Complete Tailscale Guide; Setup, Deployment, and Hardening

The Complete Tailscale Guide:
Setup, Deployment, and Hardening

If you've ever wrestled with port forwarding, dynamic DNS, or a clunky traditional VPN just to reach a device at home or a server at work, Tailscale is about to change your life. It creates a private mesh network (called a tailnet) across all your devices, wherever they are, with no open ports and no complex firewall rules. It just works.

This guide covers everything: creating and securing your account, installing Tailscale on Windows, Linux, virtual machines, and Docker containers, and hardening your tailnet so it's both maximally secure and actually pleasant to use.

Unifi Cloud Gateway WAN2 Failover Setup

Here is a complete, step-by-step guide for setting up a dual-WAN failover on a UniFi Cloud Gateway (UCG) Max or Ultra network controller!

Your Router Might Be Lying to You:
The Quiet Rise of DNS Hijacking

Over the last six months, I've been seeing more and more DNS hijack infections on routers, switches, and servers. It's a genuinely clever tactic, and it's worth understanding why: the attacker only needs to briefly gain access and very lightly maintain it. Once they've rerouted your DNS to a server they control, they can quietly sit in the middle of your traffic and analyze your traffic packets, harvest credentials, the works.

This isn't theoretical, and it isn't rare. 

My own server and three customer servers have been hit by this class of attack in the last 3 months. I'm writing this to bring some attention to what's going on, explain how these attacks actually work, and (most importantly) show you how to defend your equipment and check whether it's already been hit, without needing to be a network engineer.

Cybersecurity & IT/Networking Apps - iOS

Cybersecurity, Networking & IT Related Apps; That I Actually Use (*For iOS)

I recently put together a list of the Android apps that have actually earned a spot on my phone after 20+ years running Pacific Northwest Computers. I got enough questions about "what about iPhone?" that it's worth doing a proper companion piece.

Cybersecurity & IT/Networking Apps - Android

Cybersecurity, Networking & IT Related Apps; That I Actually Use (*For Android)

After 20+ years running Pacific Northwest Computers, I've installed, uninstalled, and re-installed a lot of "must have" Android apps. Most of what gets marketed as a "hacker toolkit" on the Play Store is either abandoned, repackaged, or outright malicious. So I figured I'd share the apps that have actually earned a spot on my phone for use all of the time, or just if/as needed. Nonetheless, these are the ones I can and do reach for during client visits, network troubleshooting, and security work.

This isn't a sponsored list. 

These are the tools I use, or have used.

Deploy Nextcloud on TrueNAS SCALE; Behind NPMplus SSL Proxy

 

Deploy Nextcloud on TrueNAS SCALE

Behind a NPMplus SSL Proxy

Nextcloud is consistently one of the most-installed apps on TrueNAS SCALE, but the official app catalog ships with a few defaults and quirks that can send a fresh install sideways; especially if you're putting it behind a reverse proxy like NPMplus. The good news is that once you know which boxes to tick (and which to leave alone), the whole stack comes up clean and stays up.

This guide walks through the exact sequence I used to deploy Nextcloud on TrueNAS SCALE Community Edition with NPMplus handling SSL and reverse proxying, with all the working settings with no detours, no "try this and see if it works" steps, and no recovery sections you'll only need if something breaks.

Project N.O.M.A.D.: Your Offline AI Survival Kit

 

Project N.O.M.A.D.: Your Offline AI Survival Kit (And How to Actually Get It Running)

If you've been following the homelab and self-hosted AI scene, you've probably heard of Project N.O.M.A.D. which is short for Networked Offline Machine for Autonomous Data. It's an impressive all-in-one offline-first AI platform built by Crosstalk Solutions, designed to give you a full AI assistant, knowledge base, and document processing engine that works even when the internet doesn't. Think Wikipedia mirrors, Stack Exchange snapshots, medical references, and a fully local LLM; all in a Docker stack you run on your own hardware.

This post covers what NOMAD is, how to install it, how to get it behind a reverse proxy with authentication, and (for those of you with AMD Ryzen mini PCs) how to unlock GPU acceleration so your AI assistant actually runs at a useful speed.

The Fragile State of Modern Tech:

Where Accountability Goes to Die

So... I need to rant about a few things.

Technology today is the most powerful and accessible it has ever been... and yet somehow, also the most unreliable I can remember. We have more computing power, more tools, and more connectivity than ever, yet reliability and accountability feel like they are going backwards. 

At some point, “good enough” stopped being good enough.

We’ve reached a stage where almost everything is “easy” to use on the surface, but underneath, it’s held together with layers of complexity that break in ways that don't make sense anymore. Updates fix one thing and quietly break three others. Features get pushed out half-baked. 

Stability has become an afterthought.

How To Setup a Desktop PC as a Server

Desktop PC as a Server:

The Ultimate Setup Guide (Windows 10/11)

Applies to: Windows 10 Pro / Windows 11 Pro (22H2 and later)

The purpose of this guide is to help folks with configuring a standard desktop computer to reliably serve files, printers, and business applications (QuickBooks, Sage, etc.) without downtime or performance lag.

UniFi Console Migration Guide:

Dream Machine Upgrade or Migration: Including Cloud Account Claiming, Cellular WAN Failover, SSH Credential Capture & Orphaned Device Recovery

This guide covers migrating all adopted UniFi devices (APs, switches, cameras) from a Dream Machine (UDM) to a Dream Machine Pro (UDM-Pro) with minimal disruption. It assumes you are replacing the UDM entirely and the UDM-Pro will take the same network role.

This guide has been updated with real-world field experience from an actual UDM → UDM-Pro migration, including the cloud account claiming procedure, Mesh AP tweaks required post-restore, and cellular WAN failover configuration using a designated LAN port as WAN3.