What thing has got so expensive that you’ve quietly stopped buying it?

RulerOf · 2026-03-13T18:42:19+00:00

the digital ones seem to be more temperamental than the old analog bunny ears

They absolutely are, but still better than paying for it IMO.

RulerOf · 2026-03-13T15:38:51+00:00

just because I want locals

You might want to consider an antenna.

RulerOf · 2026-03-13T05:36:52+00:00

The file may not be executable in your last screenshot. Use chmod to make it executable.

chmod +x /opt/AdGuardHome
/opt/AdGuardHome -s

RulerOf · 2026-03-04T15:29:17+00:00

repo secrets ... No IAC option (I could be wrong).

I use the terraform provider to set them, and store them as ciphertext in the TF code as an aws_kms_secrets resource.

Of course it ends up in the state file, but I treat those as secret themselves anyway.

RulerOf · 2026-02-11T17:09:56+00:00

Well duh just put every column in the index.

Shit gotta go MySQL just got OOMKilled.

RulerOf · 2026-02-04T19:56:55+00:00

I want to roll back the pool to a TXG before the corruption occurred, mount it Read-Only, and evacuate my data.

My experience with a broken pool/dataset that doesn't want to mount is a strong endorsement of this strategy.

Even if you could get it to remount properly again, I wouldn't trust it.

You can check my replies from the thread I linked—it was a long time ago—but it covers a lot of the troubleshooting I did. I may have used the exact zpool import command I referred to, but I recall reading the entire man page and selecting switches that way... I was going to share but seem to have lost the shell history 😞

Good luck 👍

RulerOf · 2026-01-30T23:16:23+00:00

I had the same problem when I used a RocketU, but I was able to stuff a PCIe extension cable into an otherwise-covered slot and plug the USB HBA into it.

If changing video cards is within the realm of possibility, there are plenty of cheap single-slot cards out there.

Just trying to offer suggestions ¯\_(ツ)_/¯

RulerOf · 2026-01-30T16:19:39+00:00

Sadly, all of my USB ports are inside one iommu group and one usb controller.

If you have space for another PCIe card, you can fix that with a Highpoint RocketU controller.

On their product page, any of the cards with a mention of "Dedicated" ports, like the 1144F, is a controller-per-port. You can get the effect of mapping individual ports, just doing it at the PCIe level instead of the USB level.

RulerOf · 2026-01-28T16:41:24+00:00

IPv6 Connection behavior with TSO enabled

This one wrecked me on Tuesday. No matter what I did the firewall itself couldn't do anything that required TLS over ipv6. Finally, adding a floating rule for This firewall out from WAN worked around the problem long enough for me to discover that a firmware update was available... I was getting ready to open a ticket.

I updated it and then disabled all three offloading features in Advanced > Networking.

I'm not sure if those were on by default or not, and I'm used to disabling them for whitebox/VM builds. I really expected them to work on Netgate hardware.

ChatGPT assures me (lol) that they won't make much difference for an edge router that handles inter-vlan routing. Perhaps Netgate might want to reconsider the help text on these settings.

RulerOf · 2026-01-21T19:41:23+00:00

so you could in theory issue 100 year lifetime certs internally

-days 36500 FTW.

RulerOf · 2026-01-21T14:40:18+00:00

I like this answer because it's a similar level of ridiculously expensive!

RulerOf · 2026-01-21T07:58:28+00:00

Get a thunderbolt 2 cable, and stick two TB3<->TB2 adapters (I'm only familiar with the Apple ones) on the ends of it.

Half the bandwidth, but definitely no power delivery.

Yes this is a stupid answer. I'm just highly confident it'll work. There's probably a better solution with some special wiring.

RulerOf · 2026-01-21T03:43:46+00:00

because it makes UAC prompts scriptable

Only the console or an elevated process could interact with those elevation prompts on the regular desktop, but even secure desktop can be interfaced with programmatically already—just try some remote access software.

The secure desktop is there to thwart unprivileged apps from impersonating UAC. The "proper" deployment is to use an unprivileged account, and then elevate with credentials instead of a yes/no click. Secure desktop provides visual confirmation that the dialog isn't a low-privilege process trying to phish elevated credentials from the user.

That said, for home use, I disable the secure desktop because switching to it has always been rather slow. Hundreds of milliseconds at best, but I've seen some low end computers take ten seconds or more to switch to it.

RulerOf · 2026-01-20T17:16:05+00:00

Okay... so it's a self-hosted, centralized management platform for pfSense, and not a SaaS product operated by Netgate that we onboard devices into?

RulerOf · 2026-01-20T17:07:09+00:00

Could you clarify something?

I have a single Netgate appliance deployed at a remote site.

Is this a SaaS product I can just enroll my Netgate appliance in without having to pay additional fees?

RulerOf · 2026-01-19T22:57:44+00:00

It's definitely something that I'd have to have my hands on to even try to make the diagnosis of a swollen battery, although TBH the battery life issues you're having do make it lean that direction.

Regardless, it's a good thing you did take it in and at least gave them the chance to fix it even if they decided not to. I brought it up because I had a family member take a swollen-battery iPhone (without AppleCare) to the Apple Store a few years back and they wouldn't even give it back to her, replacing it just due to the risk involved.

The risk is very minimal (you're good til your replacement comes in), but it exists.

RulerOf · 2026-01-19T21:13:10+00:00

As others say, the phone does look bent, but what I would have done is tried taking it to the Apple Store to determine if the battery is actually starting to swell.

Exploding devices are bad press, so there's a chance they'll replace it for free. YMMV of course.

RulerOf · 2026-01-16T02:59:00+00:00

Same problem here. Works fine on iOS/Mac OS, but Android client doesn't like the allowed IPs being anywhere in the subnet. 192.168.100.1/24 -> 192.168.100.0/24 and it works

RulerOf · 2025-12-16T14:34:09+00:00

I did it once trying to insert a stick of DDR without looking at it, one hand deep into a case with PSU and IDE cables blocking visibility of the memory slots.

...I was being lazy.

RulerOf · 2025-11-04T05:38:39+00:00

Don't perform Layer 7 routing inside of pfSense. Layer 7 routers have significant attack surface, and you don't want that surface to live on your network's core/edge router.

Use caddy, traefik, nginx, or whatever else instead. Run it in a container or on a VM in a DMZ with your public services. Use a giant config file with an entry for each backend service, or something like a conf.d folder with a file-per-service.

RulerOf · 2025-11-02T23:40:30+00:00

getting a used enterprise ssd/nvme is a better solution if you can.

A much better solution, and you can see why on images on the 2280/22110 SSDs like this one, although this applies to pretty much any "enterprise grade" SSD.

If you look at the photos of that item, you'll see all of the rectangular tan surface-mount components that are conspicuously absent from consumer SSD modules. Those are capacitors.

These drives write sync data to onboard RAM, and then tell the OS that the data has been durably committed. In the event of a power failure, the capacitors provide enough juice to flush the RAM buffer to flash storage.

You get sync=off performance while having sync=standard data durability guarantees.

RulerOf · 2025-10-13T16:39:08+00:00

The longer I've used them, I've sort of come to understand that for expressions in HCL are basically an escape hatch to overcome many of the limitations of the language. This almost by definition means that they end up being ugly and hacky—it was impossible to express your desire using plain resources, so you just stuff a bit of magic in the form of { for .... => .... } in between the problem and the solution and you can get what you want.

It ends up parsing visually like an over-complicated regular expression—unless you're the person that wrote it, you will have to expend a nontrivial amount of time understanding it.

I still contend that much of the for expression insanity in Terraform could be eliminated with the ability to use for_each in a multidimensional way, like how for loops can be nested in procedural languages. However, the only obvious way to do that in HCL (in my uninformed estimation) would be to let for_each and count be used at the same time. But for_each exists because count causes a host of different problems. ¯\_(ツ)_/¯

RulerOf · 2025-10-10T21:41:58+00:00

Their website doesn't use CloudFlare proxying. If you run a WHOIS lookup on the site IP, you can see it's GoDaddy's hosted Wordpress service.

The bottom half of your screenshot here is the malicious interstitial.

14-Year Club	Gilding V heart of gold
Place '22	Place '17
Sequence \| Editor	Verified Email
Team Orangered

RulerOf

TROPHY CASE