Best posts made by matteo nunziati

@scottalanmiller , all

hello.

I'm an almost 40 yo guy from Italy. Had a career as machine vision consultant, then I've started to work for a SMB (50 people including warehouse) in the glass market.

It's 1 year since I've started the job. In theory the tech office of the company asked for a coder, but it emerged out that they have no IT staff, no IT at all (but a xeon ws running as a server) and I've started scratching my head in order to remove the huge chaos in the company.

Basic knowledge on linux and kvm, mostly a coder in Python and C++. Always struggling with the "IT-is-just-a-cost" and "do-it-ourselves-will-cost-less" mood in a 13.000.000 € revenue company.

Recently I've started reading spiceworks, where I've met some of the guys who also post here (notably SAM). Then started looking at some posts here too!

UPDATE
After the miserable MOBO failure, I've reinstalled the system again, but, this time, the "install windows as usual" didn't work anymore. This is a symptom that somwthin was "strange" with first run. Anyway there is an hardcore a-la-slackware-linux solution for installation. I've updated the how-to accordingly.

premise

ok, yes, it's a microSD I know...
anyway this is the how-to for anyone in need.
I've wasted something like 2 days to figure out how to do this, despite being this a supported and certified solution. HP support has been partially useful. Infact Intelligent Provisioning (automatic provisioning for a given OS) is broken.

preparation

• remove all of your disks, if you have disks into the arrays you will not be able to install on the microsd <- yay! this is 2017 and still we play these games
• enter bios settings and be sure that USB3 is disable (you can reenable later) and VID is enabled
• make a handy hyper-v bootable usb or you will be out of luck

VID is the "virtual installation disk" and contains all the drivers required for the dl380.

installation

• enter the bios one-time boot menu end select to boot from the USB pen
• when the windows setup appears, choose the little link on the lower-left corner: "repair pc", then enter toolboxes and run a DOS command shell
• use diskpart to setup partitions on the microSD: verify which disk is your microSD, I consider it here as disk 0

diskpart
list disk 
select disk 0
clean <- this erases the disk!!!
convert gpt
create partition efi size=100
format quick fs=fat32 label="System"
assign letter="S"
create partition msr size=16
create partition primary 
format quick fs=ntfs label="Windows"
assign letter="W"
exit

• from command line:

powercfg /s 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c
dism /Apply-Image /ImageFile:D:\install.wim /Index:1 /ApplyDir:W:\ <- MIND that D: is your USB pen letter, adjust accordingly

• wait for the extraction of the entire OS on the microSD, then

bcdboot W:\Windows /s S:

• reboot, automatic, several times, just remove the USB and let the server start the normal way.

windows will boot and ask for an admin password. mind that this installation is not localized: just use letters and numbers you are able to recognize once you will adjust your localization.

final thoughts
It is damned simple straightforward, when you have discovered:

• the right combination of bios settings which correctly allows you to install
• you have understood that Intelligent Provisioning, the HP tool for setting up bios for you, is broken, will create an unbootable NTFS efi partition and will broken your USB media.

hope this will save time to someone else!

bye,
M

PS: used guides: partitioning, installation

ok, not involved with buffalo, just a customer of theirs. but this is my story.

a couple of years ago I wasn't aware of Buffalo as a NAS vendor. I've found their appliances in the current company.
Today , back from my citrix event I've received a mail from the NAS daily check: SMART has detected "6 bad sectors" in one of the 4 3TB disks. <- they sell populated units in Italy.

Now the NAS is still covered by the default 3-year warranty, so I've called the tech support. Yes, I'm in Italy and they provide phone support localized in my language in the 9x5 timeframe. This is great, ok, but what about L1 support... everyone knows it: "hey did you check the power plug? oh, it is plugged...err.. sorry I've to ask L2 for this."

No! As with other enterprise grade companies, Buffalo L1 is really skilled people, I've asked them for other issues and always L1 solved them, being them replica issues, firmware issues etc...

OK, back in topic. I call them...
me: my daily SMART check mailed me about 6 bad sectors in 1 of the 4 disks: disk is still working and raid is not degraded but I would like to have a feedback (I actually wanted them to replace the drive).

buffalo: please give me your S/N... ok you buyed a populated NAS and it is still under warranty period. I suggest to replace the drive ASAP before it will deteriorate. Please, send back the info I will ask you by e-mail and we will send a new HDD in 24 hours. you have 15 days to return the broken one.

Honestly, I'm not aware of a vendor in the SMB/ROBO/SOHO italian market, which:

• covers every NAS with a 3+2 year warranty
• sells you populated units covering HDD damages
• has a support center close to you, in your country, givin 9x5 support to both resellers and end users
• provides 24h replacement at vendor expense (including the returned unit)
• does this even for small 2-bay units!

they HW is not so great and the SW quite old and clumsy, but this kind of support/service is great for vendor standards in my country and always lets me think about buying a new one.

well... at least when you can't afford a SAM-SD of course

LATEST NEWS:

yesterday, after a number of tests VM did freeze at reboot command rather than shutdown. As a last resort I've chosen to format SD/rest bios and restart from scratch.

My installation procedure did not work anymore... hell 2 times was right the third has failed...

called HPE this morning, they have asked me to do some tests via Intelligent Provisioning. IP. chrashed with missing linux kernel file (IP is based on linux)

they will start mobo substitution procedures tomorrow morning.

F*#@ wasted 15 days.

15 D.A.Y.S.

ever seen a failing server MOBO? I've. And I've provisioned just 3 servers in my life!

and after a lot of episodes, I've fixed the thing.

please let me state this again: I HAVE.

I.

Not the HPE support, not the reseller tech support.

I HAVE.

I = An almost idiot ex-embedded sw developer illogically cast into the sysadmin role of a non-sense company!

TL; DR:
there was a mismatch between OS version, bios version, controllers firmware version, controller drivers version. Selecting the right combination has (apprarently) fixed the issue!

how storage controllers affect reboot signals is still a mistery... but actually all was related to the smart paging I mentioned before. Moving it from the default location caused all the issues.
I have discovered the "bug" recreating a new vm with copy-pasted hdd but with hypervisor defaults... 2 twins VM one running one not... only difference: location of the smart paging file. XD

@oksana you should mention here that this is in violation of MS eula

It depends on what you want: virt-manager is considered the de-facto standard with few servers and VMs. Windows support is a mess in my experience. My workstation is a win10 machine with a linux VM constantly spawned, as my company uses win10 everywhere but I need a lot of linux stuff. So, when I need to go back to VM admin I simply open virt-manager in the linux VM on my workstation <- hoestly I do this rarely as my machine are created and kept running all the time.

Another tool for lightweight admin, still a bit lacking in features, is webvirt manager. It is a web app that you can even virtualize on a KVM host, then, you can connect the webvirt VM to the host (a la XOA).

I've use it for a while at the beginning but then I've gone back to virt-manager.

Moving to a more complex setup you could mind about ovirt: it is an orchestrator a la vServer and it requires a lot of stuff installed on top of libvirt-kvm. So, unless you need something like a data-center pane, avoid it. It will requires a lot of resources and setup.

just for the curious, I'm trying to configure a couple of VM with ansible and salt just to compare them.
here is my diary with the gists.

notes:

• this is a work in progress
• this is really n00b stuff: I'm a coder not a sys admin
• I'm not the kind of man than reads the full doc and then start code with order <- I rather create a lot of chaos and then I reorder and formalize after docs
• the document is a sort of diary updated live in these days whenever I've time.

bye bye

Once up and running, Salt is really the winner to me, for a number of reasons:

• it can leverage full Jinjia2 templating straight inside state files (playbooks) letting you avoiding to split playbooks or add all of those ‘when’ directives all around;
• its file.managed state is a proper diff-patch automatic routine able to check for file state without you to be required to create patches or so like you have to with Ansible: it is just auto-magic;
• while distro specificities are always there Salt tends to abstract away as most as possible the underlying OS you are configuring, leading to certain reductions in number of lines/verbosity. It is just a bit more “dense”. While not incredibly more dense, it is still more compact;
• I’ve not dig this in depth, but Salt allows you to keep your config files in a git repo in the cloud (say github or bitbucket) and deploy them from here. I’m talking about config templates or so, like a crontab file etc... Again I’ve not tested this so I can not comment on it, but it is a really nice idea. Ansible can leverage git in a way or another, but has not builtin modules for file redistribution straight from git.

http://www.gsmarena.com/twitter_sues_the_us_department_of_homeland_security_for_trying_to_break_the_first_amendment-blog-24425.php

@stacksofplates said in Benefits of using open source GPL software:

@matteo-nunziati said in Benefits of using open source GPL software:

@stacksofplates said in Benefits of using open source GPL software:

@Dashrender said in Benefits of using open source GPL software:

@scottalanmiller said in Benefits of using open source GPL software:

@Dashrender said in Benefits of using open source GPL software:

@scottalanmiller said in Benefits of using open source GPL software:

@stacksofplates said in Benefits of using open source GPL software:

@Dashrender said in Benefits of using open source GPL software:

@scottalanmiller said in Benefits of using open source GPL software:

@Dashrender said in Benefits of using open source GPL software:

Other than being free to use, what value does this give the people using it?

Open source does NOT mean free to use. It means free to support, inspect and modify. Often it is free to use, but that is not implied by the term open source nor by the GPL license.

OH? the GPL license doesn't mean that anything licensed under GPL has to be given away free?

Source code, that's all. Not a fully built and functioning version.

And you only have to give away the source if someone gets the binary legitimately. If you use GPL software internally, you need never give even the source away.

This doesn't even make sense. Is it GPL if you use it internally? I suppose you could license it under GPL, but why would you bother?

Of course it is GPL if you use it internally. You bother so that you are ready to release. Or, 99.9999% of the time, you do it because you have no choice because you used GPL code.

again, doesn't matter if you don't release it, as you already said.

It does for GPL. If you used any other GPL code and modified it in any way, you are required to provide that to the upstream provider.

No you don't. You have to provide source only if you redistribute it. not if you use it. Also you can charge for source if you redistribute software. You cannot charge for the source if you sell appliances (HW) based on open source code.

Back to main OP questions, GPL/BSD and so are useful because:

• you get more support form community. something quite difficult with closed source . In the latter case it is mostly empirical evidence, with opensource you can look at the code. Alao you can still buy enterprise support with opensource.
• I've done it a lot of code inspection to help myself understand where I was wrong. Something I can't do when I stuck with closed source. Here I must buy support.
• opensource is really audited by a larger audience

Ah I thought it was even if you just modify it. How would your users use it without it being distributed though?

well I think it really boils down to what redistribution is. If you consider internal use, IMHO you do not redistribute (also souce is usually available inside the same company, at least at my scale). If you give to a third party, then yes you are redistributing.

BTW a remarcable example of user usage without redistribution is web apps: this is why FSF created the AGPL.

@lakshmana said in Centos Wifi Drivers not present Help Needed:

I have installed CentOS Linux 7 (Core). After installation the same Sony Laptop which is not detecting the Wifi Drivers. nm-ttols are already present in the machine but tried to check in Network connections in GUI but there is no option for Wifi. Anyone help me?

Generally speaking, use fast releasing distro for consumer hw. Maybe third party repos can help but you end up with a patchwork.

@jaredbusch repetedly done on VMs. I install trial and then add serial in this way.

@pete-s said in Ethernet link going down and then up after 3 seconds.:

@momurda said in Ethernet link going down and then up after 3 seconds.:

What services are on this?
What does the switch it is connected to tell you?

It's a file server. No disruption in service has been noticed.

The switch is one of the HP procurve smart-switches. Can't remember what model but it's gigabit. I don't know what kind of logging it has, if any.

In my experience spanning tree on managed switches can cause random "holes". If it is a procurve 2xxx or higher it should have a console with a log command. A handy one able to filter warnings and so.
Would be interesting to log into the switch and check the file server port.

@hobbit666 said in Why Are UTMs Not Recommended Generally:

I understand the no need for UTM to block stuff as most routers will do it. But what about things like content filtering? How do you block unwanted websites being accesed?

usually with proper VM acting as content filters/proxies

@JaredBusch said in How can I build this displaylink driver for fedora 29:

I have a standard Dell USB dock but want to use it with a Fedora 29 user.

https://github.com/displaylink-rpm/displaylink-rpm

That repo has a pull request in for the Fedora 29 updates, but I figured I could build it early for testing. Also I want to get more familiar with doing this on Linux in general.

I have no *devel bits installed on my system. Obviously, I can clone it down and run make, but I wonder if I need any other resources?

Inside the "ci" folder there is a script to let fedora downlad everything and compile via makefile

@ntoxicator I think he is grabbing a temp snapshot and then he tar.gz's the snap to the destination (e.g. an NFS mount). Then the snap is destroyed, otherwise you get worse and worse on performance.

My centos 7 machine has a number of cron.{daily,weekly,monthly} scheduled works.
by default crontab in Centos 7 is empty and cron jobs are executed by anacron according to its conf file.
This is ok for me, but one thing I'm missing is where the anacron definition of week/month is located.

I mean, e.g., that the weekly jobs are run on friday. This is ok for me but I've searched a bit around and I've not found any setting for move the weekly execution to -say- Sunday.

On debian like distros the setup is slightly differtent and you can easily adjust the execution day in crontab. Everyone is just saying: put your cron.weekly job in crontab even on centos and avoid anacron to run the job. But this is not the solution I'm searching for.

any hints?!

I've reversed the IP: yukinko.canonical.com.
I've accessed it via ftp on google chrome and everything seems in place. via ftp I'm also able to download the tar, here.
maybe they have fixed something in the while?

ok, I've pushed the configuration scripts for Salt on github. In the while here is my conclusion, after I've experimented a bit with both systems. Again: this is the newbie approach so keep it with a grain of... Salt(stack)

My conclusion here is that Ansible is more radicated and mature, but Salt is more powerful/easier to deal with when up and running. The issue is how to make it up and running:

• The first thing to consider as now is that Salt is less available than Ansible in distros’ packages. Moreover, being Ansible backed by Red Hat is possible that they will purge Salt as they done with Xen. This implies a bit of troubles as the recommended install ways of Salt either require you to stick with a vulnerable version or expose you to the fast pace of updates which - for security reasons - already have broken backward compatibility twice. Considering this, I’ve ended up with the salt-ssh approach, which resembles the Ansible one and involves just the control machine, avoiding risky version upgrades.
• Both systems don’t run on python3, with Ansible having an experimental mode enabled. This implies that even today you have to instrument Ubuntu distros (as in a near future Debian too) with a python-minimal package which is able to deal with Salt/Ansible.
• Salt doesn’t work well with sudo. It requires that the user has NOPASSWD rights for sudo. This basically kills usage on any Ubuntu like distro. The solution is to manually add a special locked user with NOPASSWD rights in sudoers. In fact, giving the standard user NOPASSWD is close to security suicide.
• Considering this, instrumentation is a bit more of a trouble in Salt: while Ansible can check with pure shell commands for its platform requirements (and install them), you have to force salt to install those items from a salt-ssh cmd line. It can’t create a state file for instrumentation in the likes of ansible “instrumentation” playbooks.
• This implies that rebuilding an infrastructure is not a one line away with Salt as it is with Ansible, first you need to instrument with salt-ssh, then run environments (cascade of playbooks in Ansible terms). As a side note ansible requires libselinux-python as additional dependency in CentOS 7, while Salt doesn’t.
• Basically this means that Salt instrumentation is more cumbersome: while ansible requires you to export your keys and set up the hosts file (Roster in Salt), here you also have to create the user and then manually issue a salt-ssh command system wide, without any target filtering, as you cannot know if you send an apt-get command for instrumentation even to CentOS machines. Really a bad hack, maybe due to my noobness.
• The relevant thing here is: how can massively create this user from a plain VM not customized at installation time and deployed on N VMs (with N possibly really big)? Maybe a datacenter can customize an iso, but a small company like mine is best server by Ansible like solutions, especially in disaster recovery scenarios, where you have to think fast at a lot of things.
• Another thing to mind of is that issuing raw shell commands is neither well suited for error catching nor for input security, but, in the end of the day it can save your day, as it fits well the role of fallback. While this is not possible before instrumentation with Salt, both systems can do this once up and running, allowing you to fill possible features holes in the functions (somethin glike systemd modules not already in place).

@Tim_G it is a standard file server vs a nas appliance thing

So last december my company signed for a new ERP, so they wanted to buy a package generically described as "integration between VoIP phones and PC to get business info about the incoming call".

So I pointed out that, hell, we do NOT have VoIP in the company, how do you think to deal with this?
Answer: Let's see at the right time. (hint: that was the right time)

fast-forward, today I've discovered that:

• the packege is instead a fully asterisk based custom PBX (namely an ESXI VA, hey we have just picked hyper-v, yuppy!)
• we have our own non VoIP analog (mostly UTP) phone system and PBX
• the two are of course in conflict and... the VoIP needs specific certified phone brands/models
• no, we do not have POE switches

me: "hey we do not need another PBX what do you want to do?"
answer: "let ditch current supplier and the whole equippement, including phones installed 6 month ago, and move to the new PBX, buy all the new phones make new cabling/switching, let the ERP provider manage our PBX"

h.o.l.y.s.h.i.t

now the "cool-let-see-who-is-at-the-phone" feature is required by more or less 15 people into a 50 people company. Here around 40 between DECT and analog phones are deployed. also some phones runs over phone wiring not UTP.

to me this is an overkill solution in search of a problem.

my questions.

is there a way to let our PBX silently pass external calls to the new VoIP PBX and let this manage the internal lines dedicated to customer care?

is also possible to keep those lines able to forward the calls to other internal phones? Is this going to kill my dog?

we have an optic fiber connection which is then split into the rj45 data line (plug into the firewall), the rj45 fax line wiich is managed by a black box (to me) and provides 3 analog fax lines (on copper couples), the rj45 phone line which is managed by another black box and provides 4 UTP analog lines, those enter the PBX.

how the hell a virtual PBX fits in this!?!?!?!?! where do I put the plug? and which plug?

I would not throw away the entire stack and a trusted supplier just because the ERP feature is cool. Also I do not want an ERP provider to manage my lines...

any suggestion?! (no, job shift is planned for 2018).

+1 for tar.bz2, you can encrypt it if you want.

I own a redmi 4 by xiaomi. Buyed the global version from local import shop. Glass is really sensitive. Anything else in 1.5 month of usage is on par with any other more expensive phone. A collegue of mine has the mi 5. Really good too.

Just need few months to get the official global rom out and you can buy it in Europe.

waiting for my daughter to fall WELL asleep in my bed, so that I can move her to her bed and finally put myself in my bed.
it's midnight here. really tough night this night.

@gjacobse the main window shows >40gib free. My bet is the logic under it stops at the first free partition of 1MB.

ok, so according to the presentation a netscaler is:

• a load balancer
• a reverse proxy
• a SSO gateway
• a (W)AF (web application firewall)

now first two points can be obtained by haproxy/ngnix

point 3 can be obtained -just googled- for web apps by naxsi + nginx or modsec + nginx/apache.

also point 3 for non web apps can maybe obtained via these softwares (wiki)

I miss point 2 an - with a bit of effort - I have my free open netscaler

trying to wake up after a drive to my work place: yeah I drive in sort of mesmerized state.

My long term plans:

• coffee
• meeting with a local telco company (boss's friend have to...)
• cleanup the "entropy" of my office to make room for the marketing girl/lady (don't even know her)
• maybe got auth to test and order an ubiquiti AP, so let see if the day has a fun part

My short term plans:

• coffee

@fuznutz04 said in What Are You Drinking:

Dihydrogen Monoxide mixed in both liquid & solid forms.

http://www.dhmo.org/facts.html

I was not aware of this thing! I'm impressed, especially considering its involvement with younger people.
Is this localized in USA or is this already spread worldwide?!

...just informed my wife: I'm concerned about my daughter, which can be exposed to this at school when we can't control it!

help me spread this on social media, pls!