Story time! We recently bought a rural property with a burnt down house on it and are going up every few weekends to clean it up. I'm up there this morning picking up random sheet metal and yeeting it into the trash pile. Suddenly I hear frantic squeaks....I look, and I accidentally yeeted the cover of a squirrel nest (I think squirrel)! I got the baby, got it out of the baking sun and made a new nest under another piece of cover. Still, holding a baby squirrel so new it's eyes weren't open was pretty magical! The kids (I have a 7 year old girl and a 9 year old boy) got to each hold it for a second too! Ideally we wouldn't have touched it, but the existing cover was mega-gone and it had to be relocated to safety out of the sun, so we got some brush and put it under a smaller wood plank right near where we found it, hopefully it's mom finds it, no one will be up there for the next few weeks so it won't be disturbed by people again.

Hey there, I've been on a networking journey that has, over a few years, taken me from simple unmanaged networking, to managed networking, to advanced VLAN management. It's all been self taught, but mostly successful. However, I've gotten myself into a bit of a pickle and I'm hitting a wall in troubleshooting. Apologies for the length of the post, however I want to provide as much detail as possible.

High level, I have several /16 vlans for things. VLAN 99 is networking, 2, is servers, 4 is clients, 6 is wireguard clients, and there are some others. They're all 10.99.0.0/16 with a gateway at 10.99.1.254, etc.

I have had a very old Netgear Layer3 switch for some time. I've replaced it with a Brocade ICX6610, mostly so I can move my storage infrastructure to 10G fiber (I have a small hypervisor cluster). I had done a ton of preparatory work to configure the new L3 switch so that it could just be dropped in place of the old one; this was MOSTLY successful...

...However, in doing that I broke the connection to my opnsense firewall and sort of had to redo that piece from scratch. During my planning, I didn't realize some of the config changes I'd made would require changes on the firewall, and after the cut over I was locked out of the firewall. This is all my fault; that's the piece of this I understand the least, and I had followed dodgy guides when getting it to initially work. I have a backup in xml format, but even having that I'm realizing what I had been doing didn't make sense. Previously, I had a firewall interface on all of my vlans and the trunk going to it was carrying all the VLANS. Now, I set this up with only 2 vlans going to the firewall, the networking vlan and the wireguard vlan, as it seems to make more sense with my understanding of how Layer 3 routing works. All routing should happen on the Brocade L3 switch. The firewall itself has 4 physical ports, 1 going to my comcast gateway, and 2 in an LACP lagg going to my L3 switch. (I have a single interface right now going to the L3 switch separately for troubleshooting, removing the LACP lag as a complexity source).

So, in recovering this, I had to get into the firewall at the console and re-define the interfaces and IP's. I got this to work, but at this point I had tons of connection problems which I didn't understand fully. I have found some of opnsense's configuration to be a bit obfuscating, which I think is making my learning more difficult. The following were put in place:

• The "LAN" interface was given a static 10.99.1.40/16 IP, and an upstream gateway was defined at 10.99.1.254.
• The "WAN" interface was given DHCP, and is up and works

Once I recovered the connection to the web interface I had to make the following changes:

• Under the "Firewall" sidebar, under "Aliases", I defined each of my VLANS/Subnets with a CIDR notation and a name.
• Under the "Firewall" sidebar, under "NAT" and then under "Outbound" I switched the mode to "hybrid" and added a rule for each of my vlans on the "LAN" interface, with the "Source" being the aliases defined above, and the target (NAT Address) being the "WAN address"
• Under the "Firewall" sidebar, under "NAT" and then under "Port Forward" I added some port forward rules.
• While it's outside the scope of my immediate troubleshooting, I had a working WireGuard setup. I have an interface defined for it on that VLAN, and a second gateway defined at 10.6.1.254. It's all set up according to the opnsense documentation, and I can connect from the WAN and can access any resources on the LAN.

So onto the problem...I can access the internet from almost all of my LAN clients. I can access LAN clients via the port forward rules from the WAN. The firewall itself CANNOT access the WAN; for example, I can't check for updates. I can access the firewall web interface from anywhere on the LAN, I can ssh to the firewall from anywhere on the LAN, but once I'm ssh'd in, I can't ping back to the client I'm connecting from. The firewall CAN ping things like 8.8.8.8, but as my DNS resolver is on the LAN, DNS queries from the firewall fail. I believe in a related note, my WireGuard clients can access anything on the LAN, but cannot connect to anything on the WAN.

I believe this has to do with outbound routes from the firewall, but any time I mess with it I end up locking myself out and having to reset interfaces from the console. I tried defining some static routes in "System" -> "Routes" -> "Configuration" but that isn't working. I'm kind of stumped and have been looking at it so long that I don't think more reading and configuring is going to help me anymore. I'll post some screenshots of rules and routes as well (you'll be able to see various things enabled/disabled for experimentation), but I'm kind of in over my head and need some help.

I paid for Puzzle Quest 2 on android like a decade+ ago. It is a local single-player game. It has a validation check when you open the app. That check fails because this game is ancient and the servers are offline.

I want to replay the game I paid for. I have the APK from an APK site. It's even been pulled from steam to push their crappy p2w pq3. Anyone have tricks to crank an APK and bypass a server check? I've decompiled the APK but am in a bit over my head.

Question is in the title, I am a fan of a channel and would like to automatically connect to the swarm and support the broadcast even if I am not watching live. I seem to remember a project that ran in docker and kind of acted like a cdn node for a channel, but I can't find it now. Anyone know of such a solution?

I wrote this a Christmas or two ago and thought it would be nice to share to any of us out there dutifully on call.

'Twas the night before Cristmas and all 'cross the web
I was browsing through Discord, installed from a deb
Not a user was working; the servers were quiet
I perused a new webapp, thinking to try it
When just like the spider, my senses did tingle
Somewhere I knew of the plight of Chris Kringle
I jumped out my chair, nearly fell 'ver my pooch
Waded through wires and gave boxes a scooch
I got out the door and eyes raised towards my roof
What I saw was a joke, certainly just a goof
For a fat jolly man sat so pondering prone
With a quizzical look he was locked to his phone
Not certain my role here not wanting to bother
But asserting my role in this house as the father
I shouted up top "Hey there Santa, what's cookin?
Do you need some help? There's concern how you're lookin?"
He called down to me "Oh shucks there dear boy
I hate this here phone, this ridiculous toy
The elves say to use it to guide my big flight
But I can't seem see it cuz the screen's not too bright.
It's always rerouting, about traffic it's warning,
At this rate I'll still have the toys by the morning!
My route's in the air not on parkways below,
And I'll not be deterred by rain sleet or snow."
"Well Santa," I said only wanting to help
"The reviews for sleigh flight are quite poor here on Yelp.
What you need it to switch your nav mode to airborne,
Not walking or driving, so don't be forlorn.
Just unlock the screen and hand it to me,
I'll get you fixed up and erase your worry."
He handed it to me and to my surprise
Not an android or iphone sat front of my eyes
But a candy cane brick whose innards were magic
I worried for now of an outcome most tragic
But just then I spied it way up at the top
The icon whose presence made mystery stop
"Santa look up here this tiny white car,
'Tis the icon that's stopping you from getting far.
You're mapping as if you're a car on the ground
Which is not too correct for you getting around.
We can change it to sleigh flight by tapping right here,
It'll also find stops where to rest your reindeer!
Let's crank up the brightness by moving this slider
To help your eyes rest and not stay open wider.
Lastly let's stream you some music to play,
Maybe TSO? How 'bout Michael Buble?"
A genuine smile platered St. Nicholas' face
His worries were gone, vanished not with a trace.
"On this night here my friend you feel proud of yourself
The magic you did is like that of an elf!
I'm awed how you fix all this digital stuff,
I used to think reindeer and stockings were tough,
But now I can see that the world is a changing
And the skills that I use need to do some exchanging.
Now that it's working I really must go
To deliver the presents 'fore roosters will crow.
Speaking of morning, why are you awake?
'Tis well after midnight unless I mistake?"
I had but a chuckle, "Oh Santa don't dread,
For I'm an IT guy and hate going to bed!
There's a little more lemmy and masto to browsey
I'll likely spend 3 to 4 hours this drowsy!"
He chuckled, "OK, if that's how it works
You enjoy all your trolling, browsing and lurks!"
He hopped on his ride, took a seat, grabbed a reign
And started to hum with Mariah's refrain.
As he took to the air he gave pause to his song,
"Merry christmas to you, may your uptimes be long!"

I've been struggling with getting a completely self-sustaining VNC server working on Ubuntu mate, and I'd like some advice from anyone who has been down this road before. My target platform is Ubuntu Mate, and it is a combination of VM's and old laptops that may still have local sessions. I've landed on TigerVNC due to dynamic resolution support (to eventually pair with apache Guacamole), and specifically do NOT want to use x0vncserver as I want this to be separate from the local session should one exist on the laptops.

Ideally, this would be a systemd service for a couple of users. To the best I can tell, I would need a different systemd unit file per user account, which is fine (it'd be easy enough to create a mapping for user to session across systems; when you start a session my user could always be display 10 at 5910 and my wife's could be 11 at 5911, etc). I have seen a LOT of struggle with this, particularly in recent ubuntu, because of some changes. Specifically, this cannot be a user systemd service as those do not run until the user logs in, and I want these started at boot. I've followed these guides below:

https://bytexd.com/how-to-install-configure-vnc-server-on-ubuntu/ https://superuser.com/a/1724271

At this time, my systemd unit looks like this:

/etc/systemd/system/vncserver.service

[Unit]
Description=TigerVNC Server
After=syslog.target network.target

[Service]
Type=simple
User=surfrock66
Group=surfrock66

WorkingDirectory=/home/surfrock66
PIDFile=/home/surfrock66/.vnc/%H%i.pid

ExecStartPre=-/usr/bin/vncserver -kill :%i
ExecStart=/usr/bin/vncserver -localhost no :%i
ExecStop=/usr/bin/vncserver -kill :%i

[Install]
WantedBy=multi-user.target

At this time, my xstartup file looks like this:

#!/bin/sh
unset DBUS_SESSION_BUS_ADDRESS
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey 
vncconfig -iconic &
x-terminal-emulator -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
x-window-manager &
/usr/bin/mate-session 

This works when my user launches the vncserver from the terminal, but when launching from a systemd service, it fails to start. I believe this is somehow due to user environment variables not being set; I've seen some guides recommending running the execStart commands as "su -l surfrock66 " to force the user's environment, but I have nothing to support that. Here's the front of the log file for the systemd service when I try to start it:

Oct 17 15:58:11 hostname.subdomain.domain.com vncserver[12983]: New Xtigervnc server 'hostname.subdomain.domain.com:1 (surfrock66)' on port 5901 for display :1.
Oct 17 15:58:11 hostname.subdomain.domain.com vncserver[12983]: Use xtigervncviewer -SecurityTypes VncAuth,TLSVnc -passwd /tmp/tigervnc.WITIzx/passwd hostname.subdomain.domain.com:1 to connect to the VNC server.
Oct 17 15:58:11 hostname.subdomain.domain.com dbus-daemon[13000]: [session uid=1000 pid=12998] Activating service name='org.a11y.Bus' requested by ':1.0' (uid=1000 pid=12995 comm="x-window-manager")
Oct 17 15:58:11 hostname.subdomain.domain.com dbus-daemon[13000]: [session uid=1000 pid=12998] Successfully activated service 'org.a11y.Bus'
Oct 17 15:58:11 hostname.subdomain.domain.com dbus-daemon[13000]: [session uid=1000 pid=12998] Activating service name='org.freedesktop.systemd1' requested by ':1.4' (uid=1000 pid=12996 comm="/usr/bin/mate-session")
Oct 17 15:58:11 hostname.subdomain.domain.com dbus-daemon[13000]: [session uid=1000 pid=12998] Activated service 'org.freedesktop.systemd1' failed: Process org.freedesktop.systemd1 exited with status 1
Oct 17 15:58:11 hostname.subdomain.domain.com org.a11y.Bus[13008]: dbus-daemon[13008]: Activating service name='org.a11y.atspi.Registry' requested by ':1.0' (uid=1000 pid=12995 comm="x-window-manager")
Oct 17 15:58:11 hostname.subdomain.domain.com org.a11y.Bus[13008]: dbus-daemon[13008]: Successfully activated service 'org.a11y.atspi.Registry'
Oct 17 15:58:11 hostname.subdomain.domain.com org.a11y.Bus[13024]: SpiRegistry daemon is running with well-known name - org.a11y.atspi.Registry
Oct 17 15:58:11 hostname.subdomain.domain.com dbus-daemon[13000]: [session uid=1000 pid=12998] Activating service name='org.freedesktop.systemd1' requested by ':1.5' (uid=1000 pid=12996 comm="/usr/bin/mate-session")
Oct 17 15:58:11 hostname.subdomain.domain.com dbus-daemon[13000]: [session uid=1000 pid=12998] Activated service 'org.freedesktop.systemd1' failed: Process org.freedesktop.systemd1 exited with status 1
Oct 17 15:58:11 hostname.subdomain.domain.com dbus-daemon[13000]: [session uid=1000 pid=12998] Activating service name='org.freedesktop.systemd1' requested by ':1.5' (uid=1000 pid=12996 comm="/usr/bin/mate-session")
Oct 17 15:58:11 hostname.subdomain.domain.com dbus-daemon[13000]: [session uid=1000 pid=12998] Activated service 'org.freedesktop.systemd1' failed: Process org.freedesktop.systemd1 exited with status 1
Oct 17 15:58:11 hostname.subdomain.domain.com dbus-daemon[13000]: [session uid=1000 pid=12998] Activating service name='org.freedesktop.systemd1' requested by ':1.5' (uid=1000 pid=12996 comm="/usr/bin/mate-session")
Oct 17 15:58:11 hostname.subdomain.domain.com dbus-daemon[13000]: [session uid=1000 pid=12998] Activated service 'org.freedesktop.systemd1' failed: Process org.freedesktop.systemd1 exited with status 1
Oct 17 15:58:11 hostname.subdomain.domain.com dbus-daemon[13000]: [session uid=1000 pid=12998] Activating service name='ca.desrt.dconf' requested by ':1.5' (uid=1000 pid=12996 comm="/usr/bin/mate-session")
Oct 17 15:58:11 hostname.subdomain.domain.com dbus-daemon[13000]: [session uid=1000 pid=12998] Successfully activated service 'ca.desrt.dconf'
Oct 17 15:58:11 hostname.subdomain.domain.com dbus-daemon[13000]: [session uid=1000 pid=12998] Activating service name='org.freedesktop.systemd1' requested by ':1.5' (uid=1000 pid=12996 comm="/usr/bin/mate-session")
Oct 17 15:58:11 hostname.subdomain.domain.com dbus-daemon[13000]: [session uid=1000 pid=12998] Activated service 'org.freedesktop.systemd1' failed: Process org.freedesktop.systemd1 exited with status 1
Oct 17 15:58:11 hostname.subdomain.domain.com dbus-daemon[13000]: [session uid=1000 pid=12998] Activating service name='org.freedesktop.systemd1' requested by ':1.5' (uid=1000 pid=12996 comm="/usr/bin/mate-session")
Oct 17 15:58:11 hostname.subdomain.domain.com dbus-daemon[13000]: [session uid=1000 pid=12998] Activated service 'org.freedesktop.systemd1' failed: Process org.freedesktop.systemd1 exited with status 1
Oct 17 15:58:11 hostname.subdomain.domain.com mate-session[12996]: WARNING: Could not parse desktop file /home/surfrock66/.config/autostart/wicd-tray.desktop: Key file does not have key “Name” in group “Desktop Entry”
Oct 17 15:58:11 hostname.subdomain.domain.com mate-session[12996]: GLib-GObject-CRITICAL: Custom constructor for class GsmAutostartApp returned NULL (which is invalid). Please use GInitable instead.
Oct 17 15:58:11 hostname.subdomain.domain.com mate-session[12996]: WARNING: could not read /home/surfrock66/.config/autostart/wicd-tray.desktop
Oct 17 15:58:11 hostname.subdomain.domain.com mate-session[12996]: WARNING: Unable to find provider 'marco-compton' of required component 'windowmanager'
Oct 17 15:58:11 hostname.subdomain.domain.com mate-session[12996]: WARNING: Unable to find provider '' of required component 'dock'

This was news to me so I thought I'd share:

Everyone, there will be MQTT name changes in the next release of the software. There is nothing to worry about, your names are safe. However the change caused addons like Z2M (and other MQTT integrations) to update their discovery information. As it stands, Z2M will not be able to release a version with this fix until September 2023. During that time a warning will be in your logs indicating that there is an issue. You can safely ignore this warning. As of this writing, there may also be an accompanied repair. You can also safely ignore this repair.

Once Z2M updates, the warnings will go away.

Again, during this whole transition period, your names and the default device names should not change. Please keep us informed if they do change.