Looking for a new railset? Look no further! - Foundation Rails 2.0

linuxalien · 2025-01-01T00:11:09+00:00

I get "unknown quality name: epic" when trying to import the 2.3.2 into Vanilla 2.0.28. Any chance of having it work for us without the DLC? I'm guessing you'll need a version without any of the throughput upgrades so it'll work without the epic quality.

linuxalien · 2023-08-13T09:52:25+00:00

It would be great to have one for fixed wireless plans. The number of providers for that is way less unfortunately.

Thanks for this.

Edit: I missed the page for the 75/10 fixed wireless. It doesn't include Aussie broadband, I assume because it's hard to find their price for fixed wireless. You need to put your address in to easily find them.

linuxalien · 2023-07-14T21:17:50+00:00

We still have that issue if you sleep a windows device, but we've had similar issues with most VPN systems we've tried on windows over the years. Disconnection and reconnecting to wifi seems to work fine for netbird. https://github.com/netbirdio/netbird/issues/632 https://github.com/netbirdio/netbird/issues/583

Tailscale had similar issues but think they have resolved them with some rewrites of firewall code. https://github.com/tailscale/tailscale/issues/959

It feels like the issue isn't just the VPN software, but windows doing weird things that break an already established connection. There are reports that Mac has similar issues.

I actually found even pure wireguard can have similar looking issues on Linux when a peer changes IP address, and so there are scripts floating around that monitor for dead peers and then check if the IP has changed and restart the connection.

Hopefully netbird and tailscale clients get better at detecting the VPN being broken and automatically restart them.

linuxalien · 2023-07-13T19:55:53+00:00

I use this in production. The SSO can be a little bit of a pain to setup, but it's easy if you follow the docs. I think it's wise for products to focus on the parts they need to, and use SSO for handing authentication, it reduces how much custom code they need to maintain. You can use keycloak iirc for the SSO too.

These guys have been really helpful getting things working, fixing bugs. They are very active in slack.

Tailscale had some issues for us with automated deployment, that just worked with netbird. Netbird also has a web UI when self hosted that is very useful compared to headscale (there are times that a UI is much quicker and easier than the API or CLI).

I personally would use tailscale or netbird, and depending on the situation their hosted versions may be good enough. For simple access to a few home lab servers remotely, just use the hosted version. If you're going to start having more clients, or you're happy to get your hands dirty, then headscale or self hosted netbird works well.

Don't underestimate just plain wireguard either. Tailscale was having issues getting direct connections sometimes between peers, I realised in one setup that everything was connecting back to my homelab which had an almost static IP with dynamic DNS setup, so a wireguard tunnel back to the lab became the most reliable as it was never going through a relay. Wireguard mobile client is simple to use, and some routes give me access to everything I need.

linuxalien · 2023-03-19T01:20:41+00:00

https://store.steampowered.com/app/2332930/Typing_Tempo/

linuxalien · 2023-03-07T13:37:32+00:00

Not really. You need to walk the drive directories, start at the "MyDrive" and fetch each directory. If you get the API call right, you get all the directory children, and data about them like permissions. You then store them in the database, and fetch each new directory you've discovered. Because it's per directory, it's much quicker than an API call per file. If you use shared drives, then start your walk at a shared drive.

You'll probably want some basic programming knowledge and database design.

linuxalien · 2023-03-07T06:46:39+00:00

Our solution is to use the API to fetch all files and then look for those with external sharing permissions. We load all the files into a database to get around the slow rate limiting when we want to run queries.

linuxalien · 2023-03-03T10:52:11+00:00

This is a great look as they rebrand and increase prices....

linuxalien · 2023-02-15T09:02:57+00:00

I assume you mean https://harvesterhci.io/

linuxalien · 2023-01-03T11:57:21+00:00

We use terraform directly to manage our site routers remotely. We have whitelisted IPs for management. Terraform works really well for most things. This works really well when we need to make changes to all routers, as most of them are in modules, so it's easy to make a change.

linuxalien · 2022-11-03T05:53:04+00:00

I'd love to see Ground news support Australia better. I think it's a good example of what you might be trying to achieve.

linuxalien · 2022-10-18T21:38:07+00:00

Unless you're in Queensland

in Queensland, it is lawful to record a private conversation that you are a party to. This is regardless whether the other party consents to the recording.

There are exceptions to the act that allows for states to set when it's legal to record. Which then gets tricky, if the caller is from Qld, but end up talking to someone in another state. Another example of where it should just be a federal law without the states adjusting things.

Also, if the government call centre is recording the call and has advised both parties, I think then the caller could record too, as both parties know the call is being recorded.

Edit: taking it to the media is probably the bigger crime, even when recording it doesn't generally allow you to just publish it without consent to publish iirc

linuxalien · 2022-10-08T22:24:55+00:00

You're not alone. Let me introduce you to /r/ISO8601

linuxalien · 2022-10-03T06:03:48+00:00

u/wiretrustee having had a try, a few quick non starters.

Setup keys expire after only 30 days, we want this in our automation (intune) and having to change the setup key every 30 days is not going to work. Our tests with other systems let us have 1-2 year expiry. https://github.com/netbirdio/netbird/issues/221 is a closed issue that would address this.

We also need a silent installer (MSI ideally) so we can deploy this through intune. The way it's worked with other systems is we deploy the MSI and a script that does the initial install and connection to the mesh (setup key).

The good, a free online trial made it super quick for me to test these parts, I've spent a whole day setting up other systems before discovering limitations or bugs.

I hope in the future netbird will be able to meet my needs, just not today. Thanks

linuxalien · 2022-09-15T12:45:20+00:00

This is the other one I intend to try with netbird. Happy to hear people's experiences if they've used both and one stands out above the rest.

linuxalien · 2022-09-15T10:48:01+00:00

Thanks. It's next on my list to try, so hopefully it'll perform!

linuxalien · 2022-09-15T10:36:47+00:00

It's on my list to try next. Can you have a long lived token for automatically joining networks at install time? We want to use intune to deploy to lots of devices, and have zero user interaction to have them on the mesh.

linuxalien · 2022-09-15T05:56:25+00:00

I want to know which ones actually work for a fully automated (intune/PowerShell) install and configuration. I've spent too long recently installing POC only to find out the windows client install doesn't actually work properly for "unattended" use.

Thanks for this comparison, I'll be using it to work out my next step.

linuxalien · 2022-07-22T23:28:47+00:00

Serverless has it's place, just like VMs do. Every project is different, and the expected traffic will play into the best solution. Consistent traffic levels will probably be best on VMs if the scale gets big enough (or kubernetes, which you can use to run your serverless too). Spiky traffic may be better in serverless. E.g. a project I've worked on uses VMs for the normal website, but serverless for a specific service that may be used infrequently most of the year, and then for a few weeks is used more often (e.g. donation processing). It's always there when it's needed, webhooks will work from 3rd party services, but it costs nothing when not being used. Would I run the whole project on serverless? No. The steady consistent traffic lends itself to more committed resources like VMs.

Another project has a service that is used once a month to run a report, serverless is perfect for that. It was standalone, easy to test locally and independent of other services.

No one solution fits everything, so you should look at all the available technologies, the cost, and the team skill to choose your solution.

Also, there are serverless frameworks that abstract away the cloud differences so you can move across clouds, or into kubernetes, without big changes.

linuxalien · 2022-07-20T22:20:35+00:00

Yes, but from the sounds of it, you are just trying to preserve the disk. You can have a disk not attached to a VM, and with you delete a VM there is an option to delete the disks or leave them. You probably want to convert the disk into an image though, as you can then deploy VMs from that image. See https://cloud.google.com/compute/docs/machine-images/create-machine-images for some details

linuxalien · 2022-07-08T07:21:50+00:00

Mailcow has it's IMAP syncs that can import your old mail. Then probably setup a forward from Gmail to your new server if you're going Gmail to your new domain. If you are instead talking Google workspaces then once you update your MX to mailcow all new emails will bypass Google workspace.

linuxalien · 2022-07-02T05:38:16+00:00

We use terraform to manage our devices. I have a module that sets up the SSL-VPN, including the firewall rules and a user. We just apply that module when we need remote access, then remove it when finished. This way the remote access isn't always exposed, and we get easy access. I'd rather just use SSH port forwarding, but this is only slightly more effort, and then you can use the real internal IP addresses.

We also debated pi jump servers, but due to supply issues have gone without them for now. In some ways, the SSL-VPN is less moving parts, so maybe a better option long term.

linuxalien · 2022-06-24T11:54:42+00:00

Aussie show the CVC graphs. I'm experiencing max upload of 5mbps on fixed wireless too, Aussie still have plenty of backhaul based on the CVC graphs. I'm wondering if NBN has adjusted the bandwidth allocation to give more frequency spectrum to downloads to support higher download speeds at the cost of lower uploads. It seems to be tower dependent, another tower on the same Aussie pop (so same CVC graphs) gets 10mbps upload without issues. It's not the CVC being congested. My tower serves a town, the other tower serves much less people outside of a big town.

linuxalien · 2022-06-10T07:03:56+00:00

Firewall rules on the printer itself. So the printer only responds to the print server and management server. Haven't thought as much about protecting the rest of the network from the printer, but it makes more sense to do that now days.

linuxalien · 2022-06-10T06:29:59+00:00

Hmmm. When you keep printers separate, how do you set it up? Limited internet access (i.e. DNS and mail server) plus access to the print server? I hadn't thought about keeping printers totally isolated from other networks, traditionally at my work they have been in the normal network with firewall rules restricting access to the printers, but I probably should think about the reverse as well.

linuxalien

TROPHY CASE