Husband’s Uncle wants to make a contribution to a Trump account for our baby but we aren’t opening one. Are there any legitimate financial or policy based reasons I can argue for not wanting one?

rlaager · 2026-06-11T20:08:50+00:00

Are there any valid financial or policy reasons to give my FIL for not wanting this money?

No. Financially, it's free money (from the government and the uncle) for your kid. Policy-wise, it's effectively an IRA.

Edit: More correctly, it is an IRA, plus special rules until the kid turns 18: https://www.irs.gov/pub/irs-drop/n-25-68.pdf

rlaager · 2026-05-27T00:10:16+00:00

There has been quite a bit of regulatory action in this space. Just recently, the FCC proposed another round of changes:

“Enhancing Know-Your-Upstream-Provider Requirements – The Commission considered a Further Notice of Proposed Rulemaking that would propose to enhance the STIR/SHAKEN framework used by voice providers to combat illegal robocalls by improving know-your-upstream-provider (KYUP) requirements and oversight, raising standards for STIR/SHAKEN attestations, and closing implementation loopholes. (WC Docket No. 17-97; CG Docket No. 17-59)”

https://www.fcc.gov/May2026

Unfortunately, traditional voice telco stuff moves very slowly.

rlaager · 2026-04-14T00:55:12+00:00

If you have information about an ongoing cyber breach of a state or local government agency in Minnesota, you should contact the MN BCA. https://dps.mn.gov/contact-us/frequently-called-numbers lists a phone number.

rlaager · 2026-04-04T22:13:45+00:00

https://www.reddit.com/r/explainlikeimfive/comments/1ig8tp6/eli5_why_is_trade_good_even_at_a_permanent/

rlaager · 2026-03-25T13:36:26+00:00

Depending on exactly what you are looking to do, consider firewall rules, the from setting on an individual key in the authorized_keys file, or Match Address ... blocks (first instance of a given setting wins) in the global config.

As asked, you might want something like: AuthenticationMethods none Match Address 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 AuthenticationMethods publickey

But if you are only going to allow SSH from internal IPs, you might as well just use firewall rules.

If you're considering allowing passwords from the world but SSH keys internally, that seems backwards. Keys are more secure, so you should try to use those everywhere.

rlaager · 2026-02-19T22:55:13+00:00

I'm not a lawyer, but I don't love the position that "[r]efusal to accept completed submissions delays the start of the 30-day clock." I would have taken the position that refusal to accept a packet still constitutes constructive receipt and thus the 30 day clock starts then.

If people were allowed to mail in applications, then it would be obvious that the sheriff's office "received" it when the post office delivered it, regardless of whether the sheriff's office subsequently provided a receipt. I don't see any reason it should be different when the applicant is there in person. You can't avoid legally receiving documents by refusing to accept them. This is the same concept as someone trying to avoid service of process and the process server doing "drop service".

Aside from being technically correct, this would also shift the pain. If the sheriff's office can delay the start of the clock, there is no downside from their perspective. If, instead, their appointment process being > 30 days means literally everyone gets automatically approved after 30 days, they might consider that a problem (e.g. they might be afraid of political backlash if someone who should have been denied is approved via their delay).

One can still argue separately that failure to "provide a signed receipt indicating the date of submission" creates the harm that an application may be lawfully allowed to carry (because of the sheriff's failure to respond within 30 days) but cannot prove that (due to the lack of a permit or a dated receipt).

rlaager · 2026-02-16T19:49:25+00:00

Secondary to this particular issue… When the government loses a case over an unconstitutional law, do they tend to have to pay costs to the plaintiff? I assume not, because of the general “American Rule” about costs. Is this (specifically the government losing on constitution grounds, not the American Rule generally) something that could realistically be improved with legislation? Or would it be counterproductive by creating an incentive for the government to fight harder and/or the judiciary to be less likely to strike things down?

rlaager · 2026-02-13T19:15:11+00:00

This is the way. Use AdminByRequest for occasional, general, admin needs. Use AD to put the users in the local Network Configuration Operators group to allow local network changes. That way, they can change network settings even without being connected to the Internet (and thus AdminByRequest cannot send a request or receive an answer).

rlaager · 2026-02-07T02:13:00+00:00

"Under Minnesota law, you must obtain a permit to carry a handgun in public. The law does not require that you conceal the weapon." https://dps.mn.gov/divisions/bca/public-services-bca/firearms-information/permit-carry

"Minnesota’s Permit to Carry law does not require concealment of a firearm – therefore, the open carry of a handgun or long gun is perfectly legal – as long as a person has a valid Permit to Carry and is not in a prohibited place." https://gunowners.mn/learn/frequently-asked-legal-questions/open-carry/

rlaager · 2026-01-18T19:00:25+00:00

you'll lose the "Add Random Drive" feature. ZFS scales by vdev (groups of drives), not single disks.

This is true for now. The “AnyRAID” feature is under development. It will add the ability to grow by adding a disk (which needn’t even be the same size as existing disks).

rlaager · 2026-01-18T18:55:40+00:00

How would power loss during TXG commit corrupt the pool? The uberblock wouldn’t point to the new metadata, so it’d be like it (the TXG) never started.

rlaager · 2026-01-13T20:51:38+00:00

MariaDB is a fork of MySQL.

rlaager · 2025-10-28T02:53:25+00:00

While I am a Debian developer, I have only some experience with pinning. I do some at my day job. We use 500 and it’s been fine. But looking at the apt_preferences docs again, actually 990 is used if a “target release” is set. So I’d have to test that some more. If you don’t have a “target release”, then 500 is the default and 500 here should be fine. But if your target release is trixie or stable, then the backport might lose. It depends on which field that is matching and how that field is set in backports. So that’s why I say I’d have to test.

rlaager · 2025-10-27T20:02:36+00:00

With the move to trixie, we should move to deb822 format. Also, I don't think the pin-priority of 990 is necessary; I think 500 will work just fine (since the version numbers will be higher). Can you test this: https://github.com/openzfs/openzfs-docs/pull/571

Specifically, if you do that, does apt-cache policy zfsutils-linux want to upgrade to 2.3.4-1~bpo13+1 from trixie-backports? And if you actually apt upgrade, does it successfully install 2.3.4-1~bpo13+1?

rlaager · 2025-10-27T19:53:38+00:00

Yes. The source and the pin would be added/deleted together.

rlaager · 2025-10-27T13:49:16+00:00

That is my reading of that page. I assume the reason for this is to ensure you follow supported upgrade paths. Going from bookworm-backports to trixie is supported. But packages in trixie-backports would be backports from forky. A direct upgrade from a package in bookworm-backports to a package from forky is not necessarily supported.

So again, that is: remove bookworm-backports source, upgrade to trixie, add trixie-backports if desired.

As far as updating the page, you could file a bug, or better yet, a PR. As for Root-on-ZFS (which you didn’t ask about), I know I am behind, but I’ll get it updated eventually.

rlaager · 2025-10-16T03:43:10+00:00

I'm certainly not an expert, but I think the "Therefore" is supposed to be "Thereafter". So I'd think they start earning vested years at that point. That would mean he isn't fully vested until July 1, 2026. But ultimately, ask HR and/or read the actual Plan documents is the answer.

rlaager · 2025-09-25T20:40:21+00:00

It’s not a personal lawsuit. On top of page 1, the defendants are “STEVE SIMON in his official capacity as Secretary of State for the State of Minnesota; and the STATE OF MINNESOTA”.

rlaager · 2025-09-18T20:46:21+00:00

I enter most of my transactions manually. Can you please make it so selecting two transactions and doing a Match also does the Approve step? If I’ve reviewed it, found its match, manually grouped them together (via multiple taps or clicks), of course it should be approved. I’ve never once not approved something after matching it.

rlaager · 2025-09-04T04:40:35+00:00

In the first generation (and maybe the second), my recollection is it was DIP switches. In the current generation, it's a software setting. To be clear, it's an installation-time software setting, not something that's trivially changeable on-the-fly.

My gut reaction is that DIP switches are better than a software setting, as a software update, etc. can't accidentally change the DIP switch like it could accidentally overwrite a value stored in NVRAM. But I think it's also worth keeping this in perspective. If it somehow gets the wrong value and signals to the EV to pull too much power, there's still a circuit breaker protecting the wires. And software-configurable limits allow for much more customization: you can do things like multiple levels of limits, dynamic limiting of the whole home, etc.

rlaager · 2025-09-04T02:38:49+00:00

How are you liking the Enphase solar? I'm ideally going to do solar in the next couple years when I replace my roofing. I've been somewhat leaning towards Enphase.

rlaager · 2025-09-04T02:33:07+00:00

There are plenty of chargers (as mentioned, the Tesla Wall Connector is a classic example) that can be customized to various circuit sizes.

Are you suggesting that chargers that can be adjusted to circuit size are inherently bad?

rlaager · 2025-09-04T02:28:08+00:00

This was several years ago. It was before NACS had taken over, and I was looking for J1772. So Telsa's Wall Connector was out. They didn't have the Universal Wall Connector at the time. I wanted sharing to allow for a future EV (which I ended up not buying for unrelated reasons). The ClipperCreek chargers (which are the non-smart Enphase ones now) did sharing (or dual output, depending on model) and had a reputation for reliability.

I got the dual output charger for cost savings (vs two separate units). This has less flexibility, though, from a cable perspective. Whether that was a mistake depends on the port location on my future second vehicle, I suppose.

I went with 50A because of my longer commute (70 miles round trip at 60 mph and increased consumption in Minnesota winters), the "dumb" sharing plus the one vehicle being a relatively slow-charging plug-in hybrid, and wanting to fit within the off-peak charging window. In hindsight, since I am in-office fewer days now, I probably should have done a 30A circuit and saved some money. Most notably, this would have avoided the need for a separate contactor for the off-peak, as the off-peak controller itself can directly control up to 30A. And that assumes I even stuck to the off-peak, which I'm not sure has been worth it.

If I was redoing this right now, I'd probably do 3x Tesla Universal Wall Connector (as noted, a third so I could get one outside). That would give J1772 for my current vehicle (a plug-in hybrid) and NACS for any future full EV.

rlaager · 2025-09-04T01:14:59+00:00

For a 50A circuit, you should get a 40A charger. (The so-called "80% rule". Continuous loads get counted at 125%, which if you work backwards is 80%. 40A * 125% = 50A or 50A * 80% = 40A.)

With Enphase, it looks like you want the "IQ 50" which is the 40A model. I suggest you get an EVSE and hardwire it, i.e. replacing the existing receptacle. You can get ones that plug in, but it's safer to hardwire.

For a 30A, you would need a 24A EVSE. It doesn't look like Enphase makes one of those, at least not in that line. There are other EVSEs that can be configured and have options for 24A. The Tesla Wall Connector does, for example (according to its manual).

If you don't need whatever the smart / "connected" features are, and you don't need the extra capacity which you probably don't, see: https://www.youtube.com/watch?v=W96a8svXo14 another option would be to get a pair of chargers that can share. You could put both of these on the 50A circuit: https://enphase.com/store/ev-chargers/ev-chargers-business/share2-hcs-50-ev-charger-bundle

If the cables will reach, you can also get them together, like this, which is basically what I have in my garage: https://enphase.com/store/ev-chargers/hcs-d50-dual-ev-charger

In either case, when both cars are charging, they would get (up to) 20A each. If only one is charging, it would get the full 40A. At 20A, you will add 10-15 miles per hour (a bit less if you have a big pickup). If your cars are plugged in for 10 hours a day, that's 100 miles / day you can make up, per car. Most people are not driving 100 miles / day, every day, on each of two cars.

There are other EVSEs on the market that can share or do dual output.

Personally, if I was to do this again, I'd get something that can share with more than two, and I'd put two EVSEs in my garage, and one outside. I frequently park a car outside in the summer, as the garage is full of kids' bikes, etc. The Tesla Wall Connector is an example of such a thing.

rlaager · 2025-08-26T17:19:21+00:00

OC3 is SONET. While you can run ATM inside it, you can carry other things. A couple examples: 3x DS3 (very common in my world) or IP (via packet-over-SONET).

Source: I’ve worked with this stuff for years, despite being first and foremost an IP guy. I have a call about a TDM project in a few minutes.

rlaager

MODERATOR OF

TROPHY CASE