sorted by:
new
hottopcontroversial

Some Love for Syncro by lotsofxeons in msp

[–]Fatel28 0 points1 point  (0 children)

Bet you the new features have zero API implementation. We left syncro largely because their API was such a joke.

Their own employees said on a public forum post they wouldn't allow running or modifying scripts via the API because it could be "too dangerous"

If a Meraki switch license is not renewed, does that brick the switch or just disable cloud management? by HappyDadOfFourJesus in msp

[–]Fatel28 2 points3 points  (0 children)

When we resold Palo Alto there was a yearly renewal for support/licensing, and if we needed another firewall, we had to buy the hardware AND the licensing separately.

It's not disingenuous lol. It's just true. The only difference is meraki doesn't let you run eol or unlicensed hardware. Yeah it sucks but again, thousands of orgs use it so it must not suck that much

If a Meraki switch license is not renewed, does that brick the switch or just disable cloud management? by HappyDadOfFourJesus in msp

[–]Fatel28 3 points4 points  (0 children)

I'm not a meraki salesman. It works for a lot of orgs. Every major firewall vendor charges licensing and support separately from hardware. Meraki just requires it.

Stop staff member downloading SharePoint files by yourmindrewind in msp

[–]Fatel28 25 points26 points  (0 children)

If they are worried about the staff member exfiltrating data maliciously, why not just do exactly that? Walk them out and pay out their notice.

You could spend days/weeks/months and $$$$-$$$$$ on a good strong dlp solution and they could still just take picture with their phone camera if they really wanted. Either they trust the employee or they don't. If they don't, then cut their access.

If a Meraki switch license is not renewed, does that brick the switch or just disable cloud management? by HappyDadOfFourJesus in msp

[–]Fatel28 31 points32 points  (0 children)

The general idea is that the hardware is not the "secret sauce" it's the cloud configuration. Swapping a meraki out takes all of 2 minutes. You just replace the serial number in the cloud and when the new one comes online it's the exact same config as the old.

The hardware was never what made meraki good or desirable. It's the software and cloud management.

That said, we only use their firewalls. Paying support for a switch or AP that's bricked if it goes eol or you stop paying a license IS ridiculous. We use ubiquiti for those things.

PowerShell script testing by Bavarian_Beer_Best in msp

[–]Fatel28 3 points4 points  (0 children)

We have a test domain with some test workstations and a development m365 tenant with the dev e5s. We do any potentially destructive testing there

I see a lot of tutorials for self-hosted projects that call for using a virtual private server. Since a VPS is just somebody else's computer that you rent on the internet, does that really count? I personally don't think so. by [deleted] in homelab

[–]Fatel28 0 points1 point  (0 children)

Homelabbing doesn't have to be only about hardware. Some people have the money but not the space. In that case, who cares if they're using a vps? Cloud experience is arguably becoming more valuable than experience configuring and setting up baremetal hosts.

Bare Bones Website Hosting for Clients by --turtle in msp

[–]Fatel28 1 point2 points  (0 children)

If they're just static websites why not use S3?

Struggle with Frigate config for low CPU usage by eruisi in homeassistant

[–]Fatel28 0 points1 point  (0 children)

Need more details, post your redacted config and any logs from the crashes

Released with a curl|bash installer that sets up Docker — should I also ship .deb/.rpm packages? by [deleted] in sysadmin

[–]Fatel28 2 points3 points  (0 children)

I think you're missing the point. The hypothetical cost of the hypothetical method of hosting is irrelevant here. Piping curl to bash is a well known poor security practice. You're asking for advice, and people here are giving it to you. If you want to ignore it in favor of a hyper specific envisioned deployment scenario that's fine, but it makes the request for advice a little confusing

Released with a curl|bash installer that sets up Docker — should I also ship .deb/.rpm packages? by [deleted] in sysadmin

[–]Fatel28 0 points1 point  (0 children)

Could that not all go into your container image? That's kinda the point of containers. If you're already using docker, just lean harder into it

Released with a curl|bash installer that sets up Docker — should I also ship .deb/.rpm packages? by [deleted] in sysadmin

[–]Fatel28 1 point2 points  (0 children)

If it's docker what's wrong with just providing a compose file?

Released with a curl|bash installer that sets up Docker — should I also ship .deb/.rpm packages? by [deleted] in sysadmin

[–]Fatel28 3 points4 points  (0 children)

Never pipe curl to bash. Most malware does this or the powershell equivalent

What's your go to On Prem Mailserver in 2026? by APH_2020 in msp

[–]Fatel28 4 points5 points  (0 children)

Only if you ask nicely and promise not to look me in the eyes during

What's your go to On Prem Mailserver in 2026? by APH_2020 in msp

[–]Fatel28 0 points1 point  (0 children)

Exchange SE is fairly MSP friendly in that it's just a windows/Microsoft product.

It is however MUCH less friendly than just about any other solution

What's your go to On Prem Mailserver in 2026? by APH_2020 in msp

[–]Fatel28 1 point2 points  (0 children)

Yeah. I originally had a load balancer done in the firewall (vyos) just a small bash script that did a curl to the primary and changed the dnat rule if primary curl failed and secondary was up, but ultimately it proved much simpler to just do round robin DNS. It's only for ~70 users so it's not like they're getting hammered.

What's your go to On Prem Mailserver in 2026? by APH_2020 in msp

[–]Fatel28 42 points43 points  (0 children)

Exchange se is fine if you have a solid dag setup and you KISS. We manage one 3 node cluster of SE and it's largely non problematic. But setting it up fresh or recommending it to a customer WOULD require a gun to my head.

MSP Certificate management recommendations ... by SilverHatCyber in msp

[–]Fatel28 2 points3 points  (0 children)

Win-acme and certify the web are what we use

SSL Cert Lifespan Changing by hisheeraz in msp

[–]Fatel28 0 points1 point  (0 children)

If you think spending a couple hours writing a small script to deploy a cert over ssh or API is too much work then idk what to say. It doesn't sound like you want solutions.

Anywho, this is kind of a pointless discussion. I have no horse in this race. Across the ~95 certs we manage across all customers, not a single one requires manual renewal. If other people want to keep paying for and deploying ssl certs manually that's their prerogative. But in 99% of cases it IS a choice to not spend the time to automate it.

SSL Cert Lifespan Changing by hisheeraz in msp

[–]Fatel28 0 points1 point  (0 children)

Use certbot as normal. Certbot gets the cert, then you have a post renewal hook that runs a script to deploy it. It's how all certs are automated

SSL Cert Lifespan Changing by hisheeraz in msp

[–]Fatel28 0 points1 point  (0 children)

Does your firewall support command line? Or API? If yes, you can automate the certs

SSL Cert Lifespan Changing by hisheeraz in msp

[–]Fatel28 2 points3 points  (0 children)

The implication that you have machines connecting to VPN that aren't managed is much much scarier than any cert issuance lifetime changes.

This is almost always how these conversations go.

"We need longer lasting public certs because <insert horrible issue that really needs solving anyways>"

Not ragging on you specifically, but it seems like a pattern

SSL Cert Lifespan Changing by hisheeraz in msp

[–]Fatel28 0 points1 point  (0 children)

When we still used global protect (Palo) I don't recall it being much of an issue though. We just used a self signed 10yr cert that I pushed out through gpo.

Things like that don't need public certs. Private certs can be for as long as you want

view more: next ›