I set my 3960x to NPS4 (Nodes Per Socket: 4) mode to experiment with NUMA on Linux. My system has 4 32 GiB DIMMs across 4 channels, so I expected each of the 4 nodes to get one. Instead, nodes 1 & 2 get 64 GiBs each, and nodes 0 & 3 get 0:

tavianator@tachyon $ numactl -H
available: 4 nodes (0-3)
node 0 cpus: 0 1 2 3 4 5 24 25 26 27 28 29
node 0 size: 0 MB
node 0 free: 0 MB
node 1 cpus: 6  ...

I'm trying to establish a site-to-site IPsec VPN between an EC2 instance running StrongSwan and a SonicWALL firewall. I've tried a lot of different configurations, but currently I have this at the EC2 side:

conn A-B
        authby=secret
        auto=start
        type=tunnel
        aggressive=yes
        left=172.31.x.x # Private IP address of server A (EC2 instance)
        leftid=a_vpn
        leftsu ...

I'm working in a task to keep Mac application is always alive. I'm success to create a plist file to make app respawn when user force quite app from Dock or kill process from Activity Monitor Here's my plist file

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<di ...

I have a network configuration I would like to make happen, but I'm at a loss at what to call this odd setup, which makes searching quite difficult.

I want to substitute the Google Fiber Networking Box (a rather useless "router" for power users) with my own pfSense router, which there are plenty of tutorials available for that but I would also like to simplify the wiring to the Fiber Jack (ONT) box by ...

I'm a networking noob, but I was able to setup a Windows VPN connection to my Netgear OpenVPN server in like 10 minutes. It was super easy, but when I tried to do it in Linux, I have spent all day trying to figure it out and have read through dozens of help posts and none of the answers work for me.

I have managed to get it to connect successfully based on suggestions in other posts, but I cannot ...

When I came back home just now, I was checking my webserver if it was still running and I noticed that my NGINX server was not running anymore.

I tried to restart my NGINX a few times by running the command $ NGINX and these error's occured:

2023/02/11 22:01:54 [emerg] 2394#2394: bind() to 0.0.0.0:443 failed (98: Unknown error)
2023/02/11 22:01:54 [emerg] 2394#2394: bind() to 0.0.0.0:80 failed (98: ...

I have joined a server running Rocky 8.7 to a domain using realm. I am able to login locally, ssh and sudo using a active directory account. I have some samba shares I can access with a local account. How do I access the samba shares and authenticate to active directory?

I installed nginx in a machine, and the site is not working because the user that nginx uses (www-data) doesn't have access to the folder with the site contents.

I decided to add the user www-data to the root group, which is the owner of this folder, but I still get Permission denied when trying to stat the folder.

the folder is located at /root/sources and here is the current permissions:

drwxr-xr-x 1 ...

root@ubuntu-s-1vcpu-1gb-amd-sfo3-01:/var/www/html# curl -I http://137.184.81.151/hello-world/
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 11 Feb 2023 20:19:32 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Pingback: http://137.184.81.151/xmlrpc.php
Link: <http://137.184.81.151/wp-json/>; rel="https://api.w.org/"
Link: <http://137.184.81.151/wp-json/wp/v2/posts/1& ...

I'm trying to restrict access to certain paths on my service how can I accomplish this on kubernetes? I have a service that runs a basic API but it also runs an admin service. Is it possible to use multiple paths under the same host as an ingress rule?

Example.com/API can be open but Example.com/admin needs to be restricted. Both services run on the same backend service.

Can I start a ZFS pool with a RAID1 setup using a single drive, and then add another one later?

Running Proxmox VE 7.2

This may seem rather trivial, but Im' not good with tls.

I have an openvpn server that does mutual tls auth.

my vpn client has a ca.crt file of:

root CA
intermediate CA
issuing CA

my server has a server.crt of:

server certificate # which is signed by the above "issuing CA"

However, if on my vpn client I remove the "issuing CA" and "intermediate CA" from ca.crt, my vpn client still validates the  ...

Looking at some logs from our apache server (2.4 on unbuntu 18.04) for one of our clients, and there are some lines that caught my eye and that I don't understand at all. I've been trying to explain what's going on but I'm having trouble interpreting the situation.

It's a Wordpress site and the client connects to his administration interface in the usual way.

There are many HTTP 200 responses as exp ...

I'm trying to limit the file download speed in a directory

I've got the following .htaccess

<IfModule ratelimit_module>
    SetOutputFilter RATE_LIMIT
    SetEnv rate-limit 4096
</IfModule>

But this only allows 2MB/s, on my browser and curl.

Changing rate-limit to 8000 allows 4MB/s

What could be causing this missing factor of 2?

At the moment I'm doing:

gsutil ls -l gs://myproject | sort | tail -n 1

It takes about 10-15 seconds, which is fine, but I worry what the cost of this operation is? If it affects the cost, there's 10million objects, in 1000 top-level "directories". And I'm on Archive storage class.

I've no idea if this is free/cheap/expensive, and if there's a better way?

https://cloud.google.com/storage/pricing

A Windows user which is member of Administrators groups has 2 Access tokens:

• One with medium integrity level.
• One with high integrity level.

The first one is used by default. When an application needs an high integrity level, an UAC consent popup is displayed to the user. When the user accepts, he switches to his high integrity level access token.

The Administrator account has only one access token:  ...

trying to ssh from my macbook pro, to a remote server,

ssh ayan@ServerIPAddress

gives the following error

ssh: illegal option -- ?
usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface]
           [-b bind_address] [-c cipher_spec] [-D [bind_address:]port]
           [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11]
           [-i identity_file] [-J [user@]host[:port]] [-L address]
    ...

Ceph reading and writing performance problems, fast reading and slow writing

Hello, we need to migrate all cloud environments to Proxmox. At present, I am evaluating and testing Proxmox+Ceph+OpenStack.

But now we are facing the following difficulties:

1. When VMware vSAN was migrated to ceph, I found that hdd+ssd performed very poorly in ceph, and the write performance was very poor. Performance is far less ...

On Prem AD connected to Azure AD connect. A vendor we are using requires an IPsec tunnel to a DC on their side to then create a trust to our on Prem AD. Problem is, their router is not compatible with ours due to them being behind a NAT and refusing to use OpenVPN.

I already have a tunnel from our On Prem DC to Azure AD, which works. I added another connection to the same VNet to our vendor. That ...

So I have been trying to essentially install Nixos from the official site with a Cloud-Init for Ubuntu Server 22.04. I want to really understand how to install packages that I potentially might have to compile or other ways of installing packages like with Curl or Wget within in the user-data.yaml file.

So far I have a user-data.yaml in which I am trying to use runcmd: to install Nox via the recomme ...

Because it's bad form here to ask multiple questions in ONE entry, I'll be asking about specific Postfix and Dovecot entries, however this nightmare has been going on since about January 19 and it's now Feb 10! In the original situation, it took several days to be discovered by the spammers as crackable before we were inundated with their [expletive], and we just THOUGHT we had it fixed, brought it ...

I manage about 100 servers running Alma Linux 9.1, each with multiple users. Historically we've had a single account "admin" that everyone logs into when working on a server. I'm moving us over to individual LDAP users via SSSD but have hit a stumbling block with group membership.

Just as an example, on our ansible server the files under /etc/ansible belong to the admin user so that unprivileged users c ...

I have a very basic question. From what I have read, it seems these unpatched servers were directly attacked remotely through the internet via port 427. So unlike other ransomware attacks, the malware did not get into the network through phishing or from an employee accidentally downloading malicious files. Is this correct?

I just became the system administrator for a church with four Meridian M7208 telephones and a Vtech phone. The user of the Vtech phone reported that when making a phone call, she receives a voice message which begins with the words "General Delivery. Please Press" I've searched the relevant manuals and can find nothing that suggests the capability to send a message other than to the voicemail system. Fu ...

Hello I have a question.

I have a HP C7000 G2 (507019-B21) with 16x HP BL460c G8 blades + 16x (656590-B21) HP Flex-10 10Gb 2-port 530FLB adapter and 1x (455880-B21) HP VC Flex-10 Enet Module.

My question now is because the 530FLB adapters has 2 ports is it possible to use the HP VC Flex-10 Enet Module to configure an uplink on one 530FLB port and use the second 530FLB port without uplink to connect  ...

I setup my computer as follows

Fedora 37 kernel 6.0.17-300.fc37.x86_64
lvm2-2.03.11-9.fc37.x86_64
sda - SSD
sdb - SSD
sdc - HDD
sdd - HDD
lvcreate -n root -L50G --type=raid1 rootvg sdc sdd
lvcreate -n rootcache -L10G --type=raid1 rootvg sda sdb
lvcreate -n rootmeta -L20M --type=raid1 rootvg sda sdb
lvconvert --type cache-pool --cachemode writeback --poolmetadata rootmeta rootvg/rootcache
lvconvert  ...

I have a debian server with 1 NIC, on my network I have two ISP's. It's possible to have two gateways on a single NIC, one Primaray Gateway and other for Backup/fallback in case of the internet on ISP1 goes down?

If it's possible can you help me create such kind of routing table for it? I already try this, but not work

ip route add default  proto static scope global \
nexthop  via 192.168.60.1 weight  ...

I'm monitoring a chrony client using chronyc sources called every second.

This command reports several values including

Poll - This shows the rate at which the source is being polled, as a base-2 logarithm of the interval in seconds. Thus, a value of 6 would indicate that a measurement is being made every 64 seconds. chronyd automatically varies the polling rate in response to prevailing conditions.

 ...

Strange behavior at the client.

Monitoring software is set to ping a hostname every minute

Checks with Windows DNS server, which forwards the query to F5 GTM if needed.

It resolves hostname successfully 95% of the time.

I ran packet capture and on failed attempts, I see this:

3666460 10:58:45.307259 172.21.16.15 172.16.124.26 DNS 95 Standard query 0xc03d A ssotool.shared.00.prod.vip.internal

I'm preparing a server to host a classic WordPress site (lots of dynamic content).

I have an apache server associated with a Nginx reverse proxy ( with the proxy_pass configuration ). I have several ideas to advance my NGINX configuration: A) distribute the static part via the reverse proxy without going through a cache system. B) Cache with Fastcgi_cache with many filters to exclude dynamic cont ...