scottyseng

This was even worse than it looked before.
 
https://arstechnica.com/information-technology/2023/02/lastpass-hackers-infected-employees-home-computer-and-stole-corporate-vault/amp/

Because they are nearly twice the cost of EPYC CPUs that have more cores and are also limited to 2 socket. One of the things Intel still had over AMD was 4S and 8S options, which still exist just not with Xeon Max.
 
It's just as bad on the cheaper range of Xeons like the Gold series, 25% more for equivalent server configurations.
 
HPE DL325 (Baseline): 7713P, 512GB RAM Dual M.2 Boot, 2x 2p 25Gb
HPE DL365 (Baseline +7%): 2x 7543, 512GB RAM Dual M.2 Boot, 2x 2p 25Gb
HPE DL360 (Baseline+25%): 2x Xeon 6338, 512GB RAM Dual M.2 Boot, 2x 2p 25Gb
HPE DL365 (Baseline +50%): 2x 9354, 512GB RAM Dual M.2 Boot, 2x 2p 25Gb
 
Quote 2 days old. I need a reason not to go AMD here at 25% more cost to be able to achieve the same ESX host capacity. Mind you EPYC 9004 suffering from even worse value.
 
At $13k for the top Xeon Max with 56 cores where as EPYC3 comes in at $7k/$7.8k for 64 and EPYC4 $9k.
 
Xeon 6338: $3k MSRP
EPYC 9354: $3.4k MSRP
EPYC 7543: $3.7k MSRP
EPYC 7713P: $5k MSRP
 
As you can see by my above actual server quotes the pricing of server CPUs isn't even close to the list MSRP people can see online. The Intel DL360 should be the second cheapest behind the DL325.
 

Why hardware RAID?
 
You have to make sure the RAID HW card is going to be around when the card breaks or just buy a spare.  If you can't, all that data probably can't be accessed since you generally need the same HW RAID card to access the data on the storage drives.  Unless there's a really good reason to get a HW RAID card, it's another point of failure that can potentially leave you without access to the data on the drives.   HW RAID can be good, but especially for one off type of projects, they can do more harm than good.   I'd seriously ask the question if adding another point of failure (which can leave you unable to access your data) is worth the benefit you get from it.

It's generally a bad idea to type your password into random sites that may or may not be saving it, and don't tell everyone information such as how long your password is. Going through every password that is 1-15 characters takes a long time. Going through all passwords that are specifically 15 characters long takes way less time. 

I heard about this on the WAN show and signed up to the forums just to comment.  I ditched last pass when they tripled their pricing but introduced no new functionality and moved to Bitwarden.  Open source and a proper free tier (even though I pay).  Luke discussed LMG ditching last pass for something new.  Our enterprise sized company moved to Bitwarden for all our IT staff.  Bitwarden allows self hosting with an enterprise licence which was a deal maker for us as we always retain data sovereignty.  We previously used KeePass but managing multiple users was a pain, Bitwarden is much better for this.
 
I'm not trying to do a sales pitch for Bitwarden but it really is that good.  Enterprise grade, open source, sovereign password manager.  I really don't know where the gotyas are.

Use the forgot password option on websites to set a new password. Inconvenient but not a huge issue. Forgetting your passwords is no where near as bad as somebody else having your passwords and access to your accounts.

I wonder how many read the articles regarding this, vs just jumping to conclusions based on their preconceived notion about the situation.
 
People are spending less time at home so as a result, fewer people are buying gaming stuff.
With ever increasing inflation and many people having unsure financial futures, people are less likely to spend money on frivolous things like gaming.
This is happening across the industry, not just Nvidia and their gaming graphics cards.
A large amount of people bought computers at the start and during the pandemic. As a result, the sales are no longer as spread out.
 
 
There are several other factors at play as well, and this is not something that is exclusive to the GPU market.
It's very rare for such a big change to the market to be caused by a single thing. It's a very complex system with lots of different variables.

Really nobody yet.. fine
 

 
 

Summary
 
In the previously mentioned breach in August, Lastpass mentioned encrypted data was downloaded but still secure. However, this recent update states the breach is worse than expected as actors can brute force decrypt the copied backup vaults that were removed out of their Lastpass secured cloud containers. Lastpass is advising users to reset and update all passwords, especially the master password.
 
Quotes
 
My thoughts
As a Lastpass user myself, this is quite unsettling news compared to the original news about the breach back in August. I'll be resetting and moving all of my passwords to Bitwarden. I was in the process of doing so but with this recent update, I'll have to rush start that process. This is mainly a warning to any fellow Lastpass users like myself, or even former users, to start changing passwords immediately.
 
Sources
https://arstechnica.com/information-technology/2022/12/lastpass-says-hackers-have-obtained-vault-data-and-a-wealth-of-customer-info/
 
https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/

Summary
EU now proposing a new battery rules to make batteries easier to remove and replace.
 
Quotes
 
My thoughts
 Given how much pull the Type-C charging rules caused globally, this might just be the thing to return "replacable batteries" to a lot of devices that pretty much get recycled or landfilled once the battery no longer holds a charge. Me, personally I wish to see a standard type-C PD battery, or at least a "battery module" that can take LiPo or whatever other battery chemistry comes along that speaks PD. 
 
Sources
 https://www.europarl.europa.eu/news/en/press-room/20221205IPR60614/batteries-deal-on-new-eu-rules-for-design-production-and-waste-treatment
https://battery2030.eu/research/roadmap/

Didn't we use to have a thread about the data breach? I am looking for it right now because I talked about the implications of someone obtaining the database. But the thread seems completely gone. Did some mod delete it?
 
Anyway, whether or not how big of an issue this is depends on a few things.
1) How strong your master password is.
2) The specifics of how LastPass has implemented their cryptography.
 
 
I am really not a fan of how silent LastPass seems to be about how their service works and what has happened. For example they mention that some parts of the database is not encrypted at all, and that the hackers have obtained that, but they don't mention which parts aren't encrypted more than the URLs not being encrypted. That is a pretty massive oversight if you ask me. I don't really get why they wouldn't encrypt everything.
 
 
I couldn't find anything about whether or not the unencrypted information can be used to tie a database to someone. If for example the email address used to login is part of the unencrypted fields then all of a sudden the attacker can search for email addresses and see all websites that person has saved credentials for. It also makes a targeted attack very likely.
Is the master password hint/reminder part of the unencrypted fields? 
 
Also, why did it take them about 4 months to announce this?
 
 
 
My recommendation to everyone is to change your passwords (all of them) and if you are a paying LastPass customer, migrate to BitWarden. They seem more open and doesn't lock basic features behind a paywall.
 
 
 
Edit: I tried to look at their security audit to try and find details about their format, but it seems to me like they don't actually do security audits of their code.
The security audits they publish on their website is about their organisation. Their audits does not seem to actually inspect the code and look for vulnerabilities, but rather it looks at things like "are employees allowed to make changes to the code at will", "does the office have locks on the doors", "do different employees have different privileges". Those are all good things to check, but I don't think that's what people expect when they hear that LastPass has third party security audits.
 
Here is the latest LastPass audit.
 
Here are the audits BitWarden does contrast. They also have SOC 3 compliance report (since those things are important), but in addition to that they have reports such as their security assessment and network security assessment reports, where a third party firm actually looks at the source code (and network), tries to exploit it and then presents the findings in a transparent report. It actually lists the vulnerabilities found, if they were fixed and the code for the fix (in the cases that was needed).
I think that's what customers think of when they hear a third party security audit. 

that's kind of worse than just getting rid of it completely.

Wait, this is an option?? 
 
*warms up his ban hammer*

Since you asked for people with experience in Enterprise networking, I thought I'd say that I work as a networking consultant at a fairly large MSP/VAR.
 
I think it is hard to give good recommendations without a visit and getting to know the company, since the recommendation will vary greatly depending on the local IT-team's experience, budget, the location, what other features are requested, and so on.
But I thought I'd throw in some contenders and my thoughts about them to hopefully give some guidance.
 
 
Ubiquiti - Personally, not a fan outside of pretty small deployments. I would not really classify them as "enterprise equipment" but rather as a brand for hobbyists and "prosumer". They got some stuff that is fantastic, like their point-to-point links are great, but for firewalls, switches, and Wi-Fi stuff it feels like they are fairly barebones in terms of features, can be a bit difficult to troubleshoot, and I haven't heard great things about their support. Two big benefits is that they are really cheap for what you get, and it seems like you already have some experience with them which helps a lot when it comes to managing it.
 
Cisco - I'd say Cisco is the crème de la crème when it comes to wireless. They are not perfect, and they are pretty pricey, but the C9115 has worked really well in the smaller deployments I've configured and managed. Convert one C9115 into EWC and use that as your controller. Fairly simple GUI to manage it as well compared to their old AireOS (which I hate). 
 
Fortinet - I've only recently started working with Fortinet's access points but so far I am liking it. They require some tweaking to get working well though. The controller can be installed on a server, but I would strongly advice you get a Fortigate (their firewall product) and use that as the controller if you are going the Fortinet route. The Fortigate is a fantastic firewall. Pretty cheap too and integrates really well with the Wi-Fi. Please note that the 40F FortiGate only supports 8 APs in tunnel mode. So I would recommend getting at least a 60F. The price difference is usually not that big.
 
Aruba Instant On - Haven't tried it myself but I have heard lots of good things about it from colleagues. It's basically Meraki, but without the license fee. Please note that there are some limitations such as I believe 25 devices (25 APs, switches, gateways etc) per "site", and I believe a maximum of 22 VLANs. I believe Aruba implemented this limit in order to avoid large companies just buying these devices and deploying hundreds of them in large organisations. They have a different series (that do require licensing) for that type of deployment.
 
Meraki - Great UI. Super easy to use. Very solid performance. Horrible licensing cost and terms.
 
 
These days whenever I get asked to upgrade someone's SMB network I generally start by recommending Meraki, because I know their local IT team will like it. It's easy to use and offers great visibility for troubleshooting. But usually the customers are put off when I explain the licensing. After that, these days I then go on to recommend Fortinet. Price wise they typically end up being about the same as Meraki, but requires no licensing and the firewall is typically like 10 times as powerful (for the same price).
If they still think the price is too high, I might recommend Ubiquiti, but only if they are a smaller establishment. If I had some experience with Aruba Instant On I would probably recommend that before Ubiquiti.
Those are my go-to three tiers of recommendations.

This sounds fantastic but I'll be cautiously optimistic. 
The news sounds like it could leave some room for Apple to still (in my opinion) mess things up. If they implement this well then the likelihood of me buying an iPhone just went through the roof. 
 
The news about opening up some APIs is also wonderful. I think it's kind of crazy that Apple were allowed to block other apps from doing things like contactless payments. Microsoft got slammed for hiding APIs in the 90s and 00, and that was arguably less bad than what Apple has been doing. 
 
Oh and it sounds like Apple also confirmed that the next iPhone will have USB-C as well. About damn time. 

This is good news, so long as Apple finds a way to minimize the Wild West that sometimes defines Android. I've long thought that Apple could allow sideloading by requiring a developer signature like you can use for Mac apps. App turns out to be malware or illegal? Apple can shut it down at the drop of a hat. We'd just want to be sure that Apple has a genuine laissez-faire approach where it only revokes access when necessary.
 
One safe prediction: the Anything But Apple camp will still find a way to complain after this. Not to say that Apple doesn't have other significant problems, but I'm convinced some folks would paint Apple as evil incarnate even if it open-sourced iOS and sold $200 iPhones that were made in US factories by workers sipping peppermint lattes. That is, it's less about any wrongdoing than cheerleading for one side to "win."

A great thing for customers, to be sure, and a great feature to have. I still don't think I support it being legislated. Apple should have the right to restrict their own product how they like. 
 
What's the defining line? Why am I not entitled to sideload onto my smart TV? Is it just because those are free apps and Samsung isn't directly profiting from the apps? (assuming they aren't). 
 
Or (and obviously this would never happen, but) what if they decided to just end 3rd parties from creating apps at all? Only 1st party apple apps now. Would that be allowed? 
 
It's all a little odd to me. 

Not this forum or me?

 
haha 🙃

It has never been an issue to get stuff from Japan if you want it bad enough. The issue is the software. Japanese vtubing software tends to have english UI's, but they're still overcomplicated messes.
 
Presently, if you want to be a 3D Vtuber, your options are:
VSeeFace (No longer works as of Nvidia 526 drivers)
3Tene
VUP
 
Of these software products you need at least the following hardware:
- a webcam (for the worst experience) for face, body or hand tracking  (pick ONE)
- an iPhone X or better (for the best experience) for face tracking
- motion trackers (most common are vive trackers) for body tracking
- finger-hand tracking (done via a separate specialized camera unit, eg leapmotion)
 
No HMD. You're not going to wear a VR HMD unless you're playing VRChat, or Beatsaber. You're not going to buy the Meta Quest Pro to be a vtuber, it just doesn't make sense to spend that much money for what amounts to just a head tracker that can't even track the lip/jaw and eye/brow movement.
 
Vtubers who have money to burn on a full body setup will skip the trackers and go straight to a mocap suit. The problem with going this route is that while the suit itself might actually be fairly cheap itself, the software is not, and mocap software is some of the worst subscription BS there is. At least two English-speaking vtubers are known to use full body setups with mocap suits (Eg CodeMiko and Project Melody), and even then, most vtubers would rather use more detailed Live2D models than janky 3D models with full body when they spend most of their time sitting in a chair. 3D tracking is 
 
What would be the real break through piece of tech would be combining trackers with a stereo webcam that can track the face, body and fingers. Because, relying on Apple to not change the face tracking is still a gamble (and Apple has degraded the face tracking on iOS 15.x) Like Intel's RealSense could have had traction here, but they've abandoned the product.
 
A common joke in the Vtuber community is having people go "Why don't you use the kinect?", which the answer is "What Kinect?", As Microsoft discontinued it long before anyone got into Vtubing, and the Kinect never actually did good face tracking (20 params vs 52 in ARKit,) only some rudimentary body tracking. The Azure Kinect is essentially unusable.
 
Pretty much among the vtuber community, If anyone uses trackers, they use the vive trackers, and they're not great, because they break easily. We're kind of in this neutral position where the price of trackers has gone down, but the quality hasn't gone up, and the software needed to use trackers is still not great. The problem here, is that these trackers use the phone, which means to use these trackers to use with face tracking would require a second mobile phone, which is a non-starter for most people. 
 
The rokoko mocap suit costs $2500, the Perception Neutron suit is $4000-7500, and these are so extremely far out of the cost range for all but maybe 10 vtubers in the world. A $350 set of 6 trackers is cheap compared to $160 per tracker for the vive trackers.
 
But ultimately if you're seriously into vtubing, you need to be willing to spend $5000 on the model alone. Most people doing vtubing right now are either:
 
2D using Vtube Studio and an iPhone
2D using Vtube Studio a webcam (with or without nvidia RTX broadcast)  
3D using VSeeFace
2D or 3D using 3Tene Pro
2D using PrprLive
2D or 3D using VUP
 
If you're unwilling to spend money on the model at some point, then buying the hardware that has no other purpose is pointless. Sure, you can use the VR trackers for VR, but if you didn't buy the VR HMD, the trackers have no other actual use. Sure you can use it to maybe record motion data for video games, if you're developing a video game. But most of the uses of full-body tracking involve puppeting an existing model you have the rights to use. So unless you're willing to spend money on that (or design one yourself) buying "just the trackers" doesn't have much utility.
 

Well, if you just want more ports, there are PCI express sata port cards or HBA cards that will give you a lot of ports.
 
If you want RAID though, yeah, you will need a RAID card. I can vouch for LSI, my 9260-8i CV has been running like a tank since I bought it.
 
Realistically though, you're looking at probably $500+ for a decent LSI MegaRAID card with the battery backup module. Mini-SAS to four Sata breakout cables are usually $20-25 a piece.
 
What RAID level are you looking at for how many drives? For my LSI MegaRAID card, RAID 0, RAID 1, and RAID 10 are non expandable. So you can't add drives to it later on. RAID 5 and 6 are.
 
Keep in mind, the larger the array, the longer the creation time will be. My RAID card took 7 days (24/7) to build my array, which is four 4TB drives in RAID 10 (Two drives per array). Your PC has to be on constantly during the build time if you are using RAID 0, 1, or 10.
 
I would take the hit and use only RAID drives, like the Western Digital Red lineup or any enterprise drive.
 
If you have any more questions on LSI cards, feel free to ask.

Color me surprised! Remember kids: if you can't view the source code, you don't really know what the software is doing. 😉 

Since.... forever? 
 
Forums were the ORIGINAL social media websites. Reddit is one of the largest social media websites that it's just one huge forum. 

It's the shape of the power wave when the UPS is on battery power. Normal 120V AC power is a sinewave waveform. The UPS has to convert DC (battery) power to AC.

It can output the following waveforms:
http://www.minutemanups.com/support/pwr_un10.php
 
Square - very harsh / most power supplies will not accept it
Stepped Sine - Most power supplies and devices will accept
Pure Sine - Closer to pure AC power
 
Most people are fine with stepped sine line interactive though.

hah update my profile? lol NEVER!

This shit is getting better and better. 
 
Time to add that nonsense to my signature:
 
05Gb/s - USB 3.2 Gen 1 (USB 3.0, 3.1 Gen1)
10Gb/s - USB 3.2 Gen 2 (USB 3.1 Gen2)
20Gb/s - USB 3.2 Gen 2x2 
40Gb/s - USB 4.0, Thunderbolt 3, Thunderbolt 4
80Gb/s - USB 4 2.0, Thunderbolt 5