gerdesj @ gerdesj @lemmy.ml

Posts

1

Comments

161

Joined

2 yr. ago

I've just moved my work PC from a cast off from a customer - it had a BIOS date stamped 2012, and was a rather shag Lenovo with a ... Intel Core something and four GB RAM. Cheap though, ie free. I did wedge in a SSD to make it usable.

I run KDE which isn't known for being tiny and I have a Postgres DB and a few containers for experiments running. The new box is a i5 Intel G13 thingy - HP mini jobbie. Luxury

To ensure that I am as disadvantaged as everyone else, I run ESET Endpoint AV and full disc encryption on it. It boots EFI and Secure Boot is enabled. I will pass a Cyber Essentials Plus audit (UK standard) without having to employ any misdirection. I've also read up on the US standards. The STIG for Ubuntu 22.04 is doable but my desktop is running 23.04 and 24.04 has just come out.

I run my company and we have some customers who have some rather more stringent requirements than others. We also have our own standards.

I do use it quite a lot. The pfSense package for ACME can run scripts, which might use scp. Modern Windows boxes can run OpenSSH daemons and obviously, all Unix boxes can too. They all have systems like Task Scheduler or cron to pick up the certs and deploy them.

I do IT security for a living. It is quite complicated but not unrealistic for you to DIY.

Do a risk assessment first off - how important is your data to you and a hostile someone else? Outputs from the risk assessment might be fixing up backups first. Think about which data might be attractive to someone else and what you do not want to lose. Your photos are probably irreplaceable and your password spreadsheet should probably be a Keepass database. This is personal stuff, work out what is important.

After you've thought about what is important, then you start to look at technologies.

Decide how you need to access your data, when off site. I'll give you a clue: VPN always until you feel proficient to expose your services directly on the internet. IPSEC or OpenVPN or whatevs.

After sorting all that out, why not look into monitoring?

I think we might be writing at cross purposes. The system you had for your mum obviously worked effectively for you and that is the important thing.

POTS provide(s|d) a fixed point of reference - your address is registered against the number for 999 etc; it provides power for a handset or device; Its been like that for a lot of decades! These are cast iron guarantees. A POTS line has guarantees, enshrined in UK law, that mobile etc does not have. POTS is circuit switched (well it was) which means there is a physical path between the ends for the duration of the conversation.

So, by old school, I mean that you currently have important guarantees about telephony in the UK that will evaporate in future. In 2025 or so, we in the UK will have finished migrating from our old school POTS copper lines and will enjoy our smart new SoGEA lines instead. Single Order Generic Ethernet Access. Instead of an emulated circuit switched line we will use VoIP across the entire country. Nothing wrong with that but it probably won't have the guarantees that POTS had.

Red Care is no more - BT have dropped it on the floor as of Feb this year which may indicate that things are not well with our future comms promises. The general system that Red Care was one product of is still available.

This is the important point: Promises (in law) that we used to be able to rely on for comms may (will) be binned.

In the UK at least, the POTS (Plain Old ...) copper phone lines carry an electrical current as well as signals and can power the handset. There are certain guarantees about this so that in an emergency your phone will still work so you can dial 999 (our original emergency number) or 112. Our fire regulations require something like 30 minutes before things should start failing. In the real world, you get out immediately and use your mobile.

We have an emergency alarm monitoring system used by businesses. Its generally known as "Red Care" which was a brand run by BT (British Telecom). You have a small device connected to a phone line (and powered by it) and it will monitor your fire detectors and building access control systems and a 24 hour manned monitoring centre will notify you in the event of an emergency. Nowadays, these devices will use your wifi and internet connection. Sometimes: old school is best.

I know what you mean. You've already read a load of log files on behalf of an "engineer" who seems incapable of doing it themself. You've also eliminated DNS and NTP and laughed at suggestions relating to SFC /SCANNOW. Then you roll up your sleeves and plug into the Matrix ...

Which distro do you use? Ubuntu, Debian, Arch and Gentoo have packages and I've no doubt that most others do too. On Linux you should not have to go to random websites and download stuff and faff around - use the built in distribution packages. If you are not sure what you've got try this at a command prompt and read the output:

    
$ cat /etc/os-release



  

As a last resort, you can run tcpdump on nearly anything and dump to .pcap, transfer that and then open that in Wireshark. Note that modern Windows has a OpenSSH client and server available so getting files around via scp is a doddle. Windows can even do NFS too and there is of course Samba - but CIFS/SMB can be tricksy.

Errm, Wireshark. Please bear with me.

Wireshark is a shining example of an open source project completely and utterly crapping on the closed source competition. As a result we all benefit. I recall spending a lot of someone else's money on buying a sort of ruggedized laptop with two ethernet ports to do the job back in the day.

Nowdays, I can run up a tcpdump session on a firewall remotely with some carefully chosen timings and filters and download it to my PC and analyse it with Wireshark.

OK, all so convenient but is it any use?

Say you have a VoIP issue of some sort. The PCAP from tcpdump that you pass to Wireshark can analyse it to the nth degree. Wireshark knows all about SIP and RTP (and IAX) and you can even play back the voice streams or have them graphed so you can see what is wrong or whatever. That's just VoIP, it has loads of other dissectors and decorators built in.

So what?

The UK (for example) will be dispensing with boring old, but reliable, POTS (Plain Old Telephony System) by 2025. Our entire copper telephony and things like RedCare (defunct soon) will go away.

We are swapping out circuit switching for packet switching. To be fair, a lot of the backend is already TCP/UDP/IP that is shielded away from us proles. When SoGEA (Single Order Generic Ethernet Access) really kicks in then the old school electric end to end connection will be lost in favour of packet switching, which never fails (honest guv).

If you are an IT bod of any sort, you really should be conversant with Wireshark.

A quick search comes up with "Phone Link" which only seems to work with Windows on the "PC" end, whereas KDE Connect will work everywhere that KDE works, which includes Windows.

https://www.microsoft.com/en-in/windows/sync-across-your-devices

It really isn't the same as Konnect which is a bloody marvel! I've used it for years.

9th Jan ...

"A hell of an improvement especially for the AMD EPYC servers"

Look closely at the stats in the headers of those three tables of test results. The NICs have different line speeds and the L3 cache sizes are different too. IPv4 and 6 for one and only IPv6 for the other.

Not exactly like for like!

Mmm first releases! Working from home, its nearly close of play. I know ... I'll update my work laptop.

OK I now have LXDE for a fall back WM so I can read stuff rather more easily than using links in a TTY and switched out SDDM for LightDM - I needed sddm-git to get LXDE to start up. SDDM now simply crashes and dumps core - no idea why. Oh and I have switched to Wayland because X11 no longer works for me. I might put off updating the wife's laptop for a while, at least until I've done my work desktop 8)

I must say its all rather pretty and smooth. Scrolling now has drag and acceleration, which is nice. I'm sure I'll get KRDC to talk to the sodding wallet so my 100s of RDP connections will work again. For now I'll call xfreerdp from the konsole. Perhaps I'll get around to configuring KeePassXC and get around to using that instead. I share several rather large .kdbx with the rest of the firm.

atop and htop and glances and several others 8)

Mint is lovely, as are all other Linux distros. However, if you want the latest stuff without going off piste and compiling it yourself, then a rolling, bleeding edge distro might appeal to you. You do mention that you have prior Linux experience.

I own a UK based IT company (as you do) with two other partners (I'm MD and not a doctor) and a slack handful of (lovely - obvs) employees. I personally like Arch on my gear. I used to sport Gentoo but my nadgers complained about being overheated too often. I still have a fair few Gentoo VMs lying around the place.

You might like to try a https://manjaro.org/ effort - I prefer the Plasma desktop spin (KDE). That's Arch with a few more GUIs. Their Konsole is quite something with zsh and a very stylish prompt.

So far I have managed to get Linux to work on everything I have access to which is rather a lot of hardware. Back in the day wifi was a bit wanky and there was ndiswrapper but nowadays I generally find that laptops from HPE and Dell are just as well supported with Linux as Windows, often better.

I finally ditched Windows on my stuff at Windows 7 - that was my wife's laptop - a GPU update screwed up and that was the final straw. She has been an Arch user for a good seven years and could not give a shit about what is running on her laptop, provided it works and does stuff.

It's been around for a very long time. It used to be Gentoo based.

The logical replacement for Ubuntu is probably Debian. I have quite a lot of Ubuntu servers at work. I am quite seriously considering going upstream. I do like the LTS to LTS promise and that fits well for my customers who like to see enterprisey features without going RedHat or Oracle. You may not have had to deal with "enterprise grade" stuff which loosely translates to bloody expensive and often horrible.

I'm an Arch fan too - actually I'm a Linux fan. I used to do Gentoo (10+ years) but I got tired of my lap overheating. Before that Slackware, Mandrake (Mandriva), RH, Yggdrassil oh and a fair bit of SuSE, not to mention everything Novell did since NetWare 3.1. Whoops, sorry, mind wandering 8)

Wayland and Pipewire will probably do everything eventually but for now, you have functionality gaps. Pipewire is quite amazing and being developed at nearly indecent haste. It might be worth diving in to their community. At worst you will find a lot of like minded people to you.

Use whatever you are comfortable with and works for you. At the moment it sounds like Windows might be the path of least resistance. Fine, go with that.

For me, I finally ditched Windows altogether around 15 years ago. Well, I say ditched - my customers and staff ... haven't.

The list of stuff you have problems with might be tricky on Linux simply because the vendors of music gear are unlikely to give a shit. Nvidia should be fine. I have a VMware VM at home which runs Zoneminder on Ubuntu, with a passed through Nvidia GPU. Surely it should be easier on physical hardware. I wrote this: https://wiki.zoneminder.com/GPU_passthrough_in_VMWare

You mention gaming so you'll probably not be bothered with CUDA. You'll need https://wiki.archlinux.org/title/NVIDIA If that doesn't do it for you, hit the Arch forums ...

The forums can be a bit intimidating but if you keep your query concise and show some evidence of effort, someone will probably get you over the line.

Nextcloud is simply software that runs on something. You might use DNS to find the something that your Nextcloud runs on ... or not. A domain can cost as little as say £10/year (no details given - loose costing provided!) but you say you don't want one.

You could do some weird stuff involving something like this: Your clients update a database on the server with their current IP address(es) and the server reciprocates in kind regularly.

For an internets conversation, both sides need to know IP address, protocol, and optionally port; for both ends. For example, a webby conversation might involve:

My end: 192.168.100.20/24, tcp port 2399 -> NAT -> 33.22.4.66, tcp port 2245 Remote web server: 99.22.33.44/37, tcp port 443

Now, provided both sides are warned off about changes to addresses and port numbers on a regular basis, then comms will still work.

Say, your home external IP address changes, then your browser writes that new address to the remote server and comms continue. Provided one end knows all the details of the other end at any point in time and can communicate local changes then we are good.

000000000000000000000000000000000000000000000000000000000000000000

Maybe not. Lookup: Dynamic DNS.

My phone is on 23. Nextcloud is on 27.

I'm Arch and so is my wife (actually) and it doesn't have a version. We just roll ... and today my dongled, wireless mouse has stopped moving. The buttons still work and my laptop touchpad works fine.

wtf!

I use Linux (Arch actually) as my daily driver - I'm the MD of a small IT business in the UK. I have at least one employee who is asking me to create a Linux standard deployment to replace Windows because they don't like it anymore - W11 is quite divisive.

For a corp laptop/desktop you might need Exchange email - so that might be Evolution with EWS. You'll want "drive letters" - Samba, Winbind and perhaps autofs. You'll need an office suite - Libre Office works fine. There's this too: https://cid-doc.github.io/ for more MS integration - if that's your bag.

I often see people getting whizzed up about whether LO can compete with MSO. I wrote a finite (yes, finite) capacity scheduler for a factory in MS Excel, back in 1995/6 - it involved a lot of VBA and a mass of checksums etc. I used to teach word processing and DTP (Quark, Word, Ventura and others). LO cuts it. It gets on my nerves when I'm told that LO isn't capable by someone who is incapable of fixing a widow or orphan or for whom leading and kerning are incomprehensible.

If you have an old laptop or PC why not give it a go? You could start here: https://www.linuxmint.com/ Another option is to install something like Virtual Box on your existing machine and try out running it as a virtual machine or two. 2 CPUs, 4GB of RAM and 20GB of virty disc will work for any Linux distro as a VM to start off with. There's also VMware Workstation - there's a free version. Do discover the joy of snapshots/checkpoints which allow you to roll back failed changes!

25 years ago the options were rather more limited. I started off dual booting Windows and Linux but I don't really recommend that these days, unless you want to run a gaming rig with both. Few people can afford two lots of top end hardware! I left Windows behind completely around 2004 or 5.