search for: chmielewski

Just search online why in general that is insecure via CLI vs programmatic for first class automation.. there is a reason why snmp, rest, ... exist. On Thu, Mar 29, 2018 at 3:50 AM, Tomasz Chmielewski <mangoo at wpkg.org> wrote: > You've mentioned security issues in your previous email, but now you're > hopping to management issues. > > Have you tried Ansible, Chef or Puppet for automation? It works well for > hundreds of servers, different services and not just one...

There is a reason most NMS systems used SNMP in the past and REST apis past 7+ years. They don't use CLIs except toy Expect type scripts.. Not just security but better error handling and more. Good luck learning! On Thu, Mar 29, 2018 at 9:03 AM, Tomasz Chmielewski <mangoo at wpkg.org> wrote: > SNMP is mainly used for monitoring, not _server_ automation. > > Also, it's inherently insecure for anything else - only SNMPv3 offers any > kind of encryption, and it's DES - 56 bit only, and you can easily > brute-force it on an average...

...s actually creating something using TINC and we believe in it. If successful we'll be giving back to TINC monetarily in a big way to make TINC even better so if TINC isn't for you keep an eye on further developments in the future. Thanks, Rafael On Thu, Mar 29, 2018 at 12:03 PM, Tomasz Chmielewski <mangoo at wpkg.org> wrote: > SNMP is mainly used for monitoring, not _server_ automation. > > Also, it's inherently insecure for anything else - only SNMPv3 offers any > kind of encryption, and it's DES - 56 bit only, and you can easily > brute-force it on an average...

Programmatic management with first class APIs is preferred for larger deployments.. On Mon, Mar 26, 2018 at 12:28 PM, Tomasz Chmielewski <mangoo at wpkg.org> wrote: > Could you elaborate on why CLI (SSH) managing is insecure? > > > Tomasz Chmielewski > https://lxadm.com > > > On 2018-03-27 04:23, al so wrote: > >> So, for remote manageability of Tinc, we don't have any SNMP or REST >&gt...

...26 00 0f 84 e5 fe ff ff 31 c9 89 da 83 c8 ff ff d6 e9 d0 fe ff ff 8d 74 26 00 55 89 e5 8d 50 18 <f0> ff 0a 0f 94 c1 84 c9 75 08 5d c3 8d b6 00 00 00 00 e8 13 fe EIP: [<c01b5f36>] fput+0x6/0x30 SS:ESP 0068:c4fd3e70 CR2: 00000000ffffffcd ---[ end trace 86b77908c796fc8f ]--- -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html

On 2017-02-21 16:39, Tomasz Chmielewski wrote: > tshark shows "TCP Spurious Retransmission" for cases where curl is not > able to fetch any data. > > > Both tinc servers are running Ubuntu 16.04 (64 bit) with tinc 1.0.26. > > DC1 is Europe (Hetzner); DC2 is in USA (Amazon AWS). > > > > Wh...

...s in such directories just fine. I would rather expect that to happen on a Linux client, too (i.e., Linux client should not see it as symlinks, but as real files/directories). Where can I look for a solution? I didn't find anything about it in smbmount nor in smb.conf manuals. -- Tomasz Chmielewski Software deployment with Samba http://wpkg.org

...o, it's inherently insecure for anything else - only SNMPv3 offers any kind of encryption, and it's DES - 56 bit only, and you can easily brute-force it on an average computer. If you could provide some serious articles about why is CLI insecure, I'd be interested to read. Tomasz Chmielewski https://lxadm.com On 2018-03-30 00:48, al so wrote: > Just search online why in general that is insecure via CLI vs > programmatic for first class automation.. there is a reason why snmp, > rest, ... exist. > > On Thu, Mar 29, 2018 at 3:50 AM, Tomasz Chmielewski <mangoo at wpk...

...ume) to make snapshots, which is not always possible on workstations and some servers. Is something similar available, or planned, for btrfs? I didn''t find anything similar on "btrfs design" page in the wiki. [1] http://kerneltrap.org/Linux/LVM_Snapshot_Merging -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html

What is the easiest way to allow normal users to install printers (which are available through a Samba server)? Normally, Windows 2000 and XP need to have a printer installed by the admin first on a given workstation - only the it can be used by the user. I want to allow the user to install own printers. Now, when one trises to right click on a printer on a server and "connect", he

...s possible - use stunnel - as above - use SSH - is not as powerful as in daemon mode (i.e. read only access, chroot, easy way of adding/modifying users and modules etc.) Why was encrypted communication in rsyncd never implemented? Some technical disagreements? Nobody volunteered? -- Tomasz Chmielewski http://www.sslrack.com

...nect to 10.1.2.3:27017 after 5000ms milliseconds, giving up. 2017-02-21T03:34:55.754+0000 E QUERY [thread1] Error: couldn't connect to server mongo.example.com:27017, connection attempt failed : connect at src/mongo/shell/mongo.js:231:14 @(connect):1:6 exception: connect failed Tomasz Chmielewski https://lxadm.com

I have an asterisk box and SIP / IAX2 phones. To call out, users have to add 0 (zero) before a real telephone number. That means, that if they want to call someone that has a number 123456, they have to call 0-123456. Simple, right? This has a serious drawback though - when someone calls us from the number 123456, we see the callerID 123456, and we're unable to use the callback/redial

...1178 gen 85132 top level 5 path test2 # btrfs qgroup show /mnt/lxc2 0/1177 4096 4096 0/1178 4096 4096 # btrfs qgroup assign 1177 1178 /mnt/lx2 ERROR: bad relation requested ''/mnt/lx2'' Could anyone give examples of proper usage of this feature? This is Linux 3.10. -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html

...2662303 [2012-06-11 15:08:15.733161] I [dht-common.c:525:dht_revalidate_cbk] 0-sites-dht: mismatching layouts for /gluster/pub/one/content/2012/6/10 Is there a way to get rid of that? I did a big add brick / remove brick operation before, followed by layout / migrate-data rebalance. -- Tomasz Chmielewski http://www.ptraveler.com

...)-Eintr?ge, die den Namen des Active Directory-Dom?nencontroller dessen IP-Adressen zuordnen, fehlen oder enthalten nicht die richtigen Adressen. - Die in DNS registrierten Active Directory-Dom?nencontroller verf?gen nicht ?ber eine Netzwerkverbindung oder werden nicht ausgef?hrt. -- Tomasz Chmielewski http://wpkg.org

...le scrpits. On Thu, Mar 29, 2018 at 8:48 AM, al so <volkswak at gmail.com> wrote: > Just search online why in general that is insecure via CLI vs programmatic > for first class automation.. there is a reason why snmp, rest, ... exist. > > On Thu, Mar 29, 2018 at 3:50 AM, Tomasz Chmielewski <mangoo at wpkg.org> > wrote: > >> You've mentioned security issues in your previous email, but now you're >> hopping to management issues. >> >> Have you tried Ansible, Chef or Puppet for automation? It works well for >> hundreds of servers, differ...

...ns to 3.3.3.3 will be made from 2.2.2.2: ssh client ---> 1.1.1.1 ssh server 2.2.2.2 >--- 3.3.3.3 Pseudo "--remote-bind" command here to illustrate what I mean: ssh -N -L 4444:3.3.3.3:4444 --remote-bind 2.2.2.2 1.1.1.1 If not possible, are there any workarounds? -- Tomasz Chmielewski http://wpkg.org

Hello, Is there a list of software phones which will work with Asterisk? For Linux and Windows? I don't have any hardware yet, and before I buy anything I would like to know how Asterisk really works (with software "phones" for example). Tomek

...SSH2, compression 6 (the only available for SSH2), and, no wonder, SSH1 *always* won, no matter if it was tar'red /etc (lots of txt files), a long pdf file, or even long avi file. Why not let the user what best suits him? Or maybe there is some way to turn it on in SSH2? Regards, Tomasz Chmielewski