 And it's live I Think um's the first way I should start this out all the time. I always look around like is it Go here here. They're all right making sure it's live I always pull up a little second screen over here. Make sure it does the thing. It says it's doing welcome to vlog Thursday oh Man three hundred and eleven the three one one. Yeah Uh first time live is it like the WAN show of LTT do we have to wait? I don't know they make you wait. Oh Are we having fun before the end of the new year? Yes join the business technicality channel Brett and Jason are Definitely having some fun over there. I'm going to join them in some fun as well at some point But people ask about the business videos. They have some really good insight. They're sharing on there So now that that channel's picking back up I'm making sure to remind people that you check it out because people have asked what happened to the business content and I know not everyone like the business content people definitely like the password manager content lately That has been some popular, you know, how to install bit warden for example But if you're interested in the business side of things because you know, I do run a business Jason runs a business Brett kind of runs my business. So all of those things combined means there's a wealth of knowledge that they share and Hey, check it out that that channel there is Definitely fun. It's I still like talking about some of the business stuff I just took a little break from it myself because I have so much other content. I'm creating Hey everyone. Hey Travis. It's funny because now that Travis works at Lawrence systems He still gets to watch the vlog. I don't know. Is that work related seems work related? Why not hello everyone hello hello from the land down under I'll see what do we have here? All the networking fans. Yes, lots of networking people here first time catching me live awesome Greetings and hallucinations from Seattle. Oh Two more weeks and yes, we gotta do something special for the 313 That's the Detroit area code for those you not from the Detroit area And there's there's that long rap history of you represent things based on the area code The live shenanigans shenanigans for sure watch video bit where today they're pricing model for self-hosted solutions What is their pricing models the same whether you self-hosted or not? Their pricing is on their website. So I won't date the video by putting it there But just go to the website go to pricing. It's just scroll down. They have all the details of All the information with the self-hosted you can self-host the free version as well with bit warden Lots of interesting password management content. Yes and I figured that's um Am I beta testing the unified bit warden? For those you don't know unify has a another installer they're working on called the unified version I Just haven't really had time to test it. It looks fine I am positive because they have such a good tracker to be in company. It's probably gonna turn out well It's just assembling it in a singular docker container instead of several docker containers Uh people want the people excuse me the people ask for it Bitwarden delivered or is delivering it's in beta right now. So I haven't tested it I don't have a real problem with the way they do service delivery now be a docker with multiple images. So Um, I don't have a real pressing need to try it So that's it looks like the installer might be a little bit more complex than the current installer The current installer actually works extremely well. That's why I did the video on it Um, I thought about doing the video on the beta one. I'm like, ah, there's the instructions are more I want to get people they're the fastest possible. So that video is actually pretty short on how to uh for a install tutorial I think it is reasonably short I've been listening to podcasts at a homelab show great content keep a good work. Awesome from belgium You know a while ago someone sent us some belgium chocolate Uh from belgium, you know, I've heard the term like belgium chocolate is good But then once I had had it I can confirm it is definitely some of the best chocolate I've had I don't really know what's different, but Yeah It's something about it was really good Uh three one three used to span the tri county area wane county until the mid 90s when we got the seven three four Yes, we had uh seven three four Three one three and there was one more prefix that they split Um, there's a couple of them there now, but yeah the splits started Uh, you know not enough area codes not enough numbers kind of like ipv6 like we need it because we're running out of addresses We're running out of phone numbers. So we had to have more area codes to split them up And now that doesn't matter I really want to self post it from about the same time. I have a bunch of bad experiences that make me dislike docker Uh, I wish the solution doesn't use docker I just run it in its own vm with its own docker because docker for from their perspective I get why they do it The instructions are way shorter having them use docker if you wanted a reverse engineer how they do it matter of fact There's actually, um, I googled it because I got curious There's a there's a couple utilities easy enough to find in google search room and know I haven't tested them There's a way to undocker things you could take docker and then convert them into flat images and then update all these components individually It would make service delivery harder, but you could do it The reason a lot of companies use docker is to make it really easy to say, hey, here's these different docker containers Let's update this module and send it down to them by doing it in that methodology It makes service delivery easier. So you're not dealing with well I have all these little, you know problems and things like that from a support perspective So I get why they put it in docker, but also if you don't like docker for whatever reasons, um, then You know, you can always try to flatten it But I just want it in its own vm because it's not very processor intensive And that way it's portable and it's secure and I can back it up And if I needed to restore that entire vm with all the container information in it with All the password information right back to a particular state it would be easy to do it's a extremely minimal install to That's why I'm not worried about it's not like it takes up a lot of space Make it maybe a video idea. What do you do with the firewall whitelisting black listing pattern pro count for me? I kind of like wait listing um I don't do the block listing like that, you know I use pf blocker to block some things but trying to whitelist the internet and only allow certain sites That's a fool's errand That's going to waste a lot of time and probably not going to be very effective You know, you could probably try to establish some baseline of how many websites you go to but I That wouldn't be easy I have it weren't exposed to the internet so I can uh password sync some mobile network phone any considerations I think about uh further secure my install I mean the moment you open up to the internet You at some point I would almost say if you're gonna have it exposed Maybe just go ahead and have them do it unless you feel that you can be absolutely on top from the time they announce If this happens, there's a flaw that would allow someone who has access to do something How quickly could you react? That's the question when you self host and expose things that you're trying to answer So if you have this exposed And someone's able to get to it In because of some flaw that was found and they have a patch for it How who's who's better at patching things the people that run bit warden that have a 24 17 manning it or yourself It's just a question. Maybe you are really good at it and great now you have your answer I don't have the answer for you. I just give you the parameters Can you use file attachments with the free edition of bit warden that's a good question. Let's look I guess I don't use file attachments on the paid version. So Let's find out if it works on the free version. Let's go ahead and I have myself hosted installs. We will share the screen of that Present share screen chrome tab bit warden vault I just want to do a few uh things today with bit warden. So I already have it pulled up Got the password pulled up over here That don't worry. I'll even share it with you because it doesn't really matter to me It's just a password I generated for this demo account Um zoom it in a little bit make it a little easier to see Uh, let's see can we attach things? I think so where do you do attachments? Get Bear with me while I figure out where the attachments go because I a new option Default match detection new uri. I don't see an attachment option not there It's not a feature I use in case you didn't know Send has the ability to detach files So, yeah, I guess if I attached these files here new send You're right. I thought there was a type logins cure notes folders identity Yeah, I don't know I don't see it. I don't use that feature. I never attach files to this. I put things in notes all the time um Links polling I use this constantly the custom. I love the customizable fields But no, I don't see A way to do a file attachment in here I see it with the you can attach files with send though and obviously this is so new send We want to make it a file Okay premium required for sending files. So I guess you do need that Been watching you and hope starting ace been watching you and mac and hoping started a side hustle. Cool Greetings from double and Eileen. You've been working to solve video. It's time perfectly getting away from last pass quickly. It's possible. Great What's my opinion on vault warden? I mean It's a alternative project, but I don't have a use case for it I mean, I I said that in my video the other day Like if you want to do vault warden go ahead, but I prefer to support the um Project maintainers themselves who which is bit warden. They're the ones that publish all the code top to bottom So why would I want to use a third party? Who hasn't gone through the same level of auditing that the first party has because it's not a fork It's a rewrite in rust. It used to be called bit warden rs, but uh, there was obviously some name confusion by doing that So it became vault warden. I don't have a use case for it I prefer to run the real deal if you want to run a third party's implementation of it. That's fine Fools errand So Fools are Doersy, I'm sure there's a wakipedia entry in this Fools errand Oops, I closed the sharing A fools errand prank is type of practical joke where newcomer group typically go at work by accident It's given them impossible nonsensical task by older more experience. So yes Uh, white listing blasting for an internal network that I don't know what you're asking What are you white listing or black listing? Uh, do you use bit warden to share to store ssh key pairs? I do not I haven't had a need for that So that's not something I've done. Um You can go back over to bit warden and vaults I mean, I guess you could put the um Keys in here. I don't Secure you can put a secure note I don't know. I wouldn't I don't really have a use case to put them in there Uh, just a thought depending on the content of file type you could use secure note. Yeah Any hot sauce you like on ribs? Mmm a lot of different ones 10 minutes to catch up at 2x speed All the way from Kuwait awesome I have some uh Going to need some nice sauces for them. All right Fools there are no productive outcome of an activity. Yes Have you ever used nginx proxy manager compared to nha? I'm strictly using it for reverse proxy Haven't used it. Some people seem to like it. I just I like ha proxy I have it everywhere. I need it to be so I haven't like well There's not a compelling reason for me to use another tool. I don't always use that tool um So that's yeah, that's one of those things now key pass is is the other one and I guess that's the other one I wanted to bring up because this comes up a lot and I'm working on it Uh a dedicated video for this did I close key pass? I thought I had it open already He passed uh now time has to remember the pastor goes key pass I didn't use a good password. I just used a password So how can we share? You know, I think I just have to do stop sharing and share a screen because it's its own So we're going to share a window a screen There we go Um There we go. There's key pass now Key pass is cool. I I don't have any problem with if you want to use key pass As a matter of fact, this is something that you know people brought up But I think this is a good point key pass is a good solid password manager I don't know of any flaws in it. I believe enough people are looking at it Not not that that absolutely means it's been an absolute code reviewed Then people are probably looking at it and the fact that it's local to your computer with a database The attack vectors are more limited someone has to be on your system in order to get into your key pass instance But if you're an individual you're a home labber and you're going Do I really need to set up a doctor container to run bit warden locally? Probably not Um For individual use. I think this is great. I don't think there's any problem with it And I'm you know, try to figure out if it's worth doing a video on it Um, you know, you can save little things in here. I was wishing it had an actual maybe I'm wrong Maybe there's a plugin for it. Um, some type of Oh, you know one-time password in there would be kind of cool if it did that as well I I threw just some otp testing in there Playing around with stuff to see if You know just a goof around with it But I think it's a good password manager It just doesn't scale when you run a business and you have a lot of people that you need to share with now I know you do have multi-user support and key pass so more than one person can access the database But there's no acl's in it. There's no, you know, I can't build really nice granular permissions It doesn't seem to have any clear audit log that I'm able to see So for an individual, I think it's got all the features you need and it even has and I haven't tested this But it does offer if you go into the settings Where is it under Somewhere here So secure browser integration It does even offer browser integration So it's got all the the right things you probably need in a password manager. It's got a password generator Um All this good stuff, but it just doesn't scale to the business use cases or the multiple users multiple access less And security logging that you would need from a more robust password manager So that's kind of my opinion as people ask about it And I thought maybe I'll put together like some of the use cases of why you want to use one or the other Um, like I said, it's a good system. It's not like I think it's bad or you shouldn't use it It just has I mean it it's even cross platform But I I want to set up the browser integration and things like that before I actually do it Oh, let's see. You can attach files a key pass. That's true Uh, I use secure notes and upload files Excited for the next step, you know, if I three, yeah, if they want to get to it Uh, regarding SSH keys, have you used SSH to get some production? Nope. I have not I've not used SSH certificates. I'd question recommendation page you go sim carrier for backup modem Not a problem we ever run into We just As a matter of fact, we I think we have one or two clients on starlink now So I I think that's going to kill some of the backup cell carriers Teleported secure solution teleport is really cool. Um, I've played around a little bit My only problem is I don't like the fact that it has to load a daemon on something in order to do the connection Um, you gotta load the teleport tool on each system But I don't think it's bad. It's just one extra step that I'm Mixed on but I think it's really cool. I like it's logging. Um Christian lumpa That network life he's done some videos on teleport. Uh, they're a sponsor of his channel as well But it looks like a great product. I think it's cool. It's open source. It's free try it out It's been on my list to try to do it I think teleport reached out to me once or twice wanted to Offer me some sponsored Time with it. I didn't take him up on the offer. Maybe I'll reach out to him and Have him sponsor a video or something, but the product itself seems good You for a patchy over engine x because of the familiarity with the patchy system comes down to What you're most familiar with is going to be what probably works better people using unfamiliar things are more likely to Not secure them properly Key pass the next cloud works great We're using keeper keeper security at work hoping it's better I don't know anything about it. I never used it so I got nothing No comment on it. Uh, that's key pass. Uh, that's key pass xc to be specific Key pass xc does otp. Okay Interesting Oh, tons of people are still using excel. That's for sure. We're doing a video on cloud flare tunnel. I'm a bit iffy on it Yes, I actually built a cloud flare tunnel uh Just before um Just before this video I started playing around with it I'm mixed on it myself My problem I have with it and this is the part I want to really dive into on it You are trusting cloud flare when you do this and I mean people are real excited about it and that's cool, but The problem really comes down to who do you trust? I'm not seeing cloud flare is not a place to trust But you are putting cloud flare in your trust circle by doing this. Let me pull up the documents on it But I think that's the part that just confuses me because people um Seems so quick to Like oh man cloud flare blah blah blah and I'm like Okay, you're trusting cloud flare. You're also running on a proprietary service Um, because I mean, it's open source. So it's not like we're not we don't get to see what it's doing We know it's a reverse proxy essentially where you load the cloud flare service on your server and Here's the browser. Here's cloud flare's network and then it jumps into the proxy It's not anything complicated so to speak not if you're familiar with proxies I should say so I guess it's a relative term to say it's not complicated but because All's you do to define What this proxy does is go to the cloud flare control panel once it's attached And you can say talk to this server talk to that server Okay Who's stopping that server besides the cloud flare dashboard from doing something else like talking to a server You don't want it to talk to and do public exposure on That's my concern with it. You're you're trusting cloud flare where you control it their dashboard, which I think is secure I don't know of any problems with cloud flare. They seem to run a tight ship over there But you are adding them to the trust circle So it's zero trust but trust us like so many of these zero trust solutions. So So yes, I'll be doing a video on it soon Uh, where's tom gonna be in 2023? I don't know Um, I was just looking at that because I usually announce where I'm gonna be I don't have anywhere. I'm gonna be that I know I've not booked a flight or a hotel for anything in 2023. So Hey tom True or false simply increasing ran capacity on windows computer does not necessarily make a computer faster Rather prevents it from slowing down. It just gives you more head room to run applications It's not necessarily a speed thing But if you are running out of room because you don't have enough memory Then it will speed things up But you have to know if you're running out of memory before you can answer the question We'll add any more memory make it better Uh, do you have google password manager built in a chrome now that they have one for uh option for device encryption I mean, I think google is a good job with security on things But one of the problems I kind of have with it if it just authenticates with your google account And someone's able to steal your session with your google account Then would they have your passwords do they have an extra layer? Like a master password for the passwords that are managed in there That's the question if it's just authenticated against your google account then Um, I don't know if that's enough You know, I can't it be session stolen rather easy or not in the past I know it could and they did a lot of re-engineering to fix that aspect of it So they fixed the session stealing part to an extent, but There's still some issues I have with it. Does it prompt you for the passwords? Does it auto fill them? Does it lock like an normal password manager? Those are I don't know the answer to that question If all that answers no, then I wouldn't use it Uh Uh, does he proxy use a lot of resources in pf sense? No, not at all If we were not connectwise control through it. Nope, it works fine with connectwise control It does not take a lot of resources see Anyone use hashy-curt volt, um I know I think j used to use it for learning like cv. I've never used it though I think j brought it up a couple times Have you tested ingenious? What do you think about that? Look at some of the level and stuff You know, I don't understand why Wendell likes it so much. I've talked to Wendell I mean, I think ingenious has the hardware part figured out like they don't make bad hardware. They make terrible software Um, so I'm not a big fan of it. So Uh bit warden pro uses ubikey any problems we I use a ubikey with um For phyto not for ubikey, but it works with both you can do ubikey and it does phyto So I'm partial to the phyto version What do you use for ddOS protection cloud flares good for ddOS protection? I'll see I've had a look at threat stop for pf sense curate managed dnsip filter so it's decided not to solve plug-in as much as she I don't see her to threat stop never heard of it and uh I'm I think it's oversold that you can protect things with at the firewalls side Um Everyone's trying to sell a solution on there and most things seem to pass right through those firewalls Don't forget chrome is a memory hog. Yeah, that's that's for sure Uh is synology nas docker bit warden only accessible open bpm radius via pf sense router secure enough or better Open bpm radius synology nas docker bit warden With open bpm radius otb v of a sense seems fine What are your thoughts on duo? Um I It's okay. I don't I've used it. Uh, I think the simplicity of the product is kind of cool Just the yes or no, but any time that I've talked about uh, and there was an event that were mfa fatigue was an issue It's usually because they sent a million duo push notifications. Why duo doesn't have rate limiting by default. I don't know Um, I think that's weird, but I don't think it's a bad product or anything like that Who claims using private key generator from your screen lock combination with your google account and crypt B4 Uh syncing with google, it's always logged in though The it's always logged in is enough reason for me not to want to use it Google password sync has a master password, but you can't change it at autofills pastors, but you can't view them without Uh operating system. Okay Yeah, I don't it sounds like a cut down version of a uh password manager Firefox password man look with master password so far. It's good. I can do export and backup externally interesting I'm considering switching to bit warden, but not hosting it myself. What's your opinion on that? I think it's really a solid tool my personal bit warden not my business one is completely just hosted by bit warden Uh, because it works. It's great. I don't know any problems with it. Um, that's because I I keep my personal and business one separate and Because there's all my game accounts in there and things like that and I have no problem. I just use their service for it so Oh, you know, this is the dumbest thing so let's um I don't understand this So let's share this to have instead now. I almost want to be a flying them all for uh how This stupidity happened. So here's duo the company that by the way was bought by cisco See a little cisco up there at the top duo started actually here in an arbor michigan and uh, Great people. I've met a few of them including a dug the owner Awesome people sponsored events in the startup community background in a hacking community Everything's great, but duo became pretty big pretty fast with a good product And later google is sitting there going. What are we going to name a call product? Well, the guys on the street on this company called duo. Should we call it that? Hey, why not? You know, because I think duo was bought by cisco before google even decided to uh Build out duo the calling thing that I think they later cancelled. So I don't understand why google called it that it's one of those I is there a lack of names or lack of creativity of what we should call things. So I don't get it Yeah, it's cisco duo now Cisco is where products go to get monetized. That's that's what cisco's thing is they buy stuff to monetize it. So Oh, let's see. Yeah different segments. So no treatment. I don't know It's just silliness there I don't really get it Thank you for all your videos all the way helping me out a lot also getting uh new points of view Hey, awesome. Glad I can help Yeah, cisco monetizes it cisco doesn't kill products. They just increase the licensing fees I do like agis agis is cool. Um I think agis is a great tool. Uh, sorry those of you that are not You excuse me. Sorry for all of those of you that are on iphone's agis isn't available for iphone's. I don't really know why um, but Yes Do an rdp gateway cool disconnect your attempts to reconnect if you're not watching pushes prompts duos courteous locked annoying. Yeah You know Not everybody knows this but duo Uh, has a fail open and There was a hack and I want to say it was the hack of the red cross. It was a medical facility or something medical related Um, what the threat actors did was actually create host entries So duo couldn't reach duo servers and duo has a fail open See, they were on the server, but didn't have access to the user's accounts, but did have the user passwords So to get around duo they failed duo open by blocking the host entries of it Now you can modify duo so it fails closed But the default option is fail open and we know everyone installs everything with the defaults. So Yeah I don't think anyone's going to say kasea Hosting unify control in a jail in churnas. Good idea I wouldn't host things in jails because they're kind of going away. That means you're using churnas core Um in churnas scale, there's you're using docker and kubernetes. That's probably a better idea to do it that way Um, I haven't really done any testing with jails in unify. I have no idea how good it works or if it works at all Well, you make a video and using grafana influx tb and telegraph plugin pf sense Uh, I don't use any of those things is why I don't make a video Uh, maybe if I ever start using them, I'll do a video a lot of the videos and actually most of the videos I do are driven by me using the product me using it in production and sharing my experiences as we deploy them Um, it's a lot harder for me to do something that is something we wouldn't use in production Now I'll make an exception because I think it's interesting and there's some good and bad and That I want to share my thoughts on like the cloudflare tunnels and to me It's not like I'm learning a new technology. All I'm doing is using a different tunnel than some other tunnel server That's out there. Um, matter of fact, I tweeted today Um, I probably find it in my tweets. I'll pull it up I'll share the link with all of you as well, of course But this is what I had tweeted out today You know throw it here in the system There's a lot of tunneling software out there. There's a lot of different ways to tunnel That's what that's the part that started me on this because I was looking and so many people messaged me about the cloudflare thing I said, I will take a look at it. I know cloudflare has had it out for a little while people seem to be getting excited about it Um, but I just want to understand where the trust boundaries are Who are you adding to your implicit trust when you use the cloudflare tunnel? So that's why my interest in it is going to be coming from that perspective So that's it's simple as that But for the most part most of my reviews are things I use We'll keep an eye on this simple question. Authy Is that easy to use to be secure? I don't know anything about authy other than I know what it is But I've never used it. So I don't know How secure authy is I'll assume it's secure, but I I've never looked to know one way or another Uh, your video has helped me get a lot more interested into firewall networking stuff currently the open sense and Adele Um, thanks for all the top notch check. Awesome Next on my list is docker Is doing docker backup moving new hosts would be a cool video about Um, hmm Hosting a vm to run unify controller and true nas works about beehive hypervisor is meh I will completely agree with you that it definitely is meh I actually like the the hypervisor on um True nas scale is better So if you go over here to whoops virtualization I've had better luck with this. This seems to work the virtual machines inside the true nas Scale better. I'm going to do a video soon on this because I'm actually I've been using it for a bunch of demo stuff I'm testing. So, uh, it works. It's been working very well What do you suggest for using dns? Sync using pf sense. We suggest using a piehole I use pf blocker and I haven't had a need to use a piehole I think piehole is neat I did a video on it forever ago But then I don't use it anymore if you like using it you like the reporting because people It's funny because people will say well, tom, I want the reporting that piehole has Okay, then use it Well, but I don't want to have to set up a separate server and I said, I don't know what the answer is then because Pf sense does not have the level of reporting that piehole does If reporting is something important to you you're going to have to use something that has better reporting Um, so it you know, I just don't have a use case works. I don't care what I'm I mean, it's a neat thing to see all the stuff you're blocking but Then I don't look at it again because it's not interesting to me over time Uh You can update your unified device spreadsheet with the new Unify Wi-Fi 6e Probably I need to do I was Um Now that things are coming more in stock. I'm going to probably do an updated video on all of them Do you put your unify controller behind a firewall? Absolutely. I highly recommend doing that How do I connect two to four ports to the four port neck and pf sense under one switch so they work under one dcp Two to four ports from a four port neck That's not a great idea use a switch You can bond ports together. I have a bonding video for pf sense, but don't you don't turn pf sense into a switch It's not as ideal If you tried linux kbm with cockpit for vm's, um, not really It's been over six hours today changing 220 pass from last pass switching everything over a bitward and all the last pen systems Just to be sure hey, you can't be too secure Trust no one except yourself For your data and passwords Uh, I love that aughty has a desktop that makes it easier to copy to utp codes Launch man on his peak. It's all the business next week No, it's about part getting started coming from utom encouragement and sage advice Hey, and check out our business technicality channel there simon so i'm happy and congratulations on your new business You're starting uh follow the business technicality channels man. They're giving a lot of good tips over there with uh bret and uh jason Head run to an issue of pf sense dual-wan failover dns. You need to have multiple dns servers Uh specified across both wands. What's the right way to set up pf says dns a dual-wan failover? I don't know I have to double check the documentation. Um, if not just assign um If you're using google dns for example assign both of them assign one to each one of the wan you could do it that way Um, generally the dns is Not that big of a deal because you're using the dns resolver or pf sense, which is just going to use the default gateway And top is pretty good. Uh, and you do a video about it often you use the troubleshoot client issue I'm not often We just don't have if we're the ones building the network. We don't have that many network issues. That's So it's not like we're using it all the time. Um That's uh, I mean it's nice to have it there if you're troubleshooting an issue But you when you don't have a lot of issues you kind of end up not using it Do you have any your conditions on resources for network rec cable management practices? Um Watch videos do it the way you think it looks best and the way it's easiest Um, that's I don't know if there's an easy way to say just these best practices I like All the short cables and things like that um I mean I've got videos on how to build your home lab rack I have a We uh, you know, all these are just using those short cables. I just You know, there's nothing real Special about it. You I like these if you look at my diy rack build I show all the parts I use for this They're just the same common parts that a lot of people use so it's less I mean, I guess best practice is going to be label everything make it look pretty use lots of short cables Don't use six foot cables when you can use six inch cables Is a little I don't know I'm going to do some updated videos on it just to like show how we set all that up But I have my diy home lab rack video Absolutely does cover all this it covers at least all the pieces we use and generally how we set them up Any client was so close firewalls so false guys asked you a video about their firewall Uh, if you guys want to feedback could some people seem to like it I haven't found anything compelling about it Uh, I've talked to a handful of people that don't like it That switched from it and they said they used to use it and we did some consulting For a few people that used it and it said it just was too buggy and they like pf sense better I don't know if they didn't know the product. I didn't dig into it. That was what they were paying me to do They were paying me to consult with them on pf sense So I you know, they had general things they didn't like they didn't like the ui They didn't like sofo support blah blah blah, but I don't that's not very Um objective like I've not used it, but I don't have any compelling reason to use it either I don't look at it and go wow this solves all the problems. I'm having and all the gaps I have right now. That's usually what compels me to use a product The recent video you showed an smb is slower vpn. How do you recommend us saying internal smb shares remotely? I don't recommend Doing smb shares remotely That is the Bottom line. Don't do it that way. Don't do it over smb. You can use senalzy drive You can use sink thing you can use one drive Those are all better ways than trying to transfer over smb over high latency connections High latency and smb connections don't get along. Well, they're not good Um, so it's using something that's more modern and designed to deal with latency between connections I Did that quad nick port made it to a switch if you used to a stupidly high and sometimes ghost Ghost and reconnect one minute later. Yeah, that's why I tell people not to do it It's always buggy. Everyone tells me about problems. They have with it. So Are you a nick-ape partner looked into membership only 10 off msp? But not sure if there are any other incentives. I run an msp. Nope. We are not a partner. I didn't see um 10 off msrp doesn't matter to me much Uh, what do you think about the company end pass never heard of them before this moment? So I have no opinion on them Let's see aruba switch in the rack Uh Do I have the model number on here somewhere? It's the one I did a review on it's a aruba eight port It's one of the aruba instant on eight ports, uh poe um, nothing special I had it it's It's a standalone switch And uh, these particular lines on the bottom are all my ipmi controllers that are on a separate network not a separate vlan They're a completely separate lockdown network that doesn't have vlan access that's for ipmi um Well, I should say it doesn't have vlan access when I mean unify So it's it's actually got it's another set of vlands on it, but it's all subdivided out and locked down You deploy a lot of sofas firewalls. They're a great all-around box for the price, but occasional strange issues interesting uh Can't remember the name of it. Oh that label printer Yeah, let's pull that up because that label printer is cool. Um, I brought it. I I don't know it seems Off-brand almost for me to review this, but at least I'll share the link with you Find it It's this thing is like a very consumer device, but boy. I like it um, it's called the nimbot, so it's Nimbot, so let me get you the link to it There this is the nimbot label. This thing's like 29 bucks. It's so cheap. I love it. It works. Well, I've had it for Uh, hold on me get that I I bought this a year ago and I've been using it for a year And I can't believe it just stays in my backpack whenever I want to print something I grab it on my backpack and use it So I would be back up at word and bet uh database offline. Yes, but online and google drive and encrypted zip file R clone I use syncing Uh 49 used to have terrible terrible security. Um, they've cleaned up their code a lot So they seem much better here in 2022 going into 23 than they used to be Preferred logging server gray log all day. I love gray log Forester enterprise review has q4 2022 has sofas this top actually so must be doing something right Yes, if you would like to be in a forester Gartner review, just buy lots of Advertising and things like that and you can get in a forester review. I'm not that impressed with You know, I guess it it's needed to be done Uh where you have to have someone large enough to try and vet some of these companies to make sure they're not a fly by night uh, but I All it's everyone kind of knows indirectly, of course indirectly lots of these places are Not very independent of how they review things. Let's just say NFS also works terrible over, uh, low high latency connections Uh, have you experienced issues running dhcp based cable connections as a secondary win on pf sense? Nope Not an issue Hey, tom matter of fact ours is, uh Well, no my oh mine at home is let me think yeah, no mine is uh mine at home is dhcp The one at the office was dhcp our secondary and we changed it to static But we weren't having problems when it was dhcp, but they're presently both static uh, hey tom Thank you for showing pf sense. I have a slight connection customer remotely monitor their network. Cool uh, just I just don't like the interface on uh, sofas firewalls. Oh, yeah, that could be an issue Hi tom thinks you're sure applying my question awesome. Let's see what else do we have here Thought about buying one of those afraid I'll never find labels for it again Oh, no, they've been around for a little while so And in worst cases you spent 29 dollars and I bought a lot of labels I'm still not out of labels because the labels were so cheap. I bought a bulk of them I put stupid labels on stupid things too, by the way I've got all kinds of rick roll qr codes. I made with them and stuff like that. It's been a fun tool I saw your videos on youtube and ever seen you mentioned esxi You just like it for some reason or you just find proxmox a better option. No, I find xcp and g a better option Um, I especially since esxi was purchased. Oh man I mean It's certainly the more expensive option and gonna get more pricey as the bit as that whole deal goes Through, uh, they're just going to be keep erasing prices on it. So Uh with broadcom bottom How does the battery storage life out of nBot really good? Um, I don't know. You may actually how many labels before I run out But I know when I took it to a hacking event over a weekend And I printed a lot of labels and put on stupid labels on things with rick rolls and qr codes I never ran out of battery I don't know how many it prints though. I think it tells you but I don't know It seems to run gray log or influx you on top of virtualization platform But also seems excessive to our dedicated host for each. How do you strike a balance in the lab and office? Uh I don't know. I don't have any I don't have any balance Um, so I'm not sure. I'm not sure how to answer that question You're right. Garner enforcers rank most big companies and does not give any info on small companies that are doing well in the field correct Hey, what's your ever said 163 watching only 41 likes hit that like button. It helps the youtube algorithm I seen a super micro 1u with 6 10 gig rj 45s 4 core 3 and a half seems like a lot of fun pf sensebox Yes, that does All the enterprise reviews have one Item that is important to me bang for the buck. I could get 10 unify for one sysco true that uh I use the brady b mp 21 plus great for patch cable Uh, and you do wire express pricey. Yeah the um our wiring team has the really nice I can't remember who makes them. Maybe brother They're they're the expensive like thousand dollar label printers that you can bulk label things They got some really nice stuff. I want to I got to do a tool review of all the tools that they have Um, because if you're looking for the fancy professional tools, awesome if you want the 29 dollar keep it in your backpack and um When you feel inspired to make a qr code or something stupid and put it on a label and stick it on something These are great. I don't know how long they'd hold up. I mean, but I've printed, you know, a couple rolls of labels And it seems to work perfectly fine For 29 bucks. I can't you can't beat it. Well, you can't you can throw it away and buy another one Uh customer has to to physical key rings from five plus years ago Shane, we can't modernize. Yeah. Well, yeah Great log cluster video. Um Not likely brother p touch yes Number of firewalls have been mentioned here today. Would you be willing to list firewalls from your favorite to least favorite? Or is that a fool's errand? Um, I don't know what the least favorite would be. I have no idea. Um But favorite probably is still pf sense. Um, runner up. I you know, I don't use it as much anymore Uh, but untangle is nice. I've never had problems on tangle, but uh, I don't really know I I think edge protection by firewalls and next generation firewalls is oversold Um, so I think that's why more people are focusing on the endpoint protection for things because Of that, but you know, I I don't really take the time to really rank them. Uh I would not put unify on my least favorite though the unify firewalls I complain about them, but they do have some use cases I complain about them because people want them to do things that you may expect a firewall to do but unify has done that in a Uh Weird way. I I talked about the unusual way they do vpns. They're getting better. They're still working on Finally, if you are lucky enough to own a unify dream machine sc I think you can get normal wire guard on it now So they're getting better, but They're not my, you know least favorite firewall least favorite firewall will be something horribly written and insecure I don't really know. There's probably so many of them. It's it's it's hard to uh Hard to evaluate all that Facebook keeps suggesting a very similar one called jc label maker by material never heard of it I want to get good uh use switch that runs sonic or cumulus linux like but info on these opens or switches Oh, this is hard Uh in harbors got any experiential tips. No, that's actually, you know, I've had I had an odd consulting um Call where someone wanted really wanted those switches and Didn't want to pay the support contract from del because I think it's sonic that del offers a support contract for um At the enterprise level, I mean it's a cool system There's just not a lot of people that know it and there's not a lot of documentation because it's just not Widely used Uh patrick from serve the home has covered it before he's talked about switch operating systems, but He even said the same thing. There's not that it maybe there's a book out of that I'm not aware of I've never really spent time looking for it, but I don't have any tips on it It's so niche. I would not take the time myself to learn it and do a video on it either It's such a a unique thing that's used by so few people Compared to most other things so while I think it's neat And if you got a job working in a data center, you're likely to encounter it But you're not a likely to encounter it even in the mid market So small businesses know mid market still not really it's so kind of exclusive because of the way it's managed to like data centers I'm not saying there's not someone that doesn't have a stack up at their house and they're an expert on it That that always is the case with home labs. There's always some person who has built this incredible Data center level equipment in your house They awesome for them and if you're gonna get a job in a data center awesome, but I don't really have the time to learn it We have to run three really old Dell power servers because payroll can't figure out new software. Yep Uh Dre tech Those are they've had a lot of security issues in the past. I don't know if they've gotten any better I just know they were in the news a lot for security problems UDM se with wire guard works. Yes Shore wall is the best firewall if I even heard a shore wall in a while Tiny sysco picks firewalls. Yeah Tea or coffee I myself am a big tea fan. I am a coffee drinker during the morning and I like tea at night Uncaffeinated least favorite is sonic wall. Yeah, there's plenty of hate for sonic wall I don't think a lot of people like those Is the app really asking everything on the moon? Oh, no I mean it wants access to photos because You can upload stuff from it, but um, I don't know. I didn't see anything I don't remember seeing anything in the app that made me go. Oh, no. This is terrible. Uh, it seems pretty you know, okay Download the app and try it you can try it because well if you're using android android Let you go through and say yes or no to the permissions So you can tell certain things you can tell it not to use those things So that's actually an option. Oh my son's messaging me Ah that is fun stuff Sonic fall sonic fail. There we go Uh checkpoint had a weird way. They did all the way I should say displayed the rules um, they didn't have it so If I remember right, it's been a long time since I looked at checkpoint I don't use any of their stuff. My friend was a checkpoint admin for a while doing firewalls They have like this weird way they dump everything into like large menus of all the rules Instead of breaking them out into the networks they belong to I mean, it's just a different way of laying it out It was funny because my friend preferred that when he switched to pf sense um, but he preferred pf sense in the end because he didn't want to pay the money for the uh checkpoint firewall The vpn video was great in a project six weeks ago switched all their sites over And it is there's only thing you need to make sure is that The ts port is open to allow direct versus indirect connections I'm lacking some context on that. Oh tail scale port. Yes firewall or paid wall We just changed the sonic wall. I am sorry that you have changed the sonic wall But it's like to say with wire guard in user access with open vpn on pf sense. Pn. Good idea. Yes I I don't think that's a problem, but a site to sites wire guard is ideal for Open vpn has user management. So it's more ideal for users Because it has users management, you know that you can tie to things like radius or active directory or different directories for authentication Uh It shouldn't be a 20 step process to forward ports I know it's been a while since I've used sonic wall Well, my understanding is they're just as bad as they've always been Thing is self-hosting bit morning. I stopped using last pass two years ago And I can't get get it now their process of changing 300 plus passwords many important from last pass on the board That's a job man. That is a big labor intensive job My concern though, why are they're good? Why are there aren't there any good comparison? There's firewalls versus the big company seems like they're afraid of it when it comes down to their security thoughts It's not afraid of it. It's there's not a you you don't realize how much money These large companies spend, you know, let's throw an example out there and If you talk about the booths at a trade show like black hat or Even a little something like if you're working in the it msp services space like I do A booth to advertise they in 40 I bring this up because 40 net was at one of the events that was at that booth cost them $40,000 to have the booth That's just to get a booth to stand there. Then they got to pay people to be in that booth Then they got to put some signs up and hand out some swag Um, so you're talking about a $60,000 investment Does an open source company have a $60,000 investment to do that? And then they have the channel partner programs 40 net and cisco and all these companies. They aren't just selling you a license They have resellers who make money and commissions off selling these licenses. So you wonder why there's so much more advertising and noise out there for commercially paid firewalls Well, that's because they have the budget for it and they spent the money and the only way to get the money back is to Come back and sell you a license and the cycle continues. Whoops I don't know where I cut off But uh, oh fixed Where I get off that's the real cycle of them the large companies are basically have the money to do this the other ones do not Ticketing system. Uh, we're using fresh desk right now My only issue with tail scale is the rules building jason rules is my thing Hopefully there'll be some integration with pf sense rules make it easier to manage maybe Why not site to site with open vpn a pretty shared key you can I just think wire guards better Is pf sense now completely okay with intel two and a half gig nicks Uh, I know on the neck eight boxes. It works perfectly fine I you we we buy the neck eight boxes for all of our businesses So they have two and a half gig nicks and they seem to work fine our firewall upgrades are at least 250 cage time And it's with the education 80 off Uh worth noting two and a half gig intel nicks not two and a half gig real tech Nicks don't use real tech Why so many cloud backups can compromise before being caught? Why can't they detect that terabytes a day is leaving amazon storage and they get billed for it? It's because the way the billing works. They don't bill the moment they see a large egress also Um, there's sometimes data egressing all the time based on usage So it may just look like hey look, we're a little busier than normal people are using our service Hey, look, you know that photo service we have here. Look at the peaks suddenly more users are here today great Oh, no, they were extra trading things. It's not It's partly not good monitoring, but it's also A little bit challenging sometimes unless you have really good granular Uh control over this to say hey Look at these egresses. What are the egressing constantly be inspecting? It's not an impossible task. It's just not as simple as It's you know baked in also many of the companies that get popped Are frequently older companies that didn't think about this so they didn't engineer it into their original design So now they have to kind of say well, how much do we want to spend on retrofitting to have better monitoring and watching for peaks In our egress that seem a little unusual I know some of the sales of sysco and They're open about making about 500 plus k. Yes That's very true. The sales people get paid a lot Tom got excited and kicked the cable. Yes for sure Tom and fairness to the question what at least payload offers a turnkey solution. That's part of the price PS said to say psk is being retired um The password one is I don't think the psk is though Uh, I think they're allowing psk, but not password Yeah, real tech nicks should always be avoided I tried some third-party apps for two-factor author google those Uh, not to feed the purpose u2a to save the experience. I mentioned aegis earlier and uh Oh, I realize I'm not sharing screens anymore aegis is open source and trusted I'm sure there's a lot of apps out there many and imagine if I were a threat actor I would create an app You know and throw in some random app and call it your favorite password manager In some and tell you it gives you money or whatever they have to promise and put the words blockchain in it A bunch of people would buy it and uh Then you'd find out it's actually stealing your passwords at least aegis is open source and been around for a while So don't trust any random one out there I always ask other IT people what's their favorite problem initially seemed complex but ended up being simple to fix uh I don't know usually when anything's not plugged in Not plugged in or Um, what else would there be? Oh, there's so many. There's so many It's usually just not plugged in Uh, what nick do you prefer for server builds intel or melanox or chelsea? I've had really good luck with the intel one. So I've been sticking with the intel for the least amount of problems melanox and chelsea i o I think I had a couple chelsea ones that were a little weird, but they were might have been bsd problems I was using it in bsd. I swapped them over to intel in the problem in a way Um, but that could just be a bsd driver I haven't tried them in linux and now that all the ones I have are intel I don't really have I haven't taken the time to test the other ones. I just get intel because I know they work And are cheap 10 gig intel cards are really inexpensive now Uh, just upgraded my home network udm pro, but now I have family stat to have control of their network any good options inside the unify world udm pro now the family Out of state that I have control of their network I don't understand what you're asking for Push the power button I work in the av and over the past years a bunch of ip Solutions popped up the big guys right now our don't tend to you ever build infrastructure for it. No, I don't really I don't deal much with the that type of stuff How does the naked 4100 compare in performance to the low-cost surround boxes? I don't know um, because I don't take the time to test them, but I mean To figure out what you know go and look up the cpu benchmarks on them Because they tell you what processor you're using go look at how those processors compare to those other boxes Vlands yes, I like vlands the the As in vlan those stands for security in case anyone wasn't sure I rip out all neck gear switches that come across have been used for a year more to found them to be dropping packets um I haven't had that many bad neck gear switches. They generally I don't think I have any managed neck gear switches though We've got a handful of people that just have flat networks simple office It not in someone's going to go but shouldn't you have every office all segmented out? Yeah, if you've got a little four person off four person office Which might be a hair salon for example that may have Three computers and six or seven people working in a salon. Whatever they have a flat network I don't think it's a big deal. There's like a neck gear floating around back there They just need internet Someone unplugged the uplink with a small network switch hidden inside of a desk Yeah, finding those network switches in a desk and walls above ceiling tiles. Those are my favorite You can usually identify the ones above ceiling tiles because you see the telltale sign of the cord running down the wall You're like, I bet that goes to a switch if you ever see a cord In an adapter plug plugged in and it goes up a wall into the ceiling Just switch up there. Just just assume there's a switch up there because it's a safe bet Play lots of firewalls in business lab and home. There's no easy answer to what's best. This is so true Uh have features separate nice have features must have features in price and easy to admin. Yeah, there's no perfect one Oh, if they drop it in the wall, man, you're you're in a whole one But behind desk always a popular place Where man one of the weird ones you're a client. I don't know where you found these they were They were strange They're not a they're not a brand because they don't have any brand on them but they're metal box ones that reminded me of the Way that the edge switches looked like they're a black metal box But they didn't have any labels on them. They were poe powered switches And what they had done to create confusion was and we replaced all their switches This is how I was digging these things out and finding them Uh, they put them behind desks so that way they could split things and now they were just dumb switches No vlan no management port, but you po weed them And then they had like five other ports and you could plug in other things and these were stuff behind desks everywhere That was unexpected Uh when we were swapping switches and one of those troubleshooting problems you run into coin Why isn't there any working at these desks over here? Do you start looking behind the desk after you didn't put a poe switch in because you weren't sure Why they had a poe switch because they didn't have anything on that segment of the network that needed poe or so you thought Regarding interesting a t problem machines that were shut down every night turned out to be turn on morning Turns out they were running the same power line as the automatic lighting. Yes. We had some of the wi-fi outage like this The switch Not for the room. This is great Not the switch for the room lights But the switch there was a room in a lab The bigger warehouse area of this the warehouse lighting was tied to the plug we had used for the rack mount I They told us to use it We did and because we mounted a rack in there because it was like a midpoint in this big warehouse But it turns out when he turned off the main lights, which he only did on the weekends um, they would Lose that entire rack would just go dead and then it would come back on so you'd get an alert and Turned out the main power of the lights Not the light switch for the room because that was usually off unless someone was in the room So that was a weird one to find as well Because they only closed on saturdays and sundays Found a switch under a giant fax machine. Yes Switch hidden in a ceiling wait for the day Uh to spend enough time in tech you'll find one Serious uc slr kitchen ceiling had a single every room moving across the closet bedroom now a single room has better wi-fi. Yes Uh pf sense troubleshooting guide need after I think I have one I think I I feel like I have a pf sense troubleshooting guide I I know I have maybe I don't have it titled that and so I should review the video There you'll be Ali I have an h.a proxy troubleshooting Ah pf sense for networking troubleshooting. This is for network troubleshooting. I have that video So that is a video that exists. I'll throw in here We'll unify flex mini switches Uh, what do you think about the nuk about the two and a half gig four port nuk's on aliexpress for amazon Uh, think about those from topton. I guess they're okay. I haven't really used them, but they should they should be fine Do we bid on e-rate projects? Yes, we do Uh of note the way we do them. There's two different types of e-rate talk to our sales guys They understand it better than I do. I'm the technical guy. Uh, but there's the I want to say well brett knows if you ask for brett. He understands that process We've done some schools, but there's we have the forms and we know how to help navigate it So if you're interested in having us do an e-rate project, yes Talk to us we can help Uh, good evening. What model is your favorite pf sense box for firewall capabilities all the neck eight boxes? I currently like the 8200. It's a good box. I don't think it's going to be the most cost effective for everybody Isn't the lack of uh recursive permission a bit worth collections an issue for enterprise No, because you can you can do that you can assign you can build groups and assign permissions granularly in there So i'm not clear on the question One gigabit connection runs smooth on a rise in three mini running open sense. Cool Did you test the unify mesh red bowl can? Oh, yeah, that's right. I forgot about it. I know where it is It's it's plugged in and I said i'm gonna test that so I plugged it in and then uh Then Well There it is It's plugged in still I forgot about it. Anything connected to it My my phone is connected to it So there's that It it works. Um, I've had it plugged in for a while and I kind of just forgot about it again I got to get some testing done on this. I I forget about these But it works u6 mesh If we Look at all the things Actually, we only want the wi-fi clients Most of the wi-fi clients are on this. So here's an experiment What if we Then I got a lot of things here. Let's get how do we get all the things To be on this These are in proximity to each other. So what we're going to do is go here And uh, if we reboot this Mr Can I do it in the settings or do they move the reboot button? I don't reboot these very often Restart so let's restart the toms basement wi-fi Because if I reboot it that should force all the people somewhere else All right, it went offline which means Everyone should be online with this So we'll see We'll see if it populates I think we got to do it like this and it should expand out to all the wi-fi things that start coming onto it Or do I have to refresh the page? I should reboot this one too restart There we go We're disrupting things I need a good start your cave install here in seattle How do I pick a good company that won't screw up terminations leaves spaghetti amatic? I don't know I wish I had a good answer for that Try to see some of the past jobs they done call them. It's like The vetting process is uh is the work I've on ap's wired to the lights and ceilings mesh SSD appear randomly disappear. Yes Uh what certifications are available nowadays, whichever ones places are hiring for so look at what places are hiring on jobs You're interested in and see what certifications they require We had two we had a netgear switch We starting every two days if you use the service found out to save money Look two ports together through a hub and they added. Oh, yes, that's always fun The red bowl can works great What's the deal with unify calling everything a mesh? I wish they didn't I can agree with you on that Uh, do you do test cockpit houston core versus true nas core for nfs ice cozy? No, I have not that's kind of on my to-do list to do that They uh houston does not have an ice cozy manager. That is true Even when I worked at amazon, we got bad cable installers installed 2400 drops and did not test them all Yeah, that's a thing Hire me. Yeah, we're not we will we go out to seattle? Yeah, if you're you're buying we're flying Uh, I run papa west as my daily driver And it looks like look all the things attached to the can So Everything's back. Everything's on a red bowl. Nothing's on this some things were closer. So I imagine They just decided to be on there. So There we go. There's the red bowl can Look at all those wi-fies Well, it's just picking a cable contractor pick a company where their techs specialize in what they do Yes Uh cable techs and network techs are not the same. They are not the same people at all That is um One of the problems that a lot of it people go. Hey, I'll take this network technician and go tell them to pull cable Not the same person most of your cable installers are more likely to have a background in the trades And specialize in it. So if they're in construction of some sort I've even known some people who you know, they used to be electricians and moved into low voltage cabling So that's more common. And of course they have the experience with doing that type of work I'm having issues with the unifying network layout that you were looking at showing stuff Know where close to where it is I don't know Uh, do you have any experience of mocha? I consider you try it. My house does not have any cable ducts, but uh, there's lots of coax never tested it So I don't have any I I don't have any suggestion. What's good or bad But I do have a question for everybody It is 618. How much longer do we want to do this? Because I while I can continue and go further um I guess I need to take a break use the restroom and get a beer So do I get a beer and continue or do I uh, stop it here? I can let the audience decide like Six more hours like I here's another question while I run upstairs and grab a beer And go pee Where what do I do with the live stream? I'm not taking it with me to the bathroom Oh, let's see go get a beer get a beer and continue. All right voting's in Yolo What happened to my eye? Oh, that's you know what? Let's see if we can zoom in I got a little sty in my eye There that's what you guys wanted to see right Get a beer and continue. All right the votes have it so get a beer and continue is what I'll do Um, what can I put on the entertain? There we go. So that's what happened to my eye. We've answered that Can I upload a video? I think I can this is actually gonna be fun present A video file I did a video. It's it's gonna be a shorts video. I just got to click publish on my channel, but I'll share it here Oh H2 6 5 not supported Play some jazz while I get a beer You know, is there a way I can do that through here? How does that work? I can actually do that So we're gonna do that I can actually I don't know what to do Play some jazz while you're here. Yes, I will I will set a countdown And it'll be a 30 second countdown. So there's that So we're gonna set the countdown. I'll grab a beer and then we will continue I think you can do this in 30 seconds. I I don't got far to go Well, that was more than 30 seconds 543 I think I missed it. Hmm quick hacking and systemize away. Yes soft toys nailed to the wall. Yes Actually, why do I have this? What is this? Who recognizes what this is and why this would be on tom's wall? Come on someone throw the answer in here. I have AT&T router set to DMZ plus mode is connected. I See someone guessed it DMZ most connected my pfSense box pfSense gets a public IP But I'm able to access outside my network. How do I block external access for Your router that gets DMZ mode and is connected to pfSense lab box because sense gets a public IP But I'm able to access The outside network how do I block external? You want to block pfSense? Then you can just block the Your by default pfSense doesn't have the web port open. So I'm not really sure how you got that configured Open suce suce Linux characters Oh, did you guys see the other one to know why I have that one on there? And Where did this come from? Oh, let's see here. I heard noises about where it is. They are GNU. Yes. So I had GNU with this and I have a blue A blue suce linux and the other one's a green one suce linux. So and the gene GNU emacs Yes, so that's why those are there which I gotta figure out how to balance them because I did have this you try to hook them like this together And They can kind of well I'm done Where do you get that swag? Where do you get that swag? Oh man, I get um All this, you know, hey, let's let's do this I have more swag in here But I don't have a camera that's not facing in a way that makes slack swag easy to see I think this works Let's find out Oh the wall the wall panels. Yeah, I have a whole studio tour video Pull this up. I'm what I'm gonna do is I think I think That this works for my phone by doing this Yeah, trade show swag only reason to go There we go. I think it can turn this way Let's go turn it down. There we go and well there's More things There's some of the other swag Ah, is there an echo? I don't know how to stop the echo How about this? Does it stop the echo? Oh, the sound's awful That's not good at all Conferences that's where all this comes from. That's from linode And that's the stuff behind the wall I'm saying How about now? So working You're on mute. Is this I think it's I think I fixed it It looks like it's working. Oh All right. Cool. I see people saying yay. There you go. I hit mute on the microphone itself So audio is back Now turn your mic back on. Yeah Yes, your microphone has been fixed. So what's the dumbest tech problem you guys just watched tom mute himself Oh, the tool I use for all this is called stream yard. That's how I do my live streams. That's how all these comments are coming up like this Uh, let's see. I have a full tour of my studio. You can find on my channel. I did it maybe a week or two ago Looking to implement pfcinch router firewall in my home What is the best configuration and juncture my AT&T gateway to have setup other bypass the gateway as much as I can You want a gateway and I don't I'm not an expert in AT&T gateways I don't see them as often anymore, but the goal is to find out how to get your gateway in bridge mode Once it's in bridge mode, you're handing off The service to bridge it over to your pf sense where it will have the public ip address and make your life better So in short bit weren't exposed on subdomain or bit warden via tail scale. What about access to ambient untrusted devices? um I have ours set up with a reverse proxy So however, you want to access that reverse proxy VPN of some sort tail scales a sort of VPN So you have to kind of decide that part yourself tail scales fine Whatever methodology you want to use to get to your instance At least you weren't recording a video on mute. Oh Not today at least I've certainly done that. So Uh, what's the latest with the next version of pop o s? I don't know. I think j did a review of it I don't I just updated when the new versions come out DMZ plus or bridge mode for AT&T modems. They both suck Probably Uh, didn't AT&T lose a lawsuit about not letting users have their own equipment Bit of phone history time for you not the first time Uh, that that's happened. Did you know Much like the routers where the companies want you to use their equipment That's not new Phone companies used to make you this is why phones were so homogenized before why they were all the same for so long You had to get the phone from the telephone company It was not an option to use a third party phone. You used their phone. They provided for a fee So it's kind of interesting. Um That history is kind of repeating itself when it comes to that Yeah, recording on mute is just a practice round If you don't have bridge mode for whatever reason Uh, double net is not a deal. It's so better than nothing. I would say that. Yeah, if it's the only option you have it is what it is Uh, what else are we gonna talk about today? You know, because I ran down my list. So I'm really just doing q&a here folks. Uh, this is This is all completely led by all of you um I just want to see How I publish a video So I think this video needs to be published now. I can show you what I do in the back end The be always muted when I had the beer up there. Good point We can't let the uh The dirty bastard founders dirty bastard scotch ale So scotch ale uh Installing xcp and g in a older zeon dd or iso mode iso Here in jamaica the main isp forces us to use eris modems. Yeah Uh, is it out of beta? I haven't tested any of the beta ones right now. I'm just waiting them for them to get to the 3.0 release Can you touch on the last pass beach? I covered that in my, um video covering the last pass breach Last pass Is a massive target. I would not want to be their security people. Um, no matter how good of a job It's hard because they're the biggest player in the password management game. Therefore, they have the biggest target painted on their backs Um, it's not easy running security for a company at that scale end of story That being said, I don't really know enough details to tell you if What they did was You know good enough obviously it wasn't because someone got in but how You know at what point due to the complexity of things Is good enough. It's a really fuzzy point to to decide if you want to be honest. Um But them not encrypting the urls That's something they've known about for a long time and I did mention that in my video Where that's how people got some of that information is because that information was left unencrypted So I it's gonna we just want to know how complicated the attack is because that is kind of a judgment You also, you know, you got to be careful People are quick to jump and dog pile on stuff. Um, but I've reminded people It shouldn't be shame on you. You got hacked all the time. It's kind of like saying Oh, someone is broken your house. Well, you didn't have a bank fault perfecting your house I mean come on So figuring out where that adequate level of security is and then what if you find out that it was insider threat or something like that You know, this came down to the ubiquity case where they ubiquity had an insider that was doing it So now when you have someone who not as just an insider as an employee, but a high level employee Now you have a really complicated situation where the high level employee was doing extortion We don't know that this is the case in any measurable way in the last past incident But what if it was we we don't have all the details the full debrief isn't done So there's a lot to think about in there Oh as 2.x is ea currently been withdrawn. Whoops So apparently that broke. I wish I could just fiber right to the udm pro. Yes They should not leave the urls in plain text. I agree as someone Took my one employee left someone took an employee laptop Maybe well, they got in and they got access to some an employee to get certain credentials. So He have since open sense dhcp Uh to disable ipv4 not too well versed in that part Just turn off ipv6. You can turn it off. It's not hard You can just disable it Mac doing giveaways not just on sundays. Uh, I don't know what that means Monday morning quarterbacks lots of them Isn't that the fun though? I mean come on the tell me there's not some, you know overweight person sitting in a Chair screaming how they could have run that ball down the field better having not probably run in a number of years You know i'm i'm just saying it is sometimes how it ends up looking Like the connector wise where you need root access. Oh, yeah, yeah, yeah I keep my own uh, I keep my own stuff on my own stuff. It's more secure It's not worth the effort for my little stuff to some extent security through obscurity does work Well, it's less about security through obscurity. Sometimes it's security because no one's interested in you I don't know. I'm not saying that is the case. I'm just saying sometimes That's you know, where you get lucky where people are less interested in you. Um, It's a thing Are there any pros and cons of disabling ipv6 pro? You don't need it con. You don't need it I don't know. There's not really I don't use I disable it. I don't have any problems. Uh, but I don't use anything ipv6. So I have no idea because I don't do anything ipv6. I I do something ipv6. I go and disable it. That's actually my process Why does unlimited data from comcast cost 30 but x5 with comcast model below data for 20 bogus comes on how they want to price it Do you have any new ideas on zen orchestra 6? um, it's pro it's gonna roll out In an interesting way. I believe they talked about this in one of their live streams They're gonna have it so you'll be able to beta test 6 it'll install with your 5 You'll be able to add like a slash 6 Whatever the naming convention will be but you'll be able to test drive it And if you have problems with or you know, it's beta and there's bugs You can roll back to 5 by not actually rolling back but by having them simultaneously exist in the same install So I think they have a good way forward I don't really have any release date information on there for when they plan on starting to roll the roll out of it On the plus side last test might be able to weakest link for a while They're probably investing a lot of effort into hardening at the moment. Yes, uh, everyone's budget is so much better after a breach cons that break sometimes, you know Microsoft lapses lapses Really, uh, you know got into some big companies in 2022 I might I thought about doing a video or you just kind of discussed it because there's a couple interesting things about lapses First they didn't use malware to do what they did lapses breached microsoft lapses breached Uh rock star games lapses breached uber They did all three of those massive companies without malware They did mfa fatigue. They were able to get deep into those networks. Oh octa 2 So we got four massive publicly traded. I believe all of them are publicly traded. Well, uh, yeah I think rock star games is anyways for Huge companies that got broken to by one team that didn't use malware But they did use mfa fatigue and different techniques because these companies were either relying on text messages And other ways to bypass it in a hijack phones because no one thought anyone would put the effort it takes To hijack someone's phone number to get a text message Resent there Now that they know the effort is there that people are willing to do it willing to go that level to get that um It's making these companies reconsider how they do things once again It it was like too inconvenient before but once someone got in they go. Well, I guess we need to do that I guess we need to address that issue. So uh, it's one of those everything Uh after the fact is is really interesting after a breach when they go, all right We know what's possible. Someone proved it Um, this is why for so long mac was getting attacked Uh They were not in a fortune 500 companies yeah um You had less viruses on mac because If you're gonna take the time to attack someone you want to get the you know from a attacker's perspective What's the cost benefit? I have to put this much effort. How much can I get and that's where they find the balance Uh zen dead. No not at all zen is extremely actively developed going very well So I was trying to play with vm, but how do I keep one vm from infecting a server if it gets a virus? um, it lateral movement is blocked by not having the vm's talk to each other Is one way to describe it? Um, is there a way they can later remove between them? It depends on what virus and there's a lot of other things lateral movement through connected systems for example a microsoft domain controller with all the other Systems joined at that domain is a big attack vector. Uh that can absolutely lead to Owning everything I'm actually a big fan of ipv6, uh Cool Yeah, I don't know. Anyway, I I people seem to be a big fan of ipv6, but commercially we don't really run into it um So the only thing that i'm aware of that they goof up on is the url Um, that being said, I I don't really understand Whether or not people's passwords were Like if you have a good master password my understanding from reading the breach details Is as long as you had a good master password That would mean outside of the urls and obviously your email address which they would have and those are two good pieces of information Of to fish someone is take the urls. They go to hey look at you going to this website send that person an email going hey Uh, would you log in to this website? But outside of that if you're using a good master password the database itself should be well protected if your uh master password was I like going to florida You have a problem You know if you have a a phrase you use that is a common dictionary Phrase a common grouping of dictionary words because you know the length I mean, maybe there's a word long enough that you could have one word be that but Uh, yeah, that would be bad I hate octa want employees connect to our phones because they refuse use to fa email or text said we needed to an app. Yes Silly question You know when you connect to wan you can see isp's names here away You can do it with a custom name a personal network or just a name Are you talking about the reverse dns entry the isp's often do have reverse dns's that will give the ip address Um, if you're talking about reverse dns, look up. I'm not exactly sure what you're asking ms authenticator has first level defense against mfa fatigue by showing geolocation and app. Yes Thank you for all the videos on bit warden. I've been a paid user going on three years and love it. Awesome I was thinking the same with ipvics turn it off and turn it off it is Any idea on the windows love and bit warden client failing to connect to our self-hosted web and android works fine No, I can't think of any reason why but just make sure you have a good valid certificate Valid certificate is huge We have user window login creds for almost all of our accounts So a reason for forward secrecy made me a few years past your db became easily broken But sadly there is no forward secrecy for dbs 26 letters numbers and special signs you are doing good my friend that is good Hope that will be fine, but change most of my passwords even upgrading the link through moving duplicates I hope you yeah don't have duplicate passwords. That's always a bad idea There are two types of ipv6 users one that uses it and the rest of the world. Yeah This is true This is true Um, what was I sharing? Any idea of the pf sense 2.7 release? Hey, there's something we can all do who wants to um I should publish this video Here this is how I publish videos. This is why I forgot to set it as a timer But here we go Save all right that video is published, but let's go in here And log into this let's get this upgraded Let's try pf sense 2.7. We're currently on um Make this bigger 2205 so we're going to switch this to the newest version I got a lot of windows open So let me Do this We'll switch it here It's our lab system. Let's see if we can upgrade it Thank you very much. It's much appreciated Uh, perhaps in the immediate future you migrate your office ipv6 and show the pitfalls and gotchas We're not upgrading ipv6. That is a future that I don't know when it will happen But let's try and do this. There was a bug that stopped this from working So let's see if that bug has been fixed I it's been posted in the forums So current base is 2205 and we're going to 23 Which is The 2.7 This is where it would time out and get an error that there was another process running And I don't know what the fix is for that I may have to restart it because Um, let me find the neck gate forum post Unless it's working No, now my browser is getting stuck. I have a lot. Maybe there's too many windows open There's a lot of windows open. There we go. Is it still live? Says i'm live streaming. All right, there we go What locked up did the browser lock up? I can't tell There we go All right, I'm still live I close a bunch of tabs and I don't really know why they some some are working some or not Let's see if there's a response to the problem Any word on a fix not committed yet? This is Uh, I guess it was more involved to do it, right? Let me see any word fixed yet unable to tomorrow So there's any changes out there. So expecting this. All right. So the upgrade system update failed Yes This is that forum post is the bug we're getting But don't worry folks. We can still test Uh pf sense throws up killing connection behind it meaning you can't get to the pf sense site to read documentation Hmm This is a lab server. So let's go ahead and switch back to the lab We're going to stop this one this pf sense I already have another one here Called pf sense 2.6 2.7 development. So we'll start this one This one's still thinking about shutting down. Come on. There we go. And now this one's starting up So and we'll update this one to be the latest again. Um, I think you can do para virtualization I don't use it Yeah hardware virtualization with para virtual enabled. So yes The answer that would be yes. All right. Let's see. Is this one ready? It's getting close. It's booting No ip's yet. We got to wait for the ip's to get assigned pf sense plus has zfs boot environments for your gui kinesp, cli and theory has capability and hood right I've never tried it but probably It probably does. I mean if you're using pf sense plus just use it through the ui because it's easier 3.231 So let's go ahead and uh 231 We should probably do a snapshot of it real quick All right Now let's update it to the latest version. This is already on 2.7 But we're gonna update it to the absolute latest instance of it. So let's go ahead and See if it will update to the latest version Is there a reason a home user running their own hardware would shift away from ce over to plus? You know It's got a couple extra things in it. The zfs boot environments are pretty cool. So I think those are nice Um, and they have a free homelab thing. So zfs root pro pro the proxmox boot tool It's great for making sure you can boot from a either a disk or a mirror. How does xcb handle that? I You can set up mirror drives for your boot install the xcp ng It has just standard raid mirroring So I I don't know if that's the answers the question and you have or not, but you can do a rated Mirror Oh cool. It's updating. Yay Downloading it. The other reason I want to update now is because psn tells me that There's a new 2.05 version Although it is on 2205 huh Not sure Any new hardware coming up from ubiquity, you know, I haven't seen anything new from them hardware wise that got me really excited You know, I don't keep up with their latest stuff People get really excited asking questions about wi-fi 6 But it's not it's not really that big of a deal to me. So it's you know I I don't I don't run out and buy all the latest stuff on there But people want to ask about it. It's mostly home users. I guess if I was buying something today It makes sense to go with that. Um, but I don't swap hardware that much myself but I want to do some updated videos on the ubiquity lineup and biggest reason why is because the The ubiquity lineup has changed a lot and it's now back in stock because a lot of times we bought what was in stock Not necessarily what you wanted because the customer wanted the project done You can either not do the project or you can substitute with whatever product was in stock Edge max is dead. Yeah, I think they've killed off some of those products And of course ubiquities had those weird videos where they're talking about adding new things They're always You know, kind of like reaching out going we're going to get into Charging cars or something silly. I think they have a release that I forgot what they called it They're weird new box that's supposed to mount to a wall Like they just have weird ideas that they seem to have their flights of fancy on. I don't know I guess they're trying new things their core business is very profitable selling switches and wi-fi And probably a handful of those unified dream machines. So they take that money and invent new ideas. Um, I don't know. It's they're prerogative to do so Weird new prototypes. Yes No doubt that's a good way to describe it just straight up weird new prototypes Oh, it looks like it's booting cleaning package case done so I think we have success We updated live and it didn't explode so Share this tab. Let's see if it logs in Hey, look at this We're in and we're running free bsd 14. Yay We're completely up to date as of thursday december 29th What are the versions of the packages pf blocker? Ooh New version of pf blocker in here Because 3.10 is newer than the one that's in there. So that's new Is n-top the same? Let me pull up another window n-top the same version. I'm wondering package manager So n-top is You're not installing this one. No, hold on. There it is 8 13 10 8 13 10. So that's not new But the pf blocker is The one their 15 version. So that's interesting Uh dream wall dream wall. There's the one. Yeah Who knows it'll come out and cody's got one collecting dust At least they keep things interesting. Yes Yeah, the um Well pf blocker ever come out of development. No, probably not I think they I think once they expire the old one and remove it from the packages Uh, they'll do it because I don't know why they can't just rename it pf blocker 2 But I think there's some problems with the way They handle the packages of they can't change the name of an existing package I don't know. There's any new packages in here. I think they're all the same Yeah, all this looks pretty the same in here Nothing nothing new and exciting At least I don't think so In xOa is a possible creative vm without a template. Uh, yes No, actually, you know, you do need to start with a template, but it doesn't matter The template doesn't have to match the vm exactly So you can use a template that's like a linux template for a distro that's not in there So the template doesn't have to match exactly So it's not that you can create it without a template, but you don't have to have a template that matches what you're doing Do you have a have the youtuber special on pre-release? Yeah You bought it when it was in ea, I don't think you in in you don't it's up to you if you want to answer this kody Um, does ubiquity send you stuff anymore? They don't they quit sending me stuff. Um, so That's uh, they used to send me things I I buy everything now Watching via the dream wall now interesting Is there an easy way to generate a new password for radius if a user can't ping the device? Um Try and a a new password If a user can't ping the device I don't Being disconnected from poe doorbell. I don't even understand that collection of words I don't know what you're trying to do. I don't know what a doorbell has to do with the radius password and pinging Yeah, they sent me stuff a long time ago and then just stopped sending me stuff Um, and it's not always sponsorship. So some things aren't necessarily I always just close to someone sent me something like Cisco sent me the switch But that's not a sponsor. That's not the same as sponsoring something because uh, occasionally like a company may send me a demo But the rules I have are very very clear The rules and this goes for netgate as well. Netgate sent me before it was available the 8200 The rules of engagement if you will how I will do the review and I outline this I have a content ethics policy They can send me stuff because hey, they want me to look at it or talk to them about it matter of fact They often will reach out to me and say hey, tom. Did you have any problems with it? Blah blah blah and this is just me being honest with them if I run into something That I don't like about the product or I have some opinions on it before it's released They may use that feedback Uh ahead of time But what they don't get to do is once I know it is the or I have the software that will be running On the device when it's shipped And I'm doing it On par at that point that review does not get reviewed by them before I release it to you I have my opinions. I put my opinions on these devices and we go from there now most of time I'm buying hardware, but you know, for example the 8200 you can't buy it It's not well, you can't you can pre-order it But they sent it to me a little while ago and I put it right into production So I can do a longer term test and give people an honest review of it based on What it's like using it under load So that's how I do my reviews on some occasions where hardware was given to me But I'm always honest. It was given to me, but given to me is not the same as buying a review Um, you know, if someone wanted to buy a sponsored post I charge a lot more than the price of a You know, whatever a device might cost that they send me So and I'm always clear. I like for example One of the sponsored reviews I do is a company called sasthio. That is a sponsored video That video was paid for by Specifically john at sasthio to do that review of their product And it's it's it's a product demo paid for product demo And it's absolutely the first thing I say when I check the video this video is paid for by sasthio This is a product demo with me and john from sasthio. So I'm always implicitly clear on that But you're right. Some youtubers are not and that's unfortunate They have multiple remote properties That I thought the dream walls would be good because they run off a generator and solar, but I was hoping They'd have add you and I access. Yeah Uh idea being could you extract the passwords from a crappy poe d you run connect to the cable to vlan? I'd like a radius server to change the password if I can't paint I have no idea how you have your radius server talking to a doorbell. So I have no idea I love ipa beer Use the doorbell. I mean you could probably write something Code wise to say when this doorbell does a thing Change something in radius, but I don't know anything natively built into the rate. No, there's nothing in there about that. So Whenever I get something in the npi cycle new product introduction, I'm not allowed to talk about it on social media and have everything Uh past marketing Yeah past marketing for weeks after ga. Yeah, I mean I couldn't tell people I had um The neck eight device until like I had it before I could tell people about it. I had to wait till neck eight You know was Um allowing me to say it. So I mean those those are general agreements. That's not anything about the review. It's just like, hey Um, don't talk about it until after this date. Those are really those agreements work Should I dump last pass? I say yes use bit warden Even if you use bit warden system itself, it works well I mean, I have no idea why You'd want to have your doorbell reset radius passwords, but go for it. It sounds interesting if it's interesting to you run with it Some people make a big deal about youtubers getting tech because they don't get and I'll build a business like Uh, because they don't get it and build and can't build a business like you and cody. Yeah Who owns bit warden? That's actually an interesting question and I have an answer The company that owns it is called um Share this tab instead I'll just share this link. It's in here somewhere. They got a name. It's like eight bit something There's their their own they're kind of their their own company But the way the contracts work it's they got another name behind the scenes, but they're open source and Um well vetted as a company so they're good Huh embargoes Thoughts on roboforms never used it. I don't have an interest in using it. So I don't know if it's good or bad Um An apn one password, you know interestingly kind of and I'll pull this up and I I've not used one password at all I prefer bit warden so Definitely, um You know, that's my preference, but if we pull up a post by There we go Share this tab instead That's interesting there we go so this is uh Jeremiah M. Gosney And I will throw a link to this post. He says he knows the people at one password and Says they do a good job Now why am I pulling up some random person you may not heard of? Well, let's just say Jeremy. Um, he Is a pretty good cryptographer. So he has a pretty good set of credentials So he's won this post I shared and I shared this on my linkedin and uh a few other places Kind of talks about some of the problems the last pass. It's a lot of details in here But he does say both bit warden and one password are places. He thinks He recommends bit warden and one password. I don't have any Any feelings towards one passers and ever used it. So I don't know anything good or bad But hey, you know, that's up to you my partial. I'm partial to bit warden because I've used it for the last couple years I have used bit warden for almost a year now never considered self hosting Yeah, even if you don't self host, I think bit warden solid years ago I was there reporting because they only had one developer I They've had a team of developers for a while. They're they got a quite a few people working there Oh, you've heard cody cody from mactel.com networks, which is That's cody He's got a youtube channel great youtube channel. You should subscribe to it I'm building my own servers and I can't wait to have it ready and solve bit warden on it I think it's fun learning how to host the projects On-prem hosted or cloud, you know, it it really comes down to whether or not you are good at hosting things yourself If it's a project you even want to take on I it's not A decision you should take on lightly because I talk about in my video of how to self host it Some of the prerequisites and if you're not familiar with setting up those prerequisites And you're not familiar with maintaining and updating servers Well, that can be a little bit of a problem And but I have no problem like all my personal stuff is hosted in bit warden Not on my server like in their servers my business I host in the bit warden one and it's because I have a bunch of stuff I already host So I'm throwing it in the pile of things I host So I that comes up to whether or not you're you want to do that part or not You have one password and bit warden you prefer bit warden because he is more friendly fair enough Why in the world a doorbell resetting radius passwords those words make no sense. Oh good. You're not the only one I I thought I had too much beer when I seen that I'm just saying 802 1x is any home environment. I don't think so I don't know. It's low on my party list to do a whole breakdown video on that We use cloud behind sso integrated scm It's almost set and forget it what tom said you don't need more work hosting That's sometimes what it comes down to do you need to spend the time hosting something? Uh Sometimes yes, but sometimes it's not as good By the way, great q&a it folks here have a deal with a password manager issue If you get back work next week many questions coming from end users. Oh, yes for sure You know, this is one of those things where the um end user stuff The end users are seeing Something in the news that's technical which Doesn't always mean it people are gonna have a good time because they they learn just enough to ask you more questions And you're like, I didn't want to talk to you sometimes You're like, I don't want to answer a lot of questions about bit warden Or password management, you know talking to the end users, but I don't know it is what it is 802 next doesn't make a lot of sense unless you have dynamic vlands to play with Yeah, and It's there's some challenges in setting it all up He said reset the password only when he could not ping the doorbell to protect network isn't odd But people like to play with what they can do. Yes I love all my topics get above the fold or old school newspaper Hi, Tom from australia the land down under Don't let a good tragedy go to waste if you can up people's security Please always take the time to do so anytime we can as technical people help the less technical among us Raise the bar for security. I think we're doing really well If you over to complicate your home network, you end up frustrated family members Even things like separate ss80 start to trip them up. Yeah, don't give them other things to connect to Had to discuss the last patch of management after they read some articles online. That was fun Hey, it's a good opportunity to engage with them. Like I said, it's not all bad um Techno a lot of technical people can be a bit less talkative, but Yeah, I mean hey take the opportunity because they're going to talk about something that you have knowledge on And they are valuing your expertise. So What's your opinion on security with self hosting bitwarden and using nginx proxy manager to access over the internet The problem comes down to and I said this earlier too If you are going to self host And expose it to the internet. The problem is you're you're making a bet. Who's faster? Well, you get to you got a couple factors going on here. Who's better at Patching things. Let's say there's a flaw. There's not one now that I'm aware, but let's say there's a flaw Who's going to patch that flaw faster you or bitwarden? That's the question. You're it's a game Second part if there's a flaw found at bitwarden, who did the attack first you or bitwarden now showdans made this easier so You know people uh in qnap is an easy example of this qnap has a flaw people scripted probably the database of showdan And grabbed all the qnaps and they keep them in a list and when qnap has another flaw They go and extort users from it. So do you end up in a showdan list or some similar site list where if there's a flaw They access this database of flaws and go hey look we can go get this person's passwords. I don't know so It's all things think about have you done hotel captive wi-fi if so the integration loyalty room number reservation radius um, I recommend buying third party software for it. You can do this in pf sense um But i'm going to recommend there's companies out there that actually offer that as a service And that would be the better way to go so that way you're not trying to deal with You know either a Unify or pf send implementation of it. I mean if you're using some of the other firewalls They may have a better one, but there's software out there that's like designed for captive portal room number type authentication Started a new job in it in michigan back in august. They talked about bit warden But I finally got them to deploy it. So I have somewhere secure to look up my passwords. Awesome. That's congratulations there TV media or similar Call you for an interview. No, i'm not famous like that Well, we thought last pass was good at patching. Well, we don't really know how they got into their servers So it's not that they found a flaw in their Last pass itself They found a way into their back end how they do their development. They attacked one of their developers That was their targets. So Yeah Favorite bluetooth speaker. I don't really use bluetooth speakers. So I don't know I do like though I don't use the speakers, but I have these These are those uh aftershock These are great. I like these as a bluetooth if you're talking about bluetooth headset Then this is the winner And by the way, my beer is almost empty. So i'm gonna wind this down. I got hair stuck to this There Uh I communicate with simple words. We'll take that as a compliment Uh make some cat to portal software. I've had success with small hotels. There's a few different companies out there that make software design for that Uh, I did not watch chris's portable captive. Um, I think well, he was doing it with ubiquity. I think Devices on my net are showing sometimes was self assigned Sometimes dcp are both any ideas. What's wrong router switch Range extenders if they're not getting a dcp Are the ones that are attaching to the range extenders the ones not getting it Which ones aren't getting it start that as a troubleshooting point, you know If the range extenders are not working well or causing timeouts that can cause the problem of the devices downstream not getting the address because they requested dhcp that the processes You have this. Hey, i'm a new device on a network and you send out this, you know Broadcasting i'm new. Where can I find an ip address and then the server responds? But if you have things that are causing too much latency or dropping some of the packets They may drop that request packet the dhcp request and not get the proper response because well The system never heard it to hand out their ip addresses So that's hopefully uh helpful uh posted my forums some of the details of your network the forums I spend a lot of time in um You know offering people advice and helping people uh troubleshoot networking problems There's a good there's a lot of people have joined my forums. They're good at that Oh, I love that people have recognized They have recognized the Gavin belson of of uh my network. We're gonna pull this up here Oh, my why is it? No so Let's I hate when youtube does this. Where's my where's my url for my video stupid youtube? Uh Go to my channel. I'm gonna pull up the video. I just did If youtube will let me Here we go Getting a link to this is not as easy as it should be. Anyway, sorry. I got distracted here um Real quick here. Is there an easy way in pf sensacy to different countries where giland traffic is going? Entop png is probably the easiest because it has some g if you load geo ip information into your entop you can do that Let's see if we can pull it up in real time Uh, let's see. Let's pull up the sort of diagnostics You tell tom's getting tired, right? Geo map. There we go Share this tab In entop you can do this you can pull geo maps for ip addresses There's a ip address in chicago i'm connected to A few in dalas apparently Oh, no, washington. They're spying on me That's actually kind of cool. That's a interesting It's it's debbie. This is how i'm accessing debbie in That's fun. Uh, give her the wi-fi ranger senders. Yeah Can you do a video on comparing pf sense with a separate layer of three sets or dedicated router doing routing of pf Sense as the firewall I don't understand exactly. I mean that's just that's just a video about doing layer three whatever layer three switch I choose If big companies if big cloud companies are getting hacked, uh, what chance we stand? I guess for less of a target um Don't underestimate an aptitude Um Just because they're a big cloud company doesn't mean they didn't leave an open bucket somewhere So it's not like this is Just oh if microsoft can't be protected, you can't um granted microsoft's obviously has the resources But microsoft also was using text message authentication and which led to them getting attacked Why are there so many of these? ip's here weird This must be where stream yard is Where is this exactly? I have no idea There's where all those ip's are g.o.ip located That's interesting Whom so oh i'm talking to boston I don't know what that ip does in boston, but There it is Ah Tor nodes um Actually Do I have any tor nodes pulled up probably? Let's see here Where are those at? Uh not really. I thought I had more Oh, there we go. There's a bunch of them Let's see if I can map these there You know, I have to uh seed. We're gonna share this real quick So if you present share screen chrome tab You want to see the tor nodes They go everywhere You know, I have to make sure i'm properly uh seeding things over my you know Uh, well, they're not actually not all torrenting nodes. I should say G.o. Oh g.o. Data is off a lot by the way Have you double the d-dots actually elaborate steps to remediate? Uh step one put up cloudflare step two pay the bill that comes with remediating I don't have a better answer The answer is yes. The answer is cloudflare akamai Um, you need a cdn in front of you if you have something getting d-dost Stick a cdn in front of it Any nodes in china? Hmm Are there probably not close Where's this at? I'm bad at geography. I don't know where those are. I know where they're at. Oh, korea That's korea Oh, look someone up here Canada is that kodi am I seeding some some uh torrent files for kodi? Uh, yes Working on a small office ever uh for networking infrastructure using proxmox with ems for pf send Stock or containers pxc netbox 3p ap for authentication awesome You know the problem with d-dossing is the fact that it's um It's not It's not easy to defend against and the reason it's not easy to defend against is because it it's Too many packets going to one place. This is generally how a lot of the d-dosses work So how do you defend against it? Well, they fill out the pipe that you have you have to have a bigger pipe who's going to Have a bigger pipe large content delivery networks like Cloudflare akamai they're going to be able to absorb that attack and Yeah, you know, it's just a it's just a who's got the uh The bigger guns. It's a weapons war. You know who can who can absorb this much data So that's the unfortunately part about d d-doss attacks Uh, jeff gearling has some good videos on it. Um, there's only so much you can do because if it's kind of like saying Like you have a phone number and that phone number has routing in it Like say I have you know handful employees So you call my number and then you call the different people Well, the old version of d-doss is When you call that number to the point where you can't answer the phone anymore. You've now done a Denial of service on the phones Same problem. How do you solve it? You can get more people to answer the phones You can start blocking numbers, but if it keeps coming from different numbers Well, that's really hard to block and you can see how this is just being a problem How do you know you're being d-doss the first place now like it happens already. I was looking for other things first Um, you usually watch the web thing. It's usually a web thing generally Um, and you'll watch the hits go up and up and up and just keep getting higher and higher until they're Un you can't reply to them anymore So that's usually how Sponsor some of the d-doss attacks to courtly encourage meeting companies to buy their services. That's not true I don't believe it's true, but hey Did you say the unifier routers are amazing? You just see Did I tell you that the unifier routers are amazing? My udmse is only able to ppa at uh three one-half gig With my cheap xt router that you always have eight gig. Yeah I I don't know. I know there's some problems with ppoe But this is the video To put some LED lights in Rewind and uh, this is a little trick from the side That's a spare neck eight box. That is a match Our production racks just in case something dies You want to make sure You can't you have a small the short there we go. How do you rewind a short? Do you reload the page? Other than adding a few more stickers. I think our This is just me showing off. Well productions last lab So got stickers, but I took the side panel off because we had to put some led lights only we have for at all and Those are all uh What do you call it? Deck cables in there. You can't rewind. Yeah, that's stupid Rgb all the things You can rewind you can't rewind you I don't know Shorts is confusing. There's some crazy sophisticated text I don't know of all master attack flow rather. They use things like repeated upload attempts constantly retrying everything from a site Oh, yeah, there's other versions of d-dos There's sometimes just weird flaws where people find that if they upload a certain file It will cause your system just to hang and they don't have to even Put much effort into it. Like if they're trying to upload to a site Let's see you have a wordpress site and there's some uploads on there And someone finds some clever way to stop it from working by pushing an upload that doesn't that just keeps breaking it I don't know. That's the thing too um, anyways The part that people are really like, uh, this is what it looks like on the side That's a spare Someone notice that this is on there. So, uh, that is the For those of you, hopefully I have some silicone valley fans in here Uh, find a good high res version of it Where's the good? I like the fact that you can There we go. This is the, uh, Gavin's special signature box Yeah, zip bombs are one of those Uh, orange deck cables, uh, wait Right click URL, watch, rewind Lots of missing features and shorts, yeah But yes, that that is the, um Gavin's special, we 3d printed it too because we use two different pieces because we are big silicone valley fans So, we have the Gavin signature on here So Uh, yes, there's no way I, I gotta, I, I'm, I was really a fan of the show. So Just for context You know Gavin's signature box, if you haven't watched, uh, silicone valley, please watch it. It's great And it's, it's really enjoyable Oh, no, my beer is empty Now what? Whiskey time, um I think I should, it's been two and a half hours So we will wind this down Is there anything else? Speaking of geofencing, I need to block Russia What is it all about? It's all about having some laughs Having some fun enjoying it You know, having a good time That's, that's what it's all about What is the secret of life is to love and to be loved simple like that. So Can I take your cc and a I don't have any certifications. You don't want me taking a certification disc. So Um, I I'm not the person to take those tests Uh, someone asked where I got the orange deck cables though that is I bought them on amazon You can find deck cables on amazon with different colors. So But two and a half hours, I will to make it two and a half hours even because we're at two hours and 28 minutes Um, so let's go ahead and wind it down once we reach that. So what are those last questions? Let's get time off topic If you can't laugh at it, you're gonna have a bad time. Yes Silicon Valley celebrates The success of the inept both the show and in reality folks We're just gonna go with that answer is yes because if someone says, you know, how does this happen in silicon valley? Oh, there's a lot of silliness. There's a lot of silliness in that weird place By the way, um, if you didn't know this some of the writer In the writer's room for silicon valley We're venture capitalists and people of silicon valley to talk about the shenanigans as some of the plot lines So if the plot lines in silicon valley seemed plausible Or un plausible reality is some of them happened Definitely can't do a backflip Um, I'm not athletic not athletic Athletic, I'm also not articulate occasionally. So that's a count that was an example of both Yp of sensor represents Stability risk yes I don't need my firewall to have updates every day That's not something I need to be secure every day, but I don't need a new Every time there's some minor update to every package. I don't need those new packages loaded So that is definitely a big downside to me Um, having constant updates that need to be applied Uh app recommendations for mfa. Authy seems to make people happy. I've not used it So I have no direct opinion on oathy. I use uh a tool called aegis authenticator So I think aegis makes a nice tool aegis um, but I don't know that's that's what I think is nice But some people really like um, oathy Oh, good. We've made it all the way so I can end it because look we hit the mark We hit it. Thank you all for joining me. Thank you all for hanging out with me while I had a uh, what is this beer again? I don't jeff from craft computing is where you get your beer recommendations But uh, I think he would say that founders dirty bastard is a good beer Um, next live stream will be next thursday, but I might I don't know I might do one this weekend um I don't know. I don't it's winter. I don't do as much in the winter. It's not nice outside So I don't want to go out there. It's cold. It's michigan um So, yeah, I might do one this weekend. I should probably move the camera as I bump the camera and the camera's a little bit low and i'm sinking down on my chair so Grand Rapids michigan awesome. That's nice. That's for a lot of those a lot of beers are there So, uh, I seen someone said prayers. I'm assuming you mean jeff gearling. Yes, uh, jeff gearling He's been open about this and follow him. Uh, he's had some surgery. So I hope you know, I talked to jeff I think he's he's had some rough bumps, but his recovery is still moving forward Uh, that's what we like to hear jeff is a great person Another near here founders a good choice awesome Absolutely, all right. Well, thank you everyone and, uh Wait iron maiden has a beer That's that's an interesting piece of trivia All right, well have a good night everyone I'm gonna go google iron maiden beer because Someone just said that and that seems like a good combination of words to put in google. All right. Thanks later