Posts made by jasonh

Maybe look for some used laptops? Something on ebay, kijiji, etc? You should be able to find something decent for $200.

Another terrible article from Phoronix. He doesn't explain his point; what exactly does he think VirtualBox needs to be adding? He needs to take a course in critical thinking.

VirtualBox seems to do everything you would need on a desktop virtual environment. I can't think of a single thing that's missing. USB device pass-through works great. It does accelerated graphics, shared folders from the host, configurable guest networking, snapshots. If you need additional features (e.g. performance monitoring, backups, HA) you probably should be using a server platform.

I always take his stuff with a grain of salt, especially his performance measurements. There's been many times he does a performance comparison but doesn't update one of the systems with the latest version (e.g. his Xen vs KVM article a few years ago; read the comments for details .. there was another article where he did the same thing with Ubuntu vs Fedora or something)

It's always best practice to disable root login over SSH, especially from the Internet; use su or sudo for root access. Another good practice is to disable password-based authentication; only use keys with a passphrase. The setup you're doing here is useful for allowing scripted/automated connections between machines (e.g. for backups, scheduled tasks, etc) but they should be accounts with limited access, not root. You should be creating layers that make it difficult for someone to gain access to your systems; root keys with no passphrase means you're solely relying on that one strong password (which is one keylogger away from being defeated.)

But are they using SQRL or just their own thing with a similar concept? Seems like it's their own thing with their own app?

The whole concept with SQRL is that there is no username/password. All the site knows about you is your public key, which is what's being authenticated. The site can then link that public key to an account, profile, username for posting on forums, etc.

@Dashrender said:

oh, I consider myself lucky then. Other than waiting for a call back, the 3 calls I've ever made have all been extremely pleasant and easy - well as pleasant as any situation can be when you're opening a MS support ticket

I'd say so. 10+ years ago, Microsoft support calls were a good experience (and cheaper). In the last 5 years or so, they've become terrible. The last one I made was nothing but a waste of time and they refunded my money; every time I gave the guy details about the issue, he would say he'd have to go talk to his manager and call me back the next day.

Think of it like LastPass; all your login credentials are stored in LastPass, and LastPass is what fills in the username/password box for you. However it won't fill out your username/password until you've authenticated yourself it LastPass. You can configure your LastPass session to require re-authentication every time, or every 5 minutes, or every hour, or every day, or whatever you want. So depending on how "secure" you feel your system is, you can choose set the timeout appropriately.

EDIT: I'm referring to the SQRL client stuff; not sure about this LogMeIn thing. Seems kind of sketchy to me; very sparse on details. But the SQRL stuff from Steve Gibson I would trust (which is NOT what this LogMeIn thing is)

The other day I received a generic off-the-shelf "holiday" card from a telecom sales rep with nothing in it other than his business card. No signature or anything, and it's not even like it was a custom printed card for their company. It was so impersonal (and such a change from his buddy-buddy attitude in person, which now really makes him look like a phony) that I feel like crossing him off our list for an upcoming bid.

@thanksaj said:

I love that Chrome has the sync feature with my bookmarks especially.

Firefox has that too .. and has it for quite a few years. Plus the data is encrypted in your browser before transmission, so they can't access it; something I have my doubts that Chrome does (they likely transmit it over HTTPS but I'm betting Google sees all your browser data)

I know Firefox has updated significantly over the years but they still feel behind, in my opinion.

What are they behind on?

This isn't me talking as a fanboy. Just sharing an experience.

If you support your statements with examples/facts, they will be less fanboyish.

How does an external drive start being used as shared storage? I'm assuming it's not mirrored? If not mirrored, you're just asking for trouble (and creating extra work for yourself when it fails)

Sounds like that needs to get replaced as soon as possible. Something with mirroring. Even a consumer-grade NAS is probably better than whatever you currently have. If you're really pinched for capital, use a PC with two large hard drives and install FreeNAS (that would be better than the consumer-grade NAS)

There's quite a few good ones on this list.

ERPnext is a new one for me despite having spent a bunch of time researchin open source ERP/Accounting systems over the last few years. It looks like it could be good.

A couple years ago I spent some of time testing Odoo (called OpenERP at the time) for a distribution company, but ultimately passed it up due to poor documentation, lots of unanswered and concerning issues in their knowledgebase/forums, and extremely poor upgrade paths between versions (no documentation, just pay them consulting fees and provide remote access so they can do it for you.) I just had a hard time recommending it to someone if I couldn't feel confident they would get proper support.

I've recently spent some time vetting xTuple for my day job (manufacturing environment) and they seem quite good. They are a US-based (Virginia) company, which is where all their sales, support, and development is based. They also have a partner network for localized implementations and support. Their documentation is pretty in-depth. Their software was started as an MRP system (with lots of in-depth manufacturing functionality) at the core and they built other ERP functionality around it (as opposed to other ERPs where accounting or CRM or something is their primary focus and other things like inventory/manufacturing is not deeply functional.) They definitely seem like a good choice of a manufacturer or distributor.

TimeTrex is another one I've spent a bit of time reviewing, and although I can't recall to many details about it now, they were still on my list of potential solutions before the project got put on hold.

I'm going to be looking for a basic CRM system for our company soon, so SugarCRM will probably be my first stop.

Wow, that looks terrible. What were they thinking with the rectangular icons?

True, I can give him credit for that; he didn't try to open it.

Below is a real e-mail string that happened a few minutes ago. The other IT guy who usually handles these is on vacation so I get the endure them today.

I've had lots of issues users (especially this one) getting confused and trying to open attachments containing viruses/trojans (luckily none actually infected any machines so far), so I put a content filter in place that prepends the subject line with "### WARNING: Potential Virus Attached ###" if there is a .zip (and other archive formats) attached. After this I think I'm just going to completely block .zip but I know it will cause a lot of whining from the engineers and facilities departments who regularly get legitimate .zip files (I'm going to tell them they will have to use our web-based file transfer system for .zip)

From: HSBC notification [mailto:[email protected]]
Sent: August-08-14 9:01 AM
To: Recipients
Subject: ### WARNING: Potential Virus Attached ### Transaction Notification on A\c No 07918****9

Dear Sir/Madam,

The attached payment advice is issued at the request of our customer.

The advice is for your reference only.

Yours faithfully,
Global Payments and Cash Management
HSBC.

This is an auto-generated email, please DO NOT REPLY. Any replies to this email will be disregarded.

Security tips

1. Install virus detection software and personal firewall on your computer. This software needs to be updated regularly to ensure you have the latest protection.
2. To prevent viruses or other unwanted problems, do not open attachments from unknown or non-trustworthy sources.
3. If you discover any unusual activity, please contact the remitter of this payment as soon as possible.

This e-mail is confidential. It may also be legally privileged.
If you are not the addressee you may not copy, forward, disclose or use any part of it. If you have received this message in error, please delete it and all copies from your system and notify the sender immediately by return e-mail.

Internet communications cannot be guaranteed to be timely, secure, error or virus-free. The sender does not accept liability for any errors or omissions.

"SAVE PAPER - THINK BEFORE YOU PRINT!
Fax: 371-21-6111 4212

From: <user>
Sent: Friday, August 08, 2014 9:40 AM
To: <me>
Subject: FW: ### WARNING: Potential Virus Attached ### Transaction Notification on A\c No 07918****9

How can you quarantine and open this email

From: <me>
Sent: August-08-14 10:03 AM
To: <user>
Subject: RE: ### WARNING: Potential Virus Attached ### Transaction Notification on A\c No 07918****9

I'm not sure I understand the question; it looks like a virus, so I assume you don't want to open it?

From: <user>
Sent: Friday, August 08, 2014 10:16 AM
To: <me>
Subject: RE: ### WARNING: Potential Virus Attached ### Transaction Notification on A\c No 07918****9

I want to open it as we are to get an advanced payment from Russia and Ukraine

From: <me>
Sent: Friday, August 08, 2014 10:23 AM
To: <user>
Subject: RE: ### WARNING: Potential Virus Attached ### Transaction Notification on A\c No 07918****9

It does not appear to be legitimate; the e-mail address it was sent from says "[email protected]"

From: <user>
Sent: Friday, August 08, 2014 10:32 AM
To: <me>
Subject: RE: ### WARNING: Potential Virus Attached ### Transaction Notification on A\c No 07918****9

Okay - deleted

One of the ways we encourage people to submit tickets, besides reminding them about it when they phone/e-mail/walk-over-and-interrupt us, is we more or less drop everything to deal with issues submitted via tickets. We accept/assign the issue as soon as someone reads it (which is usually within 5 minutes during business hours, rarely more than 15 mins.) If we're working on a project, or something that wasn't submitted via ticket, we'll stop that to address the ticket. If it's a relatively simple issue we will deal with it right away. If it it's more involved, we'll reply and indicate what we'll be doing to address it and when.

On the other hard, if someone e-mails us we generally take our sweet time replying (e.g. after lunch, end of the day, next morning.) Phone calls are usually responded to with "we'll call you back", unless it's some sort of a legitamit "system down/I can't do my work because this thing is broken" call. We also make hints like "Ok, I just have to finish fixing this ticket from Joe then I'll come look at it"

@Dashrender said:

My users around here can't understand the difference between Word and Excel, let alone MS Office and LibreOffice.

Are your users like this guy?

Jump to 4:30, that's about where it starts getting good
Youtube Video

That is pretty sweet. Although I'm not sure how long I could do real work on it for .. maybe 3 minutes. But it would be cool to use it one in a while if you have to drop into a command line for one or two things.

I've been using my own domain for over 10 years, mainly to avoid the dilemma you are in (changing e-mail addresses when I'm not happy with an ISP)

I'm currently using Google Apps for my domain's e-mail (I got one of the free business accounts before they discontinued it) but actively working on migrating to something else. I still haven't decided what I will switch to, I just know I don't want to use Google anymore due to privacy concerns (which were always a concern in my back of my mind when I signed up for it, but I felt more lax about it back then ..)

If you have an old PC laying around (or find one on kijiji for < $50), put two network cards in it and install pfSense. If you're concerned about power consumption, find a Pentium 3; they draw very little power. If space is an issue and you don't mind spending a few $ (< $200), get an Alix board/case/power supply.

I gave up on consumer routers a while ago. I found mine would choke every time someone started doing a portscan or other weird hacking/scanning attempts on the cable network. I still use a D-Link wireless router for my Wifi access, but it's running openwrt and it's just a bridge between the WLAN and LAN (WAN port is not in use)

Note, I had the "choking" issue on my D-Link and Linksys routers even while they were running openwrt; I think the small CPU's in them just couldn't handle dropping all the packets and while continuing to serve legitimate traffic

VPN would probably be the cheapest and easiest to setup. Depending on your needs and goals, Terminal Services might be a good solution, especially if some offices are in areas with limited bandwidth. MPLS will be expensive but it comes with a QoS guarantee so it will give you more reliable/consistent speeds than a VPN (and you have someone you can call/blame if something is slow/broken; whereas with VPN you might have no control over the problem.)

This news is a couple weeks old, but I just heard about this today while catching up on some podcasts and didn't see anyone mention it on here:

Microsoft Azure has run out of North American IPv4 addresses, so they started issuing European addresses to servers hosted the US.

Article from InternetSociety.org

Original Microsoft blog post

One of these days I'm going to get around to setting up IPv6 on my home network just to get some experience with it. Every time I start studying the protocol I get pretty excited about it, although it will probably be years before we see it get any major adoption. I can't wait for the day ISPs start delivering IPv6.