Best posts made by stacksofplates

@DustinB3403 said in Raspberry Pi-based KVM over IP:

@hobbit666 if the host isn't responding to TCP/IP how is this IP based KVM working with the host?

Over usb and hdmi/vga like any other kvm?

@stacksofplates said in CloudatCost Issues:

@scottalanmiller said in CloudatCost Issues:

@gjacobse said in CloudatCost Issues:

It had potential, but was an utter failure.

Ah well. And has it really been that long!? Wow

I don't know that it really had potential. Their financial model wasn't viable. Less "potential" and more "too good to be true". And that's exactly what happened.

To be fair to Gene, you said it had potential back when it first came out.

@scottalanmiller said in Spectrum VS T-mobile home internet:

@jaredbusch said in Spectrum VS T-mobile home internet:

@travisdh1 said in Spectrum VS T-mobile home internet:

@obsolesce said in Spectrum VS T-mobile home internet:

I may have to just go with Spectrum for now. Those latency numbers are a bit high. I assume the 5g would be better, but not sure if that's in the area yet.

5G is not a real thing in the US yet, tho it's likely to be in your area a lot quicker than the rest of the US.

Rural Ohio is not “America” only a small part of it. 5G has been rolling out for more than a year.

No, he is correct. The "5G" rolling out in the US is actually an improved 4G. True 5G doesn't have equipment available in the US yet. We work with an ISP and literally no actual 5G equipment is available on the US market yet. Because of the Huawei ban, the original source of 5G is cut off and to cover up that mistake, the US allowed higher speed 4G to be rebranded as 5G in the US so that the country wasn't up in arms about it, but like how they allowed 3G to be branded as 4G in the past. They changed the "G" from a tech term into a federally regulated branding term.

That's why the speeds everyone is seeing are standard old 4G speeds from the rest of the world and nothing like what 5G can do. There's a fake American 5G rolling out quickly, we have it hear in Dallas. But it's a mediocre 4G speed by global standards and using what every other country calls 4G because it's a 4th Gen technology. 5G in the US is 4th gen, that's why our 5G is slower than eastern Europe's 4G from half a decade ago.

Verizon has 5G mmWave deployed in quite a few cities. There still is low-band being branded as 5G but there is real 5G in many cities.

@travisdh1 said in Spectrum VS T-mobile home internet:

@stacksofplates said in Spectrum VS T-mobile home internet:

@travisdh1 said in Spectrum VS T-mobile home internet:

@stacksofplates said in Spectrum VS T-mobile home internet:

@scottalanmiller said in Spectrum VS T-mobile home internet:

@jaredbusch said in Spectrum VS T-mobile home internet:

@travisdh1 said in Spectrum VS T-mobile home internet:

@obsolesce said in Spectrum VS T-mobile home internet:

I may have to just go with Spectrum for now. Those latency numbers are a bit high. I assume the 5g would be better, but not sure if that's in the area yet.

5G is not a real thing in the US yet, tho it's likely to be in your area a lot quicker than the rest of the US.

Rural Ohio is not “America” only a small part of it. 5G has been rolling out for more than a year.

No, he is correct. The "5G" rolling out in the US is actually an improved 4G. True 5G doesn't have equipment available in the US yet. We work with an ISP and literally no actual 5G equipment is available on the US market yet. Because of the Huawei ban, the original source of 5G is cut off and to cover up that mistake, the US allowed higher speed 4G to be rebranded as 5G in the US so that the country wasn't up in arms about it, but like how they allowed 3G to be branded as 4G in the past. They changed the "G" from a tech term into a federally regulated branding term.

That's why the speeds everyone is seeing are standard old 4G speeds from the rest of the world and nothing like what 5G can do. There's a fake American 5G rolling out quickly, we have it hear in Dallas. But it's a mediocre 4G speed by global standards and using what every other country calls 4G because it's a 4th Gen technology. 5G in the US is 4th gen, that's why our 5G is slower than eastern Europe's 4G from half a decade ago.

Verizon has 5G mmWave deployed in quite a few cities. There still is low-band being branded as 5G but there is real 5G in many cities.

That's not what I've been hearing, but I'm behind on listening to my tech news. As of the end of last year, mmWave is still in only a few spots in select cities. Those spots being within ~100' of the transceiver, not even enough to call a single block covered.

The rest is all low-band being rebranded as 5G like you said.

It's like 65 or so. https://www.google.com/amp/s/www.androidauthority.com/5g-cities-us-1105898/amp/

I count 65 as quite a few. In comparison to all cities it's not much, but it's more than a small amount.

I just glanced at that report, what I didn't see mentioned is WHERE 5G mmWave is available in those cities. IE: New York city only had a couple 100' zones where you could get it last I knew. Technically it's available, realistically you just won't get it. I'm sure the companies are working to change that fast as they can, I could see it being actually useful in New York and San Francisco by the end of this year.

However, those results were achieved by practically standing under the 5G nodes. Across the city, the average download speed was a lot slower (but still fast) at 594Mbps.

I take that to mean it's actually across the city. Even still, the argument was it wasnt available in the US which was incorrect.

@black3dynamite said in Home office desk:

@pete-s said in Home office desk:

@obsolesce said in Home office desk:

It's been a while, and thought I'd look for some ideas.

I'd prefer sit/stand, but I'm not sure how that'd go considering the following:

2 laptops
1 desktop
2 monitors
...things

This is what I was looking at for a sit/stand desk:
https://www.ikea.com/us/en/p/idasen-desk-sit-stand-black-beige-s09280987/

However, I like the style of this as well, though not sure if it will fit everything well:
https://www.ikea.com/us/en/p/fredde-desk-white-10451068/

What do you suggest?

I think you need to have a look in person at the desk. With the things you want to have on it I think it will be too small. I'd look for something longer.

I'd also be careful then buying IKEA because corners are cut to get the price down. I have two IKEA electrical sit/stand desks at home that are being replaced with larger, better desks. Both desks have had motor/electrical problems. The quality and quality control is so-so and not as good as commercial desks. But maybe they'll get the job done as a budget option for you.

Yeah, I’ve seen some YouTube videos of people replacing the honeycomb table top with one of those kitchen table tops that are solid wood. And also so they can have a longer table too.

I have a Skarsta desk https://www.ikea.com/us/en/p/skarsta-desk-sit-stand-white-s89324812/ but I replaced the top with an Ikea 78" Linnmon top. I also have the Ekby drawers on top https://www.ikea.com/us/en/p/ekby-alex-shelf-with-drawers-white-20192828/

So idk about other ergonomic keyboards, but this one def is very comfortable and the adjustable legs and wrist rests make it really adjustable to your liking.

@pete-s said in Managing Publicly hosted Linux Servers through Cockpit:

@stacksofplates said in Managing Publicly hosted Linux Servers through Cockpit:

Solarwinds is far from "devops tooling" and that feels like a weird thing to say since most devops tooling is open source and not built in private like Solarwinds.

I didn't say that. I said that the cybercriminals are going after management tools including devops tooling. Just because it's open source doesn't make it automatically safe.

Yeah no one said open source is automatically safe, but the reason the Solarwinds hack was successful was because it was closed. If the build logs were open like most open source tools, and the source was available, it could have easily been caught.

Relying on pre-built binaries is starting to fade. With languages like Go where you can pull the source and build locally in the same command, it's not needed any longer.

Also, in reality supply chain vulnerabilities are extremely difficult to pull off. Solarwinds wasn't because of an upstream dependency in the chain, it was the tool itself which was compromised in a build step. While SBOM information is really important, these attacks are rare and you're most likely to get attacked somewhere else.

@pete-s said in Managing Publicly hosted Linux Servers through Cockpit:

@stacksofplates said in Managing Publicly hosted Linux Servers through Cockpit:

The Solarwinds hack was from an injection during a pipeline where they modified the actual binary that was built. Ansible wouldn't be compromised that way since it's a Python package and you can just pull the Ansible source and run it. It doesn't need compiled.

Supply chain attack doesn't have to modify binaries. You could modify anything. In Ansible's case they say that the weak link is the community developed modules. That it's built on Python changes nothing.

No, them being community developed modules changes nothing. 1) All of Ansible is community maintained. 2) If you're referencing the modules that come with Ansible, they are in the main repo with Ansible. Only recently have they started shipping collections which are separately maintained and that wouldn't be a failing of Ansible itself.

@dashrender said in Changing subnet mask?:

@travisdh1 said in Changing subnet mask?:

@jaredbusch said in Changing subnet mask?:

@travisdh1 said in Changing subnet mask?:

You're conflating VLANs with security.

You need to realize who you are talking to.

@IRJ is probably the most skilled security person on the community.

I know this, and statements like he made give me headaches after having to explain to other people that VLAN does nothing for security if you don't have firewall/access rules as well.

The types of places @IRJ has worked at, I agree that it would be insane to have a flat network.

This is my thoughts - most small businesses don't need/want more complexity than a flat network.

Most small businesses don't want to deal with ransomware. What they want is immaterial. They should be doing what they need.

@stacksofplates said in Changing subnet mask?:

@dashrender said in Changing subnet mask?:

@travisdh1 said in Changing subnet mask?:

@jaredbusch said in Changing subnet mask?:

@travisdh1 said in Changing subnet mask?:

You're conflating VLANs with security.

You need to realize who you are talking to.

@IRJ is probably the most skilled security person on the community.

I know this, and statements like he made give me headaches after having to explain to other people that VLAN does nothing for security if you don't have firewall/access rules as well.

The types of places @IRJ has worked at, I agree that it would be insane to have a flat network.

This is my thoughts - most small businesses don't need/want more complexity than a flat network.

Most small businesses don't want to deal with ransomware. What they want is immaterial. They should be doing what they need.

Not really sure what the argument is here? No one is disagreeing with what you said.

But the businesses that decide they need their infrastructure on prem, should 100% be separating networks. It takes little time/effort to set up properly.

This is the main way Vault handles SSH creds. It will act as your CA and assign dynamic certs for you.

My wife has a 13" MacBook Pro M1 and it's really nice, also cheaper than the Intel versions. If you want a Mac you might wait until the fall of this year. They are refreshing the line and looks like you get extra IO ports (HDMI, etc). But the touchbar is going away from what I've seen. So if you want the touchbar then you might need to order this gen.

@jasgot said in Macbook Air for College:

@stacksofplates said in Macbook Air for College:

@jasgot said in Macbook Air for College:

Daughter wants a Mac laptop for college. Any suggestions?

What is she going for?

Biochemistry and Molecular Biotechnology

IMO a Mac makes sense in that field. My wife's cousin went for something similar and they did a good bit of programming. Mostly Python but I think it's a good fit.

@jasgot said in Macbook Air for College:

@scottalanmiller said in Macbook Air for College:

What more were you looking for?

Air or Pro?

It depends. If you need the extra 100 nits of brightness, touchbar, and you know you need the fan from extended compute then get the pro. Otherwise save the couple hundred and get the air.

You can still get the 8 core cpu and 8 core gpu in the air. It's pretty much the same minus the stuff mentioned above. The battery is also a tiny bit smaller and I think the microphone is less "studio quality".

Just have PAM verify the cert if you want the perceived second layer of auth.

https://github.com/uber/pam-ussh

@gjacobse said in WinRM: Security Question:

While it is likely I could be missing it,.. As of yet, I don't see any way to run commands like SC / MC. I've been looking over DesktopCentral and nothing stands out.

https://www.manageengine.com/products/free-windows-tools/free-remote-command-prompt-tool.html

https://www.manageengine.com/products/desktop-central/help/computer_configuration/executing_custom_scripts.html

@gjacobse said in Nextcloud: unable to ssh or sftp:

@dafyre said in Nextcloud: unable to ssh or sftp:

@stacksofplates said in Nextcloud: unable to ssh or sftp:

@gjacobse said in Nextcloud: unable to ssh or sftp:

@stacksofplates
Since my ip is getting banned by fail2ban- I would think that they are.

I’m down to getting winscp or FileZilla to connect, I finally can connect via ssh. Trouble with manually typing a 32 character complex pass.

That's what keys are for.

Or a password manager, lol.

That is just it.

I have and use a password manager. Same one on the Desktop as the phone. Even with auto-type it wasn't working. So - that "wasn't" the issue here.

Why not just use keys? While it is still encrypted, when you use a password the password has to be sent to the remote system to verify. When using keys, the private key is never sent over the wire. So even a 500 character pass is still less secure than a simple ed25519 key that's only 80 characters in length.

@dustinb3403 said in O365: KUDOS:

So you have a dog in this fight because you're underpaid and work for a shitty employer

Hahahahahahahahahahahahaha.

You have no clue what you're saying and who you're saying it to.

I also enjoy them. I love where I work and and def not underpaid, but I still think it's a nice gesture and makes you feel good when they show appreciation for it.

I didn't realize we had John Wayne here on the site. Too tough for a company thanks. Ok pilgrim.

@scottalanmiller said in Nginx Proxy Manager:

@stacksofplates said in Nginx Proxy Manager:

This seems to add a lot of complexity. Nginx configs can be complex but this abstraction in a database seems worse than writing the configs.

I think you should practice using a config management tool or even terraform templates to generate the configs based on variables.

And you have to set up a Docker environment, likely just for this one workload. Not the end of the world, but one additional layer in all of this. Just manage the configs, they are pretty easy.

To be fair, I prefer to use nginx with k8s, but the nginx-ingress operator will auto generate configs based on whatever ingress you define for the cluster. It's really easy. It also works really well with cert-manager who will auto generate TLS certs with letsencrypt and external-dns will auto generate the DNS entries for you in your provider.

The whole database thing to me is the biggest turn off. Backups become annoying at that point. With bare nginx you just need the configs, with kube you just need the ingress manifests.