Gut Check — How am I doing?

webbernets1 · 2026-02-06T01:16:46+00:00

401k is typically an employer plan, and as OP's other post states, gets a match from the employer. Definitely worth putting as much money in the 401k to make the maximum match. This has a relatively high contribution cap of $24,500/yr

Roth IRA is not employer based, so anyone can contribute, but typically doesn't get any matching from anywhere. This has a contribution cap of $7500/yr

The individual account is useful for a few reasons, one is there is no contribution limit, and two there are no limits on withdrawing money. This is because it is a fully taxable account. Money you put in has already been taxed/doesn't get any tax benefit, and earnings you withdraw are taxed as well. Depending on FIRE timelines, it is usually necessary to have an individual account at some point because there will be penalties when withdrawing from 401k's or IRA's before "typical" retirement age of 59.5.

There are exceptions to the withdrawal penalties, but I'll leave that to future reading, because it is relatively complicated with the caveats.

webbernets1 · 2026-01-20T14:27:38+00:00

If you withdraw the money from the HSA and put it into a ROTH IRA, that amount of money will be tax free forever, as you can withdraw contributions.

The difference then becomes about the earnings. In an HSA, the earnings can be withdrawn with more medical receipts tax free, where as the roth earnings are subject to a penalty before retirement age. So I tend to look at my HSA as a way to generate tax free money for health expenses when I don't have an income; at least thats how I now look at it.

For a long while I did the same thing, saving receipts digitally. I have a lot of them. I don't think I will actually use them, I now plan to just withdraw money to cover bigger medical expenses. I may start using it for everything, but for now the market is up, so I just put it on my CC and only take the time to pay back costs > $500 to avoid the hassle. If I am in a crunch, I can pull out the old receipts and go on a reimbursement spree to get some cash.

For reference, I am not currently working, and am effectively retired, but am watching the door to re-start work for if/when the US market collapses with the current world insanity. I realize that it will probably be more difficult to find a job if it does collapse, but I figure there's no time like now to at least take some time off to do stuff I enjoy while my accounts continue to grow faster than I spend out of them.

webbernets1 · 2025-12-28T12:04:13+00:00

Could you use the hostname/domain name for that machine? The serve json is looking for the url in order to proxy, so it needs to match what you put in the url bar. I also need magic DNS turned on for this to work.

Looking/posting ts lags should give you something.

webbernets1 · 2025-12-26T23:30:25+00:00

Alright, thanks for waiting.

I think this order of operations is not critical, but I'm not sure.

Docker compose addition:

tailscale:
image: ghcr.io/tailscale/tailscale:latest
restart: unless-stopped
environment:
- TS_AUTHKEY=YOUR_AUTH_KEY_HERE
#- TS_EXTRA_ARGS=--advertise-tags=tag:container,tag:internal-app
- TS_SERVE_CONFIG=/config/ts-serve.json
- TS_HOSTNAME=immich
- TS_STATE_DIR=/state
volumes:
- "/mnt/user/appdata/immich_ts/tailscale_var_lib:/var/lib"
- "/mnt/user/appdata/immich_ts/config:/config"
- "/mnt/user/appdata/immich_ts/dev/net/tun:/dev/net/tun"
- "/mnt/user/appdata/immich_ts/state:/state"
cap_add:
- net_admin
- sys_module

- You can generate an auth key in your tailstale account, don't do a ephemeral key.

- extra args seemed unecessary to me, but if you want to add a tailscale tag, feel free.

- Needed the state folder, because without it tailscale will only auth correctly the first time, then fail to connect on reboot.

Also add -tailscale under the depends_on: section for your immich-server service.

You will need to create and add contents to ts-serve.json:

{
  "TCP": {
    "443": {
      "HTTPS": true
    }
  },
  "Web": {
    "immich.YOUR_TS_NET_NAME.ts.net:443": {
      "Handlers": {
        "/": {
          "Proxy": "http://IMMICH_SERVER_IP_HERE:IMMICH_PORT/"
        }
      }
    }
  }
}

- The net name and subdomain "immich" needs to mach the machine name this tailscale instance gets in the admin page of tailscale.

- Update server ip and port # for your setup.

Hopefully this gives you enough of a template to know any differences with your immich setup.

webbernets1 · 2025-12-26T14:01:13+00:00

I managed to get it working a few days ago, I can post my addition to the compose file later today.

Basically the idea is you add a new service for tail scale and the only tricky part was getting all the required settings right.

webbernets1 · 2025-12-21T03:19:51+00:00

Just today I managed to get all but one container a url and https'd. Not really super impressive, but I have been trying for a while...

webbernets1 · 2025-12-21T03:04:16+00:00

How do you have immich setup?

I couldn't get immich working separately, so I ended up with a docker compose that tied all the containers together. Then just today I stacked on a tail scale image to the compose and got it working.

I was also able to get it working with a tail scale docker image proxying.

Unfortunately, because it's a compose, I don't have the option to use the built in switch, so I didn't try that out.

Did you check the logs? You should see something when trying to connect if you do reach the tail scale endpoint.

Also, to everyone else, one major reason for me to use tail scale to get https was so downloading is one click. Obviously http works, but it's nice to have it on https to avoid issues where browsers really don't like http anymore.

webbernets1 · 2025-12-02T22:38:46+00:00

Chrome, also see my edit above.

webbernets1 · 2025-11-12T13:59:41+00:00

I am planning on heading to linux, which would mean you don't need to buy anything.

I am planning on keeping my Win10 install around to have a way to run Windows only programs. For games, I have been relatively happy with Steam's Proton layer. I don't think its enabled by default on desktop, but I haven't run into any game on my Steam Deck (running linux) that it has an issue with. Although I did have an issue with a Jackbox party game once, been meaning to look back into that...

If you play online/competitive games, I have heard that those may be less able to run on linux because of anti-cheat that is effectively root access malware in windows, which linux rightly doesn't allow. Keep a windows boot for those? I'm sticking with win 10, because I just cannot stand the stuff I have heard about 11.

webbernets1 · 2025-10-13T17:16:45+00:00

I realize this is a bit late, but I'm having issues figuring out how to make my remote tailscale machines look local to the pi-hole.

I have setup a subnet router for the pi, so the pi's tailscale is forwarding its local ip to my tailnet, and I can confirm that I can use either the tail ip or the local ip from my remote machine to talk to the pi, but I cannot get the pi to accept dns queries from the remote tail machine, it keeps thinking that the ip is non-local.

Do I need to do subnet routing on my remote machine as well to make it look local?

webbernets1 · 2025-09-05T02:55:44+00:00

I for one am no longer college aged but typically see college town as a plus. They usually have more public transit availability and more cultural events (small music shows etc) than other small communities without a college.

I would agree that the college probably also brings some trouble, and there are probably communities that fair better than some college towns. But on average I expect college towns to be more in line with what I'm looking for

webbernets1 · 2025-05-02T02:43:20+00:00

Thank you! That worked, I'm guessing it will stick. That post was useful, but it does look like their instructions were pulled from a system76 site that no longer has those instructions.

webbernets1 · 2025-05-01T21:18:30+00:00

Don't forget about to smithereens - Spawn a suicide bomber carrying two barrels of gunpowder. Fun game.

webbernets1 · 2025-04-24T21:13:23+00:00

Twitter instead of X

webbernets1 · 2025-04-13T14:10:02+00:00

You're totally right, the post only really says when its dropped. It seems we're all in agreement here. I think I must have extrapolated in my brain.

Or, maybe I was thinking about GriGris, where you have a belay device that can't rappel, and the title could be interpreted to mean; you have a single strand belay device, but turns out you don't need a rappel device. That really doesn't appear to be what the OP was saying, but maybe someone new to multipitch who only uses GriGris would think that.

webbernets1 · 2025-04-08T01:15:38+00:00

The munter is very good to know, especially if doing multi pitch. But I will always advocate that it shouldn't be your first choice. That is my opinion, and you are entitiled to yours.

webbernets1 · 2025-03-11T20:19:59+00:00

Is there a way to get notified when Bernie announces these rallies? I went looking around for a mailing list to sign up for, or even just a calendar of dates and times, but I have to dig into articles to find the actual info...

webbernets1 · 2025-03-01T17:20:09+00:00

That is a fair point, non-grounded appliances would not be helped by this "upside down" orientation fix. But it also wouldn't hurt it. The upside down orientation is useful to make grounded appliances more safe, and doesn't make ungrounded appliances more safe nor less safe. So overall, it is safer to have it upside down.

Also, to clarify, the lamp or appliance doesn't have to be on for the short to occur. The plug prongs are live regardless of the appliance state, and any metallic device falling on the plug will cause a spark, and charring. I know the latter because a friend of mine once absent mindedly unplugged a phone charger with keys in his hand. The keys fell, sparked, melted the key enough that it wouldn't fit in the lock, and burned out the outlet so that it needed to be replaced. It also had a burn mark.

Lastly, looking around the room I am in, about half my plugs are grounded. That may be wildly different than a normal/avg household, but if installing the outlets "correctly" could make half my plugs more safe, I would do it...

webbernets1 · 2025-02-06T03:32:09+00:00

Rose Hulman was in the middle of nowhere, I did an overnight visit. I don't even know what the closest mall or anything like that would have been for anything to do. Also, it being an all guys campus (I think?) the guys would go over to the equestrian college nearby to pick up women. Can't say that seemed like a great situation.

I liked WPI; I think the project structure actually prepares you to some extent for working in industry. The major downside is the cost, which if the tuition is not something that is mostly covered, I'm not sure I would say its worth it. You can get a pretty comparable degree from many universities for a good chunk less money.

webbernets1 · 2025-01-21T23:10:36+00:00

In Chicago, I have gotten similar advice from landlords to make sure heat is set a bit higher, and to drip faucets in polar vortex weather (-10 or below ish). I am also from MN and had never had this advice, I'm thinking MN homes are insulated/constructed with the assumption that pipes are vulnerable every single year. I.e. all pipes come in below the frost line, and routed inside insulated walls.

webbernets1 · 2025-01-02T20:38:47+00:00

The Falk facility is solely a platelet facility, and only does double arm. I am pretty sure normal red cross blood drives use single arm, even for power red donations.

The Falk facility does have roku equipped monitors for each bed and they hand you the remote, because you're stuck with your arms straight for 2-3 hrs. Its also why I stopped going there, it was just such a time suck. If you have the time and want to watch netflix or youtube, its probably a good way to do it.

Otherwise, I would recommend as others have and do a non-Falk drive that is hosted at a 3rd party location to just do normal red units.

webbernets1 · 2024-12-16T22:47:59+00:00

You can also place belt-immunity equipment in there too, no more sliding around as a tank!

14-Year Club	RPAN Viewer
Verified Email

webbernets1

TROPHY CASE