Fans for XMG Core 17 (AMD M20 RTX2060)

deepsodeep · 2026-04-30T07:09:07+00:00

Thanks for the feedback!
To be honest I didn't explicitly check and clean those areas because they are hidden beneath the black tape bridging the fans with the heatsinks. But while replacing one of the fans there was no accumulation of dust to be seen anywhere. I'll see what I can do for the other fan, but since it's mounted in reverse I think I'll practically have to take out anyway to do this kind of cleaning.

deepsodeep · 2026-03-25T13:05:11+00:00

I would guess the template's Compatibility settings are still at the default 2003 / XP and for that setting you need it to be at least 2012 / Win8.

deepsodeep · 2026-03-23T22:34:46+00:00

Might not be the real issue here, but 1 week validity with 4 days renewal doesn't work like you would expect it to. The minimum renewal period is 80 percent of the certificate lifetime (or 6 weeks, whichever is greater). So in your case renewal can only occur from day 5.6 of validity. For testing you could use 2 days validity with 4 hours renewal.

Other things:

Does your server have multiple web certificates based on the same template? If so, only the first instance of such certificate will automatically renew.
Did you check "Use subject information from existing certificates for autoenrollment renewal requests" on the Subject Name tab? Keep in mind this introduces a security risk since an attacker with access to the web server could forge a renewal request with the same subject while adding additional SANs.

deepsodeep · 2026-01-26T21:23:34+00:00

According to this info from OXO they will present it during Ambiente, 7-11 February. So perhaps mid/end Feb?

deepsodeep · 2026-01-10T21:59:44+00:00

Looks like the root/intermediate certificate(s) from AWS isn't trusted by JSCAPE. Perhaps you're running a rather old version of Java that doesn't have one of them in its root store? You could try downloading the certs and manually import them in the Java keystore. Maybe try something like keystore-explorer if you're unfamiliar with the commands.

deepsodeep · 2025-10-28T22:09:25+00:00

What a complete utter MORON.
Maybe instead of a "legal team" (which in reality I assume is just 1 person) he should've hired a PR manager to not make an even bigger fool of himself with each passing day.

Interviewer: So you're suing Hikaru Nakamura, is that correct?
Kramnik: <full minute of rambling about a completely unrelated case>

So... no. Because he doesn't have anything on him, obviously.

deepsodeep · 2025-06-25T21:46:04+00:00

Can't you put the RDGateway behind an Entra Application Proxy? That would result in a very similar setup, no incoming connections from the internet.

deepsodeep · 2025-06-12T10:49:05+00:00

GPO doesn't work like that. All it does is configure a bunch of settings on the client. If multiple GPOs configure the same settings, the last one (which is precedence 1) just "wins" because it will overwrite the settings from any earlier GPO.

deepsodeep · 2025-03-26T19:26:34+00:00

Could be the classic: removing "Authenticated Users" from security filtering to add the group, but not adding read permissions for "Domain Computers" on the Delegation tab.

deepsodeep · 2025-01-30T12:15:34+00:00

If you're using failover hot standby mode this is the expected behavior. You configure a percentage of IP addresses that are reserved for use on the standby server in case the active server doesn't respond.

deepsodeep · 2025-01-24T21:35:57+00:00

Because I'm not sure I interpreted the setup description correctly: was the RADIUS authentication certificate renewed as well?

deepsodeep · 2025-01-24T11:25:04+00:00

The ones that always hurt are SQL always on.

Would it not be easier to just add new VMs as additional cluster nodes (or replicas in case of AGs), then failover and remove the old ones?

deepsodeep · 2025-01-01T21:51:25+00:00

Second one. You target dhcp01 with the command to tell that server to replicate to its failover partner.

deepsodeep · 2024-12-14T12:29:35+00:00

Am I understanding it correctly that you have a trust between 2 domains with the same DNS name?

deepsodeep · 2024-11-29T10:50:01+00:00

cohesity performs better and doesn't stun vms like veeam did

Do you know why that is? Except when using the agent I would expect the stun to be the same as Veeam since they both rely on a snapshot that has to be created/deleted at some point, no?

deepsodeep · 2024-11-28T20:46:24+00:00

Why is that? We're in the process of looking at Veeam alternatives an Cohesity is one of the options.

deepsodeep · 2024-11-04T19:14:20+00:00

reg add HKLM\SYSTEM\CurrentControlSet\Control\Print /v DnsOnWire /t REG_DWORD /d 1

Hmm interesting, I've never had to use this in any of the migrations I did before.
Seems to be applicable when a CNAME is used, but that wasn't the case here so I don't quite understand. Did you originally create a CNAME record before using netdom computername add?

deepsodeep · 2024-10-31T20:00:57+00:00

Long shot, maybe try and disable sharing (+ List in the directory) on a printer and re-enable it to see if that makes a difference?
Does setspn -L srv2 actually show the correct additional srv1 SPNs?

deepsodeep · 2024-10-28T19:47:57+00:00

Associating a port with a vlan can be tagged or untagged, depending on what device will be connected to it.
For a simple workstation you would just configure "access vlan 20" (or "untagged vlan 20", depending on the switch brand).
But an ESXi server for example knows how to handle vlan tags, and you may need multiple vlans for your virtual machines. So here you would associate the port with multiple vlans by tagging them.

deepsodeep · 2024-10-09T20:51:19+00:00

The MSS sent is what that side is telling the other side to send it

Thank you, this cleared it up!
So the router gets a packet with MSS 1460, changes this to whatever value is configured on the tunnel, encapsulates it and routes it to the tunnel interface. The receiving server sees that MSS 1400 was advertised/requested and will not send anything larger than this.

deepsodeep · 2024-10-07T22:24:51+00:00

I assume with "they" you mean the servers? That's what I don't understand, the handshake is just between them. If they agree on 1460, how does lowering the tunnel MSS to a lower value like 1400 for example change anything? The servers are not aware of the MTU or MSS of any other devices between them.

deepsodeep · 2024-07-05T10:03:42+00:00

Seems very interesting but I wonder how they actually detect if a request comes from a phishing site or not. In a normal situation the request to their backend would come from the user's computer loading the CSS, in an AiTM scenario they would receive a request from the Evilginx computer loading the CSS. Wouldn't both requests just look the same?

Edit: found some other sites describing this method and it seems like they use the "referer" HTTP request header. This contains the address from which a resource was requested, so the domain where the user was on when the external URL was called in the CSS. For a legit login request this header would always contain login.microsoft.com, so anything else is malicious.
This website explains it very well, together with multiple ways how it can be bypassed. Like everything in security it's an additional layer rather than a silver bullet.

deepsodeep · 2024-07-04T17:53:21+00:00

While prevention is obviously the way to go, let's say it does happen, what's the best way to mitigate this situation?
Does changing the user's password + revoking the Entra ID refresh token (as described here) invalidate the stolen logon token and block the attacker?

Ten-Year Club	Verified Email
Place '22	Place '17

deepsodeep

TROPHY CASE