Lego parts are incredibly precise, and the manufacturing tolerances have been consistent for decades. It’s nearly impossible to replicate that precision on any modern printers.
That being said, different parts are more tolerant of wiggle room. Grabbing a stud is hard, grabbing a 2x4 is not. If you were going to print a minifig head, trying to replicate the neck barrel is gonna be tough, but making a larger hole with 2-3 ridges which taper to grip might be easier. If you plan what you’re doing and are realistic about what you can print, it’s definitely not out of the question.
Lego is ABS if I’m correct.
Ok, good news, I re-imaged and after about an hour of tinkering it’s working. (My wife is a doctor who does tele-medicine from home so it was tricky to get a downtime, even riskier if I couldn’t get back to working; usually she works when kids are in bed and that usually my window for these kind of projects). I still have my old config backup; I have a lot of firewall rules and services to put back in (I had redirects for google trying to reach their dns from chromecasts to my pihole, I had a zabbix client pointing to my zabbix server, I had wireguard working and want to see if I can restore existing key exchanges, it was tied to my LDAP server, etc). I really want to compare my old backup with a new one when this is done and see if I can’t figure out what was broken. I want to document that because I found a bunch of people with similar questions that only had incomplete answers:
With this, LAN clients access the WAN, after putting in a port forward WAN clients can access things on the LAN, the firewall can ping both LAN and WAN.
If I go to my LAN interface and set the gateway to “LAN_GW” at 10.99.1.254, everything works (but I can’t ping anything on the LAN from the firewall itself, including the client I’m ssh’d from). If I set that to Auto, all LAN clients lose WAN access.
I’ve got a backup, but I think I’m gonna try to rebuild from scratch :/ I just worry I’m gonna end up in the same spot since I don’t understand how it all got here and don’t know what to avoid.
I’m totally with you…and I have that, which is why I think I’m hitting some sort of bug, or a firewall rule that is somehow breaking this:
I probably need to burn it down and restart, but I need to find a time the family will tolerate an extended outage. I did share some things on the opnsense forum though which might be useful here.
It feels like somehow opnsense is treating LAN like WAN or something? I don’t know the obfuscation feels like it’s hiding things. A “ping -S 10.99.1.40 10.2.2.213” shouldn’t show in the logs with a source of the WAN address, right???
Ok, it’s definitely an issue with the firewall not sending traffic from itself to LAN. It’s weird, it’s passing traffic, but it cannot ping or access anything on the LAN including things on the 99 VLAN (so it’s local VLAN). The DNS requests are for sure failing from the firewall…but they work fine for the rest of the LAN. Any client can get a DNS response from the DNS server on the 2 VLAN, and can access the resulting site.
For now, I’m just excluding the wireguard thing, I think it’s a distraction to the problem that the firewall has some sort of bad routing going on.
I have a diagram, but at this point it’s pretty local to the firewall itself and I think it’s around the gateway/route configuration. I got some advice on the opnsense forum that my static routes are wrong; they say to make a single static route of 10.0.0.0/8 instead of one for each VLAN, turn off “upstream gateway” on the LAN GW (which when I do that I lose all WAN connectivity…which is a concern but I can revert). When I do the cli configuration, and I assign an IP for LAN, it asks if I want to put a gateway; it kind of says “it should be yes for wan, but no for LAN” but if I do no, I can’t access the internet from any clients, and if I do yes, it ticks “upstream gateway” on the lan gateway. Something is awry, but I’m gonna try again after making some static route changes.
Ok, lot to go over. The /16 thing is just history; before I started this, I actually had a full /16 for my whole house as I thought I’d have hundreds of IoT devices one day, and used that third octet as a logical separator. I’ve kind of got that stuck in my head, so when I moved to a 10. system, I made the vlans/subnets the 2nd octet because I have so much IP memory of that third and fourth octet. It’s unnecessary, but tbh I know most of my IP’s by heart, and I went into this trying to drive complexity up a bit to further my learning. I don’t think necessarily changing them to /24 would solve the problem, because the complexity wouldn’t really collapse much. It’s things like the 3 network is for our minecraft servers/services, and 10.3.2.* represents the main one, 10.3.3.* represents the one my son runs, etc. It’s just muscle memory at this point. The L3 stuff is mostly good I think, I’m mostly concerned about the firewall.
I know that opnsense can be the L3 device, but 1) part of my learning in this was to use kind of raw cli switch commands and not some web UI, and 2) I had the original L3 device before adding the opnsense box (I used to have a comcast modem as the upstream from the L3, now the L3 has a 0.0.0.0/0 route to opnsense, and that should upstream to the comcast device). I have a full VM dedicated as my DHCP/DNS device running bind9 and isc-dhcp-server which has been maintained for over 10 years; I’m not looking to offload that to another device and it works flawlessly on the lan (with an IP helper on each vlan).
I am definitely confused how it does gateways. My understanding is, in opnsense, gateways are the part of the route definition, so you define the opnsense gateways to point to the gateways on the L3 device, they’re not on the opnsense box itself. When you add an interface, you select the default gateway for that interface from a dropdown, consisting of the gateways you defined elsewhere. Where I get goofed up and lock myself out is when I change the “upstream” checkbox or mess with the priority. I don’t know how it selects one or the other as “active” either. I’ve iterated on that a lot; the further I get, the more it feels like the obfuscation of opnsense is adding to my complexity rather than reducing it.
It seems the only thing having routing problems are packets essentially originating from an interface on the opnsense; things on the LAN reach the WAN, things on the WAN reach the LAN, but wireguard clients terminating at the opnsense box can’t hit the WAN, and the opnsense box can’t hit the LAN (despite passing traffic).
It’s a lot for the homeland, but I love zabbix
Fair, my home office is a monument to too much free time, a hoarding habit for ewaste, and a wife who works weekends and overnights.
That is a self-made soldering kit box I made when I was in college and had to haul it around a lot. I have actually been meeting to replace it with something more permanent now that I’m a grown up with my own house. I have an air flow soldering rig which doesn’t really have a home, and I could have a much better use of space. I have my brocade ICX6610-24 next to that which I’ve been programming for way too long, and a whole bunch of 3D printer parts on top of that.
I’ve done some of that, recently I have an old putty knife and I will put it right against the crack and just hammer it which will unstick it enough that I can pull it off. Newer drives definitely have weaker magnets than some of my much older ones.
I started collecting in probably 2007, so manufactured before that for sure.
That’s rad, and you did an amazing job keeping them whole. Recently I have been wrapping them in cloth, then the kids form clay around them for various fridge and office magnets.
I am keeping an original craftbot plus alive and printing every day. It could use a replacement, but I know the quirks in and out. I just did all 4 stepper motors last month and it’s printing like new. I don’t like the model of the moving z plate and the clunky enclosure, and I could use more build area, but tinkering with the printer is part of the fun.
Yes. Look here, the plan is per-device, and the capacity is unlimited: https://www.crashplan.com/pricing/ . I think the restore would be extremely painful, it’s not a fast pipe, but the bigger you go that’s gonna be an issue no matter what.
My son (who is 9) was diagnosed with celiac when he didn’t grow from age 2-3 (gluten -> guts make enzyme to digest it -> immune system sees enzyme making cells as invaders -> immune system attacks cells -> intestines swell -> nutrition stops being absorbed). He was effectively starving despite eating. He’s on track now as we have a strict gluten free household, and the fad people have created a market demand which makes companies want to make products that give him options…but a treatment like this would be life changing.
I think discovery seasons 1 and 2 were fine and help as a precursor to snw which is great, but for sure skip discovery seasons 3 and 4
A lab in China synthesized a flake of material that behaves the way a superconductor might under a strong magnet, and a separate lab in China made a flake which showed high resistivity. Neither of those qualify for full validation and point to the fact that synthesis has a lot of unknowns that will require more precise doping methods than we have today. This is likely the start of a research path into doped crystals, a path on which a future discovery WILL lead to better conductors that are easy to make.
I am not a scientist but I have really been trying to understand this breakthrough. My understanding is not that room temperature ambient pressure semiconductors have been created. It is that several simulations back up parts of the discovery that would lead to said semiconductors, in some reviews are showing that some of the crystalline structures do successfully resemble what would be needed for superconductivity in super preliminary experiments on a tiny scale. We aren’t going to have magic superconducting wire yet, this is still very much in the theoretical material science phase. Ultimately, specifics around the way the doping has to work are pretty unproven. At this point it looks like things like electron photon interaction is happening as it would need to happen on a scale relevant to similar crystalline structures. LK99 isn’t yet in physical testing in any other labs yet, and any labs that would publish results already wouldn’t be worth listening to because there hasn’t been enough time for peer review.
Universities have huge endowments and investment portfolios. These are generally broad and in support of keeping the financial backing of the school stable; this is extremely prevalent in the large older universities like Harvard or Columbia (but almost all universities have one in some form or another). They support both students and ongoing academic research.
While many of these portfolios consist of wider funds, many have specific investments in specific companies and industries. That means that the university is invested in, and taking benefit from, areas of industry. The main request is to divest the investment portfolios from companies owned by or supporting entities connected with Israel’s war on Gaza. In some cases this may be possible (move a ton of stock from a defense contractor making weapons sold to Israel to an energy company) and in some cases it may not (they’re invested in a wide market fund that itself invests in specific funds, but you can’t easily cherry-pick which stocks are actually in it). It’s also possible that there are research grants funded through companies who the students want to apply negative pressure to; cancelling a grant sends a message to the company, but also leaves entire teams and time-dependent science without funding, potentially ending it outright unless alternate funding can be found. There also may be contracts involved for specific research and engagements, and breaking a contract is more complicated than just ripping it up (especially if there are early termination policies outlined).
Realistically, the best students can hope for is a commitment to investigate and divest where possible, which is frustrating but also makes sense. I’ve worked in higher education for 20 years and have seen this on a smaller scale around defense contractors during the wars in Afghanistan and Iraq. The endowment is a slow moving leviathan, but I think it’s a good place for the students to apply pressure.