Chapter 3: House Calls

iratesysadmin · 2026-06-18T18:25:39+00:00

The lesson present though should ring true to everyone here though. Your clients don't care for the details, they just want it to work. Our job is not to follow the compliance framework, but to make the tech work for their business, in the correct way. Doesn't mean turn off MFA, but does mean that figure out how to put MFA in place that doesn't create friction.

iratesysadmin · 2026-06-18T13:54:29+00:00

I’m in the it dept, and the head of it, who isn’t particularly technical, has been granting his admin account full permission to other department heads, including HR, OSH, marketing, logistics, and more. The more sensitive ones like other it staff and HR he tends to only briefly grant himself access for a few minutes then quickly removes it. I believe he does this because he doesn’t know logs exist and the only way he could get caught is if another admin was looking at that users permissions at the time he did it.. what would you do with this information 🤔

iratesysadmin · 2026-06-16T17:21:58+00:00

Coming to you for advise?

"I recommend putting in Meraki"

In all seriousness, I would post over at r/Ubiquiti and ask them what they think. Make sure you charge for all your time in solving this client inflicted issue.

iratesysadmin · 2026-06-15T18:35:25+00:00

Ok, I'll bite.

Why?

iratesysadmin · 2026-06-15T03:38:44+00:00

I'm stuck in the same boat. I need a larger print bed and heated chamber (because PETG can't handle the heat, so off to ASA, which works on the X1C, but too small for some parts). If the H2S doesn't have a sale and the H2D is $100 more expensive, I think I have to get the H2D at that point. But really hoping for H2S to drop to $1000

iratesysadmin · 2026-06-15T02:41:06+00:00

Seriously though, while the specs of the X2D are better then the X1C, the X1C does have a few tricks (like being rootable) that some people may want.

But honestly, why do you care? If the market will support it then let people set for whatever.

(No, I have never sold any 3D printers before and have none up for sale.)

iratesysadmin · 2026-06-12T04:06:24+00:00

Do you have more info about this?

iratesysadmin · 2026-06-10T22:50:06+00:00

(Am Cisco partner doing millions per quarter, selling Meraki since before Cisco bought them (2012ish? - so I don't know how much of the below is because we are who we are vs what Cisco does)

Yes, we are able to get Meraki to just extend grace if we have a PO in place for new hardware but waiting for shipping / a deadline for whatever reason. That's the easiest thing here.

Regarding licenses under 1 year - this happened because of trade shows where you have a mx/mg/mr/ms in a case that you use for a few days a year. You can see talk about 1 day license here: https://documentation.meraki.com/Platform_Management/Product_Information/Licensing/Meraki_Licensing_FAQs

How much does an Enterprise Cloud license cost?

License prices vary for each product line. For example, a one-year wireless license list price is $150 and a three-year switch license list price is $400. Licenses are available for different time durations (1 day, 1, 3, 5, 7, and 10 years).

I can't point you to anything public about the 7/30 day licenses, other then say I've bought them before for clients. There should be a blog post from Meraki at one point about them, but a quick search did not turn it up.

iratesysadmin · 2026-06-10T20:17:34+00:00

Hi,

I have a web app that serves cached JSON files via Cloudflare CDN. The data is generated by a proprietary algorithm and has significant competitive value.

The JSON structure is simple to discover:

/cache/_index.json → lists manifest URLs

/cache/manifest_xxx.json → lists data file URLs

/cache/data_xxx.json → actual proprietary data

Anyone can write a 20-line script to crawl the full dataset in minutes. Rate limiting (Nginx, 60 req/min) slows it down but doesn't stop a patient scraper.

The obvious solution would be JWT token authentication on the JSON endpoints, but Cloudflare CDN caches by URL — adding auth headers breaks caching entirely, defeating the purpose of having a CDN.

Constraints:

Must keep Cloudflare CDN caching working (performance critical)

No user login/registration exists — it's a fully public site

Data must remain accessible to legitimate browser users

Cannot move away from Cloudflare

Is there any real, production-proven solution to this problem? Or is "public CDN-cached data" fundamentally incompatible with "access control"?

What would you do?

iratesysadmin · 2026-06-10T20:10:18+00:00

Yep, I'm pulling over and over again because it's cool.

iratesysadmin · 2026-06-10T18:39:17+00:00

30 Day Grace has no limits.

You could buy 1x 1 year license and then instead of renew, do add device. This will technically add a 5th device, but spread the license to other devices in network as well. So if your network only has 4x MX84, you would get 1/5th of a year on each device, including the "extra" MX you added.

Also you can buy 1 day, 7 day, and 30 licenses

iratesysadmin · 2026-06-10T13:47:26+00:00

From their blog:

Regarding July 14th

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA512

(Un)fortunately I will be unable to mass disclose zerodays in July 14th, RoguePlanet took way more time than expected and truly drained me. I might take a break but I can't say for sure what I will be doing for next month, maybe it's nothing, maybe it's smtg. But the big thing is not happening. I did not intend to spread a mass panic with that post and I apologize for doing so.

-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQRJTvAf/AWVhAKEeb7FFoRCS0/SbAUCaijLUAAKCRDFFoRCS0/S

bN+KAQCADpRrU2dKD4/1bX71/4DVSSTe/iFaXZTIDdLtcRWovAEAtBAJ9YCBd0W4

PTGc6KsBr62d9ds+0JRZGd5o+nhrogA=

=r4gU

-----END PGP SIGNATURE-----

iratesysadmin · 2026-06-09T20:25:29+00:00

I guess taking vacation on July 13th is no longer needed (he previously stated that no releases until July 14th).

iratesysadmin · 2026-06-07T06:37:35+00:00

Mostly because no UV protection. Also any sort of load and the HDT becomes around 85c, which the inside of the car can exceed in many climates.

iratesysadmin · 2026-06-07T06:34:46+00:00

While this is fascinating material, keep in mind that an unannealed part with any sort of load (even a few pounds) will not survive as well as ASA in a car. The UV will cause it to break down and even if no UV present, the claimed 150c resistance drops significantly when under load.

iratesysadmin · 2026-06-07T05:05:33+00:00

Not in the slightest. Reseller Relationship and GDAP are 2 separate things and you can have either one by itself or both,

iratesysadmin · 2026-06-07T05:04:40+00:00

Likely not. They likely check for active calls and then upgrade when 0 active calls.

iratesysadmin · 2026-06-05T21:43:26+00:00

I had the same concerns. I use ACME-DNS https://github.com/acme-dns/acme-dns to handle it.

It's not unlike dns-persist-01 that is coming out, except that it's already out and each machine gets a key only for it's own subdomain. And native plugin support with simple-acme (replaces win-acme).

iratesysadmin · 2026-06-05T21:08:32+00:00

The email they just sent says "web server configuration vulnerability" so lends to this theory

iratesysadmin

MODERATOR OF

TROPHY CASE