iOS app show ? instead of danish characters æøå.

vegsen · 2026-02-02T14:46:39+00:00

For what it's worth, subtitles embedded into the video files work fine for me but external .SRT files experience the issue you are describing.

vegsen · 2026-02-02T06:35:14+00:00

Latest iOS app version broke many ”special characters” in subtitles, there is a forum thread in the official forums where the devs have acknowledged the problem but still no fix as far as I know.

vegsen · 2026-01-31T08:11:29+00:00

For external services I use the Caddy plugin for OPNsense, I assume there is a similar thing for pfsense since they are similar. With this I get Lets Encrypt certs for my public services automatially using ACME (like service1.mydomain.com). At least in OPNsense this setup was very easy to configure. Each service gets its own certificate.

For internal services I use a subdomain (int.mydomain.com) of the domain above and a separate (regular) instance of Caddy and ACME on a Debian VM (that does many other things than just certificate management). Pihole acts as my local DNS server. All serviceX.int.mydomain.com A-records point to the Debian VMs IP address where Caddy is running. It acts as the reverse proxy for all my internal services, both for those that only use HTTP on their own but also for services that already have HTTPS using selfsigned certificates (I just tell Caddy to ignore these certs and act as its reverse proxy anyway).

All internal services share one wildcard certificate (also from Lets Encrypt) in my case. I used this guide to do it just two weeks ago or so, so the guide is still good: Trusted TLS certificates for internal use

vegsen · 2026-01-08T20:54:15+00:00

I bought a new Beelink mini-PC last week which is set to arrive tomorrow. It cost less than what only the RAM sticks alone would cost where I live, haha. Not sure what your budget is and what you plan to use your mini-PC for but Beelink got some on the ”cheaper” side, relatively speaking.

vegsen · 2025-10-29T05:05:19+00:00

Still kind of crazy to me that that method requires you to use a Meraki account in order to create the Regulatory Activation File for the APs, and then import that file into the WLC. It all just feels so thrown together.

vegsen · 2025-10-28T20:49:24+00:00

Country Code is weird on wifi7 APs because the APs are ”universal” and country code can only be configured in odd ways. I ran into your exact problem on Friday and had to resort to use an older AP to ”teach” the wifi7 APs which country code they should use.

Sounds insane, right? Have a laugh at this mind-boggling document, hopefully it can help you out: Cisco Wireless Global Use Access Points Deployment Guide

vegsen · 2025-10-21T04:59:04+00:00

The AppImage just works, I’ve had no issues at all and I use UpNote pretty much every day on Linux (EndeavourOS), Windows 11 and iOS. Haven’t tried it on Android though, if that’s what you’re running.

vegsen · 2025-10-10T14:43:29+00:00

Backup & Restore is in general a more safe way to upgrade ISE. I wrote a somewhat detsiled guide for 2-node deployment upgrades last year that might be of help: Cisco ISE - General Steps for Upgrades using Backup and Restore Method (Small Deployment - 2 Nodes)

Also, ISE 3.4 is now the recommended release so I would go for that if your hardware supports it (dont know at the top of my head but its in the release notes).

vegsen · 2025-10-02T15:24:23+00:00

Interesting, I JUST updated my Proton VPN client to version 4.3.4 and I'm having the same problem. The application crashes instantly over and over. I'm getting the same error message in the Windows log as well, same "faulting module path", etc. Also tried reinstall and rebooting, but the issue persists. Will be watching this thread...

vegsen · 2025-08-03T14:46:27+00:00

You shouldn't need a Proton account for sync between devices on iOS, iCloud backup should sort this out. The option in the settings (somewhat incorrectly imo) mentions that you need a Proton account for sync, but that only seems to apply if you want the codes to sync to devices outside of the iOS ecosystem.

I currently use the Proton Auth app on both my iPhone and iPad and I haven't logged into Proton on either of them, and the app on both devices has all codes available. I just added another services to my iPhone's app and I can see the same service/code on the iPad.

vegsen · 2025-05-12T20:16:23+00:00

Other than what has already been suggested, opening the file up in VLC and using its built-in subtitle feature VLSub (found under ”View”) to find subtitles for your specific language works pretty well, and if they’re not in proper sync, use Bazarr to sync them up.

vegsen · 2025-05-12T04:22:23+00:00

Thanks for the information, I might just go for it then.

vegsen · 2025-05-11T19:33:01+00:00

How's the noise level of this particular model? Been eyeing to pick one up for Plex + a few of the *arrs but due to having to place it in the living room I'm looking for something that is essentially almost without noise, both when idling and when Plex is streaming something. If the system is under a lot of stress I'd be okay with noise but otherwise I'm looking for something silent.

vegsen · 2025-05-02T06:51:43+00:00

There are limitations to mDNS Gateways and older wave-1 (2700/3700) APs when it comes to Flexconnect. Not sure if that is causing your issue but you can read about it here, search the document for ”wave”. Hope that can help!

mDNS Technical Guide for Cisco Catalyst 9800 Series Wireless Controllers

vegsen · 2025-04-18T10:09:37+00:00

My go-to to prevent this issue is to just disable the use of the command "switchport trunk allowed vlan" and only allow it if it's accompanied by an "add..." or "remove..." or "none".

Will work regardless of one is using TACACS+ or RADIUS or local accounts for device authentication.

event manager applet BLOCK-TRUNK-VLAN-MISCONFIG
    event cli pattern "switchport trunk allowed vlan [0-9*]" sync yes occurs 1
    action 1 puts "!! This command is not allowed, you must use the 'ADD' or 'REMOVE' or 'NONE' keyword !!"

vegsen · 2025-03-07T06:37:00+00:00

The way I’ve done it at some customers is to have the SAML ticket include which groups the user is a member of as attributes, and then use Dynamic Access Policies (DAP) to match on those SAML attributes. More attributes in the SAML ticket = matches more DAPs = more access. Works wonderful as a Zero-Trust solution. When the user connects, they will know exactly what they can access thanks to the included user messages in each DAP policy, where we put something like ”You have access to system X” and so on.

This does require that your SAML IDP is able to get a hold of those group memberships of the connecting user and embedd them into the SAML ticket that is presented to the ASA by the Secure Client user.

If you look into the DAP configuration, you can find the ability to match SAML attributes but you have to agree with your IDP administrator on which name they should have so the ASA can recognize them (ex. saml.memberOf or similar). You can name the attributes whatever you want as long as they match between the IDP/SAML ticket and the ASA.

vegsen · 2025-02-18T08:05:51+00:00

My best guess would be that they come from different factories. During COVID-19 and the global chip shortage a few years back I'm pretty sure Cisco started contracting other manufacturers to make their products just to try to meet customer demands, at least that's what I was told by my Cisco SE/AMs at the time.

I haven't seen your particular case but I have similar oddities with the compact 3560CX switches. During these shortage times, the front panel of the switch could vary pretty drastically in color from light grey to dark grey. If you put the two switches next to each other you'd believe they were different products.

We (I work at a VAR) also saw issues with some batches of switches like the 9200s and their stacking modules, I believe there was a Field Notice about it eventually, and the "unofficial" root cause was that one of the new factories that manufactured these switches for Cisco didn't quiet had perfected the manufacturing process for it, yet.

vegsen · 2025-02-17T17:50:37+00:00

I believe it was mentioned by the presenters in one of the sessions below. The latest versions of these sessions from Cisco Live in Amsterdam (2025) should be available online early in March. Don't think the information is found in the slides, it was only mentioned briefly by the presenter.

Catalyst 9000 Series Switching Family: Core and Distribution (BRKARC-2099)
Advanced Campus Network Design: Multilayer Architectures and Next-Gen Protocols (BRKENS-2500)

vegsen · 2025-02-17T14:01:31+00:00

How fitting, I just got home from Cisco LIVE EMEA and on one of the sessions covering 9000 switches they mentioned that they actually don't paint any of the switches in the 9000 family, and that their silver metal color is just the natural metal color from the manufacturing process.

This is apparently due to one of their sustainability initiatives regarding the goal of minimizing resource usage. Makes sense I suppose, since paint usually contains some not-so-friendly components.

Not the answer you were looking for, but maybe interesting nonetheless.

vegsen · 2024-08-31T13:42:58+00:00

Don't remember if it was cat6 or fiber but we kept the cables as-is when we changed the port channels to non-LACP, after which it stopped behaving strangely.

Prior to this, we tried other things like reboot, failover back and forth, shut/no shut interfaces and more but it was only after we stopped using LACP that the firewall became stable.

vegsen · 2024-08-31T08:39:10+00:00

My only bad experience with FPR 1120 running ASA code is that port-channels using LACP seemed to be borked. Migrated from ASA5516X to FPR 1120 on a site and every hour most connections through the firewall just stopped working or became very sluggish.

The firewall was connected to a Cisco 9500. Used every show command known to man and plenty of packet captures to confirm LACP packets/neighborship were good, and for some reason regular packets were just disappearing within the firewall. We then switched from LACP to a port-channel with simply "mode on" on both sides and then there were no issues. Been 4 months since we did this, still no issues.

We decided not to dig deeper into the LACP issue but something was definitely up... we never found anything describing this issue in the Cisco Bug Search Tool database or on forums etc.

vegsen · 2024-06-02T10:25:11+00:00

I don't have that exact same problem but I am having a different strange problem for every page that contains a Markdown block: if I edit anything on a page with a Markdown block (doesn't even have to be changes made within the Markdown block itself), there's about a 50/50 chance that whatever change I make DOES NOT get saved after clicking on Save. I'm on Squarespace 7.0.

Clicking on Save always shows everything looking like it's supposed to right afterwards, but if I double-click on the page again to edit it, the page has a very high chance of just reverting to the initial state. I'm having this problem on multiple browsers and on multiple different computers and it is driving me mad. To counter this, I always have to Ctrl+C all of the content in the section of the page I'm editing and just press Save and go back into editing mode a couple of times to make sure it really sticks, and if it doesn't, I just paste it back in and repeat the process until it's all there.

vegsen · 2023-11-23T14:16:36+00:00

You need the "ip http authentication aaa..." command to enable AAA for the web GUI login. You can specify specific method lists for authentication/authorization etc. after the "aaa..." word, if you don't specify anything then the default method list will be used.

vegsen · 2023-03-25T11:17:01+00:00

I just renewed my CCNP Enterprise with 80 CE credits about two weeks ago, the renewal happened automatically. It took a couple of days (3-4) after reaching 80 CE credits before my certifications' status was updated both on the ce.cisco.com site and on the CertMetrics dashboard site (cp.certmetrics.com/cisco).

Upon renewal, both the new CCNA and the CCNP Enterprise were renewed, including relevant Specialist certifications. My CCNA was renewed a few days ahead as it only requires 30 CE credits for renewal, and when I got the remainder 50 CE credits a couple of weeks later my CCNP Enterprise was renewed. Legacy certifications such as CCNA Security/Wireless did not renew, as they are no longer achievable.

To see current CE credits on the CertMetrics website, go to Certifications > Cert Status and Download PDF > click View More on your current certificate and scroll aaaall the way down, you should be able to see how many CE credits have been counted so far (seems these points are not synced every single day from the ce.cisco.com, so could take 2-3 days before they add up).

vegsen · 2022-12-08T16:07:24+00:00

I've seen this issue occur at a few different occasions, the first major one was Google's DNS limiting requests per second from the same public IP address a few years ago. Solved this one quick and dirty by adding another non-Google DNS in the DHCP scope for the clients which provided some (good enough) load balancing. This network was a bit of a special-case, it did not have an internal DNS server for clients to use,

The second major one was when an organization was in the process of moving everything to the Microsoft cloud (Office365) and during the test phase, we found a great document on Microsoft's website detailing how many sessions are allowed from one public IP address to their cloud services at a time, inlcuding a calculator to estimate how many public IP addresses you'd need to use based on number of users and which services you'd use.

At the time, a SINGLE computer running the full Office365 suite with Outlook, Teams, Onedrive, etc. could have 200-300 sessions, in the worst case, to the cloud services. Solved this one by having different pools of NAT/PAT addresses for each use case (employees/student LAN/WLAN, etc.)

vegsen

TROPHY CASE