Are you over 18 and want to see adult content?
More Annotations
A complete backup of dallascowboysjerseys.net
Are you over 18 and want to see adult content?
A complete backup of dustinlynchmusic.com
Are you over 18 and want to see adult content?
A complete backup of accommodationforstudents.com
Are you over 18 and want to see adult content?
A complete backup of nightmaremode.net
Are you over 18 and want to see adult content?
Favourite Annotations
A complete backup of https://eca-international.com
Are you over 18 and want to see adult content?
A complete backup of https://offwhitecanada.ca
Are you over 18 and want to see adult content?
A complete backup of https://pubintheparkuk.com
Are you over 18 and want to see adult content?
A complete backup of https://davethomasfoundation.org
Are you over 18 and want to see adult content?
A complete backup of https://jumbo.pl
Are you over 18 and want to see adult content?
A complete backup of https://promodescuentos.com
Are you over 18 and want to see adult content?
A complete backup of https://fcilondon.co.uk
Are you over 18 and want to see adult content?
A complete backup of https://rewire.org
Are you over 18 and want to see adult content?
A complete backup of https://electro-music.com
Are you over 18 and want to see adult content?
A complete backup of https://lynasrareearths.com
Are you over 18 and want to see adult content?
A complete backup of https://airtronics.net
Are you over 18 and want to see adult content?
Text
state
INTEL X710 NICS ARE CRAP X710 NICs suck, as it turns out. Those NICs do all sorts of offloads, and the onboard processor intercepts things like CDP and LLDP packets so that the OS cannot see or participate. That’s a real problem for ESXi hosts where you want to listen for and broadcast meaningful neighbor advertisements. Under Linux you can echo a bunch of crap into HOW TO REASSEMBLE YOUR FAUCET'S AERATOR Oddly enough, I’ve had the same problem as you only instead of providing useful instructions in a blog post, I just threw away the part that ended up extra during my process and just lived with the botched up way that I put it back together. BETTER LINUX DISK CACHING & PERFORMANCE WITH VM.DIRTY_RATIO This is post #16 in my December 2013 series about Linux Virtual Machine Performance Tuning. For more, please see the tag “Linux VM Performance Tuning.” In previous posts on vm.swappiness and using RAM disks we talked about how the memory on a Linux guest is used for the OS itself (the kernel, buffers, etc.), applications, and also for file cache. . File caching is an important USE 'FOR' LOOPS WITH THE VSPHERE MANAGEMENT ASSISTANT The VMware vSphere Management Assistant (vMA) claim to fame is that it has a UNIX shell and the vSphere CLI installed, making it handy for a lot of things, and makes cutting & pasting comands real easy when it’s paired with a decent SSH client. One of my favorite ways to useit is with
HOW TO CONFIGURE REMOTE SYSLOGD ON RED HAT/CENTOS 5 It’s fairly easy to configure syslogd on one host to accept syslog messages from other hosts. This is useful in normal system administration, to keep logs off the original system in case of a security breach that might compromise them, as well as for systems like VMware ESXi which don’t store logs locally due to theirarchitecture.
SCHEDULED DOWNTIME VS. AVAILABILITY If your service is down for 6 hours every week it’s not available during that time, and you have roughly 96.4% availability. However, you can break that down into planned and unplanned downtime. That’s an entirely different metric. If every outage you take is scheduled and you don’t run past your scheduled maintenance window you have 0% HOST CPU IS INCOMPATIBLE... Host CPU is Incompatible. Bob Plankers July 30, 2009. Virtualization. I now have a cluster of ESX 4.0 hosts running with EVC enabled, in “Intel Xeon Core 2” mode. It’s been working okay so far (there are some rough edges here and there, nothing showstopping) and this morning I decided to convert a couple of my VMs to the new ESX 4 LINUX VIRTUAL MACHINE TUNING GUIDE Update, 12/1/2013: I’m amidst redoing this document, mainly by doing a month-long series on Linux VM Tuning. Then this will just become a page of links. It’s underway now, check it out! Version 1.1 Linux tuning information is scattered among many hundreds of sites, each with a little bit of knowledge. Virtual machine tuning information INSTALL THE VCENTER SERVER APPLIANCE (VCSA) WITHOUT Here’s the secret, though: don’t remove the default “VM Network” port group, or if you did, put it back, and restart the installer (or just back up to select the host again). Ah, that’s better. I’d removed it in favor of adding another port group with the right VLAN and such. I HOW TO DISABLE WINDOWS IPV6 TEMPORARY ADDRESSES Paste these commands into an administrator-level PowerShell or Command Prompt and then restart your PC: netsh interface ipv6 set global randomizeidentifiers=disabled netsh interface ipv6 set privacy state=disabled. I also disable Teredo tunneling as well, so my traffic isn’t going places I don’t know about: netsh interface teredo setstate
INTEL X710 NICS ARE CRAP X710 NICs suck, as it turns out. Those NICs do all sorts of offloads, and the onboard processor intercepts things like CDP and LLDP packets so that the OS cannot see or participate. That’s a real problem for ESXi hosts where you want to listen for and broadcast meaningful neighbor advertisements. Under Linux you can echo a bunch of crap into HOW TO REASSEMBLE YOUR FAUCET'S AERATOR Oddly enough, I’ve had the same problem as you only instead of providing useful instructions in a blog post, I just threw away the part that ended up extra during my process and just lived with the botched up way that I put it back together. BETTER LINUX DISK CACHING & PERFORMANCE WITH VM.DIRTY_RATIO This is post #16 in my December 2013 series about Linux Virtual Machine Performance Tuning. For more, please see the tag “Linux VM Performance Tuning.” In previous posts on vm.swappiness and using RAM disks we talked about how the memory on a Linux guest is used for the OS itself (the kernel, buffers, etc.), applications, and also for file cache. . File caching is an important USE 'FOR' LOOPS WITH THE VSPHERE MANAGEMENT ASSISTANT The VMware vSphere Management Assistant (vMA) claim to fame is that it has a UNIX shell and the vSphere CLI installed, making it handy for a lot of things, and makes cutting & pasting comands real easy when it’s paired with a decent SSH client. One of my favorite ways to useit is with
HOW TO CONFIGURE REMOTE SYSLOGD ON RED HAT/CENTOS 5 It’s fairly easy to configure syslogd on one host to accept syslog messages from other hosts. This is useful in normal system administration, to keep logs off the original system in case of a security breach that might compromise them, as well as for systems like VMware ESXi which don’t store logs locally due to theirarchitecture.
SCHEDULED DOWNTIME VS. AVAILABILITY If your service is down for 6 hours every week it’s not available during that time, and you have roughly 96.4% availability. However, you can break that down into planned and unplanned downtime. That’s an entirely different metric. If every outage you take is scheduled and you don’t run past your scheduled maintenance window you have 0% HOST CPU IS INCOMPATIBLE... Host CPU is Incompatible. Bob Plankers July 30, 2009. Virtualization. I now have a cluster of ESX 4.0 hosts running with EVC enabled, in “Intel Xeon Core 2” mode. It’s been working okay so far (there are some rough edges here and there, nothing showstopping) and this morning I decided to convert a couple of my VMs to the new ESX 4 LINUX VIRTUAL MACHINE TUNING GUIDE Update, 12/1/2013: I’m amidst redoing this document, mainly by doing a month-long series on Linux VM Tuning. Then this will just become a page of links. It’s underway now, check it out! Version 1.1 Linux tuning information is scattered among many hundreds of sites, each with a little bit of knowledge. Virtual machine tuning information SSH ESCAPE SEQUENCES (AKA KILL DEAD SSH SESSIONS) SSH somewhere, then type “~” and “?” (tilde, then question mark) to see all the options. You should get something like: Supported escape sequences: ~. - terminate connection (and any multiplexed sessions) ~B - send a BREAK to the remote system ~C - open a command line ~R - Request rekey (SSH protocol 2 only) ~^Z - suspend ssh ~# -list
WHY IS IT CALLED "RESILVERING?" A: Antique mirrors (the reflective kind you hang on a wall, or are in your bathroom) used silver (Ag) for the reflective coating, below the glass. Over time that silver would get tarnished and/or damaged, so you’d restore them by re-silvering them. I’m sure you’ve all seen this, where an old mirror has streaks in it but they’re below BETTER LINUX DISK CACHING & PERFORMANCE WITH VM.DIRTY_RATIO This is post #16 in my December 2013 series about Linux Virtual Machine Performance Tuning. For more, please see the tag “Linux VM Performance Tuning.” In previous posts on vm.swappiness and using RAM disks we talked about how the memory on a Linux guest is used for the OS itself (the kernel, buffers, etc.), applications, and also for file cache. . File caching is an important FIX WINRM CLIENT ISSUES Edit your Group Policy (run gpedit.msc as an Administrator). Local Computer Policy, then Computer Configuration, then Administrative Templates, then Windows Components, then Windows Remote Management (WinRM), then WinRM Client. Check to make sure “Allow Basic authentication” and “Allow unencrypted traffic” are set to “Not Configured.”. HOW TO CHANGE SCSI CONTROLLERS ON YOUR LINUX VM A question from Matt Vogt prompted this, where he wants to go from the BusLogic SCSI controller to the LSI Logic SAS controller. It’s actually a straightforward conversion if you have the right steps. This is based on Red Hat Enterprise Linux 3, 4, and HOW TO CONFIGURE REMOTE SYSLOGD ON RED HAT/CENTOS 5 It’s fairly easy to configure syslogd on one host to accept syslog messages from other hosts. This is useful in normal system administration, to keep logs off the original system in case of a security breach that might compromise them, as well as for systems like VMware ESXi which don’t store logs locally due to theirarchitecture.
SHOULD YOU INSTALL DEVELOPMENT TOOLS ON PRODUCTION HOSTS No, absolutely not. “Development” tools should only be on hosts that are for “development.”. Build a software lifecycle management system to move everything from development to test to production. The presence of compilers means that malicious users can build software if the machine is compromised. It increases disk space used and SCHEDULED DOWNTIME VS. AVAILABILITY If your service is down for 6 hours every week it’s not available during that time, and you have roughly 96.4% availability. However, you can break that down into planned and unplanned downtime. That’s an entirely different metric. If every outage you take is scheduled and you don’t run past your scheduled maintenance window you have 0% HOW TO CANCEL A STUCK VMWARE TOOLS INSTALL FROM THE ESX This will also work on ESXi hosts with a few modifications: From a command line, type the following: /vim-cmd vmsvc/getallvms. Note the Vmid of the VM with the stuck install and then use the second commandas indicated:
THE LONE SYSADMIN
The update function moves around between versions a bit but is usually called “update/rollback” under the iDRAC settings. If you do use a separate repository there are other flags you can reference to help you. Best way to get help is to ask the iDRAC for help, “racadm help WHY IS IT CALLED "RESILVERING?" A: Antique mirrors (the reflective kind you hang on a wall, or are in your bathroom) used silver (Ag) for the reflective coating, below the glass. Over time that silver would get tarnished and/or damaged, so you’d restore them by re-silvering them. I’m sure you’ve all seen this, where an old mirror has streaks in it but they’re below INSTALL THE VCENTER SERVER APPLIANCE (VCSA) WITHOUT Here’s the secret, though: don’t remove the default “VM Network” port group, or if you did, put it back, and restart the installer (or just back up to select the host again). Ah, that’s better. I’d removed it in favor of adding another port group with the right VLAN and such. I INTEL X710 NICS ARE CRAP X710 NICs suck, as it turns out. Those NICs do all sorts of offloads, and the onboard processor intercepts things like CDP and LLDP packets so that the OS cannot see or participate. That’s a real problem for ESXi hosts where you want to listen for and broadcast meaningful neighbor advertisements. Under Linux you can echo a bunch of crap into WHY USE SD CARDS FOR VMWARE ESXI? Labor costs dealing with drive replacements, monitoring, etc.: $200.00 (this is low). This comes to $1162.03 per server. On a 32 node cluster that’s $37,184.96, or the cost of three servers, over five years. In contrast, the Dell Internal Dual SD Module is $104.60 per server with two 16 GB SD cards. That’s $3347.20 for a 32 node cluster. HOW TO REASSEMBLE YOUR FAUCET'S AERATOR Oddly enough, I’ve had the same problem as you only instead of providing useful instructions in a blog post, I just threw away the part that ended up extra during my process and just lived with the botched up way that I put it back together. HOW TO DISABLE WINDOWS IPV6 TEMPORARY ADDRESSES Paste these commands into an administrator-level PowerShell or Command Prompt and then restart your PC: netsh interface ipv6 set global randomizeidentifiers=disabled netsh interface ipv6 set privacy state=disabled. I also disable Teredo tunneling as well, so my traffic isn’t going places I don’t know about: netsh interface teredo setstate
FIX WINRM CLIENT ISSUES Edit your Group Policy (run gpedit.msc as an Administrator). Local Computer Policy, then Computer Configuration, then Administrative Templates, then Windows Components, then Windows Remote Management (WinRM), then WinRM Client. Check to make sure “Allow Basic authentication” and “Allow unencrypted traffic” are set to “Not Configured.”. BETTER LINUX DISK CACHING & PERFORMANCE WITH VM.DIRTY_RATIO This is post #16 in my December 2013 series about Linux Virtual Machine Performance Tuning. For more, please see the tag “Linux VM Performance Tuning.” In previous posts on vm.swappiness and using RAM disks we talked about how the memory on a Linux guest is used for the OS itself (the kernel, buffers, etc.), applications, and also for file cache. . File caching is an important HOW TO DISABLE TEREDO IPV6 TUNNELING IN MICROSOFT WINDOWS Greg Ferro’s post about how Microsoft Teredo is a suboptimal networking solution made me think it’s time to update my old post on how to disable Teredo in Windows 7 and in Windows 8. For the record, I agree — I’ve had serious problems with it conflicting with my native IPv6 connectivity. 1. Open a command prompt with administrator privileges (Start->Accessories->right click on CommandTHE LONE SYSADMIN
The update function moves around between versions a bit but is usually called “update/rollback” under the iDRAC settings. If you do use a separate repository there are other flags you can reference to help you. Best way to get help is to ask the iDRAC for help, “racadm help WHY IS IT CALLED "RESILVERING?" A: Antique mirrors (the reflective kind you hang on a wall, or are in your bathroom) used silver (Ag) for the reflective coating, below the glass. Over time that silver would get tarnished and/or damaged, so you’d restore them by re-silvering them. I’m sure you’ve all seen this, where an old mirror has streaks in it but they’re below INSTALL THE VCENTER SERVER APPLIANCE (VCSA) WITHOUT Here’s the secret, though: don’t remove the default “VM Network” port group, or if you did, put it back, and restart the installer (or just back up to select the host again). Ah, that’s better. I’d removed it in favor of adding another port group with the right VLAN and such. I INTEL X710 NICS ARE CRAP X710 NICs suck, as it turns out. Those NICs do all sorts of offloads, and the onboard processor intercepts things like CDP and LLDP packets so that the OS cannot see or participate. That’s a real problem for ESXi hosts where you want to listen for and broadcast meaningful neighbor advertisements. Under Linux you can echo a bunch of crap into WHY USE SD CARDS FOR VMWARE ESXI? Labor costs dealing with drive replacements, monitoring, etc.: $200.00 (this is low). This comes to $1162.03 per server. On a 32 node cluster that’s $37,184.96, or the cost of three servers, over five years. In contrast, the Dell Internal Dual SD Module is $104.60 per server with two 16 GB SD cards. That’s $3347.20 for a 32 node cluster. HOW TO REASSEMBLE YOUR FAUCET'S AERATOR Oddly enough, I’ve had the same problem as you only instead of providing useful instructions in a blog post, I just threw away the part that ended up extra during my process and just lived with the botched up way that I put it back together. HOW TO DISABLE WINDOWS IPV6 TEMPORARY ADDRESSES Paste these commands into an administrator-level PowerShell or Command Prompt and then restart your PC: netsh interface ipv6 set global randomizeidentifiers=disabled netsh interface ipv6 set privacy state=disabled. I also disable Teredo tunneling as well, so my traffic isn’t going places I don’t know about: netsh interface teredo setstate
FIX WINRM CLIENT ISSUES Edit your Group Policy (run gpedit.msc as an Administrator). Local Computer Policy, then Computer Configuration, then Administrative Templates, then Windows Components, then Windows Remote Management (WinRM), then WinRM Client. Check to make sure “Allow Basic authentication” and “Allow unencrypted traffic” are set to “Not Configured.”. BETTER LINUX DISK CACHING & PERFORMANCE WITH VM.DIRTY_RATIO This is post #16 in my December 2013 series about Linux Virtual Machine Performance Tuning. For more, please see the tag “Linux VM Performance Tuning.” In previous posts on vm.swappiness and using RAM disks we talked about how the memory on a Linux guest is used for the OS itself (the kernel, buffers, etc.), applications, and also for file cache. . File caching is an important HOW TO DISABLE TEREDO IPV6 TUNNELING IN MICROSOFT WINDOWS Greg Ferro’s post about how Microsoft Teredo is a suboptimal networking solution made me think it’s time to update my old post on how to disable Teredo in Windows 7 and in Windows 8. For the record, I agree — I’ve had serious problems with it conflicting with my native IPv6 connectivity. 1. Open a command prompt with administrator privileges (Start->Accessories->right click on CommandTHE LONE SYSADMIN
The update function moves around between versions a bit but is usually called “update/rollback” under the iDRAC settings. If you do use a separate repository there are other flags you can reference to help you. Best way to get help is to ask the iDRAC for help, “racadm help WHY IS IT CALLED "RESILVERING?" A: Antique mirrors (the reflective kind you hang on a wall, or are in your bathroom) used silver (Ag) for the reflective coating, below the glass. Over time that silver would get tarnished and/or damaged, so you’d restore them by re-silvering them. I’m sure you’ve all seen this, where an old mirror has streaks in it but they’re below SSH ESCAPE SEQUENCES (AKA KILL DEAD SSH somewhere, then type “~” and “?” (tilde, then question mark) to see all the options. You should get something like: Supported escape sequences: ~. - terminate connection (and any multiplexed sessions) ~B - send a BREAK to the remote system ~C - open a command line ~R - Request rekey (SSH protocol 2 only) ~^Z - suspend ssh ~# -list
USE 'FOR' LOOPS WITH THE VSPHERE MANAGEMENT ASSISTANT The VMware vSphere Management Assistant (vMA) claim to fame is that it has a UNIX shell and the vSphere CLI installed, making it handy for a lot of things, and makes cutting & pasting comands real easy when it’s paired with a decent SSH client. One of my favorite ways to useit is with
HOW TO CONFIGURE REMOTE SYSLOGD ON RED HAT/CENTOS 5 It’s fairly easy to configure syslogd on one host to accept syslog messages from other hosts. This is useful in normal system administration, to keep logs off the original system in case of a security breach that might compromise them, as well as for systems like VMware ESXi which don’t store logs locally due to theirarchitecture.
HOW TO FIX GOOGLE CHROME FONT RENDERING ISSUES I’ve been having a heck of a time with terrible font rendering in Chrome. In fact, it’s been my biggest complaint about that browser. I get fonts with missing pieces, fonts that don’t render completely, text that is completely absent, and text with severely pixelated edges. I don’t mean to POWER CONSUMPTION OF A DELL POWEREDGE R610 For planning purposes I just did some power draw testing of a Dell PowerEdge R610. Dual Intel X5550 CPUs, 24 GB of RAM, four SSD disks attached to the PERC6/i, and dual 717 Watt power supplies. My testing methodology was to measure the draw using a HOW TO CHANGE SCSI CONTROLLERS ON YOUR LINUX VM A question from Matt Vogt prompted this, where he wants to go from the BusLogic SCSI controller to the LSI Logic SAS controller. It’s actually a straightforward conversion if you have the right steps. This is based on Red Hat Enterprise Linux 3, 4, and OUT-OF-OFFICE MESSAGES ARE A SECURITY RISK Out-of-Office Messages are a Security Risk. Bob Plankers February 3, 2019. People Stuff , Security , System Administration. Every once in a while I get asked why I don’t have an out-of-office message for my email or voice mail. Truth is, I’ll often monitor my email even when I’m out, though I often practice good operations discipline by HOW TO DISABLE TEREDO IPV6 TUNNELING IN MICROSOFT WINDOWS Greg Ferro’s post about how Microsoft Teredo is a suboptimal networking solution made me think it’s time to update my old post on how to disable Teredo in Windows 7 and in Windows 8. For the record, I agree — I’ve had serious problems with it conflicting with my native IPv6 connectivity. 1. Open a command prompt with administrator privileges (Start->Accessories->right click on Command FIXING X11 FORWARDING OVER SSH AND WITH SUDO Add “ForwardAgent yes” and “ForwardX11 yes” to it. You can also force it with “ssh -X user@host” when you connect. Do you have an X Windows server running on your desktop PC? I use Windows on my desktop and I use VcXsrv. Make sure it’s started and running. VcXsrv asks me how I want to run it, I always choose “Multiplewindows
INTEL X710 NICS ARE CRAP X710 NICs suck, as it turns out. Those NICs do all sorts of offloads, and the onboard processor intercepts things like CDP and LLDP packets so that the OS cannot see or participate. That’s a real problem for ESXi hosts where you want to listen for and broadcast meaningful neighbor advertisements. Under Linux you can echo a bunch of crap into INSTALL THE VCENTER SERVER APPLIANCE (VCSA) WITHOUT Here’s the secret, though: don’t remove the default “VM Network” port group, or if you did, put it back, and restart the installer (or just back up to select the host again). Ah, that’s better. I’d removed it in favor of adding another port group with the right VLAN and such. I HOW TO DISABLE WINDOWS IPV6 TEMPORARY ADDRESSES Paste these commands into an administrator-level PowerShell or Command Prompt and then restart your PC: netsh interface ipv6 set global randomizeidentifiers=disabled netsh interface ipv6 set privacy state=disabled. I also disable Teredo tunneling as well, so my traffic isn’t going places I don’t know about: netsh interface teredo setstate
SCHEDULED DOWNTIME VS. AVAILABILITY If your service is down for 6 hours every week it’s not available during that time, and you have roughly 96.4% availability. However, you can break that down into planned and unplanned downtime. That’s an entirely different metric. If every outage you take is scheduled and you don’t run past your scheduled maintenance window you have 0% HOW TO REASSEMBLE YOUR FAUCET'S AERATOR Oddly enough, I’ve had the same problem as you only instead of providing useful instructions in a blog post, I just threw away the part that ended up extra during my process and just lived with the botched up way that I put it back together. BETTER LINUX DISK CACHING & PERFORMANCE WITH VM.DIRTY_RATIO This is post #16 in my December 2013 series about Linux Virtual Machine Performance Tuning. For more, please see the tag “Linux VM Performance Tuning.” In previous posts on vm.swappiness and using RAM disks we talked about how the memory on a Linux guest is used for the OS itself (the kernel, buffers, etc.), applications, and also for file cache. . File caching is an important USE 'FOR' LOOPS WITH THE VSPHERE MANAGEMENT ASSISTANT The VMware vSphere Management Assistant (vMA) claim to fame is that it has a UNIX shell and the vSphere CLI installed, making it handy for a lot of things, and makes cutting & pasting comands real easy when it’s paired with a decent SSH client. One of my favorite ways to useit is with
FIXING VEEAM BACKUP & REPLICATION PROXY INSTALL ERRORS First, try specifying the username as the full “DOMAIN\Username” format when you add it to the Backup & Replication console. Don’t use the “.\username” format and don’t omit the domain part itself. If you are using local accounts you’ll want to specify “SERVERNAME\username” instead, using what the proxy knows as itsname.
OUT-OF-OFFICE MESSAGES ARE A SECURITY RISK Out-of-Office Messages are a Security Risk. Bob Plankers February 3, 2019. People Stuff , Security , System Administration. Every once in a while I get asked why I don’t have an out-of-office message for my email or voice mail. Truth is, I’ll often monitor my email even when I’m out, though I often practice good operations discipline by FIXING X11 FORWARDING OVER SSH AND WITH SUDO Add “ForwardAgent yes” and “ForwardX11 yes” to it. You can also force it with “ssh -X user@host” when you connect. Do you have an X Windows server running on your desktop PC? I use Windows on my desktop and I use VcXsrv. Make sure it’s started and running. VcXsrv asks me how I want to run it, I always choose “Multiplewindows
INTEL X710 NICS ARE CRAP X710 NICs suck, as it turns out. Those NICs do all sorts of offloads, and the onboard processor intercepts things like CDP and LLDP packets so that the OS cannot see or participate. That’s a real problem for ESXi hosts where you want to listen for and broadcast meaningful neighbor advertisements. Under Linux you can echo a bunch of crap into INSTALL THE VCENTER SERVER APPLIANCE (VCSA) WITHOUT Here’s the secret, though: don’t remove the default “VM Network” port group, or if you did, put it back, and restart the installer (or just back up to select the host again). Ah, that’s better. I’d removed it in favor of adding another port group with the right VLAN and such. I HOW TO DISABLE WINDOWS IPV6 TEMPORARY ADDRESSES Paste these commands into an administrator-level PowerShell or Command Prompt and then restart your PC: netsh interface ipv6 set global randomizeidentifiers=disabled netsh interface ipv6 set privacy state=disabled. I also disable Teredo tunneling as well, so my traffic isn’t going places I don’t know about: netsh interface teredo setstate
SCHEDULED DOWNTIME VS. AVAILABILITY If your service is down for 6 hours every week it’s not available during that time, and you have roughly 96.4% availability. However, you can break that down into planned and unplanned downtime. That’s an entirely different metric. If every outage you take is scheduled and you don’t run past your scheduled maintenance window you have 0% HOW TO REASSEMBLE YOUR FAUCET'S AERATOR Oddly enough, I’ve had the same problem as you only instead of providing useful instructions in a blog post, I just threw away the part that ended up extra during my process and just lived with the botched up way that I put it back together. BETTER LINUX DISK CACHING & PERFORMANCE WITH VM.DIRTY_RATIO This is post #16 in my December 2013 series about Linux Virtual Machine Performance Tuning. For more, please see the tag “Linux VM Performance Tuning.” In previous posts on vm.swappiness and using RAM disks we talked about how the memory on a Linux guest is used for the OS itself (the kernel, buffers, etc.), applications, and also for file cache. . File caching is an important USE 'FOR' LOOPS WITH THE VSPHERE MANAGEMENT ASSISTANT The VMware vSphere Management Assistant (vMA) claim to fame is that it has a UNIX shell and the vSphere CLI installed, making it handy for a lot of things, and makes cutting & pasting comands real easy when it’s paired with a decent SSH client. One of my favorite ways to useit is with
FIXING VEEAM BACKUP & REPLICATION PROXY INSTALL ERRORS First, try specifying the username as the full “DOMAIN\Username” format when you add it to the Backup & Replication console. Don’t use the “.\username” format and don’t omit the domain part itself. If you are using local accounts you’ll want to specify “SERVERNAME\username” instead, using what the proxy knows as itsname.
OUT-OF-OFFICE MESSAGES ARE A SECURITY RISK Out-of-Office Messages are a Security Risk. Bob Plankers February 3, 2019. People Stuff , Security , System Administration. Every once in a while I get asked why I don’t have an out-of-office message for my email or voice mail. Truth is, I’ll often monitor my email even when I’m out, though I often practice good operations discipline by HOW TO REASSEMBLE YOUR FAUCET'S AERATOR Oddly enough, I’ve had the same problem as you only instead of providing useful instructions in a blog post, I just threw away the part that ended up extra during my process and just lived with the botched up way that I put it back together.FREE, LIKE A PUPPY
Free, Like a Puppy. I’ve found that things that are free of charge are often not a good deal. TANSTAAFL, or “There ain’t no such thing as a free lunch.”. You’re always paying in some way. Maybe the piece of hardware is marked up more to cover the development cost of the “free” software that comes with it. Perhaps it’s the drug WHY IS IT CALLED "RESILVERING?" A: Antique mirrors (the reflective kind you hang on a wall, or are in your bathroom) used silver (Ag) for the reflective coating, below the glass. Over time that silver would get tarnished and/or damaged, so you’d restore them by re-silvering them. I’m sure you’ve all seen this, where an old mirror has streaks in it but they’re below SSH ESCAPE SEQUENCES (AKA KILL DEAD SSH somewhere, then type “~” and “?” (tilde, then question mark) to see all the options. You should get something like: Supported escape sequences: ~. - terminate connection (and any multiplexed sessions) ~B - send a BREAK to the remote system ~C - open a command line ~R - Request rekey (SSH protocol 2 only) ~^Z - suspend ssh ~# -list
ADJUST VM.SWAPPINESS TO AVOID UNNEEDED DISK I/O Simple: set vm.swappiness to 0: $ sudo sysctl -w vm.swappiness=0. For more permanence, set it in /etc/sysctl.conf by appending “vm.swappiness = 0” and running “sudo sysctl –p” to reload the values. There is also a great sysctl::conf class example in the Puppet Augeas information. If you aren’t using Puppet this simpleexample would
FIXING VEEAM BACKUP & REPLICATION PROXY INSTALL ERRORS First, try specifying the username as the full “DOMAIN\Username” format when you add it to the Backup & Replication console. Don’t use the “.\username” format and don’t omit the domain part itself. If you are using local accounts you’ll want to specify “SERVERNAME\username” instead, using what the proxy knows as itsname.
SHOULD YOU INSTALL DEVELOPMENT TOOLS ON PRODUCTION HOSTS No, absolutely not. “Development” tools should only be on hosts that are for “development.”. Build a software lifecycle management system to move everything from development to test to production. The presence of compilers means that malicious users can build software if the machine is compromised. It increases disk space used and OUT-OF-OFFICE MESSAGES ARE A SECURITY RISK Out-of-Office Messages are a Security Risk. Bob Plankers February 3, 2019. People Stuff , Security , System Administration. Every once in a while I get asked why I don’t have an out-of-office message for my email or voice mail. Truth is, I’ll often monitor my email even when I’m out, though I often practice good operations discipline by HOW TO CONFIGURE REMOTE SYSLOGD ON RED HAT/CENTOS 5 It’s fairly easy to configure syslogd on one host to accept syslog messages from other hosts. This is useful in normal system administration, to keep logs off the original system in case of a security breach that might compromise them, as well as for systems like VMware ESXi which don’t store logs locally due to theirarchitecture.
HOW TO CANCEL A STUCK VMWARE TOOLS INSTALL FROM THE ESX This will also work on ESXi hosts with a few modifications: From a command line, type the following: /vim-cmd vmsvc/getallvms. Note the Vmid of the VM with the stuck install and then use the second commandas indicated:
FIXING X11 FORWARDING OVER SSH AND WITH SUDO Add “ForwardAgent yes” and “ForwardX11 yes” to it. You can also force it with “ssh -X user@host” when you connect. Do you have an X Windows server running on your desktop PC? I use Windows on my desktop and I use VcXsrv. Make sure it’s started and running. VcXsrv asks me how I want to run it, I always choose “Multiplewindows
INTEL X710 NICS ARE CRAP X710 NICs suck, as it turns out. Those NICs do all sorts of offloads, and the onboard processor intercepts things like CDP and LLDP packets so that the OS cannot see or participate. That’s a real problem for ESXi hosts where you want to listen for and broadcast meaningful neighbor advertisements. Under Linux you can echo a bunch of crap into INSTALL THE VCENTER SERVER APPLIANCE (VCSA) WITHOUT Here’s the secret, though: don’t remove the default “VM Network” port group, or if you did, put it back, and restart the installer (or just back up to select the host again). Ah, that’s better. I’d removed it in favor of adding another port group with the right VLAN and such. I HOW TO DISABLE WINDOWS IPV6 TEMPORARY ADDRESSES Paste these commands into an administrator-level PowerShell or Command Prompt and then restart your PC: netsh interface ipv6 set global randomizeidentifiers=disabled netsh interface ipv6 set privacy state=disabled. I also disable Teredo tunneling as well, so my traffic isn’t going places I don’t know about: netsh interface teredo setstate
SCHEDULED DOWNTIME VS. AVAILABILITY If your service is down for 6 hours every week it’s not available during that time, and you have roughly 96.4% availability. However, you can break that down into planned and unplanned downtime. That’s an entirely different metric. If every outage you take is scheduled and you don’t run past your scheduled maintenance window you have 0% HOW TO REASSEMBLE YOUR FAUCET'S AERATOR Oddly enough, I’ve had the same problem as you only instead of providing useful instructions in a blog post, I just threw away the part that ended up extra during my process and just lived with the botched up way that I put it back together. BETTER LINUX DISK CACHING & PERFORMANCE WITH VM.DIRTY_RATIO This is post #16 in my December 2013 series about Linux Virtual Machine Performance Tuning. For more, please see the tag “Linux VM Performance Tuning.” In previous posts on vm.swappiness and using RAM disks we talked about how the memory on a Linux guest is used for the OS itself (the kernel, buffers, etc.), applications, and also for file cache. . File caching is an important USE 'FOR' LOOPS WITH THE VSPHERE MANAGEMENT ASSISTANT The VMware vSphere Management Assistant (vMA) claim to fame is that it has a UNIX shell and the vSphere CLI installed, making it handy for a lot of things, and makes cutting & pasting comands real easy when it’s paired with a decent SSH client. One of my favorite ways to useit is with
FIXING VEEAM BACKUP & REPLICATION PROXY INSTALL ERRORS First, try specifying the username as the full “DOMAIN\Username” format when you add it to the Backup & Replication console. Don’t use the “.\username” format and don’t omit the domain part itself. If you are using local accounts you’ll want to specify “SERVERNAME\username” instead, using what the proxy knows as itsname.
OUT-OF-OFFICE MESSAGES ARE A SECURITY RISK Out-of-Office Messages are a Security Risk. Bob Plankers February 3, 2019. People Stuff , Security , System Administration. Every once in a while I get asked why I don’t have an out-of-office message for my email or voice mail. Truth is, I’ll often monitor my email even when I’m out, though I often practice good operations discipline by FIXING X11 FORWARDING OVER SSH AND WITH SUDO Add “ForwardAgent yes” and “ForwardX11 yes” to it. You can also force it with “ssh -X user@host” when you connect. Do you have an X Windows server running on your desktop PC? I use Windows on my desktop and I use VcXsrv. Make sure it’s started and running. VcXsrv asks me how I want to run it, I always choose “Multiplewindows
INTEL X710 NICS ARE CRAP X710 NICs suck, as it turns out. Those NICs do all sorts of offloads, and the onboard processor intercepts things like CDP and LLDP packets so that the OS cannot see or participate. That’s a real problem for ESXi hosts where you want to listen for and broadcast meaningful neighbor advertisements. Under Linux you can echo a bunch of crap into INSTALL THE VCENTER SERVER APPLIANCE (VCSA) WITHOUT Here’s the secret, though: don’t remove the default “VM Network” port group, or if you did, put it back, and restart the installer (or just back up to select the host again). Ah, that’s better. I’d removed it in favor of adding another port group with the right VLAN and such. I HOW TO DISABLE WINDOWS IPV6 TEMPORARY ADDRESSES Paste these commands into an administrator-level PowerShell or Command Prompt and then restart your PC: netsh interface ipv6 set global randomizeidentifiers=disabled netsh interface ipv6 set privacy state=disabled. I also disable Teredo tunneling as well, so my traffic isn’t going places I don’t know about: netsh interface teredo setstate
SCHEDULED DOWNTIME VS. AVAILABILITY If your service is down for 6 hours every week it’s not available during that time, and you have roughly 96.4% availability. However, you can break that down into planned and unplanned downtime. That’s an entirely different metric. If every outage you take is scheduled and you don’t run past your scheduled maintenance window you have 0% HOW TO REASSEMBLE YOUR FAUCET'S AERATOR Oddly enough, I’ve had the same problem as you only instead of providing useful instructions in a blog post, I just threw away the part that ended up extra during my process and just lived with the botched up way that I put it back together. BETTER LINUX DISK CACHING & PERFORMANCE WITH VM.DIRTY_RATIO This is post #16 in my December 2013 series about Linux Virtual Machine Performance Tuning. For more, please see the tag “Linux VM Performance Tuning.” In previous posts on vm.swappiness and using RAM disks we talked about how the memory on a Linux guest is used for the OS itself (the kernel, buffers, etc.), applications, and also for file cache. . File caching is an important USE 'FOR' LOOPS WITH THE VSPHERE MANAGEMENT ASSISTANT The VMware vSphere Management Assistant (vMA) claim to fame is that it has a UNIX shell and the vSphere CLI installed, making it handy for a lot of things, and makes cutting & pasting comands real easy when it’s paired with a decent SSH client. One of my favorite ways to useit is with
FIXING VEEAM BACKUP & REPLICATION PROXY INSTALL ERRORS First, try specifying the username as the full “DOMAIN\Username” format when you add it to the Backup & Replication console. Don’t use the “.\username” format and don’t omit the domain part itself. If you are using local accounts you’ll want to specify “SERVERNAME\username” instead, using what the proxy knows as itsname.
OUT-OF-OFFICE MESSAGES ARE A SECURITY RISK Out-of-Office Messages are a Security Risk. Bob Plankers February 3, 2019. People Stuff , Security , System Administration. Every once in a while I get asked why I don’t have an out-of-office message for my email or voice mail. Truth is, I’ll often monitor my email even when I’m out, though I often practice good operations discipline by HOW TO REASSEMBLE YOUR FAUCET'S AERATOR Oddly enough, I’ve had the same problem as you only instead of providing useful instructions in a blog post, I just threw away the part that ended up extra during my process and just lived with the botched up way that I put it back together.FREE, LIKE A PUPPY
Free, Like a Puppy. I’ve found that things that are free of charge are often not a good deal. TANSTAAFL, or “There ain’t no such thing as a free lunch.”. You’re always paying in some way. Maybe the piece of hardware is marked up more to cover the development cost of the “free” software that comes with it. Perhaps it’s the drug WHY IS IT CALLED "RESILVERING?" A: Antique mirrors (the reflective kind you hang on a wall, or are in your bathroom) used silver (Ag) for the reflective coating, below the glass. Over time that silver would get tarnished and/or damaged, so you’d restore them by re-silvering them. I’m sure you’ve all seen this, where an old mirror has streaks in it but they’re below SSH ESCAPE SEQUENCES (AKA KILL DEAD SSH somewhere, then type “~” and “?” (tilde, then question mark) to see all the options. You should get something like: Supported escape sequences: ~. - terminate connection (and any multiplexed sessions) ~B - send a BREAK to the remote system ~C - open a command line ~R - Request rekey (SSH protocol 2 only) ~^Z - suspend ssh ~# -list
ADJUST VM.SWAPPINESS TO AVOID UNNEEDED DISK I/O Simple: set vm.swappiness to 0: $ sudo sysctl -w vm.swappiness=0. For more permanence, set it in /etc/sysctl.conf by appending “vm.swappiness = 0” and running “sudo sysctl –p” to reload the values. There is also a great sysctl::conf class example in the Puppet Augeas information. If you aren’t using Puppet this simpleexample would
FIXING VEEAM BACKUP & REPLICATION PROXY INSTALL ERRORS First, try specifying the username as the full “DOMAIN\Username” format when you add it to the Backup & Replication console. Don’t use the “.\username” format and don’t omit the domain part itself. If you are using local accounts you’ll want to specify “SERVERNAME\username” instead, using what the proxy knows as itsname.
SHOULD YOU INSTALL DEVELOPMENT TOOLS ON PRODUCTION HOSTS No, absolutely not. “Development” tools should only be on hosts that are for “development.”. Build a software lifecycle management system to move everything from development to test to production. The presence of compilers means that malicious users can build software if the machine is compromised. It increases disk space used and OUT-OF-OFFICE MESSAGES ARE A SECURITY RISK Out-of-Office Messages are a Security Risk. Bob Plankers February 3, 2019. People Stuff , Security , System Administration. Every once in a while I get asked why I don’t have an out-of-office message for my email or voice mail. Truth is, I’ll often monitor my email even when I’m out, though I often practice good operations discipline by HOW TO CONFIGURE REMOTE SYSLOGD ON RED HAT/CENTOS 5 It’s fairly easy to configure syslogd on one host to accept syslog messages from other hosts. This is useful in normal system administration, to keep logs off the original system in case of a security breach that might compromise them, as well as for systems like VMware ESXi which don’t store logs locally due to theirarchitecture.
HOW TO CANCEL A STUCK VMWARE TOOLS INSTALL FROM THE ESX This will also work on ESXi hosts with a few modifications: From a command line, type the following: /vim-cmd vmsvc/getallvms. Note the Vmid of the VM with the stuck install and then use the second commandas indicated:
≡ Menu
* About This Blog
EASY DELL POWEREDGE FIRMWARE UPDATES, 2019 EDITION Bob Plankers March 8, 2019Best Practices ,
Data Center ,
Hardware , How To
, Security
, System Administration,
Virtualization ,
VMware
I’ve become quite the minimalist in my environments, mostly because I’ve been doing a lot of compliance & security work. Speaking generally, most hardware management tools don’t & won’t pass any form of compliance audit and in that context are way more trouble than they’re worth (negative ROI, see my post “Free, Like a Puppy“). I tend
to skip anything that isn’t delivered directly as part of the OS from the OS vendor. It’s a complication I don’t need or want. I use this same thinking when updating Dell PowerEdge firmware. With Dell hardware you can get the iDRAC to do firmware updates directly, either through the GUI, SSH, or the racadm client tool. Racadm can be obtained from support.dell.com . From there, here’s what I do, often in a PowerShell ForEach loop or pasting from an Excel spreadsheet.
First, I clear the old job log, which makes it easy to see my new jobs and their state, as well as guarantees any old jobs that haven’t run get deleted. Replace#justsayin
However, if these aren’t options for you you might explore the Dell EMC Repository Manager (Google it, the link changes all the time), which allows you to download the updates and place them on your own web server or file share. I’d recommend a web server at this point, because only the most recent iDRACs can do modern SMB protocols, and you really need to have SMB1 off on your stuff. racadm.exe -rshould change to:
A couple other things to note: * I’m serious about getting NTP set up on your iDRACs, it’s important. People block it “because security” but security is exactly why it needs to be on. While you’re in there, set up syslog and turn SSL to TLS 1.2. * I usually run the Dell PowerEdge firmware update job once from the iDRAC GUI to see if there are any relevant updates. Then I know what I’m up against. You don’t have to schedule updates in the GUI, but it’ll show them to you. The update function moves around between versions a bit but is usually called “update/rollback” under theiDRAC settings.
* If you do use a separate repository there are other flags you can reference to help you. Best way to get help is to ask the iDRAC for help, “racadm help update” (use the command format above). * If you have iDRAC SSH on you can log in that way and run these commands, too. I don’t recommend enabling SSH unless you really need it, though, it’s just attack surface that bad actors can use and compliance people get jumpy about. * You should watch the first host you patch to make sure everything goes as planned. For example, the early versions of 14G PowerEdge servers had some absolutely essential NIC updates that needed the host to be power-cycled, and that could have been disastrous if we weren’t doing staged rollouts. We ended up cancelling those and then orchestrating them with PowerCLI and racadm outside of Update Manager. * Don’t preload Dell PowerEdge firmware a long time before you plan to reboot. If the host crashes or you have a power outage it’ll update itself on reboot, and that’s just another complication you’ll have to face in the middle of an outage. * That said, don’t ever let a crisis go to waste. * If there are iDRAC updates (the iDRAC itself or the OS driver packs) those will apply by themselves automatically regardless of the “-a” flag. This generally causes a brief iDRAC outage and some weirdness during the update, which isn’t a problem if you know it’ll happen. If you check for updates using the GUI you’ll see this and can plan ahead. As always, good luck.SHARE THIS:
* Click to share on Twitter (Opens in new window) * Click to share on Facebook (Opens in new window) * Click to share on Reddit (Opens in new window) * Click to share on LinkedIn (Opens in new window) * Click to email this to a friend (Opens in new window) * Click to print (Opens in new window)*
LIKE THIS:
Like Loading...
END ANONYMOUS CONFERENCE FEEDBACK Bob Plankers February 15, 2019People Stuff
There’s a lot of talk lately about the terrible, horrible, sexist, racist, misogynist, and generally unconstructive feedback that presenters get at conferences: This is on top of feedback where an attendee gives a presenter one star because the food wasn’t what they wanted, or they sat next to someone smelly, the room was cold, an “intro” talk wasn’t technical enough, or an “advanced” talk was too technical. Those things are out of the control of the presenter, and by giving the presenter a bad rating the attendee is jeopardizing that presenter ever being able to speak at the conference again. Not that I’m bitter, though it was pretty eye-opening to how juvenile and toxic the Linux community is when you say something they might not want to hear. This absolutely needs to get fixed if conferences want decent, thought-provoking speakers of all genders, races, and beliefs. I propose a three-pronged approach: FEEDBACK THAT IS INAPPROPRIATE SHOULD NOT BE COUNTED INTO THE RATINGS FOR A SPEAKER. Giving someone two stars and saying in the comments that it’s a shame she’s married, yeah… no. While a conference organizing committee isn’t going to have cycles to read everything, allowing speakers to reject feedback back to them may be a way to dealwith this.
LOW- & HIGH-RATED FEEDBACK SHOULD REQUIRE AN EXPLANATION. What, exactly, did you not like about the presentation that you gave it one star? Or, the converse, what did you really like that you gave it 5 of 5? No more blind extraordinary ratings. FEEDBACK SHOULD NOT BE ANONYMOUS, EVER. Anonymous feedback encourages people to do and say things that they’d never say face-to-face. While I understand that names are a tricky thing sometimes for certain populations of people, being able to correlate a racist comment to a conference registrant is a key part of making conferences better. Will this fix anything? Can we do it? Maybe. I’d like to see us start talking about it, though, because as it stands this cannotcontinue.
SHARE THIS:
* Click to share on Twitter (Opens in new window) * Click to share on Facebook (Opens in new window) * Click to share on Reddit (Opens in new window) * Click to share on LinkedIn (Opens in new window) * Click to email this to a friend (Opens in new window) * Click to print (Opens in new window)*
LIKE THIS:
Like Loading...
OUT-OF-OFFICE MESSAGES ARE A SECURITY RISK Bob Plankers February 3, 2019People Stuff ,
Security , System
Administration
Every once in a while I get asked why I don’t have an out-of-office message for my email or voice mail. Truth is, I’ll often monitor my email even when I’m out, though I often practice good operations discipline by not responding. Just as intermittent problems with computer systems are hard to deal with, a staff member that’s supposed to be gone but isn’t acting like it is just as confusing. Humans can, and should, drain-stop and remove themselves from clusters for maintenance, too. Sometimes I’m really out of the office, though, crawling around in the backcountry wilderness or on an island somewhere. I’ll do it if I have to, but even then I don’t like setting an automatic response. There’s no way to do it that doesn’t leak information to awould-be attacker.
I’M OUT OF THE OFFICE. I’m saying that, just like my email, I’m probably not watching my computers or accounts closely so now is a good time to drain my bank accounts, install malware on my PCs, and social engineer my coworkers. I’M GONE BETWEEN DATES X AND Y. You’ve got that long to defeat my security without any active opposition from me. The length of time also speaks to whether I’ve traveled somewhere, and they can break into my house unnoticed. This could cause evidence of a break-in, like fingerprints, to degrade, as well as allow for secondary damage, like rain coming in a broken window. If I’m the only one traveling this may also endanger others still at home in my house. I’M HIKING THE INCA TRAIL TO MACHU PICCHU. I gave it away, and on top of it I’m bragging, too. To quote Peter Quill from Guardians of the Galaxy, “what an a-hole.” CONTACT SOMEBODYELSE@COMPANY.COM WITH URGENT NEEDS. They now know more about the team structure and can do some social engineering. “Before he left Bob told me you could give me get an account on system X.” Plus you’re unfairly burdening someone else, and forcing people to make value judgments about urgency, too. You might be saying “Bob, you’re nuts. I don’t have would-be attackers, I have customers.” I’ll agree with you, but I’ll also say that it isn’t like an attacker is going to advertise themselves. It’s a fine line. Use your head. * SET THE AUTORESPONSE TO THE SMALLEST GROUP POSSIBLE. In many cases you can narrow it down to coworkers, and/or have a different message for people inside your organization than outside your organization. * ONLY REPLY TO MESSAGES THAT ADDRESS YOU SPECIFICALLY IN THE TO: OR CC: FIELD, and only reply to the original sender. This helps prevent loops and extra email. * ONLY REPLY ONCE A DAY PER PERSON. Chances are they can remember that for a few hours. * TEST IT by sending yourself some email from a different account. * DON’T TELL PEOPLE ANYTHING MORE THAN THEY NEED TO KNOW. Does everybody really need to know where you’ve gone and how long? Probably not. You’re just gone. * RECOMMEND STANDARDIZED ALTERNATIVES if you have them, like “Please contact our Help Desk” or “Email the team list.” The personal relationship you have with your customers may not extend to others on your team, so don’t make assumptions. Besides, with you gone the team may be understaffed and dealing with personal, one-off requests will strain both them and the customer. * Make sure the team knows that just because someone says you said something doesn’t mean you actually did. ALWAYS EVALUATE EVERY REQUEST INDEPENDENTLY. “Sorry, Bob is out, who is your manager? I need to call and have them email me authorization for this so we have a record of it.” Don’t be afraid to put something on hold until you get written confirmation. If it’s as urgent as they say they’ll find a VP or a C-level to clue you in. If you get any static from those VIPs don’t get flustered, be polite and tell them that it’s standard security practice to corroborate requests. Would you give keys to your house to random people who knocked on your door? No,no you wouldn’t.
* IF YOU’RE GONE BE GONE. I understand the urge to help, especially if you are watching your email and it looks like something bad is happening. Don’t reply, work through a team member. “Hey Joe, I just saw that email about system A that’s broken. I’m not going to do anything here because I just found some WiFi and checked my email, but if I were there I might look at X or Y first, that’s what the problem has been in the past. Good luck.” Do you want to ruin your vacation by having to own and work a problem? I bet not. Let the people at home handle it. * TELL THE TEAM TO MAKE A LIST OF ANYTHING THEY HAVE TROUBLE WITH BECAUSE YOU WERE GONE. Don’t take any of it personally, this is a great opportunity for cross-training and documentation if you don’t have it. Banks often have a policy that people in sensitive positions be gone for at least two consecutive weeksto expose
fraud and embezzling, among other things. Given the Internet it’s hard to cut a sysadmin off like that, but at least you can use it as a way to find gaps in processes and documentation. If you are a manager of people I implore you to enforce the “if you’re gone be gone” policy with your team. Studies increasingly show that people need downtime as well as balance in their lives. Setting an example of this behavior, as well as being serious about the “we’ve got this” attitude while folks are gone, is important. Especially with the “Brents” of the world, if you’ve read The Phoenix Project. And yeah, maybe it will stink with them away, but then you know what the team needs to work on.Good luck!
SHARE THIS:
* Click to share on Twitter (Opens in new window) * Click to share on Facebook (Opens in new window) * Click to share on Reddit (Opens in new window) * Click to share on LinkedIn (Opens in new window) * Click to email this to a friend (Opens in new window) * Click to print (Opens in new window)*
LIKE THIS:
Like Loading...
FREE, LIKE A PUPPY
Bob Plankers January 24, 2019People Stuff ,
Security , System
Administration
I’ve found that things that are free of charge are often not a gooddeal.
TANSTAAFL, or “There ain’t no such thing as a free lunch.” You’re always paying in some way. Maybe the piece of hardware is marked up more to cover the development cost of the “free” software that comes with it. Perhaps it’s the drug dealer model, where the first one is free to get you hooked. Sometimes you’re the product, and the “free” thing is spying on you with the hopes of making more money from ads or sales later. Certainly nearly every “free” web service is structured that way. Beyond monetary cost, though, you paying for things with your time. “Free” things often fall into the “good enough” category, and “good enough” can be a trap. Best-of-breed products might cost money but you make that back in time saved, services delivered reliably, and higher efficiencies. Things that are merely “good enough” trade on your time, relying on humans to make up the difference. Sometimes they trade on your customers’ time, too, with downtime and complications in delivering services. In not doing the whole job they force you to buy something more, whether it’s more software to fill a gap or more hardware to make up for inefficient operations. Or, if you can escape buying something you often make up the difference with processes. These all cost time, money, and add unwelcome complexity. Even worse, things that are “free” can have serious negative value. At best, a tool is another application you need to install, support, back up, and keep updated, just like your HR system or a web application. In fact, many “free” tools are built on the same components and need the same amount of effort. It might even need commercial software licenses for the operating system or SQL server. All of this is overhead and doesn’t move you or your organizationforward.
The need for licenses is often skirted by delivering the software as a virtual appliance. Ask yourself what incentive the purveyor of a free tool has to patch it, to make sure it can be backed up and restored, and to configure it securely? All those things cut into their margins. I’ve scanned quite a few virtual appliances with security scanners, and the results are scary. If these “free” tools aren’t stealing your data outright they’re making it very easy for bad actors to doit to you.
People in the open source movement, when discussing free software, often have to delineate what kind of freedom they are talking about. “Free as in beer” meaning no charge, but the source code isn’t necessarily open. “Free as in speech” meaning that the source code is open. When it comes to the “free as in beer” tools we’ve been thinking about here I often use the term “free as in puppy.” That cute puppy dog you adopted from a friend is going to cost you thousands of dollars and hundreds of hours of your life, time you will never get back again. Are you sure you want to do that to yourself andyour organization?
Your mission, from now until the end of your life, is to treat everything that’s “free” as if it’s a Trojan horse. If you can’t say no to something outright ask some questions: * Can I call support for this product? * Does it collect data? What does it collect? Where does it send that data? How does it secure the data in transit? Is the data anonymized? Who can see that data? Can I disable or block that without impactingthe functionality?
* How do I patch it? Where is the documentation for patching? There are vulnerabilities discovered in every OS every week. When was thelast patch release?
* What operating system does it run on? Do we have expertise in that operating system? Is that operating system still supported by thevendor?
* Does it need licenses of any sort to run? OS? SQL? Java? Remember you can’t run certain Java versions commercially anymore without a license. Are there license levels or limits to the “free-ness” ofthe product?
* How do I get to it? Web interface? Does it need Flash or Java? Can I install my own SSL certificate? Can it be restricted to TLS 1.2 or newer? What browsers does it support? * Is the host-based firewall enabled? Is it configurable? * Is the SSH server key generated at first boot so it is unique? Canwe disable SSH?
* What other services run on this appliance? * Can it send its logs to a SIEM? How? Does it support more than one target? Does this include the application logs? * How does it do authentication? Are there password complexityguidelines?
* How do I back up the configuration? How do I restore it? * Can I replicate it to a DR site? Are there latency requirements? Have you tested it across a WAN? * What security guidelines does the product conform to? Is it PCI compliant? NIST 800-53? Does it implement the Center for Internet Security’s benchmarks? * Do I have to use it as a virtual appliance, or can I install it on an OS that we installed and secured? * Are there any other ways to achieve what this tool does? Are there other products or methods on the market? Is there a way to do this with the CLI? Are there Powershell modules? What SDKs are available, and for what languages? * Will there be ROI for the time and effort invested here? This is a question for yourself and your own team. “That’s a lot of questions,” you might think. But hey, there might be a lot of bad dudes in the belly of that wooden horse, too. Better find out before you bring them inside the walls.Good luck.
SHARE THIS:
* Click to share on Twitter (Opens in new window) * Click to share on Facebook (Opens in new window) * Click to share on Reddit (Opens in new window) * Click to share on LinkedIn (Opens in new window) * Click to email this to a friend (Opens in new window) * Click to print (Opens in new window)*
LIKE THIS:
Like Loading...
RETRIEVE AN SSL CERTIFICATE FROM A SERVER WITH OPENSSL Bob Plankers November 26, 2018 System Administration,
Virtualization
I was setting up VMware vRealize Automation’s Active Directory connections the other day and I needed the public SSL certificate for the AD DCs to authenticate correctly. You can use OpenSSL to get thatinformation.
I used a Linux shell but this should be do-able from a Mac or with OpenSSL installed on Windows, too. If you wanted to read the SSL certificates off this blog you could issue the following command, all on one line: openssl s_client -showcerts -servername lonesysadmin.net -connect lonesysadmin.net:443 < /dev/null In this case you’ll get a whole bunch of stuff back:CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3verify return:1
depth=0 CN = lonesysadmin.netverify return:1
Certificate chain
0 s:/CN=lonesysadmin.net i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 -----BEGIN CERTIFICATE----- MIIFWDCCBECgAwIBAgISA/05rMV6H+0LKP7uo3EE2F5zMA0GCSqGSIb3DQEBCwUA MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODExMTIwNTEzMTBaFw0x OTAyMTAwNTEzMTBaMBsxGTAXBgNVBAMTEGxvbmVzeXNhZG1pbi5uZXQwggEiMA0G CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC22CK5EPHggy7q6qgqiYObGumi4b6X DV/xKXauS5P2w2zjUFnHO01KRPDQ2owrc4opNRbngqanBI6llWTlBTrMCJSCa8sQ uE6PEp7Hs94y1xHKKWQ+Lkk8ha99E50plAAU0CY3M7qqJ5Js5Q6L+MZ94H7/4Vvr c0Ojiu6iXug5YmeNteqE3gzJvQcNoEk8js4HUUuH1FJNm1dLtKFY1/NCut6M39zC 1QOh7YfuGj/DgZD0le24SlBFYgv/2kDwVdPesIktyuV0aPZ+gihLFAjQotCvfhZ1 lQ8/+n9gFlG0vpjVdv8ZurixeyUykVk/Xq9HZLPwaDCubJ2NT+tZoqyXAgMBAAGj ggJlMIICYTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFFMnifCC04NozOYpDuRzN16P +WuOMB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMG8GCCsGAQUFBwEB BGMwYTAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AuaW50LXgzLmxldHNlbmNyeXB0 Lm9yZzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNyeXB0 Lm9yZy8wGwYDVR0RBBQwEoIQbG9uZXN5c2FkbWluLm5ldDBMBgNVHSAERTBDMAgG BmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3Bz LmxldHNlbmNyeXB0Lm9yZzCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB3AHR+2oMx rTMQkSGcziVPQnDCv/1eQiAIxjc1eeYQe8xWAAABZwaNaRwAAAQDAEgwRgIhAOWY Xz2ucXa1Src4Ec6cBR6C6TNttfkGGR9mzTGM/SvZAiEA+EgD4cX9Wl+fqctk3iB8 ho/efgo3Urh9BPPQYefb4zQAdQApPFGWVMg5ZbqqUPxYB9S3b79Yeily3KTDDPTl RUf0eAAAAWcGjWrZAAAEAwBGMEQCIGmIhmJ1x68Z0s32ZTTv6NBD1pzRaSTo92t8 mybQWsnsAiAg+R3O4ruTA/ao1OZfjlg5GG8/+9Z6qtTGLF0bK+cyDTANBgkqhkiG 9w0BAQsFAAOCAQEASsi4FWVLjkLG04BgtnPWyxWoPTFY16MDTLpat6Clf9oQTjb4 KcpNn9tYlLyv9NWNYnQiD351IvDAoPG1Lk4iGdQlo1kFNlrjyozZlQGax7g1XuXX 9OasSVK5aJtIGStR7J2NQsgbLgbY9AajC9BWE7lCPE9AsRIDj96nN3DgbL8hng3d 2G2CBUEYC9+FqnhpqNUXuogLNr9SUm6AODLsRMGoQ0lXwLmjrb++tKuEn55SlHHF GvDHKB/qCfjLFpByk05J49v2qDBJcxmOkyTHyi9TnDBplWDRCHO99J6qgMorWma3 UavqxAHS6Q3h/kjsjDhBo90o2fDr+gKKRBiTmA== -----END CERTIFICATE----- 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 i:/O=Digital Signature Trust Co./CN=DST Root CA X3 -----BEGIN CERTIFICATE----- MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/ MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8 SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0 Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj /PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/ wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6 KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg== -----END CERTIFICATE-----Server certificate
subject=/CN=lonesysadmin.net issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 No client certificate CA names sent Server Temp Key: ECDH, prime256v1, 256 bits SSL handshake has read 3260 bytes and written 398 bytes New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supportedCompression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: 3B67BD8D78293E6C2CD87E192316DF2B0DD5B8D8D3E0209DD2A2F2CBE0D8298CSession-ID-ctx:
Master-Key: BA7C4F7737DA489457285514FA66E935EAD13D4D8DAADA7577917A9B4564120759535FCF76C6616CC96108C375DA015A Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: 0000 - 9b 60 9e 06 36 26 95 27-0a b5 3e ba e2 9f e2 5c ...6&.'..>....\ 0010 - 71 f1 c4 12 2f 73 60 5e-ed 3b 19 fd af 48 51 4d q.../s^.;…HQM 0020 - 85 47 93 5b b4 83 45 ef-04 15 ba 59 85 96 eb c1 .G.[..E….Y…. 0030 - 70 da e2 6f c4 f5 99 b5-ed c0 c2 6b 67 73 85 4e p..o…….kgs.N 0040 - 3e f1 6f e2 3c 5c f9 1f-e9 d3 8b c1 96 53 ea b2 >.o.<.……S.. 0050 - dd a8 e9 0e 20 5c a5 de-c9 80 cc c6 35 62 c1 51 …. .…..5b.Q 0060 - c0 64 b3 2f ca eb 15 97-2a cd ef 51 8e 5f 21 32 .d./….*..Q._!2 0070 - 4b d9 f9 2e ba ec b1 e5-06 cb dc 57 ab 1d 23 28 K……….W..#( 0080 - 76 41 9c 79 e4 05 23 68-c4 2c 0c f1 46 df 55 01 vA.y..#h.,..F.U. 0090 - 0e 68 d8 83 53 e1 8d 02-18 d4 b0 3d fc a6 03 9a .h..S……=…. 00a0 - 2c 68 88 79 91 4b c9 ba-47 40 b4 aa d3 fb 17 e5 ,h.y.K..G@…… 00b0 - d5 36 f2 45 10 70 dd c4-1e be 69 6a d0 88 e1 a7 .6.E.p….ij…. 00c0 - ac 5f df ef b1 e7 bc be-42 06 8f 8c f3 82 95 5c ._……B……\ Start Time: 1543255454Timeout : 300 (sec) Verify return code: 0 (ok)DONE
Just prune out everything that isn’t between a “BEGIN CERTIFICATE” and “END CERTIFICATE” line: -----BEGIN CERTIFICATE----- MIIFWDCCBECgAwIBAgISA/05rMV6H+0LKP7uo3EE2F5zMA0GCSqGSIb3DQEBCwUA MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODExMTIwNTEzMTBaFw0x OTAyMTAwNTEzMTBaMBsxGTAXBgNVBAMTEGxvbmVzeXNhZG1pbi5uZXQwggEiMA0G CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC22CK5EPHggy7q6qgqiYObGumi4b6X DV/xKXauS5P2w2zjUFnHO01KRPDQ2owrc4opNRbngqanBI6llWTlBTrMCJSCa8sQ uE6PEp7Hs94y1xHKKWQ+Lkk8ha99E50plAAU0CY3M7qqJ5Js5Q6L+MZ94H7/4Vvr c0Ojiu6iXug5YmeNteqE3gzJvQcNoEk8js4HUUuH1FJNm1dLtKFY1/NCut6M39zC 1QOh7YfuGj/DgZD0le24SlBFYgv/2kDwVdPesIktyuV0aPZ+gihLFAjQotCvfhZ1 lQ8/+n9gFlG0vpjVdv8ZurixeyUykVk/Xq9HZLPwaDCubJ2NT+tZoqyXAgMBAAGj ggJlMIICYTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFFMnifCC04NozOYpDuRzN16P +WuOMB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMG8GCCsGAQUFBwEB BGMwYTAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AuaW50LXgzLmxldHNlbmNyeXB0 Lm9yZzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNyeXB0 Lm9yZy8wGwYDVR0RBBQwEoIQbG9uZXN5c2FkbWluLm5ldDBMBgNVHSAERTBDMAgG BmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3Bz LmxldHNlbmNyeXB0Lm9yZzCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB3AHR+2oMx rTMQkSGcziVPQnDCv/1eQiAIxjc1eeYQe8xWAAABZwaNaRwAAAQDAEgwRgIhAOWY Xz2ucXa1Src4Ec6cBR6C6TNttfkGGR9mzTGM/SvZAiEA+EgD4cX9Wl+fqctk3iB8 ho/efgo3Urh9BPPQYefb4zQAdQApPFGWVMg5ZbqqUPxYB9S3b79Yeily3KTDDPTl RUf0eAAAAWcGjWrZAAAEAwBGMEQCIGmIhmJ1x68Z0s32ZTTv6NBD1pzRaSTo92t8 mybQWsnsAiAg+R3O4ruTA/ao1OZfjlg5GG8/+9Z6qtTGLF0bK+cyDTANBgkqhkiG 9w0BAQsFAAOCAQEASsi4FWVLjkLG04BgtnPWyxWoPTFY16MDTLpat6Clf9oQTjb4 KcpNn9tYlLyv9NWNYnQiD351IvDAoPG1Lk4iGdQlo1kFNlrjyozZlQGax7g1XuXX 9OasSVK5aJtIGStR7J2NQsgbLgbY9AajC9BWE7lCPE9AsRIDj96nN3DgbL8hng3d 2G2CBUEYC9+FqnhpqNUXuogLNr9SUm6AODLsRMGoQ0lXwLmjrb++tKuEn55SlHHF GvDHKB/qCfjLFpByk05J49v2qDBJcxmOkyTHyi9TnDBplWDRCHO99J6qgMorWma3 UavqxAHS6Q3h/kjsjDhBo90o2fDr+gKKRBiTmA== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/ MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8 SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0 Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj /PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/ wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6 KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg== -----END CERTIFICATE----- And ta-dum! you can paste that into whatever needs it. Some stuff might need it in reversed order, so if it doesn’t work this way justrearrange it.
Don’t forget to use the correct hostnames and ports! If your AD DC is called dc-01.goatrodeo.org and the global catalog is on port 3269it’d be:
openssl s_client -showcerts -servername dc-01.goatrodeo.org -connect dc-01.goatrodeo.org:3269 < /dev/nullGood luck!
SHARE THIS:
* Click to share on Twitter (Opens in new window) * Click to share on Facebook (Opens in new window) * Click to share on Reddit (Opens in new window) * Click to share on LinkedIn (Opens in new window) * Click to email this to a friend (Opens in new window) * Click to print (Opens in new window)*
LIKE THIS:
Like Loading...
WHAT YOU NEED TO KNOW ABOUT UPGRADING TO AN IPHONE XS OR XR Bob Plankers November 21, 2018Hardware
I just got a new iPhone Xs Max. I had an iPhone 6s which I liked a lot, but it’s been a few years and with more travel I thought I’d enjoy having a better device with me. There are a few things that bit me in the duff. * Some two-factor authentication (2FA) apps like Duo or Google Authenticator store their data in the iPhone Secure Enclave, which isn’t backed up to iCloud or via iTunes. That means that when you switch devices (or if you lose your device) you could lose access to your accounts, or it’ll be a serious pain to regain access (which is the point of 2FA). So don’t trade in your old phone until you’ve re-registered everything! @funnelfiasco suggested to me that I switch to Authy, which allows backups and multi-device access. @millardjk suggested keeping screenshots of the registration QR codes, which could be a security issue but would help immensely for reregistering between apps. @vcixnv suggested that SAASPASS was a solution for him, instead of Authy. Thanks Ben , Jim, and Control Center -> Customize Controls. That might be new in iOS 12, or not, but I hadn't noticed it. There was a feature called "Reachability" on the old phones, which will bring the top of the screen down. On my new phone it was shut off. You can enable it by going into Settings -> General -> Accessibility and flipping it on. Once it's on you can swipe from just above the home bar down to move the screen down. It's still a bit kludgy, but hey. So I tried to shut the phone off, and discovered they moved it from the side button. Much cursing ensued. You now have to hold the side button and one of the volume buttons together for two seconds. It's also the SOS function so when you do that you'll have to provide the passcode again. I'm fine with that, I don't want someone to be able to point it at my face and gain access to my phone. If you want to take a screenshot it's the side button and the volume up. If you tap on the screenshot afterwards you can mark it up or delete it, which is nice. Make sure that cellular data is on. Mine got shut off in the conversion. If your provider allows it make sure you're using LTE for both voice and data. This is important on CDMA networks because the older modes didn't allow for simultaneous voice and data. That's a bummer if you're using your phone as a hotspot. Settings -> Cellular -> Cellular Data Options. While you're in there you might check out the WiFi calling options, too. Face ID is interesting. I think I like it so far, but it took a little to get used to it. My wife and I set our phones up so we can each unlock them without knowing each other's passcodes (this is 95% being able to see a recipe on the other person's phone while we're cooking, and 5% me updating her phone). Instead of registering a fingerprint, Face ID allows for an "alternate appearance" which we just use for the other person. Settings -> Face ID & Passcode -> Add Alternate Appearance. With Face ID the auto-lock gets set to 30 seconds. Yuck. While I was in Settings -> Display & Brightness I also disabled Raise to Wake. If you just tap the screen it'll wake up. I also set Settings -> Notifications -> Show Previews to "When Unlocked." I don't like others being able to see my incoming communications. (opens in a new tab)">Britton ! (I went with Authy by the way, and I used the Google Authenticator features rather than Authy-specific stuff in what is probably a futile attempt at avoiding lock-in). * No button is kind of a pain in the duff. Get the home screen by swiping up from the bottom bar (the “home bar”). * Switch apps by swiping left and right on the home bar, or by swiping up from the bar to the middle of the right side of the screen. Yes, that’s convoluted. I miss the button. * Summon the control center by swiping down and towards the center from the top right (same as with iPads now). You can customize those controls in SETTINGS -> CONTROL CENTER -> CUSTOMIZE CONTROLS. That might be new in iOS 12, or not, but I hadn’t noticed it. * There was a feature called “Reachability” on the old phones, which will bring the top of the screen down. On my new phone it was off. You can enable it by going into SETTINGS -> GENERAL -> ACCESSIBILITY and flipping it on. Once it’s on you can swipe from just above the home bar down to move the screen down. It’s still a bit kludgy, but hey. * So I tried to shut the phone off, and discovered they moved it from the side button. Much cursing ensued. You now have to HOLD THE SIDE BUTTON AND ONE OF THE VOLUME BUTTONS TOGETHER FOR TWO SECONDS. It’s also the SOS function so when you do that you’ll have to enter the passcode again. I’m fine with that, I don’t want someone to point it at my face and gain access to my phone. * If you want to take a screenshot it’s THE SIDE BUTTON AND THE VOLUME UP. If you tap on the screenshot afterwards you can mark it up or delete it, which is nice. * Make sure that cellular data is on. Mine got shut off in the conversion. If your provider allows it make sure you’re using LTE for both voice and data. This is important on CDMA networks because the older modes didn’t allow for simultaneous voice and data. That’s a bummer if you’re using your phone as a hotspot. SETTINGS -> CELLULAR -> CELLULAR DATA OPTIONS. While you’re in there you might check out the WiFi calling options, too. * Face ID is interesting. I think I like it so far, but it took a little to get used to it. My wife and I set our phones up so we can each unlock them without knowing each other’s passcodes (this is 95% being able to see a recipe on the other person’s phone while we’re cooking, and 5% me updating her phone). Instead of registering a fingerprint, Face ID allows for an “alternate appearance” which we just use for the other person. SETTINGS -> FACE ID & PASSCODE -> ADD ALTERNATE APPEARANCE. * With Face ID the auto-lock gets set to 30 seconds. Yuck. While I was in SETTINGS -> DISPLAY & BRIGHTNESS I also disabled Raise to Wake. If you just tap the screen it’ll wake up. I also set SETTINGS -> NOTIFICATIONS -> SHOW PREVIEWS to “When Unlocked.” I don’t like others being able to see my incoming communications. Overall, do I like it? Sure. The Xs Max is large and expensive and it’s taking me some time to adjust to the size (I’m a week into it), but I think I’ll like it overall going forward. I just wish some of this was on the “Welcome to iPhone” setup spiel, and not just Siri and Apple Pay.SHARE THIS:
* Click to share on Twitter (Opens in new window) * Click to share on Facebook (Opens in new window) * Click to share on Reddit (Opens in new window) * Click to share on LinkedIn (Opens in new window) * Click to email this to a friend (Opens in new window) * Click to print (Opens in new window)*
LIKE THIS:
Like Loading...
CODE KEYBOARD
Bob Plankers November 6, 2018 Home Office , PeopleStuff , System
Administration
> “You spent $150 on a keyboard?” – _My wife_ There are two kinds of people in technology: those with an opinion about their keyboard, and everybody else. I happen to be one of thefirst.
Buckling Spring image courtesy of Wikipedia. I grew up using the IBM Model F and M keyboards. They have a spring in the key switches that buckles as you press down. That gives you two things: a prominent clicking sound from the keypress, and solid tactile feedback from the key. You definitely know when that keyswitch actuated.
Years ago I had to give up my Model M keyboards. They’re built to last but it was getting harder to find working ones, it was getting inconvenient to adapt them to USB from PS/2, and a case of carpal tunnel made it painful to use a keyboard that required a decent amount of force to type. This also pleased my coworkers, who didn’t particularly like the stream of loud clicking when I was in the office. And so I settled on a series of Dell keyboards, mostly because we had some sitting around. The multimedia controls on the newer Dell Business keyboards are nice, and I’ve been using those for a while now. > “Does it do cool things?” – _My six year old daughter_ In a few weeks I’m not going to have coworkers within 50 feet of me, and my old keyboards are getting a little, well, old. So I thought I’d treat myself to a new keyboard. Over the last couple years I’ve been lurking in the community around keyboards, marveling at the incredible love that people pour into the devices at their fingertips. In particular, Massdrophas a quite the
stream of interesting keyboards and customizations, many available for purchase. There are cheaper options there but I don’t like ground-effect lighting for my keyboard enough to spend $500, though. Turns out you can buy a faithful clone of the IBM Model M from Unicomp , but I think I’m past the mega-clicky stage of my life. I don’t want people to hear all that when I’m on the phone. So after looking around I decided on a 104-key CODE Keyboard , which is a collaboration between Jeff Atwood of Stack Overflow fame and WASD Keyboards . You can choose the switches that are in it so you get exactly what you want for noise, feel, and actuation pressure. The keys have backlighting, which is great. The keyboard weighs a couple pounds, so you can defend your home office with it if you need to, and it has big patches of rubber underneath so it does not move. It’s got a standard USB cable (micro to A), so you can replace it or customize it, and a bunch of routing options underneath. And best of all, it’ssimple & clean.
It’s got six DIP switches on the back to customize it if you are a Mac, Windows, or UNIX person (if you’re used to a Sun keyboard that swapped Ctrl and Caps Lock). I flipped the sixth switch so that the keyboard Function key can do the multimedia controls (versus an OS “menu” key). If you want to customize it further you can just order a WASD v2 keyboard and customize it fully,
from a variety of languages and layouts to what color each key is. I liked the compromises and the LED backlighting in the CODE model, but I can order new keycaps in the future if I want. > “I AM A BAT. I FLY.” – _My three year old son, unfazed by a> new keyboard_
Best of all, I was looking for a reason to try it out, so I wrote this. It’s definitely a different feel than my old keyboard, but that’s what I wanted. I like it so far. At the beginning here I was doing a lot of double capitalization (WRiting THings Like THis), but 600 words in that seems to have cleared up. I think this keyboard and I might get along just fine. Now I need to find an amazing mouse to go with it. Thoughts?SHARE THIS:
* Click to share on Twitter (Opens in new window) * Click to share on Facebook (Opens in new window) * Click to share on Reddit (Opens in new window) * Click to share on LinkedIn (Opens in new window) * Click to email this to a friend (Opens in new window) * Click to print (Opens in new window)*
LIKE THIS:
Like Loading...
JOINING VMWARE
Bob Plankers November 2, 2018People Stuff ,
Professional Development,
Virtualization ,
VMware
> “We changed again, and yet again, and it was now too late and too > far to go back, and I went on. And the mists had all solemnly risen > now, and the world lay spread before me.” – Pip, _Great> Expectations_
Growing up the son of a firefighter and homemaker, I was fortunate to have been given the opportunity to go to college so many years ago. So in the autumn of the release of Windows 95 I left my childhood home to go to school at the University of Wisconsin – Madison. At four hours by car the UW was far enough away from my parents that they wouldn’t stop in randomly, but it was close enough that I could go home easily. I never really went home, though. Sure, I’d go visit, but my home became Madison, and I dug in. And while my parents helped with my tuition, room & board was solely my responsibility. I got a job, hired at the UW-Madison Help Desk to do phone support for thedial-in modem pool.
Information Technology wasn’t a career path when I was in high school, at least according to the school guidance counselor who told me I was going to be a chemical engineer, and that was that. All engineering students go through the first sets of classes together, though, and along the way I heard about Electrical & Computer Engineering. Took me about 12 seconds to switch. The grass is always greener, it seems, and it didn’t take long for me to figure out that I liked the software side more than hardware. The overlap with Computer Science seemed a natural path. Fast-forward a few years. I’d been promoted out of the Help Desk. I was running giant AIX systems for our PeopleSoft implementations, and I was wondering what was next in my life. The work I was doing was so much more interesting than school, and it was the path I wanted to be on. I liked the UW, I had lots of friends there, and the people I was working with and for had interesting problems to solve. Above all, it was safe and familiar. My father died in 2001 and that left me adrift and with a case of PTSD, so when the UW offered me a real job, with real pay and real benefits, I signed on. 23 years later I’ve been fortunate to have worked with some of the brightest (and interestingly enough, fastest and strongest) folks around. I’ve been able to reinvent my job a few times, as new technology comes along to reshape the landscape. Landscaping in higher education involves a lot of hard work, overcoming inertia of silos, culture, and incredible fear of change. It requires immense amounts of patience. It has worn on me, as I’d seen my father’s job as a first responder wear on him, turning us into sarcastic, bitter, angry people. I grew more and more like the mythical Sisyphus, destined to roll
rocks up hills as punishment for offending self-appointed gods innon-specific ways.
I’ve been thinking about moving on for a while now. I don’t want to turn into my father, and I cannot keep rolling the rock uphill for 20 more years. I’ve talked to a number of friends that have made the leap to vendors, all of which told me, nicely, to shut up and do it. I clearly enjoy technology, but I also enjoy speaking and writing about it to help others understand more. I’ve been active in the VMware community for years. With all of that I’ve been envious of the work the VMware Technical Marketing folks do in all these spaces, getting paid to do the things I basically do as a hobby. With two small children I’ve been hesitant to take a position with a lot of travel, though, and I’m very fortunate to be in a spot where I could take some time to make sure where I was going is a very good fit. That said, it took almost no time for me to respond when I was asked to consider applying for a position at VMware, in the Cloud & Platform Business Unit’s Technical Marketing group. I am the secret Mike Foley’s been dying to reveal on Twitter, and I’m
very excited to work with him, Adam Eckerle, Niels Hagoort (who justjoined as well
) and all
the others that produce such great content and understanding forVMware customers.
I start at VMware in early December and for the first time in a long time I feel again like Pip in that quote above, excited and nervous at the possibilities that lay before me.SHARE THIS:
* Click to share on Twitter (Opens in new window) * Click to share on Facebook (Opens in new window) * Click to share on Reddit (Opens in new window) * Click to share on LinkedIn (Opens in new window) * Click to email this to a friend (Opens in new window) * Click to print (Opens in new window)*
LIKE THIS:
Like Loading...
FIXING X11 FORWARDING OVER SSH AND WITH SUDO Bob Plankers July 6, 2018 System Administration X11 forwarding over SSH not working? Not setting $DISPLAY correctly in your shell? Having problems with X11 and sudo? Yeah, me too. Total pain in the duff. Here’s what I do to fix it. I’m thinking about Linux when I write stuff like this but a lot of this has worked on AIXand Solaris, too.
* Make sure your SSH client supports X11 Forwarding and that it’s turned on. I use SecureCRT but I know it works inPuTTY as well.
Once you turn it on in your client & save the settings you will need to reconnect, the forwarding is established with the connection. * Ensure xauth and xterm are installed. You need xauth for this to work, and xterm is a lightweight way to troubleshoot this stuff (just run “xterm” at a shell prompt and a window should pop open). * If you are using a command-line client, or forwarding across multiple hosts, is X11 forwarding enabled in your ~/.ssh/config file? Add “ForwardAgent yes” and “ForwardX11 yes” to it. You can also force it with “ssh -X user@host” when you connect. * Do you have an X Windows server running on your desktop PC? I use Windows on my desktop and I use VcXsrv . Make sure it’s started and running. VcXsrv asks me how I want to run it, I always choose “Multiple windows,” set the display number to -1 to let it choose, and start no client. You can futz with the rest once you know it’sworking.
* Is your $DISPLAY variable being set but you get errors? If so, that’s usually not forwarding, that’s something on your PC. Check your $DISPLAY with “echo $DISPLAY” at a prompt. It should have something in it like “localhost:10.0” or “localhost:13.0” or so. Does your X Windows server software (VcXsrv) have permissions? If so, set them wide open (allow all hosts to connect). * On your SSH server do you have “X11Forwarding yes” and “AllowAgentForwarding yes” in sshd_config? If it’s commented out uncomment it and restart the SSH daemon (“service sshd restart” works on a lot of distros). * Is your home directory writable? When you log in it’ll need to create an ~/.Xauthority file and if it cannot do that you’ll haveproblems.
* Is your ~/.ssh directory writable and correct permissions? It should be owned by your user and chmod 700. Things in it should bechmod 600.
* Is there an old ~/.Xauthority file sitting there? Try removing it and logging in again. * Did you disable IPv6? If you run “sysctl net.ipv6.conf.all.disable_ipv6” and it comes back as 1, or “lsmod | grep ipv6” shows nothing you might have IPv6 disabled. Turns out OpenSSH hates that and has a very passive-aggressive way of showing it. Add “AddressFamily inet” to your sshd_config and restart the daemon. That forces it back to IPv4 only. * Are you trying to run something as root using sudo or su? Getting “X11 connection rejected because of wrong authentication?” That gets funky because of permissions with xauth. There are lots of tricky fixes with xauth but I’ve just found copying my .Xauthority file to my target user works great. Then you can “sudo xterm” with impunity. You might try avoiding “sudo su -” as the hyphen wipes your environment out, and along with it your $DISPLAY. Just try “sudo -u targetusername command” instead. sudo cp ~plankers/.Xauthority ~root/.Xauthority * If you’ve gotten this far and you’re still not able to run ‘xterm’ and have it pop a window open I’m surprised. Try SSHing with debugging on, “ssh -v -X user@host” and see if it tells you what’s wrong. Add more “v” to increase the debugging level, like “ssh -vv -X user@host.” * What do the logs say when you connect to the server? A lot of times when there’s something wrong it’ll put something in the logsabout what it is.
* Absolute vanilla installs of Linux distributions usually work fine. As a last resort try a VM running a stock installation of something like Ubuntu and see what happens. Good luck! I hope at least some of this helps.SHARE THIS:
* Click to share on Twitter (Opens in new window) * Click to share on Facebook (Opens in new window) * Click to share on Reddit (Opens in new window) * Click to share on LinkedIn (Opens in new window) * Click to email this to a friend (Opens in new window) * Click to print (Opens in new window)*
LIKE THIS:
Like Loading...
FIXING VEEAM BACKUP & REPLICATION PROXY INSTALL ERRORS Bob Plankers July 2, 2018Virtualization ,
VMware
Every once in a while I struggle a little to add a new Veeam Backup & Replication hot-add proxy. If you’re like me and seeing proxy install errors maybe some of these will fix you up. This is what worked for me on Windows Server 2016 when I was getting error 0x00000057, “Failed to create persistent connection to ADMIN$” and some other unhelpful messages. If you’re using a hardened Windows installation all bets are off, since the goal of hardening is to intentionally disrupt remote access. I’d get it running with as close to a stock Windows installation as possible and then work from there if you need to secure things further. There are also ways to manually install the Veeam Transport Service that might be more helpful. You might want to consider taking a snapshot before this work, so when you discover what fixes the problem you can revert the snapshot and just implement the fix cleanly. * First, try specifying the username as the full “DOMAIN\Username” format when you add it to the Backup & Replication console. Don’t use the “.\username” format and don’t omit the domain part itself. If you are using local accounts you’ll want to specify “SERVERNAME\username” instead, using what the proxy knows as its name. This alone fixes 90% of the issues I’veseen.
* If you aren’t using the Administrator account (and it’s a good idea not to) does the account you want to use have Administrator rights on the proxy VM, and the correct password? I sometimes forget to add the domain service account I created to the local administrators group. * Check to see if you can reach the administrative shares on the proxy VM. Do this from the Backup & Replication main backup server itself by browsing to \\COMPUTERNAME\\Admin$ using the credentials you’re going to use for Veeam. This may mean you need to use “net use” to map it so you can specify a different username. If that works you should see the Windows directory on the remote computer. * Didn’t work? Is the firewall enabled? For troubleshooting try adding an explicit “allow any” rule for all traffic to & from the backup server. If that makes browsing to Admin$ work then make sure you have rules to permit traffic between the proxy and the other proxies, and the proxy and the main backup server. Note that you can test this by just shutting the firewall off, but don’t do that unless you’re protected in some other way (hardware firewall, etc.). * If the firewall is disabled and you still cannot browse can the backup server ping the proxy? Is there another firewall between them that’s denying traffic? * If the firewall is disabled, they can ping each other, and you still cannot browse have you disabled remote UAC on the proxy VM? Open an administrator-level command prompt and run: reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f Reboot the proxy VM and try again. At this point you probably can browse to Admin$, and you should take a moment to make sure your firewall is on and everything is secured again. If you still can’t get in I’d look at more fundamental issues, like time synchronization and DNS.Good luck!
SHARE THIS:
* Click to share on Twitter (Opens in new window) * Click to share on Facebook (Opens in new window) * Click to share on Reddit (Opens in new window) * Click to share on LinkedIn (Opens in new window) * Click to email this to a friend (Opens in new window) * Click to print (Opens in new window)*
LIKE THIS:
Like Loading...
Previous Posts
Subscribe to this Blog Enter your email address to subscribe to this blog and receive notifications of new posts by email. Alternately, subscribe via RSS in your favorite newsreader.Email Address
Subscribe
Useful Pages
* About This Blog
* Copyright, Permissions, and Attribution* Disclosures
* Privacy
* Bio
* Linux Virtual Machine Tuning Guide* Resources
Search This Site
Shop Related ProductsAds by Amazon
×
Thank you!
This will help us improve your ad experience. We will try not to showyou such ads again.
Report a problem
This item is...
Not relevant
Inappropriate / OffensiveDisplayed poorly
Other
Add Comments (Max 320 characters) Dell Business Multimedia Keyboard - KB522, Black$24.99$29.99
Bestseller
(175)
DEAL OF THE DAY
ENDS IN
×
Thank you!
This will help us improve your ad experience. We will try not to showyou such ads again.
Report a problem
This item is...
Not relevant
Inappropriate / OffensiveDisplayed poorly
Other
Add Comments (Max 320 characters) IBM Keyboard Model M 1391401$225.00
Bestseller
(36)
DEAL OF THE DAY
ENDS IN
×
Thank you!
This will help us improve your ad experience. We will try not to showyou such ads again.
Report a problem
This item is...
Not relevant
Inappropriate / OffensiveDisplayed poorly
Other
Add Comments (Max 320 characters) TimeMachines, PTP Network Time Server…$549.99
Bestseller
(2)
DEAL OF THE DAY
ENDS IN
×
Thank you!
This will help us improve your ad experience. We will try not to showyou such ads again.
Report a problem
This item is...
Not relevant
Inappropriate / OffensiveDisplayed poorly
Other
Add Comments (Max 320 characters) Lenovo Preferred Pro USB Keyboard English$37.49
Bestseller
(124)
DEAL OF THE DAY
ENDS IN
Ads by Amazon
Categories
* Automation
* Best Practices
* Blog Action Day
* Blogs I Read
* Books
* Cloud
* Converged Infrastructure* Data Center
* Dear Vendor
* del.icio.us
* Desktop
* Documentation
* Funny
* General Rambling
* Hardware
* Home Office
* How To
* IPv6
* LazyWeb
* Music, Movies, Media* Networking
* Outright Rant
* People Stuff
* Photos
* Product Review
* Professional Development* Quotes
* Security
* Site Administration* Social Media
* Storage
* System Administration* Tech Field Day
* Trivia
* Vacations
* vBeers
* Virtualization
* VMware
* VMworld
Tags
aix apple
backup
centos
chef
cloud
dell
ESXi
hardware
hyper-v
iDRAC
intel
iOS
iphone
licensing
linux
Linux VM Performance Tuningmicrosoft
networking
oracle linux
performance
Perl
Puppet
red hat
red hat enterprise linuxsecurity
solaris
solarwinds
ssd
ssh
storage
sysadmin
tech field day
tuning
vCenter
vCSA
veeam
virtualization
virtual machine
vmware
vmworld
vsphere
vSphere 5
windows
%d bloggers like this: Send to Email Address Your Name Your Email Address Cancel Post was not sent - check your email addresses! Email check failed, please try again Sorry, your blog cannot share posts by email.Details
Copyright © 2024 ArchiveBay.com. All rights reserved. Terms of Use | Privacy Policy | DMCA | 2021 | Feedback | Advertising | RSS 2.0