@Danp said in How to use different accounts on the same website/service with profiles:

With Firefox, you also have the option of using the Multi-Account Containers extension.

been using this for 3+ years - damn I just wish Chrome supported it.

@jt1001001

Thank you, about what I expected…. Just needed confirmation.

@JaredBusch said in Fedora 33 SSH Access Denied But Webmin Works Fine:

@scottalanmiller said in Fedora 33 SSH Access Denied But Webmin Works Fine:

Root is disabled by default in SSH configs most of the time.

Not until the last couple years. Sure we always disabled it, but it was not default that way until recently.

Ubuntu disabled it by default in 14.04 (2014) and Debian in version 8 (2015).

This probably coincide when openssh developers decided that disabled should be the default in the source code.

It's up to the distro to set defaults for installed packages so RedHat based distros like Fedora might have been much later.

@scottalanmiller said in Proxmox hates security:

@Pete-S said in Proxmox hates security:

@scottalanmiller said in Proxmox hates security:

@Pete-S said in Proxmox hates security:

I'm not saying Proxmox is insecure, I'm just saying it wasn't designed with security as it's primary focus.
KVM by default for instance is managed by libvirt and by default doesn't open any tcp ports at all. That gives the administrator the option to decide what level of security versus convenience they want.

Ignoring "by default" in that, ProxMox can be the same. You can close everything up and only manage however you like. You don't have to use the web interface on it, it can be totally shut down. Obviously defeating lots of the purpose, but plausible.

I spend far more time on ProxMox via command line via MeshCentral than via the web interface and the web interface, while we don't lock it down from the LAN in most cases (we run a LOT of ProxMox these days) we primarily access it from the PM host itself from a jump box running on top of it for the cases when the web interface is needed. So while we don't go to the degree of locking it off from the LAN, we could and we wouldn't notice the difference most of the time.

That's not a default, so obviously totally different. But it's a really simple setting.

That's good to know.

We don't use gui anymore either but we're moving away from pre-packaged hypervisors and to pure KVM with libvirt compatible management tools.

We have found that to be the best solution for our use case (high degree of automation and customization).

I'd like to see that for sure. There's a lot of benefit to that, potentially at least.

We're automating a lot.

But the real problem is not the automation itself. The real problem is that automation and standardization is time consuming.

New quotes this week...

Planning is only useful when it can be used for preparation.

and

When deploying software we should never be concerned with how long the vendor will continue to provide support, but rather by how soon we get to update.

@JasGot said in What to use for new Windows network domain:

No need for split DNS this way.

That is a huge reason.

Thanks guys, I'll check out AHK.

@Pete-S said in Recommended storage setup for Proxmox VE homelab:

@JaredBusch said in Recommended storage setup for Proxmox VE homelab:

Proxmox requires ZFS if you are going to use the built in replication.

Don't you need more than one server to have any use for replication?

I have the specified setup at two clients. Dell hardware RAID with a ZFS RAID 0 on top of it to get replication working.

@gjacobse said in E-Fax with page-by-page verification:

Have him link to specific regulation, then verify.

@JasGot Do this ^
Because this request is not something that is not required per the ITU T.30. There is a function for a PPS (partial page signal), but it is optional in the standard. That means there is no way to know if any one manufacturer built their unit to use that bit of the standard or not.

@Yonah-S said in JAMF - Thoughts?:

@WrCombs let me know if you need a demo of Jamf.... I have contacts and have sold it many times... I also recommend Block64 as an alternative (depending on what you need)

Thanks! will do

@dbeato said in Zoho Federation, Is It Possible?:

I usually would recommend to us the External Channel like people do with Slack
https://help.zoho.com/portal/en/kb/zoho-cliq/cliq-user-guide/channel/how-to-use-channels/articles/how-do-i-invite-users-from-other-organizations-to-join-an-external-channel

With Cliq you can have group chats as well as external channels and I'm assuming it's the same with Slack.

The recommended approach by Zoho is to use group chats for ad-hoc conversations and to use channels for more permanent team communication.

I think support issues and customer conversation belongs to the one-on-one and group chats while long term project collaboration is best served by channels.

That's why I think most a lot of people can work fine without external channels. You don't get external channels in the free tier of Zoho Cliq.

@dbeato said in Anyone using yubikey, smart card or other hardware device for MFA?:

@Pete-S I have used it for DUo and Office 365 and works well. It makes it so much easier for users that refuse to have a mobile or digital device.

That sounds good. I think I'll order a pair of keys to try it myself.

It's an easy fix. Sometimes the directions for the upgrade don't account for the source location of the APT REPO for ProxMox. Check your /etc/apt files and see where your repo is configured. If you are going from Buster to Bullseye for example, make sure that you have this line somewhere and the error should go away...

deb http://download.proxmox.com/debian/pve bullseye pve-no-subscription

@JasGot said in Slack? What is it?:

@scottalanmiller said in Slack? What is it?:

Think XMPP for the modern era

Are there any intra-office apps for this? We have been using Spark on top of Ignite for many years.

Is there anything you like btter?

That's what we replaced with these tools specifically. Slack, Rocket, Mattermost... those seem to be the best for crossing company boundaries. Cliq, Teams, etc. are great for inside a single controlled company, but don't fare well at going between them. Especially not Teams, what a mess that is.

@krzykat said in Management of NAS for SOHO?:

I really like Synology for this. Plus you get extra little benefits like complete backups of workstations, and then you can backup your critical synology folders to any cloud platform you like including another dedicated Synology for backups.

We like to use the built in B2 integration. Really nice.

@mukky said in ZeroTier Site-To-Site:

Bro @dafyre,
You make my life much easier...
Thank you !!

After soo much hassle to achieved opnsense site2site, i found this posting solve the problems with 2 essential modification as follows:

Two essential step:

Enable IP_Forward:
in free BSD we have to edit /etc/defaults/rc.conf
change from gateway_enable="NO" to gateway_enable="YES"

Set up the Site Routes at the Routers for Site A and Site B
it has configured and implemented in opnsense router section

@dafyre, since no body cover this on opnsense, I think it will wonderful, if you could made this video on youtube as well

Good Luck !!

I was struggeling for a month to figure it out, not much info on internet nor tutorial regarding zerotier for site2site. Eventually i succeed to make it work.

The key point to setting on opnsense are:

you have to install zerotier plugin

you have to make your own network on your zerotier account

you have to enable zerotier on your opnsense and adding zerotier connection in it to join your own network.

you have to assign network for zerotier - dont forget to "check" Enable Interface and Prevent interface removal. Also you have to put static ip with is the same ip address as shown on your zerotier joined network.

you have to put firewall rule for zerotier to accept any incoming traffic

you have to put firewall rule for WAN/ISP to accept any incoming traffic from specific source "Ztier.net"

in some cases it requires booting/restart your opnsense to take effect.

setting above will allow any incoming connection from any remote device via zerotier towards your opnsense ip address. (Ref: opnsense ip address = ip address of WAN/ISP). In result, you can remote access your opnsense via laptop from another city / ISP (laptop must have zerotier connection and joint the same network too). On your laptop you will be able to access your opnsense by its ip address assigned by zerotier.

in the case, for example, there is a NAS behind the opnsense that you want to access remotely,....... then you only have to open your zerotier account and put a route rule there

assumed:

your NAS local ip address: 192.168.5.10

NAS local Network on opnsense: LAN-1

your opnsense ip address assigned by Zerotier: 10.188.22.10

then you have to put firewall rule for LAN-1 to accept any incoming traffic from specific source "Ztier.net"

then you have to add "route" on your zerotier account dashboard:

192.168.5.10/32 via 10.188.22.10

in result from remote laptop you can remote access:

a. opnsense by pointing to 10.188.22.10

b. NAS by pointing to 192.168.5.10

(laptop must have zerotier connection and joint the same network too)

Thats it, good luck !

We deployed a full fleet of Canon printers 4 years ago. We're in the last year of our lease.

I would say they are a solid A. What keeps them from an A+ was that on the desktop MFPs the scanner feeder wasn't great at feeding pages for copies/scans in straight all the time.