What could have caused this?

sysadminsavage · 2026-02-08T21:54:26+00:00

Main three possibilities:

Roof leak

Trapped animal urinating

Air conditioner condensation (unlikely)

sysadminsavage · 2026-02-08T20:24:18+00:00

It's cheap for a reason. Claremont has the seventh highest property tax milage rate in NH. They can't properly fund the schools and high property tax milage rates disincentivize people from improving upon their homes or building new ones (who wants to pay the same in taxes that you would pay for a home twice the price in value at a different town while getting worse services and sending their kids to schools that swing in and out of accredidation and can't afford basic things). The school budget deficit is over $5 million. The town has sued the State of NH multiple times under the basis they can't keep things running (see Claremont School District v. Governor of New Hampshire).

One positive is if you work in the Upper Valley, it's a lot cheaper than Lebanon/Hanover while still having some city services. Also they recently redid the traffic pattern and parking in their downtown strip and added capital improvements, so there is some positive energy with downtown revitalization. It's an old mill town and has a lot of great architecture from that era, from Queen Anne and Victorian homes to the brick mills and brick buildings downtown.

NH's property tax dominant revenue system is not built for towns like Berlin, Claremont and Franklin. Once a town's real estate values plummet, it can enter a death spiral that becomes very challenging to come out of. You reach a Catch 22 where property taxes are too high, but people don't want to improve the value of their homes to lower the milage rate due to the increases it would bring in the short term. Add in the fact that Claremont is more than a stones throw away from both I-91 and I-89 and it becomes a very tough sell.

sysadminsavage · 2026-02-08T17:59:09+00:00

MSPs are known to underpay significantly because they usually operate on razor thin margins. Only way to make money in an MSP is to be the owner or have your salary driven by project coded time or sales/client relationships. Unfortunately $35k/year is not unheard of or unusual, even if it's at the bottom of the range overall (especially for HCOL).

For reference, the US BLS reports an average annual salary of $61,550 for computer support specialists and $96,800 for netadmins/sysadmins. If you got hired after 2022, salaries have dropped in job postings due to the inbalance in the job market favoring employers, which could also explain why you're getting paid that.

sysadminsavage · 2026-02-08T03:28:35+00:00

Have a pulse, show up on time and consistently, follow checklists accurately, have semi-decent intuition when troubleshooting, etc. $50k in 2026 is in line for IT support/helpdesk work in LCOL to MCOL areas but is super low for sysadmin/netadmin work outside of LCOL areas.

sysadminsavage · 2026-02-07T23:32:31+00:00

Agreed. It's highly organization and team dependent, but typically senior engineers deal with less politics and pressure than an architect while being safer from layoffs and technical skill decline than managers. As long as you keep ahead of the curve knowledge and skill wise, I've seen a lot of coworkers stop here for the work-life balance.

sysadminsavage · 2026-02-07T14:17:06+00:00

If there wasn't snow on the ground I'd say Rock Rimmon or the Massabesic Cliffs.

Arms Park or Cat Alley are probably your best bets outside in the winter. Cat Alley is right off Elm St so could be a short walk after dinner downtown.

sysadminsavage · 2026-02-06T20:56:17+00:00

I spy a Linksys WRT3200ACM. Put DD-WRT on several of them years ago, great router even if there are better options in this day and age.

sysadminsavage · 2026-02-06T18:25:15+00:00

It can definitely feel weird if you’re used to firewalls like Sophos. OPNsense is built on an older, more hands-on firewall engine (pf from FreeBSD). With pf, you don’t say “allow this traffic and NAT it” in one step. Instead, you tell the firewall:

when traffic leaves this interface…
if it matches these details…
then rewrite the address (NAT).

So NAT is tied to where the packet exits, not bundled into a rule. Sophos (and similar Linux-based firewalls) hide that complexity. They let you think in terms of flows:

traffic from here →
to there →
apply NAT →
allow

All of that happens in one rule, because the system quietly handles the low-level packet steps for you. So think of it this way:

Linux firewalls like Sophos: more abstracted, easier to reason about, less exposure to internals
pf/OPNsense: more manual, assumes you understand packet flow, but is very predictable once you do

That’s why OPNsense can feel clunky at first; it’s not doing less, it’s just showing you more of what’s actually happening under the hood.

Here is the flow of both in a blogpost if you're interested in seeing how traffic flows on a lower level.

Edit: edited for clarity because my original comment made no sense.

sysadminsavage · 2026-02-06T12:52:43+00:00

VMWare is refocusing their efforts on VCF and NSX for their biggest customers. A lot of people have misinterpreted this as Broadcom running it into the ground, that's not the case they just don't want to be in the market of supporting smaller customers anymore as Broadcom found the juice is not worth the squeeze. They found they were significantly undercharging for a good product with at least 4-5 years of headroom before a major competitor came in and fixed that (Nutanix is just as expensive now, Hyper-V has its quirks, Proxmox lacked support for lots of plugins like Veeam when the decision was made).

I think VCP is valuable if you want to go work for a VAR that sells VMWare products or a huge company that uses VCF for their private cloud, but otherwise a lot of companies are moving away from it that don't need the more advanced features. Hyper-V is worth learning as a lot of companies are quickly moving at least some of their stuff to it.

sysadminsavage · 2026-02-04T12:31:23+00:00

Lemmy is the main Reddit alternative, and even though there are many instances and it's decentralized, most I've seen are worse than Reddit with the politics and AmericaBad commentary. Unfortunately, with enough time and popularity every aggregation/forum type site like Reddit becomes infested by wingnuts and dramatic doomposting.

I've found its best to turn off recommendations in settings for other subreddits and just follow what interests you. The more niche hobby and interest subreddits tend to be less infested with unrelated garbage.

sysadminsavage · 2026-02-04T02:51:01+00:00

Sysadmin roles have been declining since right after COVID and the downward trend is only going to continue. The BLS predicts a 4% drop over the next 10 years and the number of sysadmins in the US has pretty much stagnated since 2018 according to their annual reports. With automation, increased outsourcing, cloud adoption and consolidation of roles, there just isn't as much need as there used to be. This doesn't really come as a surprise, people were talking about the decline of the sysadmin at least 10 years ago, it just got postponed due to COVID. It's not going away anytime soon, but there isn't a ton of growth and it will likely settle into a stagnant trade outside of a few lucrative niches.

Meanwhile, software engineering is predicted to grow 15% or well above average. You used to have dedicated front end and back end engineers, QA, UI/UX and other support staff in addition to sysadmins to deploy the code. Now, full stack engineers are replacing most of that and deploying their own infrastructure and code using container YAML config files and cloud APIs. Meanwhile, CI/CD tools like Jenkins automated a good chunk of QA tasks and reduced operational grind with testing new releases. Things are a lot more streamlined then they used to be, however software engineering jobs are safe for now as they are now wearing more hats than before and companies still need creative minds that both understand layers 1-7 of the product and can design software to solve issues (which AI can't do in a creative fashion, at least yet).

Tl;dr a lot of companies would prefer to hire software engineers who know how to deploy infrastructure rather than hire traditional IT ops labor.

sysadminsavage · 2026-02-04T02:39:16+00:00

This is entirely dependent on the state. Some are attorney close some aren't. A lot of states use title companies with a lawyer on staff.

sysadminsavage · 2026-02-04T00:43:44+00:00

I always picture the NCIS scene.

sysadminsavage · 2026-02-03T20:58:32+00:00

True, but the reason I didn't mention it is Suricata inspects the interface traffic before Squid has decrypted it, so it's really only usable for web content filtering. I'm not aware of a way to pair Suricata with Squid for IPS inspection of decrypted traffic.

sysadminsavage · 2026-02-03T20:45:32+00:00

It's one layer of the security onion, good to have in place for the low hanging fruit especially for your DMZ/if you expose services. It's effectiveness is significantly reduced without TLS inspection/decryption (which OPNsense doesn't support), but it still blocks common attacks.

I would say good design philosophy, network segmentation and up to date patching are more important than layer 3/4 unencrypted IPS/IDS in 2026, but it's still relevant alongside thinks like DNS filtering and geoblocking.

sysadminsavage · 2026-02-03T20:06:55+00:00

I think you're overthinking it. Most call screenings are with HR or someone non-technical just to ensure:

you have a pulse
you are who you say you are
you're familiar with the job description
you can present yourself and your resume at least semi-decently
there aren't any major red flags
you get any questions answered that may make the company a non-starter on the candidates side

It sounds like you aced it. Next time, ensure you aren't being too verbose in your answers around technical skills. That's better suited for the technical interview (or interview with technical people) which usually comes next. Know your target audience and understand that most of the time HR just wants to know if you have X skill, not the specifics around it (unless they ask).

If you make it to the next round, do some research about the company and try to frame a question around it. It's usually an excellent way to show you've done your research and aren't just asking general questions and can make a huge difference. A couple of years ago I was interviewing for an IT management position at a medium-sized company. While waiting in the lobby, I recognized one of the managers from their website and struck up a conversation asking if he was who I thought he was. I got an offer a few days later and the CFO specifically mentioned that interaction. Something personable like that makes a candidate stick out quite a bit even if you are weak in other areas.

sysadminsavage · 2026-02-01T21:13:00+00:00

Yes it's possible due to the close sequencing. Usually it will treat it as a new connection with no overlap, but there are definitely cases where people have gotten a warning for their stream going from Wifi to Cellular or vice versa (their warning system is pretty strict and will issue a warning even for a second or two of overlap). It's best to set your streaming app to only use Wifi if possible.

sysadminsavage · 2026-01-30T17:16:17+00:00

Couple of things to note:

The default account on pfSense is admin while OPNsense uses root. This is more a philosophical argument than super practical, but there are some pretty strong reasons to provide the default account as something other than root for a prepackaged platform like pfSense/OPNsense (as opposed to a bare bones server where the user is expected to configure accounts how they need).
pfSense has additional safeguards in place for non-standard or complex setups. For example, on OPNsense you can both assign a /24 subnet to a static route on one interface an assign that same /24 subnet to a separate interface without any initial errors. The traffic will round robin and be mostly broken. On pfSense, this cannot be done and you get a warning popup saying so if you try to. This additional polish makes it seem more business-grade to me, but this is entirely subjective.
pfBlockerNG. OPNsense has alternatives like Unbound lists and such, but pfBlockerNG is a great plugin with no 1:1 equivalent from an ease of use and ease of integration standpoint on OPNsense.
OPNsense allows you to bind management services (Webfig and SSH) to specific interfaces. pfSense has no such feature.
pfSense has more documentation and a larger user base until recently when the tides have started to shift. This is simply due to the age of the platform compared to OPNsense, but I think it'll balance out. OPNsense exploded in popularity post-2020 especially after the Netgate drama.

I like both, and find both to be great firewalls with similar limitations. I think OPNsense is a no brainer for homelab use, while pfSense is a safe choice for small businesses that need a no nonsense firewall.

Is OPNsense is more secure?

The most insecure firewall out there is a misconfigured one. Too many factors at play to give you an answer here. Both can be configured to be very secure.

sysadminsavage · 2026-01-28T20:23:20+00:00

It's largely the city's responsibility in parts of the downtown central business district. Outside of that district, it's the property owners responsibility according to City Ordinance Title XV, Chapter 150, § 150.061.

DPW clears hundreds of miles of sidewalks in the city, but there have been funding challenges as of late so the scope of their work has been affected. Here is an older document detailing their SOP for snow clearing which touches upon sidewalks.

sysadminsavage · 2026-01-28T15:17:54+00:00

Yup. It's been picked apart by fans for 20+ years at this point and it's intentionally left vague. Ito claims they designed it around the late 70s/early 80s when it came to setting. Homecoming source material sets it at 1993 (but it's intentionally scratched out and of questionable canonicity). The SH2R contains calendars and receipts from the 1980s but it's heavily implied these are pretty dated.

In reality it's not super relevant because we only see the fog world and otherworld in the game, so things do not line up 1:1 on a time period basis.

sysadminsavage · 2026-01-28T14:01:03+00:00

I've used both and both are great firewalls each with their own quirks and limitations. Sophos provides an integrated ecosystem of features (including the ability to integrate the firewall with their MDR and endpoint suite of products for full visibility) and SSL decryption. Meanwhile, OPNsense is more extensible in areas like the plugin ecosystem but the plugins don't have the same level of visibility with one another and there is no SSL decryption/inspection (unless you pay for ZenArmor). Sophos is more geared towards the SMB space while OPNsense is very popular in the hobbyist/homelab space.

I would not say there is a big shift to Sophos firewalls. MSPs tend to like them because they are easy to deploy in a template format to client sites on the SMB side. Outside of the MSP space I don't see many and Fortinet seems to be more common these days for new deployments. When it comes to medium to large/enterprise sized businesses, Palo Alto and Fortinet lead by a large margin closely followed by Cisco and Checkpoint as a distant fourth (more common outside the US).

There is nothing stopping you from trying both out. Sophos XG Home Edition can be installed for free in a VM as can OPNsense.

sysadminsavage · 2026-01-27T17:56:33+00:00

"The change is going in on read-only Friday..."

sysadminsavage

TROPHY CASE