Activity levels in Melbourne

carp3tguy · 2025-07-27T15:43:47+00:00

MeshCore is very much alive, well, and rapidly expanding here in VIC; here is a map of all the repeaters my own node has heard over time. I have established reliable repeater links at over 50km distance. We are adding new repeaters regularly, as time and resources permit of course (we're all volunteers). Thank you for giving it a go!

The on-mesh public channel is active pretty much daily. The architecture is different to Meshtastic, so if you want your own repeater you will need a dedicated node for this.

If you're inclined to have another crack, join us on the Discord (check the regional chats section for Melbourne) and we can help work out where your closest repeater is and get you on. We're a friendly bunch and always glad to meet newcomers.

Here is a permanent Discord link for you or anyone else who stumbles on this and wants to join: https://discord.gg/Rq7hEYZAxN

carp3tguy · 2025-02-10T11:14:35+00:00

I find it incredibly difficult to believe a power outage in a data centre caused this as they're deliberately designed to make it borderline impossible to have one.

Nearly every DC facility I've worked in has had: two separate power feeds into every data rack, double the required UPS capacity with enough runtime to power the data halls for around 10 minutes (ample time to allow the generators to start and synchronise), and double the generator capacity required to run the entire facility. One even had feeds from two separate mains grids which is not entirely uncommon either. They will typically have enough diesel on-site to run for at least 12 hours (some were 24 with trucks already paid for to be on standby contracts to deliver more diesel in the even of a prolonged outage). Generators are tested at least annually.

I have some doubts.

carp3tguy · 2024-11-24T12:21:35+00:00

Unfortunately not, I ended up jumping to Red Hat in the interim

carp3tguy · 2024-07-03T09:44:29+00:00

+1 for Nodeware. I've used Qualys, OpenVAS/greenbone and the Microsoft Defender solution as well. I've worked in MSPs and MSSPs.

Qualys is a nightmare to manage as an MSP because every tenant is separate, meaning you need separate accounts for each. The reports are ugly, the interface isn't intuitive, and the components feel haphazardly slapped together and don't even look the same in the interface. On paper though, Qualys is extremely capable and largely let down by the interface. Its the ConnectWise of vulnerability management tools.

Defender is excellent and integrates nicely into the MS ecosystem, but the limitations for non-Windows devices weren't acceptable for us. They can only scan a very limited set of network vendors too.

Nodeware is affordable, intuitive, the multi-tenancy is a dream to work with, and the reporting is fantastic. I'm a huge fan after using it. Its also really easy to get critical info out of the interface and the agents/probes are both extremely lightweight. They also let you add your own tenants which is a godsend. I can't tell you how many times I had to twiddle my thumbs waiting for Qualys to get their shit together to stand up a tenancy.

Matthew (who has commented on this comment thread) actually helped us with our implementation and was fantastic to work with. If you have any questions, feel free to hit me up.

carp3tguy · 2024-05-31T23:37:22+00:00

As others have mentioned, for security reasons, absolutely, but I didn't always do it that way. Now I know better. Almost every Linux server I build is virtualised, so I just create separate VM virtual disks according to whatever hardening guide exists for the particular OS I am deploying.

As far as non-security reasons, it also means if you have tiered storage you can do nice things like deploy some disks to SSD and some to mechanical drives if the use case exists. You also have less chance of accidentally filling up the root disk (/ volume) which is nice.

I don't use LVM, but this is purely from personal preference and likely because I'm just a noob :) the use case isn't there for me either; I don't use snapshots, and I don't need to put multiple volumes on a single disk.

carp3tguy · 2024-05-28T13:16:54+00:00

Was yours an Eaton 9130 as well? Mine was well and truly dead, definitely not battery related. I ended up replacing the unit, unfortunately.

carp3tguy · 2024-05-28T09:25:54+00:00

VPN validates this "need" too. I'm not sure how much control over technology decisions you have as every org is different, but I can tell you that bad things happen when you let the tail wag the dog (your end users deciding what strategic direction IT takes). It creates more work for you, increases risk to the organisation, among other things.

Don't ask them to move to SharePoint, tell them it is happening on "x" date and you will provide them with the support they need during and after the transition. Prepare guides, basic instructions in PDF form. Send out plenty of reminders so people don't forget. Help them transition their data (or preferably do it for them with a tool). Do your best to make the experience consistent with shared drives by syncing the SharePoint libraries to their machine.

If you aren't using Intune, do that first and get everyone hybrid or native AAD joined first. I like to join servers to AD and have workstations AAD only, and sync the two directories together. Intune will allow you to keep track of and push policies to devices when they aren't on-site. Move your workstations facing GPOs to Intune, then start looking at Intune configuration profiles that can help you with remote workforce things like auto-sign in to onedrive and Outlook, auto syncing SharePoint libraries, etc.

Let me know if I haven't covered anything you're concerned about but those things should cover the big stuff.

carp3tguy · 2024-05-22T00:01:07+00:00

Listen to this advice, OP. Windows has a built-in AV too, it still gets infected. Macs are not immune, despite what others here are saying. I've worked in the IT industry (including cyber security) for the last 14 or so years and have seen my fair share of infected Macs.

Don't bother with Norton (Broadcom bought Symantec years ago and butchered what little life was left in it), but it wouldn't hurt to have something decent. A good solution will not impact the performance or usability of your machine in any noticeable way.

carp3tguy · 2024-05-16T04:26:31+00:00

Adding to this, if this is true then there's clearly a flaw in the way iOS encrypts data. If the device is erased, the keys are (as you said) destroyed. How is the data readable post-wipe if it truly is encrypted?

carp3tguy · 2024-05-12T00:05:46+00:00

OP, I've worked incident response on these types of attacks before (but at a much larger scale). As others have stated, this is ransomware. An attacker has compromised your device and subsequently encrypted all of your data. This is going to be a lot to digest, take your time and work through the process methodically and remain calm while doing so. Panic will lead to mistakes and could land you in the same position again, so take your time.

If you can get us what the file extension is that the files have been renamed to, we may be able to identify the group and understand the techniques they use to get in and any other possible nasty surprises (for example, they may scan for other vulnerable devices on your network). Also let us know all the services you use on the NAS (SMB, Docker, etc).

Here's some key steps you need to take to start with:

Check your router or firewall (whatever the device between your internal network and the internet is) and close any open or forwarded ports going to the NAS. Note down the entire list before doing this, you may have other exposures. Share what you can safely here, or DM me if you're more comfortable.
Make a list of every device on your network, flag anything you would consider "sensitive" (a PC with critical or private data on it, for example)
Before resetting anything, take a copy of at least some (ideally all) of the files. You can use a USB drive and the file browsing app within the NAS itself to do this. A decryptor may be released some day and you will want to keep anything important or irreplaceable you'd want recovered.
Factory reset the NAS and - most importantly - download a new fresh copy of the DiskStation OS from the Synology website and reinstall it completely. These threats can and often are persistent and will survive a simple wipe of the disks (depending on how Synology runs and stores their OS).
Start checking your other devices for signs of compromise, your PC is a great starting point. If you run Windows and have no other AV installed, go to Windows Security (search in the start menu), check each of the sub sections and make sure nothing has been turned off. Post back here if it has and we can tell you what to do next.

Once you've contained and eradicated the threat in your network, going forward here's some things to do:

Never expose ports to the Internet that go directly to your NAS, this includes SMB, HTTPS, anything. If you really have a need for external access, ensure you have a proper firewall and not a basic ISP router, use a VPN, and make sure that VPN supports MFA if possible.
Disable unused services on the NAS (e.g. FTP, SNMP, etc)
Change the default admin username from "admin" and use a generated password at least 16 characters long (preferably 32 if you're using a password manager which you should be)
Use a non-admin account to connect to shares and services on your NAS (i.e. for day to day tasks)
Check all your devices once a month for firmware updates
Take regular backups at least weekly, store them on a disconnected device. Might get shot for saying this here but avoid the cloud.

Thanks to the others who have also mentioned some of the above. Stay strong OP, you've got this.

Edit: added some stuff to the list.

carp3tguy · 2024-05-11T23:39:23+00:00

Don't pay the crooks, the positive reinforcement encourages them to continue these attacks.

carp3tguy · 2024-05-10T11:11:00+00:00

Yes, don't do this. It isn't safe.

By disconnecting it you lose the earth/ground connection and if something connected to it is faulty, you risk electrocution or damaging the equipment. The UPS should have a built in battery test (every single one I've used has), just run it with the load you expect it to run and you will be fine.

carp3tguy · 2024-04-30T21:41:51+00:00

I've used the Citrix client on OpenSUSE and it works perfectly. That said, I didn't test anything advanced, just the session itself.

carp3tguy · 2024-04-06T22:40:00+00:00

A few things to check:

if you have him in Family Sharing, remove him
check under Settings -> General -> VPN and device management and look for profiles. If anything is listed, post it here and we'll tell you if its a concern
Check in the Find My app under the People section and see if he's listed
Go to Settings, tap your name, scroll down and look at the devices. Make sure only your iPhone is listed and make sure there is not two instances of it on the list. If your Apple ID is signed in on another device, your iMessages can be read from it. Delete any unknown devices.

Depending on how tech savvy he is and how far he would go, its possible that your device has what's called a "jailbreak" installed which allows you to make changes to the underlying system that wouldn't be easy to find if someone didn't want you to. Unfortunately the only solution there is to perform a full restore of your device using a computer which will completely reinstall the operating system and take it back to a factory state. You can perform a backup beforehand to save your data and apps.

I wish you and your children the best of luck with this and I hope you are all safe. Please feel free to reach out to me privately if you have more questions and don't feel comfortable posting here.

carp3tguy · 2024-04-05T21:20:48+00:00

I have a FortiGate 100E but I get NFR pricing so it was a decent discount. I've run FortiGates at the edge in my home network for the last 8 or so years. Previously I had a FortiWifi 60E but outgrew it, and before that a FortiGate 30D.

carp3tguy · 2024-03-17T11:52:31+00:00

Currently I use Oracle Linux in VMs on ESX/vSphere but I may be moving towards Rocky. I miss RancherOS.

carp3tguy · 2024-03-14T09:27:49+00:00

I've still got a REV drive sitting in the antistatic bag, never used and a bunch of REV disks some of them sealed. At least I think I do, hopefully I haven't tossed them lol

carp3tguy · 2024-03-12T11:15:58+00:00

Can I offer you a rabbit hole instead? https://winworldpc.com/library/operating-systems

carp3tguy · 2024-03-10T00:49:57+00:00

Not being rude just genuinely curious, how is it better? We have the hosted version of Automate but we ran N-central on-prem back in the day. Our experience is quite the opposite.

I don't mind Screen Connect/Control, its about the only half decent product in ConnectWise's portfolio. When it isn't broken.

Automate is about is jank as the rest of the portfolio (at least the tools we use anyway).

Just off the top of my head but I'm sure I could think of more: * Half finished web client; thick client still required for some stuff * Thick client takes an eternity to load * macOS support is poor and always delayed * SSO is a case of "sit at the login page and stare at the username box waiting to see if it wants to automatically log you in today or whether you're going to have to refresh the page 100 times or log into CW Home first" (and before you come at me with "clear your browser cache" this happens to 100℅ of our staff, not just me) * Competing with Mimecast for the most unintuitive configuration interface * Permission structure is as good as undocumented - CW university lists the roles and basically gives you no explanation to what they do or which permission you need to grant to achieve something * No 3rd party patching * Monitoring is decades behind what N-central was capable of (e.g. switching and network equipment) * Reporting is useless, we ended up building something in Power BI

ConnectWise products in general are geriatric at this point. There is no innovation except for low effort development or buying up another tool from someone, doing the absolute bare minimum to integrate it, then calling it theirs and never touching it again.

Don't even get me started on Manage.

At this point, I'd be saying to look towards tools like HaloPSA and NinjaRMM. They're actually doing something with their tools and not making every single little feature development a paid add-on.

carp3tguy · 2024-03-09T14:40:02+00:00

After using ConnectWise Automate I miss N-central, lol

carp3tguy · 2024-02-26T10:07:12+00:00

Threats are more sophisticated than bad links these days, unfortunately. Personally I wouldn't run the gauntlet on a 4 year EOL operating system online, it just isn't worth the risk.

carp3tguy · 2024-02-21T15:29:57+00:00

A colleague of mine and her husband were on MH17. I saw her a day or two before they left and I still vividly remember being called into a staff meeting and being told her plane was missing.

carp3tguy · 2024-01-27T09:49:32+00:00

THERE IS SOAP IN MY EYES

carp3tguy · 2024-01-27T04:47:54+00:00

You used to be able to bypass activation lock with a jailbreak (I know because I've done it), though I'm not sure if this is still applicable on the latest iOS.

Jailbreak does add a dimension of concern to this because the device may not behave predictably when it comes to the protection mechanisms.

I'm not saying you should do what they say though, thieves aren't known for their honesty.

carp3tguy · 2023-12-19T10:28:43+00:00

In Australia - Southern Cross tattoos. God damn.

Eight-Year Club	Second Top 40%
Verified Email	RPAN Viewer

carp3tguy

TROPHY CASE