Sysadmin Mega Thread

It presents a security issue with luks. Actually quite a potentially big one given an adversary with the right tools effort and time. They can reduce the key space of aes and others down to a point where it can be broken due to the discarded blocks

Elomsoft also broke luks lol plus they had a 2021 or 2022 article discussing how trim makes it far easier to do so. Im trying to find it but search engines are shit these days

Is there an offboarding procedure for luks where you nuke the key? I think I remember something like that.

1 Like

Yeah you have to encrypt with a new key before deleting the old one

Honestly root on zfs with native zfs encryption is better tbch

Been debating wiping my laptop and setting up Debian on it. This might be the final straw to get me to do that. Rootzfs + Encryption sounds hawt.

You need to use zfsbootmenu as a bootloader for it

1 Like

But can I set it up via unattended pxe + tpm?

I dont actually see why not. Theres an image available. I just dont know how well it scripts up

@wendell Any plans to do a SONiC video? Maybe on L1Linux? Figuring out compatibility in the 2nd-hand (or even 1st-hand) market is especially daunting…

The tldw is it makes a fine switch or basic subject router but advanced features are sketchy.

It is with the effort to learn the quirks if you have a hundred of them… less so if you only have a few. I only have to manage a few and they are great for my basic af use case.

1 Like

What models are you using? I think I saw a video where you mentioned using it on a Dell.

From what I’ve seen, Dell or Edgecore are/will be the most viable 2nd-hand but it’ll still be some years before they start going out of warranty and hitting ebay in a big way. I see some relatively affordable models now but not enough variety in port configurations to build a whole rack.

I got some 5248 and 5212 that had bricked themselves because of dell license games… dell has since toned it down but I spent less than $1k on these and now these same switches are selling for $crazy

The only reason I risked it for the production ones was it was for a non profit that was willing to roll the dice and knock on wood their datacenter deployment hasn’t had any trouble. The 5212 are part of a San and deployed in pairs so you update each half at a time.

I’ve been meaning to redeploy dells os since they said they’d give me a non expiring license lol

1 Like

For the 5200 series (or any Dell I suppose), is there a way to discern airflow direction from photos? I think there’s a lot of confusion over “front-to-back”, whether that is front/back of the rack or front/back of the switch so I don’t necessarily trust the ebay listings.

Also, how possible/easy is it to buy rack mount parts from Dell?

its easy to get the case/sled for the 5212 half-n-half, and fans are pretty easy to get, outside that… not so much.
psu are built in, but standardish.

afaik no way to tell airflow direction.

1 Like

Probably a dumb question but…is there any way to tell from inside a VM if the storage backing it is spinning rust or solid state?

Edit: I’m speaking of a Windows Server guest running on some version of ESXi host.

Yes:

ESXi allows operating systems to auto-detect VMDKs residing on SSD datastores as SSD devices.

To verify if this feature is enabled, guest operating systems can use standard inquiry commands such as SCSI VPD Page (B1h) for SCSI devices and ATA IDENTIFY DEVICE (Word 217) for IDE devices.

https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.storage.doc/GUID-E9E146C9-E99C-4468-B70C-770B83788433.html

NOTE: Linked to current version of the doc which actually says “Flash” devices, while the older wording was “SSD”.

1 Like

Is ‘wmic diskdrive get deviceid,mediatype’ the same data for SCSI? If it returns ‘fixed hard disk media’ can I believe that it is actually spinning rust?

Edit: Nope, the Win32_DiskDrive class doesn’t even seem to be ‘SSD-aware.’ Valid values are External media, fixed hard disk media, removable media, and unknown.

Alright figured out how to get Windows to ‘fess up. If you run the “Optimize Drives” utility it will tell you if Wndows thinks the drive is solid state. Ran it on a test VM with WS 2016 and it correctly identified the virtual hard drive as being backed by an SSD. All the corporate boxes I have control over return hard drive though. :man_facepalming:

Question about colo and cloud:

I understand that when you get your DIA, there is sometimes the option of having higher bandwidth to cloud providers. So you could get 1gb public, and 10gb to aws or something (arbitrary example). But do any cloud providers charge differently for egress over that connection?

I suspect this isn’t an option with Linode because of their simplified payment model, but using their pricing as an example, you have $5/tb egress unless the connection is within the same datacenter in which case it’s free. Is there any way to get an unmetered, fixed-bandwidth pipe into the provider’s datacenter or metered at dramatically lower cost?

My colo is currently hosting a lot of offsite backup/archive/replication and DIA bandwidth is the primary cost. If dedicated bandwidth to a cloud provider is cheaper and the egress from the provider is free or inexpensive, I could use it as a gateway and cut costs.

My current DIA is about $200 per 100mb/s with some burst (Northeast US).