​:heart_trans:​ Request for IT assistance ​:heart_trans:​

Hi friends! Our SysAdmins are still blocked by a network issue that prevents our migration to the new servers. We are running out of ideas and would appreciate any possible support. If you have or know someone who has experience with IPv6 networks, then please contact me or another member of our staff. We would earnestly appreciate any help or advice!

The problem, as I understand it, is that traffic fails to pass through our OPNSense firewall. We have a /48 block allocated on the WAN side, and want to expose a public IP from the LAN. See this reply for a longer description and some discussion.

Boosts appreciated! 💙
CC: @Amelia and @puppygirlhornypost

#FediAdmin #FediAdmins #AdminSupport #SysAdmin #NetworkAdmin #IT

shalien, avatar

@fEmber @Amelia @puppygirlhornypost
Sound like either a RA issue or a misconfigured rule in opensense.

DeltaLima, German avatar

"Enterprise software" ist auch nur ein Synonym für "Zeitverschwendung durch Lizenzprobleme"

#sysadminlife #sysadmin #fckatlsn

2ndStar, avatar

@DeltaLima Bestimmt nicht 😅👍

stefano, avatar

Interesting tool to check your own e-mail server:

#EMailHosting #SysAdmin #EMailTools

SadKitten, French avatar

Demande d'utilisateur récente : avoir un répondeur d'absence sur son mail qui envoie une réponse auto à tous les mails
Réponse des admins : non
Pourquoi on a dit non à votre avis ? #sysadmin #xp #vieille

R1Rail, avatar

@SadKitten @bortzmeyer le standard est de ne pas répondre plus d'une fois par semaine à la même adresse, ça coupe les ping pong

ciredutempsEsme, avatar

@SadKitten parce que y'a pas assez de place sur les serveurs ?

bortzmeyer, French avatar

(19/35) Upgrading xz-libs (5.6.1-r1 -> 5.6.1-r2)

#Alpine #sysAdmin

bortzmeyer, avatar

Thinking of all the Docker images based on Alpine which will never be upgraded against the xz issue...

mherrb, avatar

@bortzmeyer sshd is not linked against liblzma on Alpine. Hence not vulnerable to CVE-2024-3094

goodthinking, avatar

…located and removed two instances of Diddy from conference room screensaver deck…


mwl, avatar

Vultr backed down, but so what? #sysadmin

Rights grabs are becoming more common, though. I believe that the only way to stop them is to stop doing business with any company that attempts one. Backing down from a rights grab is too late.

mwl, avatar

New blog post: #Vultr just betrayed us.

I've recommended them for years. Will be moving off immediately. #sysadmin

No, not a joke.

aral, avatar

@mwl wtf?!

ParadeGrotesque, avatar


Well, F***.

Sorry, that's the only thing that came to mind. Thank Cthulhu, I am not hosted with them.

SadKitten, French avatar

Qui déménage des serveurs demain et a un gros doute sur le format des prises électriques à l'arrivée ? C'est pas le voisin ...

Kahte, avatar

@SadKitten 🤞

hl, (edited ) avatar

Sigh. So copying and pasting commands from the internet doesn't solve my problem. This means I'm going to have to actually try and /understand/ what's wrong. I didn't sign up for this.

#projects #sysadmin #homelab

hl, avatar

@xdydx I'm trying to mount a Apple Airport Time capsule Samba share on #FreeBSD 14, and so far no luck. I'm lost somewhere between #samba versions, types of security and the fact that FreeBSD seems to have changed the way to deal with Samba shares over the years; and I think from various forum posts I'm getting the different methods confused.

zirias, avatar

@hl @xdydx #FreeBSD has only support for SMBv1, which you should absolutely avoid for security reasons, although you can probably configure #samba to still allow it ... but ... don't. Nowadays I'd prefer to say FreeBSD does not support mounting SMB shares.

There are some ports available implementing "modern" SMB (v2/v3) on top of #fuse, which might be an option, but in my experience, they're not perfectly reliable and performance isn't the greatest either.

If ever possible, work on the server side and see whether you can share via #NFS instead. Either #NFSv3 (which is only "secure" as long as your network is perfectly secure and you control all participating machines, but at least it doesn't pretend to do anything else), or #NFSv4 with #kerberos security.

mwl, avatar

Holy carp.

IANA might be moving on a TLD for internal use. It's only taken, what? Thirty years? That I, personally, have been following this? #sysadmin

mwl, avatar

@Doomed_Daniel @distractal

They could, but they won't.

You violated a standard that doesn't support what you need, and deserve to be punished. :flan_shrug:

Doomed_Daniel, avatar

@mwl @distractal
well, I linked a RFC there and it almost recommends using those TLDs, that's gotta count for something

matthew, avatar


Check to make sure your data backups are working as they should.

me, avatar

Current Twilio outage is completely goatfucking my ability to get work done. 2FA over SMS is garbage. #sysadmin

ai6yr, avatar

@me 👀

SadKitten, French avatar

Mais 🤬🤬🤬🤬🤬🤬🤬🤬 VMware 🤬🤬🤬🤬🤬 Broadcom 🤬🤬🤬🤬🤬 prix

Kahte, avatar

@SadKitten :blobcat_heartcat: Courage et des bisous 😘 😘 😘 😘

Catelli, avatar

Sometimes being a feels like you're trying to outrun an avalanche.

Yes, it's as exhausting as it sounds.

gnuplusmatt, avatar

What do fellow sysadmins do with regards to alert emails. Our system is let all the systems email the one address. It's hoped between the 3 senior admins we'll catch important stuff. But these days it's become very noisy and with staff shortages this week some issues have been over looked, causing a short outage.

Do you have elaborate email filters? Fancy triaging systems? Does every alert open a ticket?

#sysadmin #alerts #email #thesystemisdown #spidermanpointingmeme

simon, avatar

@gnuplusmatt send alerts to an alerts channel in slack instead. Aim for always green. If not immediately fixable, ack the alert in nagios and create a ticket. If not actionable,the thresholds are probably wrong

Catelli, avatar

Being a means always living a contradiction. For example, need to migrate a system from legacy unsupported to supported.

But the supported install does not support the latest server edition. Which means I am migrating from legacy to soon-to-be-legacy, because soon-to-be is the latest version.

Catelli, avatar

What do we gain by doing this? A very narrow window of being in compliance.

Is it worth it? Fuck if I know.

sysop408, avatar

There is no faster way to wake up on 4 hours of sleep than to wake up to server down messages. If you want an even bigger jolt of adrenaline, make it because the person you asked to fix a server config issue spent the entire time fixing SSL certificates because of course it's the SSL errors causing the server issues instead of the other way around. 🤦

I know you can't do everything yourself, but sometimes I wonder why I bother asking anyone to help. If I had just stayed up another couple of hours, I'd have fixed it and actually been able to get some good sleep. Ugh.

mvilain, avatar

@sysop408 I don't miss having a queue of people outside my cube when I get into the office [sigh]

torproject, avatar

🔍👩‍💻 Join our Sysadmin Team! 🔧🌐 Exciting opportunity to manage servers and contribute to the software you love! Know someone perfect for the role? 🤝 Share the link: #Sysadmin #JobOpportunity

sysop408, avatar

Anyone else out there getting the impression that bots have gotten a lot more aggressive lately?

A very unwelcome development I'm seeing is that they're adding pagination guesses so a bunch of them are just randomly seeing if appending ?page=15 gets them anywhere.

#sysadmin #Drupal

xdydx, avatar

That's been a thing in my logs for at least a decade...

sysop408, avatar

@xdydx yeah, I think you're right about that.

I'm just having one of those days when you're out of answers and everything looks like the root cause of your issues.

fatuus, French avatar

Dites, y'a des gens avec un profil 🖥️ 🔧 / 👾 ✍️ qui cherchent du boulot sur 🇱🇺 ?

Je connais plusieurs postes ouverts (yapa vraiment de job description) en interne, avec des jours par semaine sur place.

Si ça vous intéresse, envoyez moi des C.V. !

P.S.: C'est pas pour moi 🙂

apgarcia, avatar

Anyone using oVirt, or switching to it from VMware?

fedops, avatar

@Topslakr regarding the non-shared storage: what did you have to do to migrate the VM storage? Did virtsh/virtmanager handle that?

I have a NAS storage with plenty of disk space available and I'm thinking to go shared anyway since it would be more resilient against one of the hosts conking out.

Topslakr, avatar

@fedops @apgarcia Shared storage is what I would do too, given the option. But, if you’re running hyper-convereged, it’s nice to know it’s possible.

For Non-Shared storage - Yes. The tooling to migrate has an option to copy the storage. In virsh it’s ‘—copy-storage-all’.

Tested with virt-manager, cockpit-machines, and virsh without issues both shared and non.

I wouldn’t want to run VMs without ZFS, and am happily using ZFS Snaps being pulled to replica servers for offsite.

mwl, avatar

A net add of 300 words on today.

TLS in SMTP is wonky. How do you configure encryption when self-signed certificates are perfectly acceptable? The bar is super low here. TLS 1.0? Fine. :flan_yikes: :flan_on_fire:

dalias, avatar

@ljrk @viq @b0rk @mwl No, DANE handles all of this. All you have to do is configure the client to use it, and then sending to any site that publishes DANE is fully protected from downgrade/stripping/fake certs.

ljrk, avatar

@dalias @viq @b0rk @mwl Yup, that's what I meant, I just didn't remember the acronym

mwl, avatar

The most useful shell script I've found in 2024: a wrapper around date(1) that takes a date and time gives you the translation into other time zones you pick.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • sysadmin
  • kavyap
  • rosin
  • khanakhh
  • DreamBathrooms
  • osvaldo12
  • magazineikmin
  • Youngstown
  • slotface
  • InstantRegret
  • mdbf
  • thenastyranch
  • Leos
  • tacticalgear
  • Durango
  • HellsKitchen
  • everett
  • tester
  • ethstaker
  • cubers
  • GTA5RPClips
  • anitta
  • modclub
  • lostlight
  • normalnudes
  • cisconetworking
  • relationshipadvice
  • bokunoheroacademia
  • sketchdaily
  • All magazines