@pete-s said in Container core technology?:

@scottalanmiller said in Container core technology?:

@pete-s said in Container core technology?:

@scottalanmiller said in Container core technology?:

@pete-s said in Container core technology?:

So whatever container solution you run, the core technology is the same.

It varies a lot. Docker is a super lean container tech, meant to run a process and its tightly coupled processes. But LXC includes the entire operating system sans kernel. So if you are using LXC containers, you can run Ubuntu on Fedora, Fedora on CentOS, CentOS on Ubuntu, Alpine on Ubuntu, CentOS on CentOS... the sky is the limit as long as they are okay sharing the same kernel compilation settings and version.

OK, but it's still just isolated processes in the kernel, right? So from the kernel's perspective it's all the same.

Correct, the kernel really can't tell.

If we look at security, doesn't that mean that it's the same as well?

I mean it's the kernel that is responsible for the isolation of the groups of processes.

If your concern is the stability of the system, yes it is the same. If your concern is the isolation between processes, containers basically crank the kernel security all the way up. Technically anything a container can do you can do with just the OS. Containerizing is basically the ultimate in kernel level isolation settings. So technically, security is the same. In practice, it's a lot of security no one ever tries to enable otherwise.

@pete-s said in Microsoft VDA?:

I was thinking about licensing for the Windows 10 VM itself. Not the remote access to it. Is that included in the VDA license?
Or put another way - do I use the Windows VDA license to install / activate the Windows 10 VM?

I believe that you have to buy a normal copy of Windows 10 / 11 in that case (Retail or VL). Which is just a one time cost.

Otherwise, if it were free, you would just pop Hyper-V onto any PC and avoid buying the OS license (when used remotely.)

@jasgot said in Understanding STUN???:

I am trying to understand what STUN does.

STUN is used to coordinate exposed services that lack open, forwarded ports, behind NAT and/or public IP addresses assigned to them. The most common examples are for things like SIP phones to be able to coordinate their UDP ports with the server as they cannot connect directly.

STUN is only for communications protocols in theory (but anything COULD use it.) It's used with SIP phones, WebRTC, etc.

@jasgot said in Understanding STUN???:

I have some UniFi APs out in the wild behind a NAT device, and I have a Network Controller in an office behind a NAT device.

You have a Unifi controller that does not have ports forwarded to it? I don't think that that is even possible. STUN won't help there. STUN doesn't bypass the firewall, it just moves port info around where it is needed. Unifi Controllers have to be published.

@jasgot said in Understanding STUN???:

@scottalanmiller said in Understanding STUN???:

You have a Unifi controller that does not have ports forwarded to it?

It does, just not the STUN port.

I don't think Unifi offers STUN services anyway.

@jasgot said in Understanding STUN???:

Also, is STUN so APs behind NAT can talk to other APs behind the SAME NAT?

No, they don't communicate with each other at all. If they did, it would be LAN communications.

@hobbit666 said in Air Gap Backups:

We're looking to backup 4-5 VM's on a vmware host. 1TB max.

Tape is the easiest and most obvious mechanism to air gapping.

@stuartjordan Maybe two users? But it's 100% about the connection speed. Even one user is too many in most any situation.

ERL 4 is the smallest I'd buy today because of the price point.

@travisdh1 said in Edgerouter X - Small Office:

@dashrender said in Edgerouter X - Small Office:

@scottalanmiller said in Edgerouter X - Small Office:

@dashrender said in Edgerouter X - Small Office:

@scottalanmiller said in Edgerouter X - Small Office:

@stuartjordan Maybe two users? But it's 100% about the connection speed. Even one user is too many in most any situation.

ERL 4 is the smallest I'd buy today because of the price point.

You've seen an issue with one user? other than that user using the whole ISP connection (which can always happen) - what issue?

The issue is throughput. Users are not a factor, at all, in any way. If a single user is on a faster connection than the device can handle, that single user gets throttled. If you have 10,000 users at a dial up connection, the ER-X won't be any kind of a problem.

Yeah, that's basically what I wanted to drive home.

If your 100 Mb/s or less, an ER-X will be fine... if you're over 100 Mb/s, I think Jared's test might have shown throttling at something like 150 Mb/s, perhaps closer to 200 Mb/s...

Therefore if you have a connection over 100, you should consider a different device.

ER-X up to ~80Mb/s if I remember correctly. The ER-PoE I have at home will do ~140Mb/s. ER-4 is what I recommend today to most businesses around here, but I haven't done or seen any testing to get an idea of what I/we could expect from them with QoS turned on.

Yeah, up to, with no features. And I believe that's COMBINED throughput, not one way.

@hobbit666 said in Air Gap Backups:

Now I understand that bit it makes more sense, as to me air gap would be things like tape

Tape is only gapped if it is manually removed from the tape device and a robot can't put it back in. Many small businesses use tape in a fully coupled way. So you have to be careful in both cases.

The problem linguistically is that when we talk cloud, we assume that the storage is mutable, but it might not be.

And when we talk tape, we assume that the tape is immediately removed and stored somewhere that cannot be accessed in an automated way, but it often isn't.

So there is a lot of assumption that goes into talking about it.

@rjt said in KVM or VMWare:

@francesco-provino Amazon Web Services may have a slight disagreement with you on whether KVM or XEN is suitable for business.

As do every major environment. When you get big, or small, VMware makes little sense. It borders on the absurd. But in the middle tier, huge companies (not SMB) that aren't yet the massive scales of AWS, Google, or the big Wall St. banks, VMware tends to play nice because they have skills and value to automation, but can't write their own solutions. That's VMware's core market. Get smaller than where automation makes sense, which is 95% of businesses, and VMware is in the way of efficient operations instead of aiding it.

The biggest problem is seeing IT as a checkbox, a one size fits all where we just choose a vendor to sell (whether we are paid directly or not) and don't ask about the customer size, needs, use case, workload, etc. and see everything as "this one approach will always work" when, as IT, the one clear "always our job" is to evaluate that need and choose the solution accordingly.

@dashrender said in Why Do People Still Text:

I'm curious - do those plans there include a specific amount of data for a flat rate? Or is data unlimited like on so many plans in the US now?

In places like Nicaragua, things like WhatsApp and Telegram don't use your data rate. So it's unlimited as long as you have a phone. Unlimited calls, messages, videos, pictures, file transfers, etc. All in one place. All with huge bandwidth. All at the minimum price.

Using anything other than those protocols means using multiple tools, losing security, using data rates or SMS rates, losing interoperability... all at great effort.

Just like in the US, sending pictures, files, videos, making video calls... none of that works or works reliably over SMS. We have customers in the US try to use texting regularly and it creates so much work because they are always trying files too large, files that get compressed and are unusable, file types are not supported, can't do real time video, etc.

Texting isn't "working" for most people. It's a combination of people willing to do a lot of work to pretend it's working for them (the hipster complex) and confusion as people think they are texting often when they are not.

@jaredbusch said in Why Do People Still Text:

@scottalanmiller said in Why Do People Still Text:

People use it despite it not meeting their needs or not meeting them well.

Not meeting your needs, is not failing to meet their needs.

Stop imposing your own perception on "everyone"

Just because I pay more attention to their needs just makes me an IT pro, rather than a blind consumer. This is literally a huge portion of our careers... to look at the technology that others user and help them understand their needs and how to fill them.

MY needs aren't the issue. It's other people failing at their own needs.

Why are we in IT if we ignore this core component of it?

@siringo said in Air Gap Backups:

then just add powering the device back up as one of the daily tasks to be undertaken by the sysadmins or whoever.

If you power it back up, it's not air gapped.

@jasgot said in Skyetel has HTTPS ATAs now.:

That statement instantly led me to believe it would be noticeably less than the Cisco ATA 191.

It shouldn't. They are very different things and it's about fixing the problems that the Cisco (and anything like that) has.

The Cisco is just an ATA. Nothing wrong with that, we use them. But it's a super basic device.

The Skyetel device is not a SIP device, nor is it a blind analogue to digital converter. It's a different product. It uses a more reliable protocol, a more secure protocol, and it provides a web interface for all digital faxing that the Cisco (or any traditional ATA) does not.

@dashrender said in Air Gap Backups:

@travisdh1 said in Air Gap Backups:

@dashrender said in Air Gap Backups:

@scottalanmiller said in Air Gap Backups:

@siringo said in Air Gap Backups:

you used to be able to get those 'cassette' drives which were just disks in a casing that were used in a similar way to tapes. maybe there's something similar to that with a capacity of 1TB+ ?

Sure but... why? Tape is cheaper, faster, and more reliable.

The only part I might disagree with is cheaper. tapes are super expensive, though in the long run I suppose they could be cheaper.

LTO drives start at $2K and most single drive bays are more like $5K+... but I know those "drives as tapes" solution from the 2010's weren't cheap either...

Yes, the drives are a large one-time up-front expense. The media is generally cheaper than HDD of the same size, which is just one reason why tape is often the preferred medium for air gapped and/or offsite backups.

Boy they must have come down...I recall when LTO 2 (yea a long time ago) where stupid expensive!

No, they weren't. You just felt that way because you didn't have to price out a comparable alternative. Everyone imagines that they are expensive, but when you compare against other options, they are cheap.

@travisdh1 said in Air Gap Backups:

@dashrender said in Air Gap Backups:

@scottalanmiller said in Air Gap Backups:

@siringo said in Air Gap Backups:

you used to be able to get those 'cassette' drives which were just disks in a casing that were used in a similar way to tapes. maybe there's something similar to that with a capacity of 1TB+ ?

Sure but... why? Tape is cheaper, faster, and more reliable.

The only part I might disagree with is cheaper. tapes are super expensive, though in the long run I suppose they could be cheaper.

LTO drives start at $2K and most single drive bays are more like $5K+... but I know those "drives as tapes" solution from the 2010's weren't cheap either...

Yes, the drives are a large one-time up-front expense. The media is generally cheaper than HDD of the same size, which is just one reason why tape is often the preferred medium for air gapped and/or offsite backups.

Cheaper to buy, cheaper to transport, cheaper to store, last longer.

Tape dropped below $.01 / GB seven years ago and is cheaper now as new tech has come out.

Hard drives are still more like $.02 today. So hard drives are more than a decade behind in pricing as a starting point.

(That's about $8/TB vs $20/TB)

And that's enterprise, archival tape that is screaming fast vs. cheap, crappy, consumer SATA drives that are dog slow. So we aren't talking apples to oranges. We are talking tape Ferrari vs. a disk Yugo.

@hobbit666 said in Air Gap Backups:

Since we are a SMB we used to use Tape (well RDX), but with people leaving the company, relaying on people to remember to take them home, put the right ones in

There are services for that. But if you use REAL take instead of disk, the eject function makes that so much easier because if they don't take it home, you get alerts that the tape wasn't changed.