Prior employer just called. Their ancient router (Cisco Pix) is puking and they want me to resolve.

Told them they can get an EdgeRouter and it can talk IPSEC to their other places (also various ancient Cisco) until those are replaced too.

Well unfortunately their stuff has been unchanged since before I was there in 2007. All of the VPN tunnels are MD5 & DES.

The EdgeRouter basically says screw you to that.

jbusch@jared# set vpn ipsec ike-group Test proposal 1 encryption DES
must be aes128, or aes128gcm128, or aes256, or aes256gcm128, or 3des

Value validation failed
Set failed
[edit]
jbusch@jared# 

@scottalanmiller said in Windows 7 licenses:

@jaredbusch said in Windows 7 licenses:

@Mike-Davis just buy some VL licenses and you are done. you have no need to reinstall. that is not how licensing works. you just need to have them purchased.

He has to buy VL and OEMs. VL are upgrade only and since there was no original license on these boxes, he has to have both. Making it pretty expensive.

Missed that bit about whitebox.

Yup, you are screwed @Mike-Davis. Just buy new machines.

@black3dynamite said in To Cable, or Not to Cable:

Why isn't businesses going with something like Workday (https://www.workday.com/) instead of hosting their own like Sage?

Because I will not, ever, use a company that has such shit software, that I have to fork over sales info to watc( a 3 minute demo video.

@dustinb3403 said in Is the 3-2-1 rule antiquated?:

Okay so it seems to be a bit murky (the way I described it).

The idea is only use cloud hosted backups, and not bother with local on premises backups, even if the devices are available.

While any cloud provider is way more robust than anything that can be built in-house. And while I agree here, cloud providers are way larger and more robust than anything that can be built in-house, the recovery time allotted from restoring from the cloud is still 1-Day + (assuming they shipped a copy of the data to you etc).

No, you want a local backup always. I mean seriously, how long do you wnat your backup software to have a snapshot sitting out there while the data is uploaded to a cloud host?

By using a local target and the offsiting that, you keep the load off the production server.

@scottalanmiller said in Prevent deleting files in shared folders:

Deleting is part of the ability to write. You can't be able to write but not delete. Delete is just a form of writing. Same as with paper.

Yeah, I have witnessed so many bad setups over the years because people try to do this.

Hell to save a document with MS Office, you are writing to a temp file, deleting the original, and then renaming the temp file.

This is nothing like a full set of instructions from me, and I will rectify that later.

But I am out of free time for a while and thought I would at least toss this at you all.

Start with Fedora 27 Minimal
Install prereqs

dnf install -y tar git mongodb-server

Set MongoDB to start.

systemctl start mongod
systemctl enable mongod

Install NVM to manage node

cd ~
curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.33.8/install.sh | bash
nvm ls-remote
nvm install v8.9.4

Allow the default port through the firewall

firewall-cmd --add-port=3000/tcp --permanent
firewall-cmd --reload

Create a folder to put your wiki in and then download it there

mkdir /opt/wiki
cd /opt/wiki
curl -sSo- https://wiki.js.org/install.sh | bash

[root@wiki wiki]# curl -sSo- https://wiki.js.org/install.sh | bash


 __    __ _ _    _    _     
/ / /\ \ (_) | _(_)  (_)___ 
\ \/  \/ / | |/ / |  | / __| 
 \  /\  /| |   <| |_ | \__ \ 
  \/  \/ |_|_|\_\_(_)/ |___/ 
                   |__/
   < INSTALL >

[1/3] Fetching latest build...
[2/3] Fetching dependencies...
[3/3] Creating config file...
-> Installation Complete

Thank you for installing Wiki.js!
Please consider donating to our open collective to help maintain this project:
https://opencollective.com/wikijs/donate

- Launch configuration wizard: node wiki configure
- Start Wiki.js server: node wiki start

Setup SELinux to know this is a directory needing httpd_rw

semanage fcontext -a -t httpd_sys_rw_content_t "/opt/wiki(/.*)?"
restorecon -R -F /opt/wiki

Start the setup wizard

node wiki configure

Navigate to your system and follow the wizard
http://ip.add.re.ss:3000

Group text is a perfect reasonable solution because it requires almost no participation from anyone except the one being out. The recipients, just know that they received a message.

both parties are guilty of blatant stupidity.

For reference to anyoen else wondering, here is the Office365 costs for home.

So for $7/month I have not just Outlook, but also the entire Microsoft Office suite and OneDrive and Skype.

For whatever reason, you are stuck using a Windows Server based domain controller with the typical DHCP/DNS/AD roles.

Now you get a bunch of shiny new UniFi devices from Ubiquiti and you think it would be just awesome if they would find the UniFi controller by themselves.

Well this is simple to do. You jsut need to setup DHCP option 43 to point to the IP address of your controller.

Pop open the DHCP configuration and expand the tree until you see Scope Options
RIght click on it and choose Configure Options

Scroll down the list to option 043 Vendor Specific Info

In the Binary section, you will have to enter the IP address of your UniFi controller IN HEX.
So pop over to your favorite IP to HEX converter. I like this one: https://www.browserling.com/tools/ip-to-hex
Pop in your IP address and click convert

Like magic.

Prepend a 0104 in front of the result, 0104cff4df0d in my example here. Then enter the hex into the Binary field and click ok.

There you go. Now reboot your UniFi device and it will find tis way to your controller.

Installing ZeroTier on Fedora is a snap.

curl -s 'https://pgp.mit.edu/pks/lookup?op=get&search=0x1657198823E52A61' | gpg2 --import && if z=$(curl -s 'https://install.zerotier.com/' | gpg2); then echo "$z" | sudo bash; fi

When it is all done, you will see your ID.

Installed:
  zerotier-one.x86_64 1.2.4-1.el7.centos                                                                                            

Complete!

*** Enabling and starting zerotier-one service...
Created symlink /etc/systemd/system/multi-user.target.wants/zerotier-one.service → /usr/lib/systemd/system/zerotier-one.service.

*** Waiting for identity generation...

*** Success! You are ZeroTier address [ 9c05c65866 ].

Now you join your network.

sudo zerotier-cli join 565799d8f63ed4a1
200 join OK

Authorize it in the controller web portal and done.

ip a sh
<snip>
3: zt0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 2800 qdisc fq_codel state UNKNOWN group default qlen 1000
    link/ether a2:48:3b:30:80:ff brd ff:ff:ff:ff:ff:ff
    inet 10.202.3.154/24 brd 10.202.3.255 scope global zt0
       valid_lft forever preferred_lft forever
    inet6 fd56:5799:d8f6:3ed4:a199:939c:5c6:5866/88 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::a048:3bff:fe30:80ff/64 scope link 
       valid_lft forever preferred_lft forever

I have had so many problems with roaming profiles over the years.

So I used redirected folders and offline files. Again lots of problems.

Finally ownCloud came out and I moved en masse to it.

@bbigford said in Install Nginx as a Reverse Proxy on Fedora 27:

"Install nano because I prefer it over vi"

Nano really should just be the standard at this point, IMO.

I worded it like that to appease people like @scottalanmiller to prevent some stupid commentary about unneeded packages

@emad-r said in CentOS 7 - Why Did [Almost] Everyone Switch to Fedora?:

the other guy who is knowledgeable but not as nice as Scott

Hahahahahahahahahahh

So over in this thread @Ambarishrh had this.

Re: Project management for internal IT projects and tasks

@ambarishrh said in Project management for internal IT projects and tasks:

I am looking for a tool that can be used for internal projects with the following features:

1. Create project, set milestones and target dates
2. create individual tasks and subtasks, assign to 1 or more techs
3. Analyse the overall tasks completion/performance of teams
4. Generate high-level reports for management
5. Add notes, comments etc.
6. Self-hosted and free if possible.

Part of our O365, we have MS planner, been using it for few weeks and not really happy with that (mentioned this on another thread in ML)

I do not have the Self-hosted requirement, but I also do not mind self hosting.

I do not want to pay for a solution right now. If we find one and like it and want more features that require payment, I am happy to.

These are the solutions that I saw listed and liked:

• OpenProject - https://www.openproject.org - Self hosted most features - feature comparison
• Asana - https://asana.com - SaaS free to 15 users few features - feature comparison
• MeisterTask - https://www.meistertask.com - free unlimited users/projects, many features - feature comparison

These I saw listed and did not care for:

• Nozbe
• Teamwork
• OrangeScrum

Up for a second look:

• Jira - https://www.atlassian.com/software/jira - page of features

Beyond that list, what would people recommend?

Fuck printers.
Fuck printer servers.
Fuck GPO based printing.

I have a directory that a git repo is checked out to /tftpboot

If I am in that directory and use git pull, all is as I want it. Great.
Now I want to schedule git pull to run every hour.

I could use cron easily enough, but I want to get more current and use systemd as it is the current control mechanism.

Reading these results:
https://wiki.archlinux.org/index.php/Systemd/Timers
https://www.certdepot.net/rhel7-use-systemd-timers/

I learn i need to use a service file and a timer file. Easy enough. Here is what you do.

First create the .service file in /etc/systemd/system

# I like nano, use vi if you want
nano /etc/systemd/system/gitpull.service

In that file, you need this

[Unit]
Description=update /tftpboot with git pull

[Service]
Type=simple
ExecStart=/bin/git --git-dir=/tftpboot/.git --work-tree=/tftpboot/ pull

[Install]
WantedBy=multi-user.target

That git command is extra annoying because CentOS 7 is still on git version 1.8.3.x and the cleaner -C switch doesn't arrive until git 1.8.5.

Anyway, next create a .timer file also in /etc/systemd/system

nano /etc/systemd/system/gitpull.timer

Put this information in it.

[Unit]
Description=Execute git pull every hour on the hour

[Timer]
OnCalendar=*-*-* *:00:00
Unit=gitpull.service

[Install]
WantedBy=multi-user.target

The ArchLinux wiki link above explains the syntax for OnCalendar

Once you have these two files, you simply enable and start it with systemctl just like anything else.

systemctl enable gitpull.timer
systemctl start gitpull.timer

Special thanks to @stacksofplates for his advice via Telegram

As this is a design still, I would plan to deploy with Windows 2019 being released.

Unless something goes super critical and unexpected requires an immediate deployment.

@wirestyle22 said in DNS Update Issue:

@scottalanmiller it tells me it's requesting from the primary dc and that the dc doesn't know what the address is.

Can't find, non-existent domain

Should've been resolved by fixing the forwarders

Nope. The local DNS server likely "owns" domain.com

So you will have to put in records for the public sutff on domain.com. This is perfectly normal "split brain" DNS setup typical in almost every Windows shop on the planet.

@Dashrender said in New PBX - on prem or off?:

@FATeknollogee said in New PBX - on prem or off?:

@Dashrender said in New PBX - on prem or off?:

@FATeknollogee said in New PBX - on prem or off?:

You've said nothing regarding your on-prem vm capacity/capability?
Also, how is your LAN equipment - good, new, old, POE switches etc?

What baring does that have on my question though? How would that affect Onsite or Hosted PBX?

Obviously, if you don't have the ability or capability to "create" vm's...that would kill the on-prem option!

I know I'm being pedantic, but again, it's not really relevant to my question. One could assume that if On-Prem is really the best way - I will make the required purchases to make that happen. Having a VM infrastructure isn't a prereq.

Are you saying that if this was a greenfield install, that would sway your recommendation? i.e. you have no VM hosts today, and don't plan for any - then we'll just take on-prem off the list of options right now - is that what you're thinking?

All that said - yes I have a VM infrastructure and available resources.

You are correct, in that it is not highly relevant, but it is important. Adding VM capacity where none exists is expensive.

But, the most important factor for determining on or off premises is where you need the survivability.

Do you need internal calling to work no matter what? Then on premises.

Or do you need external calls to terminate to your PBX no matter what? Then off premises.

Now it gets more complicated in the fine details, but that is how you start.