Posts made by stacksofplates

The Android app is much different than the other browsers. So I'm assuming is some version of rebranded chromium.

Fwiw on Android, I end up using Firefox focus the most and Brave for most everything else.

@scottalanmiller said in DuckDuckGo:

@wrcombs said in DuckDuckGo:

@scottalanmiller said in DuckDuckGo:

@wrcombs said in DuckDuckGo:

@pete-s said in DuckDuckGo:

@wrcombs said in DuckDuckGo:

Anyone using this browser?
I've heard good things online about it, but whats the community thoughts on it?

Didn't know they had a browser but now I'm going to give it a spin.

I just downloaded it on my iPhone - debating on download for my laptop..

Where do you get it? I went to the website, there was nothing there. Just an extension for my current browser.

It's a an app on iPhone as the default browser.

I think you'll find it just looks that way and is actually still Safari.

All web browsers on iphone are repackaged safari afaik, even chrome.

@scottalanmiller said in Container core technology?:

@pete-s said in Container core technology?:

So whatever container solution you run, the core technology is the same.

It varies a lot. Docker is a super lean container tech, meant to run a process and its tightly coupled processes. But LXC includes the entire operating system sans kernel. So if you are using LXC containers, you can run Ubuntu on Fedora, Fedora on CentOS, CentOS on Ubuntu, Alpine on Ubuntu, CentOS on CentOS... the sky is the limit as long as they are okay sharing the same kernel compilation settings and version.

You can run an init process in an OCI container. It's assumed you pretty much won't but it is possible. It's helpful for testing some things and makes it work similarly to something like LXC/LXD.

@jaredbusch said in Does Mesh Central support blanking remote screen:

@scottalanmiller said in Does Mesh Central support blanking remote screen:

@jaredbusch said in Does Mesh Central support blanking remote screen:

@scottalanmiller said in Does Mesh Central support blanking remote screen:

Why load? MOst of the time we log into machines that have that stuff already on the screen. We just cause the screen to unlock and don't know who can see it. VERY often for us, that this case comes up, it is a medical system in a room where a doctor may or may not be, and a patient may or may not be, and the patient may or may not have someone watching them.

Logging in to a remote system with potential PHI active on it without a user present? Never. Your entire scenario is a PHI data breach.

Hence the need to blank the screen so that it is the same as any VDI style medical system.

No, your people are the breech. You should not need to see random PHI to support anything. If there is a can't print chart issues, etc, there should be a generic, fake, patient that can be used.

I mean they are also managing peoples passwords and typing them in for the customers so you're already down a bad rabbit hole.

We used Yubikeys in an air gapped environment for MFA.

They can either be treated like smart cards, or with a normal totp server. It would probably be much easier to use them if you have internet access as you wouldn't need to run your own u2f validation server.

@rjt said in KVM or VMWare:

@stacksofplates

XCP-ng and XE cli and XenOrchestra and XCPngCenter use the well known XEN API known as "XAPI".

Start a task using the XE command line and it shows up in the other task lists such as that in XenOrchestra.

Start a vm move from XCPNGcenter and it shows up under xe task-list.

Start a vm copy command from XenOrchestra and it will show up under xe task-list.

We use one set of tools to manage both old Citrix 6.5 hosts and the latest XCP-ng hosts.

Not sure how that compares to ProxMox/KVM. Do not know on the status of a real KVM API, but as a long time bash user, I would consider bash an API.

Bash is not an API, it's a shell. You don't really interact with the KVM APIs directly, it's libvirt which you usually interact with because KVM is very low level. Libvirt has real APIs but like I mentioned above, they don't do a lot of what you would want. Commands like xe vm-list are similar to things like virsh list --all and are done through libvirt. KVM can be leveraged without libvirt/qemu (see things like gvisor and firecracker), however libvirt is normally what you get out of the box.

Cloning is a good immediate example. Cloning is done through a tool like virt-clone which is a subset of tooling from virt-manager (source here https://github.com/virt-manager/virt-manager/blob/master/virtinst/virtclone.py) . So if you were to try to create a REST API to interact with libvirt to clone a system you'd essentially need something like a CGI script to kick off the clone process. It's very kludgy. I did a lot of this automation through Ansible, but it took a lot of work and was somewhat limited.

@scottalanmiller said in KVM or VMWare:

@stacksofplates said in KVM or VMWare:

@scottalanmiller said in KVM or VMWare:

@stacksofplates said in KVM or VMWare:

The landscape would change because people and companies could easily create integrations and tools.

did you mean... If?

Yeah I said that earlier here:

If KVM had APIs (not just REST APIs) like VMware, the whole landscape would change, but they don't.

I thought so, but you typed "because" and it didn't quite make sense. Yes, I agree, cool APIs that make loads of automation easily consumable by third party applications would be a great upgrade and make it even more broadly applicable.

IF they had that, I would change my opinion about the easier tool to use. Sure cloud providers can write the tooling for KVM (libvirt or not) but VMware makes things much more consumable.

For instance, you want to give someone their own storage space and access to only their VMs. Have fun with bare KVM. You need to use polkit and write custom rules around Unix users who can access those VMs. But that only manages the guest domain. Not the networking or actual storage. In VMware, it's just creating a folder and giving permissions to a user in that folder with some resource scoping.

Bare KVM is fine if you have one person or a couple people with the same privileges managing systems. Outside of that it gets really hard really fast.

Edit: forgot the VMware side.

@scottalanmiller said in KVM or VMWare:

@stacksofplates said in KVM or VMWare:

The landscape would change because people and companies could easily create integrations and tools.

did you mean... If?

Yeah I said that earlier here:

If KVM had APIs (not just REST APIs) like VMware, the whole landscape would change, but they don't.

@travisdh1 said in KVM or VMWare:

@stacksofplates said in KVM or VMWare:

@scottalanmiller said in KVM or VMWare:

Taking a clone is fine, but now you either have to maintain that template or it gets old and you have an ancient template sitting somewhere that is just as out of date as the initial OS install, or nearly (sure it'll have SOME updates.)

This is one place where KVM shines, but only libvirt/QEMU. You can update templates without spinning them up through libguestfs and the next time the template is cloned, the clone has all of the updates.

KVM has a lot of features like this, but it needs automated, is limited to libvirt (which cuts down the number of places KVM is deployed), and needs separate tools installed which are only cli based.

If KVM had APIs (not just REST APIs) like VMware, the whole landscape would change, but they don't. The APIs are hard to use and don't have all of the features you would expect. You can't even clone a system with virsh. You need a separate tool to do a lot of manual work behind the scenes.

What does the method of automation matter to making decisions on what to use? One uses an API, the other standard UNIX based tools, both accomplish the same thing.

Because one is easy to write integrations with, the other is not. The landscape would change because people and companies could easily create integrations and tools.

@scottalanmiller said in KVM or VMWare:

@stacksofplates said in KVM or VMWare:

@scottalanmiller said in KVM or VMWare:

@stacksofplates said in KVM or VMWare:

I understand NDAs but you have to at least be able to give some more information than "major vendor".

What information would that be? LOL.

Literally anything. I can tell you that I am working with one of the big four right now. Can't say which one, but I can tell you that.

The big four vendors? This isn't a vendor THAT big. I'm not sure how to give away anything about this vendor without it being obvious quickly. Nothing like the size of the big four. But a vendor that has an IT arm.

Big four accounting.

@scottalanmiller said in KVM or VMWare:

@stacksofplates said in KVM or VMWare:

Who was this? People don't believe things you say because you make statements like this and never say who it is. It sounds completely made up.

In IT rarely can you disclose the players involved.

That's just not true. Everyone blasts their customers on their sites. The number of times you can't give any information is very low.

@scottalanmiller said in KVM or VMWare:

@stacksofplates said in KVM or VMWare:

I understand NDAs but you have to at least be able to give some more information than "major vendor".

What information would that be? LOL.

Literally anything. I can tell you that I am working with one of the big four right now. Can't say which one, but I can tell you that.

@scottalanmiller said in KVM or VMWare:

@stacksofplates said in KVM or VMWare:

@scottalanmiller said in KVM or VMWare:

And what does it hedge against, an OS install is only a few minutes anyway.

This discounts any specific setup. Sure you can install an OS in a couple minutes but when you need any customization it adds up exponentially.

Absolutely. But if you are using some kind of OS automation it doesn't necessarily make any real difference. If you lack the automation, then cloning / templating because much more important. But you have to keep it up to date.

Right. This specifically helps you in the case where you don't have automation. You create a template and don't have the automation. The next time something happens. Just redeploy from the template. Apply updates to the template periodically and you're fine.

This scenario helps in both cases. Arguably moreso for people who don't have any existing automation.

@scottalanmiller said in KVM or VMWare:

On a call with a major vendor talking about a customer solution (no customer on the call.) All of the managers kept saying "We need VMware because who is going to support KVM?" And the support team kept saying "What are you talking about, you are a KVM vendor will a full KVM support organization and we don't have those skills in VMware and will have to farm it out."

Who was this? People don't believe things you say because you make statements like this and never say who it is. It sounds completely made up.

I could say yesterday I talked with a client who said they wanted to run SQL server on a Mac pro. If I never give details who these places are no one will believe me.

I understand NDAs but you have to at least be able to give some more information than "major vendor".

@scottalanmiller said in KVM or VMWare:

Taking a clone is fine, but now you either have to maintain that template or it gets old and you have an ancient template sitting somewhere that is just as out of date as the initial OS install, or nearly (sure it'll have SOME updates.)

This is one place where KVM shines, but only libvirt/QEMU. You can update templates without spinning them up through libguestfs and the next time the template is cloned, the clone has all of the updates.

KVM has a lot of features like this, but it needs automated, is limited to libvirt (which cuts down the number of places KVM is deployed), and needs separate tools installed which are only cli based.

If KVM had APIs (not just REST APIs) like VMware, the whole landscape would change, but they don't. The APIs are hard to use and don't have all of the features you would expect. You can't even clone a system with virsh. You need a separate tool to do a lot of manual work behind the scenes.

@scottalanmiller said in KVM or VMWare:

And what does it hedge against, an OS install is only a few minutes anyway.

This discounts any specific setup. Sure you can install an OS in a couple minutes but when you need any customization it adds up exponentially.

@scottalanmiller said in KVM or VMWare:

Taking a clone is fine, but now you either have to maintain that template or it gets old and you have an ancient template sitting somewhere that is just as out of date as the initial OS install, or nearly (sure it'll have SOME updates.) It's only good for any length of time if you aren't keeping your systems updated (meaning it'll be for the wrong OS version after a couple years) and you have to store it and know where it is when, alternatively, you can just download a fresh install or have it ready to go.

If you dont' separate data and OS then yes. But if you have a separate data disk, updates get applied to the template and you just reattach data to the cloned image.

Who out there who actually knows what they are doing, doesn't separate data and OS and then not have the ability to spin up a new system immediately this way? It alleviates a ton of issues.

@scottalanmiller said in KVM or VMWare:

@stacksofplates said in KVM or VMWare:

@scottalanmiller said in KVM or VMWare:

@stacksofplates said in KVM or VMWare:

@scottalanmiller said in KVM or VMWare:

Because people are too busy selling VMware to those SMBs because almost no one is out there protecting them. Telling them that those KVM resources won't help them or cost too much and that they need "dumbed down" systems because they are small shops.

Out of the box VMware is more powerful than KVM. There's no one claiming that VMware is dumbing down the virtualization.

No. the implication is that the use of the product is dumbed down so that SMBs need fewer / simpler skills and knowledge to run it.

I mean VMware is simpler to use but it's also more powerful right out of the box.

I don't agree with simpler to use. I don't know of any tech that has used both to any degree that spends less time on VMware. I'm not saying VMware is hard. I'd put it as easier than Hyper-V. Hyper-V is likely the hardest. But VMware with a web GUI compared to KVM options with web GUI, I'll take KVM for pure ease of use.

If you are going to pure CLI, maybe VMware is easier. Not done either with only CLI enough to truly compare. Both easier than Hyper-V again, I'm sure.

But the number of companies I"ve dealt with that couldn't even get to the VMware install because they had licensing issues beyond their ken isn't a statistical anomaly. That alone adds a lot of overhead before there is any money involved. Everyone tends to ignore licensing as part of the support and workload, but it's often the most significant part. We get called in sometimes only for that!

That's only because KVM has about 20% of the options through a web gui. You specifically said before you weren't talking about Proxmox, so we must be talking about through Cockpit. And at this point, clicking around in a gui is not KVM expertise. If you can build a VM in one web UI, you can do it in almost any web ui. They are very similar.

@scottalanmiller said in KVM or VMWare:

Because their claims are false. Claiming that something doesn't exist because you haven't seen it or looked the other way or don't work in that department is not useful when other people in the same firms work on that technology every day.

And here's the crux. Again only your experience matters. Claiming that something does exist because you've interacted with a few people who do it does not mean that it's widely available.

I worked exclusively with KVM fairly deeply for years.

I'm not saying that enterprises don't use VMware, or that skills don't exist, only that KVM is used and skills do exist.

I never said the skills don't exist. I'm arguing this is false But at the end of the day, KVM skills are available and affordable.

You later clarified that KVM skills includes performance tuning, automation, monitoring, etc. I'm arguing that these skills are not "widely available".

@scottalanmiller said in KVM or VMWare:

@stacksofplates said in KVM or VMWare:

@scottalanmiller said in KVM or VMWare:

Because people are too busy selling VMware to those SMBs because almost no one is out there protecting them. Telling them that those KVM resources won't help them or cost too much and that they need "dumbed down" systems because they are small shops.

Out of the box VMware is more powerful than KVM. There's no one claiming that VMware is dumbing down the virtualization.

No. the implication is that the use of the product is dumbed down so that SMBs need fewer / simpler skills and knowledge to run it.

I mean VMware is simpler to use but it's also more powerful right out of the box.