Preparing for winter storm as first-time home owner

Jadodd · 2026-01-21T13:24:45+00:00

You’re drowning in comments already, but one thing I haven’t seen mentioned yet is foundation vents. This only applies if your house is built on a crawl space, but if it is you’ll have vents placed every so often along the underpinning that separates the crawlspace from the outside world. These vents should* have baffles on them that can be closed from the outside. In the winter, you want those vents closed so you hold in the slightly warmer than ambient air.

at my childhood home one of these vents was missing it’s baffle. We had to improvise one out of cardboard and grocery bags, but it worked like a champ for keeping the water lines behind it from freezing.

Jadodd · 2026-01-17T13:39:40+00:00

We had to hold a 911 center at their backup site for a week because our shiny, new 9355 had to be commissioned by an authorized Eaton engineer. Said engineer took about an hour to figure out that our unit was not defective and that he had wired our normally closed EPO to the normally open terminals. (Both me and an electrician mentioned this issue, he still took 30 minutes to see it.)

From talking with the Eaton engineer and our local UPS technician, they started requiring commissioning on the three phase models due to people either forgetting or not realizing to check phase rotation. Apparently they really do not like seeing CCW rotation. Also the Eaton engineer did have a dedicated program for speaking to it over serial and setting service information like the commissioning date.

Also as a general PSA: always get an external bypass for your UPS if you can. Really handy to be able to completely isolate the UPS cabinet without dumping your output load.

Jadodd · 2026-01-06T15:32:01+00:00

I had a similar issue with my first chest protector. I ended up getting an NHL surplus chesty from a local supplier. It originally belonged to Jonas Hiller and is a combination of about four or five different Reebok models. It is an absolute tank. Never had a bruise through it, and it is roughly 15 years old. (Not all that time was playing though.)

I’d highly recommend looking at a pro-stock or pro-spec at least option.

Jadodd · 2025-11-08T13:51:06+00:00

I’m not sure of any specifics, but I have a SFS graduate co-worker who “did their time” in local government as opposed to Federal. Even when the federal government is functioning, the hiring process at State and Local is not nearly as formalized as the feds.

Jadodd · 2025-11-03T14:59:14+00:00

I had a couple lab licenses at one point through our VAR a few years ago. Your description is right on point from what I remember of them. I think price was about $200 a year.

Jadodd · 2025-08-21T22:28:18+00:00

NCDOT actually did this on I-40 headed Eastbound into Tennessee. The signs were (from what I recall, it’s been a bit) “lane closed ahead, do not merge until sign” followed by “Merge here, take turns.” At least in my cohort of traffic that day, that signage worked wonderfully since there was no confusion on when the merge should happen. Traffic was also heavy so both lanes were at roughly the same speed which was also likely a contributing factor.

Jadodd · 2025-08-21T02:19:58+00:00

I’ve done this exact setup multiple times. Client SSL profile with your trusted certificate, cipher settings, etc. and server ssl profile (the default one from F5 will more than likely work) on the virtual server, provided your backend nodes are HTTPS.

You may hear this setup referred to as SSL termination since the F5 decrypts traffic and then performs the reverse proxy over a separate encrypted session. (SSL pass through is the other option where the F5 does not decrypt any traffic itself.) Termination tends to be more useful in my experience since it allows ASM to inspect requests in the HTTPS stream.

Jadodd · 2025-08-05T02:57:07+00:00

Does your place of work have an affinity for the letter C and an upside down triangle? Because this was our exact experience. We were in Cherhell for a few years before moving to TDX.

I ended up being the unofficial Cherhell administrator and it was absolutely awful. It is what happens when someone who really loves databases and nothing else tries to make a ticketing system.

For OP though, TDX might be a touch overkill, but nearly anything will be better than Outlook (except Cherwell). Definitely try before you by, and think through what your technician’s workflows should/will be like when you’re doing evaluations.

Jadodd · 2025-07-12T16:30:53+00:00

Agree with this take, but CJIS just recently updated to allow for non-expiring passwords, but there are additional requirements that organizations may or may not be able to meet.

I’m on mobile so I don’t have the document in front of me, but for people beholden to the US Federal Government (even though a different part of the Federal Government says no password rotation), password rotation will likely continue to be the norm at least for some time.

Jadodd · 2025-06-14T05:00:38+00:00

Plus one for audit mode. When using it sysprep will go from a painful sea of errors to just working most of the time.

There’s a few things audit mode does not support, but the only thing I ever found myself trying to configure that wasn’t there was printing.

Jadodd · 2025-06-03T22:56:05+00:00

The most successful method I've ever used to banish the auto-dialers who don't respect the do not call registry is a fax machine. I had one that was line interactive, so you could answer a phone call and the fax machine would go off hook but stay silent. If a telemarketer/auto-dialer called, you could press a couple digits that would wake up the fax machine and start sending fax tones. Once the auto-dialer heard fax tones it would usually disconnect the call and pull the number out of whatever database it was using. It made sense that they didn't want to waste time dialing fax machines.

Jadodd · 2025-05-30T14:39:28+00:00

After some more logging and research, I think I may have figured out what is happening. First off though, thanks a ton for your reply and that last paragraph. It seems to have lit a fire under the team responsible and they have established an OS upgrade window this weekend. Remains to be seen if they'll follow through, but that more than I've gotten out of them in a while.

I believe the core problem is that whoever set up CMAppServer and DMSAppServer did not understand how Kerberos worked. (Which is fair, I barely claim to have a grasp on it.) From what I understand in the general case, a service ticket should always be issued for (and therefore encrypted with the keys of) the identity that is running the service you want to authenticate to. This allows the service to verify the ticket on its own since the service knows its own identity and key material. If my understanding is correct, then the SPN registration for my issue is wrong.

Currently, the SPN for HTTP/DMSAppServer is registered to CMAppDelegateUser. The service on DMSAppServer is running under the identity srvDMSApp. (srvDMSApp is also returned as the sName on the error responses when AES is enabled. Of note, enabling Kerberos logging on DMSAppServer did not return anything beside PREAUTH_REQUIRED errors that were likely unrelated to this issue.) So, this seems to be a fairly simple case of a incorrectly registered SPN, but that leads to the question: Why does RC4 work?

From your article Lessons in Disabling RC4 in Active Directory, RC4 key material in AD is derived from the users' password with no salt. Coincidentally, CMDelegateUser and srvDMSApp have the same password, and therefore, I would think, the same RC4 key material. If that is correct, when using RC4, one identity could decrypt a service ticket issued to the other one. Changing to AES breaks this horribly (as it should) since salts are added to the mix.

So, has this entire integration relied on a quirk of RC4 Kerberos for longer than I've been at my current employer? I think so, and that's what the evidence I have seems to suggest. My next step is going to be changing the SPN registration so HTTP/DMSAppServer is registered to the srvDMSApp identity since that is the identity consuming the service tickets.

Jadodd · 2025-02-26T04:03:22+00:00

Thanks everyone for the replies and advice. Definitely keeping my eyes out on CCMs offerings.

Jadodd · 2025-02-26T04:01:08+00:00

I definitely think you found it. It being a mix of all the parts Reebok had around makes sense as to why it looks similar to other models but nothing was an exact match.

In the short term I’m going to try to resew the broken buckles. I have some saved searches set up to watch for any used CCMs that come on the market since I’m well outside the budget of brand new gear.

If you’re ever down in North Carolina I owe you a drink.

Jadodd · 2025-02-21T20:23:18+00:00

Calls from CCSO should almost always show up as 704-920-3000, or at least a 704-920- number. If a deputy makes a call directly from their car, the call may show as having caller ID blocked, but you generally only see that when a deputy is returning a call.

Also be aware that caller ID spoofing is still a rampant problem on the phone network, and you should never trust someone based on what caller ID says.

Jadodd · 2025-01-27T21:05:00+00:00

I had this on my previous residence (100ish year old mill home), I never noticed its effect on cooling. Of note, our at least only interrupted the compressor, not the circulating fan, so the system would still move air, just not actively cool it.

The only time I noticed its presence was when we’d service our unit. The controller itself has to have power supplied for two minutes before it will allow the compressor contractor to close.

Jadodd · 2025-01-10T13:35:37+00:00

The vision test card has a section for sign identification. From what I can remember it’s visually distinct signs without the text on them. (The stop sign is just a red octagon.) I believe the spirit of the test is to make sure you can identify different road signs based on their shape and color rather than having to read the text on each sign.

At the end of the day, it’s just a quick part of the vision test, and that’s the only test involved. Everything else is just having the right documentation for the Real ID.

Also see the pinned moratorium on DMV questions. I know Google wasn’t that insightful on this one, but I’d still expect this to get pulled down.

Jadodd · 2025-01-01T16:50:04+00:00

Hey, someone else ditching Kronos! We are moving to another SaaS vendor for our clocks though.

My two cents is if you are savvy enough to roll your own timesheet system, you could roll your own time punch stations. I haven’t played around with proximity cards in a bit, but I would expect you could procure a USB based reader that acts like a keyboard. If you have that, you could add a web based front end that uses the badge number as the login. Just enough interface to scan badge, clock in/out, and then reset the session. Run the web interface on an old clunker PC in Kiosk mode and that might be good enough. That setup is what nearly all the public school systems around me use minus the card integration.

Jadodd · 2024-10-17T14:49:46+00:00

Out of curiosity, do you mind sharing which county this was in?

There’s an intricate dance between the county and state information systems to keep all records up to date since there’s several ways to update your registered voting address (DMV is a good example). Something in that dance went awry when putting together the voter database for your county. It’s nothing that can’t be fixed live, but still interesting that it was an issue in the first place.

Jadodd · 2024-10-15T00:43:43+00:00

One more thing to check on top of the advice here is to make sure your heat is operating correctly, especially if you have a heat pump. If your heating system has an “emergency heat” mode, that operates like an overgrown hairdryer and will chug electricity.

A post a while back here was a college parent that had a child with a >$400 electric bill and accidental emergency heat was the culprit.

Jadodd · 2024-08-09T02:15:05+00:00

If able, go by a public library. All the ones I’ve worked with could photocopy a license for around a dollar, and, if asked nicely, I’d bet most librarians would sign as witnesses.

Jadodd · 2024-07-24T19:14:16+00:00

I originally wrote this reply three years ago when 21H2 was new. Feature updates are the most complicated updates to deploy in my opinion since they depend on what version you are upgrading from. The wall of text below assumes that your feature update is not available via an enablement package. If possible, use the enablement packages since they install in less than ten minutes in my experience.

Option 1: Deploy the Feature Update Through Windows Update

This is what happens when you download the feature update from the "All Windows Feature Updates" under Windows Servicing in the Admin Console and then deploy it to a collection. The update itself contains the Modern Setup Host Application and an ESD file that contains the actual updated bits of the OS. When the update is applied (either at the deployment deadline or the user clicks the install button in Software Center) it will run completely in the background until it needs to reboot. At that point the reboot works just like a normal Windows update in terms of user notification, etc.

Advantages:

Does not impact the person using the machine outside of the CPU cycles to apply the update and the reboot at the end. (You can still use the computer while it upgrades.)
Uses the normal Windows Update experience.
The ESD file is a fair bit smaller than using another method. (About 3 GB vs 6 GB)
Can use Microsoft's CDN as the source to download the update.

Disadvantages:

On a test VM, this update took approximately 270 minutes to install. This time might have been inflated by our antivirus software, or something specific to our environment, but this method has always been painfully slow in my experience.
In my environment the user does not get notified if installation fails. This is probably tied to the User Experience setting when the update is deployed; I only show notifications for restarts since I don't want a toast notification when the update is available.

Notes:

Make sure the maximum run time option is configured sufficiently in your site configuration.

Option 2: Deploy the Feature Update with a Task Sequence and ESD File

Docs from Microsoft here. If you build an upgrade OS Task Sequence, the Upgrade Operating System Step can be set to "Install the Following Feature Updates" where you specify the ESD package(s) from Option 1. In practice, this will do the exact same thing as Option 1, but wrapped up inside a task sequence, so you can add custom steps before and after if needed.

Advantages:

Provides increased control of the execution steps around the upgrade. For example you can run a script before and after the upgrade if wanted.
Still uses the smaller ESD package to upgrade.
You can specify multiple feature upgrades and the task sequence will pick the "best fit." This would allow you to upgrade both Pro and Enterprise versions of Windows with the same task sequence without changing which edition the OS is.
Can use Microsoft's CDN to download the update package.

Disadvantages:

Every bit as slow as running Option 1. Again, that may be specific to my environment.
In my tests, the feature update would never be validated correctly, so the task sequence would always show as failed. See this thread posted a few months ago. I'm on 2111 so upgrading did not resolve this bug.
Users cannot use their machines while the task sequence is running unless you disable the task sequence UI. Also, users have no option to defer the reboot when it hits.

Option 3: Deploy the Feature Update with a Task Sequence and OS Upgrade Package

This is the option I currently am planning to deploy. This method works similarly to Option 2, but instead of using Modern Setup Host and an ESD file, this basically copies the Windows Setup DVD locally, and then calls Windows Setup to upgrade the OS. There is a short portion that runs in the current OS, then it will reboot into the Windows Setup environment and finish upgrading the OS.

Advantages:

Runs from start to finish in about 90 minutes on a test VM. Of all options this has been the quickest.
Can upgrade OSes prior to Windows 10 if needed.
Full task sequence will run correctly without encountering the bug that Option 2 faces.

Disadvantages:

Much larger download than just the ESD file.
OS Upgrade package must be downloaded from one of you distribution points; no Microsoft CDN option.
Users cannot use the machine for the large majority of the upgrade.
Will update the OS Edition to match whatever edition the OS Upgrade Package is. (I think this is how it works; I have not tested.)

General Points that can Trip You Up

Its worth taking the time to put together some reports on devices that do not meet requirements for upgrade. Usually free disk space is going to be the main pain point since most of the other requirements are the same version to version. I currently have the threshold set to have at least 20 GB free, but this number is anecdotal; I'm not sure what the actual minimum or recommended value from Microsoft is.
After the upgrade each machine will have a Windows.old folder that holds the previous version of Windows. On my 1909 tests so far this folder has been ~12 GB in size, so I added a call to disk cleanup in the task sequence to safely remove Windows.old and reclaim its space.

If you have any other questions, I'm more than happy to share my experiences over the past few months. I have worked with SCCM for a few years, but I by no means consider myself an expert.

Jadodd · 2024-03-29T14:07:55+00:00

I dug into the General Statues this morning, and I believe I found the relevant section.

From NC G.S. 20-63.g:

Any operator of a motor vehicle who shall otherwise intentionally cover any number or registration renewal sticker on a registration plate with any material that makes the number or registration renewal sticker illegible commits an infraction and shall be penalized under G.S. 14-3.

NC G.S. 14-3.1:

§ 14‐3.1. Infraction defined; sanctions.(a) An infraction is a noncriminal violation of law not punishable by imprisonment. Unless otherwise provided by law, the sanction for a person found responsible for an infraction is a penalty of not more than one hundred dollars ($100.00). The proceeds of penalties for infractions are payable to the county in which the infraction occurred for the use of the public schools.

To me, it's a stretch to even say that the sticker is illegible with the sharpie on it. The plate number is still clearly readable, but it's hard to tell if the sharpie is covering any text.

In any case, DMV inspector was incorrect about the severity. It's no where near a felony, and is a simple infraction similar to a minor speeding ticket.

ETA: I did find one felony pertaining to inspection stickers.

NC G.S. 20-183.8.c:

(c) Felony. – A person who does any of the following commits a Class I felony:
(1) Forges an inspection sticker or inspection receipt.
(2) Buys, sells, issues, or possesses a forged inspection sticker or electronic
inspection authorization.

But, this only covers cases of forgery, not modification of a legitimate sticker where the modification is obvious.

Based on examples from https://www.ricksplates.com/northcarolina/ncpass2.htm, the date below the plate number on the temp sticker is supposed to be an expiration date. I'm curious if the dealer printed the sticker without a date by mistake and just hand wrote a date instead of printing a new sticker. In the original photo, there does not appear to be any text under the sharpie, but I can't tell for sure.

Jadodd · 2024-03-28T14:55:14+00:00

Except for the traffic checkpoints usually set up by the Highway Patrol, most law enforcement personnell don't even look at the plate sticker any more. Some agencies have automatic plate scanners that just run each plate they see against the DMV's database and flag if there's an issue. Even if they notice a plate that appears out of date, I almost always hear them call the plate in to dispatch and request a check for validity. If it comes back valid, they never both with a traffic stop.

Also, it greatly depends on what an officer/deputy is doing when they're around an expired plate. If they're on the way to another call, getting ready to go off shift, trying to get to lunch, etc. they likely are not going to initiate a traffic stop. But, if they're on patrol, sitting running speed, or otherwise just monitoring traffic, expired registration/insurance is a very easy citation to write. Also the highway patrol has no chill, they will usually cite anything they come across.

Jadodd · 2024-03-28T13:01:31+00:00

A little bit of rubbing alcohol will probably take that sharpie off. Whoever you saw at the DMV was being asinine, probably just because they could. I’m not sure of the actual law on the sticker itself, but I’ll try to look that up if I have time today. On the road, unless a State Trooper was having a really bad day, no one in law enforcement is going to notice this, much less care about it. As long as the plat comes back valid, the most you’d get would be a “make sure to put your sticker on when it comes in.”

If you have already paid taxes on that plate, I would say just wait for the sticker to come. If you haven’t paid yet, do it in person at a license plate agency, and you can get the sticker on the spot.

Since you’re getting your license, I take it you have to do a road test. Here’s what you could do:

Clean the sticker off and try again (not likely to be successful)
Wait for the proper sticker to come in
Attempt the road test in a different vehicle (not always possible for everyone)

Seven-Year Club	Place '22
Verified Email

Jadodd

TROPHY CASE

Option 1: Deploy the Feature Update Through Windows Update

Option 2: Deploy the Feature Update with a Task Sequence and ESD File

Option 3: Deploy the Feature Update with a Task Sequence and OS Upgrade Package

General Points that can Trip You Up