jmp242

joined 2 years ago
sorted by: new top controversial old
1
Recovery of a VM DC (sopuli.xyz)
 

So, I have a VM DC that I had to restore from a month ago. I had other DCs that were physical and up. My understanding that if sub 60 days "off" it is fine to basically "power back on" the snapshot. However, now the "restored" DC has disabled replication in both directions. Should I manually enable inbound replication first and then after a while enable outbound replication?

Or a better fix method?

1
Compromised Microsoft Key: More Impactful Than We Thought | Wiz Blog (www.wiz.io)
 

This really doesn't make me love cloud identity management. It's exactly the scenario (kind of nightmare one) where you attack the cloud infrastructure and get access to many different customers and apps... potentially in a way completely undetectable by you. At least with local identity providers they have to compromise you, and you might have logs.

1
Oracle and SuSE responds to IBM (www.oracle.com)
 

Kind of finally. SuSE https://www.suse.com/news/SUSE-Preserves-Choice-in-Enterprise-Linux/

So... I think this is kind of the worst case scenario re SuSE - an actual fork. But Oracle kind of hints at that, and Amazon already dropped a RHEL compatible AWS Linux for sort of a Fedora Server?

Obviously none of this is great, but would anyone really want Oracle leading a RHEL "close as possible" rebuild? I don't know anyone is going to downstream them.

SuSE is even weirder, as I understand it, SLE/OpenSuSE is a fork from decades ago, or at least also uses RPM? I can't imagine they get any value from trying to make a RHEL fork really... Why not push SLE? All very confusing, that's for sure.

1
MOSH - security? (sopuli.xyz)
 

How do people here feel about mosh to the wide internet? We provide SSH, and use both normal secure passwords and duo for all logins. We've had a few more inquiries about using mosh recently, and looking at it, the big concerns I'd have are potentially the firewall rules (is it outgoing or incoming high port?) and the long lasting authentication across IPs and network connections. On unmanaged collaborator or partner devices this seems like a kind of hole if the device is compromised or stolen, where the session can live for "a long time".

However, I tend to believe them that their AES session keys make it pretty unlikely to be hijacked just over the net. Is there any consensus?