@Pete-S said in Turn server into backup storage for remote servers?:
Perhaps taking everything that needs to be backed up, compress it and send it.
Yes, that's also what we do. We do a 7zip typically before sending. All the renaming, dates, compression done when the source computer can do it. Then the smallest possible send over to the storage system. Then the storage server handles the cloud uploads for the offsite backup.
@Pete-S said in Turn server into backup storage for remote servers?:
I have a server with lots of storage that sits in a datacenter doing nothing.
What is the easiest/best way to turn this server into a backup storage that I can use to backup remote linux servers?
I generally just install Ubuntu latest and keep it pretty vanilla.
@JasGot said in Hard disk encryption without OS access?:
We have a customer who is being told they have to ensure all their data is encrypted when at rest. They are being told by their franchisor.
The software product they use for running their business is the only app on the server and the software vendor will not allow access to the server OS.
I know the hard ball way to deal with this, but I am looking to know and consider all of our options.
Moving away from the current software vendor is a nearly insurmountable task.
The software is running on Red Hat. Not sure which version.
Move the install to production (e.g. virtualization) and encrypt the VM storage at a higher level. Easy, clean, done.
@Obsolesce said in Hard disk encryption without OS access?:
@scottalanmiller said in Hard disk encryption without OS access?:
If they steal the drives containing the operating system too, no more encryption.
Not with full disk encryption, unless you steal the entire server. Full disk encryption is tied to the TPM for example, so you'd need the entire thing to decrypt a hard drive or virtual disk.
Yes, there's a middle ground where someone has stolen LOTS of drives, but not the server containing them. It would protect against that case which I've never heard happen. It's a contrived case. Anyone going to that level of effort will actually find it easier to grab the server and run rather than to take the time to remove ALL the drives, but not the case that they are already in.
@Obsolesce said in Hard disk encryption without OS access?:
Full disk encryption is tied to the TPM for example
Actually it often is not. It CAN be, and that's a nice feature in some cases. BUT, how do you move those drives to another server when you do that (maybe it's easy, but what does the TPM do then?) Assuming drive mobility is a factor, and typically it is, you can't use that kind of full disk encryption, but you are stuck with the normal kind which doesn't use any special hardware. Then you get the assumed portability of the hardware, but just stealing the drives is enough.
@Obsolesce said in Hard disk encryption without OS access?:
@scottalanmiller encrypted at rest is just full disk encryption, like all modern Android and Apple phones do, Filevault for Mac, BitLocker with Windows, FDE like when setting up Ubuntu.
With Android or iPhone, they require human intervention to unlock. So that's exactly what I just described. That's why you can reboot a phone to keep the police from just getting into it, because it can't be decrypted without the human.
@JasGot said in Hard disk encryption without OS access?:
@scottalanmiller said in Hard disk encryption without OS access?:
@JasGot said in Hard disk encryption without OS access?:
@JaredBusch said in Hard disk encryption without OS access?:
without a user present.
This is ok.
If a user isn't present, it can't qualify as encrypted. Or something equivalent to a user. This is the same as intentionally not complying. If that's okay, why not just ignore the request altogether?
I meant: it's ok if a user has to go and start up the server after an outage.
Oh, then it's an easy thing. Lots of options. But I'd still do the VM route first. Solves so many things.
@Pete-S said in Data Erasure Software?:
Enterprise companies should off load this kind of work to other companies that can do it much better and much cheaper than they can.
Agreed, this isn't an in house function. It's an outsource function. There's no potential "value add" having this done uniquely in house.
@gjacobse said in Todays' replacement for Teamviewer:
@Dashrender said in Todays' replacement for Teamviewer:
are you needing a free solution?
I wouldn't expect Teamviewer to give you unattended access for free. Heck they start nagging and possible disabling the use if they see you abusing the 'free' option.
This is for a 70+ year old club member for his own personal use between his laptop while in Florida and his home computer... so needs to be super simple and reliable and repeatable and - yea... free. And stupid simple.
Chrome has that tool, but it's annoying to use.
@Pete-S said in "Snapshots" on win10 laptops?:
I want to be able to take a snapshot and then install things and then being able to roll back everything to the exact same place.
Windows Backup and Restore does this via the Volume Shadow Service (VSS). They call it a backup, but if the target is local, it's just a snapshot.
@Pete-S said in "Snapshots" on win10 laptops?:
@Dashrender said in "Snapshots" on win10 laptops?:
Unlike VM backups - Windows generally doesn't have the ability to stop using the "disk file" and create a new one for changes, then allowing you to discard the extra disk, thereby reverting to the original. That's the process that makes snaps so good.
I think it actually does have that ability. That is what volume shadow copy (VSS) does.
I think both system restore points and backups uses it behind the scenes.
That's exactly how it works 
VSS is just a "normal" snapshot service.
@Dashrender said in "Snapshots" on win10 laptops?:
If you had a second physical disk, or even a second partition large enough to hold the contents of the backed up one - that should work for you.
That's better if his goal is actual backups with that additional layer of protection. Presumably he has that through some other means, he's only in need of the local, rapid rollback.
A local snapshot uses a fraction of the space, potentially, and can move the data way faster.
@Pete-S said in "Snapshots" on win10 laptops?:
Microsoft just makes life complicated. If it were linux any utilities needed would be immediately at my fingertips and without being bundled with spyware user metrics collection. Oh well.
No kidding. LVM tools, dd, ZFS tools... so many standard ways to handle this.
@dafyre said in Running X11 - Ubuntu 22.10 - Should I care?:
AFAIK, Even VNC doesn't work on Wayland yet.
Nor does MeshCentral
@Yonah-S As a developer I'm always a bit skeptical of no code and low code solutions. That's how MS Access was touted and what a disaster that was. It all sounds good, but normally it's "pay nothing up front" but then "pay forever because you are trapped."
redSling doesn't seem to show any pricing. That makes it really hard to know how much it will be potentially beneficial. It sounds nice, but do you have access to the resulting code? Can you run anywhere? Does it generate quality code? Is it secure? how will it be hosted? How do you make the kinds of decisions that make all the big difference when writing software if you can't write the software? This appears to take all of the important protections that both your IT team and your development team are tasked with doing and says "don't worry about all that important stuff, trust us to make all those decisions for you without any insight into your business or decision process and no alignment with your needs."
The idea of a code builder like this is great, in theory. But in reality, how do they pay for it without screwing the end users? Maybe they do a great job, but nothing on the site gives me confidence. And there's nothing on the site to build that confidence on... how do we find out the important bits? It looks like it is designed for people not smart enough to ask the basic questions from either a business OR a tech perspective. As a CEO, this looks downright scary and if my managers started using this, I'd have to question their sanity.
Pricing would help. But more importantly, lots of security and safety questions that they conveniently don't mention - which along speaks volumes.
@travisdh1 said in Running X11 - Ubuntu 22.10 - Should I care?:
@travisdh1 said in Running X11 - Ubuntu 22.10 - Should I care?:
@scottalanmiller said in Running X11 - Ubuntu 22.10 - Should I care?:
@dafyre said in Running X11 - Ubuntu 22.10 - Should I care?:
AFAIK, Even VNC doesn't work on Wayland yet.
Nor does MeshCentral
Really? Now I need to go try that when I have a minute.
I just confirmed that mine is working on the default Fedora 37 desktop using both Firefox and Chromium.
Wayland with MeshCentral?
You SURE you are on Wayland?
@travisdh1 said in Running X11 - Ubuntu 22.10 - Should I care?:
@scottalanmiller said in Running X11 - Ubuntu 22.10 - Should I care?:
@travisdh1 said in Running X11 - Ubuntu 22.10 - Should I care?:
@travisdh1 said in Running X11 - Ubuntu 22.10 - Should I care?:
@scottalanmiller said in Running X11 - Ubuntu 22.10 - Should I care?:
@dafyre said in Running X11 - Ubuntu 22.10 - Should I care?:
AFAIK, Even VNC doesn't work on Wayland yet.
Nor does MeshCentral
Really? Now I need to go try that when I have a minute.
I just confirmed that mine is working on the default Fedora 37 desktop using both Firefox and Chromium.
Wayland with MeshCentral?
You SURE you are on Wayland?
Isn't Wayland the default for Fedora now? I'm using the stock Fedora, so I'm thinking I am.
Double check that. Maybe you updated from something with X.org.
@favianmedina said in Dymo labelwriter 550 over IO gear print server instalation Windows 10:
@CCWTech Rith Now in total they have 2 Dymo labelwriter 550 (can't print) and 1 Dymo labewriter 450 (currently working)
If you don't answer what people ask, no one will help you.
@Pete-S said in I Cant Even...:
@scottalanmiller said in I Cant Even...:
I love dealing with someone who has a DEGREE in Cybersecurity, claims to be an experienced system administrator, yet doesn't even know what an SPF record is for email and leaves it blank - even after being taught how to do it. And then puts the wrong data in from the wrong vendor because they don't know how to follow directions or what it is for.
It's fun stuff for sure. We do a hard bounce on all incoming email with SPF failures. Wish Microsoft and Google would do that too, because it's a wake up call for people.
Problem is, customers and vendors use it to say we don't respond. they don't look at their hard bounces.
@PhlipElder said in Manage domains and DNS for customers?:
Breathing on a lawyer up here would require a $10K retainer. Most small businesses would just walk away after recovering their assets.
It often seems like the best answer is moving businesses out of Canada, lol. You know it is bad when the Americans are like "how is it that bad?"