@IRJ said in AWS Catastrophic Data Loss:

@PhlipElder said in AWS Catastrophic Data Loss:

@IRJ said in AWS Catastrophic Data Loss:

@PhlipElder said in AWS Catastrophic Data Loss:

@wrx7m said in AWS Catastrophic Data Loss:

This was one AZ, right? If so, you need to design your environment to span multiple AZs, if not regions. This is beginner AWS design theory.

A few things come to mind:
1: Just how many folks know how to architect a highly available solution in any cloud?
2: At what cost over and above the indicated method does the HA setup incur?
3: It does not matter where the data is, it should be backed up.

Very valid points, but that is the responsibility of the customer.
Let's look at IaaS (EC2 instances loses EBS volumes after power outage) vs a cloud hosted service like Office 365.

Services are supposed to have HA built into them. Infrastructure has no HA built into it.

As you mentioned, DATA is ALWAYS responsibility of the customer.

One wee problem: Many "cloud" providers provide absolutely no mechanism to get the data out. Or, in some cases if it can be, it's not in usable form.

That is actually one of the biggest things you look at before chosing a vendor. If you do any cloud training, you will hear about data and data all over again. Being able to export it in a valuable way is essential for on prem or cloud though. If you cant export on prem and use the data in a usuable way into another system, you have the same problem.

Exactly. Are you going to be trapped there because you can't get data migrated/transferred out to another service/platform? A lot of people don't think about this. These people should not be making the decisions to go with any vendor without knowing what questions to ask and how to use those answers to make decisions. Sadly, most don't know until it bites them in the ass.

@PhlipElder said in AWS Catastrophic Data Loss:

@wrx7m said in AWS Catastrophic Data Loss:

This was one AZ, right? If so, you need to design your environment to span multiple AZs, if not regions. This is beginner AWS design theory.

A few things come to mind:
1: Just how many folks know how to architect a highly available solution in any cloud?
2: At what cost over and above the indicated method does the HA setup incur?
3: It does not matter where the data is, it should be backed up.

Microsoft's central US DC failure, I think it was last year or early this year, cause a substantial amount of data loss as well. Not sure if any HA setup could have saved them from what I recall.

1. Just because you don't know how to do it or that you are supposed to do it, doesn't mean it isn't your responsibility.
2. Depends on the services. That should also be factored into the cost of deployment.
3. Absolutely correct. If it is important, it should be backed up by the customer. The customer should also make sure that they are storing said backups in a way that can't be affected by issues that would also cause data to be lost in the production environment.

This was one AZ, right? If so, you need to design your environment to span multiple AZs, if not regions. This is beginner AWS design theory.

@IRJ said in New ISP Issues at CEO's Home:

@flaxking said in New ISP Issues at CEO's Home:

I've been sent to the house of a former owner before, so this scenario doesn't surprise me. Sounds like it will give you some good experience anyway.

Experience for what? No business does stuff like this? They dont put a new facility in a location without wired internet access. It just isnt done.

People do this shit, for sure. I have a cradlepoint setup at a warehouse that they signed the lease on before I could qualify access. T1 only 1K a month with 90 day build out on 3-year contract. Thus, the cradlepoint.

@marcinozga said in Simple Password Compromise on MailGun:

Damn, I just signed up with them yesterday. I need them for some apps I have deployed on my home server, now I'm worried because I had to give them cc info.

At least they support 2FA, so I give them some credit for that. Unlike most banks. And no, SMS or email 2FA support doesn't count as it's easily spoofed.

Just doing some site redesign stuff here. For e-commerce transaction messages (order status etc), we are trying out using a WP plugin to login to an office 365 account. I was thinking we should be using a 3rd party for it. We had used mandrill in the past and I am glad to know about mailgun and definitely won't be using them.

Troubleshooting a new site-to-site VPN connection between our corp office and AWS.

@Kelly said in This doesn't sound right - 3rd-Party "Deduction Management Firm":

It hasn't gone into effect, but as of 1/1/20 you will be operating under this law: https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180AB375.

Thanks. At this point, it is only companies that this request would apply to.

@scottalanmiller said in This doesn't sound right - 3rd-Party "Deduction Management Firm":

@Dashrender said in This doesn't sound right - 3rd-Party "Deduction Management Firm":

@wrx7m said in This doesn't sound right - 3rd-Party "Deduction Management Firm":

@scottalanmiller said in This doesn't sound right - 3rd-Party "Deduction Management Firm":

@wrx7m said in This doesn't sound right - 3rd-Party "Deduction Management Firm":

Yeah, they are saying that they want all the email communications between us and our customers in order to audit the info to find any discrepancies that we could challenge. First off, that sounds like they would have access to way too much sensitive information. Second, this sounds like a PITA.

No, they want the TRAFFIC of it at the firewall, which should be encrypted, so they won't be able to see anything.

Literally, they are saying that. But, they don't know how anything works, so they are just using firewall because they don't know that it's different from email archiving.

exactly - like management who see ads in airports and come back and demand that you install some cisco BS or other.

Right, and those people present a security concern.

And capturing "all email" is almost guaranteed to be a crime in California. Capturing it for archiving or backup, sure. Capturing to allow unintended recipients read it, almost certainly not okay. Capturing it to hand it over to an insecure, very questionable third party with no credentials.... whoa baby would I be concerned.

Do you have anything to reference for the legal issue? I mean, I am not a lawyer and don't want to be, but if I know it isn't legal, I will certainly not do it and explain why.

@scottalanmiller said in This doesn't sound right - 3rd-Party "Deduction Management Firm":

@wrx7m said in This doesn't sound right - 3rd-Party "Deduction Management Firm":

Yeah, they are saying that they want all the email communications between us and our customers in order to audit the info to find any discrepancies that we could challenge. First off, that sounds like they would have access to way too much sensitive information. Second, this sounds like a PITA.

No, they want the TRAFFIC of it at the firewall, which should be encrypted, so they won't be able to see anything.

Literally, they are saying that. But, they don't know how anything works, so they are just using firewall because they don't know that it's different from email archiving.

@scottalanmiller said in This doesn't sound right - 3rd-Party "Deduction Management Firm":

@wrx7m said in This doesn't sound right - 3rd-Party "Deduction Management Firm":

This is best achieved by capturing all inbound and outbound email at a firewall and providing relevant content to Harvest via a periodic download.* "

Bwahahaha... they want a wireshark dump of encrypted data? WTF. Give them that as some enormous file that they can't even download. That will be hilarious.

Lol

Yeah, they are saying that they want all the email communications between us and our customers in order to audit the info to find any discrepancies that we could challenge. First off, that sounds like they would have access to way too much sensitive information. Second, this sounds like a PITA.

So, apparently we hired some "deduction management firm" to go through and try to find issues with over payments, charge backs and invalid deductions from our wholesale customers and EDI.

They said they needed me to do something with email and then when I asked for documentation, they sent me this-

"*This should help.

Email Correspondence

Harvest Revenue Group reviews all information that would also be available to the retailer’s auditors. To do this effectively, with maximum benefit to your company, HRG needs to review all correspondence between the company and your retail customer(s).
This is best achieved by capturing all inbound and outbound email at a firewall and providing relevant content to Harvest via a periodic download.* "

Nice! I was thinking about doing this soon.

Been using Wasabi for several months now. Was using AWS S3 for several years prior. Haven't had any issue with Wasabi. Using the same tools, as it is S3 compatible.

@dbeato said in Bookstack Backup to S3:

@wrx7m said in Bookstack Backup to S3:

@dbeato Are you running bookstack in AWS?

Not at the moment. I am just backing up to S3.

Look at Wasabi for S3 compatible object storage. Significantly cheaper.

FAA tells airlines MacBook Pros with defective batteries can’t fly
https://arstechnica.com/tech-policy/2019/08/faa-bans-some-15-inch-macbook-pros-with-battery-problems-from-flights/

The Federal Aviation Administration has banned certain 15-inch MacBook Pros with potentially defective batteries from US flights. The move, which follows Apple's June recall announcement, is part of a general FAA policy on devices with defective batteries.

"The FAA is aware of the recalled batteries that are used in some Apple MacBook Pro laptops," FAA spokespeople said in emails to Ars Technica. Under FAA policy, affected MacBook Pros are banned from the passenger cabin and from checked luggage.

@dbeato Are you running bookstack in AWS?

@travisdh1 said in Cross platform automated patch management:

@wrx7m said in Cross platform automated patch management:

@marcinozga said in Cross platform automated patch management:

Ansible is the correct solution, and I guess you could save output to log file with log_plays plugin. Perhaps AWX or Tower have reporting capability, I haven't used Tower and I briefly looked and AWX.

Other configuration management solutions might do what you need too.

Tower is pricey, depending on your needs. AWX lacks "support", as it is free.

Also, AWX is treated as a toy and has constant issues with the current release software. You can see all the issues I had when experimenting with it: https://mangolassi.it/topic/19300/install-awx-on-centos-7-with-docker

That is a complaint that I saw, as well.

@marcinozga said in Cross platform automated patch management:

Ansible is the correct solution, and I guess you could save output to log file with log_plays plugin. Perhaps AWX or Tower have reporting capability, I haven't used Tower and I briefly looked and AWX.

Other configuration management solutions might do what you need too.

Tower is pricey, depending on your needs. AWX lacks "support", as it is free.

@siringo said in What Are You Doing Right Now:

@wrx7m said in What Are You Doing Right Now:

Just upgraded MDT to deploy Windows 10 1903 and had a successful test deployment. Soon, will migrate the MDT server from 2012 R2 to 2019.

I need to do this ^^^, well get under way with a WDS setup at least. Been living with 6 x USB3 HDDs using Refelct to image with, works pretty well I reckon & speed wise, I'd be hard pressed to say it's a slower way to deploy when you're on your own. But maybe it's time to skill up a bit.

Once you get it setup, it isn't bad. I just use the default windows image and deploy software with GPOs and PDQ Deploy.