Navigation

    • Register
    • Login
    • Search
    • Recent
    • Popular
    1. Home
    2. maydayclutter
    M
    • Profile
    • Following 0
    • Followers 0
    • Topics 4
    • Posts 8
    • Best 3
    • Groups 0

    maydayclutter

    @maydayclutter

    4
    Reputation
    1
    Profile views
    8
    Posts
    0
    Followers
    0
    Following
    Joined Last Online

    maydayclutter Follow

    Best posts made by maydayclutter

    • RE: Names and icon

      Sorry. I thought of two more things.

      1. It would be really nice if the title of the page reflected the section you were in (e.g. THEOPENEM > Computers > ComputerName) so that the browser history could have more detail than just "THEOPENEM".
      2. Is there (or could you add) an option to change the page/app timeout?
      posted in Feature Requests / Feedback
      M
      maydayclutter
    • RE: TOEM UI/Password manager

      It also has issues with Bitwarden.
      When filling in the password, it leaves the field in plain text.
      After that, the javascript that switches the field type between text and password breaks, and it doesn't remove the 8-character limit on the password.

      posted in Support
      M
      maydayclutter
    • Names and icon

      I have a couple of feature and information requests.

      1. It would be really helpful to support longer names for modules and policies. Currently, group names have a limit of 255 characters, but module and policy names have a limit of 45 characters. For something like a BIOS update that supports multiple models, it can be difficult to squeeze the name into that.
      2. Any chance that the character class limit in names can also be lifted -- in particular, brackets, parentheses, and semicolon would be useful?
      3. Do you have an SVG version of the Theopenem logo? Many of the open source OTP apps support setting an icon. Some apps, like Aegis on Android and Raivo on MacOS/iOS, prefer or require SVG icons (notably, it should not be a JPG/PNG embedded in an SVG). Each app or repository has it's own requirements for their icons, but it's easy enough to adapt to that with a source SVG.

      Thanks

      posted in Feature Requests / Feedback
      M
      maydayclutter

    Latest posts made by maydayclutter

    • RE: Crypto RSA folder issue

      Uninstalling the 2025-03 Cumulative Update (KB5053596) (and 2025-04 [KB505519] to be able to remove the 2025-03 update) seems to have allowed the server to resume operating. Clients are checking in, the clients with PendingConfirmation status now show Provisioned, and manual inventory/checkin and instant modules are working.
      Obviously, leaving these updates off long-term is not good for security, but this does confirm that the Windows update caused the issue.

      Server is running Windows Server 2019 in a VM instance. Outside of these two updates, it's fully patched and has only Theopenem (and supporting software, e.g., MariaDB) installed.

      The Crypto\RSA folder does still have 780k files in it. We will be watching to make sure that number is not growing.

      posted in Support
      M
      maydayclutter
    • Crypto RSA folder issue

      We recently (I think about a month ago) started receiving notifications for low disk space on our server. In investigating the source of the usage, we found a very large number of files (millions) being generated in the following folder, quickly consuming all of the free space on the disk:
      C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-20

      Although this link is for a different application, this appears to be the same issue (https://github.com/Pro/dkim-exchange/issues/91).

      We've run a script (https://github.com/sntcz/Clear-MachineKeys) to clean this up (initially removing files older than 30 days, but eventually decreasing it to 10 days). Unfortunately, it takes a while to get the folder cleaned up. With web services still running, we actually reached 0 free space on the system, so we disabled the IIS/World Wide Web Publishing Service. After getting the folder cleaned up to a reasonable level yesterday (we had about 30 files remaining), we restarted services, and it looked like it was staying stable around 100 files. However, the number of files in the folder has grown to ~1.5 million since yesterday, consuming around 3 GB.

      Following the restart, I had to increase the system's processor to get it to even be reasonably responsive. I'm not sure if this is a consequence of cleaning up the files or the system being slow/unstable, but we now have several clients in a PendingConfirmation status (some of these were new clients that we were just now able to approve; at least one is a client that I had to reset), and I'm unable to get clients to manually run inventory, check in, or run instant modules.

      I'm not sure how to proceed now, but I think verifying how/why so many files are being generated and resolving that would allow us to verify if the performance and client check-in was also resolved. For the record, the system has been in place for approximately three years without issue. No other services or web instances run on this system.

      posted in Support
      M
      maydayclutter
    • Software Inventory

      I have a bug report and feature request for software inventory.

      Currently, software inventory seems to (mostly) take unique combinations of the software name and version, and that entry is referenced for the computer software table.
      Unfortunately, this often results in an incorrect uninstall string. In particular, any application that is installed per-user will just show the uninstall string from the first installation that was seen.
      We often will want to replace a user-installed app with a system-installed app, so having the proper uninstall string is a good way to track those down (as well as being necessary to remove the user-installed version).

      Thus, the uninstall string should be unique to a specific installation of the software.

      As for the feature request, it would be very nice to have the Publisher and Installed On fields populated in the software inventory (Installed On also requires the software inventory to be per-instance).

      It may also be important to note that a piece of software could be installed both per-user (or for multiple users on one computer) and system-installed and should thus be listed multiple times in inventory for the same computer.

      posted in Feature Requests / Feedback
      M
      maydayclutter
    • RE: TOEM UI/Password manager

      It also has issues with Bitwarden.
      When filling in the password, it leaves the field in plain text.
      After that, the javascript that switches the field type between text and password breaks, and it doesn't remove the 8-character limit on the password.

      posted in Support
      M
      maydayclutter
    • RE: Names and icon

      Sorry. I thought of two more things.

      1. It would be really nice if the title of the page reflected the section you were in (e.g. THEOPENEM > Computers > ComputerName) so that the browser history could have more detail than just "THEOPENEM".
      2. Is there (or could you add) an option to change the page/app timeout?
      posted in Feature Requests / Feedback
      M
      maydayclutter
    • Names and icon

      I have a couple of feature and information requests.

      1. It would be really helpful to support longer names for modules and policies. Currently, group names have a limit of 255 characters, but module and policy names have a limit of 45 characters. For something like a BIOS update that supports multiple models, it can be difficult to squeeze the name into that.
      2. Any chance that the character class limit in names can also be lifted -- in particular, brackets, parentheses, and semicolon would be useful?
      3. Do you have an SVG version of the Theopenem logo? Many of the open source OTP apps support setting an icon. Some apps, like Aegis on Android and Raivo on MacOS/iOS, prefer or require SVG icons (notably, it should not be a JPG/PNG embedded in an SVG). Each app or repository has it's own requirements for their icons, but it's easy enough to adapt to that with a source SVG.

      Thanks

      posted in Feature Requests / Feedback
      M
      maydayclutter
    • RE: Issues in 1.5.0

      @theopenem_admin said in Issues in 1.5.0:

      The generated QR code for MFA has non-working parameters. The URI shows period=60 and algorithm=SHA512, but I could only get it to validate after changing them to period=30 and algorithm=SHA1 (same as leaving them off). Otherwise, it gives an error "Could Not Verify Code.".

      What authenticator are you using? I've tested with Google and Microsoft and both appear to work?

      Neither of those support the period or algorithm parameters (see https://github.com/google/google-authenticator/wiki/Key-Uri-Format#algorithm for Google; I don't have a link for Microsoft, but I have previously verified that it doesn't support them), so they default to 30 and SHA1.
      I've tested with both Aegis and AuthenticatorPro.

      This was pretty minor overall, but our server CPU usage pegged out until most of the clients updated.

      How many simultaneous connections to your com server do have set?

      It's on the default of 0 / Unlimited.

      posted in Support
      M
      maydayclutter
    • Issues in 1.5.0

      We just upgraded our instance to 1.5.0, and we've found a couple of issues.

      1. Software groups and reports based on Application name + version are broken. As a simple example:
      Application name LIKE Toec%
      And Application version < 1.5.0.0
      

      should return only the computers with Toec still on 1.4.5, but is returning all computers (with Toec).
      58a9bbc0-2ef8-4aea-b9fe-551228f623ad-image.png
      Our dynamic groups based on computer model + bios version don't appear to be affected.
      I've disabled our software deployment policies temporarily because they otherwise are targeting incorrect computers.

      1. The generated QR code for MFA has non-working parameters. The URI shows period=60 and algorithm=SHA512, but I could only get it to validate after changing them to period=30 and algorithm=SHA1 (same as leaving them off). Otherwise, it gives an error "Could Not Verify Code.".

      2. This was pretty minor overall, but our server CPU usage pegged out until most of the clients updated.
        a76c8b46-bfff-4ba0-ba5e-684bd963f901-image.png
        The first spike was from when I installed .NET 4.8 and rebooted the server (and can be safely ignored).
        The big drop corresponds approximately to the time shortly after I ran the "Prepare Toec Updates"

      posted in Support
      M
      maydayclutter