 And welcome to the homelab show episode 43 questions and answers We have those questions that you sent in we're gonna be reading and we're going to be then taking some from the live stream here And pull them out way like doing these episodes. We really missed the mark though We have somehow not aligned things properly because the Q&A episode should have been episode 42 anyone Yes, it's like yeah, we certainly missed an opportunity so 142 is gonna be the Q&A episode. We're just letting you know ahead of time There's got to be some significant numbers in between but we'll do some play on words or something with but Before we dive into those details Let the think-as-ponsor show and that is Linode and it's funny because before this B&G we Got a renewal from Renaud Linode for this year, which actually Behind the scenes, you know, we actually said we've already started using it for the first few episodes of January So we're really happy they said they they'd renew because they actually weren't obligated to for January They are gonna keep sponsoring the show. So you should check out the note many of the projects We talk about in here can be hosted on Linode server There's just so many different things that you may not want to use your public IP address for which I think may come up At least in one of the Q&As on here about VPNs But with that being said, where would you host it? But you want to maintain control over it alone is a great answer that they've been a sponsor shows at the very beginning if you're downloading this podcast or clicking on the RSS feed the site that the Podcasts is hosted on and the download files come from is still on Linode That's been great. They've been a solid service. They've increased the bandwidth to accommodate the number of downloads and that she That's an impressive number. Me and Jay been really excited. A lot of you don't always use a Federated podcast to have some of you are old school and I can really appreciate that you just download it directly from our site And that is all facilitated through Linode if you would like to get started with the node the sponsorship is for the sponsor It's little comm slash home lab show. I want to make sure that's in there It's in the links down below But just so you know to use our offer code because that's always what you know Let's them know that they should keep renewing their support for this show and you know keep keep funding me and Jay for talking About all this fun stuff. All right Ooh someone suggested make episode 47 trek themed About an idea. Yeah, there's always there's always opportunities there. All right Where is the first question we want to start with here? I think it was a low the low low wattage what I believe was the first one, right Jay? I think so Let me go ahead and see because I know that's something that we kind of talked about but You know, it's it's kind of like a thing, you know, it keeps coming up because it's a very big concern for a lot of people so My understanding is that the individual that wrote in is looking for something. That's Not power hungry, but has a decent number of cores Electric usage can be very expensive in some areas depending on where you live So that's a very important thing to consider something that I wish I considered when I just Impulsively bought a stack of servers in Ohio some time ago I would say I don't remember the model number, but there's a Dell precision workstation tower that is pretty reasonable and Those really do make good servers it I can't I wish I knew the model number, but just have a look on On eBay, even though many of them come with an Nvidia GPU that you probably won't use unless you actually are using something GPU accelerated You could go that direction otherwise Outside of that you could always look at I believe was lab gopher is a good one And then there's the L series eons that are low power usage as well So if you see that on eBay for example, or wherever you get used to servers from if there's an L series here Zeon that could also help save some power Yeah, and it's one of the reasons the raspberry pi stuff is so popular Is it allows you a lot of the learning flexibility, especially if you go? Hey I'd like to play with multiple systems because I want to get into orchestration and things like that And raspberry pi's are a great solution because you can become very efficient or a low wattage single board the other Questioning asks in there and there is a pretty fair assessment The new Ryzen's give you a really good total cost of ownership for watts per dollar and you can check in even xcp and g They have some modifications. They've made in the last year to be more compatible with the more modern The consumer not happen to go all the way to their epic because the epics have a different cost problem of their expenses I mean don't get right on if it's within your budget, but we know V&J are very aware. This is the homelab show not the I can afford a brand new epic processor show Those are fun to play with we do try to It's very accessible for a lot of our audience and yeah So I wouldn't shy away from Ryzen. That was one of the other questions they had in there So don't shy away from it really you'll find Linux supports pretty good for it The xcp and g and I don't believe proxmox has any problems with it being based on Debbie and it should work perfectly fine as well Yeah, I'm less Knowledge on how well it's supported in vmware, but I'll actually say I'm gonna guess and assume vmware supports it as well Yeah, and another thing I mean going along with what you said about cost notice that I didn't even recommend the servers that I built into the video for because Those are relatively expensive the super microboards that are like a system on chip Xeon or Intel atom They'll save a lot of power like my Proxmox nodes each use like 50 watts or something like that So but the problem is the board is expensive and then add COVID tax on top of that And it's probably not to be a cost efficient way to go But if you have money burning a hole in your pocket, maybe that could be something to consider Yeah, and me and jave talked a few times you can do things like wake on land to shut down things that you're not needed I mean there's once you start thinking about your off hours if you have a day job where you're not using any servers They don't need to be accessible It's not too outlandish to think about just shutting things off during times of non-use or when you're just not worried about it That can really you know that cuts it'll start saving dramatically on your power budget for that So those are definitely it may and matter of fact that becomes a fun orchestration project. Do you need all these VMs? Can you just set a thing that powers off the VMs? Maybe you leave the VM server up and running, but you'll actually watch the wattage You should go down as you power down VMs I've looked at this even with our servers going do we really need all this lab stuff running it? We're not using at the moment because I know it's like a future project I'll just pause it all you can actually see when I pause it because you're like Hey, look, there's a little less wattage being used and that scales because it's also less wattage Used on the storage server because the hard drive is not grinding as much and things like that. So. Oh, yeah Yeah, all that stuff definitely ends up It's a cumulative process because Jay Jay's taken to the next level of course with his set up at home You know so many watts each room in his house uses. I wonder um, but you know the power bill for me I think last time I looked at it was like $400. It was like crazy and That's with you know power savings and shutting things down So I have a bit of a mystery to solve here because that's a that's too much. There's nothing here that I think makes that makes sense and That's the home assistant that Jay is using for that along with if you get a home assistant that's the place where you can have all the information consolidated then it's up to you and By the way as Jay mentioned, there's gonna be some part shortages on finding some of these But if you hunt around you can you find what's in stock look up compatibility a lot of different plugs that do plug in the home Assistant do offer wattage information They're actually and it's kind of really nice interface for keeping an eye on the wattage as well We actually have some heavier duty ones that we got off of Amazon here at the office and we have our my office is In an effort to make it more energy efficient I should say we use zone heating and what that means is we actually have just space heaters But they're also on toggles that were designed to handle that many watts and it cumulatively lets me know which zone is using Which wattage to maintain the temperature and we can maintain it and of course for safety reasons We're able to shut them all off via The app but there there's some devices like that so you can really drill down in different areas how many watts you're using Yep So they're called the the ones we're using just so I want I look the name up of them z o o z zoos z wave power plus switch Zen 15 So those are yeah z o o z. They actually have a unique enough name. You could probably find these The first thing all that five times fast. Yeah, and when I build my new studio, which will be done soon I'll be talking about that because I thought I will be using home assistant We'll set it up from scratch at my office. So I'll probably cover some of that because I'm putting some of these same plugs and switches in I'm less worried about wattage all the way around and my thing But I just want to be able to control things but it's a bonus that you could also get wattage information on these I mean, I worry about it. I don't like just throwing money out the door I don't you know, I did buy stock in the lecture company, but It's a different topic. Yeah, maybe my power usage is helping you out then it is man. That's uh, yeah It was my grandpa's old joke. He leaves the lights out. What are you on stock in a power company? Well grandpa now I do All right, um You addressed this before j and it was the question of uh The rss feeds I Besides The problem is the project you like doesn't have the best developer community like the the tool itself works, but the developer Um, maybe is less than pleasant Yeah, that's why I was hesitant to recommend it tiny tiny rss is what I use and You know, I've been setting up uh web apps and things for quite a while and um It's been fine. I mean, I have a lot of experience with that So I don't need to ask for help as much as you know, some intermediate or beginner Users might but their forums. Um, I haven't checked it in a while disclaimer I probably need to go back and see if this is still the case Their uh community was very toxic So I I just really don't want to recommend something then have people post messages in their forums And then get totally flamed by the owners. Um, which is just weird So I haven't found a replacement solution I use it just because I don't even need to communicate with anyone It just works and I think I ran into some problems But I was able to get through it and get it fixed But um, that tiny tiny rss can be a good recommendation there if um, you know with that disclaimer I just mentioned if there's like a replacement or some other direction to go then an episode of our rss might actually happen But we have to have uh, you know some structure and something to use for that So, um, we'll see if that can happen or not. I yeah, I used to use I'm pretty sure I used to use was it thunderbird for rss, doesn't it? It still has a built in don't they? I think so Yeah, it's been a long time. I don't aggregate it like I used to and maybe I should go back to it I you know went from rss Combined with slash dot for my news and then moved over to I really if you curate reddit and maybe I'll make some curated reddit lists I have of what what forums I follow but red it's always with a grain of salt because you know reddit our system in Sometimes is really valuable information about something But many times is I don't like my job. Here's a long rant up voted to the top And I don't know if that's always something It's a distraction not a good read but sometimes people will post some really good information about System in work or troubleshooting they found or discussions around technical topics that I find interesting um, I don't know there's there's a Back and forth back not to get too off topic that rss But there's different ways to aggregate your news information together Because it's it's a lot. There's so much out there trying to focus it down to what's relevant to my interest Is actually very challenging because somewhere inserted in between is the time sinks that are Fluff articles that get stuff that I don't they're gonna be much valuable Yeah And for clarification, you know, I used to use thunderbird as well for the same reason and that does work pretty well You could just add your rss feeds in there and get those messages and get those articles But my problem with it was like, you know, I'm switching back and forth between laptop desktop So it's like did I read that article on my laptop on my desktop? And then it gets very confusing but with um, tiny tiny rss. What that is is a central Um aggregator that you can connect to and there's all kinds of different clients So that way if you read the article on one device, it's read on all the other ones too So that way it doesn't get to be confusing or anything So that's the value of having like a central rss feed and then I'll I figured out And I have to go back and write down these steps There's a way to actually add youtube videos to an rss feed. So that way your favorite youtubers you could just like have their video show up there and It's not easy to do because it's almost like they they have the feature hidden completely on youtube And and I had to do some kind of url trickery to find the actual url to use for the feeds It wasn't really the most pleasant thing I've ever done So if we do any content about that, maybe I'll write down the steps so that way If anyone wants to do the same thing I do then you can go ahead and do that Yeah, so that's um That's I'd be an interesting one I'd be interested as I've never thought about doing the youtube feeds because the youtube subscription system is As a as a consumer of some youtube content. It's kind of garbage as a creator. It's really garbage It'll give us great tools to help Distribute what you know, you want to see um, that's what's been a challenge It youtube's still the as many flaws as it has though One of the reasons we publish on youtube is still one of the best platform for it That doesn't mean we think it's perfect at all right We'll all address that are certainly issues with it But if we can find tools to help make it better for you and it would also make it better for us too Yeah, the we should come out out with the suck less youtube package with all the tweaks and well I mean I joke around but yeah youtube is just as frustrating for me as it is for other people. Believe me. Yeah um Question j should we mention the suggestion for april fools? Or should we just wait and make that an april fools episode? Uh, yeah, we shouldn't I'm not saying we're going to go with the one that we have here, but um You know, I I don't know why I love april fools If you have been on my channel, you've probably seen that I always come out with or at least I tried to anyway Um an april fools video. I did a review of the best linux distribution ever One year than the next year. I um had mycroft Review devian, which was a lot of fun too. So As far as this podcast is concerned, um, maybe we'll come up with something fun and Or maybe we won't well, I guess we'll find out And and you we'll play on it. We'll do some fun play on stuff with this But uh, if you want to suggest the maker fools So we actually I like this idea of people suggesting it because maybe there's definitely ideas we don't have We're always leaning leaning towards our audience for hey, why not that might be fun. Um, you hit us up Go do the home lab dot show. We have a feedback form. You can fill out and send us feedback We don't force you to put give us your email address or anything like that But we we enjoy some of those ideas if you have some april fools ideas Throw them at us me and jay at least want to laugh although we do or not it's going to be a complete mystery You'll find out after april first Or maybe the april fools joke will be to find an april fools joke, but there isn't one nah All right Now if you want to get started in ha for your infrastructure, where do you start pf sense piehole? Um, or is that just a vice overkill? so The pf sense ha done a couple videos on it one of the really cool things to me is how Accessible it is on pf sense. Uh, I have a video. I did using There are more basic neck eight routers, but you don't have to use anything by neck eight to do this You can take really any two matching systems some older pair of inexpensive stuff and get started on it Do I think you ever need it in your home lab? Probably not it's it's not something that most people need Generally speaking if you get especially if you go with one of the let's say the neck eight devices or even one of those Protect telly your solid state type devices where there's no moving parts You're talking about a pretty reliable computer that generally doesn't have too many failures It's also quick to replace pf sense you back up the xml file You reload it you grab the xml file and put it on there and it's all restored and back up and running So it's not like it takes hours and hours to rebuild it But from a learning side of it building ha is actually pretty awesome And there are ways you can build ha and pf sense On the land side even without having all the extra requirements of the wanside static ip is kind of a Messy way to do it on the wanside So usually you just live because if your isp is only providing you a single ip You're not going to be able to share that single ip easily Between two pf senses. So you kind of lose the way and fail over There's a way to do it by setting up private ip's and a lot of funky networking that would be way out of scope There's a write up someone has in the forums on how to do it Over in the netgate forums if you google like how to do pf sense when without multiple ip's and ha you'll find it But the land side because it's all building private ip's that gives you a massive opportunity to create private ip's VIP ip's understand how ip's sharing between ha devices go So I think it's a fun project because it's pretty well documented And I got videos on it as well that's based on the pf sense documentation I think it's a great dive into ha Not because it's pf sense But because it teaches you how a high availability switch might work or a high availability networking gear That's a good opportunity because this is almost Very very similar to the way a commercial true nas by ix systems ha dual motherboard system works by sharing the ip addresses The concepts you'll learn inside of it of how you can share an ip address between multiple devices There are two physical devices with one ip and who holds that ip and the methodologies if you dive into The methodologies they use to determine who is the owner of the ip But how even the states that are going through it the failover can be done transparently and move between the devices great learning opportunity and network engineering of ha of It's like a head scratching moment of I didn't know you could do that And I think it's a great place to learn because it's not a It's not a super difficult task to do and you can even set up ha in vms You can build it out like that and of course if you're double netting You can actually build an ha system for failover with double net because you're using private ip on wan private ip on land But as a demo of how it did and that's actually how I set my demos up was using a series of Just private ip addresses So I think it's a great place to start when you want to dive into The concepts of how things work in ha And if you expand it out because the person in the question asked about pfc specifically, but you can also expand this out to I've got videos on how ha clustering works in xcpng. Have you covered that in proxmox? Some of the ha stuff at at all j Um, yeah in the proxmox series there it's pretty much covered There's uh, you could set up a cluster. I show the process and then high availability as well So if that's something that anyone is interested in they could check out the proxmox series It's toward the end of the series, but it is covered Yeah, so plenty of things you can dive into there. So it's definitely Really just I think a great learning experience is one of my my big things of it because it teaches you some advanced level networking The concept scale to the way sysco does it. It's going to be slightly different implemented in sysco But it works It's the same concept and I believe palo alto and pf sense because they're both bsd base used I'm not set up palo altos in ha mode But I believe they use the same principles for their setup So once again, it's very translatable if you pivot into these That's a lot of the basis when me and jay talk about these things We love the fact that a lot of home lab stuff and we try to relate this because Home lab maybe that's the only place you want to be and that's fine because it's your hobby and tinkering But I know there's a very large portion of this audience It goes this is where I want to start But I really would love a career hanging out in the data center or something So I love when these skills are very translatable back and forth like that So that's my that's my thoughts pf sense is a great place to start There's a lot of learning opportunity in there And I'm going to add a few notes to this and I think that it kind of transition Excuse me. We'll transition us right into the next question. Um, it's actually kind of crazy how well this is going to work so um So I I totally understand high availability and setting it up in your home lab and like you were saying If this is a learning opportunity for you and you want to learn how this works And that's an awesome reason to do that But I would suggest backup spear priority first before you get to that point And then you can start getting into high availability. Uh, for example with pf sense what I've done in the past Yes, you can export the settings and it's really easy to restore those settings But you can also clone zilla your pf sense box Assuming of course that um, you know, you're on a device you could boot from usb I don't see why you wouldn't be and that you can get you know Get some sort of display because some of the integrated devices won't even have an hdmi port Is it pronounced product telly? Um because I'm using that telly I'm positive. I'm saying it wrong what people figure it out Okay, one using that too. So I'll say it wrong along with you Protectly, I think is actually I think I add extra letters in there. Protectly. I think it's how But um, you know that one the one that I have has an hdmi port on there Or is the vga one of the two anyway, I just hooked up a display booted off a usb key with clone zilla Had another usb key in there and just dumped the hard drive right to the usb key And that's it. Um, so that way you have that backup high availability is nice But if everything comes crashing down, how do you get your settings back? And that's something that you can consider like with pie hole You know the individual mentioned that I mean just take a backup of the sd card is probably the easiest way to do it So high availability like I said in my opinion should be after backups backups are a very important thing And speaking of which our next question actually goes through that or wants to know about that Where someone is asking us of how we do it. So, uh, tom, how do you do it? I use syncing to real time backup the things that are important to me because Real-time backups are the most important because I don't want to lose anything that I did at any given moment But I don't back up my system and some people are like, what you don't back it up And jay is gonna explain a little better But jay has one of the most beautiful you've done ones mine are way way rougher I'm on the far side my goal is to achieve what jay has done But don't worry jay did a video on this so you can help you can he can set you on the path Which is having deployment scripts and linux allows in for those of you that work in the more advanced Windows world there is a windows deployment server and if you get really clever at it Yes, you can get this working in in windows as well I don't know how accessible that is when you don't have a windows deployment Back to the linux topic the more exciting one to me because I do run linux As my daily driver on all my systems you can build out of scripts And this is the ideal way you build servers servers should be ephemeral the data is what's important But the server itself should be like hey, I don't know why it broke I'm gonna rebuild it really quick and reattach it to the data store Once you get your deploy scripts and if you build everything like that jay has taken a better approach And I'm slowly because once you've built that the other way Which is I would say the wrong way but this way I've been doing it for so long If you start by how can I build this as an automated tool? Then that creates a way that if a server ever dies, you can just rebuild it So instead of setting down to configure a server and set it up from scratch You go through and build tools or use build tools such as ansible to go through and set all the parameters to Define everything through automation so you could repeatably do it with the script as opposed to doing it by hand So you take any of the configurations and variables that you did and that you changed and figured out how to insert them into your ansible script And that's what jay has done. So when jay has a base load You know apt get install ansible is about the only thing he does after he loads and then ansible says What's this thing missing? What's its role and take it from there jay? Well, actually, you don't even have to apt install ansible with mine Oh, damn it. Well, I got it. Um automated even more than that. So I'm rolling Um, correct. So, okay, I'm going I'm going to go over my setup with the disclaimer that it's way over architected and I don't That's what we're here for Yeah, exactly I don't expect anyone to be at this level and I'm not recommending you should but if you are Into automation and that's something that you enjoy doing as I do then you might want to consider this but Um, it took a long time So basically I have ansible setup in ansible pull mode, which means that there's no Um central server the problem I have with the central server and the way ansible normally works is that You have a list of hosts and via ssh It'll connect each of those hosts and configure them But in my case, I have servers and workstations workstations can be a desktop laptop servers could be cloud or physical doesn't matter Um servers a lot of them are always on some of them are off my laptop is only on when I'm using it So with an ansible server, I get a bunch of errors. It can't reach my laptop. I know it's in my bag It's it's in suspend. Of course. It can't reach it So I don't want to see those errors because sometimes things are unreachable Especially in the middle of the night when I turn some things off So ansible pull mode what that allows you to do is pull a git repository and run it local host So the machine via cron will just anytime it it's up. We'll just pull the um get repository There's a flag where it says check if there's changes and only run if there's changes So that way, you know ansible isn't like repeatedly running But when you commit a change then it's flagged as having a new commit and then ansible pull will say Oh, that there's some there's some changes there. I need to pull that down and run it And that way, you know, you'll never see errors like that and then I went another level and Set up a web server that's local LAN only you can't reach this from the outside But if you're on my network, you could just run curl deploy slash bootstrap and pipe to pseudobash and that's it Um, it if it's a server it gets the server profile if it's a laptop desktop it gets the appropriate thing Um, and I've automated it such that the I could actually install the boon too minimal Which is just the command line or debian. Um, just the command line It'll build it up to gnome and set up my wallpaper My gnome settings if it's a desktop everything every app every flat pack is installed If it's a server it gets all that So it's just like this really intense thing that I created But then again, it's like, you know If automation is not your thing then that may or may not be where you want to go Um, I would say the most important thing to do is to just list the most important things that Or maybe the hardest to set up things like if you were to lose x And it was like the worst thought ever like if you lose this thing and if it doesn't start up anymore It's just going to be a lot of work Or a lot of damage if you lose files like that's where your focus is and then just order them that way And there's a lot of clever tricks you can use sometimes when it comes to things like this. So I'll give you an example um, one of my servers actually, um Got some sort of uh malware on that. I mean, I'm believe it or not I'm not perfect, right? So even I am going to run into the situation sometimes where There's a security vulnerability and I don't I don't patch it fast enough or something like that But I it normally would just, you know wipe the whole server and start it over automation scripts will allow me to do that, but I also had the bar ww html folder under version control It was not uploaded anywhere. So it wasn't like a git repository that you'll find on github. It's a local repository So I just did git, you know Check out And boom everything was right back to the way it was before the person or whoever it was got in there and put Mailware on there and then I patched the server and I was fine. It took me all of a minute now Of course, you could probably get your git repository infected too. There is that But if you put your mind together you can come up with some really interesting ways to deal with this and not only that You could um use kubernetes. For example, I have videos on a raspberry pi kubernetes cluster that you could build It's not, you know, too expensive But right now, I mean we can't even get raspberry pi. So um, you know, take this with a grain of salt But with kubernetes, you can actually have the um deployment scripts or the um docker files so that way if your App breaks you could just you know instantly recreate the exact same container And if you have the storage the stateful storage for the containers on something like true nas Then all it needs to do is connect to a data store and you don't lose anything Then you have your data store actually versioned. So if something happens to that you could just revert it back um When it comes to actual backups, I use sync thing as well I have a central sync thing server all of my machines that they don't sync to each other They sync to the server so you can think of it like a star topology So my laptop I update a note file or whatever it syncs to the sync thing server And then the other nodes will connect to it see that the file changed and get the change So in order for me to lose data, then I think like six or seven machines would have to die at the same time um And even then my sync thing is actually backed up to um backblaze b2 So even if that does happen and you know, I'm completely wiped out I still have my data there and I also have like some other places. I store things too. So um I would think I would think of it in terms of like Like how much work would it be to set up your server again? And if you're going to set up a new server at least write down the steps and the commands that you use to do it Because those commands could actually serve as the framework for automation later on so Um, I have all kinds of tips I can I could just keep going and going But I think I'll leave you guys with that as a starting point and maybe that'll uh, generate some new questions Yeah, and I think one of the questions that was in here You have an ansible playlist. So if people want to learn ansible you have you have a kubernetes playlist or just some kubernetes videos I don't yet. Um, there's a there's an announcement that is coming. That's really awesome. I just Wish I could say what what it is. Um, the kubernetes videos are on a temporary hold. I'm thinking maybe spring or summer I'll hopefully get back into that. So but there are um, there's a few other people you can find some kubernetes videos for there's definitely, um We we have content between Mostly when it comes to the dev the linux dev op stuff j scott some solid playlists you go to learn linux.tv They're already grouped and organized for you So you can get started with some of these tools We've got a pretty you got a pretty good library on that on your channel for that Um, I believe you have some write-ups kind of accompanying some of them as well, right? Yep. Yes, I do and I'll be posting a message looking for volunteers to help improve the documentation too But for clarification, I do have the video for you know kubernetes on a raspberry pi Yeah, um, but as far as like a um into like an individual tutorial series multi episode for kubernetes That's what I'm going to be developing in the future But right now if you have some raspberry pies lying around and you want to set up a cluster Yeah, have videos for that already that you could benefit from And if you use like a nas you could have an nfs mount to the back end storage for your container So that way containers are truly disposable as they should be yep um The next question and this is this is one that I have a really simple answer for number 79 here Yeah, so someone said you know Do we agree if you could cover the best way of optimizing memory cpu and vm containers on proxmox along with the setting a swap Etc. I would make everything as efficient as possible And I've seen this post I think was in the psense forum But it's not the first time I've ever seen this but I believe in this a lot now There's going to be exceptions to this but if there are better defaults We would make them the defaults and I've seen more than one developers say that There's a reason a lot of things are defaulted the way they are In a lot of it has to do with optimization now you go back years ago Yes, we always knew especially anyone in the overclockers world was going to go But tom you can always squeeze a little more out of a processor Especially the early days you can actually squeeze a lot more because they were Underclocked almost, you know, so we get it. There's a lot of optimization But here in 2022 a lot of these companies in proxmox and hypervisors Especially that's a lot of what these optimizations are are that they release the updates They release are to create better efficiencies in a way the kernel handles different swapping of things It's it's not to say there's not best practices for setup of them But as far as kernel tuning and things like that that's been done by the developers to Create a stable environment a very solid environment That's not going to randomly crash on you back to you know, basically stable environment here But it's also if there was a better way to do it They would flip that switch and tune that kernel and turn those knobs and make it that way So you actually don't have to do too much out of the box of setting these up now The next thing that may come in is of course general practice and Maybe I don't want to assume too much because for your new virtualization But don't over per vision. So if you have 32 cores available, don't assign 32 cores to every single vm You are now creating you can over provision the number of cores the system scheduler will figure it out But you can have some conflicts where there's so much context switching you end up Slowing down the machine because this machine said I want to use 32 cores now and no one else is doing it So no problem But when a few machines go I also would like to use all 32 cores the system will actually accommodate for it It's not going to cause it to crash But you end up with a context switching so you've now created some inefficiencies And most of the time you just only need to assign as many cores as needed but no more to those systems It's okay to be over provisioned a little bit But that's really getting down to your workload and outside of the original question of what's the most efficient way Because a lot of people are just looking for what knobs to turn What is an extra parameter on there? And I even go back to you know, I this came up because Someone posted. Um, I don't know if anyone I'll I'll describe it visually and I'll just look at the comments See if anyone gets a joke someone posted a sock with a trumpet on it And I got the joke right away and it says some you know, and I was like I'm old enough to completely understand this And cut a little bit where I was going with this is in the early days of tech You had to adjust your mtu set mtu settings when you did dial up So you could have better frame alignment for the way the dial of isps because they didn't take the time They connected to the internet, but they didn't optimize it. So Granted you go back into history tons of tuning that constantly Had to be done here I Yes, I know jumble frames are a thing when you're optimizing network under certain conditions But for the most part because window actually did talk about uh, uh, there's some optimizations and frames to line up for storage She is a I have to remember what video we talked about that and I thought was a clever thing But for the most part a lot of the stuff out of the box is pretty much optimized and I've joked around Some of the consulting work we do is setting things back to default because people thought they could retune the system and Whoo Just they they made so many things work worse because they Turned all the knobs checked all the boxes Added a lot of parameters. I'm like, I don't know where you googled that But right we're gonna take that back out Exactly. I I completely agree. You know, it's not like We have as much competition in open source. It's it's not like, you know Hyper v versus vmware Where you know, but it's it's kind of the same because you know what even in the commercial packages No one no one wants to use it if it sucks So if it's slower than the competition then people are going to go to the competition now an open source again It's not as much competition Sometimes not at all But they still don't want their solution to suck So if there's a flag that they can enable that's going to boost performance, they absolutely will enable that flag. However There are some Situations like you were saying where you can increase the performance. I do understand some people are running, you know Off a server that's like 20 years old because you know, we can always afford something new And you really do want to stretch that as far as as far as you can go But like you said, defaults are there to be the best that they can be Now if you do want to get it to go faster, which you can do there's going to be trade-offs For example, if there's a feature that you're not using and you never plan to use it You can probably disable it and that might make it a little bit faster. You could do things such as You know setting up the OS Basically, you know, like the proxmox installation itself to run off like an NVMe and then oh my god It just flies when you go to the webinar phase. It's just, you know, fantastic But not everybody has the port for that, right? So I can't say oh, yeah, everyone should use NVMe Well, yeah, if you can afford it and if you have it And then there's other things you can tune that will Increase performance but at the expense of something else. So it's a trade-off The other thing I would recommend though is to pay attention to your hypervisor settings for like hard drive type network hard type things like that because You'll read in the documentation This is especially true with proxmox that for different operating systems They might recommend a different storage type or a different network card type As long as you follow that and it's not going to be more than like two or three different things to change Then you should probably have a good Experience and also look into memory ballooning as well. Don't go crazy with that. It's a complex topic But I would recommend at least reading about it knowing what it is. Aside from that There's really not a whole lot you can do it, you know, they pretty much do it for you Yep Next one just a comment I'll have because it kind of this definitely goes out of the home lab with the person's looking for What would you recommend as a network storage solution? It has high throughput 3 gigs plus great small file operation and hardware fault tolerance and Yes, I've reviewed some of the trunas systems that have dual active active motherboards They're we we've installed some of these for some very large High demanding environments But you're talking about, you know a system that costs you around 80 90 thousand dollars. It's not a software recommendation It's a combination of software hardware Recommendation to create something fault tolerant that works with, you know The 100 gig networking and everything else the trunas and ix systems can build those I've seen that question come in here. So I thought they're all an answer But I think that feels like it's going a little out of scope of home lab I mean cool if you can put those in your home lab, but uh Doubt that you have those in your home lab sounds like more of an enterprise question Which is probably better asked in my forums or more specifically in the trunas forums They have build opportunities for things like that. So I just want to mention it because it's in the questions But um, that's my thoughts on it. Hey, and we all love playing with that hardware. Don't get me wrong so Yeah, it's fun to get hand me down hardware that at one point was super expensive and out of reach for us and then You know, it becomes really easy to find really cheap on ebay like 10 gig ethernet For example buying that new at one point. Oh my god. That was a lot of money But now it's like you can get a was it like 60 70 dollars for a 10 gig ethernet card when they used to be a lot more money um You just buy them used and I mean you have all kinds of videos on your channel for that. So i'm not gonna um Steal that away, but you know, there's there's a lot of content out there on your channel for um, You know 10 gig and things like that if someone wants to go that direction Yep um, I think the next question about the hacker is interesting so Yep I so as a as hackers focus more on linux They uh, what can showed linux users do to protect their systems? um It's not that they're focusing more on linux. It's the it's the old adage when they ask, um I forgot the guy's name. He was a famous pink robber, but they asked them. Why do you rob banks? He says well, that's where the money's at It's a really obvious answer and because If they can't it's the lowest hanging fruit and actually someone pointed out something I found hysterical the security obscurity Actually works pretty well here in 2022 because you don't have to You know outrun the bear you just have to outrun a hungry bear and there's so much the bear can feed on right now So there's if you're using linux, you're statistically less likely because where's the money at? Well, not the homelabber running linux. You can only get so much money out of that person But there's and there's so many like when the recent vmware things I'm like who's publicly exposing their vmware infrastructure because this is expensive high-end vmware infrastructure and a quick showdown list said six thousand businesses and I'm like You don't worry until someone hits all six thousands of these businesses will log for j then they're gonna go after you So your your little obscure thing is lower on the list, but let's be more realistic about it The reality is with linux there's it you have to think about where your threat surface is and are things publicly exposed Like j mentioned earlier with wordpress wordpress is public basing therefore flaws in wordpress Being that is one of the I think at one point. I think wordpress brags to have like 70 percent of The website market roughly is built on wordpress and I believe it it's built on for any business even my company We run on wordpress most of the small businesses we deal with are running on wordpress The only exceptions are when people use it Well, those like managed companies like wix or whoever to manage your website or share space or square space or any of those But that being said there's a public facing site Therefore, it's not exactly an attack on linux, but wordpress pretty much not I know you could run it on windows, but for the most part everyone runs on linux Just like we do and thanks for sponsoring linux. That's where it's running in a linux server So you have to think about where your threat surface is If you're using linux on your desktop your threat surface is your browser How can someone escape the browser unless you're running a web server on your daily usage computer? Don't do that. But it's about what you're leaving exposed So keeping the browser up to date absolutely is the top security then from there the browser should also Not allow things to escape out of its sandbox to get too much further into your system Those are really where you have to think about the threat service It's more of a the browser attacks are generic So all the releases they have for browser attacks and the patches for firefox and patches for Chrome and more specifically we'll say chromium as an engine which drives many of the other browsers As long as those things are kept up to date you're reasonably secure Most of the attack surface still goes towards the microsoft world because they escape and then they try to run and execute a binary In the operating system that they target. So first they have to escape out of the browser Then they target the operating system. Good news is for you linux folks The virus type of things they're trying to deploy probably won't work on your system So it's less a linux security thing more of a browser security thing from your threat surface The other side if you're just pulling from the repositories, you're not downloading rando files from somewhere You can stay with a high level confidence because you don't get to control the supply chain and by the way some type of Antivirus tooling on your computers unlikely to detect something coming from upstream Down to your computer because it was signed. It was trusted from upstream Therefore it really would be difficult for any type of av tool to dig into your system and go Oh, no, no this update that came upstream from the Repository is a threat at some point you do have to have a trust level with your os and where you're getting it from This is also where I think it's going to become harder and harder for anyone security conscious to do any type of distro hopping because you have to have a Series of trust in your supply chain. Make sure people are vetting it Make sure people in ubuntu is going to be an example They maintain the repository There's a series of external things that the ubuntu developers are looking at through the supply chain Before they compile it into a binary before that binary again gets delivered to their system And then for you to pull that update The confidence level you have in that chain of trust is going to keep you safe overall So it's not as simple as will they be targeting it? Do we need an av system windows because it's built on running applications that are unsigned Versus linux natively unless you start tinkering with it is only running the signed applications that are from The repositories and any repository that you added always has to be in your trust model That's why you need it in windows. There's so many different ways that things are being executed on there This is where eventually windows may have to move towards and microsoft tried it in a very Because they didn't do it in the beginning microsoft tried like the window 10 s mode that only run signed applications Well, it turns out can't get out when you can't get everyone on your ecosystem and everyone's ecosystem is third party external and That becomes a huge challenge Then you you back you're you're back to not easy to implement because linux grew up that way Linux was an app market before we called it an app market, but this is kind of how it works We apt get install something in debbie and it's pulling from repository a list of known software that went through an approval process And that's what keeps that chain of trust on there. So it's less the concern From a daily driver standpoint also Is optimistic as us linux enthusiasts people are here We know the real world doesn't even wonder what's on their desktop. It's not you're the linux desktop It's it's something the rest of the world's not even thinking about so we're still the one percenters Maybe two percenters depending on the optimistic reports. We see on linux news sites. That's the year the windows last top Yeah, exactly. I I would say um, I know this isn't what people generally want to hear But it's the truth. It's like focus on you first before you focus on the machine So, you know, for example, I'm sure our audience isn't um, you know, among this example But people will say well, I got infected by a by a virus So my antivirus is crap because it I got infected Well, you probably Did something or clicked on something you shouldn't have clicked on most of the time So I think of antivirus like the guardrail on the expressway If you are swerving around you're hoping there's a guardrail there So you don't fall into the ditch, right? But if I think you should just focus on your driving that swerve as much and that rely on a protection mechanism and then when you have You know when the person says about hackers focusing more on linux I think the important mindset to understand is that Hackers focus on the path of least resistance not the operating system So for example, if your password is for characters, I don't care if you're running windows bsd linux, whatever You're going to get it. I mean people someone's going to get in because your password is insecure So the problem isn't your operating system choose a better password better yet Why is password authentication enabled in the first place? So when you focus on adjusting your habits and your expectations, I think that security kind of comes naturally Unless you're you're working at a business where you're a target an actual target Then if someone gets in it's probably because you have a you haven't updated in a long time There's a nasty vulnerability there And they someone found you on shodan or something like that. That's probably why it happened. So just focus on You know having better defaults and just having a secure system and just not expecting too much Linux is linux more secure. Yes, but that doesn't mean it's going to save you either Right. You can still do dumb things. Well, it reaches the end of those questions I've seen a few questions here that I can roll back and answer that came through um We have Someone asked about if we have a whole workflow for the video stuff we do I've done. I don't know if j someone and I need to do an updated ones It's going to change to the way j's doing it now I have a whole video that has my process and workflow because it is mostly done with open source tools For those interested it's on my channel. So I'll address that PF sense 2.6 I don't have a full list of what's coming out in it, but you can check their Red mine is what they use you can like google pf sense red mine They have publicly listed like all the new things that are coming in That version so it's not too hard to find out But I'm going to wait till it's at least in a release candidate state because release candidate means its feature stable Um, and those are usually the features that are going to stay in it for the release So it's still not it's not even in release candidate yet. So i'm not diving deep into it Okay, but someone asked about wire guard being full release. It's always going to stay a plugin There's really solid reasons for doing that christian mcdonald outlines them He has the developer that works for neck gate and one of he heads up the wire guard project He's talked about it. He's got videos. You can find on that. I've tweeted them. I've shared them But it's christian mcdonald who works for neck gate. He can describe better As a matter of fact, he's got a pf sense 2.6 video. He knows more than me about it because he's developer doing it Right, but he also is developing the wire guard. It's going to stay a plugin and he outlines in his last Will a video release within the last 30 days Um, he may have done another one. I haven't looked but that covers why wire guard will stay a plugin He's got some really solid reasons and he's a developer. So i'm gonna go with he really knows Yep You don't need to see for chunas. I'll throw that out there. I've got a video on that topic Yeah, that's the age old debate, right? Yeah, it's coming up a lot Is ecc better? Sure. Um Is an enterprise hard drive better, but can you build it without one? Yes You can and is it fine? Yes Um, is it better to use ecc better from the weird? Uh, and I addressed this in the video Zfs is a copy on right file system the copy on right occurs when a checksum Actually verifies the data the idea that a solar flare could fire off and cause a bit flip But then the checksum would still match is just an astronomically Small chance that it could actually corrupt the data And then someone will then point out But what if it was doing a scrub and the solar flare did it and the checksum on the scrub did it and flipped a bit And it failed i'm like you're more likely the most likely scenario because we don't know what bit It's going to flip is you're going to get a crash or a locked up system than a Um problem, so uh, you can get away with that ecc And fine better with two but not necessary And better is such a rabbit hole I mean if you think about it would a server with you know a thousand cores be better Well, sure, but can you afford it? Probably not So if it really comes down to your budget because if um ecc memory is going to be more expensive in your build And it's just not within your budget. Well, it's out of reach. So I mean you really don't have a choice I think some people might ask because they're using true nas and they just don't know if they should be it They don't have ecc. Well, if you don't have ecc, you don't have ecc So you can't benefit from the improvements that it might give you But even if you did have ecc, there's something else that you can improve you could get you could just replace all of your Discs with um ssds. Why not um sky's the limit, but then you watch your bank account just get depleted And then you'll probably regret it. So it's probably just a better idea to have um something that um You know sane expectations without trying to spend, you know, all your money on A solution or throwing money at your problem, which is what I think that ultimately leads to And another thing we had another question. I wanted to bring up. We had a whole episode about this so i'm going to summarize it a little bit because the Whole subnet and vlan thing just becomes like kind of confusing right because um, when do you use one? And uh, when do you use the other now subnets and vlands are different things? Um, so I want to make that clear um The reason why you would use a subnet or multiple subnets and multiple vlands can be mutually inclusive But the technologies themselves don't have to be included. So when it comes to subnetting the Primary reason I think a homelab person would do this is because they want more ips at one point, you know In our average household, we probably had one family computer. That was it We might have one roku and one laptop So 254 addresses in a slash 24 network that goes a long way and at that time You're probably not going to deplete that but now when you add iot You know everyone in the house has a smartphone possibly a tablet a laptop a desktop You have your your other devices there than 254 addresses. That doesn't seem like all that many now But if you drop the subnet mask down to like slash 22, well, all of a sudden you have a lot more ips Which is also why if you go to a public restaurant and they offer public wi-fi And you can't get connected. It's because they have a slash 24 and they're really close to the road and people passing by are You know grabbing ips as they go by so you'll never have a chance But it's just one of those things people don't understand But having more ip addresses is why you do that Now vlands will give you segregation via firewall because you can have firewall rules attest to your vlan But where they intersect is how people do it in practice It's not that you have to do it this way. It's just that this is the way that people do it So if you have multiple subnets and each one is You know practically married to a vlan if they become a one-to-one relationship But they're not one-to-one by default But you could have vlan one and you have an ip address scheme Let's just say 192 168 1 0 slash 24 then the next one 192 dot 168 dot 2 dot 0 slash 24 and you can have like a bunch of these And each you can even have like the third octet match the vlan id So it's really easy to know which ip scheme goes with which you don't have to do it that way But it's just the best way to combine the technologies in a way that actually Helps you apply firewall rules and if you see an ip list on your dcp server If you see like 192 dot 168 dot 30 or whatever it is I'm just make it up numbers and it matches the vlan id. Oh, well, that's on the server vlan so I know where that machine is it matches and Then you could just create your firewall rules accordingly So you don't have to use them together But most people do because it just makes the most sense. I hope that clears it up Yeah, that is we did we go into that video and it is it is a really tough topic. It really is It's it's something you just have to wrap your head around and do It's probably one of the first things you'll learn in the homelab is how network segmentation work And it populates partly because I talk about network engineering It's a popular topic among The people on my forums all the time is hey, this doesn't work And why can't I get these vlands to traverse and very frequently is because you need switches that are vlan aware And it starts the rabbit hole of discussion on that. So definitely worth talking about The do do do the older one someone asked about web filtering this comes up a lot I wouldn't I never recommend squid with pf sense Honestly, it just any time you get into ssl filtering. It's a headache We do it only when we absolutely have to at the firewall level because it's always a rabbit hole of You set it up and then you start running around building tons of exclusion lists of all the things You can't do man in the middle of firewall filtering for but obviously there's a need to if you run a business keep an eye on users Um, there's nothing. I know that's really good in the open source world that does this It comes down to commercial software, but tracking where your users are going just a general idea and having a log of traffic there Probably is it any great way to do it besides a tool like security onion Which is actually our last episode where if you really want to know what everything and everyone on your network is doing Full network monitoring with a tool such as security onion to really dive deep into it But you're talking about an absolute beast of a product to be able to do that This is one of the reasons why there's so many commercial solutions in that space For tooling that you load on individual computers that you pay monthly subscription fees for Because it's hard to figure out where all the users are going It's the the way of the web is of two problems one We want to encrypt everything because that's the better security model So when people don't step the traffic it's really weird to even think you know One of my favorite demos was around 2010 ish I think uh when fire sheep was released fire sheep was we started encrypting some websites But they would quickly drop back down to non encrypted and so we encrypted the login for the website A session cookie was then added to your system and then you went back over to a non encrypted way And the way those session cookies were passed back and forth in clear text allowed a tool called fire sheep going I don't need your username and password if I have your session cookies So you could sniff session cookies. So we've come way further In way better here in 2022 to pretty much the majority of sites thanks to tools like let's encrypt are encrypted This came though at the expense of lots of internal sys admins being told by management Where did my users go? I need to track my users and now we've been blinded by encryption And we only have like the sni header left because I know esni is a thing But for the most part the sni headers about the other thing left we have to give us some visibility into that So that's my long soapbox talk of why it's so hard to track where users go and what track they Did and this is why there's such a In from a business standpoint when I'm not talking on the homelab show We use commercial tooling to be able to monitor track and filter People's websites to corral them if you will into things There are tools like pf blocker that at least will deny dns lookups for a lot of these sites and put some blocks in there Untangles a firewall solution that's commercial that I've talked about and demoed on my channel That has a subscription fee but does offer some web filtering and web tracking for where the users are going Without having to reload and end user agent or break ssl It does have it does cover that in between What that means though is you'll see the sni headers So you know the url they went to but not the full url You won't know what they did necessarily always on the site because there's only so much you can track with that sni headers are what help you get um May monday may well dive into how ssl and sni headers works. I think it's a fun topic. It's very technical, but it's worth Worth having an understanding for but that's how you get into some of the uh, where do these users go or being able Because having that visibility with untangle also means you can block it now once you go full install a certificate and break ssl Good luck. It's it's an administrative challenge at the same time Because so many states use ssl pinning That stops and breaks things so you have to start making exception lists on it So long winded in refer about tracking users in And I would say too You know again come down to mindset I I really feel that the internet doesn't want to be monitored and anything That any solution or anyone developing a solution for any purpose anytime they can Make it harder to be monitored. They will do that They don't care if you have a net nanny. They don't care if your company wants to filter things They're not taking you into consideration when they're developing these technologies So, you know firefox wants to roll out dns encryption They're not asking if you know you have kids you want to I mean they might ask right now Whether you want it on or off, but at some point it's probably just going to be on by default They don't care So what you'll find in when it comes to you know net nannies or children for example You just want to have conversations with them Because they'll always find a way around it at a certain age when when they turn 13 you're done. I'm sorry You know, I thought I was clever, right? So I had everything going through Something like that with I think I was using open dns and then later clean browsing and then you know It I thought it solved the problem, but then I saw on discord His you know kids are just dumping things that they can't or shouldn't be accessing in discord So they get it there because they're not getting it through their browser So you'll you know if you're a parent you'll probably be amazed at how clever kids are nowadays and The only solution is to have a conversation with them because at age 13 or you know, you have a child prodigy age 10 they're going to totally get around that And I do predict unfortunately that the internet just will not be able to be monitored at some point in the future Because the people that are making the next generation technologies They're not taking you and your your wishes into consideration Because more people like privacy. So that's the direction that they're going to go. So whether you like it or not You can to some extent Filter the internet right now, but at some point you honestly may as well just not unfortunately I hate to say it, but it's you know, it's a real challenge on there and Like I said from the complete business standpoint in the way we handle it as a business is loading Tools on the system natively that deeply spy on people if you will There's people who may disagree with that That's just the reality of if we have to manage these clients and manage your computers and manage that level That's something we need to do. Um, it's something the it's just part of the market We work in to be able to keep these people from clicking on things Uh, they shouldn't but nonetheless, um, I'll actually mention this here. I seen someone saying that, um And this is actually something that's getting better The worst for web admins is diminishing certificate validity period I think it's a wonderful thing that we've diminished greatly used to be able to buy 10-year certificates. I think for a little while you could buy it even longer But 10-year certificates used to be a thing I am actually am thrilled that one year and I would actually even be happy to see it as low as six months or even That six months is pretty good. But as we adopt a better internet The goal it has been always on the let's encrypt organization To get people to build automation around their certificate systems. It it's reason. It's called the akmi search system It's not called the let's encrypt search system Let's encrypt does offer certificates almost like a proof of concept if you will that you can do this at an automated method And no longer have to worry about it But some companies have their own ideas in their head and they may not do it But the akmi protocol does support using anyone who wants to adopt the standards of having automatic cert renewal with shorter Expiration the shorter expiration is a better security feature that way it is more If you want to think about it from this perspective if you took an expired cert Let's say I captured the traffic between two points But the cert pay it was valid and I have the data, but I can't I can't reverse engineer that data Well, if I ever got that certificate and no one thinks about oh, we threw out the you know I say threw out as if it's tangible But what if someone were to acquire in the future that cert? Well, then there's that potential for it But a series of expiring auto renewing certs that go away Or you renew them whenever you think they're compromised Through an automated process. This gives you a better confidence level and security It also lets domains expire especially if a domain gets left unattended And is maybe serving up malware because no one's watching it no more Yeah, that could be a problem. You kind of want those certs to expire on there Of course I'm contradicting myself in some ways and feel free to point this out the fact that if you had an automated system on there It would automatically renew the cert for the system on there I think it's better though that they're expiring it at least shows some active Level of engagement with the site. So I don't think it's a problem. I think in the big picture Let's encrypt us in a wonderful service to one encrypt more things so things like fire sheep don't work no more and Having an automation tool and more companies having that opportunity for using that automation tool to automatically renew certificates Yep, and I will as an aside, you know, just one last thing I'll mention just because it's kind of funny I could think of one major reason though to implement some kind of a Filter or net nanny on your network and that is to play like really awesome April fools jokes on your kids because I swear it's the best thing ever Like you just make every single website resolve to the hello kitty website You could make it filter words that are perfectly fine Like very common words as if they're swear words and just just have some fun Other than that. Um, yeah, probably not. Yep So I think that's it I think someone asked In here in the questions if you can use a true nas mini with proxmox sure runs true nas Is it going to be fast? That's or will it be fast enough for you? I don't know it depends on your bm workload, but um That's that's always scaling out systems and planning that is always a lot more challenging Because it really comes down to understanding what your workload is. How many iops do you need? We all want more but more runs into our budget More budget for how many iops there's so many uh, that is something that tuning variables becomes a lot in there and In your financial tuning is a big variable. That's that's the biggest knob and this is how much money can we pump into this system? right Ah, well, thank you. Well, is there anything more anything else you seen in here jay? We answer not so far All right Well, we're looking forward to doing this again We're looking forward to hearing from all of you and thank you for joining us We'll be back next week. We're trying to get more consistent. I'm trying to post the show earlier We're trying to get it as a ritual that we're doing this Wednesdays at 11 and cross my fingers I'll be doing this from a new studio soon. So Yay, ah can't wait Absolutely. Oh one final question here, uh free cloud cloud for a proxy service. I haven't tested it. Have you jay? Nope me there. So I got no opinion on it No opinion here either Is it smart to bare metal a bunch of server and run docker? Sure. Why not? Yeah, I mean a lot of people do it. That's that's how a lot of people do it. So, yeah Yeah, once again, as long as you have a good deploying build process. So Yep, um board backup haven't used it. So Yep, uh Oh No, I'm gonna go with this is a no right here Uh, I I guess there's another reason for proxy outside SSL special caching Websites are so dynamic. I don't think caching is even Relevant anymore. Most of the stuff won't cash very well Like right because of the way the streams are put together on most of the stuff I don't think there's much value in caching like there used to be it's pretty limited use case there Especially with the way the dynamic content's generated so Yep, I agree with that as well. Yep Like the industry changes on us, you know, it's just like it's almost like the Industry is going the direction it's going and we're all along for the ride. Yes We're developing it and you know a lot of talented people out there are doing that But it's still naturally going a specific direction and some of these things that were You know a godsend at one point just really don't that work as well And I did I fold this closure guys I built squid caching servers in around 2000 2001 on a split T1 that that dynamically allocated Lines for phone and would slow down our bandwidth and we used to have a team I worked in corporate it and we cached everything because everyone hit the weather channel For different areas because the weather was important because I was it for a transportation company Don't get me wrong. I completely understand how valuable that was in 2001 And I it was it was a very successful But I used to have like charts that measured the cash hits the stats out of it And I was always like look how much bandwidth I'm saving us on our fractionalized t1 here But here in 2022 that's just less, you know, yeah, it's if you're if you're As old in tech and you didn't progress from tech Then you would say yeah, that's probably valid But once you understand a lot of the dynamics and the way dynamic contents generated Having matched cash is no and then of course tls 1.3 with a extra layer of encryption Where you have an encryption on what I referred to as the outer layer with your ssl And then a secondary diffie helmet exchange within ephemeral key only for that session So you're now encrypted again. Yeah, and I broke it the there's a way around it where you also will Do tls 1.3 between the proxy and the website then do tls 1.3 between that But there's very few devices outside of like net scale or that have that ability to do that So now we're going to go into another rabbit hole of that's really hard to do and doesn't add a lot of value I saw a question in here about something I mentioned before which was You know when it comes to music, I love music music is therapeutic to me It's like whether I'm in a good mood bad mood. There's there's a song for that, right? So Um, res the raspberry pi solution that I use is volumio. I hope that right and bol um i o I believe and it's a raspberry pi image that you could flash onto an sd card and then you can of course plug it in and Um, either add your music collection to the sd card or have a network share and tell it where to find your music collection And it will scan it and then you plug in some really good speakers to the raspberry pi And then you can visit this in a web browser. So it's like in in my case anyone in the house Um, can just go on this website inside the local network here and just play a song on this thing It's got some really loud speakers on there. Um, I really love that solution a lot what I had to do on my end I don't know why is I had to Um with the raspberry pi 4 I didn't have this problem with the 3 I had to actually buy a usb sound card for the raspberry pi and plug the speakers into that because if I plug The speakers directly into the raspberry pi it sounded like garbage I literally thought that my speakers were blown Which was weird because I I wasn't cranking it up or anything and then I tried a usb sound card plugged it into that fixed the problem completely Um, I don't again. I don't know why but I think I paid maybe 30 dollars for that usb sound card I don't remember which one it was and they might have fixed it now because it could have just been like a driver issue Or something so I don't think anyone should just go out and buy a sound card All I'm saying is if it doesn't sound right you could maybe blame that But volumio is definitely something to look into our friend phil turn me on to that and I've been using He's got a cool setup for it too. So yep, um, definitely check that out and um, you can make yourself a raspberry pi jukebox Assuming you can find a raspberry pi Um, which is really tough right now. Um, I saw once some sites are back ordered until this coming september Yeah, but just keep your eye on twitter. I followed jeff gearing and he um, he posted a link to some today So they're probably gone because that was this morning Now you did that yesterday as well and I was able to buy uh, two of them for a project I was working on a compute module. So But if you can get your hands on a raspberry pi or if you already have one and you don't mind dedicating it to this You could download volumio the image and then flash it on there point it to your music collection and have fun Yep All right, we're gonna wind this down I just looked at the time and I have another thing I gotta go do so Thank you all of you for joining us. Uh, hit us up at the home lab dot show Feel out of feedback form. We love doing these q&a episodes. We love answering all your questions and keeping everyone excited about it Thanks. Yep. Thank you