling the shots or making big bucks because they can't think outside their comfort zones and refuse to stand up to their superiors in order to make positive change.

I always sign offer and wait for background check, drug screen, etc BEFORE I put my notice in

@fredtx said in Job offer:

the fact she told me they don't do an actually letter, and I would be signing on my first day of employment. Lesson learned on my end.