@Frank-Karlitschek said in Nextcloud AMA!!:

@Dashrender Not sure what you mean? A way to safe into Nextcloud directly from the Office Safe Dialog? This is of course possible. Just safe in a specific folder that is then synced to the server with the Desktop Client. Is this what you mean?

While what you explained is possible, that sync client puts all the files at risk of a cryptoware attack.

What I am specifically looking for/asking about is an API that plugs-in to MS Office to save directly to the server without the sync client, like MS Office has for Sharepoint. Access through an API like this significantly reduces the ability of cryptoware to affect the files through this avenue.

@scottalanmiller said in Time to gut the network - thoughts?:

@Dashrender said in Time to gut the network - thoughts?:

Well then I have to assume that the continued chorus line of "we recommend you put the VOIP phones on their own VLAN for QoS" is showing that they are uneducated in modern networking, no?

This falls into the same general category of "The average of any market is poor. The average business will fail. The average system deployment is expensive, slow and insecure. The average advice is just a sales pitch, not good advice. And on, and on."

Nothing should ever be considered "good" because it is popular. If anything, the popularity of an idea, product or concept should put it under more scrutiny, not less.

Well given what I know now, we should dump them as a vendor because, supposedly, they don't know squat about networking. But let's assume a typical business, they need a phone system, they open the phone book and call and get a few quotes. Let's assume the vendors at least go as far as to interview the customer to find the best fit. Now assume both prices come in at roughly the same cost - now what? All you can do as a typical business is TRUST that whomever you pick knows what they are doing and does the right thing.

@coliver said in Windows Server 2016 Pricing:

@crustachio said in Windows Server 2016 Pricing:

@JaredBusch said in Windows Server 2016 Pricing:

Of course anyone running more than 2x8 core will pay more. But then no one in the SMB really needs more than that. They certainly do not generally need data center in the first place.

What workloads do you have that you need so many cores?

ESXi 6.0.2 running VSAN and quite a few VMs.

We're in the middle ground between SMB and Enterprise. I can understand a simple SMB just running a handful of VMs never needing more than 2x8. And then a full scale enterprise with many hosts who can negotiate licensing. But we're in the middle... several dozen VMs spread across a handful of hosts.

Yep, unfortunately you're in the range where this change does the most damage.

i thought I read somewhere that you would get grandfathered in if you are running more cores than the new licensing comes with by default. anyone else read that? Of course this only matters if you have Softwrae Assurance

@stacksofplates said in MS - you're killing me. WSUS issues:

@Dashrender said in MS - you're killing me. WSUS issues:

@stacksofplates said in MS - you're killing me. WSUS issues:

@Dashrender said in MS - you're killing me. WSUS issues:

@stacksofplates said in MS - you're killing me. WSUS issues:

Can't you do snapshots on them before you update so you don't have to do a full reinstall?

On the PCs?

The full reinstall has to be done on the Windows 10 clients.

Right. I snapshot our root partitions before I update. That way if something is borked I can just merge the snapshot and reboot the workstation.

I don't run VDI, so I don't have a snapshot mechanism. Sure I could run clonezilla or Veeam EndPoint Protection, but on 110 devices, before deploying updates? yeah I think not.

Huh? Doesn't MS's dynamic disks or whatever that crap is called do snapshots?

I'm talking about snapshots on the physical machine.

Not that I know of. As Scott said, there is VSS, which on the client side is mainly around your My Documents directory. But then there is System Restore Points. But that's still a pretty huge hassle compared to what you do on a server.

@Jason said in Latest from Lenovo - locked in to Windows:

@Dashrender said in Latest from Lenovo - locked in to Windows:

OH, when did buying MS Signature edition PCs become a thing at Best Buy?

Sales. Microsoft pays for some of it. maybe even gives the windows license free not sure.

To the best of my knowledge, MS Signature edition PCs are only sold directly through MSs site or through an MS store.

Are you saying you can buy MS Signature Edition PC's in other places now?

@Jason said in Alternatives to LMI:

@Dashrender said in Alternatives to LMI:

An agentless connection means using something that's already on the machine... Pretty sure that limits you to RDS.

No it doesnt

Can you provide an agentless no end user solution? I'm all ears. LMI definitely cant. If the agent isn't there LMI cant connect without the user there.

@anthonyh said in PCI over Ethernet?:

@scottalanmiller said in PCI over Ethernet?:

@anthonyh said in PCI over Ethernet?:

@aaronstuder said in PCI over Ethernet?:

@anthonyh said:

PBX In A Flash.

Why?

Why not? Except for this very specialized scenario, PIAF has worked beautifully and has saved us a shit ton of $$$$.

Saved you money compared to the standard alternatives of FreePBX or Elastix which are also free and their IVRs are very simple to use?

I'm confused. My understanding is PBX In A Flash is a variant of FreePBX. In fact the web interface says "FreePBX" all over it???

To me that makes me ask - why not just use FreePBX then? what made PIAF better than FreePBX? I'm asking since I have no clue.

so it's still not working with PHP 7.x?

Please stop saying that I'm claiming that faxes are more secure. I'M Not!

I guess I'll just say, as long as Faxing is grandfathered in, the rest doesn't matter because the expense and complexities of using encrypted email (think PGP or password encrypted zip) won't replace it.

I'm absolutely willing to capitulate the grandfathering is the main, perhaps only, reason it's allowed.

@tonyshowoff said in Faxing:

@Dashrender said in Faxing:

email goes over an unencrypted network that can be easily tapped by spies.

That's pretty unusual these days, and is typically a way to get your email flagged as spam. Server to server SMTP is basically always encrypted now, and client server rarely isn't.

Ok sure, this is generally true, but it's meaningless. it's simply the transfer from one host to another than encrypted. There's no verification that the receiving host is in fact the needed destination host, a MITM could have a host reading everything as it's passing it along to someone else. So sure casual observers are blocked.. but a bad actor like a a government or even an ISP could easily intercept all of that SMTP traffic, pretend to be that SMTP server, accept the mail and then forward it on.

Tapping a POTS line (not a SIP trunk) is much harder and requires local access to the end points, or hacking into the phone companies systems. These alone in my opinion make it more secure - nothing Scott or anyone else has said why an email sent over the internet is more secure than this situation.

That doesn't even matter, because with fax since there's no end to end encryption or authentication, there's situations like that PHI leak several years ago where a Pizza Hut accidentally was faxed tons of medical records. Anyone can read anything, there's no guarantee of who is or who is not seeing it, or even that it arrives. At least emails can bounce back.

You're talking about a small chance of something happening. Again this was more likely a cause because the medical placed had Pizza Hut on speed dial for ordering lunch. But even if that wasn't the case, and the accidental wrong dialing did just so happen to hit upon a life fax line, you're still limited to something like 1 page a min for faxing. While it's possible to send hundreds of pages of faxes.. it's just not that common. So while a problem, the risk of large exposure is small.

As for the fax printing out on a MFP sitting in the middle of the office. Sure, so this is one area where email clearly wins out. Though in my case, in medical cases, there are very little if any limitations on who can/should be able to see anything medical coming in on the fax machine.

That's not true in most environments though, plenty of doctors' offices and other places have the machines sitting there. A pharmacy I used to go to in Kansas had their fax machine to where one could reach over the counter and pull out anything. I couldn't authenticate on their auto-locking terminal though.

While I'm sure this is true in a great many places - that's their problem, not faxes fault for stupid placement.

Sending an email to a single person wouldn't be an acceptable solution for us. We need to make sure we have a team of people who are responsible for accepting and processing faxes. They shouldn't not get handled just because someone is on vacation, etc.

Group mailboxes are not that new of a concept.

Of course they aren't, I suppose if a group box allowed only one copy of the incoming document to be shown to prevent duplicated work, that would be an idea there. At least with the faxes, there's typically only one paper copy (to start with) or one copy in the network location. Unlike it being sent to 10 people.. and the other 9 have no idea if you handled the fax or not already.

@Jason said:

@Mike-Davis said:

Would a google doc form be a viable alternative? I'm in the process of helping them sign up for Google Docs for Non Profits.

If you had a need for it to be encrypted I don't think Google would be the right choice.

it might be if you can limit who has read access to the saved data. I know you can create a form that saves the data into a sheet that the rest of the world can't see.

@coliver said:

@Breffni-Potter said:

At the end of the day, this is a money grab. There are many other ways to deal with the security issue around the finger print sensor besides out-right breaking the whole device.

This is my thinking too. Apple forces people to pay for a certification, then forces them to only use Apple parts, then locks-in their users to only use that process.

It's hard not to see this as a money grab considering the could have simply disabled the fingerprint reader instead of bricking the phone.

I'm all for requiring Apple only parts in a situation like this.

also, I suppose it's possible that replacing the button also requires replacing the mobo so they are matched.

But replacing the button as part of broken glass - now that's going to far and will cause huge problems for Apple, just like IE did for MS.

@marcinozga said:

I really want Apple to get hit with lawsuits and high fines, just to teach them a lesson, but on the other hand, it's the end users that will eventually pay the bill. So no good solution there.

Not really - unless you think Apple will increase the cost of the phones based on the lawsuit - which seems unlikely.

@Jason said:

@JaredBusch said:

That is how things were driven. Sometimes I get really tired of you trying to read poor decision making into simple statements and questions.

Someone IT people like to act like 12 year old girls.

Please, explain how this statement is helpful at all?

@thecreativeone91 said:

@Dashrender said:

In a situation where you have a Datacenter license on your VM host, sure stand up an individual server for each process you need to support - but I don't. It's not worth $800+ to me to purchase another Windows license. That said - when things slow down in a few weeks (after the new building goes live), I'll probably just migrate this to a linux box.

$800+? You can get Server 2012 r2 Standard for around $700 which comes with 2 VOSE.

But, Really is $700 that much for security? When an application runs on your DC it has access to your whole AD/Global Catalog. That's the major issue. If buying another server licenses is too much then just do linux.

No it doesn't. Not unless the app is running as a user who has more rights than is needed.