@scottalanmiller said in Is xByte still recommended for server purchases around here?:
@phlipelder said in Is xByte still recommended for server purchases around here?:
Note that Veaam has a NAS Backup product. It works. Use it.
I thought that they exclusively used SAN because they had problems with the NAS protocols?
One can back up a NAS to S3 via Veeam. Sorry for not being clear.
@scottalanmiller said in Is xByte still recommended for server purchases around here?:
@phlipelder said in Is xByte still recommended for server purchases around here?:
If something goes wrong on the NAS side there's not a lot that can be done. They are too cookie cutter.
Actually that's a reason that I like Synology. You can do almost anything to repair it because it's well known hardware with extremely well known enterprise software RAID that is portable to other devices both NAS and custom built.
It was a fellow Microsoft MVP that put the NAS vendors under the gun to get their collective shit together because the NAS units kept corrupting ShadowProtect incremental file chains.
http://sbsfaq.com/what-have-qnap-done-about-the-data-corruption-issue/
There's zero, zippo, zilch, accountability to the end user with an econo box. None.
When the shit hits the fan, I want real support with real people. That's gonna cost more than some box with a baby motherboard, some memory, some sort of flash storage for the *NIX OS, and whoever's drives in the drive bay.
I can't count the number of times we've had SMB clients using a NAS as a file share hit issues with that NAS, its repository, or just outright resetting itself requiring GetDataBack *NIX RAID Reconstructor to hopefully pull it all in.
As far as the Veeam slamming goes, no comment. We've been working with the product for five years or more now. Before that it was StorageCraft's ShadowProtect. Both were, and are, flawless and there when we need to recover sometimes when things are extremely stressful after an all-out blowout.
Note that Veaam has a NAS Backup product. It works. Use it.
That being said, Immutable is here to stay. Veeam was one of the first on the block to utilize it built-in to the product. We're tied into BackBlaze B2 for all of our cloud tiers that are not running on our own backup (Cloud Connect) systems.
https://www.veeam.com/blog/v11-immutable-backup-storage.html
Didier's Part 1 for building one:
https://www.starwindsoftware.com/blog/veeam-hardened-linux-repository-part-1
@beta Not into NAS for backups. If something goes wrong on the NAS side there's not a lot that can be done. They are too cookie cutter.
https://forums.veeam.com/veeam-backup-replication-f2/synology-nas-as-repo-t77177.html
Just don't do NAS.
Build a purpose built box with XFS and keep it isolated from everywhere except a PAW that's nowhere near a perp entry point.
https://www.veeam.com/blog/v11-immutable-backup-storage.html
Then the box can be set up to be immutable.
@scottalanmiller said in What do you think about .app domain names?:
@pete-s said in What do you think about .app domain names?:
@scottalanmiller said in What do you think about .app domain names?:
If it is under the hood, why bother. If it isn't under the hood, I think customers get confused.
So you mean if it's customer facing it's better to stick to .com and there will be no confusion?
Right, asking customers to type in .app typically comes with problems.
So that's myprog.app.com then?
We've been doing a fair amount of DOMAIN.Social lately (Mastodon on Ubuntu 20.04) with folks not having much of an issue with either typing the site's URL in or clicking the link for it.
@rojoloco said in Random Thread - Anything Goes:
@phlipelder said in Random Thread - Anything Goes:
@dafyre said in Random Thread - Anything Goes:
@phlipelder said in Random Thread - Anything Goes:
@dafyre said in Random Thread - Anything Goes:
@nadnerb said in Random Thread - Anything Goes:
Let me heal thy flesh wound?
I am more concerned with what looks to be a Bigfoot on his chest ...
EDIT: Oh wait! It's a CHICKEN!!!
Chicken!
Nah, CHICKEN!
Me with chicken:
...and yes, that Halloween party was nuts!
Hypnotized Chicken. 
@dafyre said in Random Thread - Anything Goes:
@phlipelder said in Random Thread - Anything Goes:
@dafyre said in Random Thread - Anything Goes:
@nadnerb said in Random Thread - Anything Goes:
Let me heal thy flesh wound?
I am more concerned with what looks to be a Bigfoot on his chest ...
EDIT: Oh wait! It's a CHICKEN!!!
Chicken!
Nah, CHICKEN!
@dafyre said in Random Thread - Anything Goes:
@nadnerb said in Random Thread - Anything Goes:
Let me heal thy flesh wound?
I am more concerned with what looks to be a Bigfoot on his chest ...
EDIT: Oh wait! It's a CHICKEN!!!
@beta said in Small switch for small branch office recs?:
I need a small managed switch (absolute minimum 8 ports, but preferably a little more for just in case) with POE that can do VLANs and is reliable.
This if for a small branch office with 3 people max and they have no IT closet so it will be sitting on a shelf in the manager's office, so preferably something not too noisy either.
I know Ubiquity seemed to be pretty heavily recommended around here, but I can never remember what line of products I should be looking at for their switches.
Thanks!
Ubiquiti comes in with cost but we've experienced some issues if there's a number of VLANs and a complex routing.
Cisco Small Business Pro series switches have been very reliable for us across the board. They have great support as well if there is a need.
NETGEAR makes an excellent set of managed PoE switches with excellent support if needed as well.
@nadnerb said in Random Thread - Anything Goes:
The lack of a light on the bottom drive # 8 is interesting.
That looks like a serious hardware failure. BTDT
I sure hope the backups were tested to bare metal/hypervisor so known good.
@krzykat said in What Are You Watching Now:
@phlipelder Yeah, the first real adult enabled movie like that I remember was Shrek - thinks a kid would NEVER catch. Driving down Rodeo drive and such.
Cars was another one that had a good number of image and mention references too.
@krzykat said in What Are You Watching Now:
@hobbit666 It was very good. Watched it over Christmas break with my 6 year old son. I love how they make these cartoon movies with 2 angles. One for the kids, and another one for the adults. Not sure what you saw, but I thought I was watching Steve Jobs, Apple, and a critique of social media.
The LEGO Movie was like that. I ended up taking each of our three kids individually so saw it three times. 8*D
The first round was like I was tripping all over again. Wow.
The second and third rounds I paid more attention to the subtleties of the references.
It's neat when I'm sitting there laughing and the kids think I'm on glue or something. There are times where I can explain why I'm laughing and there are times that I won't.
Now that they are all teenagers with one approaching the Age of Majority I can be a lot more liberal with my humour. 
@jaredbusch said in Random Thread - Anything Goes:
@phlipelder Also a good one from him.
https://twitter.com/GossiTheDog/status/1470813806116888576
I like the one, I think it was XKCD that had the entire monolith teetering on a single point? Yeah, that. 
@jaredbusch said in Random Thread - Anything Goes:
@phlipelder said in Random Thread - Anything Goes:
I searched through his feed and could not find it.
Thank you sir!
Just goes to show you, my search foo is dismal at best.
Merry Christmas all! Have a fantastic New Year's Eve celebration and all the best in the New Year. 
@nadnerb said in Random Thread - Anything Goes:
Any chance someone has a link to to the original?
I searched through his feed and could not find it.
Thanks.
@dashrender said in Random Thread - Anything Goes:
@nadnerb said in Random Thread - Anything Goes:
So sad but true!
Why do so many companies have to hear it from an outsider before they believe it?
Prophet is never known as such in their own home land.
@dashrender said in GPO's for System Hardening:
@phlipelder said in GPO's for System Hardening:
EDIT: PAW is not a part of the production domain. It's either workgroup or in a separate AD Forest (Host/Tenant type of AD structure).
What do you mean?
We treat all production environments as hostile now.
So, when we deploy a new cluster it goes into its own AD Forest with its own DCs running at the local level on a couple of cluster nodes (Hyper-V).
A dedicated PAW or Jump Server could be set up in that AD Forest.
Otherwise, it should be in a workgroup and have 2FA/MFA set up.
@obsolesce said in GPO's for System Hardening:
A hardened system doesn't use ADDS and Windows.
The subject says "GPO's ... "?
GPO = Group Policy Object
GPOs are linked to OUs.
OU = Organization Unit
Jeremy Moskowitz is one of the preeminent Group Policy folks in the world. One of the best to learn from. His books a really, really good.
ADDS and Group Policy are still very much relevant today.
EDIT: PAW is not a part of the production domain. It's either workgroup or in a separate AD Forest (Host/Tenant type of AD structure).
@eleceng said in GPO's for System Hardening:
What are some standard GPO's to put in place for god management and system hardening?
Don't have any printers on this network BTW
First place to start is with a Privileged Access Workstation structure as far as management.
Use a PAW whether server or desktop.
Hammer Windows Firewall down on server operating systems for services being served making sure that RDP and any other management protocols are allowed between servers and the PAW/Jump Server.
Use an OU and disposable VMs for testing. I highly suggest not mucking about with GPOs that apply to production OUs that have AD User and Computer Objects.
