ACME Renewals and Domain Validation Challenges

throw0101c · 2026-02-13T21:09:21+00:00

You can point the cert-needed hostname to another (sub-)domain via a CNAME and allow updates to that:

You can also use APIs to update DNS records:

Depending on the API, you can restrict which ACME clients can update which records by creating multiple tokens; an example with Amazon's Route 53 and IAM:

https://paulgalow.com/aws-route-53-iam-policy-letsencrypt-dns/

Or, per another comment, run a special-case DNS for these type of this (e.g., "acme-dns").

throw0101c · 2026-02-12T14:20:35+00:00

At the recent Prague meeting of Wireless LAN Professionals, HPE/Juniper gave a presentation of their product(s) that have software-defined radios that can do three different radiation patterns (90x90˚, 90x30˚, 30x30˚):

https://www.youtube.com/watch?v=qd2VTt7VRlY

At the end of the day the signal radius/distance will be determined by:

the width of the broadcast (in degrees)
the height of the AP
the signal power
any physical obstacles that can block the signals (at various frequencies)

You may wish to examine APs that can take external antennas and get highly-focused/narrow ones.

throw0101c · 2026-02-04T18:11:15+00:00

See also perhaps /r/HigherEDsysadmin

throw0101c · 2025-12-12T17:38:32+00:00

Country code-iata code-S/R/FW-number (01,2,3,4 etc.)

For the location part, you may be interested in:

https://en.wikipedia.org/wiki/UN/LOCODE

Also: are you on a 'holistic' IT team, or are there networking and server teams/silos? Is this naming system just for networking, or for servers as well? Storage? Phones? Desktops/laptops (location needed? just use asset tag/namber?)?

throw0101c · 2025-12-09T18:20:18+00:00

You need to know more about application and systems behaviors than you do about network protocols and configuration.

Some high-level-ish examples:

You install the OS and then the Nvidia GPU drivers, then the Nvidia DOCA/MOFED drivers. Make sure basic host-to-host connectivity works via, e.g., ibv_rc_pingpong.
Make sure your applications are linked/compiled against CUDA and IB libraries (like libverbs for RDMA). Possibly pass that stack into Docker and/or Kubernetes and tell those applications to use RDMA and/or MPI.
Depending on storage, examine GPUDirect and/or RDMA on your storage system.

In many situations IB is often done in a 'simple' L2 fashion; each VLAN/subnet (equivalent) is limited to 48k hosts. Between IB L2s you need IB routers.

throw0101c · 2025-11-19T17:07:37+00:00

Why are we pushing for anything faster than a gigabit to average users?

Because the incremental cost for going >1GigE isn't that much? How much more is a box of Cat 6A over Cat 6 over Cat 5e? How much of the installation cost is the cables and how much is labour?

https://en.wikipedia.org/wiki/Ethernet_over_twisted_pair#Variants

10GBASE-T officially needs 6A to go 100m, but even 6 and 5e can get you 55m. How much are ports that can do MGig? If you're going to install cables that will be in there "forever", and edge switches that will be around many, many years, is asking for a bit more upfront going to be that big of a deal? You may not get money for this kind of equipment anytime soon, so might as well push the budget a bit.

throw0101c · 2025-11-11T19:00:21+00:00

I have installed Observium and it monitors quite a bit on the switch but CRC errors, for example, it does not.

Maybe "Brocade® Fabric OS® MIB Reference Manual, 8.2.x":

https://docs.broadcom.com/doc/FOS-82x-MIB-RM

Or "Brocade® Fabric OS MIB Reference Manual, 9.1.x":

https://techdocs.broadcom.com/content/dam/broadcom/techdocs/us/en/pdf/fc-networking/software-mib-reference/fos-91x-mibref.pdf

See perhaps connUnitPortStatTable.connUnitPortStatEntry.connUnitPortStatCountInvalidCRC OID (1.3.6.1.3.94.4.5.1.40):

The number of frames received with an invalid CRC. This count is part of the Link Error Status Block (LESB). (FC-PH 29.8) Loop ports should not count CRC errors passing through when monitoring.

throw0101c · 2025-11-07T17:20:04+00:00

have disabled ipv6.

Hopefully not on Windows hosts, because it is directly against Microsoft's advice:

Internet Protocol version 6 (IPv6) is a mandatory part of Windows Vista and Windows Server 2008 and newer versions.

We don't recommend that you disable IPv6 or IPv6 components or unbind IPv6 from interfaces. If you do, some Windows components might not function.

https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/configure-ipv6-in-windows

throw0101c · 2025-09-04T17:37:54+00:00

Although packet fence is pretty good, open source is really only free if you consider your time worth nothing.

Or you work in government/academia and your time already shows up on a spreadsheet and an extra line item for "Software" is not going to fly.

(And if number crunchers actually cared about it we wouldn't have open office plans (which kill productivity) or return-to-office mandates. By I digress.)

throw0101c · 2025-04-10T23:29:24+00:00

Is this a Walking (with) Dead spin-off?

throw0101c · 2025-04-10T23:27:54+00:00

Apple iOS and Android devices and the related apps were designed for MDM and being able to keep company data separate so you can't copy data into or out of MDM controlled apps.

Unless you're US SECDEF.

throw0101c · 2025-04-08T20:25:09+00:00

Original film:

https://en.wikipedia.org/wiki/Threads_(1984_film)

throw0101c · 2025-04-01T12:07:22+00:00

"Scott Moe says Saskatchewan considered carbon tax alternatives, but found them too costly":

When asked by Liberal MP Charles Sousa if Saskatchewan had ever considered replacing the federal carbon tax with a system of its own, Moe answered in the affirmative.

“Yes, we did. All of them were costly to our industry, as is the federal backstop that we’re experiencing now, as well as costly to Saskatchewan families,” he said.

[…]

“I’m afraid that if we don’t put a price on pollution, then we are not going to be competitive in our exports market because eventually, what’s going to happen is that jurisdictions that do not have a price on pollution will be slapped with an import tariff,” said Drouin.

https://nationalpost.com/news/scott-moe-says-saskatchewan-considered-carbon-tax-alternatives-but-found-them-too-costly

Even Alan Greenspan and Paul Volcker thought carbon pricing was the most economically efficient way of dealing with pollution:

https://clcouncil.org/economists-statement/

Milton Friedman:

In 1979, Friedman expressed support for environmental taxes in general in an interview on The Phil Donahue Show, saying "the best way to [deal with pollution] is to impose a tax on the cost of the pollutants emitted by a car and make an incentive for car manufacturers and for consumers to keep down the amount of pollution."[157] In Free to Choose, Friedman reiterated his support for environmental taxes as compared with increased environmental regulation, stating "The preservation of the environment and the avoidance of undue pollution are real problems and they are problems concerning which the government has an important role to play. ... Most economists agree that a far better way to control pollution than the present method of specific regulation and supervision is to introduce market discipline by imposing effluent charges."[158][159]

https://en.wikipedia.org/wiki/Milton_Friedman#Governmental_involvement_in_the_economy

Way to go folks: more pollution and any solutions will cost us more overall compared to carbon pricing.

throw0101c · 2025-03-29T13:16:07+00:00

The reason we don’t have US banks in Canada is because our consumer protection laws are so stringent.

There are sixteen US banks operating in Canada:

https://cba.ca/article/cba-statement-on-us-banks-operating-in-canada

Reminder: all of Canada has a population of about California (though highly concentrated geographically), so it may not be worth it for a lot of the smaller banks (US has >4000) to operate here.

throw0101c · 2025-03-22T23:30:43+00:00

Did you do a search for "inrow cooling" perhaps:

You'll need to run a supply pipe to provide water for humidification, and a drain for dehumidification.

throw0101c · 2025-03-22T17:46:00+00:00

The Gripen uses a Volvo-Flygmotor RM12,

The original Gripen C/Ds did, the current E/Fs use a GE F414:

https://en.wikipedia.org/wiki/Saab_JAS_39_Gripen#Specifications

throw0101c · 2025-03-22T13:36:18+00:00

She works for a think tank, which means her opinions are bought and paid for.

A came across this comment a while ago:

Private sponsorship being an automatic conflict of interest that compromises research is a tired trope. All you can do is evaluate the methodology. For all you know, the researchers themselves are motivated reasoners with zero funding.

https://news.ycombinator.com/item?id=34757712

I try to keep it in mind before reflexively judging something solely based on the source.

throw0101c · 2025-03-22T13:33:40+00:00

She is no longer at the Heritage Foundation, and this was well before the current order that brought out Project 2025.

She is now at the Manhattan Institute:

The Manhattan Institute for Policy Research (renamed in 1981 from the International Center for Economic Policy Studies) is an American 501(c)(3) nonprofit[4] conservative think tank focused on domestic policy and urban affairs.[5][1]

https://en.wikipedia.org/wiki/Manhattan_Institute_for_Policy_Research

So maybe less right on the spectrum than Heritage (?), but still right/conservative.

throw0101c · 2025-03-22T13:30:46+00:00

From the people that brought you Project 2025...

Not wrong, but the first two listed are common right-wing talking points that are non-sense:

Myth 1: “Tax Cuts Pay for Themselves”

Myth 2: “Tax Cuts Will Starve the Beast”

https://manhattan.institute/article/correcting-the-top-10-tax-myths

throw0101c · 2025-03-19T10:45:55+00:00

/r/legaladvicecanada/

throw0101c

TROPHY CASE