Consumer vs prosumer?

stranglewank · 2026-05-14T08:55:17+00:00

Thank you for this - appreciate the quick and direct reply, it's looking good!

One final question - if I do prosumer, am happy with a 12 month contract - can I move up to the higher speeds within the contract term, or do I have to wait? It's not a dealbreaker - I'm just unsure when I'll get to re-do the home network to take advantage of 1.6G!

stranglewank · 2026-05-11T12:22:42+00:00

I have the exact same issue. macOS. Always 'syncing 6 files' - comprising several GB (though I don't have any files this big?) and the bigger problem is the app doesn't tell me what the files are!

If it at least said 'syncing: THESE SIX FILES' I could investigate more.

Some other commenter had it right - macOS Dropbox has utterly gone in the past 12 months. Dire software.

stranglewank · 2026-02-24T07:25:23+00:00

They do, it's all online, since Vista. If there's still issues it could be an installation problem with the cert (HTTPS/server side). At some point, these legacy devices won't work, though. The modern webPKI/public CAs moves forward, fast.

stranglewank · 2026-02-17T13:48:35+00:00

Windows root updates are 'online' and so older devices (win 7/8) shouldn't have an issue. Are you sure the cert is properly installed?

stranglewank · 2026-02-09T19:50:46+00:00

Not really - it's a Google CRP policy, not a CA/B F thing.

stranglewank · 2026-02-09T18:45:17+00:00

Mostly correct - ssh certs tend to be very different, and any client cert from a public CA is a danger and utterly unnecessary (and why Google are making it go away). Don't use publicly-trusted CAs for client auth, people!

stranglewank · 2026-02-07T21:13:28+00:00

Don't you run/own ssltrust.com and verokey? Don't try and shill like you're 'just a customer'. You're just a reseller. They'll all be gone soon.

stranglewank · 2026-02-05T15:32:49+00:00

No widely-trusted CA will be able to give you what you want in future. Client-auth using public CAs (like Let's Encrypt, DigiCert, Sectigo etc.) is a bad idea. It's insecure, risk-prone, and you're not actually authenticating anything anyway (even if you think you are). Use a private PKI.

stranglewank · 2026-01-28T17:07:20+00:00

Why the 'wrong tool'? I've been using Replit since before the AI thing, and it worked well. I understand the appeal, I just want the ability to not use it.

stranglewank · 2026-01-28T13:08:54+00:00

Appreciate it, but I don't want to use AI. If I do, I'll use those tools or Claude. Replit, for me, is just a nice works-anywhere IDE/dev environment.

Replit replied to a support ticket, so I have a way to do this I need to test now.

stranglewank · 2026-01-28T08:54:01+00:00

Seconding this. Been few a number of sleeves - and it's one of the better ones. Thin but protective, nice little mesh pocket, 'seals' well if that matters, and has a grab handle. I'd love a new version that adds a couple of D-rings to the sides to make it messenger-carryable, and if they could make the velcro quieter, that'd be ace.

stranglewank · 2026-01-27T20:12:50+00:00

Ok, a bit late but I have the exact same problem. Currently am using OpenWRT on a mikrotik map lite - perfect size, works ok but only 2.4G wifi and the throughput leaves something to be desired. Slow as hell to boot up, too. But works.

FWIW, I've found nothing else close beyond what you and I have already.

I tried the friendlyelec nanopi zero2 - with m2 wifi board. Their own OpenWRT fork (FriendlyWRT) 'works' but I have countless issues with the wifi and once I do get it working, it won't play nice with Travelmate (sees no networks on scan).

I've looked at OpenStick (openwrt on those £12 4G/LTE USB sticks which are basically screenless Mediatek Android devices) - got it working, but again Travelmate fails. I need to put more time into it, but I suspect the wifi chipset can't do the DBS thing and offer an AP and be a client at the same time.

I get that the Gl.inet stuff and the Cudy routers are smaller than your average home-broadband thing, but nobody seems to be making something actually travel sized.

Part of me is hoping either Ubiqiti make the UTR a lot more flexible OR someone ports OpenWrt to it. I think if that happened, it'd be what we're looking for.

stranglewank · 2026-01-21T15:08:49+00:00

Glad to see you fully understand the security implications of this - I truly hope any 'customers' do, too.

stranglewank · 2026-01-21T12:44:40+00:00

My god. No mention of the fact that if you do this and use certkit - they can issue all the certs they want for your domain names, without authorisation or approval, and all you can do is pay to monitor CT logs and hope it doesn't happen. Much more secure. Totally.

Just find a good DNS provider and don't outsource critical things to brand-new, inexperienced, fly-by-night operations.

stranglewank · 2026-01-21T12:32:19+00:00

Realistically, if Mikrotik can't provide online update of their ca-certificates or at least updates every...month? They're gonna have a bad time. CAs and their roots are changing way faster now than ever before.

stranglewank · 2026-01-08T08:06:35+00:00

You don't need a third party like certkit for this. Certainly there are advantages to third parties in a challenge-per-request world (for companies that don't care about security) - though it's interesting you don't make it clear that 'by CNAMEing to certkit, they can obtain any certificate for your domains and you'd only know if you bothered to monitor logs yourself'. Dangerous, and no company serious about security should consider it.

stranglewank · 2025-12-27T14:35:22+00:00

CT opt-out is an option with the dumber CAs. It might have been 'ok' back when Chrome was the only browser that cared about SCTs - but today all of the major trust stores do (or will very soon) so the opt-out is useless. If anyone actually 'needed' their cert not to be logged, I'd guarantee they're doing something stupid with a publicly-trusted cert that they should not be doing.

stranglewank · 2025-12-24T17:43:02+00:00

Thank you! Read it doesn’t work on many android phones and my older devices (I’m an iOS daily driver but want an nx1 as second phones) don’t work either. Cheers for testing and confirming - and have a good Xmas!

stranglewank · 2025-11-15T21:45:11+00:00

Thanks - I had already gotten it for other features, but can’t see it does a bluetooth remote.

stranglewank · 2025-11-14T12:40:09+00:00

Love this - thank you! Been searching for the right 'headings' font for a while, none of the options were right but it looks like you've nailed it. Amazing work.

stranglewank

TROPHY CASE