@Pete-S said in WordPress Site Lost Its Mind - Ten Minutes of Maintenance Over and Over Again:

This is how you do that:
https://developer.wordpress.org/plugins/cron/hooking-wp-cron-into-the-system-task-scheduler/

Nice, good info. Thanks.

@scottalanmiller said in Bind Linux Process to Well Known Web Ports When Not Root:

If you have ever tried to run a user space program on Linux with a port below 1024 you know that this is a security problem and you are not allowed to do so. There is a simple fix for this, but it is not well known.

Once you know the binary that you will be using to open the low number (well known) port you can use this command to grant it permission to use these ports without otherwise compromising security.

setcap cap_net_bind_service+ep /my/binary/file

Now you can run your application. This is most commonly used for user space web applications that want to use port 80 or 443 without requiring that you run a reverse proxy in front of them.

Good to know!

I found this as an example of how to use it and also commands to remove the permission:
https://cwiki.apache.org/confluence/display/HTTPD/NonRootPortBinding

The setcap utility seems to be available in the libcap2-bin package on debian distros.

I haven't checked if it's installed by default.

@IRJ said in Helpdesk - PC replacement routines:

@scottalanmiller said in Helpdesk - PC replacement routines:

@IRJ said in Helpdesk - PC replacement routines:

The Helpdesk team exists to be a human shield for users. Your main job is keep users away from the rest of IT. Customer service and user support is the job. Since your Helpdesk should be made up of entry level with fair turnover, I'm not sure you're gonna ever be efficient nor is that really the goal.

I started in Helpdesk as did many others I've met in higher IT positions. The employees that you have that are really good are not meant to stay there too long. If your company doesn't have the foresite to promote top performers, they will just leave and go somewhere else.

The TLDR is Helpdesk is supposed to be a a human shield for IT. It should be a starting place for aspiring IT professionals, and if they are knowledgeable enough to improve these processes they won't be around long (one way or another).

That said, some people like the interaction and choose to stay there. But that's not the norm. But even then, it's a customer service role for sure and "performance" will always be difficult. In fact, you might dislike performance if it means less human interactions with end users.

Yep. I've seen it. There's one guy that I worked with that just loved everything about Helpdesk. Far more capable than the desk. He could be working with servers, cloud, etc. He just decided he loved what he was doing and stayed there for many years. I kept in touch for many years beyond us working together and he was always there. Big fish in little pond so to speak, and I think he likes that.

We've had staff like that. Pure gold if you find them. Someone actually happy with "what they are doing."

@Danp said in How to use different accounts on the same website/service with profiles:

With Firefox, you also have the option of using the Multi-Account Containers extension.

been using this for 3+ years - damn I just wish Chrome supported it.

@jt1001001

Thank you, about what I expected…. Just needed confirmation.

@JaredBusch said in Fedora 33 SSH Access Denied But Webmin Works Fine:

@scottalanmiller said in Fedora 33 SSH Access Denied But Webmin Works Fine:

Root is disabled by default in SSH configs most of the time.

Not until the last couple years. Sure we always disabled it, but it was not default that way until recently.

Ubuntu disabled it by default in 14.04 (2014) and Debian in version 8 (2015).

This probably coincide when openssh developers decided that disabled should be the default in the source code.

It's up to the distro to set defaults for installed packages so RedHat based distros like Fedora might have been much later.

@scottalanmiller said in Proxmox hates security:

@Pete-S said in Proxmox hates security:

@scottalanmiller said in Proxmox hates security:

@Pete-S said in Proxmox hates security:

I'm not saying Proxmox is insecure, I'm just saying it wasn't designed with security as it's primary focus.
KVM by default for instance is managed by libvirt and by default doesn't open any tcp ports at all. That gives the administrator the option to decide what level of security versus convenience they want.

Ignoring "by default" in that, ProxMox can be the same. You can close everything up and only manage however you like. You don't have to use the web interface on it, it can be totally shut down. Obviously defeating lots of the purpose, but plausible.

I spend far more time on ProxMox via command line via MeshCentral than via the web interface and the web interface, while we don't lock it down from the LAN in most cases (we run a LOT of ProxMox these days) we primarily access it from the PM host itself from a jump box running on top of it for the cases when the web interface is needed. So while we don't go to the degree of locking it off from the LAN, we could and we wouldn't notice the difference most of the time.

That's not a default, so obviously totally different. But it's a really simple setting.

That's good to know.

We don't use gui anymore either but we're moving away from pre-packaged hypervisors and to pure KVM with libvirt compatible management tools.

We have found that to be the best solution for our use case (high degree of automation and customization).

I'd like to see that for sure. There's a lot of benefit to that, potentially at least.

We're automating a lot.

But the real problem is not the automation itself. The real problem is that automation and standardization is time consuming.

New quotes this week...

Planning is only useful when it can be used for preparation.

and

When deploying software we should never be concerned with how long the vendor will continue to provide support, but rather by how soon we get to update.

@JasGot said in What to use for new Windows network domain:

No need for split DNS this way.

That is a huge reason.

Thanks guys, I'll check out AHK.

@Pete-S said in Recommended storage setup for Proxmox VE homelab:

@JaredBusch said in Recommended storage setup for Proxmox VE homelab:

Proxmox requires ZFS if you are going to use the built in replication.

Don't you need more than one server to have any use for replication?

I have the specified setup at two clients. Dell hardware RAID with a ZFS RAID 0 on top of it to get replication working.

@gjacobse said in E-Fax with page-by-page verification:

Have him link to specific regulation, then verify.

@JasGot Do this ^
Because this request is not something that is not required per the ITU T.30. There is a function for a PPS (partial page signal), but it is optional in the standard. That means there is no way to know if any one manufacturer built their unit to use that bit of the standard or not.

@Yonah-S said in JAMF - Thoughts?:

@WrCombs let me know if you need a demo of Jamf.... I have contacts and have sold it many times... I also recommend Block64 as an alternative (depending on what you need)

Thanks! will do

@dbeato said in Zoho Federation, Is It Possible?:

I usually would recommend to us the External Channel like people do with Slack
https://help.zoho.com/portal/en/kb/zoho-cliq/cliq-user-guide/channel/how-to-use-channels/articles/how-do-i-invite-users-from-other-organizations-to-join-an-external-channel

With Cliq you can have group chats as well as external channels and I'm assuming it's the same with Slack.

The recommended approach by Zoho is to use group chats for ad-hoc conversations and to use channels for more permanent team communication.

I think support issues and customer conversation belongs to the one-on-one and group chats while long term project collaboration is best served by channels.

That's why I think most a lot of people can work fine without external channels. You don't get external channels in the free tier of Zoho Cliq.

@dbeato said in Anyone using yubikey, smart card or other hardware device for MFA?:

@Pete-S I have used it for DUo and Office 365 and works well. It makes it so much easier for users that refuse to have a mobile or digital device.

That sounds good. I think I'll order a pair of keys to try it myself.

It's an easy fix. Sometimes the directions for the upgrade don't account for the source location of the APT REPO for ProxMox. Check your /etc/apt files and see where your repo is configured. If you are going from Buster to Bullseye for example, make sure that you have this line somewhere and the error should go away...

deb http://download.proxmox.com/debian/pve bullseye pve-no-subscription

@JasGot said in Slack? What is it?:

@scottalanmiller said in Slack? What is it?:

Think XMPP for the modern era

Are there any intra-office apps for this? We have been using Spark on top of Ignite for many years.

Is there anything you like btter?

That's what we replaced with these tools specifically. Slack, Rocket, Mattermost... those seem to be the best for crossing company boundaries. Cliq, Teams, etc. are great for inside a single controlled company, but don't fare well at going between them. Especially not Teams, what a mess that is.