Going to pickup dinner for my mother in law who had surgery to remove a very large kidney stone today. Not much else planned for this weekend.
Best posts made by travisdh1
-
RE: Weekend Plans
-
RE: Another RDS server?
@Mario-Jakovina said in Another RDS server?:
@JaredBusch said in Another RDS server?:
None should have 8 because of his CPU only have 8 cores.
Does it mean that in my case (4-core CPU) VM should use only 3 vCPU even if it is only VM on the host?
Yes, this is correct.
@JaredBusch said in Another RDS server?:
Basically, everything should be only 1 or 2 vCPU unless specifically noted otherwise.
For DB servers and RDS servers, we use all available cores to better serve more users at the same time. Is something wrong with that?
While you can assign all cores to every virtual machine, it is a horrible idea. The virtual machines will be doing next to nothing but waiting on each other to finish background processes.
Check out
https://www.hpe.com/us/en/insights/articles/10-virtualization-mistakes-everyone-makes-1808.html
and
https://www.sqlskills.com/blogs/jonathan/cpu-ready-time-in-vmware-and-how-to-interpret-its-real-meaning/
if you want to know why. -
RE: Weekend Plans
County fair starts tomorrow, but we're not going till Monday.
-
RE: Another RDS server?
@Mario-Jakovina said in Another RDS server?:
@travisdh1 said in Another RDS server?:
@Mario-Jakovina said in Another RDS server?:
@JaredBusch said in Another RDS server?:
None should have 8 because of his CPU only have 8 cores.
Does it mean that in my case (4-core CPU) VM should use only 3 vCPU even if it is only VM on the host?
Yes, this is correct.
Does it mean than in 1:1 virtualisation, you always "lose" one core?
Ah, I was thinking you had both VMs running on a single host. My bad.
-
RE: What Are You Doing Right Now
@gjacobse said in What Are You Doing Right Now:
Pains me to say - I may be going 'consumer grade' for a router as I now find that my 16port switch is lost as well.
This is due to cost and turn around.
You can still find 16 port switches for reasonable cost, they're just harder to find. I recently got a 16 port PoE TPLink switch from Amazon that wasn't overpriced or impossible to actually get.
Why would you consider consumer grade routers? At the very least, you can get ER-X from MicroCenter. There are a few other quality options around that are better than consumer c*** now as well.
-
RE: Ipad guru for Site connectivity issue
@wrcombs said in Ipad guru for Site connectivity issue:
@dustinb3403 said in Ipad guru for Site connectivity issue:
@wrcombs He's facepalming the fact that someone, thought adding APs (regardless of settings) would fix the issue.
In particular the fact that these are so close together.
I couldn't tell if it was directed at me for saying "nope.." or if it was directed at the APs (which is exactly what I did when I looked at the APs.. by the way)
It was directed at the APs, specifically after you answered that there are no obstructions between the two.
-
RE: What Are You Doing Right Now
@nadnerB said in What Are You Doing Right Now:
@dbeato said in What Are You Doing Right Now:
@nadnerB Haven't had that much bad luck with them as switches goes and they have lasted more than Dell and HP for us.
When other people have bought TP-Link kit, it's been pretty good.
At work (pre-merger) we had some things that APs, switch etc, they seemed to keep going.
Opposite story at home I've had, i think I'm up to, 3 DOA modem routers, and one that was dieing a slow death. IMO, I have bad luck with TP-Link, so I've stopped buying their stuff.Other people don't seem to have the issue.
Any of their home gear (routers, modems, etc) is generally trash.
Switches and enterprise gear is much better.
I've heard good things about their Omada products as well, but haven't used any yet myself.
-
RE: UniFi Product stream
@wirestyle22 said in UniFi Product stream:
@travisdh1 said in UniFi Product stream:
I forget off the top of my head which device it is,
The UniFi Access system consists of four elements:
UA Controller: The control center for your Access system, hosted on the UniFi Dream Machine Pro (UDM-Pro). Your UA controller is easily upgradable and offers a host of features that simplify access policymaking as well as personnel, space, and device management.
UA-Hub: A secure I/O hub that authenticates inputs registered by your Access readers (UA-Pro & UA-Lite), push buttons, and sensors. Your UA Hub can also control door locks, alarms, and motorized door openers.
UA-Pro and UA-Lite: The Access system's card or motion reading devices that unlock doors with a swipe of an NFC card or NFC-enabled mobile phone. Please refer to the Current and Future Access Modes section below for more information on current and future access methods.
UA-Card: A NFC card that is specific to your Access system and encrypted with a special algorithm that cannot be replicated, unlike other NFC cards. Your Access system will support any NFC card, so you can retain your current access cards.
It was the Dream Machine Pro I was thinking of. The reviews I've seen all say that if you have to buy a Dream Machine Pro just for the access control that you're better off going with the competition who's overall price will be lower.
-
RE: Weekend Plans
I just got a ticket for Ohio Linux Fest. I'll only be able to attend Saturday, but looks like some interesting things happening.
https://olfconference.org/ if anyone else is interested.
-
RE: Re-add Server/Computer to AD
@scottalanmiller said in Re-add Server/Computer to AD:
@siringo said in Re-add Server/Computer to AD:
@scottalanmiller Ah yes. Just got onto the console with Mesh Central.
Still don't have an account to log in with though.
We use the terminal to make local admin accounts all the time. It's the best.
net user /add account password
ornet user /add account *
And better not forget a local admin
net localgroup administrators /add account
-
RE: What Are You Doing Right Now
@scottalanmiller said in What Are You Doing Right Now:
@nadnerB said in What Are You Doing Right Now:
@travisdh1 said in What Are You Doing Right Now:
Cursing the existence of SIP-ALG.
The only way to disable it on a FortiGate is the command line. I'm fine with that, but most people won't even be aware it exists and is turned on!
Interesting choice to exclude that from their interface.
Even an alert to confirm that you want it left on would be better than completely excluding it.This implies to me that they are getting paid by ISPs or similar vendors to create problems on their behalf.
Wouldn't surprise me. They're pricing structure reminds me of Cisco, you have to license the most basic stuff.... 2fa, that's an additional license!
-
RE: Virtualization Host
@brandon220 said in Virtualization Host:
@irj It requires 10g networking to the data repository for performing analytics on collected data. There will be large amounts of data eventually. The software developer requires 8 cores and 32g of ram minimum. I don't see how that much compute can be done in containers. I don't use them so I can't speculate on how well or not it would work.
10g network to the data repository? That shouldn't even come into the conversation here, at all, ever. Single server should be local storage only, I can almost guarantee this application is not anything special that would change that standard rule. If they have to have shared storage, I'd use another VM on the host with an NFS share.
As for the choice of hypervisor to use, either KVM or Proxmox should be fine. Converting the virtual drives will be the same for either one.
Or just tell them your running bare metal and use a VM anyway if you don't want to deal with converting the vdisk.
-
RE: What Are You Doing Right Now
Cursing the existence of SIP-ALG.
The only way to disable it on a FortiGate is the command line. I'm fine with that, but most people won't even be aware it exists and is turned on!
-
RE: Changing subnet mask?
@irj said in Changing subnet mask?:
@travisdh1 said in Changing subnet mask?:
@irj said in Changing subnet mask?:
@siringo said in Changing subnet mask?:
Sorry if this is a dumb question but ...
Inherited an old SBS network which has been upgraded, but is still using the 10.0.0.0 /8 setup.
I was thinking of changing the subnet to /24.
Currently all devices still have 10.0.0.x addresses.
Some of the their network gear is managed and I need to arrange with them to change settings within their Cisco gear to /24.
If I get the Cisco gear changed, prior to me changing the servers, PCs, printers etc to /24 will everything remain working??
For example, If I get the Cisco gear changed to /24 on weekend 1, will everything still communicate & work fine until I can change the other gear on weekend 2??
I know the subnets are different, but with all devices having 10.0.0.x addresses I'm thinking they still may be seen by the /24 devices????
Does that make sense?
Create /24 VLANs. Separate severs, printers, workstations with different VLANs. Then you can block workstations from even seeing server VLAN.
Seems like a lot of work with no business need from what we know.
Can you expand on this?
How is this alot of work and how is there no business need to segregate important data?
Because in my experience data security is pretty damn important from a business perspective.
You're conflating VLANs with security. VLANs themselves provide zero additional security, just network segmentation. It takes seconds for someone with network access to scan for any active VLAN and tag packets with different ones.
If you want additional security, you need to move to a zero trust model.
-
RE: What Are You Doing Right Now
Finally updated my laptop. Now running Fedora 37, and have a few Steam games installing. So much easier than previous versions of Fedora I tried Steam on.
-
RE: Changing subnet mask?
@stacksofplates said in Changing subnet mask?:
@dashrender said in Changing subnet mask?:
@travisdh1 said in Changing subnet mask?:
@jaredbusch said in Changing subnet mask?:
@travisdh1 said in Changing subnet mask?:
You're conflating VLANs with security.
You need to realize who you are talking to.
@IRJ is probably the most skilled security person on the community.
I know this, and statements like he made give me headaches after having to explain to other people that VLAN does nothing for security if you don't have firewall/access rules as well.
The types of places @IRJ has worked at, I agree that it would be insane to have a flat network.
This is my thoughts - most small businesses don't need/want more complexity than a flat network.
Most small businesses don't want to deal with ransomware. What they want is immaterial. They should be doing what they need.
Yep, and most small businesses shouldn't be running their own server in the first place, and most of our clients are actually moving to all hosted services. So no need to segment the network.
-
RE: What Are You Doing Right Now
@siringo said in What Are You Doing Right Now:
what's another reputable pwd manager??
Bitwarden is what I chose. It has all the basic features needed in the open-source version. I chose a paid tier, but you are able to host it yourself if you wish.
-
RE: Changing subnet mask?
@stuartjordan said in Changing subnet mask?:
@travisdh1 I wouldn't host with Microsoft's Azure due to their costs, well accept for 365 for small businesses.
But there are many other server hosting places that are reliable including amazon, digital ocean and vultr for VM's and OVH, Hestner for dedicated. hell you can even colo in the uk for about £50-60 per 1u. I've seen a 5u rack for about £100 the other day.I wouldn't either. They all use Office 365 and get everything they need via services offered with Office 365 already. No need to pay more for a VM to do anything.
Now, if it was me doing the selling/planning I'd be using Zoho Office rather than Office 365, but I have no say in that stuff.
-
RE: What Are You Doing Right Now
@siringo said in What Are You Doing Right Now:
@travisdh1 I recently looked at changing from LP, but I found they were priced similarly to everyone else.
I'll change my master & banking pwds, but don't think I'll worry about all my pwds.
Bitwarden is $10/year for the Personal Business account, LastPass was costing me $36/year for the Personal Premium.
-
RE: Windows 10 - No internet?
@wrcombs We have a client that's complaining about this. Wish I could prevent their desktops from complaining.
They actually do have an issue with phones, both Android and iOS, will say that wireless has no internet and refuse to work even when all the other wirelessly connected devices are fine. It's been a bit of a head scratcher for us.