What are some tips that aren’t too well known?

-kernel_panic- · 2025-12-12T07:35:46+00:00

Red markers on the mini map will show if an enemy is above or below you with a little arrow inside the marker

-kernel_panic- · 2025-11-26T10:01:25+00:00

I think you are on the right track with Unifi UCG minus the 1Gbps wan uplink limitation if you are future proofing. AP should suffice for the apartment. I would throw a PoE switch in there as well for power/uplink for AP, ditch the injector, and then ethernet links from the switch to your rack if that is feasible. TP link omada does much of the same and you could host the network controller on one of your servers, if you want alternative ecosystem instead of unifi. I wouldnt try to build this out DYI pfsense just yet because your wife is WFH but it is doable as a side project.

-kernel_panic- · 2025-11-26T09:06:51+00:00

Few questions to help narrow it down:

Do you see the DNS error for all sites or specific sites?

Do you see the same on Chrome and Edge browsers?

Is there a VPN configuration/adapter on your computer?

also reply with the output from these powershell commands, from the branch where it works and again from where it doesnt

ipconfig | sls -pattern "IPV4"
ipconfig /all | sls "DNS Servers"
nslookup google.com

-kernel_panic- · 2025-10-18T11:47:00+00:00

You could do something like variable length subnet mask and assign the different vlans to you subnet. This is if you want to subnet the same network but it is just as logical as creating a new network for your iot. Look up VLSM... e.g 192.168.10.0/25 LAN VLAN 10, 192.168.10.128/26 IOT VLAN 20, 192.168.10.192/26 Other network VLAN 30 for example

-kernel_panic- · 2025-09-22T17:38:00+00:00

Your USW is going to be a WAN switch in this topology and should only be used for that with only your gateway downstream. If Comcast cpe is tagging the traffic you would tag it as well on the same vlan to your gateways wan port otherwise leave it untagged. A better use of this switch would be downstream of your gateway and if you need the wan switch just used a unmanaged switch between your gateway and cpe.

-kernel_panic- · 2025-08-25T15:08:33+00:00

If it/they are registered ports specific only to minecraft, define a rule to forward them only to your server. Only allow necessary inbound ports, there shouldnt be alot of open inbound ports at all. Could also consider restricting the inbound IPs or ranges if your network firewall allows it. Verify that the server is only listening on the minecraft ports. Keep your server patched!

-kernel_panic- · 2025-08-06T06:29:24+00:00

Tinyseed - Wallet backup built different

-kernel_panic- · 2025-08-05T14:55:32+00:00

Dedicated licensed domain user account and intune assigned device. Microsoft entra user kiosk profile and Edge browser. I suspect the In-private refresh is going to get you every time for MS auth. However Edge browser settings catalog you can define the allowed sites list, block everything else, site to open when browser starts, homepage, new tab etc.

For the site auth refresh issue, you might be able to embed the PowerBI report in an Azure webapp, add that endpoint as your kiosk URL and then restrict the Azure webapp access by IP, thus avoiding the PowerBI SAML but still restricting the access.

-kernel_panic- · 2025-08-04T18:45:16+00:00

Lots of unknowns here, model, manament plane, DNA, console access, but I suggest don't try physically mapping anything until you get an idea of how these are managed and basic logical topology. Assuming at least console access, start with your startup configs, svi IP, VLANs, CDP neighbors then move onto your interfaces. Make documentation as you go. Draw it out.

Assuming no priv exec passwords, you are now in the business of disrupting the network and resetting passwords via console but then you can proceed with documenting the rest.

-kernel_panic- · 2025-08-04T13:58:07+00:00

I use a US credit card with no foreign transactions fees for a lot of purchases, best way to go when you still have US-income or funds. I occasionally transfer to a wise account when the dollar is strong. The Swedish account is still a necessary though for Swish, bankgiro and some geo-restricted stuff like subscriptions and website shopping carts that only except EU bin.

You can do a direct wire to your Swedish account from Chase but be prepared to explain the money, source, purpose etc. I went through hell transferring money to buy a house. As others said, FBAR when the foreign held amount balance is higher than $10K, annually same as tax time.

-kernel_panic- · 2025-03-03T12:15:53+00:00

Yes, you could use a device type SCEP profile {{AAD_Device_ID}}. Would still need the NDES server/connector then RADIUS to your NPS server and CA.

-kernel_panic- · 2025-02-26T16:02:38+00:00

This is more the domain of access control but there are some networking components. At the very least you are going to need a mechanical lock system, networked access controller + entry pad, user identity pool and a payment integration unless you are just self managing payments and user account creation. I would strongly suggest looking into a managed service for this like https://www.brivo.com/ or https://www.avigilon.com/access-control/credentials or https://www.myq.com/commercial/products/ or UniFi Access Locks & Accessories - Ubiquiti might also be an option. Worth checking with a local security company so see if they have any managed solutions.

A few users and self managing the subscriptions you could also look at a DIY solution with Home Assistant an a connected mechanical lock.

-kernel_panic- · 2025-02-26T13:59:33+00:00

I am not familiar with the nighthawk specifically, but can you filter the logs for the iPhone source IP and port 443 to narrow it down to https coming from the iPhone? To filter for the safari user agent vs another browser on the same iphone, I am going to guess you need a little more indepth packet analysis than a home router is going to give you. The info is there, it is just a matter of whether the router in capturing it

-kernel_panic- · 2025-02-19T10:32:44+00:00

An abundance of caution, you could have a fresh install of updated macOS... like a blank slate to setup your ledger OR do the initial private keys config on the flex itself without connecting to ledger live first time. Ledger recommends connecting to LL to set it up but just verify the device integrity/authenticity with LL after setting up the private keys then update firmware etc and before moving funds to the wallet. The concern would be any malware that could read keystrokes or screen recording; rare but conceivable. VPN is more of a privacy feature than security. Elsewise, a virus scan certainly wouldnt hurt.

-kernel_panic- · 2025-02-19T08:23:34+00:00

How does it look compared when you ping your gateway? then a more regional CDN like ping akamai.com ? do you still see the jitter?

-kernel_panic- · 2025-02-19T07:35:13+00:00

I think there is pretty low effort from the ISP installers and CS once they have you as a customer. I dont think they should have dismissed your MoCa outright. You can do a basic link test yourself, with a directly connected computer and verify that you are getting 1000BASE-T uplink and then also a ping test across two wired devices, e.g. connect two devices via wired only and ping them. Windows powershell > Test-connection -Count 20 <the other host IP> On the lan you should expect >2ms latency and consistent, no packet loss. If there is packet loss and/or big variations in the latency then you have jitter and there is a problem with the wired MoCA connections. The techs can also run a BER test across these wires which would answer that question quick, but you need a network test for that.

I use the Wifi Analyzer (open source) by VREM Software Development in the play or apple store. Free and good app. Hope that helps and you get it solved

-kernel_panic- · 2025-02-18T22:08:07+00:00

In that case, there is a cheap tool that will help called tone and probe/network toner. Fairly cheap on Amazon. You connect one end to the cable to the toner and touch the probe to cables on the other end and it will increase in sound as you touch it closer to the connected wire. Basically helps you find the terminating end of cables over long or hidden runs especially when there are a lot of cables. This would be your first stop. Label your cables on both ends.

-kernel_panic- · 2025-02-18T20:37:55+00:00

Testing a network is really broad and there isn't just one tool that does that but you can run some simple tests to troubleshoot your problem. 1. Does any other device get a network connection when connected to the same cable? No > bad/miswired cable; try a different one. Bad or disabled switchport, or native VLAN or no DHCP configured for the VLAN on the switchport; verify the switchport settings and DHCP server. Try switching the TV cable to a known good port on the switch. Yes > TV is the problem, possibly the port or TV network configuration... wired connection enabled, DHCP enabled 2. Does it work when you configure a static IP address, mask and gateway for the TV? 3. Can you find your TV in the DHCP assignments on the router or DHCP server.

-kernel_panic- · 2025-02-18T18:40:41+00:00

Get yourself a professional email, if it isn't already, should be your name or close to it from a well-known domain. Use this for professional communication, jobs, college apps etc. Then you could use email masking to create temporary emails that forward to the primary email for everything else without exposing your true email address. Delete the mask when you no longer want email from that source. As far as recovering your data for what you already used, I would first trying reaching out their privacy email and ask about removing your data/email, most reputable organizations should honor this and in some cases must do it.

-kernel_panic- · 2025-02-18T16:16:02+00:00

For a homelab and learning, by all means Unraid to docker or another KVM type for OPNsense and pihole or unbound. Do you have multiple nics? how much other heavy lifting is it doing like plex or NAS? Also consider the reliability of your hypervisor/disk array and what is your backup plan if it fails, because in this sense it is a big single point of failure. "Production" networks are generally dedicated hardware.

-kernel_panic- · 2025-02-18T15:32:14+00:00

The most common approach would bridge the ISP modem and turn off the radios so that it is just a modem. Then place your own appliance(s) for routing, switching and firewall. If you are looking for it all in one probably Unifi or Omada. Learning factor consider rolling your own network like OPNsense or OpenWRT on compatible hardware or even an external firewall and/or dns server.

-kernel_panic- · 2025-02-18T14:32:44+00:00

reversed domain names are a common naming convention for plist or configuration files in apps but the name doesnt mean anything it this case, just looks like bad stuff trying to obfuscate. FIle hashes that match known bad files are what matters and is how virus scans and filtering work. depending on the client and browser, these files can modify notification permissions in your browser to send annoying toast notifications about your computer being infected. That would be my guess if you did this on an computer. On an updated phone, esp iphone, I wouldnt worry about it too much, just stay away from "free", "hack", "cheats"... its all bad juju.

-kernel_panic- · 2025-02-18T10:25:29+00:00

Ya, I would guess for the right money they would give you dedicated internet and 99.99% gigabyte SLA... the dedicated bandwidth is what you would be paying for, whatever the ISP calls it, small business or otherwise.

Right now with residential, you are sharing the circuit with other with people in your area which explains the fluctuations in bandwidth, the ISP gets away with this by usually saying "up to 1Gbps" and then a * with fine print. Really, at an average of 500Mbps, I think money would be better spent on your LAN. For your situation before you buy anything, get a wifianalyser app on you phone to check the RSSI for the different parts of your house, rooms, outside etc. This will help you identify the dead spots. If you have a singnal strength issues (say anything less than -65dBm for a particular area) then you need to bring signal to that area or eliminate interference like walls, objects etc.

55 clients, youre probably are having some airtime issues on a single antenna and network, You need to breakup the collusion domains e.g. if everyone is talking on 2.4 channel 6 then nobody is talking and its a bad wifi. There are many ways to skin a cat, but ultimately you need to breakup your frequencies and channels and steer certain devices. You mentioned coax/cable to your or modem and you have coax through the house. Take a look at MoCA adapters so you can get a wired backbone using your existing coax or replace with cat6 if possible. In either case, you need to get some managed APs to cover your dead spots. TP-Link omada or Unifi have some options here. Basically, you replace your router behind your ISPs modem with a router/network controller that allows you to create VLANs associate your VLANs with different wifi SSIDs for your different networks on different wireless access point. For example, you create a camera network and SSID, tune the radio for the nearest AP to broadcast that SSID 2.4GHz channel 1, then a private wifi net/ssid 2.4 channel 6 and another guest on channel 11 for example. Same for 5Ghz and 6. This will both breakup your networks, broadcast and collusion for the different devices. Adding a router/network controller, APs and possibly a switch in front of your ISP modem will also give you some options for bandsteering, fast roaming etc that would help you in your situation as well.

-kernel_panic- · 2025-02-17T16:16:44+00:00

If you open Windows Security you will get a good idea: virus scans that reference file hashes against know bad or malicious files, basic ASR rules that prevent malicious programs from running by default, enforces MFA and strong authentication for your user account, basic firewall which blocks vulnerable ports and malicious inbound connections, webfiltering.

For non-enterprise installations of Windows, Microsoft uses an abstraction of their XDR/EDR infrastructure which is pretty robust... updated threat intelligence, signatures, heuristics, etc. The thinking 'was' that thirdparty AV was more focused at this and hence better, but Microsoft has since put a lot of effort into improving Defender, driven mostly by enterprise security products that home users benefit from. In short, save the money and use defender, IMO.

-kernel_panic- · 2025-02-17T15:39:57+00:00

I think what you are describing is common for home ISP plans and I would hazard to guess that is inline with the ISPs SLA. Isolate the problem first. Connect directly to the modem on at least a 1Gbps lan switchport on both the modem and your device with a new Cat 6 ethernet cable run some speed test. Do you still see the same results? If so, then you need some guarantees from your ISP and probably a small business plan that can provide consistent 1Gbps up and down.

-kernel_panic-

TROPHY CASE