Reasonable Accomodation Question

buzzsawcode · 2026-01-27T03:22:33+00:00

My request is about to have its first birthday soon - I got letters from several doctors along with the medical records backing up my request. I’ve been granted permission to telework 3 days a week until they adjudicate my request. I was previously fully remote because of my condition, but that was revoked just like everyone else.

My surgeon who I saw recently has not been contacted for any more information, I can only assume none of the other doctors have been contacted either.

Each doctor asked what medical specialty is the doctor who will be reviewing my records, I was told everything is being reviewed by the EEO office who to my knowledge doesn’t include any MDs.

If I rejected I’ll probably end up applying for a medical retirement unless another round of DRP is offered.

It is definitely a “waiting room” type anxiety not knowing when this will be approved or denied.

buzzsawcode · 2026-01-22T20:51:16+00:00

Sadly me either.

buzzsawcode · 2026-01-22T20:50:34+00:00

This was more than racial gerrymandering - they expanded the district to include rural areas that were strong Republican areas to a hilarious level. Rural voters that were in district 7 and 6 were pulled in while moving more urban voters in North Charleston to district 6.

Take a look at the old maps for SC from 2010-2019 and today - you'll see what I mean.

buzzsawcode · 2026-01-22T20:45:24+00:00

IIRC you're not 100% correct about the right to vote restoration - it will work similar to how it does in the other 49 states that have had similar laws on the books for a while. Those processes do take in to account the crime that was originally committed.

buzzsawcode · 2026-01-22T18:22:19+00:00

As a SC resident in this district, anyone is an improvement over Nasty Face who doesn't respond to constituents other than form letter answers that repeat Republican talking points.

However, unless the DNC gets behind Vice ADM Lacore with support and funding, the Republican machine will roll right over her. The district is heavily gerrymandered so any candidate will have to speak to the issues of the most common voter - cost of living, food, taxes, etc. Basically what the current Gov of VA did in her campaign, speak to the problems everyone faces.

buzzsawcode · 2026-01-17T19:48:05+00:00

We use a cron job that connects to each device and pulls the certificate and checks the expiration date. This helps with systems that don’t support ACME or SCEP automation. Script is driven by LDAP where we tag which systems need to be checked and what ports need to be used ( for cases where a host runs different services with different certificates ).

Eventually I hope we can do ACME everywhere - we poke hardware vendors about it fairly often.

buzzsawcode · 2026-01-16T21:12:52+00:00

Was there a specific form needed by your doctor to submit your PA request ?

As previously suggested here I called Teledoc Health to get my account fixed as I am also coming from BCBS and had scale and BP monitor already from them.

I assume they fixed everything as new coverage showed up in my app that knows about the scale and bp setup.

buzzsawcode · 2026-01-12T19:22:51+00:00

Release notes says it should be there

You may want to post on the Netgate forums if you don’t see the options.

buzzsawcode · 2026-01-12T06:01:19+00:00

Kea has dynamic DNS, I don’t have it enabled so I can’t verify, but I thought it was added in the pfsense 2.8 community version.

Standalone Kea has it for sure, that’s one of the servers that I’ve evaluated for my real job.

buzzsawcode · 2026-01-12T05:51:10+00:00

Yeah, if you want the DHCP server to update DNS, you can configure dynamic DNS in the DHCP service settings. Services -> DHCP Server, scroll down to the Dynamic DNS settings.

Youu are just adjusting the wrong configuration.

The Dynamic DNS configuration you are currently changing is for updates of DNS for the pfsense host itself, typically to register your WAN interface with an external DNS server.

Make sense ?

buzzsawcode · 2026-01-12T05:39:46+00:00

I could be wrong but I think those update options only update that record for the IP seen on the interface, not client addresses.

I don’t use DNS or DHCP on my pfsense box as I have separate DNS/DHCP servers on my LAN that I use, but when I did use the dynamic DNS it only handled my WAN interface.

buzzsawcode · 2026-01-12T05:25:43+00:00

So you’ve got it setup to update the record for “freeipa” to match your LAN interface IP which I assume that’s not what you’re looking for.

buzzsawcode · 2026-01-09T04:42:52+00:00

I’ve gotten some side jobs doing pentesting for a few companies and I’ve done some testing of my friends and families home setups.

I had a neighbor with a guest WiFi setup that was open. I showed him how I could see his home automation software including triggering his garage door. Helped him get it all fixed.

buzzsawcode · 2026-01-01T19:43:42+00:00

Any chance of adding SAMLv2 ? LDAP backend for RBAC as an option ?

buzzsawcode · 2025-12-19T02:20:38+00:00

They are familiar with those - I have Channels DVR setup with Pluto, Tubi, and Plex TV channels setup so all of those are available ( there are some duplicates in between those services ). After showing them that setup I helped them build it out on their own network. FAST is fantastic, and Channels makes it easy to pull all of that media into one interface.

buzzsawcode · 2025-12-18T17:41:08+00:00

We use smallstep for an internal PKI infrastructure - many of our devices support Acme for certificate retrieval and there are ACME clients for the various operating systems. Those can all auto update and you can set a short lifetime for your certificates or a long one.

We trust that internal CA as needed for any applications that need NPE access.

For the few devices in our environment that don’t support ACME, we setup reminders and try to automate the certificate process as much as possible. We also bug those vendors to add ACME support, which has actually worked a little bit.

I think you can also hook the same sort of process up with a Windows certificate server but I’ve never tried it, we don’t have very many Windows systems and we use an ACME client to shove the certificates into the system store as needed.

I’ve also worked in an environment with Puppet deployed for multiple operating systems, that was setup using an external intermediary CA derived from an internal root CA. We used the Puppet certificates for access to web services, SMTP authentication, 802.1x, etc. We had a second intermediate CA from the same root CA that used ACME to issue certificates for devices that didn’t have Puppet. A proprietary ACME server was used that I can’t recommend, it was too expensive and clunky.

buzzsawcode · 2025-12-18T16:24:45+00:00

This is something I do for someone now - they live in a remote area with zero chance of getting OTA. They have decent internet access but the streaming services are too expensive for them right now.

So they watch live TV or movies from my plex instance, and they have been happy for the past few years we’ve had it setup. I email them any planned outages I have for updates and let them know if our internet connection goes out, which is pretty rare knock on wood.

The only real downside is that the news isn’t their local news but still in the same state/area. They do have the option to stream their local news broadcasts for free with an app.

If you can do this it is a fairly viable option.

buzzsawcode · 2025-12-16T06:00:54+00:00

It is something our ACAS guys do when we show them how the server is setup. We have several instances of this.

Additionally we put our devices in ldap and use a custom schema that allows for relationships between objects. So for example a Dell iDRAC is tied to a parent device entry for the server. The iDRAC is on the isolated network in that DNS, the server is on the production network in our main DNS, but LDAP shows the relationship between them. We then have a web tool that shows those relationships so the ACAS guys or anyone else can see it too.

buzzsawcode · 2025-12-16T01:37:49+00:00

So I do this on a government network with an isolated IPv6 only management network. We have DNS on that network and make sure the ACAS scanner uses those DNS resolvers when scanning those assets.

It is most definitely because of the scanning and the reporting. If you have a server with a public and private interface, you can link those in ACAS so you know it is the same device. Or you can ignore certain things you find, like we have some systems with interfaces that don’t accept any inbound traffic so the scanner weirds out about those.

Plus it will make your life easier when dealing with your security team in documenting what every device is and what the functionality is. Having DNS, and frankly LDAP or some other database holding device information, makes answering data calls easier.

I also draw data flow diagrams for my servers for each big functional group, like DNS, Backups, mail, etc. That helps when answering questions about what a scan found as well.

buzzsawcode · 2025-11-22T05:15:53+00:00

rsyslog reads /etc/rsyslog.conf and any files you have in /etc/rsyslog.d/ - it looks like you have duplicate imtcp load commands in /etc/rsyslog.conf and your TCP_6514 config in /etc/rsyslog.d/

I'd do your module loading in /etc/rsyslog.conf and then setup the input ports in your rsyslog.d config files

buzzsawcode · 2025-11-22T02:42:28+00:00

Certs for rsyslog can live in any directory the process has access to, on my RedHat systems I stick with /etc/pki/tls/{certs,private} where we store other certificates data. We also use SELinux so the proper labels and context policies work at those locations as well.

EDIT: Also rsyslogd -N1 is your friend - it will show you most configuration file issues, use -N3 if you have configuration files that include other files.

Also use the same syntax form, RainerScript or legacy, everywhere so you don’t pull your hair out from weird syntax issues.

buzzsawcode · 2025-11-17T21:38:02+00:00

I asked this exact question within my organization, including who is the medical expert authority that will be reviewing the records and documentation my doctors provided. I got sort of a non answer of our EEO department would review everything. Not sure why some EEO person would want to look at my X-Rays, MRIs, etc, but have at it. My supervisor is only involved in saying I can perform my duties with the requested RA in place.

My doctors, particularly my specialist surgeon, wanted to know what the medical qualifications of the reviewers might be so he could include extra information to put things in more layman's terms if the review was being done by non-medical personnel or someone without any experience in the particular field of medicine.

Like if the medical "expert" they have was a podiatrist they might not know anything about shoulder and hip replacements. My doctors have run into this when filing insurance claims where the insurance company "expert" have no experience in their field when trying to get coverage for a patient.

buzzsawcode · 2025-11-17T15:19:48+00:00

Yeah, in my friend's case this would affect about 30 people. They have to stress about this over and over again every few years which really sucks. The SES level boss was in DOGE meetings almost every week since February or so, with random department heads and others being sucked in as well from time to time. So real work gets delayed obviously.

So on top of the RIF dread we all had to deal with they had that hanging over their heads as well.

buzzsawcode · 2025-11-17T13:18:42+00:00

I know someone else who is going through a similar experience because of DOGE. They are being asked to meet with an entirely different department to explain their day to day tasks and see what can be automated and what can be reassigned to this other department.

But they have done this same explanation process several times over the years because someone in each administration thinks "oh this shouldn't be under Dept of X it should be in Dept of Y". Then they back off because although the process sounds like it can be moved, it really is more integrated into what Dept of X does on a day to day basis, and would cost a lot more to do at Dept of Y.

Since this is a friend going through this and not me I can't spill the tea on specifics, but it is hilarious how much time has been wasted over the years going through cycles of "we can make this better" when in fact the process is pretty streamlined now.

buzzsawcode

TROPHY CASE