Sysadmin

I've been wondering whether it's better for memory pages to be compressed at the hypervisor level, or on the VM level.

I'm leaning toward the VM level, because

1: VMs have better knowledge of memory pressure by the application, and can better decide when to swap pages out to zram. The VM has access to information about memory pages that the hypervisor doesn't have.

2: if pages are compressed on the hypervisor level, the VM doesn't "see" any increased memory available. The host box gains free memory, but the application never sees it to make use of it, it'll just see the same 8GB as it always has, so it never really benefits. This maybe lets you host more VMs on one box, but at the cost of the applications not being as efficient.

Is this a reasonable position? I'm wondering if I'm missing something obvious.

I want to make windows clients at my workplace more secure by using software obtained with winget and have it automatically updated on a regular schedule. I have a Linux (Gentoo and Debian) background.

In the majority of cases the users are AD users without Administrator rights, so they cannot do winget upgrade --all in PowerShell. My idea was to create a scheduled task which runs as the SYSTEM user, but unfortunately, a PowerShell spawned that way cannot access winget, reporting that this Cmdlet cannot be found.

I recently saw WAU (Winget-AutoUpdate). I did not try it myself yet. Can it do the job? What are you doing to maintain 50+ windows clients with users that are not Administrators on their system and lack the knowledge to update software besides what Windows 11 does for them out-of-the-box.

Interestingly, there does not seem to exist anything on Windows that is as easy as cron, systemd.timers or unattended-updates. And, in most cases users of Linux clients get sudo rights, because you can expect some basic knowledge about the package manager. On the other hand it wouldn't strictly be neccessary if they are not devs and need only a static set of software. The beauty of having it all in one repo + flatpaks in user space makes it all possible on Linux.

Even with winget which is a great relieve on Windows, btw., OS updates are seperate from app updates; basically only "flatpak", but without native auto-updates.

One additional remark: The apps need to be preinstalled before a new AD user logs on; I have to use --scope machine with winget. Users should not be bothered installing software themselves, not even with winget install --scope machine

I like to read, what you are using and I hope, it can be done without spending money on it. An open source solution is preferred.

Coming to me in the form of Sonicwall's Cloud Secure Edge (at a monthly, per-user cost), I understand the basics of what they say it's going to do, but I also have been doing this long enough to understand when someone's using a lot of buzzwords and scare tactics to hype a much simpler concept that I feel I am not as much up on. I would welcome any and all comments from those of you with any experience in implementing/utilizing/understanding SSE. Thanks in advance!

Hi! So I have a backblaze account, and I would like to make a restic backup of my servers, but I'd like to be able to handle the paths, schedules and other options via GUI. What would be a good/easy GUI to set it up?

Thanks!

cross-posted from: https://feddit.uk/post/40593125

They state it's scheduled maintenance but the dashboard link leads to a 500 return. https://www.cloudflarestatus.com/

Hi, I’m looking to set up a Hybrid Cloud Infrastructure with my homelab as I’m lacking additional processing power.

• Does Hetzner have concepts for VPC/VCN and subnets, similar to AWS, GCP, or Oracle? I’ve been browsing through the documentation (https://docs.hetzner.com/networking/networks) but couldn’t find anything related to it.
• Does anyone have a new referral code they can share? Thanks!

Remote terminal application that allows roaming, supports intermittent connectivity …

Hello guys,

We're somewhat struggling with moving traditional file shares to SharePoint Online. Unanimously people recommend moving to multiple sites vs a single one because the ease of management. While I do not doubt that I simply cannot see the logic. The only real limitation I can think of is the amount of items per site where moving to multiple sites would make a difference.

What is easier about managing permissions on for example 5 folders in the root of a single site vs managing the permissions on 5 separate sites?

What I do know is that it is way easier to have my user go to a single site to find their stuff vs 5 different sites (and their corresponding URL's) or am I missing something here?

Why troubleshoot Terraform when you can procrastinate by updating your onboarding slide deck instead?

For a few years I'm noticing more and more weird and unexplainable behaviour in Outlook. We support mostly 365 Exchange Online clients on Windows workstations or RDS environments.

The amounts of unexplainable bullshit we face is staggering. Outlook not being able to open the folder set, weird MFA glitches, weird bugs in the UI and downright weird errors coming from nowhere is some of the stuff we face weekly.

Am I alone on this?

With version 142, Google Chrome just rolled out a new permission prompt for Local Network Access.

While technically a good feature, this caused me the better half of the day hunting a production bug in our SaaS product, which after all did not exist.

Turns out that Chrome will display the permission dialog also for requests which your company's IT-mandated Endpoint Protection solution is grabbing for inspection. In our case, it was Zscaler causing issues.

If you deny the request (which from an end user perspective is the only reasonable choice), your web application will act weird.

Lucky me, our devices had just upgraded to Chrome 142 at the very same day we rolled out a production release. That's how all hell broke loose.

Working on a machine that BSOD'd 3-4 times a week, couldn't find much wrong but then I saw this. An NVME drive from a company named "OEMGenuine".
Their website 404's, waybackmachine says it was last cached 2 years ago, and even then it was a broken Godaddy landing page.

Found in a Thinkpad purchased from Amazon, sold by a third-party reseller who "upgrades" the devices before reselling.

Machine seems just fine/stable with a credible drive in it.

What's the craziest shady "brand" name you've seen in the wild?

EDIT: NEW Discovery! One of the ancient waybackmachine cached pages previously redirected to oemgenuine.NET! It's shoddy as hell but the .net domain is still visible today! oemgenuine.net

AWS Us-east-1 has broken itself on a European Monday morning.

So far we have Slack being slow and image attachments preview broken.

No SSO auth with Atlassian (JIRA, OpsGenie, and Confluence)

Sadly, I looks to be resolving. Back to work 🥲

About a month ago NPM was compormised. It was advised to lock versions to before the compromise.

However, one eventually needs to unlock and start getting updates again. Does anybody know if the coast is clear, or possibly a place that is tracking known compromised packages and their current status?

So we just hired a contractor. We wanted a mid level devops like engineer that can handle cleanup tasks that we are far behind on. Grunt work, mostly like cleaning up terraform repos, adjusting configuration to comply with audits.

What we go instead is a highly pushy dude who really wants to push us to a specific stack architecture.

Right now we use a pretty old but standard setup of public lb to nginx, to app load-balancer to our app servers.

We want to move to Kubernetes but there have been some roadblockers with the way this app location is configured.

He's been trying to push us to move to a tool chain that uses terragrunt and terraform to deploy kubernetes and argocd.

We finally agreed to let him do what he wanted, and the very first thing he asked for is a separate AWS account, and the ability to register two top-level domains through Route 53.

Myself and management talked about it and while we understand the requirement for the AWS account,and how does complicate network infrastructure, we're a bit concerned about why he wants to register two new domains to work with.

I've been doing this for almost 10 years now, and I've read all of the documentation for these tools, and while I haven't used argocd and Terragrunt, I don't see any reason why they could not work with us to use one of our pre-existing domains.

Hi there, looking for a KVM for my home server to fix it remotely when having an important issue
because wel... My home server isn't at MY home but at my mother's home

I was looking at nanoKVM-USB which I would plug to a raspberry pi, enabling and disabling the remote app according to my need to avoid unnecessary security issues, maybe even unplug it and ask my mother to plug it when needed, what do you think of such a solution ?

Thanks !

This is nice for those tired of wrestling with TLS certs and CAs for your database