This is interesting to me as the IT support for my family. I have been considering using MDM to provision Wi-Fi credentials and other device configurations. 3rd party solutions are a little bit too much for what I need.
Apple Business Essentials with AppleCare+ for 3 devices and 200GB iCloud storage is $19.99 per user/mo. That's the same price as AppleCare One alone.
I wanted to use the existing ABE product for exactly that, especially as you can actually lockdown apple devices properly to stop teens from undoing VPN settings etc … however it’s explicitly against their policies to use ABE for personal devices and I’d guess the same for this new iteration of it.
I have a GL.iNet travel router. When I am not travel, it connects to the router's second WAN port. If my main internet goes down, it takes me 30 seconds to tether my phone and failover manually. My carrier detects and throttles hotspot traffic by measuring packets TTL, so I tweaks the router's iptables to dodge that. Typically I get over 400 Mbps.
From time to time I get the itch to improve my home network uptime, and I have to keep reminding myself that the current setup is fine.
(Tangential, regarding GL.Net routers: I find it satisfying that these routers run OpenWRT out of the box, and top the "Travel routers" category on Amazon: "Overall Pick" and "Amazon's Choice".)
I run several GL.Net routers in a mesh across two continents, some have Starlink and cellular, some on regular ol' fiber. They are bulletproof, highly recommend.
It's probably because usually normal people don't but routers because they get them included in their internet subscription. So the people buying them have a specific reason to that normal routers don't do
It's a travel router which power users buy to get good connectivity away from home and office. An hotel won't offer you that (and chances are that they'll try to rip you off on their wifi).
Assuming you can find an Ethernet port to supply it, that is. Most hotels don't make them easy to find and use, if they even have them.
More common is that you use the travel router to connect to hotel WiFi and then share out that connection. It's slower than using directly, but it's great for family travel since you can name your travel SSID the same as your home network - all your usual devices will connect automatically, and will use any whole-connection VPN you have set up (most of the gl.inets will do Wireguard, OpenVPN, and Tailscale that I know of straight out of the box, and they will let you into luci or via SSH to configure the underlying OpenWRT directly for anything else). And, of course, it's just one device for hotels that try to limit the number of devices you use.
As far as travel and hotel goes, another huge benefit is that the router enables devices without captive portal support, on a recent trip I can use:
- Fi base station for my dogs trackers (huge for me)
- FireTV stick (no need to trust hotel streaming apps will clear your credentials like they claim)
Also I can WireGuard back home automatically for select IP ranges (no need to configure WireGuard separately on many of my devices)
Thank you for explaining this, I had always wondered how a carrier could tell a device was tethered if a router was not passing on tethered device details.
Another way to do it is to look for requests to domains that phones never access but desktops/laptops often do. Windows Update is the most common, but you could probably do apt package repositories or whatever.
I have a friend that is also curious. Their fibre cable was cut by addicts trying to find a source of copper that took a few days to be repaired. Using their hot spot during the outage used up their allotted hot spot bandwidth for the month. My friend would be very interested in how to avoid potential down time in the future.
Might I suggest an email address added to your HN profile, lest a publicly posted reply result in observation by a nefarious telecom employee who just might obviate the proposed solution to your friend’s conundrum.
I have AT&T Fiber and 99% of the time it's fantastic, but there are several instances of 30-60 second downtime a day and I have a 5G modem with a Google Fi data sim as a backup. Failover is nearly-instant with a Unifi UDM.
The data sim costs nothing extra on top of my cellular plan and just counts towards my (already very generous) monthly limit of 50GB.
Pulled the thread on this a bit and it seems that it will be highly carrier-dependent and will likely be flakey if it works at all.
TTL is one of the simplest methods carriers use to detect if there's an extra hop but very unlikely to be their only line of defense against methods like this.
I used to be the cool tech guy in school because I memorized the tutorial to jailbreak iPhone or to cheat in games with a memory editor. You know, stuff like "when you see this screen, click that icon", "find row 5 and change the second value to 0", or "open terminal, copy paste this command and hit enter". I don't think I learned anything useful from those.
You learned that such things are even possible, and you learned that other people saw you as the cool tech guy just because you took time to memorise that stuff.
Well, sure. Maybe you're the kid in the article who opened Xcode and Blender and Final Cut, but it didn't click for you. Of course not everything is for everyone, but it doesn't prove exploring the limits like that is a bad thing.
Capital One does this to me as well, but at least they make it clear so I actually understanding what they mean ("You haven't opened an email from us lately...").
It's fine, Capital One. I did open your emails, I just didn't load your shady tracking pixels.
Ditto, I get them all the time and just ignore them. I actually have a gmail rule that if it sees that phrase it marks it read and deletes it. Them not knowing if I read an email is not a problem I need to solve.
A gitops repo can never be the reflection of the system's actual state. It's a desired state your humans want the system to reach eventually, sometimes defined very loosely. This is the idea since Weaveworks invented the term years ago. Unfortunately I admit it's not very intuitive, especially to engineers who are not super familiar with declarative systems.
I used to be on the side of single NUC, but when my self hosted services became important enough, I realized I need to take security and reliability seriously, you know, all the SysAdmin/SRE stuff, and that's when I started moving to "that side".
Exactly. Once I was connecting to my VPN in AWS and was totally prepared for 90% of the websites to throw human verification at me. Then a faked cloudflare one almost got me. It was 3AM and my brain was barely functioning. (it didn't work, only because it instructed me to run a PowerShell command and I was on macOS).
Teslas are the worst offenders in my area. I don't own one but I looked up online out of curiosity, and saw many owners complained because they got flashed a lot. Turned out the factory settings for the headlight angle was too high. They went to the menu and adjust the angle down by "2-3 clicks" and they reported never got flashed again.
If your infrastructure can justify the complexity of Kubernetes, keeping up with Kubernetes native software is extremely easy comparing to anything else I have dealt with. I had some horror story managing nginx instances on 3 servers with ansible. To me that's much harder than working with ingress controllers in Kubernetes.
Replacing an ingress controller in Kubernetes is also a well documented practice, with minimum or even zero downtime if you want to.
Generally, if your engineering team can reasonably keep things simple, it's good. However, business needs to grow and infrastructure needs to scale out. Sometimes trying too hard to be simple is, in my experience, how things become unmanageably complex.
I find well-engineered complexity to be much more pleasant to work with.
Apple Business Essentials with AppleCare+ for 3 devices and 200GB iCloud storage is $19.99 per user/mo. That's the same price as AppleCare One alone.