If you want to run Geekbench 4 on a linux server, this is how to install and run it.
Note that you need to have a working internet connection on the server.
You can run it as root or as any other user.

Let's start from the home directory and put the files there.
cd

Download the files from geekbench.com:
(change version number if needed for latest version)
wget http://cdn.geekbench.com/Geekbench-4.3.3-Linux.tar.gz

Extract the downloaded files:
tar -zxvf Geekbench-4.3.3-Linux.tar.gz

Go to the extracted folder:
cd Geekbench-4.3.3-Linux

Run the test in tryout mode, results are uploaded automatically:
./geekbench_x86_64

After a few minutes the test is completed and you'll see a link to a webpage which is unique for each test.

Upload succeeded. Visit the following link and view your results online:
https://browser.geekbench.com/v4/cpu/1234567

Just enter the link in any browser and you'll see the results of the test.

@dbeato said in NVMe and RAID?:

One of the first Dell Servers with Hotswap NVME was the R7415 so yeah
https://www.dell.com/en-us/work/shop/povw/poweredge-r7415

Not sure what others have seen.

The newer ones have a 5 in the model number, so R7515, R6515 etc.
That's the ones you want to buy. AMD Epyc 2 Rome CPUs.

Dual sockets models are R7525, R6525 etc.

And to make this complete: 6 is 1U and 7 is 2U. R7515, R6515 etc.

@jasgot said in Macbook Air for College:

Daughter wants a Mac laptop for college. Any suggestions?

Yes, take her to the store and buy the one she wants.

Buying an Apple product is not a technical issue that needs to be figured out. It's an emotional issue. Like a Gucci bag.

If you have a RAID controller with 8 ports, you can connect up to 8 SAS/SATA drives directly to the RAID controller. That's fine but if you for instance have a server with say 36 drive bays you would need a 36 port RAID controller. Those are hard or maybe even impossible to find.

Well, here is where the SAS expander comes into play. It will work somewhat like a network switch but for SAS/SATA ports.

The SAS expander IC can be integrated directly on the backplane of the drive bays or it can be a standalone card or PCIe card. These are often used when you have more than 8 drive bays and even more so when you have 16 or more drive bays.

It allows you to expand the number of drives the RAID controller is able to connect to. It's transparent to the user because the RAID cards have integrated support for SAS expanders. This is also true of HBAs (Host Bus Adapters).

The only drawback is that the maximum transfer rate is, as always, limited by the PCIe link to the RAID controller card but also by the SAS connections from the RAID controller to the SAS expander. In real life though these bottlenecks are seldom bottlenecks as it's uncommon to read from all drives at the same time and drives are also often slower, especially when using HDDs.

SAS expanders are also used heavily in external JBOD chassis which are expander chassis for drive bays that you connect to a server so you can attach more drives than fits in the standard enclosure, aka Direct Attached Storage DAS. In that case the SAS expander sits inside the JBOD chassis.

@hobbit666 said in How to Secure a Website at Home:

Why not GitHub or GitLab for free?

That was part of the etc 😁😁😁😁
Also I thought GitHub was more for storing scripts and opensource stuff.

It's not generic hosting of websites as you don't have control like you would on a normal webserver.

It's simplified hosting and the github/gitlab pages was initially intended to complement the projects on there. So it would be easy to make a html website from the git repositories, for instance for documentation.

Since you can store any files on gitlab/github you could of course also use the pages for any type of static website.

Here is how to get started in the simplest way possible:
https://guides.github.com/features/pages/

Good to know about WoeUSB.

If you have windows available, rufus is an easy tool to make bootable USB drives.
Doesn't need to be installed and it's fast.
https://rufus.akeo.ie/

But in all honesty it's very easy to make a bootable windows installer USB drive manually. Just make a primary bootable FAT32 partition on the USB drive and copy the files from the ISO onto it. Done.

You can copy more files onto the drive, for instance drivers or other software. If you do that, it makes sense to make a dd image of the entire thing when you're done. That way you can easily write a new USB drive with your custom files on it.

First, ransomware is big business run by organized crime. I think about 19 billion dollar per year industry.

Everything can be compromised in different ways. There is just no way to protect your data 100% and to think otherwise is just naive.

We have chosen to go with tape as our last line of defense. Once you take it offline there is no way it can be remotely compromised. We believe that is enough to be able to recover from most attacks and the cost is reasonable.

Integrity of files

If you want to check the integrity of a bunch of files you can do it with md5deep, which can be thought of as a recursive version of md5sum. It was initially designed for forensic work.

If a file has the same hash as another file they are identical. If you save the md5 hash of a file and later recheck it, you can be sure the file hasn't been changed, corrupted or tampered with.

Installation on Debian

You'll find it in the package md5deep.

apt install md5deep

Inside the package you'll also find sha256deep and some other good stuff. Use sha256deep instead if you want to use sha256 hash. It's better and actually more secure than md5 but might be slower. You use it in the exact the same way though.

Besides linux it's also available on other OSs such as Windows, MacOS. You can build it from source too. https://github.com/jessek/hashdeep

Create MD5 signatures

md5deep -rl /check_this_dir/* > files.md5

This will create a text file (files.md5) with the md5 hash of all files (*) in the "/check_this_dir" directory.

Check MD5 signatures

md5deep -rlX files.md5 /check_this_dir/*

It will return the files that don't match. So if any file has been changed, it will show up.

Common Options

-r is to go into subdirectories as well
-l is to use local paths instead of absolute paths
-X is to do check the signatures

-e is if you want to see the progress while it's working.

Find more info on basic usage with examples here:
http://md5deep.sourceforge.net/start-md5deep.html#basic

Example

Let's check that our files in /boot and it's sub-directories stays intact.

First let's create an md5 file that we will compare with.

md5deep -r /boot/ > boot.md5

Let's verify the files have not been tampered with.

md5deep -rX boot.md5 /boot/ 

If a file or several files has been changed it will return the file and the new hash (exit code 1).
If all is good it will not return anything (exit code 0).

Maybe stop using USB drives for things they aren't designed for?

It looks like we've been down this road before.
https://mangolassi.it/topic/20070/so-xen-server-gave-me-an-error-what-do-i-do

A small SSD would do better. Something with write endurance and something that is designed to attached 24/7 in a hot environment.

If you don't have drive bays or don't want to waste them, use satadom.

Maybe I'm alone but on the top of my list:

1. Only use Microsoft as a last resort when all other options have been explored.
2. If you get paid by the hour disregard #1.

@jaredbusch said in ATA sp112 behind Sonicwall to Skyetel:

@pete-s said in ATA sp112 behind Sonicwall to Skyetel:

One difference between different providers can be if they're using tcp or udp. I believe tcp is the newer standard so old devices might not support it.

WTF

Just because you don’t know what you’re talking about does not mean you should talk out of your ass. TCP was part of the original RFC

I don't know how to talk with my buttocks. I'm not into deviant behavior but to each his own.

One difference between different providers can be if they're using tcp or udp. I believe tcp is the newer standard so old devices might not support it.

A quick search seems to indicate that Skyetel is udp by default but can be switched to tcp.

TCP should be better for the firewall because it tracks tcp sessions but not udp. So it knows where to send a reply inside a tcp session.

I would give it a try. Switch Skyetel to tcp.

@jaredbusch said in Is VOIP.MS down?:

Already started the port out process.

What does that mean Jared? That you're moving (porting) the numbers to another provider?

Now fs.com is carrying Mellanox NICs.
https://www.fs.com/products/119650.html

Look at the prices. 2x25GbE costs $259 while 2x10GbE costs $239. So for all intents and purposes the same price.

I don't know how it is with switches though. From what I've seen everything 10 GbE and up is expensive when it comes to familiar brands.

Critical bug being exploited in Zoho ManageEngine.

https://us-cert.cisa.gov/ncas/alerts/aa21-259a

@stacksofplates said in Miscellaneous Tech News:

@mlnews said in Miscellaneous Tech News:

Cryptocurrency launchpad hit by $3 million supply chain attack

SushiSwap's MISO launchpad hacked via a malicious GitHub commit.
SushiSwap's chief technology officer says the company's MISO platform has been hit by a software supply chain attack. SushiSwap is a community-driven decentralized finance (DeFi) platform that lets users swap, earn, lend, borrow, and leverage cryptocurrency assets all from one place. Launched earlier this year, Sushi's newest offering, Minimal Initial SushiSwap Offering (MISO), is a token launchpad that lets projects launch their own tokens on the Sushi network. Unlike cryptocurrency coins that need a native blockchain and substantive groundwork, DeFi tokens are an easier alternative to implement, as they can function on an existing blockchain. For example, anybody can create their own "digital tokens" on top of the Ethereum blockchain without having to recreate a new cryptocurrency altogether.

Thats not really a supply chain attack. It sounds like someone who had access to contribute to their private repo committed malicious code that wasn't reviewed.

Guessing they used that term since it's hot news right now.

I wonder if that isn't a supply chain attack anyway. Private repo or not, shouldn't make a difference in that determination. "Private" is just private in the sense that you have to be invited to contribute.

What makes it a supply chain attack is that the hacker didn't attack any production servers. He attacked the software supply chain by injecting malicious code in their repository. Which eventually got deployed and ended up running.

If he had gained access to production servers somehow and made the exact same changes on the software running, it would not have been a supply chain attack.

Don't know how the sushi-thing works but they say it's community driven and decentralized which sound like the malicious code might have ended up deployed in many places.

@obsolesce said in Use powershell to create a scheduled task to reboot computers on schedule:

@pete-s said in Use powershell to create a scheduled task to reboot computers on schedule:

@jaredbusch

For logistics, I would also place scheduled tasks that I created in their own task folder. Just like Microsoft and others have.

That way I know the tasks in there is not generated by something else.

One could also fix the description to say the source of the task. I get the appeal of placing them in their own folder nested somewhere in that mess, but it's so much easier to deal with them in the top level directory.

I guess you could fix the name. But it's mostly misbehaving apps that put tasks in the top level directory. I mean Microsoft added the folder structure for task organization. It wasn't there in the old days.

But yeah, it works regardless.

@jaredbusch said in Use powershell to create a scheduled task to reboot computers on schedule:

@pete-s said in Use powershell to create a scheduled task to reboot computers on schedule:

@jaredbusch

For logistics, I would also place scheduled tasks that I created in their own task folder. Just like Microsoft and others have.

That way I know the tasks in there is not generated by something else.

But they did not do that for everything.
These tasks are all in the root \ path.

Yes, it's strange. Not consistent. But there are MANY more tasks under the Microsoft folder and it's sub folders.

@jaredbusch

For logistics, I would also place scheduled tasks that I created in their own task folder. Just like Microsoft and others have.

That way I know the tasks in there is not generated by something else.

@jaredbusch said in Use powershell to create a scheduled task to reboot computers on schedule:

@pete-s said in Use powershell to create a scheduled task to reboot computers on schedule:

@jaredbusch said in Use powershell to create a scheduled task to reboot computers on schedule:

This thread reminded me I needed to update my process for forcibly rebooting user computers.

As I use GPO less and less as systems are switching to non-AD, I wanted to handle this with a scheduled task like I was pushing out with GPO.

This should be pretty self explanatory.
Create variables with the pieces of the command.
Then use the register command to create the task.

# Create task action
$taskAction = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument 'Restart-Computer -Force'
# Create a trigger (Mondays at 4 AM)
$taskTrigger = New-ScheduledTaskTrigger -Weekly -DaysOfWeek Monday -At 4am
# The user to run the task
$taskUser = New-ScheduledTaskPrincipal -UserId "LOCALSERVICE" -LogonType ServiceAccount
# The name of the scheduled task.
$taskName = "Weekly Reboot"
# Describe the scheduled task.
$description = "Forcibly reboot the computer at 4am on Mondays"
# Register the scheduled task
Register-ScheduledTask -TaskName $taskName -Action $taskAction -Trigger $taskTrigger -Principal $taskUser -Description $description

Good idea!

Maybe you should add a test to check if the task is already created?

That way you could use the same script to modify the time or whatever you wanted to do. Without having several tasks created I mean.

I added a remove

Remove if it's already created? That works.

EDIT: Yeah, I see it now. Unregister-ScheduledTask.