@Pete-S said in XO-Lite beta:

@travisdh1 said in XO-Lite beta:

Link to original article: https://xcp-ng.org/forum/topic/4731/xen-orchestra-lite/5

Found this while watching Lawrence Systems Thursday live stream. Most areas of the interface still say (coming soon), but you can do basic tasks for VMs on the host.

I don't know what to think about this web ui feature. There is already a TUI interface for basic management - which you can operate from the console or ssh. Perfect when installaing hypervisors and basic things (like changing network settings, starting stopping VMs etc) because you can use it over IPMI.

And there is the xcp-ng center Windows desktop app, which has all the features that is part of the Xen and the hypervisor itself. Developed by Citrix but not part of Vates' (company behind XO and xcp-ng) business model though.

And there is Xen Orchestra (XO) web app from Free to Enterprise if you want support and the fully unlocked community edition if you don't need support. There you can do things that are not actually part of Xen and the hypervisor itself, like replication. Runs in a VM, not on the hypervisor itself. But there are options to deploy it with a click.

I think the big difference between what XO Lite will be and the web TUI is that you don't need console access, just hit the IP address via a web browser. With how so many other things are moving to the web browser to work or manage, I think it's a good thing for them to be doing.

I also think having XO Lite available will make XCP-NG more approachable for less experienced techs. I'll still use XO to manage my XCP-NG servers, but XO Lite will make that initial server rollout and XO install more approachable.

@travisdh1 Installation note from Oliver

olivierlambertolivierlambert VATES 🪐 FOUNDER & CEO 🦸 Jun 30, 2021, 12:27 PM
@gskger To answer about the availability: in fact, it's already working, but very very very basic for now. I'd like to have something "not ugly" to start, even with not a lot of features, so let's say end of this summer

But if you can't hold until then, it's pretty easy to test:

Create a /opt/xensource/www/xolite.html file
Put that inside:
<!DOCTYPE html>
<html lang="en" class="no-js">
<head>
<meta charset="utf-8" />
<meta
name="viewport"
content="width=device-width, initial-scale=1, shrink-to-fit=no"
/>
<meta name="theme-color" content="#cc584c" />
<title>XoLite</title>
</head>
<body>
<noscript>You need to enable JavaScript to run this app.</noscript>
<div id="root">The application is loading…</div>
<script src="https://lite.xen-orchestra.com/dist/index.js"></script>
</body>
</html>
Go in your host IP address <host address>/xolite.html
That's it!

edit: until the XAPI fix is in 8.2 or 8.3, consoles only work with Chrome.

Link to original article: https://xcp-ng.org/forum/topic/4731/xen-orchestra-lite/5

Found this while watching Lawrence Systems Thursday live stream. Most areas of the interface still say (coming soon), but you can do basic tasks for VMs on the host.

@WrCombs said in What Are You Doing Right Now:

need more coffee. lol

I think it's about time for a coffee run.

Doing a full backup of the home lab server. Got new SSD drives to double the storage in it. 4x Patriot Burst Elite, not suitable for a production server, but good enough to let me do more things in a lab environment.

@Danp said in Printer Recommendations??:

@jt1001001 said in Printer Recommendations??:

High volume (500 pages/month B&W)

Is that really considered high volume? Personally, I would put that in the low volume category.

I agree, high volume would be more like 500 pages per day.

That said, I've had good luck with Xerox's solid ink printers in the past. ~2 million pages in 2 years with them at a previous job. Xerox ColorQube 8700 or 8900 are the current multifunction models.

@JasGot said in Slack? What is it?:

I am looking at Slack for a customer. I've never used or seen it. I hear about it all the time, and I know many people here use it regularly.

The sole purpose for looking at Slack for this customer is to send appointment reminder vis SMS using Skyetel's "Postcards for Slack" feature.

Has anyone done this? Is it a good option, or should I be looking at other options?

Do they want to start using a dedicated chat app?

If yes, have they evaluated options besides Slack? (RocketChat, etc.)

Slack IS NOT SMS. If they want to send reminders via SMS, just use Postcards. No reason to introduce more complexity than needed.

Edit: That all assumes you have input instead of being told to just do it.

@Pete-S said in Manage domains and DNS for customers?:

Is there a good way to manage domain renewals and DNS settings on behalf of a customer?

Basically handle everything and then invoice the customer. But the customer should still legally own the domain(s).

Generally, have them purchase the domain and add you as an admin user. I've done this with Cloudflare a number of times.

@RojoLoco said in What Are You Doing Right Now:

Coffee and science...

Everyone back up, @RojoLoco is trying science.

@EddieJennings said in What Are You Doing Right Now:

@travisdh1 said in What Are You Doing Right Now:

@EddieJennings said in What Are You Doing Right Now:

Chatting with Tmobile Home Internet via Twitter about WAN issues. Still better than DSL :).

Have they been able to figure out why wired speed only ever gets ~40Mbps when wireless gets 200+Mbps for you? I'm still trying to get that fixed.

Still better than DLS here as well.

The 3 mbps DSL limit I had was because of distance from a central office.

I'm able to get 60Mbps/5Mbps DSL, but it's also the most expensive in the area.

@EddieJennings said in What Are You Doing Right Now:

Chatting with Tmobile Home Internet via Twitter about WAN issues. Still better than DSL :).

Have they been able to figure out why wired speed only ever gets ~40Mbps when wireless gets 200+Mbps for you? I'm still trying to get that fixed.

Still better than DLS here as well.

@scottalanmiller said in I Cant Even...:

I love dealing with someone who has a DEGREE in Cybersecurity, claims to be an experienced system administrator, yet doesn't even know what an SPF record is for email and leaves it blank - even after being taught how to do it. And then puts the wrong data in from the wrong vendor because they don't know how to follow directions or what it is for.

The number of people that have no idea what SPF or DKIM are is just crazy. Nobody I've tried to deal with either has had a clue what I was even talking about.

@siringo said in What Are You Doing Right Now:

what's another reputable pwd manager??

Bitwarden is what I chose. It has all the basic features needed in the open-source version. I chose a paid tier, but you are able to host it yourself if you wish.

@siringo said in What Are You Doing Right Now:

@travisdh1 I recently looked at changing from LP, but I found they were priced similarly to everyone else.

I'll change my master & banking pwds, but don't think I'll worry about all my pwds.

Bitwarden is $10/year for the Personal Business account, LastPass was costing me $36/year for the Personal Premium.

@JaredBusch said in What Are You Doing Right Now:

@Dashrender said in What Are You Doing Right Now:

@travisdh1 said in What Are You Doing Right Now:

@Obsolesce said in What Are You Doing Right Now:

@travisdh1 said in What Are You Doing Right Now:

@Obsolesce said in What Are You Doing Right Now:

Time to change all of my passwords and get rid of LastPass

https://nakedsecurity.sophos.com/2022/12/23/lastpass-finally-admits-they-did-steal-your-password-vaults-after-all/

Time to replace Lastpass was years ago when they started tracking everyone.

Really, this isn't a reason to panic and change ALL your passwords unless you don't trust how Lastpass was designed.... If that's the case, why were you using it in the first place? Change your master password, done.

Read the article.

I haven't read this specific article, but I have seen lots of panic reporting saying "Change all your passwords right now!"

Which is only good advice if you've got a bad master password and no 2FA enabled.... Do the basic security things that you should be doing already, and no problem exists.

@Obsolesce is right - read it.

but since most won't - the hackers got into a backup of LP, they had access to all encrypted vaults. This means they can run hashes against the dbs offline, no MFA required.

Now sure, if you had a good LP password in the first place, this is much less of an issue, but not a zero issue situation.

Try understanding the facts of the technology.

Assuming you are not some idiot with a weak and/or reused master password, your vault is basic bulletproof. You have years to reset anything in the vault that you want reset.

Even the article linked by @Obsolesce does not say you need to change all your passwords, assuming you have your vault setup securely to LP recommended defaults.

I've read a number of other articles saying to go change all your passwords right away, so sounds like this one actually got it right.

This breach is no different than any other. Changing from LastPass because of it is a stupid over reaction.

Changing from LastPass because they are part of LogMeIn? I'm 100% behind that. But I'm lazy.

I had been meaning to move since LogMeIn added the tracking junk in, and the cost compared to the competition finally got me to switch.

@Dashrender said in What Are You Doing Right Now:

@travisdh1 said in What Are You Doing Right Now:

@Obsolesce said in What Are You Doing Right Now:

@travisdh1 said in What Are You Doing Right Now:

@Obsolesce said in What Are You Doing Right Now:

Time to change all of my passwords and get rid of LastPass

https://nakedsecurity.sophos.com/2022/12/23/lastpass-finally-admits-they-did-steal-your-password-vaults-after-all/

Time to replace Lastpass was years ago when they started tracking everyone.

Really, this isn't a reason to panic and change ALL your passwords unless you don't trust how Lastpass was designed.... If that's the case, why were you using it in the first place? Change your master password, done.

Read the article.

I haven't read this specific article, but I have seen lots of panic reporting saying "Change all your passwords right now!"

Which is only good advice if you've got a bad master password and no 2FA enabled.... Do the basic security things that you should be doing already, and no problem exists.

@Obsolesce is right - read it.

but since most won't - the hackers got into a backup of LP, they had access to all encrypted vaults. This means they can run hashes against the dbs offline, no MFA required.

Now sure, if you had a good LP password in the first place, this is much less of an issue, but not a zero issue situation.

I agree with Obsolesce - it's time to reset all passwords. The question for me is - is it time to change password managers?

I'm probably going to change - which also means changing many people at my company - ug damn I'm going to have a lot of people saying - "see - told you having all of your passwords in a one place was bad" /sigh.

I had already started transitioning to Bitwarden, so doesn't change much for me.

I know they got the backups of the encrypted blobs. Again it comes down to 1: Do you have a good master password and 2: Do you trust LastPass' implementation of their code?

@Obsolesce said in What Are You Doing Right Now:

@travisdh1 said in What Are You Doing Right Now:

@Obsolesce said in What Are You Doing Right Now:

Time to change all of my passwords and get rid of LastPass

https://nakedsecurity.sophos.com/2022/12/23/lastpass-finally-admits-they-did-steal-your-password-vaults-after-all/

Time to replace Lastpass was years ago when they started tracking everyone.

Really, this isn't a reason to panic and change ALL your passwords unless you don't trust how Lastpass was designed.... If that's the case, why were you using it in the first place? Change your master password, done.

Read the article.

I haven't read this specific article, but I have seen lots of panic reporting saying "Change all your passwords right now!"

Which is only good advice if you've got a bad master password and no 2FA enabled.... Do the basic security things that you should be doing already, and no problem exists.

@Obsolesce said in What Are You Doing Right Now:

Time to change all of my passwords and get rid of LastPass

https://nakedsecurity.sophos.com/2022/12/23/lastpass-finally-admits-they-did-steal-your-password-vaults-after-all/

Time to replace Lastpass was years ago when they started tracking everyone.

Really, this isn't a reason to panic and change ALL your passwords unless you don't trust how Lastpass was designed.... If that's the case, why were you using it in the first place? Change your master password, done.

@scottalanmiller said in Non-IT News Thread:

I've always taken a lot of flack for being "anal" about keeping toilet lids closed. New study shows what people should have known all along because it is obvious...

https://www.cnn.com/videos/health/2022/12/19/flush-toilet-no-lid-lbb-cprog-orig.cnn

Mythbusters proved this YEARS ago. @Obsolesce yes, with standard home toilets.