Some IT guy, IDK.

  • 0 Posts
  • 22 Comments
Joined 1 year ago
cake
Cake day: June 5th, 2023

help-circle
  • One thing that was recommended to me by someone a while ago, is that, unless you need it for something specific, mount your media in Plex as read only.

    Plex has functions where you can delete content from the library from their UI. If you need that for some reason, obviously don’t make it read only. If you’re hoarding the data, and therefore never delete it, or use an external system for deleting files, then RO all the way.

    The only caveat to this is if you’re using a local disk on the Plex system, which then shares out the drive/folder for adding new content, in which case, you’re screwed. It has to be rw so the OS can add/remove data.

    In my case, as I think may be common (or at least, not rare), my back end data for Plex Media is on a NAS, so it’s easy to simply have the system running Plex, mount that network share as RO, and you’re done. The data on the NAS can be accessed and managed by other systems RW, direct to the NAS.

    Since Plex is exposed to the internet, if anyone with sufficient rights is compromised, in theory, an attacker could delete the entire contents of your media folder with it. If you limit RW access to internal systems only, then that risk can be effectively mitigated.



  • APC makes low end offline UPS units, which are cheap garbage.

    They also make line interactive and online ups units, which are decidedly not completely garbage.

    I pick up line interactive APC units from used locations like eBay, and go buy off label replacement batteries. Haven’t had any problems with them so far.

    To date, over the last ~10 years of running a homelab, I have used mainly SMT 1500 units, one was a rack mount. I’ve recently upgraded to an SMX2000. I’ve replaced batteries, but never a UPS, and never any server components due to power issues. I’ve run servers ranging from a Dell PE 2950, to a full c6100 chassis, plus several networking devices, including firewalls, routers and PoE switches. Not a single power related issue with any of them.



  • You can do whatever you want. Don’t let anyone tell you it’s “wrong”. A big part of homelabbing is to try stuff. If it doesn’t work, that’s fine, you learned something, and that was the point.

    For me, I don’t see a UPS as essential. It’s generally a good idea, but not strictly essential. My servers are on 24/7, because I have services that do things overnight for me. I also know that some people access my lab when I’m not awake, so I just leave it on so it can be ready for anything at any time. It poses some unique challenges sometimes when running stuff that’s basically 24/7/365.

    Be safe, have fun, learn stuff.


  • I’m generally more of a Debian user, when I use Linux at least, so anything red hat based doesn’t even occur to me to recommend. I generally don’t get involved in distro discussions though.

    My main interaction with Linux is Ubuntu server, and that’s where my knowledge generally is. I can’t really fix issues in redhat, so if someone is using it, I’m mostly lost on how to fix it.

    There’s enough difference in how redhat works compared to Debian distributions that I would need to do a lot of work to understand what’s happening and fix any problems.


  • I dunno if I’d say any distro of Linux is really beginner friendly.

    It takes quite a bit of learning the ins and outs of operating systems before Linux makes sense in any capacity.

    If you’re just looking to run a few basic apps like discord/slack/teams/zoom, and run a browser, then sure, just about every distro can do that without trouble, and can be configured to be as “friendly” as Windows, with a few exceptions.

    But anybody who wants to do intermediate/advanced stuff with little to no prior Linux knowledge? I’m not sure any distro is much easier than others. Again, with a few exceptions.

    The exceptions are distros that are almost intentionally difficult to use, or that require a high level of competency with Linux before you can attempt to use it.

    There’s always a learning curve, that learning curve is pretty much always pretty steep.

    I’ve been using Linux for dedicated servers for a while and I don’t use Linux as a desktop environment, in no small part because despite having a fairly high level of competency with Linux, I don’t feel like I know enough to make Linux work for me instead of the other way around.


  • Yep, I’m sure they do.

    Realistically, does any average consumer know what’s on which circuit?

    Spanning the split phase will screw you up, across breakers won’t be fun but shouldn’t pose any serious problems, as long as it’s not in different sides of the split phase.

    I’m pretty sure they say this because actually explaining what will work and what won’t either requires significant prior knowledge of power systems, or a couple of paragraphs of explainers before you can get a rough picture of what the hell they’re driving at.

    Everyone I know who has used powerline, just plug it in and see if it works. Those who were lucky, say it’s great and works without issue, etc. Those who were not lucky say the opposite.

    I’m just over here watching the fireworks, eating popcorn.


  • I’ve been doing IT work for more than a decade, I was a nerd/“computer guy” well before that. I’ve had a focus on networking in the past 15-20 years. You learn a few things.

    I try to be humble and learn what I can where I can, I know that I definitely do not know everything about it, and at the same time I try to be generous and share what I’ve learned when I can.

    So if you have questions, just ask. I either already know, or I can at least point you in the right direction.


  • It definitely sounds like you have some challenges ahead. I personally prefer MoCA over wireless, simply because you can control what devices are able to be a part of the network, and reduce the overall interference from external sources and connections.

    With WiFi, being half duplex, only one station can transmit at a time (with come caveats). Whether that station is a part of your network, or it is simply operating on the same frequency/channel, doesn’t matter. So in high density environments, you can kind of get screwed by neighbors.

    MoCA is also half duplex (at least it was the last time I checked) so having a 2.5G MoCA link, to a 1GbE connection (on the ethernet side) should provide similar, or the same experience as pure ethernet (1G full duplex)… The “extra” bandwidth on the MoCA will allow for each station to send and receive at approximately 1Gbps without stepping on eachother so much that you have degraded performance.

    However, it really depends on your situation to say what should or shouldn’t be setup. I don’t know your bandwidth requirements, so I can’t really say. The nice thing about ethernet is that it on switched networks (which is what you’ll be using for gigabit), the. Ethernet kind of naturally defaults to the shortest path, unless you’re doing something foolish with it (like intentionally messing with STP to push traffic in a particular direction). The issue with that is that ethernet doesn’t really scale beyond a few thousand nodes. Not an issue for even a fairly large LAN, but that’s the reason we don’t use it for internet (wan side) traffic routing. But now I’m off topic.

    Given the naturally shortest-path behavior of ethernet, of you have a switch in your office and you only really use your NAS from your office PC, you’ll have a full speed experience. If nothing else needs high-speed access to the NAS, you’ll be fine.

    Apart from the NAS or any other LAN resources, the network should be sufficient to fully saturate your internet connection. So the average WiFi speeds should be targeted towards something faster than your internet link (again, half duplex factors in here). I don’t know your internet speed so I’m not going to even guess what the numbers should be, but I personally aim for double my internet speed for maximum throughput on my WiFi as much as I can. The closer you can get to doubling your internet speed here, the better. Anything more than that will likely be wasted.

    There’s a ton to say about WiFi and performance optimization, but I’ll leave it alone unless you ask about it further.

    Good luck.


  • MystikIncarnate@lemmy.catoSelfhosted@lemmy.worldNetworking Dilemma
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    1
    ·
    5 months ago

    It can be faster, it really depends on whether you have a clear-ish channel for the mesh, which is why I would recommend something on the higher end, hopefully with a dedicated radio for mesh, so it can be on a different channel with (hopefully) less interference.

    If the mesh radio is shared with client access, or if it’s on a busy channel, it may be much, much slower than some options.



  • Depending on where you live and what your power circuits look like (not the outlets, the circuits that power them), you may have a great, or very poor experience.

    I’d need to know what country you live in to know more, since power wiring standards vary from country to country. In the USA and Canada (I’m in Canada and the USA is the same), we use split phase and crossing the split phase will severely hinder the ability for powerline to perform.

    It’s a viable option, not my favorite option, I’d recommend MoCA (coax) over powerline, but it’s ultimately up to you.


  • IMO, powerline is going to depend on a lot of factors including what kind of power you use, which varies from country to country. Where I am in North America, we use 240v split phase, and the powerline adapters are 120v (half phase), so if one unit ends up on one side of the phase, and one ends up on the other side of the phase, you’re going to have a bad time, if it links at all… So knowing which “side” of the split phase your powerline is on becomes critical, which is not something most people know about their power situation. As a result, it’s basically a crap shoot whether it will work well or not.


  • I have three suggestions for you.

    Easy mode: find a triple radio mesh wifi system and get at least two nodes. Generally the LAN Jack on the satellite nodes will bridge to the LAN over WiFi. Just add a switch and use it normally. This will harm your overall speeds when connecting to the NAS from other wired LAN systems that are not on the same switch. I’m not sure if that’s important. As long as your internet speed is less than half of your WiFi speed, you shouldn’t really notice a difference.

    Medium mode: buy MoCA adapters and use coax. Just be sure to get relatively new ones. They’re generally all 1G minimum, but usually half duplex, so there’s still sacrifice there, but MoCA is generally better than WiFi. The pinch is making sure you stop the MoCA signal from exiting your premise. You don’t want to tap into someone else’s MoCA network, nor have them tap into yours. There are cable filters that will accomplish this, or you can air gap the coax. I’m not sure how much control you have for the ingress/egress of your coax lines. You can yolo it and just hope for the best, but I can’t recommend that.

    Hard mode: do ethernet anyways. Usually in rentals, nobody can complain with holes in the walls the size you would get from nails to hand pictures, not much larger than a picture hanging nail, is a cup hook. What I did at my old place, which was a rental, was to buy large cup hooks, and put them every ~18" down the hallway, and load it with ethernet cables. I used adhesive cable runners to go down walls near doors and ran the cables under doors to get from room to room. I got lucky that two adjacent rooms shared a phone jack and I replaced the faceplate with a quad port Keystone faceplate on each side. One Keystone was wired to the phone line to keep existing functionality, the rest were connected to eachother though the wall as ethernet, and I just patched one side to the other (on one side was the core switch for my network). That was my experience, obviously your experience will be different. I used white ethernet to try to blend it in with the ceiling/walls which were off-white. In my situation, I was on DSL and used the phone jack in one of the bedrooms for my internet connection, that bedroom was used as an office and it neighbored my bedroom where I used the jack to jack connections through the wall to feed my TV and other stuff in the bedroom. The ethernet on the cup hooks went from the office to the living room where I put a second access point (first ap was on the office) and TV and other stuff. Inbetween the bedrooms and the living room was the kitchen and the wet wall was basically RF blocking, so I needed an access point on either side, so one in the office near the bedroom and bathroom, and one in the living room, provided plenty of coverage for the ~900sqft apartment we were renting. Most everything was on wired ethernet, and the WiFi was used mainly by laptops and cellphones.

    I live by the philosophy of wired when you can, wireless when you have to. Mainly to save WiFi channels and bandwidth for devices that don’t have an easy alternative option like mobile phones and portable computers.

    I don’t think you’re in a bad spot OP, and any of these choices should be adequate for your needs, but that will vary depending on what speed internet you have, and how much speed you need for the LAN (to the NAS and between systems).

    Good luck.


  • Legally, it’s fully owned by the company.

    My current workplace uses mostly cloud desktops. Basically, even if you’re using a personal system, you install a remote desktop client software (it provides access to another system, it does not allow access to your system), which is used to connect to a server farm of virtual desktop servers. So the work desktop you use kind of overlays itself on your system. Your system is still there, humming away in the background, with it’s only task being to shuffle your input up to the cloud, and bring down the images of your cloud desktop and display them.

    There’s some other features, but that’s the core of it. We use a third party “remote monitoring and management” (RMM) tool to administrate company owned systems. You are perfectly capable of using the remote desktop client on a system that’s not company owned. I like this model, since you can minimize or close the remote desktop at any time, and since we (the IT team) have full access to the remote desktop server farm, we can connect to your remote desktop session and see what you see, but only what’s within the remote window. We can’t escape it to see your computer. So if you have a problem with your work stuff, we have access to that. If you have a problem with your personal computer, we need to use a one-time-use (or ad-hoc) remote connection software like LogMeIn or something similar (specifically the LMI rescue type feature set). Once we disconnect from your personal system after doing whatever troubleshooting you asked for, we lose access to that system.

    The programs change, but they do the same thing in concept. There are a number of company owned laptops and desktops we have our RMM tools on which allow us to dive into a system whenever we want.

    I run a homelab, personally, and when my workplace does not give me the necessary stuff to be productive from home, what I do is build a small virtual system on my home lab, which I remote into when I work (from my desktop), so I can maintain a work/personal division. It’s similar to the cloud system I’m doing at my current job, but the “remote” desktop is a VM on a server in my basement. Other times I’ve been given a laptop, and I’ll set it up in a corner and turn on its built in remote desktop service (to allow remote desktop connections into it), then use the same protocols to connect to my work laptop.

    When I’m done work, I just shut down the remote desktop connection and poof, back to my stuff on my PC.

    With my current job I went another way, I got a KVM switch, which allows me to switch between two physical computers at the push of a button. (KVM is keyboard/video/mouse) When I’m done work now, I push a button and my screens (I have several) and KB/mouse all switch back to my personal desktop. Same idea but different.

    I couldn’t imagine using my personal computer to do work stuff directly. That’s just not kosher in my mind. I have work’s RMM and tools all installed on the system I use for work, and my personal system is entirely free of such things.

    I also want to include a short story. Recently a client started a ticket about our company logo being on their personal computer. I grabbed that ticket up and immediately identified the system, and removed it from our system. I followed up with the user to verify that by removing it from our system, the icon disappeared (indicating our monitor agent was fully uninstalled), they confirmed, and I closed the ticket. I kept thinking it’s grossly inappropriate for our software to be on their personal system, and I wanted to get it fixed ASAP. Not everyone is the same, I’ve known users that want or e remote management tools on their personal systems. I don’t understand it, but I can’t tell them that it can’t be there either (the customer is always right, applies in this context).

    As I hope I’ve demonstrated, neither myself, nor anyone I work with, nor anyone I’ve worked with in the past, would ever take such an opportunity to snoop or spy on them, but I’d rather not have that liability hanging over my company. All it takes is for one person to have the software on there and accuse us of stealing their private data (say, leud pictures) and publically posting that information on the internet, and I’m sure the policy would change. Of course, we wouldn’t do that, but all it would take is the accusation.

    It’s a bad day for us when we see something we shouldn’t, especially if upon seeing it, we’re morally obligated to contact the authorities (in the case of illegal content such as child porn). If course, if something like that is observed by a tech, we must do something about it, but we don’t want to have to get involved in that sort of thing, so we’re pretty careful about it. To put it simply, we’re not looking for anything, and we don’t want to snoop through your stuff, because if we do and we find something we shouldn’t, there’s going to be hell to pay. Not only in the fact that now we need to report it to the police, but also that we need to be able to justify why we were able to see it in the first place. If we can’t justify why we were looking at the content, that’s probably grounds for termination and getting blacklisted from IT, even if it had a positive result (like a pedo being sent to jail).

    Bluntly, it’s not worth the risk, paperwork, or inevitable trouble that we’ll face if we do.

    Keeping a good separation between personal and work minimizes the risk of IT seeing something that shouldn’t, even if it’s not illegal/illicit. Even your personal financial information. I don’t want to know. I had a call recently with a user who couldn’t log into their bank, and through testing, I was on the lookout for errors while they logged in. As soon as login was successful and their accounts were up, I minimized my remote control so I didn’t see more than I absolutely had to, of their bank info. I got them into the accounts. I don’t care what the accounts are, or what is in them. It seems minor, but that is that users personal information which I do not need to know. I solved their login problem with the site, so I’m done.

    I probably have a hundred of other examples, even some where my co-workers had to contact authorities, I’m pretty sure… Every decent IT tech knows that this is a risk and we do what we can to avoid getting caught up in it. We don’t want to have to answer those questions.

    If you ever have IT connect to your computer and your background goes black, there’s a reason. At first it was bandwidth related, and we’ll still say that as the reason, but a large reason why we still do it, even into an age of high speed internet, is because a lot of people put pictures of their family, friends, sometimes even inappropriate content, as their desktop wallpaper. It’s hard to miss when it’s your wallpaper. So if it’s blacked out when we connect, that’s one less possible problem we have to deal with.

    I’ll stop, but if you have questions for a random internet IT guy, please feel free to ask.

    Take care.


  • There’s a lot of trust required in IT. You must be a trustworthy person. Being fired for a trust related reason is basically a death sentence for an IT career. That being said, none of the tools I typically work with will provide previews of a user’s screen, or such previews will be low enough resolution that reading what is on screen is basically impossible.

    When we connect to a system and get a full resolution image of what’s going on, pretty much always there’s some on screen indication of us being connected.

    IMO, this is how it should be.

    The only time I’ve actively tried to “spy” on a user’s activity, has been when requested to do so by a manager/owner, usually when pursuing an allegation of inappropriate use of a work computer. Even then it’s been very rare, and I can only recall one such instance of it happening at all.

    As an IT person, I will say, I could care less what you do with the equipment. I’m busy enough, I don’t need to fill my day with watching you do your job. Yes, we have tools which can allow us to eavesdrop on everything you do, I don’t touch them unless I absolutely must, usually only if I’ve been ordered to.

    Another poster pointed out that work resources do not belong to you and legally, they’re right. The system, including all data and work contained therein is legally the property of your employer. This includes your email and any correspondence, and anything else that work provides as a function of your employment. If you create an excel work sheet that does some data processing for you, or reformats information in a better way, during work hours, that sheet isn’t yours. The ownership of the sheet is your employer. Though you did the work in creating it, your employer owns it because they paid you for the time/effort to do so.

    Personally, I do whatever I can to avoid interacting with users unique files. I recently refused to work on someone’s personal iPhone because it contained personal data. Though their work email was probably present on the device, I didn’t want to touch it. I did however, provide instructions for them to do what they were asking themselves.

    When interacting with work-owned systems, I’ll modify the registry, and run command line commands without the users knowledge, in an effort to reduce the disruption to their workflow, while solving an issue. Generally this is when I have a request from that user, or the company, to get something done, such as install a piece of software. You’ll be working away and poof, new software appears.

    Anyone in IT unnecessarily snooping in on your files, can be fired with cause, ruining their career, if they’re caught.

    We have access to everything, and I mean everything, in an organization. Your email, files, databases, software… Partly for troubleshooting, and partly for performing backups. If we don’t directly have access, typically we have permission to grant access, so we can grant ourselves permission to access whatever we need to. This means that IT is one of the highest trust areas of the business. We can read the CEO’s emails, send mail as anyone, access everyone’s files, and delete all data on everything in such a way that it is impossible to recover. We need the access to do our jobs and violating the trust we have with that access, is unforgivable and a career-ending event.

    I will say that I have not met any IT professionals who will snoop, spy, eavesdrop, or otherwise examine what you do or what data you have or interact with, without a good reason. If it happens, it’s likely that someone else, such as a manager, has requested that we do. We are merely the middleman in that scenario. Bluntly, we’re too busy than to just do it for kicks.

    If any IT professional has violated trust, I would report it to management. It is grossly inappropriate to access a user’s system without just cause.

    As for notifications, that varies depending on the request. I typically only inform people when I need to remotely control their desktop (interrupting their work) and I’m generally very receptive to being asked to wait before connecting so any sensitive information can be dealt with and closed before the session is established. I have no issue with that. I don’t need, nor want to know any more than I do. I’m never looking for illicit or illegal things unless they are creating a problem (excessive bandwidth use, excessive disk use, etc). For the most part, I try to stay in my lane. I’m here to help, not spy on you to get you fired.


  • For me, working in IT, two things are keeping me on Windows:

    • games
    • IT tools only made for Windows.

    Most remote access stuff is entirely Windows based. Sure, there’s clients so you can connect to Linux, Mac, whatever, from the admin console, but the plugins and whatnot that actually show you the remote users desktop are almost entirely Windows exclusive. There’s sometimes a Mac option, but almost never a Linux option.

    Using something that’s more common/public, like TeamViewer isn’t really an option. There’s a plethora of business focused RMM tools that are just web apps with Windows plugins for all the heavy lifting.

    The part that gets me, is that any of these tools which allow for self hosting, can have the server and client side on Linux, but the IT team doing the work only gets Windows as an option for the remote control tools.

    Infuriating.