How can I reject mail that does not have a DMARC policy enabled? Using Postfix 3.6.4 and OpenDMARC 1.4.2.

Hi, I can't seem to find if there's a consensus on this so asking here.

Not all CIs are assets and not all assets are CIs. But many assets and CIs are the same physical or virtual thing.

I see some vendors (e.g. ServiceNow, Freshservice) have separate asset databases and CMDBs. and other (e.g. Jira Service Management) have a combined database.

Do you have any preference one way or the other? Are there pros and cons to do it a certain way? To me it seems like maintaining two databases is more fiddly and time consuming but I don't know.

Instead, I want to take aim at a misconception that I think Pablo shares with many, many people in the software industry. Namely, the idea that if a software system is built correctly, it will work. Or, equivalently: if a software system doesn’t work, then it wasn’t built correctly.

Hi, I apologize if this is not the place for this (if not please direct me where to) but I am in need of some advice for LAN RDP solution. These will be used in recording studios to minimize noise. The configuration goes like this; there are two different computers being remoted into over the LAN. In the studio are three monitors, two of them are used for one RDP session while third for the second tower. I initially had some trouble with Multi-mon until I checked the MS Learn rdp page. https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/mstsc

The problems start occurring when recording audio to Adobe Audition (I think that's the name of the product). Initially the sound card wouldn't show up until I set the audio flag to 1 https://learn.microsoft.com/en-us/azure/virtual-desktop/rdp-properties#device-redirection. One of the things done in the user's workflow is to capture audio from the browser into the Adobe product which also wasn't initially working until I checked "Release Audio Driver to the Background" in the settings menu. However, this only works in Edge not even Chrome can do that surprisingly. And even then, it's not consistent, there are some weird things the user has to with which program's window is active. In the same vein of the issue, the fixes I just described only work on towers with a dedicated soundcard. Another employee installed something called Virtual audio cable (https://vb-audio.com/Cable/index.htm). Unfortunately, I wasn't around at this time to see what problem it solved and how. And furthermore, I've a single complaint about program windows not showing up on one of the remote computers. Not sure if that is a result of their RDP session not being an administrative one (that's my first guess). I haven't been able to observe this myself, so I don't have any details, and my emails aren't being returned.

Prior to my attempt at an RDP solution, we were using Dell Wyse thin clients and Teradici gpus. This equipment is fairly old, failing consistently now and also very expensive to replace. I'm open to all suggestions though, I've been sort of eyeing VNC but I'm unsure of how it interacts with audio recording and multi monitor sessions. Sorry for the wall of text and thanks to any who reply.

Oh look, Oracle fucking up again!

Aw yeah, because Salesforce is sooo much better. Our Savior!/s lmao

What are your strategies when a MySQL/MariaDB database server grows to have too much traffic for a single host to handle, i.e. scaling CPU/RAM is not an option anymore? Do you deploy ProxySQL to start splitting the traffic according to some rule to two different hosts? What would the rule be, and how would you split the data? Has anyone migrated to TiDB? In that case, what was the strategy to detect if the SQL your app uses is fully compatible with TiDB?

LinkedIn damned near landed me a sweet job. They were ready to offer, but HR put their thumb on the scale for their guy. Just barely missed another this week from Indeed, think asking $60-$70K was too much for that place, and if so, fuck 'em, that was a serious lowball. Networked what little I could, don't know may people any more, and certainly not in tech.

What are your go-to places to job hunt?

It's been sounding like a dead fan bearing in the rack for a while, there's really old machines in there. Turns out no! The drive did the screeching. I was stunned for a second when the noise stopped upon its removal.

Platter smoke. Don't breathe this!

F'in Oracle strikes again lol

I'm trying to set up a Windows system so that all multiple logins are tied to the same local user. I want it to be multiple logins so nobody has to share a password and it needs to be effectively the same user so that saved items are easy to find. Other than using GPOs to remap things like documents to be a logcal user at login does anyone know a clean way to go about this? A lead hand signs into the system at the beginning of a shift and then other people use the computer to operate a connected device. So if they save a file another person could have logged in next time they try to open it and our users aren't always the smartest and the more uniform it is for them the better.

Update: Gave them almost another week: no response, no acknowledgement, and no drop in spam. Fuck 'em. Banned both of their /16 CIDR ranges (159.183.0.0/16 and 149.72.0.0/16). None of their listed big users are any my org would be dealing with. If Sendgrid/Twilio had at least acknowledged a single one of the ~50 spam reports I sent over the course of 2 and a half weeks, I would have at least given them the benefit of the doubt.

I have been getting absolutely hammered with spam via SendGrid (Twilio), and it's largely making it past the spam filters. I've trained on all of them, but they're still not getting a high enough spam score for quarantine. I've lowered the score about as low a it can go without blocking legit mail (and most other spam is correctly caught).

This week alone, I've sent 8 abuse reports to abuse@sendgrid.net. Those plus the ones I sent last week have all gone unacknowledged and unanswered, and there has been no noticeable change in the inbound spam.

I'm to the point where I'm going to just IP block them entirely, but before I do, anyone know of any major companies I may inadvertently prevent from emailing me / my users?

Hi sysadmins, I am thinking of doing a pretty drastic career change. I have 10+ years of experience in chemistry doing bioanalysis and a few years repairing breath alcohol analyzers. I have always considered messing around with electronics, networking, and computers/servers as a hobby and have been using various Linux distros as my main os for almost 20 years.

I have come to see my specialty in my line of work as a dead end. I'm pretty damn good at my job but I feel like automation is going to be taking over very soon, and I'm not that good that I think I'll be in the top 10% that get to stick around and run the automations when the robots finally take over. So I'm considering doing a career change to IT/sysadmin.

What I'd like to know is what should I learn how to do to see if I'll even like moving down this path? What can I set up at home, break, then fix that would give me an idea as to what the sysadmin life is really like?

I'm pretty sure I haven't ever really done any sysadmin type work with my home setups, seeing as I build and set up services I want for myself and at the level I'm willing to put up with. For the most part I can be handed something already implemented and work within that space to keep it going and adjust it to what I want it to do or fit my set up. I can usually find my way through log files and error codes to figure out what the problem is and duckduckgo my way to a fix.

Projects like Arubis use a web based proof of work to slow down and and potential stop not traffic. The idea is that the proof of work makes the client spend some computer resources accessing the page so that it isn't as computationally feasible to abuse public websites.

However, doing this all as a web service seems inefficient since there is always a performance penalty tied to web pages. My idea is what there could a special http protocol addition that would require the client to do a proof of work. Doing it at the browser/scaper level means that it would be Mich more efficient since the developer of the browser could tailor the code to the platform. It would also make it possible for bots to do it which would still allow scrapping but in a way that is less demanding on the server.

cross-posted from: https://feditown.com/post/1233561

I have a SMB share on a computer. It's set to anonymous access, meaning I don't have to enter a password to access the shares. All my PC's at home are Linux so this has served me for many years. I now have a Windows 11 laptop from work that refuses to connect to this device. The message it gives me is you can't access this shared folder because your organization's security policies block unauthenticated guest access

I have tried adding a new share that requires authenticated access, but Windows keeps giving the same error.

I have changed the protocol settings to be higher, but they had no effect. Here is my current config:

#======================= Global Settings =====================================
[global]

	protocol = SMB3_11
	client min protocol = SMB3
	client max protocol = SMB3_11

	workgroup = REDACTED.HOME

	server string = SAMBA

	map to guest = bad user

	hosts allow = 192.168.1. 127.

	printcap name = /etc/printcap
	load printers = no

	log file = /var/log/samba/%m.log

	max log size = 50

	security = user

#============================ Share Definitions ==============================
[smbshare]
   path = /mnt/share
   public = yes
   only guest = yes
   writable = yes
   browseable = yes
   create mask = 0777
   directory mask = 0777
   printable = no
   guest ok = yes

[smbshareauth]
   comment = Authenticated share
   path = /mnt/share
   read only = no
   public = yes

This config still works for my anonymous share on my Linux machine, but (still) not on Windows 11 with the authenticated share. Removing the anonymous share from the config and leaving only the authenticated share does nothing for Windows 11, still same error.

Protocol before was

	protocol = SMB3
	client min protocol = SMB2
	client max protocol = SMB3

I tried to connect to \\192.168.1.5\smbshareauth but that gives the above error. Help is greatly appreciated!

From today until March 15, 2026, the maximum lifetime for a TLS certificate is 398 days.

As of March 15, 2026, the maximum lifetime for a TLS certificate will be 200 days.

As of March 15, 2027, the maximum lifetime for a TLS certificate will be 100 days.

As of March 15, 2029, the maximum lifetime for a TLS certificate will be 47 days.

What's everyone's opinion on this? I think from a security standpoint their reasoning is valid and in many cases it's very easy to automate the renewal with ACME or something else. But there's likely gonna be legacy stuff still around in 2029 that won't be easy to automate.