search for: chmielewsky

Just search online why in general that is insecure via CLI vs programmatic for first class automation.. there is a reason why snmp, rest, ... exist. On Thu, Mar 29, 2018 at 3:50 AM, Tomasz Chmielewski <mangoo at wpkg.org> wrote: > You've mentioned security issues in your previous email, but now you're > hopping to management issues. > > Have you tried Ansible, Chef or

There is a reason most NMS systems used SNMP in the past and REST apis past 7+ years. They don't use CLIs except toy Expect type scripts.. Not just security but better error handling and more. Good luck learning! On Thu, Mar 29, 2018 at 9:03 AM, Tomasz Chmielewski <mangoo at wpkg.org> wrote: > SNMP is mainly used for monitoring, not _server_ automation. > > Also, it's

Al like any open-source or free sofware you need to put the leg work into what you want it to be. My company is actually creating something using TINC and we believe in it. If successful we'll be giving back to TINC monetarily in a big way to make TINC even better so if TINC isn't for you keep an eye on further developments in the future. Thanks, Rafael On Thu, Mar 29, 2018 at 12:03

Programmatic management with first class APIs is preferred for larger deployments.. On Mon, Mar 26, 2018 at 12:28 PM, Tomasz Chmielewski <mangoo at wpkg.org> wrote: > Could you elaborate on why CLI (SSH) managing is insecure? > > > Tomasz Chmielewski > https://lxadm.com > > > On 2018-03-27 04:23, al so wrote: > >> So, for remote manageability of Tinc, we

I converted an ext4 filesystem with btrfs-convert, mounted it, and wanted to do "lzop -d ...". The result was an immediate Oops (btrfs is on LVM, on dm-crypt, on /dev/sdb which is USB-connected). mini-904.img.lzo dentry_open failed BUG: unable to handle kernel paging request at ffffffcd IP: [<c01b5f36>] fput+0x6/0x30 *pde = 00575067 *pte = 00000000 Oops: 0002 [#1] SMP last sysfs

On 2017-02-21 16:39, Tomasz Chmielewski wrote: > tshark shows "TCP Spurious Retransmission" for cases where curl is not > able to fetch any data. > > > Both tinc servers are running Ubuntu 16.04 (64 bit) with tinc 1.0.26. > > DC1 is Europe (Hetzner); DC2 is in USA (Amazon AWS). > > > > What's interesting, I don't have these timeouts when I

I have a share with a couple of symlinked files in it. On a Samba server, it looks like this for "addon" directory: # ls -l (...) acrobatreader7 (...) addon -> /home/samba/unattended-write/packages Now, if I mount it on a Linux client using smbmount, symlinks point to non existing directories locally (/home/samba/unattended-write/packages exist only on a Samba server): #

SNMP is mainly used for monitoring, not _server_ automation. Also, it's inherently insecure for anything else - only SNMPv3 offers any kind of encryption, and it's DES - 56 bit only, and you can easily brute-force it on an average computer. If you could provide some serious articles about why is CLI insecure, I'd be interested to read. Tomasz Chmielewski https://lxadm.com On

At the beginning of August, Mikulas Patocka posted to linux-kernel mailing list about adding snapshot merging to LVM[1]. Basicaly, snapshot merging means that it is possible to turn a snapshot back into its origin. Using LVM, however, means that you need to have free place outside of the filesystem (i.e., in physical volume) to make snapshots, which is not always possible on workstations and

What is the easiest way to allow normal users to install printers (which are available through a Samba server)? Normally, Windows 2000 and XP need to have a printer installed by the admin first on a given workstation - only the it can be used by the user. I want to allow the user to install own printers. Now, when one trises to right click on a printer on a server and "connect", he

rsync in daemon mode is very powerful, yet it comes with one big disadvantage: data is sent in plain. The workarounds are not really satisfying: - use VPN - one needs to set up an extra service, not always possible - use stunnel - as above - use SSH - is not as powerful as in daemon mode (i.e. read only access, chroot, easy way of adding/modifying users and modules etc.) Why was encrypted

I have the following tinc setup: client -- tinc DC1 -- tinc DC2 -- 10.1.2.0/24 subnet It generally works well, however, there is one issue I'm not able to solve: *sometimes*, connectivity to *some* destinations does not work for the first few seconds. To demonstrate: $ mongo mongo.example.com:27017 MongoDB shell version: 3.2.12 connecting to: mongo.example.com:27017/test

I have an asterisk box and SIP / IAX2 phones. To call out, users have to add 0 (zero) before a real telephone number. That means, that if they want to call someone that has a number 123456, they have to call 0-123456. Simple, right? This has a serious drawback though - when someone calls us from the number 123456, we see the callerID 123456, and we're unable to use the callback/redial

I''m trying to use this feature of qgroup: btrfs qgroup assign <srcid> <destid> <path> Assigns the lower level qgroup src to the higher level qgroup dest in the btrfs found in <path>. It is used to build qgroup hierarchies. However, I fail to understand how this feature should work, and I''m getting "ERROR: bad relation requested":

I have the following appended to gluster logs at around 100kB of logs per second, on all 10 gluster servers: [2012-06-11 15:08:15.729429] I [dht-layout.c:682:dht_layout_dir_mismatch] 0-sites-dht: subvol: sites-client-41; inode layout - 966367638 - 1002159031; disk layout - 930576244 - 966367637 [2012-06-11 15:08:15.729465] I [dht-common.c:525:dht_revalidate_cbk] 0-sites-dht: mismatching layouts

I'm trying to join a Windows 2008 to a Samba4 domain. I'm able to ping Samba4 or browse its network shares. Unfortunately, I can't join Windows 2008 to this Samba4 domain - I'm not even asked for Administrator password. Windows 2008 errors with the below message, which roughly translates to: DSN-query for domain "samba4.my.domain" was successful. The query was for

automation refers to day to day vpn management from non-IT layman... not a geek running shell/ansible scrpits. On Thu, Mar 29, 2018 at 8:48 AM, al so <volkswak at gmail.com> wrote: > Just search online why in general that is insecure via CLI vs programmatic > for first class automation.. there is a reason why snmp, rest, ... exist. > > On Thu, Mar 29, 2018 at 3:50 AM, Tomasz

With ssh tunnel (-L option), is it possible to set _remote_ bind address? Say, I have a remote SSH server with two IP addresses, 1.1.1.1 and 2.2.2.2. I would like to make sure that any outgoing connections to 3.3.3.3 will be made from 2.2.2.2: ssh client ---> 1.1.1.1 ssh server 2.2.2.2 >--- 3.3.3.3 Pseudo "--remote-bind" command here to illustrate what I mean: ssh -N -L

Hello, Is there a list of software phones which will work with Asterisk? For Linux and Windows? I don't have any hardware yet, and before I buy anything I would like to know how Asterisk really works (with software "phones" for example). Tomek

Hello, I was searching for this information virtually everywhere, but as I couldn't find it - I'm asking here. I was wondering, why setting the Compression Level was removed in SSH2, and if on, is always set to 6. In SSH1 it was possible to set the Compression Level from 1 to 9. I have made some tests with Compression Levels using scp: SSH1, compression 9 (highest available for