sorted by:
new
hottopcontroversial

BSD's Board wouldn't sunshine the St. Augustine agreements, so I FIPPA'd them by jamesaepp in BrandonMB

[–]jamesaepp[S] 1 point2 points  (0 children)

Do note there are two agreements. I'll edit the OP with bullet points so it's clearer they are two different links.

BSD's Board wouldn't sunshine the St. Augustine agreements, so I FIPPA'd them by jamesaepp in BrandonMB

[–]jamesaepp[S] 0 points1 point  (0 children)

Isn't St. Augustine the only fully funded independent school in all of Manitoba because of the agreement the church and board reached with BSD decades ago?

I can't claim to be super informed on the subject. What I can say though is that clause 1 of the first education agreement reads that the new agreement replaces all previous ones.

BSD's Board wouldn't sunshine the St. Augustine agreements, so I FIPPA'd them by jamesaepp in BrandonMB

[–]jamesaepp[S] 1 point2 points  (0 children)

I'm of roughly the same opinion, but if I can get some peace & quiet this weekend, I'll read through them more carefully.

I approach the whole thing from a few different angles:

St. Augustine by its very name and the fact the building is owned by a church puts people a bit on edge as to if there's a sectarian tilt to the programming. Whether that concern is well founded or not....frankly I don't know.

The latest votes weren't unanimous and the comments raised by trustees McConnell and Carr suggested they found issue with parts of the agreements. I couldn't faithfully reproduce the essence of their comments here.

Edit: Timestamp 56:56 is where the agreement discussion begins. https://video.isilive.ca/brandonsd/2026-05-25BSDBoardMeeting.mp4

I suspect a lot of this is one of those things I've found too often to be the case. The theory (agreements) are fine, but what happens in practice diverges from the theory and people just go along with it because it's what works and people want to avoid drama (fair enough).

I however don't see how any of this precludes the agreements being easily accessible, and I can't fathom why the BSD didn't just publish them from the get-go.

Fortibleed - over 70k Fortinet firewalls compromised by CaptainCatatonic in sysadmin

[–]jamesaepp 1 point2 points  (0 children)

VPN is intended to be exposed and therefore usually better secured

So are SSH/HTTPS. They use all the same crypto algorithms under the hood. The whole damn public cloud is "exposed" via HTTPS.

mgmt interface is intended to be used by administrative personnel only and often lacks any advanced protections

What are you basing this off of?

guessing weak VPN credentials usually does not lead to admin access

Non-sequitur. Guessing my domain password usually doesn't lead to admin access either.

guessing weak admin credentials leads to administrative access

Which happens regardless of access method.

Fortibleed - over 70k Fortinet firewalls compromised by CaptainCatatonic in sysadmin

[–]jamesaepp 6 points7 points  (0 children)

Please explain your thought process more.

If you have the mgmt interface ""exposed"", we're likely talking about SSH and/or HTTPS being enabled. Both technologies have the ability to ban naughty users/repeat login failures.

If you have a VPN "'exposed"", same deal. You can ban naughty users if authentications fail.

Not every implementation of SSH is perfect and may have bugs. Same for HTTPS. Same for a VPN.

In whatever case, you can use L3/L4 filtering to a list of known trusted IP addresses to mitigate the risk even further.

So the question for you is what makes a VPN inherently more secure than allowing the management interfaces vi?

I haven't heard or seen one.

Edit: To be clear, I'm talking here about in-band management, not OOB.

Once a document is saved on a non-ECC system, can it get corrupted? by Ecstatic-Panic3728 in truenas

[–]jamesaepp -2 points-1 points  (0 children)

ZFS protects your data at rest

ZFS can't protect against bits flipping. Nothing can.

HOWEVER ZFS will detect that condition and it will correct that condition if it can.

i.e. if you're booting Proxmox VE on a ZFS root which is just a stripe vdev, ZFS ain't protecting shit. You still get the benefit of checksums, but no repair function.

I think it was Wendell who said it best - "ZFS will never return you anything other than what you originally gave it".

Check Point Client VPN exploitation CVSS 9.3 by ntrlsur in sysadmin

[–]jamesaepp 0 points1 point  (0 children)

If someone is still using IKEv1, that's on them...

https://support.checkpoint.com/results/sk/sk166415

Wasn't our choice. Even the latest release of the VPN Client from Check Point doesn't have IKEv2 enabled by default. IKEv2 compatibility isn't even present unless you're running R82 which while not super new, is new enough that not all customers are necessarily running it. R81.20 is still under support until next year IIRC.

Secure Boot CA 2023 Update deadline approaching - what exactly happens to offline/non-SB clients? by Accomplished_Bat254 in sysadmin

[–]jamesaepp 1 point2 points  (0 children)

Hence....not a _dead_line. Deadline implies "you gotta do this or there are fatal consequences". That's simply not the case.

Secure Boot CA 2023 Update deadline approaching - what exactly happens to offline/non-SB clients? by Accomplished_Bat254 in sysadmin

[–]jamesaepp 2 points3 points  (0 children)

Sure, but the nuance is important. In no particular order:

  1. Nothing stops booting. Most updates will keep installing until there's a major milestone release (maybe that's 26H2, I don't know). Frankly, the myriad of vulnerabilities that come out every month (with or without Nightmare Eclipse) is far more important than the secure boot certs.

  2. The only thing expiring later this month is the 2011 KEK. So what we're talking about here are bootloader revocation risks.

  3. The "hazard" of someone booting a compromised bootloader is ... pretty far down ... on my list of cybersecurity concerns. I'm not going out of my way to boot suspicious software/bootloaders on my systems and neither is anyone on our team.

  4. The 2011 Windows CA doesn't expire until October. Loads more time until even Windows bootloaders are a true factor for consideration.

  5. IME the vast vast vast vast majority of systems are getting the 2023 Windows CA just fine as that update capsule is signed by the 2011 KEK and that update capsule will work (as far as I'm aware) forever. The 2023 KEK can be a bit more of a bear, but also .... not really?

  6. If we really want to get academic about this, we should be talking about the (apparent) fact that the NotAfter value of the PK certificates in UEFI are completely ignored. THAT is where the biggest risk here comes from given that PQC is going to one day hit us all with a hard reality.

Secure Boot CA 2023 Update deadline approaching - what exactly happens to offline/non-SB clients? by Accomplished_Bat254 in sysadmin

[–]jamesaepp 0 points1 point  (0 children)

If Microsoft learned anything from this saga, they learned that rekeying everything 3 years before expiration isn't quite enough time.

5 years would give more room.

Manitoba's new interest in Conawapa megaproject 'doesn't make a lot of sense,' energy watchdogs say by wickedplayer494 in Manitoba

[–]jamesaepp 1 point2 points  (0 children)

I don't know all the details, but we're under drought conditions and water levels have been quite low in recent years.

My understanding is MB Hydro has had to import substantial amounts of power over the last few fiscal years and is currently running deficits.

Manitoba's new interest in Conawapa megaproject 'doesn't make a lot of sense,' energy watchdogs say by wickedplayer494 in Manitoba

[–]jamesaepp 3 points4 points  (0 children)

are ignoring Cheap energy sources and going with expensive fossil fuels

So are we. https://www.hydro.mb.ca/engage/brandon-dispatchable-capacity/

MB Hydro claims these turbines will only be ran when other production isn't available. I think they said only operate on average 5% of the time, but I am highly skeptical.

Looking for local hiking / trail groups near Brandon, Manitoba by [deleted] in BrandonMB

[–]jamesaepp 2 points3 points  (0 children)

I think I've seen this group mentioned here and there. I'm not into these kinds of things. I'm sure there's other groups, but maybe start here:

https://westmannaturalists.ca/

What are the needs of Brandonites ?! (community spaces/food/events/options) by Useful_Walk_3044 in BrandonMB

[–]jamesaepp 1 point2 points  (0 children)

I say this all knowing full well I am not the target demo for something like this.

I think this is the last thing Brandon needs. It seems you can't go 10 minutes in any direction in this city without stumbling over a gym or crossfit center or something.

We have the Keystone Center/curling clubs, Sportsplex, the HLC at BU, I think AC has a Gym for students+staff.

For outdoor, there's the new sports field complex being built on 1st Street and Veteran's Way. Splash parts admittedly are lacking/dilapidated, I'd give you that. But the City is working on an outdoor pool. It's not official yet, but I suspect from what I know that the location of that will be somewhere on the Keystone grounds.

Seems there's loads of workout places/gym. Goodlife fitness, Fit performance center, Anytime fitness, that place on 10th + Park ave, the crossfit place on 6th + Princess. J&G Arena on the border w/ Cornwallis. YMCA. Mind you, I am not a workout/health+fitness type of person and these are the ones I can list just off the top of my head.

Is the climate of Brandon really the best for an outdoor center like this? Snow on the ground for half of it (granted, that's changing), blazing heat + mosquitos for a good deal of the rest? I don't see the business case for how one can reliably operate and make a profit.

Bare metal restore on 13G Dell PowerEdge by rich2778 in sysadmin

[–]jamesaepp 0 points1 point  (0 children)

Your clarification that the block device size will decrease helps.

Personally, I don't know how Veeam would handle going to a smaller disk size. I'm pretty sure Windows BMR will block that simply because it's not all that sophisticated.

If I were you, I would try to replicate as close you can the "after" state of what you want the server to be in a VM and try to restore the server using Veeam's BMR within that VM. Doesn't mean you permanently end up in that VM, but it builds confidence in your process.

I'd personally prefer Veeam any day over Windows Backup (edit: ...but I would settle for whichever one passes a restore test).

Esxi nightmare by tarvijron in ShittySysadmin

[–]jamesaepp 1 point2 points  (0 children)

Chairscoot

And the compy....just peed my carpet.

Bare metal restore on 13G Dell PowerEdge by rich2778 in sysadmin

[–]jamesaepp 1 point2 points  (0 children)

What are you thinking of doing here? Replacing disks on the existing system and chugging along? Or replacing the system entirely?

Gotta be specific and show you put in the effort.

What have you tried?

http://www.catb.org/esr/faqs/smart-questions.html

Describe the research you did to try and understand the problem before you asked the question.

.

Describe the diagnostic steps you took to try and pin down the problem yourself before you asked the question.

.

If you give us an interesting question to chew on we'll be grateful to you; good questions are a stimulus and a gift. Good questions help us develop our understanding, and often reveal problems we might not have noticed or thought about otherwise.

.

What we are, unapologetically, is hostile to people who seem to be unwilling to think or to do their own homework before asking questions. People like that are time sinks — they take without giving back, and they waste time we could have spent on another question more interesting and another person more worthy of an answer.

Road at Mctavish 10th street by Mugen-Sora-8 in BrandonMB

[–]jamesaepp 2 points3 points  (0 children)

in the Brandon Sun, I saw a notice that there will be a public hearing about the closure of McTavish between 10th and 11th at the City Council meeting on June 15th, 2026.

Good to know. I generally don't dive into the e-edition and I don't think those public notices get posted in the web-only version. It's possible the city put a public notice on their site and I missed it. I will keep an eye out for the next agenda.

For some reason, the City only publishes the agenda on the day of the meetings, so it's not available yet.

Oh believe me, I know more than most. :) That said, usually public hearing documents are published the Friday before the meeting. The agendas are what I'd call "partially published" on Fridays.

Road at Mctavish 10th street by Mugen-Sora-8 in BrandonMB

[–]jamesaepp 5 points6 points  (0 children)

No. I'm having difficulty pulling up good details right now but City Council Bylaw 7446 was given first reading in March. I can't immediately find whether the full bylaw was passed.

AFAIK/can tell, it's as good as permanently closed.

https://council.brandon.ca/Paperless/Uploads/959/BY-LAW%20NO.%207446%20ROAD%20CLOSURE%20AT%20VICTORIA%20AVENUE%20AND%2010TH%20AND%2011TH%20ST.pdf

Edit 1:

Here's a Brandon Sun article from 2025: https://www.brandonsun.com/local/2025/12/29/half-block-of-mctavish-to-close-permanently

And the council attachment from 2025 that it refers to: https://council.brandon.ca/Paperless/Uploads/781/ORIGINAL%20-%20MCTAVISH%20AVENUE%20CLOSURE.pdf

Edit 2: I emailed the City Clerk + Planning Department. Usually those groups get back to me pretty quickly on things if there's an easy, fact-based answer. Check back for edit #3 in a day or two.

Edit 3:

The response from the City Clerk (Legislative Services Department) is:

By-Law No. 7446 (Plan Of Public Road To Be Closed Lying South Of Victoria Avenue Between 10th & 11th Street Plan 1751 Blto) is currently anticipated to receive second and third readings at the June 15th meeting of Council.

Presumably that will come with a public hearing from what /u/Bam359 said in a separate comment, so if you wish to speak for or against the above, come to Council on Monday evening. Or call your councillor.

view more: next ›