Kid_Thunder

I disagree about ClamAV in-so-far as its vanilla virus signature database. You really should use some third party ones though you have to be careful since some like specifically malware patrol are way too general. For example, malware patrol will identify any document mentioning any drive.google.com URL a virus.

In regards to MP, I actually submitted the offending signature to MP support and the CSR told said and I quote “Unfortunately that is not a false positive, there is confirmed malware hosted at drive.google.com.” It caught my attention because a bunch of READMEs from some github projects and some HTML files ended up in the quarantine. I asked if future signatures would include this general URL since I’m going to blacklist this specific signature and was told basically ‘yes, probably’.

I do recommend third parties though and most are free for personal use. Some require a key and therefore some sort of sign up but it isn’t terrible except perhaps in regards to where I’m posting, some would consider it so.

For Windows you can use KDE Connect (and also MacOS) or Microsoft Phone.

For Linux Mint there’s KDE Connect or GSConnect (GNOME Extension) though I don’t use GNOME often, I remember liking KDE Connect better still.

The SSH keys don’t help me if I get locked out of a Domain Controller unless you’re using OpenSSH (which is now a native feature you can turn on). In that case you can actually still log into the DC via command line because it authenticates based on authorized_keys and not the LDAP of the DC. I actually do this on the enterprise, not because I may get locked out but because it is just convenient. Granted you’ll have to execute powershell on the command line once in to use the AD cmdlets.

On the other hand when you create a DC now-a-days (Server 2019…I don’t remember if this is asked in the wizard when in Server 2016) you can create a “Directory Services Restore Mode” password which is basically a local admin account on the DC that you can log into only when the DC is booted into safe mode. You’ll be asked to create it when you promote your DC.

Personally I use FreeIPA for my LDAP. I like that I can create sudoers rules from one centralized place and manage ssh keys across all clients. Granted I could just use Ansible I suppose, which is how I update multiple distributions in my network and online but I like that I can just change SSH keys and sudoers from one place easily instead of changing tasks/roles. I also usually run cockpit even on my non-Red Hat distros with SSH keys just so I don’t have to log into everything though it is somewhat limited outside of the Red Hat sphere.

If you don’t want to use ProxMox or some other specialized HyperVisor ecosystem, you can also use Cockpit to manager your VMs along with your Pods. I wish there’d be more attention to it for features because it feels like it could do a lot more.

I also don’t really worry about locking myself out for two reasons:

1. I use SSH keys.

2. I also have a break-glass local account on every system…with SSH keys. If its on your local network, you can use VNC/VM console/Remote Desktop with a local account while only allowing SSH with keys if you’d like. Just make sure if you’re going to allow remote access outside of your network that you never forward the VNC/RDP ports. For SSH when I do this I always pick some random port – never default and never common ones like 2222 to at least keep my logs less noisy from the botnet auto attacks.

For my online VPS’ I use a firewall with geoIP from Maxmind and drop all ports but 443 from the world, except for whatever country I’m in. I drop all packets from certain countries that seem to auto-attack more often than others. I try to drop packets from all known (to me) Shodan scanners. If I’m not traveling I just restrict all other ports to my public IP’s subnet though my IP hasn’t changed for years. For status checking services like StatusCake, I use the “push” method instead using a simple cron job with curl instead of relying on servers around the world checking my ports. In this case, the services just check that my server has successfully hit them within X minutes to be “up”.

Why is the guy smiling while the teddy bear/fox/cat thing is eating his fingers?

LibreOffice is compatible with Microsoft’s OOXML spec. They sold every suite on it in the nearly 20 years ago to stop fines from the EU. They sold competing suites on it instead of using anything else available.

Microsoft however never actually fully supported their own spec and will save as “OOXML Transition” or whatever they call it now because they’ve been in ‘transition’ for nearly 20 years but still have proprietary blobs inside of it. You can however make MS Office save in OOXML Strict which is supposed to be compliant to the now ISO spec that LibreOffice actually supports.

This isn’t LibreOffice’s fault.

I just want to say that the screen call function is so good that I don’t think I’ll buy another phone without that feature if at all possible. Also creating the automatic menu for calling some customer service numbers is fantastic too.

The free solution I was referring to was my comment about using ControlD, which certainly offers a free service…which is the comment that the other person was responding to.

I run pihole and my wireguard VPN server locks all queries through it, which in turn uses unbound and queries via different providers like Cisco’s OpenDNS, Cloudflare and Quad9. However, I wanted to present a similar offering that also has a free-tier without a query cap for people interested.

NextDNS caps your queries per month on the free account. ControlD doesn’t and you can pick a various mix of their public DNS resolvers. You don’t necessarily get the granular control with doing it this way for free that you can get with NextDNS though.

If you do check out these, make sure you click the Secure Resolvers if you’d prefer for DLS/DOQ/DNS over HTTPS instead of Legacy.

How does that work if you save the docx in OOXML Strict instead of OOXML Transient? I’m not sure about the current 365 rollout but OOXML was developed by MS due to the EU nearly 20 years ago to support interoperability but their default saving format was always OOXML Transient which is OOXML + MS Proprietary format. OOXML Strict should be an option and save the docx in OOXML only format.

OpenOffice has been essentially a dead project for a long, long, long time. LibreOffice is its successor.

Pretty much sounds exactly like I was thinking of doing for the DIY. miniATX/ATX for all the expansion potential + SATA ports + large case to handle it + a CPU with 6 to 8 cores at least. Case would probably be a rack form factor but it doesn’t really matter. Probably 32 GB of RAM + a Quadro GPU/Some cheap AMD GPU or something cheapish like that strictly for encoding + Proxmox + TrueNAS or perhaps just unraid. Probably no desktop environments unless something really needs it for some reason. Not sure if I’ll go with a motherboard with an ILO/IPMI with its own NIC + vlan or not.

I was going to mix SSD/NVME for performance (if I mix these two, it’d be two separate performance tiers) and HDDs for capacity. Probably two 1+ Gbps NICs bonded and maybe a LACP port channel down the line. VPN with killswitch of course.

I could def. go cheaper on the hardware if I just wanted to use docker/podman mostly but I want VMs too. I’ll probably manage updates and backups of what I really care about off network via ansible + rclone + restic repos. I might would use zram + lz4 for most of my VMs because why not.

I appreciate the advice! I am thinking of Synology or perhaps DIY with either TrueNAS (Scale likely) or Unraid. Synology would be cheap, small, easy on power and thermals too though and I’ve been looking at the latest and previous gen DS2XX lines.

Also I appreciate the Jellyfin mention. I’ve been using Plex so long and was thinking about something else like Jellyfin especially but I’ve never worked with it before.

This and the rising costs plus adding ads to ‘basic’ tiers and attempting to create limitations (resolutions, “screens”, offline downloads) is what might push me to build a nice, large NAS. We don’t want Cable again.

No Home Depot or similar near you? You could have got same day service.

You set your brush type in ASCII/ANSI characters, set your size and color and then you paint using something like PabloDraw.

Think of opening something like paint, selecting the brush tool and a color and then painting shapes. Well, they do the same but instead of a solid or gradient brush color, the do the same except the brush uses character sets that you can select.