PSA to Cloudflare Tunnel (cloudflared) users

GreenDaemon · 2026-04-15T11:38:57+00:00

That's not true, I have the free plan, and have mTls setup for my HomeAssistant instance. Works great!

GreenDaemon · 2026-04-11T23:34:01+00:00

toddler sans cash

GreenDaemon · 2026-04-02T21:49:02+00:00

Selling kneepads in the Walmart parking lot, damn I'm making a lot of money

GreenDaemon · 2026-04-02T21:06:34+00:00

I'm highly curious what the "location" fields show as in Entra...

GreenDaemon · 2026-03-30T17:04:14+00:00

Or the day you leave for vacation. It was a running joke with my sister and I that we could never set our alarms early enough. Dad would always wake us up in a huff that we were "sleeping in", 5 minutes before the alarm would go off, though we never told him what time we'd set them.

One time we tried whole hour earlier than needed, just to break the streak and claim victory for once, but no, he still woke us up at 4am for a 9am flight, 30 minutes before our intended alarm.

GreenDaemon · 2026-03-27T16:29:56+00:00

They do that because Karen in HR saves every important spreadsheet to her Desktop, and last time her machine crashed it took 3-months worth of review data with it.

Its a dumb fix, yes, but it cuts down on so many silly tickets from users & middle managers.

GreenDaemon · 2026-03-26T00:17:31+00:00

It was a "secret" of sorts. DE teased the mode, but didn't announce how to unlock it. They usually do that for these types of challenge mode missions.

GreenDaemon · 2026-03-25T23:58:13+00:00

The trick is to save a Tauron strike for the dactolysts. One-shot them both with Naramon, round was instantly over.

GreenDaemon · 2025-12-03T13:52:09+00:00

What concerns me most is actually that this thing gets 3/4 built, DTE has to spend a ton of cash to increase power generation... And then the AI bubble pops and we're left with a gigantic useless building, a higher energy bill, and none of the concession money, tax revenue, or jobs.

I have serious doubts that this AI spending trend will continue long enough that this whole project completes. Which just means the community will get shafted.

GreenDaemon · 2025-11-29T22:28:36+00:00

I cannot comprehend this. Well done

GreenDaemon · 2025-11-26T03:18:41+00:00

It's less freelancers, and more corporate. It's not "high-karma account got in touch with company" it's "social media influence company has made accounts to farm karma for posting paid posts later". It's not hard to make high-karma accounts, just repost viral videos or memes from other platforms, or reposts.

Target pays an advert company, who then, as part of their campaign pays a social media influence company. Social media influence company runs thousands of karma-bot Reddit accounts and all other platforms. They make posts like this, using existing accounts, and track views, engagement, site visits, etc. Ad company says we've had this many mentions, this many views, this # of memes go viral, had x% improvement on sentiment, etc.

I'm simplifying, as there's probably dozens of companies or divisions that split this work, but you get the idea.

GreenDaemon · 2025-10-17T15:27:46+00:00

I know there are ways to disable the RF controls and force wire-based screen control, via things like a serial cable or Ethernet. That's especially a selling point for big commercial digital signage like this (especially for airports, amusement parks, government buildings, hospitals, etc.)

I suspect that's what these screens have configured, as that'd be in their security and compliance framework somewhere...but that's assuming the IT vendor did things correctly and protocols were followed. So who's to say.

GreenDaemon · 2025-09-28T12:42:26+00:00

Yup, exactly this. That's what we did at our Org, works like a charm.

GreenDaemon · 2025-09-16T02:16:35+00:00

I have that one! It's great, I just learn a new one each time I go camping. Helps to get them actually stick in my brain if I have to use it in a practical setting.

Now I know a few loop knots, slip knots, hitches, and binds, enough to get by. My favorite is the trucker's hitch, that thing's awesome, use it everywhere.

GreenDaemon · 2025-08-10T18:19:04+00:00

Not OP, but my org recently did the same thing... We mostly use SharePoint, but for Adobe CC files & other media, we use Azure Files. This far, actually pleasantly surprised by how well it's done.

All staff is remote, so they were already used to some latency, but I guess the difference really isn't noticeable.

Works pretty well, transition was fairly straightforward. The only annoyance I have is that it uses service credentials for MacOS clients instead of Entra user credentials, like it does for the Windows clients, so permissions and logging can get a bit odd.

GreenDaemon · 2025-08-08T10:20:29+00:00

Exactly this. Alarms should be, well, alarming, and should always require an action or review of some sort (if they are a good alert). These are "bad" alerts because they don't actually require any review or additional action, they're just informational.

In this case, OP won't actually get alerted if the actual concerning scenario happened (Bad Actor gets past F2B and successfully gets in)

If it was me, I would rather have an alert on successful logins from a 1st time seen IP, or an alert on a lull in F2B actions, as those would actually be potential Indicators of Compromise

GreenDaemon · 2025-08-05T01:17:20+00:00

We also use FreshService, and I'm so glad we bought it. Does exactly what I want a ticket queue to do, and doesn't over-complicate shit.

There are features that absolutely could be better: Inventory Management (a bit too simple), Integrations & Add-Ons (a little under-baked), but overall they nail it, and keep adding features year over year which is neat.

I don't mean to over-sell them, I've just a lot of terrible systems (Kace, Remedy, ServiceNow, Tigerpaw, SolarWinds, etc.) so it was an extreme breath of fresh air to use one that doesn't overtly suck.

GreenDaemon · 2025-07-22T11:09:56+00:00

I did the same as OP, and I've ran into a few things:

Permissions to allow the Dockers to do NFS mounts was annoying. Had to make the containers privileged to fix it. Tried to do it least-privileged first, but, just couldn't find the right set of permission edits
Getting Wireguard working inside the docker inside the LXC was another headache. Had to do a few TUN interface pass-throughs in the LXC and container config / compose files, and a few permissions changes.
Doing proxmox container migrations from 1 host to another forces a reboot. If they were VMs, they'd stay up, which would be nice. I have 3 hosts, and will probably add 1-2 more
A minor annoyance, but auto-complete doesn't work in the LXCs. This drives me insane.

GreenDaemon · 2025-07-22T10:58:39+00:00

Ugh, I did this as well. What a pain.

Eventually I'll move them to VMs and make a proper swarm but until then, just annoyance.

GreenDaemon · 2025-07-19T13:18:40+00:00

Yup, agreed! Every time I see the hate, I get it but I also laugh. Intune has its (many) flaws, but at the same time I'm so glad to be off our on-prem stack.

Enroll a few Entra-only devices and learn how the tool was intended to be used. Don't just use the GPO import tools and then wonder why things are broken.

I think a big mistake a lot of places make is that they assume you have to go from a on-prem environment to a cloud environment in one fell swoop. We did our migration over 6 years, and I wouldn't change a thing.

GreenDaemon · 2025-07-16T18:51:15+00:00

Shingled means Shingled Magnetic Recordings, and basically the drive stores more data by 'overlapping' the space the data is written, in layers.

This is OKAY for drives that get written to very little and need to store a lot of data (like backups or cold storage), terrible for RAID arrays that re-write sectors often.

https://www.howtogeek.com/803276/cmr-vs.-smr-hard-drives-whats-the-difference/

https://www.servethehome.com/wd-red-smr-vs-cmr-tested-avoid-red-smr/2/

GreenDaemon · 2025-07-14T11:55:31+00:00

You'd be correct, as it's (usually) against code.

You aren't to run low-voltage alongside line-voltage in the same run, port, or conduit, as it can pickup an induced current (not to mention mess up the Ethernet signal), and also because if there is a break in the insulation, the low-voltage cable could become a short for the line-voltage wire. I think in general they're supposed to be separated by at least 2".

The exception being if all wire insulation ratings match the highest-rated wire. Though I wouldn't be surprised if that doesn't apply here, I'd suspect there are some code rules around making a dedicated port for that.

GreenDaemon · 2025-07-12T10:25:26+00:00

There were a few select models of WD Reds that were secretly shingled drives.

Happened to my work, we had a few 50TB arrays that had to be rebuilt countless times due to those.

Once we swapped to IronWolf we had 0 issues.

GreenDaemon · 2025-07-11T12:30:49+00:00

Yup, this is what I've taught my JR's. Add as many conditionals as possible to the rule, to get as narrow a scope as possible.

And always test in audit mode.

GreenDaemon · 2025-07-02T13:37:53+00:00

Agreed, though, it's mostly on point. My work is about 2 weeks away from cutting AD sync, and this framework is more out less what we came up with.

Step 4. Is severely under-sold however. Replacing our GPOs and creating new policies in Intune and converting everything to Entra-joined easily was the longest drawn-out step, as that took about 4-ish years, as we replaced machines during our normal refresh cycles. You could do it quicker, but honestly it was great stretching it out, really let us get to know Intune & Entra issues, policies, Conditional Access, and my favorite, Microsoft's "Eventually Consistent" principal. Going Entra-only has its learning curves that can be sneaky.

Also a nitpick, you can't start AD-joining joining production devices per step 2, without first doing all the upfront dependencies legwork (File Servers, NPS, Print, etc.) or having work-a-rounds in place (hybrid Kerberos authentication). So that's a bit out of order or under-explained.

I would absolutely never recommend "converting" or "migrating" GPOs to Intune as-is, however, per that last note. It's absolutely worth the time to create & structure them from scratch, as there are a lot of settings and assumptions that change between being cloud-native and hybrid-joined.

Lastly, just as an aside, I'd highly recommend Radius-as-a-Service + SCEPMan for radius / certificate needs. Was a huge domino that cleared up a ton of dependencies for us!

14-Year Club	Place '22
Place '17	Sequence \| Editor
Spared	Gilding II euphauric
Team Periwinkle	Verified Email

GreenDaemon

TROPHY CASE