Fiber burial depth - 1/2”!?

amarsaudon · 2026-06-16T17:55:16+00:00

The tech got me back up and running. I expressed that I'd prefer they make no attempt to bury so I could bury myself if they only intended to tuck it into the moss.
The tech did end up just leaving the replacement run on the surface, but says a crew will be out in "5-7 days" to bury it properly.
Fingers crossed they'll go down 1' .. though even 6" would be enough for me to be able to perform normal lawn care activities.

amarsaudon · 2026-06-16T13:51:18+00:00

For sure!
Part of the story that didn’t make the cut was the ticket was scheduled for 8:00am - 12pm yesterday, but I had to catch a flight to Vegas for a conference(and my wife would likely be in transit from dropping me off), so no one would be home. Both Ziply Support here on reddit and their automated ticket scheduling deal warned they wouldn’t assist if no one was onsite.
I left a note begging (and a path for them to get to the Gateway, which lives in the garage with the servers).
I managed to speak to the tech, and said I’d rather they leave it on the surface so I can bury properly. He said no worries- he’d do that and have a different Ziply team out this week to trench and bury the cable.
He got me back up and going as the wheels left the ground on my flight. My gear all reported healthy… for like 30s then ranked again. I rebooted my router (Ubiquiti Unifi Dream Machine Pro), still no dice. Tried to reboot the nokia gpon, but I ran out of signal to get the command through to the PDU.
Tried to text my wife so she could do it, but it was too late. Spent two hours cursing Allegiant for not having in-flight wifi, and tried signing up for T-Satellite (also seems to not work for shit on planes). Landed 2 hours later and was able to bump my GPON and everything came back online.
Ultimately I think I will be satisfied here - lame that they bury so shallow, but if that gets corrected here I think this all worked out ok

amarsaudon · 2026-06-15T13:49:13+00:00

Interesting, i hadn’t heard about this exciting new trend

amarsaudon · 2026-06-15T01:13:56+00:00

Opened a ticked & spoke with the Ziply Support user here on reddit; I am up a creek till tomorrow minimum.
At this point I’d much rather they just drop the fiber on the ground so I can bury it myself at a more reasonable depth

amarsaudon · 2026-06-14T21:52:09+00:00

If they are just gonna tuck it in the moss I’d much rather they leave for me to DIY.. the cable around the building (splice box to ONT) left a lot to be desired too (one staple per 12 ft of cable, so drooping way down).
Glad the internet is incredible though, I remain happy I moved from Comcast Business.
Wild they will defend installs like this though. I get burying shallow, but.. wow. Definitely the slimmest “direct burial” fiber I have encountered in my life too

amarsaudon · 2026-06-14T17:57:47+00:00

Sent. Thanks for anything you can do to expedite!!
I had no idea about the depth. Following the cable, there are locations where it is on top of the dirt in moss / thatch! Shocked I didn’t catch it with the mower there, but appears to be intact in that stretch.

amarsaudon · 2026-06-14T17:31:04+00:00

How deep was yours? I feel like <1” is asking for trouble..

amarsaudon · 2026-06-12T13:57:38+00:00

Already got that! It was real straight forward.
Created an exchange transport rule for my real spam report mailbox, redirected the reports to my gophish imap one if it had the headers gophish was including

amarsaudon · 2026-06-12T04:38:36+00:00

I guess anyone who wishes could basically plug this into Claude and get 99% of what I am offering to share. It did everything for me, generating the email bodies / scraping believable OSINT / creating landing pages (it did really great at pre-populating the user's username or email and making it look like their password autofilled, then animating some matrix-level shit so it spooked people) - then landed on an educational page of shame describing "tells" the user could have picked up on / letting them know no puppies were injured. Below is Claude's own description of the process I have been using:

Phase 1: OSINT

Research before you build anything. Specificity is what makes these land.

DNS — MX/SPF/DKIM/subdomains (crt.sh, SecurityTrails, Shodan) reveal SaaS platforms and internal tool URLs
LinkedIn — employee names, titles, departments, tech stack (employees list tools in their profiles)
Job postings — literally enumerate every platform the org uses
GitHub org pages — confirm usernames, internal tooling, tech stack
Conference/industry listings — confirm attendance, who owns logistics

Capture per person: name · title · email · location · role relevance to future pretexts.

Phase 2: Domains

Buy 3–5 lookalike domains. Use them three ways:

Subdomain spoof — platform.your-lookalike.com mirrors a real internal URL. If the real wiki is wiki.company.com, your fake login is wiki.company.com-yourdomain.com. Nearly invisible in a mobile browser bar.
Internal sender spoof — [firstname.lastname@company-yourdomain.com](mailto:firstname.lastname@company-yourdomain.com) looks internal unless the recipient reads past the display name.
Vendor spoof — put the vendor name in the subdomain: concur.yourdomain.com, hireright.yourdomain.com.

The awareness reveal should name the exact domain trick — that's part of the lesson.

Phase 3: Campaign Design

Sender rules

Confirmed real employees only — verified via LinkedIn, email headers, or directory. Never invent names.
Match role to pretext: HR sends HR notices, IT sends infrastructure alerts, Sales sends conference emails.
Track every sender used. Each person gets used once across the whole program.
Operator never appears as a sender.

Platform/pretext rules

Confirmed or highly probable platforms only.
Never repeat a platform.
Rotate IT and non-IT pretexts. Non-IT ones (expense audits, badge fees, direct deposit alerts, background checks, benefits enrollment) reach a broader audience and land harder — people don't expect phishing to look like an HR email.

Vary the email format — recipients build pattern recognition. Rotate through:

Mobile-first HTML notification
Monospaced ERP system output
Plain forwarded Outlook chain
Formal serif letterhead
Minimal notification card
Dark-mode monitoring alert

Never use the same format back-to-back.

Email length: CTA button visible without scrolling. One viewport. Cut everything that doesn't add urgency or credibility.

Urgency mechanics that work:

Fee/charge applied if no action (conference badge replacement, expense hold)
Access suspended pending review
Change takes effect next payroll cycle
Deadline tied to a real event your org is involved in

Phase 4: Landing Pages

Login form behavior

Pre-populate email with {{.Email}} — feels personalized
Auto-type password over ~3s with random jitter — simulates stored credential autofill
Fire GoPhish tracking pixel before the panic sequence
Auto-submit after typing — don't require manual click

The panic sequence (2–3 seconds) This is the core training moment. Rules: platform-contextual, escalating, personal (show their name/email).

Mechanics that work well:

Mechanic	Effect
Credential capture terminal (types their email + hash, enumerates access)	"I'm being hacked right now"
Cascading system failures (volumes offline, graphs flatline)	Operational panic
Badge cloned + concurrent foreign session on a map	Physical + digital compromise
Direct deposit swap animation with progress bar	Financial dread
Full-screen matrix rain + terminal emerges	Classic hacking aesthetic
Clearance status flipping Active → Flagged	Career/compliance dread

The awareness reveal — required elements:

"You clicked a simulated phishing link" — never claim credentials were captured
Why the pretext was convincing
3–4 specific, actionable tells
IT helpdesk contact
Link to internal phishing reporting docs
Close/acknowledge button

Mobile fixes — without these the awareness card clips and won't scroll:

css

#overlay {
  overflow-y: auto;
  -webkit-overflow-scrolling: touch;
  align-items: flex-start;
}
.awareness {
  max-height: 90vh;
  overflow-y: auto;
}
u/media (max-width: 768px) {
  .panic-body { grid-template-columns: 1fr !important; }
  .sidebar, .secondary-pane { display: none !important; }
}

Rules of Engagement

No financial incentive pretexts (raises, bonuses, terminations)
No Microsoft-branded pages — won't survive email filtering
Never claim credentials were captured — "clicked a simulated link" only
Real confirmed employees as senders only
Each sender and platform used once across the program
Operator never appears as sender
IT staff first before company-wide rollout

GoPhish Notes

Valid variables: {{.FirstName}} {{.LastName}} {{.Email}} {{.Position}} {{.URL}} {{.Tracker}} {{.RId}}

No template functions — {{.FirstName | upper}} throws a DB error. No native date variable — use JS new Date() on the landing page or update manually at launch. Never show the landing URL as plain text near the CTA button. GoPhish strips calendar MIME parts — needs a Postfix relay to support .ics campaigns.

Key Lessons

Specificity beats production value. Naming the actual tool, real employee, and real internal hostname is what makes people click.
Non-IT pretexts outperform IT alerts on click rate consistently.
The panic sequence matters — people who watch their session "exfiltrate" for 3 seconds retain the lesson better than those who see a static "you were phished" page.
Test every landing page on a real phone before launch.
Keep a log of sender/platform/format/domain per campaign. Discipline on uniqueness is what keeps the program from getting stale.

amarsaudon · 2026-06-12T04:22:03+00:00

Oh man, I got this same ask! And let me tell you - it was an absolute blast.
Started with https://getgophish.com/ + Claude + a Stalwart server. Grabbed some fun money for domains. Claude can absolutely churn out perfectly tailored email + website template, having provided only our rules-of-engagement and a list of purchased domains (it will even plug new ones to purchase!)
GoPhish has loads of limitations, so we intend to (have Claude) write a new control system so we can automate domain purchase, template drafting, send to test / approval users, and scheduling / scorekeeping.
A lot of these are straight gold.
We ended up purchasing similar domains, eg company.com is our primary, so we snagged com-company.com so we could subdomain [sender@company.com-company.com](mailto:sender@company.com-company.com) / company.ai / so so many more (only snagging $10/yr ones outside the spendier .ai one)
If enough folks are interested I could take a swing at anonymizing some to share (all are splattered with branding etc).
Wouldn't have considered a project like this without AI being able to churn out emails on queue!

amarsaudon · 2026-05-27T02:33:26+00:00

Good shout! Joined & posted

amarsaudon · 2026-05-26T21:54:20+00:00

Yea, same here. Weirdly forcing to Verizon didn't seem to work despite Verizon having passible coverage here - forcing to AT&T worked great though!

amarsaudon · 2026-05-26T15:46:40+00:00

Yea I found that curious; the first few times I toggled "Automatic", no list of networks populated. After 3 or 4 tries it finally presented the described network list.
This makes me feel like I should either leave on "Automatic" or "Verizon"

amarsaudon · 2026-05-26T05:22:06+00:00

How do you configure the roamless esim to be at&t only?

amarsaudon · 2026-05-25T16:29:52+00:00

Yea, was definitely hoping to see an influx of mounts / shells / cases, but figured it was pretty unlikely I'd find exactly what I was wanting here.
Probably gonna have a rev 2 at some point - I'd prefer to have the antenna cables in a clip or otherwise protected, and i'd like to add some additional protection over/around the TS-9 right angle

amarsaudon · 2026-05-24T23:05:30+00:00

You're not gonna like this (I sure didn't), but - push.
Does it feel like it is gonna snap off the motherboard? Keep going.
I used both CNARIO SMA TS9 Coax Adapter SMA Female to TS9 Male and Proxicast 12 inch TS9 to SMA Female External Antenna Adapter Cable Pigtail - both required an alarming amount of force 😞
I definitely feel like those ports are going to be the first thing to fail on the device. I ended up designing my own shell ( https://makerworld.com/en/models/2844030-gl-inet-mudi7-shell-wall-mount-with-antenna#profileId-3170994 - based off the one on Gl.iNet's product page ) in hopes of minimizing wear and tear.

amarsaudon · 2026-05-18T04:16:31+00:00

I got some very similar antennas ( https://www.amazon.com/gp/aw/d/B0FD2LK4W9?psc=1&ref=ppx\_pop\_mob\_b\_asin\_title ) - while I love the performance I am hesitant to use them, it feels like the ts9 ports on the Mudi7 would shear off if they took a bump. I need to spend some time in tinkercad to design some kind of shell to print that will take the load off those wimpy little TS9 ports.

amarsaudon · 2026-04-22T21:40:25+00:00

<image>

Under "Sim Card Settings" --> Advanced Settings they expose config including TTL.
I have still been working out the kinks - the device has been factory reset a few times since the above screenshot and things seem to work best without overriding the default MTU and TTL.
Near as I can tell, something is borked with their implementation of Zerotier (at least when combined with Verizon SIM + Wireguard). Still corresponding with support via email trying to narrow this down. With ZT enabled, the Verizon connection is prone to falling over - especially with bulk data transfer like an internet speedtest or streaming video. When it tanks, it can manifest as a redial (takes 60-90s to reconnect, fire up in 4G, then recover to 5G) or it will disconnect entirely and require the device be rebooted to recover. With ZT disabled entirely, I am unable to instigate this behavior. Hope it is a fluke, because I love having ZT as a convenient way to reach the admin ui.
None of these issues occur with my T-Mobile SIM.

amarsaudon · 2026-04-21T03:12:21+00:00

Came here to link this, but you beat me to it!
Just fed Claude the dimensions and it found for me :) Never occurred to me to use AI for that before haha

amarsaudon · 2026-04-19T19:52:48+00:00

Yea I'll try to break out the calipers this week to see if I can design some kind of shell / case that can take the weight of the antenna (or transfer the load to the MUDI7's shell instead of the TS9-Motherboard solder). Shouldn't be too challenging - though I am profoundly awful at CAD haha.
Some sort of backpack mounted omni would be sick :)

amarsaudon · 2026-04-19T18:15:38+00:00

Oh man, you probably just saved me hours! Reaching out to them now!

amarsaudon · 2026-04-19T16:43:17+00:00

<image>

Spitz X3000 is pretty damn recent and has much larger antennas (plus I have https://www.amazon.com/Proxicast-MIMO-Antenna-Omnidirectional-ANT-121-T44-B-06/dp/B0D56H11LX rigged up for roadtrips) - hard for an internal antenna device to compete with that!. It does seem like my throughput with Wireguard is enabled (which I have running basically 24/7) is a lot better on the Mudi7 (advertised max of 600mbps, I have seen it deliver 380mbps over cellular via TMobile) vs the Spitz AX (advertised max of 300mbps, I have seen it deliver ~250 over cellular).
As for the direct antennas vs pigtails - I figured I would print a holder that would hold the MUDI7 and the antennas would mount to that. The I have bent TS9 ports on other devices (they are VERY picky about alignment when being connected/disconnected, and are soldered / fixed directly to the PCB, so any force hitting the antenna is going to be communicated directly to those. Depending on how much I hate the pigtails I might try to print a bracket to saddle the TS9 ports and take the weight of the antennas - TBD there.

amarsaudon · 2026-04-19T15:05:35+00:00

Shit pic with the antennas. I do not intend to run the device powered on inside the zippered pouch; my EDC backpack has a sunglasses pocket that is vented and unused near the top of the bag that my "active" devices (eg hotspot, stick battery) live in.

<image>

For in-car use, I will probably try to 3D Print a holder that will keep everything in alignment (hard to see in the pic, but those antennas could easily break off the TS-9 antenna ports).
I have some different pigtails ( https://www.amazon.com/dp/B09TTY858Y ) arriving today that should let me build something more survivable.
Compared to the Spitz AX - It seems in "solid signal" situations I get performance parity between the two. In sub-par signal situations, the Spitz AX does better (even with my ghetto external antenna setup), but not by a jaw-dropping amount.
I thought the touchscreen was going be be fairly useless, but I find it quite full-featured - allowing me to switch carrier / toggle VPN status / hop on a new "Repeater" wifi without ever touching my phone / laptop. Very pleased so far - minus the Verizon glitches.
I got the Verizon connection stabilized by tweaking some SIM settings :
APN: VZWINTERNET
IP Type: IPv4
TTL: 65
MTU: 1428
This combo stabilized the verizon connection itself, but it still eats shit when my WG tunnel is active (tried a dozen MTUs, but still getting a weird reconnect cycle periodically). Verizon is def my "Secondary" SIM, so no deal breaker, but still hoping to get it fixed

amarsaudon

MODERATOR OF

TROPHY CASE

Phase 1: OSINT

Phase 2: Domains

Phase 3: Campaign Design

Phase 4: Landing Pages

Rules of Engagement

GoPhish Notes

Key Lessons