@JaredBusch said:

Drinking alone. A friend got stuck a meeting and won't be able to join me for a couple hours..

So I called up my pal Jack Daniel's
And his partner Jimmy Beam
And we drank alone, yeah
With nobody else

I use MNX.io. It's $5 a month for 1 cpu, 768 Mb ram, 25 Gb SSD, and 1 TB transfer. They don't have Windows, but they do have Ubuntu 14.04, Debian 7, CentOS 6, CentOS 7, FreeBSD 10, and SmartOS. I use Drupal for everything, so I haven't used any other forum software.

Just leaving the funeral home.

@Dashrender said:

@johnhooks said:

@scottalanmiller said:

@johnhooks said:

What about running a UTM in a VM? At least you can vertically scale if needed.

Of course that's an option and you get "unlimited" power in that way. But having your firewall on a VM, unless it is on a one to one dedicated piece of hardware, is generally not ideal. It basically requires that an attacker already be on your network before facing the firewall. In nearly all cases, I would recommend that you stick with the physical firewall for mainline security and put the non-routing / non-firewall scanning functions onto a VM instead.

Oh OK. I did it at home playing around. The UTM was the only VM with access to the WAN nic but I guess the dom0 is still public facing then? Never thought about that.

Why would dom0 be public facing?

I was guessing. The nic drivers are loaded in dom0 so does that give it an attack point even though the VM is the only one really using the interface?

@MattSpeller said:

Just booked Friday off for mental health - I am going fishing w/ my dad and some kind old farts from the gun club.

Saturday night I packed my car full of my fishing gear, ready for Sunday. Woke up on Sunday to find my car broken into and all my gear gone. Very sad as most of this stuff was inherited from my Dad & we both were very upset. He mentioned all this to the guys at the fish & game club and all those jerks got together and gave me all their old gear.

I can't even process this right now.

That's awful. I'm sorry.

@Drew said:

What sort of backup tools do you see people using in XEN environments? Is there a Veeam \ Unitrends \ VDP equivalent?

I have a bash script that takes snapshots and exports them, then deletes the snapshot. It's based on custom fields for the VM. Here's a link: https://github.com/markround/XenServer-snapshot-backup

How do you mark notifications read with the new mobile menu?

Lenovo is a trustworthy company

@scottalanmiller said:

@johnhooks said:

I'm also quite late, but would it be appropriate to keep passwords in files with root permissions and have the script read it? Or is that just as insecure?

At some point, passwords need to exist. In most cases, you want to use keys, though. Where do you need passwords?

I was just asking if that would be a solution to the original problem while still being secure since he couldn't use keys.

@scottalanmiller said:

@johnhooks said:

What about running a UTM in a VM? At least you can vertically scale if needed.

Of course that's an option and you get "unlimited" power in that way. But having your firewall on a VM, unless it is on a one to one dedicated piece of hardware, is generally not ideal. It basically requires that an attacker already be on your network before facing the firewall. In nearly all cases, I would recommend that you stick with the physical firewall for mainline security and put the non-routing / non-firewall scanning functions onto a VM instead.

Oh OK. I did it at home playing around. The UTM was the only VM with access to the WAN nic but I guess the dom0 is still public facing then? Never thought about that.

Linux Foundations guide on Workstation Hardening

What about running a UTM in a VM? At least you can vertically scale if needed.

I just randomly got logged out. It wouldn't let me log in, so I went to this thread and I was logged in, but couldn't reply. I refreshed the page and then it said I needed to log in. I logged back in and now it's fine. Might just be a quirk, but I figured I'd let you know anyway.

I'm also quite late, but would it be appropriate to keep passwords in files with root permissions and have the script read it? Or is that just as insecure?

That's awesome. Thanks so much! I'll give this a shot when I get some time today. I'm glad it wasn't just me that couldn't get it through the cli, I think their ReadMe's need some more direction.

@dafyre said:

Hey @johnhooks ,

Havae you tried to get the Site-To-Site working yet?

I got everything installed, but I got stuck at creating a network haha.

@dafyre Thanks!

I've had success with Revo uninstaller before. But I agree, I would get rid of the cracked version and just use the free version. Who knows what's been installed along with the cracked version.

I must be dense. To set up the controller you compile the same zerotierone package but pass make ZT_ENABLE_NETWORK_CONTROLLER=1 first?

I know someone who was going on and on about how nice IBM BigFix is. I've never used it, so I can't say anything other than they were using it as a replacement for WSUS.