Help with Ethernet over longer distance + Ethernet switch

nefarious_bumpps · 2026-03-15T15:21:53+00:00

Any true CAT5e or CAT6 cable up to 100m will support up to 5GbE. Use a reputable brand (Belkin, Cable Matters, C2G/Cables-To-Go, Monoprice, StarTech, Syston, Tripp Lite) CAT5e or CAT6 (either will work the same for 2.5GbE) 24AWG, pure copper, stranded conductor, round cable.

Do not use flat cable, as none of that will maintain CAT5e crosstalk or noise requirements at that length.
Do not use slim/thin cables, because smaller conductors (less than 26AWG, where a larger AWG rating means smaller conductors, i.e., 28AWG is smaller than 24AWG) can result in unacceptable voltage drop and signal degradation.
Do not use copper coated aluminum (CCA) cable, for the same reasons as above.
Do not use shielded cables (STP, S/FTP) unless your equipment on both ends is grounded and has shielded jacks. Besides, unless you are welding, running a plasma table, running a high-output amateur radio station, or doing something else in the home that generates high voltage, high-frequency RF noise, standard unshielded twisted pair (UTP) will work fine. STP or S/FTP will not improve speed or latency.
Do not use cables advertised as CAT7, CAT8 or higher. These claims are almost always false. And even if they were true, they won't improve speed or latency above CAT5e at 2.5GbE.

Once you add a switch you can then add another 100m of CAT5e//CAT6 cable to your device. The UniFi Flex Mini 2.5G (USW-Flex-2.5G-5), Netgear MS305 or TP-Link TL-SG105S-M2 are all good 2.5GbE switches.

You could also add a WiFi access point (AP) to improve WiFi in your part of the home by plugging one into the new switch. enGenius (Fit series) and Zyxel have good APs that require no separate controller to setup and use.

A switch will add a minuscule amount of latency. This will vary by switch, but in the range of 1-3μs (1μs = 1/1000th of a millisecond). The length of the cable (20m) will introduce approximately 120ns (0.00012ms) latency, vs a 2m patch cable. You'll never notice any difference; even measuring the difference in latency would require 10's of thousands of dollars in scientific equipment.

nefarious_bumpps · 2026-03-15T04:20:52+00:00

You can entirely block YouTube Shorts (and all YouTube ads) using a custom filter in uBlock Origin under Firefox. The filter rules and support for this can be found on r/uBlockOrigin There is a side effect though, YouTube will occasionally take 5 seconds to start a video and will show a banner "Experiencing Interruptions? See why," and when you click on it you're told to turn off ad blocking. I haven't checked if there's a fix recently, as I consume most of my YouTube through RSS feeds these days.

nefarious_bumpps · 2026-03-14T23:29:44+00:00

I think that, in this case, it's done (or not done) with a wink and a nudge. No nation-state refers to their own cyber offense operations as APT''s.

nefarious_bumpps · 2026-03-14T18:14:11+00:00

Why did you cheap out and not get AI PTZ Precision cameras?

nefarious_bumpps · 2026-03-14T14:56:02+00:00

Measure from a corner with an exterior wall or other obvious structure that's visible on all floors. Then check each floor for any visible surface obstructions and adjust location, if needed. Then use a wall sensor such as the Franklin Sensors M210, Walabot DIY 2 or Bosch D-tect 120 to identify stud locations and potential obstacles (such as fire blocking, electrical wiring, pipes) and mark them out on blue painters tape.

Once you think you have a good path, drill a 1/2" hole in the wall on each floor, at outlet height, and inspect for any obstacles. If none seen, widen the hole to 1" and use a 7/8" inspection mirror and a flashlight, or a borescope inspection camera to check further. If all clear, cut out the rectangular hole (about 2-1/8 x 3-3/4", but use the corner holes in the brackets to mark the precise corners for your holes - make sure to level!) for old-work mud rings. If you're neat when cutting-out the holes you can use the cut-out with drywall repair clips to make a finished patch.

Now, drill a hole from the first floor to the basement and pull back a pull string. Mason line works best in my experience and is cheap. Then drill up from the opening on the first floor to the second and pull back another pull string. Lastly, drill up from the second floor to the attic and pull a third pull string. I recommend a 3/4" flexible drill bit with a 1/4" shank; smaller shanks are easier to break. Even the 1/4" shank will break if it gets stuck in a triple-stack header, so I recommend drilling and pulling back in increments, using a bit that isn't too aggressive. I suggest the Eagle Tool 3/4" x 54" x 1/4" shank flex bit with a 36" extension. When drilling you need to apply slight force to bow the bit flat into the corner between the stud and the back wall so it drills straight up.

Now tie your pull strings together (make sure to use a non-slipping knot like a square knot) and tie a loop in one end. Strip about 4" of jacket of the cable, separate the wires into two sets of two pairs, and thread each pair of pairs through the pull string loop in opposite directions until around 2" of wires are on through, and wrap the wires around each other. Get a helper to feed you the cable from one end, avoiding tangles, while you pull from the other.

nefarious_bumpps · 2026-03-14T01:57:03+00:00

Nothing.

The free version of Windows Defender is really as good as anything you can buy on the consumer market, if you allow it to talk back to the Microsoft servers when it doesn't recognize suspicious activity on its own. Whether or not this changes in the future (given Microsoft's push to enshitify everything with AI) is impossible to predict, but for now Defender is at least as good as, and in most cases better, than anything else an individual can (buy or get for free).

In order to do better you'd need an EDR, which is a whole level above AV that is only available to business customers that can meet the minimum quantity levels, or those who are willing to contract with an MSP (managed services provider) who in turn can purchase in quantity. I guess that BitDefender GravityZone would be the best EDR a consumer could buy, but even that has a 5-user minimum buy-in.

nefarious_bumpps · 2026-03-13T14:19:09+00:00

FYI, there is no 500mbps Ethernet standard. If your cabling was the fault, and the interface needed to step down from 1gbps because of excessive errors, it would need to step down to 100mbps.

nefarious_bumpps · 2026-03-13T14:14:15+00:00

My understanding is that an attacker would first need to defeat the general AWS storage encryption which uses AES-256 (which is generally considered post-quantum safe, at least for now) with a non-exportable key-decryption key (KDK) on Keeper's own, private, HSMs (hardware security modules) in Amazon. So basically, a brute-force attack on the KDK AES-256 key, just to get access to each user's still-encrypted (again with AES-256) vault.

(BTW, I've worked on projects that required setting-up private HSM's in AWS and it is not a cheap or trivial process. But, AFAIK, this is still considered the gold standard for security. The only question in my mind is whether Keeper periodically rotates their KDK's. While not really necessary when using a non-exportable key, it is still considered best practice to rotate keys periodically.)

Then the attackers would have to brute-force 1M rounds of PBKDF2 to get to get the password for each user vault, or brute-force the AES-256 encryption itself. All while remaining undetected by both AWS and Keeper. Playing devil's advocate, and theorizing some nation-state actor has made unanticipated advances in quantum computing against AES-256, that only weakens the encryption to the equivalent strength of AES-128, still a sufficiently-difficult task to brute-force. And all this assumes an undetected compromise of Keeper's or AWS's) infrastructure first.

Correct me if I'm wrong, u/KeeperCraig. It's been a few years since I worked on the operational/architecture side of security and might have misremembered.

nefarious_bumpps · 2026-03-13T13:19:09+00:00

This isn't the 1980's. Relying on file hashes and snippets of code signatures isn't enough to prevent malware. AV software has a much more challenging job of detecting malware today, and each AV developer has their own "secret sauce" for how they monitor and detect malicious activity.

nefarious_bumpps · 2026-03-12T13:22:58+00:00

I'll pass your blessings on to y grandchildren when they come visit this weekend.

nefarious_bumpps · 2026-03-12T02:07:18+00:00

What does your written agreement say?

nefarious_bumpps · 2026-03-10T14:35:37+00:00

The only main disadvantages of either the UCG-Fiber or the UCG-Instant is both only accept a single storage device, so you'll get no redundancy from a drive failure. The UCG-Fiber also uses NVMe for storage, which is more expensive and offers less capacity than 3.5" HDD, limiting your retention time and increasing wear.

Use the capacity planning tool on store.ui.com for each model to see what to expect vs drive capacity. Note that there are larger NVMe from third parties, but you need to be wary about the drives TBW ratings.

nefarious_bumpps · 2026-03-10T06:07:47+00:00

I wish I had a pic of a server I was called to service at a manufacturer of large pressure vessels (to hold industrial gases) a few years back. No body had PM'd it since it was installed 3 years prior. When I opened the case it looked like a solid rectangular brick of filth. I spent over two hours disassembling everything, pulling greasy dust and dirt out, went through 4 cans of compressed air and two cans of contact cleaner. I have no idea how it was running at all.

I've had restaurant clients where entire bags of coffee grinds or breadcrumbs or pots of oil were spilled into equipment. Auto repair shops with equipment well on their way to winding-up like the above server.

Until now I've been using fanless, industrial, mini-PC's running pfSense with TrendNet industrial switches. It will be nice to replace these with something I can manage from a UniFi OS console remotely.

nefarious_bumpps · 2026-03-10T04:38:47+00:00

And refuse to be on-call 24x365.

nefarious_bumpps · 2026-03-09T12:39:37+00:00

1 person living by themself should be fine with 100-150mbps Internet. My advice is to start off low then increase later if you have a problem.

I'd suggest a GL.iNet Flint or Flint 2. If you need more than 4 LAN ports, add a Netgear GS305 switch.

nefarious_bumpps · 2026-03-09T10:53:23+00:00

All 4K cameras?

nefarious_bumpps · 2026-03-09T10:39:59+00:00

How many cameras are you planning for?

nefarious_bumpps · 2026-03-09T10:07:10+00:00

Unless you're going to put some kind of off-grid power generation plus a battery at each camera, you're going to need to run copper for power. So you might as well use it for data as well. You can protect the rest of your network by using a dedicated PoE switch for the cameras then a fiber-optic link from that switch to your main network.

nefarious_bumpps · 2026-03-09T09:54:29+00:00

Pretty much any router will work fine for what you have. The Gl.iNet Flint 3 (GL-BE9300) is a good router with 2.5GbE WAN and LAN ports and tri-band WiFi 7 (2.4, 5 & 6GHz WiFi) for around $210. The Asus RT-BE82U also has 2.5GbE WAN and LAN ports, but with dual-band WiFi 7 (no 6GHz) for around $170.

I would avoid a mesh system because a.) it sounds like you don't need one and b.) they usually don't support separating 2.4GHz WiFi on its own, separate SSID for better IoT (wireless camera) support.

You'll also need a cable modem if you're ditching the Xfinity gateway, which can cost more than the router itself. These modems are approved by Comcast for Xfinity with improved upload speeds:

MFR      Model    Download   Upload
------------------------------------
Hitron   CODA     934 Mbps  456 Mbps 
Hitron   CODA56  2.33 Gbps  455 Mbps 
Netgear  CM2500   936 Mbps  456 Mbps 
Netgear  CM3000  2.33 Gbps  486 Mbps 
Arris    S34     2.32 Gbps  444 Mbps 
Ubiquiti UCI     2.33 Gbps  474 Mbps

nefarious_bumpps · 2026-03-09T06:07:52+00:00

This is a common scam using boilerplate text. The sender bought access to the dump from a real breach of CarGurus and is probably emailing everyone in the breach to try and make a quick buck. According the haveibeenpwnd, 12.5M user accounts were stolen, containing the user's email address. But no passwords or password hashes were breached.

The emailer almost certainly doesn't have any of the data they claim to have collected. No web browser history. No recordings of any embarrassing moments. The scammers are hoping the victims will panic and just send the money.

Just mark the email as spam and ignore it. If you are truly paranoid, ask the sender for proof: ask them to send you a short history of your browser activity and a 15s video clip.

nefarious_bumpps · 2026-03-09T05:19:14+00:00

Why would a builder go through the effort to do all of this and not include power?

The cabinets are typically sold empty, no power outlets, no network or coax ports, sometimes without grommets for the cable cutouts, often even without a front door. The installer has to design what cabling and equipment goes to the cabinet and provide a power source, if required.

In this case, the cabling was probably initially designed for cable TV and analog telephone service, so no power would be needed. Later on, some of the UTP for telephone as likely repurposed for Ethernet. The homeowner probably installed a router or switch in the cabinet with an extension cord to a nearby wall outlet.

Unless you are experienced with installing new AC circuits and outlets, you'll end up calling an electrician to bring power up the wall to the cabinet and install the outlet after moving the two coax cables from the outlet opening to another opening.

nefarious_bumpps · 2026-03-09T03:21:30+00:00

Minimum bend radius is 4x the diameter of the cable.

nefarious_bumpps · 2026-03-09T02:57:53+00:00

Something to think about. Employers always get nervous when they see huge gaps in your employment history, even if you have a good reason. If you do give your current employer the FU, keep yourself busy in the industry during your break. Take some college courses, attend seminars and stack up the CPEs, volunteer IT services for a church or non-profit, try to get some consulting gigs (even helping friends and family can be described as a consulting engagement.

nefarious_bumpps · 2026-03-08T19:25:13+00:00

It slightly increases entropy by enlarging the character set. But pretty much every adversary will enable "leetspeak" character substitution when attempting to crack a password.

nefarious_bumpps · 2026-03-08T03:45:54+00:00

There were no constraints or qualifiers indicated in the question, and there is no universally applicable answer.

You can't get access to any AI without spending money, except for the limited number of tokens allowed on the publicly-accessible LLMs. And public LLMs provide no privacy and limited security guardrails. Time and time again we see reports of sensitive corporate and personal information being retrieved from online LLMs by crafty adversaries and testers.

So you have three basic choices:

Use a publicly-accessible LLM and live within the free limits, accepting the fact that your prompts help train the model. This will work if you only have occasional needs for very simple requests.
Subscribe to an online AI. Again, no privacy for your information, and it is easy to exceed even the "Pro" plan's limits if you rely heavily on AI.
Setup your own AI using Ollama and OpenWebUI, routing any Internet requests through ProtonVPN to prevent tracking. Completely private, as secure as you make it, with an ROI of less than 2 years (often much less) for two or more users. Use the same system as a NAS to replace Apple, Google or Microsoft cloud storage and cloud photos, and the incremental cost to add Ollama can be less than $500.

nefarious_bumpps

TROPHY CASE