So I posted a snapshot export script on here a long time ago, and it wasn't really correct. It created an overlay disk of a backing store and exported the backing store. Red Hat doesn't include the most up to date version of QEMU, so they can push RHEV. RHEL/CentOS 7 only comes with QEMU 1.5, and for live snapshots you need at least 2.0. So if you ad the oVirt repos you can get the newest version with the package qemu-kvm-rhev, or use Fedora server. Here's a script I wrote to take a live external snapshot and compress it to a location. I used my normal template with the interactive function. vmLocation is the location of your VMs. I usually keep mine in the same area. I should add full paths for everything, but I'm lazy this evening. I'll add them later. I also need to add some error handling but this is a rough start if anyone needs to use it.

#!/bin/bash


vmLocation="/data/VMs"

today=$(date +%m-%d-%Y)



#Script functions
function script_help () {
  echo "
      Usage: $(basename $0) [options] dom-name snap-name save-location disk-name

          -i   Ineractive mode

          -h   this help text

          dom-name        Name of domain to take snapshot of

          snap-name       Name of snapshot

          save-location   location to copy snapshot to

          disk-name       Name of disk in VM

      Example:
        $(basename $0) bind-server bind-snap01 /export/snaps/ vda"

  exit ${1:-0}
}

function interactive_snap () {

  echo "Domain name"
  read name

  echo "Snapshot name"
  read snap

  echo "Location to save snap"
  read location

  echo "Disk name"
  read disk

  virsh dumpxml $name > $location/$name.xml

  diskPath=$(virsh domblklist $name | grep -i $disk | awk '{ print $2 }')

  virsh snapshot-create-as --domain $name $snap --diskspec $disk,file=$vmLocation/$snap.qcow2 --disk-only --atomic

  tar -czvf $location/$snap-$today.tar.gz $diskPath

  virsh blockcommit $name $disk --active --verbose --pivot

  rm -f $vmLocation/$snap.qcow2

  virsh snapshot-delete --metadata $name $snap

  exit ${1:-0}

}

function argument_snap () {

  virsh dumpxml $name > $location/$name.xml

  diskPath=$(virsh domblklist $name | grep -i $disk | awk '{ print $2 }')

  virsh snapshot-create-as --domain $name $snap --diskspec $disk,file=$vmLocation/$snap.qcow2 --disk-only --atomic

  tar -czvf $location/$snap-$today.tar.gz $diskPath

  virsh blockcommit $name $disk --active --verbose --pivot

  rm -f $vmLocation/$snap.qcow2

  virsh snapshot-delete --metadata $name $snap

  exit ${1:-0}



}

#Show help if no arguments or options are passed
[[ ! "$*" ]] && script_help 1
OPTIND=1


#Read command line options
while getopts "ih" opt; do
    case "$opt" in
      i) interactive_snap ;;
      h) script_help ;;
      \?) script_help 1 ;;
    esac
done
shift $(($OPTIND-1));

#Run argument function
name=$1
snap=$2
location=$3
disk=$4
argument_snap

Well it's official now. I start on Monday as a senior systems engineer with Curtiss-Wright.

So I have a dynamic DNS service for my ERL, but it's not in my actual domain. So I made a small script that updates my CloudFlare DNS from my ERL with their API. There is a cron job that just runs this script every 5 minutes.

#!/bin/bash

key="your-api-key"
zoneID="your-zone-id"
email="[email protected]"
recordID="record-id-to-update"
recordName="newrecord.yourdomain.com"
ip=$(ifconfig eth0 | grep "inet addr:" | cut -d: -f2 | awk '{ print $1 }')

curl -X PUT "https://api.cloudflare.com/client/v4/zones/$zoneID/dns_records/$recordID" \
     -H "X-Auth-Email: $email" \
     -H "X-Auth-Key: $key" \
     -H "Content-Type: application/json" \
     --data '{"type":"A","name":"'"$recordName"'","content":"'"$ip"'","ttl":120,"proxied":false}' -k

You do have to get the record id from the API. I haven't found a way to get it through the web interface. So that means you have to create the record initially, either through the API or the web interface (or use an existing one). Once you have the ID, just paste it in the variable.

Guys I have a server I'm running to display a slideshow of my cats. It has to run 28/8/368. Downtime is not an option, I can't not see my cat's pictures. I need 40 TB of storage in RAID 0 for ultra redundancy and my budget is some change I found in the parking lot. Can anyone help me?

Ok so it seems there's a bit of confusion for how this is set up. On CentOS and Fedora workstations you don't need to do this because it's installed by default. For the servers it's just as easy.

On CentOS just choose software and then virtualization host:

On Fedora under software choose headless virtualization:

That's literally all the steps needed to have a working KVM hypervisor. If you want a GUI to manage with then install Virt-Manager on your workstation:

dnf install virt-manager

or

yum install virt-manager

Then connect to your host:

Youtube Video

WD MyCloud. I hear they're easy to remote support.

@scottalanmiller said in Merits of Staying Long Term with a Job or Moving More Rapidly:

There are a lot of opinions on this subject. What do people think, what have you found? Should you lean towards sticking with one employer and staying for a long time and working your way up? (Linear job progression.) Or should you lean towards looking for external opportunities and moving to other companies (Lateral job progression?)

I think both have their place. If you are somewhere where you can stay for a while and move up that's awesome. Just don't get complacent so if you ever have to leave you can.

@dafyre said:

And Suddenly @scottalanmiller disappears for hours. Guess we can go back to the #wheressam feed again?

Carmen SAMdiego Hehe

If any of you use vagrant-libvirt and upgraded to Fedora 30 you might notice something strange. I finally figured it out after reviewing a pull request. Vagrant-libvirt was only using the user-session and not the default session even if you are in the libvirt group. So your networks wouldn't be available to the Vagrant boxes. Here's how to fix it:

Put the following in ~/.vagrant.d/Vagrantfile

Vagrant.configure("2") do |config|
  config.vm.provider :libvirt do |libvirt|
    libvirt.qemu_use_session = false
  end
end

Now it should behave like it used to before Fedora 30.

@pete-s said in Miscellaneous Tech News:

@stacksofplates said in Miscellaneous Tech News:

@mlnews said in Miscellaneous Tech News:

Cryptocurrency launchpad hit by $3 million supply chain attack

SushiSwap's MISO launchpad hacked via a malicious GitHub commit.
SushiSwap's chief technology officer says the company's MISO platform has been hit by a software supply chain attack. SushiSwap is a community-driven decentralized finance (DeFi) platform that lets users swap, earn, lend, borrow, and leverage cryptocurrency assets all from one place. Launched earlier this year, Sushi's newest offering, Minimal Initial SushiSwap Offering (MISO), is a token launchpad that lets projects launch their own tokens on the Sushi network. Unlike cryptocurrency coins that need a native blockchain and substantive groundwork, DeFi tokens are an easier alternative to implement, as they can function on an existing blockchain. For example, anybody can create their own "digital tokens" on top of the Ethereum blockchain without having to recreate a new cryptocurrency altogether.

Thats not really a supply chain attack. It sounds like someone who had access to contribute to their private repo committed malicious code that wasn't reviewed.

Guessing they used that term since it's hot news right now.

I wonder if that isn't a supply chain attack anyway. Private repo or not, shouldn't make a difference in that determination. "Private" is just private in the sense that you have to be invited to contribute.

What makes it a supply chain attack is that the hacker didn't attack any production servers. He attacked the software supply chain by injecting malicious code in their repository. Which eventually got deployed and ended up running.

If he had gained access to production servers somehow and made the exact same changes on the software running, it would not have been a supply chain attack.

Don't know how the sushi-thing works but they say it's community driven and decentralized which sound like the malicious code might have ended up deployed in many places.

It's not that it's a private repo. It's that the person was allowed to modify the code base. Supply chain isn't opening a PR to a project and having it approved, that's just insider malicious coding.

@mlnews said in Miscellaneous Tech News:

Cryptocurrency launchpad hit by $3 million supply chain attack

SushiSwap's MISO launchpad hacked via a malicious GitHub commit.
SushiSwap's chief technology officer says the company's MISO platform has been hit by a software supply chain attack. SushiSwap is a community-driven decentralized finance (DeFi) platform that lets users swap, earn, lend, borrow, and leverage cryptocurrency assets all from one place. Launched earlier this year, Sushi's newest offering, Minimal Initial SushiSwap Offering (MISO), is a token launchpad that lets projects launch their own tokens on the Sushi network. Unlike cryptocurrency coins that need a native blockchain and substantive groundwork, DeFi tokens are an easier alternative to implement, as they can function on an existing blockchain. For example, anybody can create their own "digital tokens" on top of the Ethereum blockchain without having to recreate a new cryptocurrency altogether.

Thats not really a supply chain attack. It sounds like someone who had access to contribute to their private repo committed malicious code that wasn't reviewed.

Guessing they used that term since it's hot news right now.

@dustinb3403 said in I can't even:

So when do we start boycotting businesses that refuse to use SSL...

They have SSL, it just doesn't redirect you properly.

@jasgot said in Exchange Environment - Lab:

This is like saying you don't need to learn long division because you have a cellphone with a calculator.

No it's almost like saying you need to learn the intricacies of using one of these

Before using one of these

You can still write qbasic also, but why would you?

There's nothing wrong with understanding these languages had a purpose at one time, but don't put effort into learning them unless you have to.

@jasgot said in Exchange Environment - Lab:

it was said in Exchange Environment - Lab:

Why are you trying to learn how out dated technology?

I'm curious, why is this the de-facto "go to" question when people don't feel like helping, but still want to hear themselves talk?

Maybe... this is what he has laying around his lab, AND he wants to learn?

Why is it usually a problem that one person is learning something years after someone else has?

I just don't get it.

If someone were asking how to write dos batch files, which is decades old, it is still a good basis for understanding and developing scripts; that will help with future learning.

It won't really help with future learning. Learning things like Goto statements is a waste of your time. If you (not you specifically but the editorial you) want to advance your career you will avoid old languages and systems like this.

@scottalanmiller said in Apple plans to scan your images for child porn:

@dustinb3403 said in Apple plans to scan your images for child porn:

@scottalanmiller said in Apple plans to scan your images for child porn:

@jaredbusch said in Apple plans to scan your images for child porn:

And the pile on officially begins.

https://9to5mac.com/2021/09/09/csam-scan-encrypted-messages/

Now we know how bad it is if the UK is supporting it! The ultimate surveillance state.

China is way worse...

Sort of. It depends on what you measure. Camera, they are worse (per capita, for real.) But when it comes to far more intrusive data, they are less.

Uh that completely ignores the fact they monitor all of their internet traffic. They don't need to file data requests when they already have it?

@dbeato said in Unifi Controller Installer Script for Ubuntu 21.04:

@voip_n00b said in Unifi Controller Installer Script for Ubuntu 21.04:

@stacksofplates docker is worse than reddit. I can’t believe you would suggest such hot garbage.

How is it garbage @VoIP_n00b ? It is quite possible if someone wants to run their Controller as a container. I am not sure why you are also comparing Reddit with Docker, what is the comparison?

I think it's an attempt at trolling.

The Linuxserver docker image works pretty well.

https://hub.docker.com/r/linuxserver/unifi-controller

@dustinb3403 said in RMM Service:

@irj said in RMM Service:

@notverypunny said in RMM Service:

I'd like to have more granular permissions options (like allowing users access to workstations but blocked on servers) but it's not a deal-breaker.

You aren't using a segmented network with firewall rules blocking incoming ports like RDP and SSH?

How does segmented networking affect the user permissions within Tactical. I get how it would segment the devices, but that does nothing for the RMM side. IE different teams of people to manage different equipment or resources.

He's saying if you segmented the network you wouldn't need to worry about those controls in the RMM at all.

@irj said in RMM Service:

@notverypunny said in RMM Service:

@scottalanmiller I know you've said in the past that the smallest VPS from vultr or DO should be more than sufficient for a meshcentral server. Tactial's documentation specifies 2GB of RAM, would a VPS option like the $10/mth DO shared CPU option (2GB RAM, 1CPU, 50G HDD, 2TB transfer/mth) be sufficient or should something beefier be used as a minimum setup?

Containerize it and you will only use the resources you need with the ability to scale when needed.

https://wh1te909.github.io/tacticalrmm/install_docker/

This would most likely be an easier setup on K8s. I wouldn't recommend running prod stuff with docker-compose. You can just set up an ingress for those three hostnames with annotations and cert-manager will generate certs for them automatically.