@pmoncho said in Netgear Insight Managed Switches:

@marcinozga said in Netgear Insight Managed Switches:

Gen 2 Unifi switches have SFP+, Edgeswitch Lite have SFP+ too, and Edgeswitch 16 XG has 12 SFP+ ports.

I missed the Gen 2 Unifi as I was only looking at the Edgeswitch line - I will look into those

Edgeswitch only has SFP+ on 48 Port switches. 24 port switches only have SFP unless I missed something.

At this time I don't have a specific need for that many. Although, I could figure out how to use them :winking_face:

If you want 24 port, then I think only Unifi Gen 2 has SFP+ https://switch.ui.com/gen2/
They do have just SFP+ switches, with 12 SFP+, both Edgemax and Unifi.

@wrx7m said in POoE issues with Unifi switch:

@marcinozga said in POoE issues with Unifi switch:

@wrx7m said in POoE issues with Unifi switch:

I don't deal much with shielded. They look kinda messy. Isn't the shielding supposed to be in the connector with the rest of the cable?

That cable is really messy. Normally you would get just aluminium foil, but these have wire on top, like coax, then plastic foil and ESD drain wire. The worst cable I had to work with. The connectors are also shielded. Everything in this setup was shielded, and ground was at patch panel. I had to break the shield between couplers and panel to get PoE to work.

Seems like a pain, for sure.

Literally, I was pulling wires from my fingers for a while after working with that.

@travisdh1 said in POoE issues with Unifi switch:

@wrx7m said in POoE issues with Unifi switch:

I don't deal much with shielded. They look kinda messy. Isn't the shielding supposed to be in the connector with the rest of the cable?

Nope. You connect ONE side of the shielding to ground. Managing them is a pain. Also, if shielding is required, just us fiber imo.

Here shielding wasn't strictly required, and fiber would be impossible, you can't do power over fiber. Also neither of the devices have fiber connection, so fiber to ethernet adapters would be required, not really practical 20 ft above the ground hanging off the cameras or antenna.

@wrx7m said in POoE issues with Unifi switch:

I don't deal much with shielded. They look kinda messy. Isn't the shielding supposed to be in the connector with the rest of the cable?

That cable is really messy. Normally you would get just aluminium foil, but these have wire on top, like coax, then plastic foil and ESD drain wire. The worst cable I had to work with. The connectors are also shielded. Everything in this setup was shielded, and ground was at patch panel. I had to break the shield between couplers and panel to get PoE to work.

Gen 2 Unifi switches have SFP+, Edgeswitch Lite have SFP+ too, and Edgeswitch 16 XG has 12 SFP+ ports.

I have a small network in our 2nd location, with few UBNT PoE devices. Until last week all devices were powered on by old Toughswitch 5P, I guess they are called Edgeswitch 5xp now.

I have 4 devices, Nanostation M5, Unifi AP, I think first model, with green LED, and 2 older UVC cameras. All devices are connected with UBNT Toughcable and plugs, and that thing alone is a major pain to deal with. Anyway, all devices worked fine on 5xp switch.

Last week we added 24 port PoE switch, US‑24‑500W model. Of the 4 above devices only AP would power on, but connection wouldn't remain stable, it would turn on and off every few minutes. We also measured voltage on shield of the cable, it was leaking 50 VDC and 115 VAC. No voltage while it was connected to 5xp switch. Further troubleshooting and I ended up making non-shielded extension cable, with keystone jack on one and, and all devices would power on from Unifi switch.

Last few days we added small rack with shielded pass-through patch panel, and connected everything through it. We had to add ethernet couplers and extra cable because original cable runs were too short, both couplers and cable are shielded. Cables from patch panel to switch were unshielded. In that setup, again only AP would power on. I had to replace cables running from couplers to patch panel with unshielded ones, to get the devices to power on.

I have couple of PoE phones and they power on just fine. The difference is these are PoE+, and Ubnt devices are passive 24V.

Does anyone have any idea what could be the issue here? Ubnt support didn't get me far, they asked for logs from the switch, but I'm sure problem is electrical and won't show up in logs. One difference is that ports on 5xp switch are isolated, while on patch panel and Unifi switch it's metal touching metal. Btw, sparks were flying occasionally when plugging in Ubnt devices into new switch, I guess wires from 2 cables were touching.

Pics of setup (sorry, no cable porn, will tidy up when it's finished):

Switch, PoE+ ports to the left, Passive 24V to the right

Patch panel

Couplers with unshielded cables

@hobbit666 said in Miscellaneous Tech News:

Why in a phone, i don't know?

Xiaomi smartphone has 108 megapixel camera

I wonder what's the size of avg 108MP image, it's probably near 100MB. TB+ storage in phone would be in order too.

Actually, MayanEDMS might be what you're looking for. It does OCR and indexing. I have a running instance, but I haven't used it at all yet.

@hubtechagain said in Massive Searchable Document/File Repository:

Is Windows Server File Indexing an option? If so, what about OCR en masse?

Yes, windows file indexing will index all the document types you mentioned, except pdfs. You need Adobe pdf ifilter installed (free) to index text pdf files. If your pdf documents are scanned images, then you'd need Adobe Acrobat to OCR en masse, but after that pdfs will be index-able.

@coliver said in Weekend Plans:

@marcinozga said in Weekend Plans:

Taking son to Headless Horseman hay ride tomorrow, then Greek harvest festival.

Man, we haven't done that in years. It was so much fine going down there.

Kid had a blast, got scared in vertigo tunnel, then didn't want to get off the pony.

@Emad-R and @Dashrender lol rookies, I've been using FF since it was called Phoenix. And Mozilla Suite before that.

I have a lot of different models of Brother printers in the office, and all have a cover in front for envelopes and/or thicker paper. Just like this one:

Taking son to Headless Horseman hay ride tomorrow, then Greek harvest festival.

@JaredBusch said in Free alternative for OpenDNS, with minimal info on what's going on?:

@notverypunny said in Free alternative for OpenDNS, with minimal info on what's going on?:

@openit Pihole with the upstream DNS of your choice.

https://pi-hole.net/

Keep in mind that you'll have to either block all dns at the firewall (except the pi-hole) or force all queries to redirect to the pi-hole if you want absolute visibility and control. If you're OK with the possibility of queries bypassing your DNS then this part doesn't need to be dealt with.

The issue with Pi-Hole or any other DNS solution for most shops is that they are AD based. This means that DNS has to point to the AD server. The AD server can then point to Pi-Hole, and this works well. But it breaks his visibility requirement as everything appears to come from the AD server.

In AD networks it's setup in reverse order. Clients get Pi-Hole as DNS server, and Pi-Hole points to AD DNS servers.

@travisdh1 said in Can I use the first IP in a subnet, for instance 192.168.0.0?:

192.168.0.0 would always be a broadcast address(first address in the range).

Wrong. First is network address, last one is broadcast.

@JaredBusch said in Next steps with SaltStack:

So looking at scheduling chocolatey updates with salt..

This makes it clear that it is pretty straightforward to schedule a task.
https://docs.saltstack.com/en/latest/ref/states/all/salt.states.schedule.html

Has anyone used salt to run choco update all -y on a schedule like this?

Not salt, but I used https://chocolatey.org/packages/choco-upgrade-all-at which creates the same task, that runs choco upgrade all -y. If salt is using windows task scheduler, then it should just work.

Ok, so junction points don't support mapping to network path, symlinks do, and hardlinks can only be created for files, not folders. Try creating symlink and then create junction to the symlink and see if Crashplan can be fooled that way. So mklink /D C:\fake-Backup \\server01\Share\Subfolder and mklink /J c:\backup c:\fake-backup .

@scottalanmiller said in Routing port 80:

@Emad-R said in Routing port 80:

Also usually your not allowed to PF on residential stuff, even you set it up it wont work.

Port 80 is usually blocked. But forwarding is not blockable.

I haven't run into that yet, but I've heard some do block ports. And it's usually 25. If ISP blocks port 80, setup website on 443, or change ISP.

You're comparing apples to oranges. Hypervisors vs k8s makes no sense. And what makes you think that running containers in production is only viable with tools like k8s? That's like saying running vm in production only makes sense on openstack. Docker for example can easily be managed with Ansible, or if you want web tool, Portainer, including managing swarm clusters.

@Dashrender said in Evaluating Defender ATP:

@marcinozga said in Evaluating Defender ATP:

@Dashrender said in Evaluating Defender ATP:

@Obsolesce said in Evaluating Defender ATP:

@marcinozga said in Evaluating Defender ATP:

@Dashrender said in Evaluating Defender ATP:

@marcinozga said in Evaluating Defender ATP:

@Ambarishrh said in Evaluating Defender ATP:

@marcinozga said in Evaluating Defender ATP:

I was about to evaluate it to, I had a webex session with Microsoft sales, and while it looks nice, it doesn't really offer anything special over other solutions. And it's expensive, really expensive. Perthaps sales mislead me but we either had to subscribe to O365 E5 or M365, or get Windows 10 Enterprise licenses. It worked out to being 15-18 times more expensive than 3rd party antivirus solution.

Not sure how did they gave you that info! An average pricing structure as below

And security products straight from O365 admin portal subscriptions page:

These are prices IF you already have one of their subscriptions. If you don't need them or have something else, you're paying $15-$20 per month per endpoint. That's how much it costs per year if you go with other av vendor.

But as mentioned - $15-20 per year is only for typical AV, not an ATP product.

And the difference between the two is.....? ATP is really just a marketing phrase at this point. Here are some features from "traditional" av:

• malware protection, both behavioral and definition based
• ransomware protection
• phishing protection
• ids/ips
• device control
• exploit blocker
• botnet protection
• web filtering
• memory analysis
• central management, either cloud or local

And a full forensics audit trail?

I'm really curious which ones have this stuff for 15-18 times less the cost of Defender ATP?

I'm having a hard time finding what the real price here is?

I know that Intune is like $4/user/month. aka $48/user/year. this makes it 2-3 times more expensive than typical AV packages - of course, it gives you a lot more features at that price point.

The above posts have a dozen different security things listed.

As @marcinozga says, typical AV with many of the above mentioned features (but not all - and full forensics trails - forget about it) for like $15-20/user/year

ATP is not available if you have just Intune, you need O365 or M365 Enterprise subscriptions, or Windows 10 Enterprise.
O365 E3 is $20/mo plus ATP add-on, I think it's $2/mo. I don't know how much is Win 10 Ent, so I'm guessing O365 E3 is the cheapest route, at $22/mo, that's $264 a year. Depending on number of endpoints you can get AV for $15/year, perhaps even less.

That's an unfair assessment. If you already have O365 E3, then it's only $24/year/user

Also - is O365 E3 the requirement, or can you add ATP onto E1?

Is windows 10 Enterprise a requirement of ATP? Things I was reading last night never mentioned that.

It is fair. What if you don't have O365 because you don't need it or use something else? Other AV don't force you to buy any extra services, you can get AV on a plain vanilla Windows machine.

From the document I got from Microsoft, E3 is minimum. It's O365 E3 or Windows 10 Ent.