CoopaLoopa

+1 for Mikrotik.

Get one of their routers that have an Arm or x86 processor and you can run PiHole and a DDNS updater on there as containers. Wireguard support (client and server) is built in.

Even their cheapest hardware that runs routerOS has access to all the same features as their enterprise level gear.

Every time I see a Kia Soul in my rearview I know they’re going to be tailgating like an asshole and using turn lanes to pass traffic.

Spent a full day setting up Nextcloud so I could file sync my machines and share files externally. It was slow as hell and didn’t work half the time.

Spent 10 minutes spinning up Syncthing and FileBrowser containers and have had zero issues with them since.

Yup. Our RMM tools work best on Windows machines. Honestly, Linux is fine too, but MacOS is the worst to manage.

If anything needs to be modified/deployed on MacOS, I have to create a new PPPC and deploy it through Intune/Jamf/Addigy, otherwise you can guarantee the end user won’t accept the correct security prompts and things won’t work.

Damn, just reminded me how much I used to type while trying to buy/sell stuff in RuneScape.

Banks were just covered in walls of text before the GE existed.

This is specifically an issue with corporate M365 accounts when a user tries to migrate to a new phone without access to the old phone where the authenticator was setup.

Personal MS accounts can backup their auth secret keys to cloud storage, and when signing in on a new device, it authenticates you with your cloud storage (Google/Apple) and properly restores your MS Authenticator app.

The issue is that while MS says you can backup your corporate M365 accounts in MS Authenticator, it doesnt actually store the secret key, so it’s useless.

Have your administrator enable TAP (Temporary Access Passwords) on the tenant. Then an M365 admin can create a TAP for your account that lets you login without a password/2FA. You can use the TAP to login and rejoin MS Authenticator app. The TAP expires in 1 hour by default.

^ Your M365 admin needs to know where to manage the specific authentication methods and be sure to disable MS auth rollouts. By default right now, authentication rollouts are enabled on all tenants with P1 licensing or above, and it only supports the MS Authenticator app.

Once that rollout is disabled, the authentication methods your admin has made available to you will actually work properly.

The Oracle Cloud VPS only has SSH key authentication enabled by default. You can also set it to only allow SSH from your home IP in the virtual firewall before the machine is ever spun up.

Their current free ARM offering is 1 machine with 4-cores and 24gb RAM for life. You can also add another 2 AMD machines with 1-core and 1gb RAM and still be in their free-tier.

If you’re going to set it up and take advantage of the ARM machine, make sure you pick a home location for your account that has multiple availability zones. San Fran right now only has 1 zone, so if the shared ARM instances are all used up, you’ll have to wait a few days and try again. Phoenix I think has 3, so you can try with another zone right away.

Edge/IE run some underlying services for built-in windows features, so uninstalling them can cause issues with completely different parts of the OS.

Ran into an issue with a client still running Office 2016 where uninstalling IE11 prevented them from opening any links within those apps. Office was harcoded to look at IE for link handling and didn’t respect the setting for your default browser.

For sure iRST. Will sometimes need the chipset driver to detect the SSD/HDD during install when that’s enabled.

For Lenovo, install Win10 from a USB, install Lenovo Vantage, hit update. For Dell, install Win10 from a USB, install Dell Command Update, hit update.

Manuallyneeding to find and install drivers stopped being a thing after Win10 1709, which was 6 years ago at this point. Win10 will almost always get you fully updated drivers if you just keep hitting Windows Update on a fresh install.

M1 and M2 Macs have some of the worst pre-boot and recovery options I have ever seen.

If a BIOS update fails on them, they don’t have any redundancy to fail back to a working BIOS. This has been standard on every business machine for at least 5 years. On any Dell or Lenovo machine, if your BIOS becomes borked, it either auto-recovers from a previous BIOS that is stored on your HDD/SSD, or it allows you to insert a USB drive with the BIOS on it and recovers from there.

The Mac BIOS can update during a standard OS update without indicating that you’ll brick the machine if it powers off for any reason.

I had someone with a failed update on an M2 Mac that left the machine without a BIOS entirely. To recover, you need another Mac machine with USBC so you can plug them into each other and run Apple Configurator 2 to start a complete redownload of the OS to recover from.

It’s at least an hour long process for something that should take 5 minutes to fix. Also, it requires another Mac, you can’t run the recovery from any other OS.

Absolute baloney from Apple.

Where I’m at, a Costco membership pays for itself in 2 months with the savings on gasoline alone. Costco gas is nearly a full dollar cheaper per gallon than any other gas station around.

Also, try shopping in Costco without a cart. You’ll only be able to carry 2-3 things and it helps stop me from overbuying a bunch of stuff.

Costco is a religion and I’m all for it.

Your second wish already exists. It’s made by a company called nexdock. I think you can plug your phone in or run it over bluetooth/WiFi.

https://nexdock.com/

Using a Pi3b to run AdGuard Home and a TailScale subnet router.

I’ve got another Pi3b running Octoprint/Klipper for a 3d printer, but I’m currently migrating that to Mainsail running on an old SFF PC so I can run multiple printers with Klipper off the same PC.

The rest of my stack is on an actual server running UnRaid with like 50tb raw storage.

I will say that TailScale has been annoying asf with their subnet router setup not actually forcing the correct DNS for AdGuard Home so I can have ad-blocking while away from home. I had to move back to a pure Wireguard setup directly on my router for DNS to work properly.

Middle schoolers (age 11-14) just rip around on 2-stroke dirt bikes where I’m at. Even a 100cc dirt bike will hit 50mph at WOT.

At least e-bikes aren’t noisy like the awful buzz of a 2-stroke a half-mile away.

OpenSSH runs on windows server as well. You can definitely SSH in to run commands.

Or just use VSCode to run remote terminals and never leave your own VSCode instance to fully manage all your servers, Windows and Linux.

I use an Antec P101. It can fit 8 3.5" drives with a couple 2.5" drives on the back of the MOBO tray.

Fair warning, this thing is fucking huge. Didn’t realize how big it was when I bought it, but I needed the extra drive bays, so its kinda necessary.

I’m surprised more people in the selfhosting community aren’t recommending Mikrotik.

Their cheapest routers have all the same software features as their enterprise gear. They’re also one of the only companies who makes most of their routers and switches capable of being powered with POE in and redundant DC power.

All of their newer ARM based routers support running docker containers natively on the routers extra features. You can run PiHole/AdGuard, nginx, tailscale, etc. directly on your routers hardware.

I’ve been running a hexS for 3 years without any issues. I run multiple VLANs and wireguard directly on it, and it has an SFP port that I can use for an ONT module to get a fiber connection directly to my router from my ISP. I think it cost me $60 when I bought it.

Docker containers running the -arrs and Plex live on the SSDs so they load faster. Downloads are cached to SSDs so that read/write speed isn’t a limit when lots of downloads are running simultaneously. The downloads then get moved to a spinning disk array for long term storage whenever Unraid runs it’s ‘mover’ operation.