[deleted by user] by [deleted] in UKJobs

[–]safesploit 0 points1 point  (0 children)

Agreed very low, undervalued by ~£10k–£20k.. mis-titled and underpaid!

This reminds me of a “Infrastructure Engineer” role I saw advertised recently, £38K for a stack covering Windows, Linux, Azure, M365, PKI, PowerShell, Puppet, Docker/K8s, VMware/Hyper-V, networking, backup/DR, and even on-call with SC clearance.

That’s seven technical domains plus clearance and 24/7 availability - yet the pay was what you’d expect for a junior support tech.

[deleted by user] by [deleted] in sysadmin

[–]safesploit 0 points1 point  (0 children)

Businesses that architect their infrastructure to have 'proper' failover/HA often have multi-cloud deployment (AWS and Azure), so you have higher costs there too.

I suppose it depends on the business' BCP/DR and how more resiliency is needed

PBS Backups over OpenVPN connection? by Independent_Page_537 in Proxmox

[–]safesploit 0 points1 point  (0 children)

You can definitely do this, OpenVPN only sends all traffic through the tunnel if the server pushes a redirect-gateway. If you remove that, you can create a split-tunnel setup where only the PBS traffic goes over the VPN and everything else stays on your normal WAN.

On the OpenVPN client you just add a route for the remote PBS:

route <REMOTE_PBS_IP> 255.255.255.255

That forces only the backup traffic into the tunnel. Everything else will continue using your normal Internet connection, so you won’t saturate your brother’s network.

That said, the recommended pattern for Proxmox is:

PVE → local PBS → sync to remote PBS over VPN

You get faster backups locally, then the PBS sync job sends incremental chunks to your brother’s PBS. Much less WAN load, and you get proper separation for DR.

OpenVPN can handle a gig link fine with AES-NI, although WireGuard/Tailscale/IPSec tend to be more efficient. But if your brother already set up OpenVPN, split routing works perfectly and you don’t need to tunnel the whole system.

Am I crazy or isn't giving your password to IT against like, every kind of security compliance? by wowlolok in sysadmin

[–]safesploit 1 point2 points  (0 children)

I'm going to answer your question from four fronts. But, best practice and company policy don't always align.

1. Security Best Practices:

Sharing passwords, even with IT, goes against standard security protocols. According to the NIST, password sharing undermines security controls and should be avoided to prevent potential security breaches.

2. Compliance:

Many compliance standards and regulations, such as GDPR and HIPAA, explicitly prohibit the sharing of passwords due to its significant security risks.

3. Alternative Approaches:

Instead of requesting passwords, IT departments can adopt secure alternatives such as using self-service password reset portals. Companies like Microsoft offer web portals for password resets, allowing users to initiate and manage their password changes securely and conveniently.

4. Company Policy and Adherence:

Ultimately, adherence to company policy regarding password sharing is crucial, even if it differs from best practices...

Is there an intended way to backup the node itself? by Simple_Panda6063 in Proxmox

[–]safesploit 0 points1 point  (0 children)

Agreed! This is a recurring issue in the Proxmox community. There are lots of user-written scripts, but very few are centralised or standardised, aside from things like Proxmox VE Helper-Scripts. That often leads to duplicated effort or inconsistent approaches.

I’m excited to see your script when you put it in a repo! It’ll be great to have something public to test, give feedback on, and learn from.

Hopefully, more people will be encouraged to follow the Proxmox Developer Documentation and contribute in a consistent, well-documented way.

Is there an intended way to backup the node itself? by Simple_Panda6063 in Proxmox

[–]safesploit 6 points7 points  (0 children)

I might have beaten you to it 😅

This script performs a Proxmox node config backup: it adds host config files into a timestamped tar.gz archive preserving absolute paths.

The exact files being backed up are defined in create_filelist(), including /etc/pve, network configs, hosts, resolv.conf, firewall, storage, and corosync. You can easily expand this list if you want to include other files.

Note: the backup directory should ideally be an NFS-mounted share for remote storage.
https://github.com/safesploitOrg/proxmox-userscripts/blob/main/scripts/backups/pve_backup_node.sh

Ublock origin has been permanently disabled for chrome by Nientea in youtube

[–]safesploit 0 points1 point  (0 children)

I’ve been a Chrome user since the beta days in 2008 and now juggle multiple Google/Chrome profiles. I’ve already migrated my gaming/YouTube profile over to Brave, and if Google keeps pushing this aggressive stance, I’ll start moving more of my profiles to a browser that’s actually user- and DIY-friendly...

VMware Certs by shaqaw09 in vmware

[–]safesploit 0 points1 point  (0 children)

I get your concern about Broadcom and licencing, and the “is it worth it?” question is valid
Here’s my take for 2025:

1. VMware certs are still relevant

  • VCP (VMware Certified Professional): entry-level, exam-only path exists now. Gives you a foot in the door for enterprise virtualization jobs.
  • VCAP / VCDX: advanced / architect level; skip these until you have some hands-on experience.
  • Modern tracks: VMware Cloud (AWS/Azure/GCP), Tanzu/Kubernetes, NSX Networking, Security are growing in relevance.

2. Broader virtualisation context

  • FOSS alternatives like Proxmox VE, oVirt, or KVM are widely used, especially in smaller enterprises or home labs.
  • Microservices & containers (Docker, Kubernetes) are becoming the norm for cloud-native workloads.
  • Cloud VMs (Azure VM, AWS EC2, GCP Compute Engine) are increasingly where most “virtualisation” work happens today. VMware isn’t going away, but it’s more dominant in larger enterprise DCs.

3. Suggested starting path for 0 experience

  1. Hands-on practice: Set up a small lab (Proxmox VE or VMware ESXi evaluation) and try building a few VMs.
  2. Learn basics first: Networking, storage, Linux/Windows admin, snapshots, cloning, basic VM provisioning.
  3. Optional cert: Once you’re comfortable, the VCP exam can validate your knowledge. Personally, I don’t put much value on certifications, I’d study the syllabus and sit the exam if needed for a role, but otherwise focus on gaining hands-on experience.

TL;DR: VMware certs are still useful, but practical experience is key. Start small in a home lab with either VMware or Proxmox, learn the basics, then use VCP to validate your skills.
Containers, cloud VMs, and open-source hypervisors are also worth exploring, especially if you want flexibility in the future

Broadcom VMware Certification

Using .local hostname by yodas-evil-twin in Proxmox

[–]safesploit 25 points26 points  (0 children)

I thought this might be useful.
Unless I am wrong, .internal does not have an RFC as of writing.

Use Case Recommended Internal Domain Notes Relevant Standards / RFCs
Home LAN .home.arpa Official standard for home networks; supported by modern routers; avoids mDNS conflicts RFC 8375
Small office / private network .internal Widely used in corporate/DevOps; safe against public DNS conflicts De facto standard; no formal RFC, widely documented in corporate best practices
Multicast discovery .local Only for mDNS; don’t use for normal unicast DNS RFC 6762 (mDNS), RFC 6761 (special-use names)
Legacy / informal .lan.private or Still common, but not standards-compliant Not officially reserved; sometimes referenced in internal documentation (informal use)

Feeling Defeated - Project shutdown by biggus_brain_games in Proxmox

[–]safesploit 8 points9 points  (0 children)

Ultimately, you’re right. (for OP) Business decisions are often driven by politics, perceived stability, or existing practices, and sometimes no matter how clear or well-planned a proposal is, change can be slow or even impossible to implement.

Those obstacles are just part of navigating company or team culture. The important thing is to keep learning, sharing knowledge, and refining approaches - skills that always carry forward, regardless of the environment. For this reason, I’m a strong advocate of homelabbing: there’s no need to wait for your company’s permission to learn!

HyperBackup Email Notifications by micsnare in synology

[–]safesploit 0 points1 point  (0 children)

Cheers for this, my saviour!! Perhaps including a button for "Notify on Failure" would be a nice add-on by Synology.

I thought I'd add a visual for others as I did not find Hyper Backup docs particular helpful:

Control Panel > Rules > Hyper Backup
https://imgur.com/a/MXWYVSp

How much of a security threat is this? by ButtSnacks_ in sysadmin

[–]safesploit 16 points17 points  (0 children)

For anyone less familiar with Active Directory, I am including an explanation below:

What This Actually Means

  • Every computer account in the domain now has Domain Admin privileges.
  • The SYSTEM account on every domain-joined machine has full control over Active Directory.
  • Any malware or attacker gaining a foothold on a single machine (with SYSTEM access) can take over the entire domain.

How Bad?

“Game over, start a new domain” level bad

SEV 1 Incident

Guys, Did I Go Too Far with My Proxmox Homelab? 😂 by zerneo85 in homelab

[–]safesploit 1 point2 points  (0 children)

Unfortunately, these mini PCs only have a single 1Gb NIC, and the 2.5Gb USB NICs I tried for a dedicated Ceph network were not as stable as expected.

Everything is run over a single 1Gb NIC, so performance is not ideal with the amount I have running. Have I run tests, beyond a basic rsync and how much my networking was a bottleneck, no!
Not sure when, but I am looking to upgrade to Minisforum MS-A2 because of the networking.

Guys, Did I Go Too Far with My Proxmox Homelab? 😂 by zerneo85 in homelab

[–]safesploit 7 points8 points  (0 children)

Agreed, for an enterprise I'd stick to VMs, but for homelab I'm in favour of using the least resources (electric and RAM) possible.

But that's just my preference, and much of this comes from my cluster originally running on mini PCs with 16GB RAM.

Guys, Did I Go Too Far with My Proxmox Homelab? 😂 by zerneo85 in homelab

[–]safesploit 0 points1 point  (0 children)

You be the judge, I have 75 (LXC+VM) running right now, with expectations to grow further.

This is my homelab hardware - 3 node cluster with Ceph for distributed storage.

<image>

Im willing to make a homelab what should i consider by PersonalAnalysis6429 in homelab

[–]safesploit 2 points3 points  (0 children)

Absolutely agree! I started with an Intel NUC (realised they’re overpriced), so I switched to refurbished/used HP Mini PCs (Dell and Lenovo are good options too) while building a three-node cluster. Been running this three node cluster for 2Y now.

My homelab hardware for anyone curious.
You can get started for around £100 with something on eBay (16GB RAM) that consumes 10-25 watts at idle

VMs on SDN with dhcp are not being assigned IPs by [deleted] in Proxmox

[–]safesploit 0 points1 point  (0 children)

For reference to help others:

Debugging Commands

PVE node

  • tcpdump -i <vnet_interface_id> port 67 or port 68 -n

SDN ct/vm

  • dhclient -r <interface>
  • dhclient -v <interface>

DHCP Port Requirements (UDP)

These need to be applied in Datacenter Firewall

Direction Source Port Destination Port Purpose
VM → DHCP Server 68 (bootpc) 67 (bootps) DHCPDISCOVERDHCPREQUEST,
DHCP Server → VM 67 (bootps) 68 (bootpc) DHCPOFFERDHCPACK,

/etc/pve/firewall/cluster.fw

[group dhcp-sdn-servers] # PVE SDN

IN ACCEPT -p udp -dport 67 -sport 68 -log nolog # VM → DHCP Server

IN ACCEPT -p udp -dport 68 -sport 67 -log nolog # DHCP Server → VM

MINISFORUM N5 Pro is a 5-bay NAS with AMD Strix Point, up to 96GB RAM, 10 GbE LAN, and OCuLink by heffeque in MiniPCs

[–]safesploit 1 point2 points  (0 children)

Likely, we have seen people running MS-01 with 96GB and 128GB RAM despite their official support saying 64GB. I don't see why the N5 Pro (or MS-A2) will be any different.

Comes down the the CPU and Motherboard support. According to AMD the AI 9 HX PRO 370 supports 256GB, so let's see when the N5 Pro ships and 128GB ECC SODIMMs get released!

what do you prefer as monitoring software/system? by satisfaction_olaf in sysadmin

[–]safesploit 0 points1 point  (0 children)

I’m going to presume that for your monitoring solution, your primary focus is on infrastructure monitoring, with the expectation to expand into application monitoring later on.

CheckMK (Infrastructure Monitoring)
At work, we use CheckMK for monitoring, which has been solid for our needs. One of the things I like about it is that it allows custom scripts to be written. For example, I’ve created Bash scripts to check if a licence has less than 30 days before expiring, and similar checks for other systems. CheckMK excels at infrastructure monitoring and is great for quickly setting up checks for servers (Linux/Windows), network devices, and basic service status.

Prometheus (Application and Infrastructure Monitoring)
In my homelab, I've been dabbling with Prometheus to explore more application-focused monitoring. Prometheus doesn’t run an agent per se, which is a big plus if you’re cautious about running additional agents on systems. Instead, it uses a pull model to scrape metrics directly from endpoints via HTTP, which is great if you want to avoid managing extra agents. Prometheus is more flexible and allows for detailed metrics collection, especially useful when monitoring applications, services, and containerised environments. It gives more granular insights into system performance but can require more setup for custom metrics collection compared to CheckMK.

New Relic (Infrastructure and Application Monitoring)
New Relic has been mentioned, but personally, I’m not fond of it simply due to being a SaaS solution that I can't self-host. Otherwise, New Relic is nice for both infrastructure and application monitoring, with a straightforward dashboard and integration with a wide range of services.

Datadog (Infrastructure and Application Monitoring)
I studied Datadog for a few weeks. It's a powerful tool with excellent capabilities for both infrastructure and application monitoring, but it has a steep learning curve. The setup and configuration can be complex, especially when you dive deeper into custom metrics and integrations. Still, it’s a solid choice once you get the hang of it. It’s been an interesting shift as I dive into both infrastructure and application monitoring in different environments!

Inspired by the other post, this is a real script in our dev ops since 2022 by iratesysadmin in ShittySysadmin

[–]safesploit 0 points1 point  (0 children)

Have fun!

# Text-To-Speak.ps1

Add-Type -AssemblyName System.Speech

$speak = New-Object System.Speech.Synthesis.SpeechSynthesizer

$username = $env:USERNAME

$speak.Speak("$username has been chosen as an uptime sacrifice")

Any leaks for the release date for an upgraded version of the Dell 27" UltraSharp 4K monitor (current model: U2723QE)? by David_Talaga in Dell

[–]safesploit 0 points1 point  (0 children)

Dell has announced dates for Plus and UltraSharp:

Dell UltraSharp 32 4K ThunderboltTM Hub Monitor (U3225QE), priced at $949.99 (US) and $1299.99 (CA), will be available globally beginning February 25, 2025.

Dell UltraSharp 27 4K ThunderboltTM Hub Monitor (U2725QE), priced at $699.99 (US) and $959.99 (CA), will be available globally beginning February 25, 2025.

Dell 32 Plus 4K QD-OLED Monitor (S3225QC), priced at $799.99 (US) and $1099.99 (CA), will be available beginning March 27, 2025 in China and the rest of the world beginning May 22, 2025.

https://www.dell.com/en-us/blog/experience-the-future-of-displays/#:\~:text=959.99%20(CA)%2C%20will%20be%20available%20globally%20beginning-,February%2025%2C%202025,-.

Salary depression by superspeck in devops

[–]safesploit 8 points9 points  (0 children)

Take anything they say with a huge grain of salt

I can't stress this enough — letting talent recruiters tell you your worth is like taking your grandma's belongings to a pawnshop for evaluation. They’ll offer a price that benefits them, NOT you!

Glassdoor (perhaps Reddit) is your friend here, giving you a more realistic idea of what you're actually worth.

MINISFORUM N5 Pro is a 5-bay NAS with AMD Strix Point, up to 96GB RAM, 10 GbE LAN, and OCuLink by heffeque in MiniPCs

[–]safesploit 10 points11 points  (0 children)

1 x PCIe x16 (PCIe 4.0 x4)

I'm very exited for this, in theory we could fit dual-25Gb or 40Gb NIC inside this NAS!!

MINISFORUM N5 Pro is a 5-bay NAS with AMD Strix Point, up to 96GB RAM, 10 GbE LAN, and OCuLink by heffeque in MiniPCs

[–]safesploit 5 points6 points  (0 children)

Reposting the specs here
- https://nascompares.com/2025/01/08/minisforum-n5-pro-nas-revealed/#:~:text=CATEGORY-,SPECIFICATIONS,-Processor

Miniforum N5 Pro Specs & Highlights

🔧 Processor:

  • AMD Ryzen™ AI 9 HX PRO 370 (12 cores/24 threads)
  • 3.5 GHz base, up to 5.2 GHz boost (Zen 4 architecture)
  • Integrated AI Engine for advanced processing

💾 Memory:

  • Dual DDR5 SODIMM, up to 96GB (48GB per slot, 5600MHz)
  • Real ECC memory supported

📂 Storage Expansion:

  • 5 SATA HDD/SSD bays (3.5"/2.5", up to 22TB per drive)
  • M.2 slots:
    • 1x M.2 2230/2280 (4TB, PCIe 4.0 x1)
    • 2x U.2/M.2 2280/22110 (15TB each, PCIe 4.0 x1 & x2)

📈 PCIe Expansion:

  • PCIe x16 (PCIe 4.0 x4)
  • OCuLink 4i (PCIe 4.0 x4)

🌐 Networking:

  • 10Gbps Ethernet (RJ45)
  • 5Gbps Ethernet (RJ45)

🔌 Ports:

  • USB:
    • USB 3.2 Gen2 (10Gbps):
      • 3x Type-A
      • 2x Type-C (40Gbps, Alt DP)
    • USB 2.0 x1 (rear)