I’m far from an expert sorry, but my experience is so far so good (literally wizard configured in proxmox set and forget) even during a single disk lost. Performance for vm disks was great.

I can’t see why regular file would be any different.

I have 3 disks, one on each host, with ceph handling 2 copies (tolerant to 1 disk loss) distributed across them. That’s practically what I think you’re after.

I’m not sure about seeing the file system while all the hosts are all offline, but if you’ve got any one system with a valid copy online you should be able to see. I do. But my emphasis is generally get the host back online.

I’m not 100% sure what you’re trying to do but a mix of ceph as storage remote plus something like syncthing on a endpoint to send stuff to it might work? Syncthing might just work without ceph.

I also run zfs on an 8 disk nas that’s my primary storage with shares for my docker to send stuff, and media server to get it off. That’s just truenas scale. That way it handles data similarly. Zfs is also very good, but until scale came out, it wasn’t really possible to have the “add a compute node to expand your storage pool” which is how I want my vm hosts. Zfs scale looks way harder than ceph.

Not sure if any of that is helpful for your case but I recommend trying something if you’ve got spare hardware, and see how it goes on dummy data, then blow it away try something else. See how it acts when you take a machine offline. When you know what you want, do a final blow away and implement it with the way you learned to do it best.

3x Intel NUC 6th gen i5 (2 cores) 32gb RAM. Proxmox cluster with ceph.

I just ignored the limitation and tried with a single sodim of 32gb once (out of a laptop) and it worked fine, but just backed to 2x16gb dimms since the limit was still 2core of CPU. Lol.

Running that cluster 7 or so years now since I bought them new.

I suggest only running off shit tier since three nodes gives redundancy and enough performance. I’ve run entire proof of concepts for clients off them. Dual domain controllers and FC Rd gateway broker session hosts fxlogic etc. Back when Ms only just bought that tech. Meanwhile my home “ARR” just plugs on in docker containers. Even my opnsense router is virtual running on them. Just get a proper managed switch and take in the internet onto a vlan into the guest vm on a separate virtual NIC.

Point is, it’s still capable today.

Let people enjoy thought experiments as a tangent.

This sounds unbelievable, like the turning of a ship to avoid an iceberg. It’s an unbelievably light sentencing, showcasing the country’s lack of interest in protecting women’s rights while declaring the intent to do so in the ruling.

If my partner was attacked, lost her hearing and had to attend court multiple times to defend her rights to safety, and the perpetrator got 3 years? I’d be furious.

I know she’d be devastated. The times she felt unsafe already leave such a big impact, let alone a realised attack.

Anyway. I do hope it’s just a positive sign, that all it will take is a bit more time. I want to believe it’s positive. But it’s wild to compare what I’d like to believe as obvious human rights; to not be attacked to the point of disability from an unprovoked human, then believe in the justice system in arrears to punish and (theoretically) prevent.

Anyway, long rant. Processing it because I probably believed Korea was better than that. Not all the humans, just at least the culture and law.

My brothers overpriced merc uses lighting zones and detection to turn off areas to not blind incoming traffic. Cool, but I’m sure within 5 years these extremely complex lighting arrays will fail and not be user serviceable, other than full headlight cluster replacement for $4k.

More complexity, shorter life. You’ll get what you want but only because it suits the makers.

Pop! Os

Imo.

I spent like 20 minutes self hosting and running over tailscale so traffic is always private… Never had an issue. I’ve got over 20 devices accessible on it.

Easy to remote register over ssh just by sending the installer plus running with server name plus key, then setting a static password.

I still think gaming wide moonlight is great though. You won’t really regret that.

Other then legacy and uefi does it have a CSM compatibility support mode? An option to enable usb initialisation before bios? Eg wait for usb initialisation?

Some “boot faster” options kind of reorder boot initialisation to a point where it’s not holding the system back.

Though I’m really running out of suggestions… I can imagine you’re pretty frustrated. I know my Dell laptop was a pain to get the right settings to get usb to boot and the stupid 100db beep to silent on boot interruption.

And you probably confirmed that live boot worked too I assume.

In the actual bios, can you see a boot order and see uefi for Windows/whatever is on your internal disk? But not any other entries?

I suggest a few more things:

Try a different brand usb. Different motherboards sometimes don’t support some usb brands. In fact, a Lenovo server I rebuilt refused to boot off certain usbs.

Some motherboards don’t initialise boot off some usb ports. Sometimes the additional ports are on another controller and initialise too slow.

Just try a straight working Ubuntu live boot usb to remove any ventoy from equation. Ubuntu has real signed uefi (and no shim) granted by Microsoft. I think that’s how it works, uefi is a mess.

Try to start isolating all the different factors, and there could be more. It doesn’t necessarily mean anything definitive if it works on another machine.

Hmm, so, policy in our office is a clean desk. Before you jump to conclusions, it’s because our secured area and office occasionally has people come through that should absolutely not see what information we have on our desks. This requirement is a compliance issue for our continued contracts and certifications.

Our work from home policy hasn’t addressed this issue, but it sounds like it’s a clear gap. Your neighbour coming around for a cup of tea absolutely should not be able to see any work related information.

My assumption is that someone has considered this kind of aspect and had a check to confirm that they’ve done diligence by asking you to reveal your working space. A space the companies sensitive information would be visible. Actually you too should maybe not be looking at your wife’s screen nor materials on her work desk. Depending on the situation.

Either way, policy comes first so perhaps her employment agreement or employee handbook would reveal more.

For me I want to know how much frame latency there is since I’m suspicious and I want to try things to see the effect and I just don’t know how to get that information in an OSD like I can with msi afterburner.

If someone knows what can do this in Linux, please reply!

Instead I just stopped all competitive and cooperative gaming. Which is a bit of a shame. Sometimes I’ll load up windows to join friends but usually by the time I’ve updated whatever game I’ve gotten over it.

Don’t get me wrong, hiccups aside I’m very happy which is why I’m in Linux most of the time. But it’s not always a wonderful world.

A software shouldn’t use passwords for tls, just like before you use submit your bank password your network connection to the site has been validated and encrypted by the public key your client is using to talk to the bank server, and the bank private key to decrypt it.

The rest of the hygiene is still up for grabs for sure, IT security is built on layers. Even if one is broken it shouldn’t lead to a failure overall. If it does, go add more layers.

To answer about something like a WiFi pineapple: those man in the middle attacks are thwarted by TLS. The moment an invalid certificate is offered, since the man in the middle should and can not know the private key (something that isn’t used as whimsically as a password, and is validated by a trusted root authority).

If an attacker has a private key, your systems already have failed. You should immediately revoke it. You publish your revokation. Invalidating it. But even that would be egregious. You’ve already let someone into the vault, they already have the crown jewels. The POS system doesn’t even need to be accessed.

So no matter what, the WiFi is irrelevant in a setup.

Being suspicious because of it though, I could understand. It’s not a smoking gun, but you’d maybe look deeper out if suspicion.

Note I’m not security operations, I’m solutions and systems administrations. A Sec Ops would probably agree more with you than I do.

I consider things from a Swiss cheese model, and rely on 4+ layers of protection against most understood threat vendors. A failure of any one is minor non-compliance in my mind, a deep priority 3. Into the queue, but there’s no rush. And given a public WiFi is basically the same as a compromised WiFi, or a 5g carrier network, a POS solution should be built with strengths to handle that by default. And then security layered on top (mfa, conditional access policies, PKI/TLS, Mdm, endpoint health policies, TPM and validation++++)

Seems like you should submit a change request with your fixes?

Transport layer security should mean this shouldn’t matter. A good POS shouldn’t rely on a secure network, the security should already be built in cyptographically at the network session layer. Anything else would still have the same risk vector, just a lower chance of happening.

In fact many POS systems happily just take a 4g/5g sim card because it doesn’t matter what network they’re on.

Hate to break it to you, but most IT Managers don’t care about crowdstrike: they’re forced to choose some kind of EDR to complete audits. But yes things like crowdstrike, huntress, sentinelone, even Microsoft Defender all run on Linux too.

Well, what I really wonder is if because the kernel can include it, if this will make an install more agnostic. Like literally pull my disk out of a gaming nvidia machine, and plug it into my AMD machine with full working graphics. If so this is good for me since I use a usb-c nvme ssd for my os to boot from on my work and home machines and laptops for when I’m not worrying. All three currently have nvidia cards and this works ok. I have some games to chill and take a break. My works core OS for work MDM etc unmodified. I like it that way.

I realise this is not a terribly useful case, but I could see it for graphically optimised VM migrations too not that I have many. Less work in transitioning gives greater flexibility.

How the fuck do you f2 your army on this keyboard when you’ve got dark templars in your mineral line?!

Day9. Though I just rewatched a funday Monday from episode 200 or 300 and it was just as amazing and fun as it was back over a decade ago.

I watched newer stuff he still seems to be a great guy.

Sorry to clarify: updates come as security or as feature updates. If I’ve already got a standard operating environment (SOE) with all the features I/staff need to do work, I don’t need new features.

I then have to watch cves with my cve trackers to know when software updates are needed and all devices with those software get updated and the SOE is updated.

I can go on a rant about how bad the Linux has recently made my life as someone’s policy is that any Linux bug might be a security vulnerability and therefore I now have infinite noise in my cve feed, which in turn is making decisions on how to mitigate security issues hard, but that is beyond this discussion.

So in short I’m only talking about when you update, updating only security fixes, not the software and features. Live patching security vulnerabilities is pretty much free low effort, low impact, and in my personal opinion, absolutely critical. But software features patching can be disruptive, leaves little to be gained, and really only should be driven for a request to need that feature at which point it would also include an update to the SOE.