TVA

For a camera I’ve got that I don’t care too much about, I had to give it a ~50KB network connection out and then it gets its handshake, but, doesn’t have a good enough connection to actually upload video and then all the local features stay working. Eventually, I’ll replace it, but, it’s monitoring a place that I don’t care about too much, so, it’s low on the priority list.

Unfortunately, a light doesn’t need much in the way of a connection to begin with, but, if it needs some kind of handshake, maybe you can watch the traffic with Wireshark and whitelist that specific traffic or see if someone else has done the work for it (a quick search didn’t show anything for me, but, I haven’t gone in depth or anything)

Yeah, I had a overall bad experience with everything being buggy and then even devices that weren’t connected to tailscale would start trying to ping the tailnet address instead of the local (wasn’t using their funky bridge subnets feature or whatever it’s called, so I don’t know why it would happen).

Their magicDNS is cool in theory but caused me nothing but problems. Once I turned off their DNS and set up my own DNS server for it though, it’s gotten to basically be as seamless as they claim it’s supposed to be from the start. I’m no longer having any issues with it at all.

I use Weechat with Glowing Bear as a webui frontend for it, which is pretty convenient.

Absolutely! That’s probably the best compromise to make it easier without risking something breaking or not working as expected

Maybe, but there is always the possibility that Downloads and downloads both exist in that path and in a case sensitive file system, those are going to be two completely different directories, so adding that obfuscation on top might wind up biting you later.

I just followed their instructions and on 2 of the nodes in my cluster, I migrated all VMs/LXCs off and then did the upgrade and they went through without a hitch. For the last one, I just YOLO’d it and powered off the VMs/LXCs and upgraded it and it also went through without a hitch.

One thing I did find interesting was the systemd-boot packages needed to be removed and were on 2/3 of the machines. I basically intentionally keep their config as close to identical as possible, so I have no clue why it was only needed on 2 of them.

One of the nice things about ProxMox is that you can also set up a cluster. When OP outgrows it, they can just add a new machine to the cluster and just migrate some VMs over to it.

The security here is the WiFi password anything that connects to LAN gets a LAN vlan tag. but it’s not like anything that connects to any of the SSIDs can get the DHCP lease of some random device on any vlan cuz it got tagged before. Or am I missing something?

That sounds accurate. I have all my devices assigned a specific IP address, based on their MAC address, but that’s only per-interface. The other interfaces aren’t aware of my assignments for each other.

If I connect my phone to my LAN SSID, it’ll get its assigned IP, but if I connect it to the NOT [network of things, no internet access] SSID, it’ll get assigned a new address out of the DHCP pool because I haven’t assigned it an IP on that interface, until I assign it an IP. But, which VLAN it’s connected to will determine which IP its getting, and it still requires me to know the passwords for each SSID.

I believe where you’re getting confused is that a some businesses (or homelabs) might use a RADIUS server which will be more like this: ONE_SINGLE_SSID-Broadcast -> Device connects -> RADIUS Server detects account/certificate/MAC -> RADIUS Server assigns interface -> Device connects to VLAN the RADIUS server granted it access to

So, in that scenario, if the ONLY thing that’s being used to validate the access is the devices MAC address, just changing the MAC address will effectively grant a completely different level of access with nothing else changing. Most people in a homelab (and even plenty of larger businesses) aren’t running the infrastructure to do this though, they’re just effectively connecting a VLAN to a port and then that port can only be used to connect to that VLAN. They’re doing the same with the WiFi SSIDs where each SSID connects directly to the VLAN.

Usually though, for places that are implementing the RADIUS server, they’ll also install a certificate on their devices and the certificate needs to be in place in order to get certain access otherwise the RADIUS server will authorize less permissive access or just won’t allow access at all. Or, it’ll also need a user to log in to gain additional access.

For wired, the company may also implement port locking where the port will only allow a certain amount of MAC addresses to connect (presumably one unless there is also a VOICE VLAN with a phone being used, in which case it’d be two) where if you change your MAC address (or connect a different device), the port will lock and won’t power POE devices and won’t allow connectivity until an admin clears the lock. It’s possible that they may have multiple VLANs allowed on the port and client side you can change VLANs, but, this isn’t typically done on all ports, usually only on trusted ports or ports that need the multiple VLANs (my VM server for instance has access to a port that’ll allow multiple VLANs and I just enter the tag I need when I create the VM). This would be similar to your WiFi scenario, the port with the WAP connected to it will have access to multiple VLANs and then those WLANs just connect to the VLAN that they’re assigned to.

TL;DR - Typically one wireless SSID connects to one VLAN and if you want to jump to the other VLAN you’d need to connect to the other SSID, so you still have the individual passwords protecting you. On wired, typically VLANs are assigned per port and you can’t jump between then, but where they aren’t, it should be in a planned way and not just every port having access to every VLAN. Bad implementations exist though, so, anything is possible.

I haven’t bought anything pre-built besides an Alienware laptop a decade or so ago, so, I have absolutely no idea what OP is talking about with:

• crystal-facet enclosures
• overall showiness

My cases are clean and I guess you could see the font on the video card if you looked into the case, but, the RGB just shines out and you don’t really have a reason to look in. The other two gaming systems I have in the house, I disabled the RGB and again, I’m not looking into the case frequently, so I don’t know that tacky fonts even register on my radar.

Keyboards/mice - again, RGB is all that’s really noticeable and that can almost always be turned off.

So, my guess is people don’t care for OPs prompt, but it kicked off their desire to talk about the only bit that is actually noticeable and that’s the RGB, if they didn’t disable it.

ETA: And that’s assuming people actually read the whole two sentences that OP wrote and didn’t just stop at the title.

VMs can also be live migrated to another server in the cluster with no downtime and backups don’t need to take the VM down to do their thing. If in the future you want to move to physical hardware, you can use something like Clonezilla to back it up (not needed often, but still, something to consider).

Both have their places, but those factors are the main ones that come into play of when I want to use a VM or LXC.

To make it worse, it’ll quickly get figured out and people will be calling in “oh my God! he’s trying to kill me”, get transferred to a person and be like “so, it’s 3pm in a Saturday and my neighbors are playing their music too loud!”

I called Comcast and it was horrible

human, operator, GET HUMAN, person, technician, for fucks sake! Bomb? Give me a fucking human!

Nope, nothin, mashing 0 on the keypad also did nothing.

They’ve done this once before and walked it back.

Out of that decision and the backlash came the metrics, so they’d be able to make informed decisions before depreciating something.

Last time, I used Core (IIRC, it wasn’t even called Core back then) and was quite upset. Before they walked it back, I switched to the OS version and don’t really regret it. If their metrics now tell them that core isn’t worth supporting, it probably isn’t, but I definitely understand being upset about it.

It definitely sucks that the system that’s supposed to be about giving users freedom and options is removing some.

ETA: Backups also make this whole thing so much easier now. Back then, backing up and restoring core meant manually copying a bunch of files, but now, it’s a completely different and easier experience.

Sorry, I didn’t mean to insinuate you were being insulting!

“Don’t feel crazy/bad/dumb, I’ve had the same thing happen to me!” is a pretty common phrasing in my region to show sympathy and understanding and I thought that’s what you had meant (and it sounds like for your area, ‘pregnant’ serves the same general purpose!).

It’s always crazy how that happens sometimes and after weeks of banging your head, everything just ‘clicks’ when you’re exposed to the information in the way that works best for you!

Dude, don’t feel pregnant.

Context clues, I assumed this autocorrect was some variation of crazy/bad/dumb? :-D

Weirdness: My Authentik instance had a PostgreSQL upgrade prerequisite in order to update it.

I’d followed instructions 3-4 times completely unsuccessfully and had to keep reverting to backup.

So, I gave up for a couple weeks and left it be in order to get over my frustration.

Yesterday, I followed the instructions again. As far as I can tell, I did nothing different than I’d tried previously and it worked first try and then I was also able to upgrade Authentik.

NOTE: The instructions aren’t exactly difficult! So, I don’t see how I’d have gotten it wrong!

It made kids afraid to swim in swimming pools!

Jaws and those notes hit something primal

A lot of people don’t have a fully offline setup and still have at least some devices that talk to the cloud. If that’s the case, if they make any changes, HA has to also update in response to those changes, so they really can’t treat it as an ‘appliance’ that can just sit there.

HA devs are also pretty frequently updating HA to make it better (better dashboards, better methods to create automations, etc…) and if you update at least every couple of months you’ll be able to adapt pretty easily.

Mine will largely function without internet, at least it will for anything needed, but does still need WiFi, but, I still keep it up to date. They’re also constantly updating and adding services that it can tie into, so, keeping up to date adds a lot of features you may not have even known you needed/wanted.

2.1.4 is fixing things in 2.1.3 and when those broken things effect you because you decided to install a known buggy version, then you’ll shift the complaint that it shouldn’t have let you install the broken one that would have effected you.

Pay attention to the update notes and let the system take backups, that’ll cover you 99% of the time.

I had something similar happen with a Node-Red update a few years ago and I stopped allowing automatic updates and started reading the notes and being proactive about my updates and have had zero issues since because I ensure my system is ready for the updates first.

In my experience, Zoomers largely lack a lot of computer skills (specifically in troubleshooting), but, for me the huge difference between them and the older folks has been that the older folks will say things like “I’m just not a computer person ::laugh::” and refuse to be shown how to do anything whereas the Zoomer just doesn’t know, yet, but are more than willing to learn.

ETA: NOTE: that’s just the generalized trend … some of the most knowledgeable technical people I’ve met are Boomers and some of the best computer techs I’ve worked with have been Zoomers.