Best posts made by stacksofplates

He seems to conveniently ignore the posts that give real world examples like @scottalanmiller's and mine

@Dashrender said in Using GNU\Linux on your workstation is rubbish:

@black3dynamite said in Using GNU\Linux on your workstation is rubbish:

From a Linux Desktop, you can browse multiple protocols without additional applications. I personally use FileZilla Client but I've also use WinSCP too.

From a Nautilus File Manager:

I don't consider this quite a fair comparison. Linux distros are mostly made by and for techies. There need/desire for these tools to be included seems obvious. Windows on the other hand is meant for the masses, and those tools would be unused by 95% or more.
So sure - it's cool they are there, but that's about all.

I'd argue it's mostly because windows doesn't natively support other protocols. You can browse SMB shares from explorer because it's natively supported. I'd be willing to bet if windows supported NFS or SSHFS or SFTP or any other protocols you would be able to do it in explorer.

However if it let's you view the stuff in explorer then my point still stands. I don't think that browsing a file share is "made for techies".

@scottalanmiller said in Catalogic vProtect for KVM:

Found this script. Just a script, but seems better than an abandoned product from a company that isn't even sure that they make it.

https://www.virtkick.com/docs/how-to-perform-a-live-backup-on-your-kvm-virtual-machines.html

I wrote one on here a couple of years ago.

Does Mac have an /etc/sudoers.d?

Just drop in a file with the sudo permissions there. A good convention is to name the file the user/group name and then put the user or group in the file with the permissions. It should be picked up by the system then. That's just the dump directory for configs so you don't have to edit /etc/sudoers

@DustinB3403 said in Scripted visudo updates:

@stacksofplates said in Scripted visudo updates:

Just drop in a file with the sudo permissions there. A good convention is to name the file the user/group name and then put the user or group in the file with the permissions. It should be picked up by the system then. That's just the dump directory for configs so you don't have to edit /etc/sudoers

So would I simply drop a file with my Cmnd_Alias and users there?

Sorry (just looking to see an example)

Here's an example. The file could be called dustin:

dustin     ALL=(ALL) NOPASSWD: ALL

You could just modify the bluetooth.service to have this :

[Unit]
...
`After=suspend.target hibernate.target hybrid-sleep.target`

...

[Install]
WantedBy=suspend.target hibernate.target hybrid-sleep.target

@Dashrender said in AppGini - building a webpage/db:

@IRJ said in AppGini - building a webpage/db:

@scottalanmiller said in AppGini - building a webpage/db:

@Dashrender said in AppGini - building a webpage/db:

@IRJ said in AppGini - building a webpage/db:

I would say there is a never a case where you want to design something in house to store PHI. Unless, of course you are a software company that is willing to go through things like external code review, pen testing, HIPAA certification, etc. It is just a HUGE risk that could potentially put your upper management in a hot seat (or prison) if there is a breach.

This is in-house for in-house use only. How is this any worse than storing PHI in Excel?

Excel has that code review, and depends 100% on Windows OS security.

Yes

Interesting - so you don't consider any software that hasn't gone through code review good enough to store PHI or PCI, etc type data?

Yup.

@scottalanmiller said in Managing Type 1 Hyper Visors:

@brandon220 said in Managing Type 1 Hyper Visors:

As soon as Cockpit can 100% manage a host,

It can now. We switched to it two weeks ago because it is finally ready.

Can you clone through cockpit yet?

@DustinB3403 said in Managing Type 1 Hyper Visors:

@stacksofplates said in Managing Type 1 Hyper Visors:

@DustinB3403 said in Managing Type 1 Hyper Visors:

@VoIP_n00b said in Managing Type 1 Hyper Visors:

Proxmox

https://i.imgur.com/Qgp2JbV.jpg

It's not that bad.

But it's not as good or better than any of the alternatives.

It's KVM....so it's the same

@scottalanmiller said in Managing Type 1 Hyper Visors:

@stacksofplates said in Managing Type 1 Hyper Visors:

I don't use their stuff, I just use the cli because I can automate that with Ansible or Terraform or whatever, but I'd love to have a REST API for bare KVM. Doesn't even need a GUI, it would just make interacting with systems so much easier.

I find it surprising that there is much concern for this on smaller scale systems like where this would be common. A really nice feature enhancement, to be sure, but surprised to see it as something many people would care about.

It would make writing interactions with it much easier and make smaller scale systems much easier to manage and more popular.

Firecracker is a great example of using KVM with an API first mindset.

I find it funny for years @scottalanmiller has said that companies should be using cloud because of the multitude of benefits like security, cost, reliability, etc and has recently seemed to be backpedaling.

@FATeknollogee said in VMware Community Homelabs:

Aside from @scottalanmiller who else on here has a homelab ?

ps, before you run to your keyboard, spare me the response, running a hypervisor on your laptop is NOT a home lab!

I got rid of my DL380 but I have an R710 running. I also have a micro form factor optiplex that I run my containers on. Hopefully going to replace my r710 with it.

I also run stuff on my laptop. KVM on your laptop is exactly the same as KVM on a rack server. It definitely counts as a home lab.

@black3dynamite said in Reconsidering ProxMox:

Accessing Proxmox behind a Nginx Reverse Proxy works pretty well.

Having the option to use Time-base OTP and YubiKey OTP is awesome.

The Yubikey option is really nice. You can do it with SSH but that's pretty awesome they have that built in.

If you're looking to learn about it, dconf is where you set the properties for GNOME 3. Tweak tool exposes a small number of these. Dconf-editor will give a gui tool to manage all of the settings or you can manage them through normal dump configs in /etc/dconf/db/ and then the database directory you want to manage.

Use the dump directories if you want to automate things like login messages, disabling the picker for usernames to force typing it in, disabling the power button without signing in, etc.

@scottalanmiller said in Microsoft plans on retiring the MCSA,MCSD,MCSE certifications in June 30,2020:

@Jimmy9008 said in Microsoft plans on retiring the MCSA,MCSD,MCSE certifications in June 30,2020:

Whenever I have looked at this for our environment it just does not work out less.

We have hundreds of customers and consult for everyone from operations with just a couple people to the Fortune 10 and the number of customers that can go to cloud is literally... zero. Literally.

Either because it is insanely costly or, over half the time, simply is impossible and don't work because they can't get reliable connections to it (without building their own ISPs, of course) it just doesn't come up, at all. We have a handful of isolated workloads where VPS services are used to get certain locations or redundancy or whatnot, but zero mainline workloads can be put there.

What F10 are you consulting?

Containerization and FaaS have made development and deployments insanely easier and less costly.

Statements like zero of your customers can "go to cloud" whatever that means are ridiculous.

@Pete-S said in Microsoft plans on retiring the MCSA,MCSD,MCSE certifications in June 30,2020:

@stacksofplates said in Microsoft plans on retiring the MCSA,MCSD,MCSE certifications in June 30,2020:

For instance, each box had dual 20 core CPUs and didn't need a ton of RAM. There were a few clusters but the had to be shared by all of the engineers so it slowed everyone down. With AWS you can fire up a few c5.18s and pay $3.45 an hour. So a normal job for the engineers would cost around $165. But there's no maintenance of clusters, no infiniband to maintain, no waiting for other jobs to complete in the queue, and no OS maintenance. Create your AMI and spin up patched machines when necessary.

What kind of calculations are that? I thought all HPC clusters ran on GPU power. A server with a couple of Nvidia V100 GPUs are expensive. Also infinitely more powerful than regular servers.

PS. Seems like a Nvidia V100 GPU card is about $6K each.

These were for nuclear pumps. Since we had all kinds of engineers using them it was a general setup for everyone.

We had a couple of boxes with 4 GPUs each but they weren't used as much. It was more for Windows work.

They used ANSYS for most of their work and then also some internally developed software.

You can just tell podman to relabel the directory with :Z. For example:

podman run --rm -ti $PWD/mydirectory:/var/lib/something:Z fedora:31 bash

Now the $PWD/mydirectory has the container_file_t label.

My apologies. I gave you the wrong SELinux label. The correct type is container_file_t. So run chcon -t container_file_t dir_name` and it should be the correct context.