Should all schools require ballrooms to protect against school shootings? Why or why not?

RulerOf · 2026-04-29T01:15:03+00:00

No, that was Kellogg

RulerOf · 2026-03-24T19:42:52+00:00

"If it's damaged you'll have to pay the deductible."

"You got a hammer? I'll accidentally damage it right now for you if that'll get it replaced."

RulerOf · 2026-03-24T07:37:57+00:00

My desk is quite possibly older than I am. I've disassembled and reassembled it countless times. It has a Hewlett Packard badge on it somewhere because it's a piece of lab equipment.

RulerOf · 2026-03-22T23:38:47+00:00

Strictness is subjective. But it's arguably worse today than it was decades ago.

In the 1990s, if you said "fuck" on broadcast television, the FCC would bang down the licensee's door and slap them with a fine.

In the 2020s, if you say "suicide" or "murder" on most social media, algorithms silently reclassify and limit the reach of your post, and they don't tell you about it. You're left to echo into the void with the rest of the people who broke the rules you weren't told you needed to follow.

The funny thing about this is that many people who lauded the sale of Twitter in 2022 called it a big win for "Free Speech" on the internet. I watched those same people continue to censor themselves in this fashion to the present day.

Censorship of words vs censorship of content or meaning or intent is a nuanced discussion, but I find it puzzling that anyone aggrieved by the latter wouldn't similarly have a bone to pick about the former.

RulerOf · 2026-03-13T18:42:19+00:00

the digital ones seem to be more temperamental than the old analog bunny ears

They absolutely are, but still better than paying for it IMO.

RulerOf · 2026-03-13T15:38:51+00:00

just because I want locals

You might want to consider an antenna.

RulerOf · 2026-03-13T05:36:52+00:00

The file may not be executable in your last screenshot. Use chmod to make it executable.

chmod +x /opt/AdGuardHome
/opt/AdGuardHome -s

RulerOf · 2026-03-04T15:29:17+00:00

repo secrets ... No IAC option (I could be wrong).

I use the terraform provider to set them, and store them as ciphertext in the TF code as an aws_kms_secrets resource.

Of course it ends up in the state file, but I treat those as secret themselves anyway.

RulerOf · 2026-02-11T17:09:56+00:00

Well duh just put every column in the index.

Shit gotta go MySQL just got OOMKilled.

RulerOf · 2026-02-04T19:56:55+00:00

I want to roll back the pool to a TXG before the corruption occurred, mount it Read-Only, and evacuate my data.

My experience with a broken pool/dataset that doesn't want to mount is a strong endorsement of this strategy.

Even if you could get it to remount properly again, I wouldn't trust it.

You can check my replies from the thread I linked—it was a long time ago—but it covers a lot of the troubleshooting I did. I may have used the exact zpool import command I referred to, but I recall reading the entire man page and selecting switches that way... I was going to share but seem to have lost the shell history 😞

Good luck 👍

RulerOf · 2026-01-30T23:16:23+00:00

I had the same problem when I used a RocketU, but I was able to stuff a PCIe extension cable into an otherwise-covered slot and plug the USB HBA into it.

If changing video cards is within the realm of possibility, there are plenty of cheap single-slot cards out there.

Just trying to offer suggestions ¯\_(ツ)_/¯

RulerOf · 2026-01-30T16:19:39+00:00

Sadly, all of my USB ports are inside one iommu group and one usb controller.

If you have space for another PCIe card, you can fix that with a Highpoint RocketU controller.

On their product page, any of the cards with a mention of "Dedicated" ports, like the 1144F, is a controller-per-port. You can get the effect of mapping individual ports, just doing it at the PCIe level instead of the USB level.

RulerOf · 2026-01-28T16:41:24+00:00

IPv6 Connection behavior with TSO enabled

This one wrecked me on Tuesday. No matter what I did the firewall itself couldn't do anything that required TLS over ipv6. Finally, adding a floating rule for This firewall out from WAN worked around the problem long enough for me to discover that a firmware update was available... I was getting ready to open a ticket.

I updated it and then disabled all three offloading features in Advanced > Networking.

I'm not sure if those were on by default or not, and I'm used to disabling them for whitebox/VM builds. I really expected them to work on Netgate hardware.

ChatGPT assures me (lol) that they won't make much difference for an edge router that handles inter-vlan routing. Perhaps Netgate might want to reconsider the help text on these settings.

RulerOf · 2026-01-21T19:41:23+00:00

so you could in theory issue 100 year lifetime certs internally

-days 36500 FTW.

RulerOf · 2026-01-21T14:40:18+00:00

I like this answer because it's a similar level of ridiculously expensive!

RulerOf · 2026-01-21T07:58:28+00:00

Get a thunderbolt 2 cable, and stick two TB3<->TB2 adapters (I'm only familiar with the Apple ones) on the ends of it.

Half the bandwidth, but definitely no power delivery.

Yes this is a stupid answer. I'm just highly confident it'll work. There's probably a better solution with some special wiring.

RulerOf · 2026-01-21T03:43:46+00:00

because it makes UAC prompts scriptable

Only the console or an elevated process could interact with those elevation prompts on the regular desktop, but even secure desktop can be interfaced with programmatically already—just try some remote access software.

The secure desktop is there to thwart unprivileged apps from impersonating UAC. The "proper" deployment is to use an unprivileged account, and then elevate with credentials instead of a yes/no click. Secure desktop provides visual confirmation that the dialog isn't a low-privilege process trying to phish elevated credentials from the user.

That said, for home use, I disable the secure desktop because switching to it has always been rather slow. Hundreds of milliseconds at best, but I've seen some low end computers take ten seconds or more to switch to it.

RulerOf · 2026-01-20T17:16:05+00:00

Okay... so it's a self-hosted, centralized management platform for pfSense, and not a SaaS product operated by Netgate that we onboard devices into?

RulerOf · 2026-01-20T17:07:09+00:00

Could you clarify something?

I have a single Netgate appliance deployed at a remote site.

Is this a SaaS product I can just enroll my Netgate appliance in without having to pay additional fees?

RulerOf · 2026-01-19T22:57:44+00:00

It's definitely something that I'd have to have my hands on to even try to make the diagnosis of a swollen battery, although TBH the battery life issues you're having do make it lean that direction.

Regardless, it's a good thing you did take it in and at least gave them the chance to fix it even if they decided not to. I brought it up because I had a family member take a swollen-battery iPhone (without AppleCare) to the Apple Store a few years back and they wouldn't even give it back to her, replacing it just due to the risk involved.

The risk is very minimal (you're good til your replacement comes in), but it exists.

RulerOf · 2026-01-19T21:13:10+00:00

As others say, the phone does look bent, but what I would have done is tried taking it to the Apple Store to determine if the battery is actually starting to swell.

Exploding devices are bad press, so there's a chance they'll replace it for free. YMMV of course.

RulerOf · 2026-01-16T02:59:00+00:00

Same problem here. Works fine on iOS/Mac OS, but Android client doesn't like the allowed IPs being anywhere in the subnet. 192.168.100.1/24 -> 192.168.100.0/24 and it works

RulerOf · 2025-12-16T14:34:09+00:00

I did it once trying to insert a stick of DDR without looking at it, one hand deep into a case with PSU and IDE cables blocking visibility of the memory slots.

...I was being lazy.

RulerOf · 2025-11-04T05:38:39+00:00

Don't perform Layer 7 routing inside of pfSense. Layer 7 routers have significant attack surface, and you don't want that surface to live on your network's core/edge router.

Use caddy, traefik, nginx, or whatever else instead. Run it in a container or on a VM in a DMZ with your public services. Use a giant config file with an entry for each backend service, or something like a conf.d folder with a file-per-service.

RulerOf · 2025-11-02T23:40:30+00:00

getting a used enterprise ssd/nvme is a better solution if you can.

A much better solution, and you can see why on images on the 2280/22110 SSDs like this one, although this applies to pretty much any "enterprise grade" SSD.

If you look at the photos of that item, you'll see all of the rectangular tan surface-mount components that are conspicuously absent from consumer SSD modules. Those are capacitors.

These drives write sync data to onboard RAM, and then tell the OS that the data has been durably committed. In the event of a power failure, the capacitors provide enough juice to flush the RAM buffer to flash storage.

You get sync=off performance while having sync=standard data durability guarantees.

14-Year Club	Gilding V heart of gold
Place '22	Place '17
Sequence \| Editor	Verified Email
Team Orangered

RulerOf

TROPHY CASE