 And we are live. Well, we got an echo. Hold on. I can fix this There we go. No more echo Welcome to vlog Thursday number 270 really really it's in that many. Ah Why does this do this hold on let's figure things out there we go So I can put the comments here and put the comments Here all right You know if someone were to say what do you do all day Tom? Like we want to know a day in a life so much of the day in a life would be you watching me read You know, there's not really a good live stream. So to speak that I could make where what do you do all day? Phone calls meetings consulting meetings Talk to employees read somewhere. That's a big cycle. I spend a lot of time I don't joke when I say read the fine manual that is very much something I spend some time doing so Absolutely Tom not you have a home studio, you know, they make rack-mounted mini fridges for your beer Oh, I have a normal fridge and I am perfectly fine with so yes Also, tell your son you're doing a poll on YouTube for what toppings go into pizza. Ah Mmm good, maybe Do they include pineapple is pineapple on your pole pineapple jalapeno pizzas are good Let's see We have a good evening. Well, it's good afternoon for me But good evening probably wherever you are time zones are fun like that. So let me close this All right, you make sure it's this phone. I'm actually not gonna turn my phone off I need it in case of emergencies. I have a lot of things going on right now all good things though I never am sure what to fill this beginning part up with because Inevitably about 10 minutes in it seems to take for everyone to well when it peaks so to speak it takes a few minutes of ramp up And then the next question is what I miss what I miss well nothing I'm just babbling the first few minutes. I want to stay engaging. So I'm not actually just gonna babble I want to say something interesting but You know, there's still a ramp up before I start diving into things, of course It is currently 3 p.m. I am in the Greater Detroit area. I I do So here's a fun babble. I'll do real quick. I am in the Eastern time zone So that's a to answer your question directly But if you're from Detroit and you live in this area, I don't say I'm from Detroit But the majority of people live far outside of this area. So I will say I'm from Detroit, but there's a weird Like I don't know people so if you are from Detroit proper, you don't appreciate people who live 15 miles outside of Detroit saying Detroit. There's this like we're in Detroit You're not really in Detroit type of thing I'm like, well, it's easy when you're talking to an international audience, which by the way only 47% of my audience is even inside the United States, which means Detroit has well lesser meaning as the Geographical location. I'm no lot of people know where Detroit is, but it's not something it's thought about is much in a deeper context. So That forum post about ideas firewalls is giving me a bad headache. Yeah, someone's just being a little overly It's that tweet by John Hammond summed up my feelings on a lot of the enterprise security stuff being oversold and trying to provide false sense of security and I mean, it's no doubt lapses was making fun of it. And it's just yeah I'll pull this up in my forums because it's discussion I'm not I get the person's points, but they're coming off is no open source is bad too much like they're pushing too hard on on that as a Narrative if you will Think this button well, that ain't working Huh, okay Why not That's weird All right. Well, that's broken. I don't even know why and I know I know what breaks when that happens I know I have to reboot to fix it. I'm not rebooting a live stream. I mean, I don't it's a windows problem I don't have to read my Linux system so I can just share the tab Will add context this way so share screen Chrome tab And it's just a reference. This is in my forums and Yeah, it's people debating and boy, are they debating? There's a lot of posts in here by the way if you read through it and if someone asking starts with a question about site blocking a pf sense and Someone signed up for my forums just so they could basically tell you why open source is the insecure and not great. I It's yeah, but But you know, I thought this was a it's tongue-in-cheek, but boy, is it true to some extent here Actually, can you how do you click on does it that's weird does it take me right to John's tweet? Yes, it does cool Actually, let's do this open image a new tab Share this tab and set and this is the tongue-in-cheek joke You know, this is actually from the lapsus discussion and Which by the way, they got arrested in case you want to follow up to their story People are getting arrested today Regarding all this hacking very few how many companies even check logs very few until it already happened even the very big ones and this is just one of those things that is an unfortunate truth of the Way the industry works. It's just there's a lot of brokenness in there I I have some friends that would never publicly ever ever say this because it's her job to Manages, but the the blind spots in their security for the enterprise company is is crazy and the more you have a lot of friends who work in cyber security the more you realize there's a lot of stuff That's just broken and it's unfortunate and that's why I maybe I have a little bit of a jaded look But that's what led to that entire debate about everything So that's I don't know that's about it. It's in a nutshell in a rant Anyway for PS that's a load balance you to be back ends don't think so by the nature of the way you do He works. I don't think there's anything in PF sense that does it so Oh, you got the same thing with the Las Vegas and the suburbs to somewhere similar Turf rules of where you can say you're from where you're not from I Need my water Yeah, there's um, I don't know at least I'm not I don't get into debates with stuff like that So same state as you you're near Lansing. Awesome Open source is the best source because we can see how things work. Yes. That's a big factor That is a big big factor is being able to see how things work Um, it's been on my to-do list. I just I only have one Unified dream machine in a lab and I want to kind of do a security assessment of how it works Like I want to really understand it. I haven't looked through how good is their documentation? I have not looked so I'm not saying they don't have good documentation I'm asking specifically is their documentation good because I have not looked through the the UID documentation Because I like to really understand how something works. That's an important aspect to me How does it work? How does it function? How is it handling authentication? Mike or something changed in the last transition strange Nope, we've never built I we've bought touchscreen computers. You never build them I mean they sell I take I kind of take that back in a way Because we bought touchscreen monitors with usb's years ago. It hasn't been anyone requested in a long time You can get a touchscreen usb's to plug in so Ah Believe me reboot suppressional rebooter. Yeah So I don't know man Do you think the starship enterprise use zfs? I'm hoping we have advanced beyond that I don't think zfs zfs is where we are the best technology we have By the time we're floating around on the stars. I'm hoping we have something even better Oh, chicago too. So, okay, there's there's turf rules in every city Uh, having only lived here in the greater detroit area. I'm mostly aware of our turf rules Thank you for your attention to the community and greetings from maraco. All right How does it work? That's the correct approach Yes, it I asked this question of all things. This is one of the things I like about open source so much is I I can gain a deeper understanding of how things work. I this is why I did these explainer videos. Um You know regarding zfs for example, uh, because someone asked about it So it's on top of my mind and trunas just retweeted it I understand at a Reasonably good level how a lot of these things work, which is why I take the time to explain other people Because the how they work matters a lot and it's what one drives my interest in that product And also I never want to just trust something to say magic I don't know what all that code piles are doing over there, but somehow my files must be safe No, I actually want to understand how zfs handles the magic how it handles the integrity of the files How it handles the cache how the copy on write file system works So I did a series of videos explaining it because I've taken the time to learn it I know other people are interested in this as well and there's also a lot of half Partially correct pieces of information you find when you're rating and read it Um, some people are very correct Some people are get it half right and I'm like well I want to take the time to do this and this is why trunas also was like retweeting it Is is I took the time to read a lot of the dot details of how it works back to the uid comment I see cody for mech tau com networks has replied they have some docs fairly basic getting started type of stuff. All right. Well that's I'm hoping for more I was I'm really hoping to have a better understanding especially um Especially if you're if you want to recommend a security product I want a deep understanding of how the authentication models and everything work on that security product I was actually in a vendor discussion. Uh, well, I was ranting a couple of them replied I I belong to some slack groups for a lot of other it and msp professional vendors a wonderful group of people Um, but I I was interested in just kind of ranting about the topic regarding things like the um I think in the lack of use in the marketplace of phyto. Why isn't everyone using phyto? And Or is it the question of they don't want to take the deal with the complexities of the back end of deploying phyto? So they're just going to Rely on an ssl vendor who's as phyto and tie it to your ssl These are, you know, good solid questions for stuff What's it interesting question is the one I left up here. Who's responsible for pen testing the enterprise? operations data or engineering geordi. Hmm I Geordi is really creative So I would I would bet geordi's a better red teamer. I'm gonna throw it out there Uh, you know, he would slip one up. I would actually put geordi as being on the red team there for doing the pen testing Um, do you have an opinion on open sense? I don't use it. So not really I did a video talking about it I'm fine with pf sense. I haven't had a reason not to use pf sense It's uh, been a well supported well documented project. So we've always stayed with pf sense Have you ever enjoyed any biz leadership books? You know, I should probably make a list of them I don't have all of them off the top of my head, but yes, I've definitely I read a lot of books Um, I don't just read manuals occasionally. I read actual books and uh, there's I don't want to Try I could try to rattle off a few of them. I'm trying to remember But there's so many of them. I read. I don't know. Maybe I'll make a list If someone posts that in the forums I may have actually already posted that in the forums. Let me see if I have a book list Did I um, no Anyways, if someone asked me the question in the forums, I'm more likely to reply to said question I obviously have not answered it in my own forums I know I've talked about it before it's been a question It's come up and if I if I'm in front of there I can go through my library of books and make the list of the books I've read that I liked the three one of my big challenges is The books are a book now many books. I'm I'm conflating because I read them like, you know 10 20 years ago Uh, so it becomes a conflated. I've read book and so sometimes I will mix things up I try to keep notes on things, uh from books, but yes How hard is getting into a little job based on your experience and what you prefer recommendation wants to get into the field Started a help desk Everyone's always hiding for the help desk because no one really wants to do the help desk So it's a great place to get started in the field There's it it's like your Bottom of the barrel so to speak you you start there But it gives you a lot of insight into how things work and if you're good and talented at it You can move around get some experience and level up But lots of places are hiring for help desk Uh, ux2 pro release. What's your thoughts that it's the bigger of the usx? One if i'm not mistaken to my knowledge and kodi or someone can correct me if i'm wrong here Does it add any new features at all? As far as I know the same software limitations apply to it. Therefore. It's basically a usg with faster processing Good to hear there's some more documentation on there awesome Uh, running pf sense and shooting a scale vm can't run proxmox on the hardware. I've never tried it I never I don't like running pf sense virtual, but you do you Hi, tom. Could you point this direction of managing checking hundreds of servers? Should you should there ever be a manual check logging remotely or all centralized rmm tools gray log? uh For us the way we manage the hundreds of servers is with our rmm tool That's what scales. I've had people say don't use an rmm tool You're you're increasing your risk and i'm like, okay Tell these businesses to hire it people internally to manage all this They go, oh, we can't afford that it would increase the cost of goods of the product They make so much that i'm like, well, yeah rmm tools pretty much the answer for that I don't know that i'll eventually maybe i'll do a security onion video because that's probably one of the more popular sim tools there Hello from australia Seeing upgraded pf sense to pf sense was smooth. Thanks for your video. Awesome. I'm happy your upgrade went well Does tail scale work onto your nascale? Never tried Uh, have you ever built a router firewall using regular linux distro? No, no interest in doing that. I mean, yes, I have uh Maybe around 2004 2000 somewhere around there in early 2000s. Yes, and uh, eventually that's what led me into Um, not wanting to do that. It's a great exercise in learning. I don't think it's a great I mean if you want to do it for yourself. Yes, I don't think it's an easy manageable thing It's like you're reinventing a wheel when so many good products exist out there But from a learning experience, I encourage people to do it from a hey, I'd like to deploy this at people's places Um less good of an idea should I install crowd sec or true dance on my reverse proxy server? I mean if it's internal and you're not public crowd sec is for publicly exposed things. It's not as much for Um internal devices and I hope you don't have your true dance exposed externally And if you are going to expose it externally, please put crowd sec in front of it Hey, tom theme I'm going to full-time it consult. Do you do coaching calls? I will have all ma'am for organize the questions before we meet yes, they do they go to the High-res page. We do consulting as well. I'm actually a huge part of what we do is actually We work with a lot of internal it teams and sometimes it's even other msp's and it professionals for consulting on how to help them with projects Um, I have two guys out doing something related to that with a local it person Who delegated a project over to us? And so there's a lot of that that we that we dabble in best way to start that process is reached out online Uh via the highest form that puts you in the process by which you can contact us I don't think it adds a new uh, pretty much just a more beefy usg. Okay. That's what I figured. I figured that was the answer Uh tail scale. I have a whole video on tail scale It's a mesh style vpn essentially overlay vpn Make sure you load balance your alcarve servers Upgrading my psse plus, uh, okay went smoothly good Sim is an open source would be a really good topic in my company. We're using q-radar. However, I'm looking for solutions in my lab pretty much the only big uh Fully complete sim system out there that's fully open source is going to be security onion I don't know another one that's as capable as that. I'm not saying there's not another one out there There's always another product out there But security onion. I have set it up. I have used it. It's awesome Doug burke and the team that puts it together big hats off to them. They're awesome. They they make a really cool product But security onion is pretty much your go-to I have a few friends who are do q-radar q-radar is pretty popular It's an ibm product for those you're not familiar with it is big in the enterprise space and has a big price technical with it Have you ever got a psse router zfs as a recruiter a boot image from support? Yes, it does because you have to reload it Line is just posted a video with gpu accelerated raid from invidia called g raid. What do you think about this concept? Reduce the rate calculations almost zero and the speed was better Interesting. We'll see if it really turns into a big product. Um The concept is there We'll see I mean It comes it's going to come down to Um, you know, I I don't imagine if you did some type of gpu offloading Theoretically there could be some advantages in that but I don't know. Well, that's kind of uh, we'll see it up um What was I going to talk I actually had some stuff I was going to talk about today And it's going to be What was it? Oh the hardware stuff That's one of my topics Do small companies go bankrupt through data breach? Um, it's kind of It's often the lawsuits that come after the answer is actually Way more often than you think it never makes the news There's a lot of companies that don't survive a data breach because of fines or Something related to that data breach that cost them too much money, you know being sued by partners being sued by You know the people they service from losing the data So yes, they in it goes almost unnoticed when this happens because they often don't have enough insurance to cover whatever the losses were It's not like they're sitting on a cash cow frequently. So they go out of business all the time and nobody notices It's just one of those things. It's not like the news goes. Hey, did you know this person was seven employees? Uh, that had a business over on this street Got breached one too too small to make the news two They may not survive it and they may not survive it not just because of the breach But if they hit a ransomware event and they can't afford the ransomware And they can't recover their data and they have no way to keep operating forward At least, you know in a secure manner. Yeah, they they can go under if that data is critical such a design company And we've seen this happen. We've seen design companies that lost all their data There was one of them It was actually had nothing to do with cyber security, but I knew a design company around here they lost all their data because of ineptitude in the it department and They couldn't survive they all their designs all their manufacturing plans the cost was so expensive They paid it and they didn't see I don't know directly if it was related But they went on to business within two years of their major loss of all their data And it was kind of crazy, but it was a big contributing factor. I think was them losing all their data Which is the same equivalent to you know a breach essentially where everything's encrypted Uh, you're a mighty girl. Thank you for all the great content. Have you ever tried wire guard failover server with engine x? No I don't know Never tried wire guard with engine x. I don't think that works because but I could be wrong I I I don't know how to implement that so Um, my son has decided to hover behind me here Sorry, uh, I just joined. What do you recommend for two and a half gig switch for a server? I recommend it to me probably we pretty much always recommend the Unify switches for most people Uh, it feels under powder to use an atom Atoms work they get the job done. They're low power. They're a long life. So I think that's why Dunkel r. I you got people from europe saying hello Is your goal just to hover here? Yeah, or do you want to pull a chair up and actually contribute something? Okay Yeah, they're saying it must be pizza time. No, well some when some smba, uh Act like a hard drive will bank up them and they have security even though they have kind of a choice to go out of business Yeah, I mean it's kind of sorting some of them out There's no doubt the ones who care about technology and the ones that don't but yeah Uh Do you have an understood consequence for your son if he makes a scene during live stream? I don't know. He knows he would probably be banned from video games. Uh It I think that's probably enough. It's probably adequate to say, you know No video games no computer no elden ring. So uh, that's been his latest game of choice. So we're gonna go We're gonna go with I think there's a really good understanding Do you think use hardware is worth it for an msp? So let's talk about that and Hey fully up front. Yes, I have an offer code that gets you a discount on this but we're gonna talk about um, one of the things I wanted to mention today and We're gonna share a screen chrome tab That yes, I do think that these are worth it. By the way, I have one of these at my office. I picked up from them um They got some good deals on these Lenovo poe switches and stuff Uh, and I have an offer code. So that's why I want to be up front. I do have an offer code We do affiliate work with them, but they've become even more important because of the question that john smith asked Do you think uh used hardware is worth it? It's not only worth it. This is what we're running into right now and People go. Hey, I really could use a new server and del has some shipping problems supply chain delays and things like that Well, they have Look at these power edge 640s in stock over at tech supply direct And this is becoming a popular choice for a lot of people and they give you some warranty on this It's not like you're buying blind. You're buying from a reputable refurbisher Who has a lot of options when it comes to you know, building and choosing the servers here um It's it's not a bad deal at all. We buy some of these ourselves I'm Really been overall happy with these right here all servers storage desktops come with a 30 money back guarantee A one-year limit of hard warranty large labor from a municipal purchase state an optional warranty upgrade agreement may be added at the time of purchase So you can not only get something used and honestly I don't mind buying something that's just a little bit behind if it meets the workload requirements I mean, I love and we had a client by three brand new amazing servers. They're awesome They pay $40,000 for each one and I they are great, but um It's not in everybody's budget to do that I mean, hey, if it's in your budget go new But if your budget goes wow, I could save a few dollars and still meet my project goals And I'm building it in a virtualization system And I'm going to buy a pair of these or three of them and set up a high availability Or just just having two of them for redundancy is often enough to go. Hey, I'm going to go with something like this So I'm I'm actually a big fan of it and the fact that they have these in stock rate to ship these r640s We have a couple projects recently We're working on that this was the requirement is, you know, some of these processors in this speed range in this workload And uh, yeah, it so I think it's a great deal Ah, yes data center trash smb treasure and this is where there is a lot of opportunity There's a lot of data centers that absolutely want um, the cutting edge because It's just aware of the rat, you know, if you are facebook you are One of those places like that that's at the highest scale You're making so much money money's not an object But speed is and and the speed at which all of your systems operate. You're like, well, we have more money We know what to do with uh, so let's put the newest things in as fast as we can And therefore there's an entire secondary market that companies like tech supply direct capitalize on and it You know opens up a lot of opportunity. Um, I I think they're great We have enjoyed all the stuff we've got from them and we've fulfilled client projects This is where I get in getting some of our lab servers And this is the builder to buy it question and honestly, there's so much commodity hardware out there like this that Buy it is easy. As a matter of fact, we are pricing out what it would cost us to build another server We're joking about it and we go it's just cheaper to go buy this del 640. So um Yeah, it's one of those things I would uh I would never consider for my clients my friends almost always use hardware I just want to be on the hook for supporting used equipment. I don't even find that to be a concern I I the del stuff is so reliable. Um, it's It's not even been a concern not to mention you can buy the extended warranty with it But for the most part when you get a pair of servers on there I'm willing to even gamble myself and put the tell them it's warranty myself And it so far has paid off. We've had none of these fail That we put out in the field. I mean, we've had a power supply go bad, but whatever I have extra That's their the del's power supplies are so easy to come across just buy an extra one when you purchase it What is your choice for firewall routing? Uh and routing for virtual server. I use pf sense. Um, but I'm not I'm not big on virtualizing the firewall. That's, um Not really I I just here's my problem every time you virtualize the firewall is oh I have to patch my virtual server. Oh my firewall is down while I do the patching or do a reboot Or troubleshoot something on my virtual server. Yes, you can set two of them up and you can migrate the firewall to the other one I don't know. I just hardware is not From my perspective. Maybe yours is different. I don't look at the hardware of the firewall being the big cost factor Uh, so I don't virtualize it. So I do for my lab virtualize pf sense because it's convenient You know right now that's the one thing about buying new servers is you can get so much memory in them for a pretty good price Data center smb ebay. Yes, if you're just straight up looking for budget equipment ebay is awesome for that Glad that you have your hacking problem solved Have a client with three uapx she after lays farewell grade the wi-fi clients keep disconnecting new devices access tonight when connecting I don't know that would be a forum post more. So I I haven't um I haven't really run into that We haven't really had we've had so much minor problems and most of the time And we offer we do a lot of consulting But we always find people just do weird configurations set up things in an unusual way Almost all of our consulting when we troubleshoot these problems I I made a joke one time about so much of our consulting is just setting things back to default And because people have extra parameters they did or restrictions they put on It's almost like we just run through and look for all those and try to start putting them back to default And see if the problem goes away and then try to figure out why they applied them to which the most common answer is I don't remember doing that They're like I started guessing so I started checking boxes and sliding all the little sliders that actually you know I disabled 2.4 gigahertz and didn't realize that's why no one could connect at 2.4 gigahertz Server hardware refresh drives. Yeah, that's not that's not uncommon Um, I even our servers we did that because I wanted all flash arrays for ours We bought use servers um for when I built our new virtualization what runs my office We bought a pair of them But the drives we bought solid states new because why not they were the price difference was so I didn't it wasn't much savings in getting a huge solid state. So we got brand new ones And we got like the nice sass ones matter of fact right now We're debating if we want to I might we want to build a different lab now at my office and We're trying to decide how we want to build an MVME driven lab for all of all the virtual stuff that we're doing Because I needed to be faster when I run those windows updates and stuff Ah and then you're stuck because you can't download the hotfix for the virtualization host because the firewall is down Yes, boy, some people really got burned by that when there was uh I didn't know how many I didn't realize how many people ran pf sense inside a hyper v But one of the pf sense updates had some problem I don't remember exactly what it is Because I don't run hyper v at all but they had a problem pf sense and hyper v So when they updated it it broke some things That made it really difficult because the firewall is down for you to figure out how to apply the fix Or some change you had to make to get it working So I remember some people discussing it and I think a few people reached out to me and I'm like look I just don't do I don't do hyper v and I don't run production firewalls in virtualization So I mean I have a I have a staff member that does some hyper v consulting. I just don't do it When I see reaching out I mean people tagging me in twitter posts R7 20 still going strong. Hey, I still have one of those in my fleet. They they work. It's just kind of power hungry um Not only 40 gig, but the 25 gig stuff is really getting inexpensive now When they'll just did a video on that topic exactly. So yeah, the 25 gig stuff is coming down quite a bit Building two quotes right now for the get the password for my sp or I'm going to get your Uh Pulse tech call. Yeah You're integrating two companies and we'll be in okay. You're integrating two companies in one building. Okay. I read that wrong Integrating two buildings one companies. I'm high rated backwards fun project building server room Normally use cisco core switches. Do you have any preference for this kind of switching? Honestly, if the need is there in even one of the companies that we work with Dimension to spot those new servers. Um, they're all hunter gig interconnects with cisco It's hard to beat some of that cisco stuff I mean, there are places where cisco does this really solid on that The price is really solid as well by the way. So it's it's up to you which when you want to do I don't know what your switching or budget is Cisco does make solid equipment in there Um, but sold to a lot of other companies, especially you get to the faster routing equipment I mean, there's there's other ones you can find In that category. There's all going to be pretty expensive I guess the security question is because I'm using wire guard bpn. Is it safe? Um, what's the other question you asked wire guard vpn is safe. How's that for the short answer? It's a well vetted protocol. I don't know of any flaws and where Uh, will you choice your firewall hardware 40 net? Um, I'm partial to the pf sense equipment, uh, but That's most of what we do, but there are some other ones We're also an untangled reseller and we'll do untangled especially for people who have a lot of requirements around You know, they have to have an endpoint filtering system that's done on the firewall Untangles generally our answer for that Just want to say thanks for the cash video regarding the vlog and so forth. Awesome pf sense doesn't have to uh pf sense doesn't have a 2fa system. Um, just don't you shouldn't be opening the login So sort of second factor of authentication is being inside your network Do I have a go to vpn client for max? I don't really deal with mac so not really I mean there's software out there for it. I just don't We just don't really have any mac clients if someone said they wanted us to manage your mac fleet We'd say sorry. We don't do that. So Oh, no, that's wrong. You can certainly get fired deploying sysco. Um Especially when it comes to some of the license renewals and things like that Yeah, that there's definitely people who are um in trouble for buying sysco The license agreements can be really, um Harry if they're not well done Uh, do you think unify will switch to a subscription beat wi-fi? I don't think so. I don't I don't think that's where they're going with it I just don't feel like unify is going to switch to a subscription as a product Um in as part of their product system Um, I recommend two machines. It's up to you. I don't recommend virtualizing churnas Not that it can't be done. I've talked about it before but yeah, so Wireguard does work on mac os. Yes Far as I know. I never used it far as I know it works Uh making a firewall for home use. I have an entire video on how to set up your pf sense firewall for home I think it's called pf sense home rules I have a getting started with pf sense if you don't know what pf sense is If you get a new client customer, does this setup do you replace everything? I keep the device if you keep the device if it goes bad replace it or for Yeah, we usually wait till it ages out or goes bad and we replace it I mean we have people with a variety of switches and things like that We took on a client that had a maraki network and they didn't want to renew the subscriptions But the subscriptions were prepaid for another year and a half We didn't we're like, well, we'll address that in a year and a half. That's as easy. It is to me It's not like it's hard and the nature of what we're doing is focusing on the endpoint So yeah, we had no problem like managing the maraki and uh, they you know, we had access to the dashboard We can control and see things. It's really not a big deal. Um Unless unless the equipment is faulty end of life or just plain out insecure and unpatchable We'll keep their equipment How many tech and interfaces do you bond on your host zero? Um, I just I don't have any bonded ones on mine Uh wire guard is great and I'm using my android vps servers. Yes, it works for it works. Um It works. Well, uh, I Really like wire guard a lot the problem with wire guard never ranted about this before To which people, um They definitely don't like this rant, but I'm like it doesn't have wire guard is a protocol not a framework for authentication And that's why it's not necessarily something we're going to see Used without more software being added to it in the you know, even the smb market It's not like wire guards the solution for all the smb problems. It's a great site to site solution for two sites I need to connect it's not a great solution to manage a bunch of end users because It doesn't have a normal authentication model like open vpn A frequent reuse case is going to be for open vpn where we have it tied to their active directory server or a radius server Or some type of you know, federator authentication system that they log into that way they can go. Hey, here's my username My password and manage access managing access with wire guards a lot different I mean, there's third-party tools like tail scale that use wire guard as their underlying protocol But have a front end protocol front end interface to manage it So it's it's a nice tool, but it's not the solution for all vpn issues at all Uh, is dds safe with pf sense and no ip? Sure. I don't see why not Do you sell web protection on endpoints? Yes, we do Yep, we um, we focus a lot on the endpoint protection. This was a frequent discussion that we've had in the um The different forums I belong to about how you handle that this was the first thing I alluded to when I started this train where people were talking about the um Arguments people have about oh you just need a firewall to protect it all But as the web has become more encrypted the firewalls are more blind than they used to be Not to mention just some of the challenges of you know watching communications go back and forth at scale And deciphering those communications and understanding whether or not they're actual threats versus Um, you know just normal traffic passing through it's it's one of the reasons with endpoint protection You want to get right to the endpoint? That's for all the bad things begin and end essentially so This is actually where we were at an advantage over people who didn't think this way Since work to home, uh, I think it makes sense for individual focus on endpoint protection as well Yes, people taking their stuff for home was just a shift of taking the device home for us When you're monitoring the endpoint very tightly you taking it home didn't matter. Oh cool. They have it at home I still have the same rmm tool on it and web filtering and all those same tools apply even when it's not in their office And this is where the work from home and it ain't changing. We've pretty much um Where if you're if you're going through and looking at things I don't think people are going back to work in the buildings. Don't feel it. Um, I don't think anyone surprised by that statement at all. That's Yeah It's just Not where people are going so we're going to continue doing it the way we do it Um, do you have a tutorial? Uh tied the open vpn and radius server Yes, you can assign separate ip's I have if you type in like open vpn radius to my channel you'll find the video Here's you Are you all using default land as land? What if Um, if you want every network to be a vlan, what do you do with the default land? Nothing Set all your vlands then don't use it to fault land. There's nothing forcing you to use it You can put everything in a vlan if it makes you happy Uh, any plan to make a video on tuning start rules like a deep dive? It's the same as tuning sericata rules, which yes, I did a deep dive and have a video on it Which by the way take the rule take the error message Right click and highlight it. Well, no highlight it and then right click. I should say and uh, say search with google That's how you'll learn so many of the rules like that's the Easiest tool to learn. I don't know what this rule does. Is someone attacking me probably not probably it's just internet noise Probably it's a false positive. All those things are very likely Go look at what it is read into the rules You can literally just search the rule the the rule error message Well, the response message from the rule and figure out whether or not it's something that's you know, you got to assess your your Everything in your system and add that context to it and then you can make a decision Uh, do you self manage endpoint detection and response systems? Um through yourself or hunter sentinel one? It's a combination of it. So we're using hunters and sentinel one and it's us managing it and them managing it So because they have active monitoring on it as well Hey, michael more asked is asked the question. I just answered hunter sentinel one So hopefully um, that makes sense there hunters and s1 are great tools I like them. There's there's plenty of there's plenty of debates in the forums about what the best tool is Um, I don't have a published white paper that will prove Um, I think people are looking for more research like me to write a thesis on it But tom you haven't tried every tool in the world How can you have landed on one and I it's because some people get caught up in analysis paralysis and yes That is a um Problem some people certainly have I need to stop noises for a minute Where's my do not disturb button? There it is Turn on. All right. Now my phone will quit making noise distractions Business question last few projects have tried to sell msp servers to be either ghosted me or jerking around for months Any advice for actually landing msp client? No, that's that's the sales process for you. Um, have more leads um That's really people do that. I'm I'm finally here. Here's some some inside information I laughed at a booking that I finally got I want to say the booking is tomorrow And they engaged with us in august of 2021 they reached out to us for consulting and Now it took until uh, they're finally spent money with us and are ready to start, you know the consulting project and That just finally came in to play like I said, I think I seen it come in today And I was I seen a ticket number. I'm like, why does that ticket pop up again? Oh, wow that tickets from august of um Last year and here we are, uh, you know, finally getting around to solving a problem. That's just normal you have this is I don't like I'm a very decisive person when it comes to a lot of things So I don't need to be part of your drip marketing campaign where you got to call me every every other month bugging me about something I'm not a big fan of that But it turns out by doing that by constantly re-engaging with these people following up with them That's how we get leads and that's how we land clients is that same thing calling them again calling them again Hey, what you doing? Did you remember that quote essentially in august? You know, that's uh, that is how you'll eventually land these clients. Um That's just the nature of people And it's of course different than the nature of technical people often So it causes a greater level of aggravation for technical people going. Why would if you wanted the service Why did you just make a decision? I know it's life Use windows defender for home users. I recommend windows defender for home users What is secure? I already said that ryan. I already answered that question Uh, what's the best expansion plan from us a text or sales? Yes Yes It's it's both. It's not easy. Um, if you don't have a sales pipeline You've got to build one. Uh There's no there's no getting around that if you don't have a pipeline to bring in clients And if you can't service to things you sold, um, you will fail You will in there's plenty of I've seen some that are really heavy in sales And they couldn't support it and we've picked them up as we've we've picked up the pieces from those msp's That were and they even said man the guy could talk the guy guy came in promised us the world and uh failed at every turn To actually service the account. Other people are really good at servicing account but can't bring in leads You have to have both. It's not it's not a either or You have to figure out what you are what you're missing the most of actually Our sales pipeline is our own is our owner having beers that run the community Staying connected to community is a big factor that not every technical person thinks about but yes It's that it there is a relevance to it. I'm still a member of the local chamber of commerce I am going to an in-person event called it and the d in about an hour So I'm telling you where I'm going to be like this is I'm going to be with people talking to technical people It's less of a lead generation directly for it But I still meet people and it the more people you know in the technical industry The more adjacent you are to that is very helpful in uh, sometimes finding leads. I'm probably going to have a beer too So there's beer involved in this government department I worked for recently switched from samantec to uh, It's my i'm trying to defend our endpoint. I will tell you defenders gotten really good All jokes aside, man It used to be the free crappy antivirus that microsoft did they they put some time into it to make it a substantially better product As a matter of fact, it is hung up a few times on me trying to get certain things deployed even when I did my huntress demo with managed endpoint detection on there with the uh Microsoft one For sure it was uh Microsoft was picking up and even the tools I was using some atomic red team tools to do the demo Yeah, microsoft's like no, you're not using those tools. We we we even see the nuances of the tools you use so Yeah, it's a um It's definitely come a long ways from where it was. It's one of those things It's not not the joke. It used to be and this is actually one of the cool things to huntress uh, where huntress is Adding on that ability to manage. I highlight that in my huntress video the most recent one I posted go check it out I I talk about Exactly how that works and how it can manage policy settings to make it a little bit easier You know Excuse me. Got the hiccups now. I used to use fsecure. Um Forever ago, maybe around 2001 or 2002 I thought fsecure was pretty cool because they integrated into linux and I used to be a mail server admin and fsecure had a product that um I believe it was the fsecure product they used to use on that fsecure used to have the coolest like DOS one And before that that's where I found out of them so post and fsecure I believe were the two that supported linux back then. I don't even know what their support is now for it But back in the day they were they were pretty good. I pretty sure it was fsecure I know fsecure was the one that had the really cool DOS prompt They used to have just it was like one of my favorite tools like back in 90s something like that late 90s And I first got started the early early days of you just kicked off scans for things It was so primitive compared to what we do now Long before the words of you know, we heuristics was big for a little while Ah kaspersky. Yeah Yep Okay, so yeah, it was it was definitely in the windows 3 one day. So it probably was fsecure I really think about that I think you just I think you just ran it through the command f dash secure and you can put some commands prompts after it It's it's just so strange thinking of how primitive all this was back then We for our students talk to us even when we don't use their services at the moment we say Uh, we say bye to unresponsive companies who don't respond I use defender with mailware bytes anti-mailware recommend Defender to customers. Yeah defenders. Like I said pretty good s1 Seven ones a nice product. I have a review of that as well We like the threat hunting you can do in it the extensive. We you know, it's had to catch something the other day We did all the mitigations no big deal really minor something that was Just another another day Then we also had s1 have a false positive because they decided it didn't like something that del had updated I believe absolutely kaspersky is probably On the no-go list for a lot of people I know I there's a lot of controversy around it right now and but If you're based in russia, you're gonna get the controversy is gonna follow you So I don't know, you know, do I do I think kaspersky? Is willfully doing things versus leveraging when you're working inside of russia. It's gonna be sketchy It's just gonna be a sketchy problem for you. So I don't know. I don't know the solution on that I'm not using it Head if you're del del soft, just probably mailware. Yeah, it's garbage It was better to uninstall whatever it was that del had on there It was some tool that was across a fleet We're not even sure why it flagged it because it was not a new tool But something I don't know it wasn't malicious But false positives do happen. They're not frequent. They're they're not like they're sucking up part of our day They're just like maybe one a week. Maybe I don't know. It's not much Ooh, that's probably a good point too. I mean, yeah, they're they're going to be a side effect Any problems that kaspersky has is going to be a real side effect. Um, all the russian sanctions. So, yeah Oh, yes, the norton crypto mining when I seen that I laughed I said, of course Actually, I think I think my thing was like, wait a minute. What was it doing before because norton was notoriously using up your cpu cycles for something What you mean? It wasn't crypto mining. I just assumed that's always what it did It's sad to think it was just wasting cpu cycles instead of crypto mining Oh, yes, I was a big combo fix user. I loved combo fix man. That was awesome for a long time Uh, would you consider for dns filtering on virtual servers? Uh What would you consider whatever dns filtering you want to use? I don't understand the question combo fix is awesome for sure It's been a no-go list for the uk government for a number of years Our barclays banking case used to supply it to customers when the uk stopped from being used they stopped giving it to customers. Huh interesting Oh, did they remove the wi-fi ai? I didn't know they got rid of it um Gonna look because i'm curious Is it gone? I think it's just part of their optimization now. I think that's all this is is um Yeah, i'm in mind I think it's just part of the daily optimization. I don't think it's called wi-fi ai and more. I don't at least I don't see it Uh Yeah, I don't I don't see you're right. I don't see where it used to be but my guess is It's just part of the network optimization now unless i'm wrong I don't know if someone knows post Oh, yeah, I'd post it about the storage craft at a loss. That's a mess. I feel bad for him. I mean someone made a big mistake Someone made a uh big mistake there and I I'd post on linkedin and you know, there was comments on reddit about it But yeah, uh, I tweeted about it, but storage craft definitely oops We we have we have misplaced everything All of the things Uh check under insights they moved vlan management recently for some reason it's under insights maybe Maybe client devices traffic No, I don't see it under insights I don't know so i'm posting my forums if someone wants to dive deeper into that so Okay, so that is in the classic ui. All right Hmm interesting Yeah, I don't know. I don't really I mean, I don't know why they're calling it ai I I think it's because that makes people happy It there's there's at least a um substantive people are always like, oh, I need ai things all the time I need my wi-fi but i'd rather buy that wi-fi ai over there because it has ai It's it's artificially intelligenting my wi-fi right No, it just looks to see if there's overlapping scan channels. It scans and says the channel's overlapping. No move on It's You know wi-fi is just an if then statement with a lot more ifs and thens Yes, so it's it's one of those buzzwords. What was I ranting about last time? I don't try to rant too much, but I was talking about zero trust It's a zero trust ai wi-fi system. Let's build the buzzwords together Yes, ai is the marketing department We need an ai blockchain optimized nft. I mean come on Can you put the ai on the wi-fi sure I was going to title this and I is get your head out of the cloud Uh, I was having a good discussion about companies that are moving away from the cloud They don't talk about this publicly, but just some you think about the consulting I do and you can probably think about the alignment companies They have going hey This bill came from aws and we were looking at it and said We could probably build a data center, right? Yes, you probably could um You know, I think wendell has mentioned this as well in some of his videos is you don't realize just the cpu power in Hey reference back to me mentioning tech side tech side delect tech supply direct You can buy a lot of cpu power You can go to 45 drives and buy a massive amount of storage If you take compute plus storage, there's your data center Especially if you have a high demand for storage storage is really expensive in the cloud And some people are going it's not that expensive to run this in-house to manage it. I'm like no It's it's not quite like your $60,000 a month aws bill that you're paying Turns out you can do some of this in-house and manage it and it's cheaper over time Even with product lifecycle changes and with warranties and with the staff because by the way they have staff so yeah, there's I don't know Maybe I should get in the data center side of the business too. I always thought that might be fun Uh, what do I think of cheap micro tech 10 g switches for home labs? You know other than I like the switch OS because I think it's relatively easy to use. I don't care for their um Router us because I think it's a little confusing But I think they hardware wise they seem pretty solid. Um, they I've done a review of some of the small 10 gig switches And I like them. They're great $60,000 a day was supposed to give what we pay a month We pay every month. Yes. Yes And uh, yeah, that's the thing That's I don't know man. That's just how it is Do you think storage appliance you get placed by vSAN similar? No Uh, I had a great conversation I'm gonna have the people from 45 drives on here that we're gonna start with quit making things so complicated You don't need vSAN. You don't need seph and by the way 45 drives are seph experts and me and uh He does the tech tuesdays. Uh, he's one of the guys on their youtube channel We had a great conversation about this. You don't need to over complicate everything Uh, sometimes you just need storage and I you know, I did that petabyte storage server and people were like Tom, I can't believe you didn't use seph for this and I'm like Why would I make this bar complicated for the client and the client is an it team We're doing this with in coordination with an internal it team. They don't want to complicate it either There's times when you don't want these other things that add complexity to your business So no, I don't think they're going away and we're all just going to be using vSAN's Or seph clusters or whatever is in there. There's times to use it. Absolutely. It's just not all the time The drives are the most expensive part of the storage most of the time Yes, until you put it in the cloud and then it's real expensive So, yeah, but I don't uh Oh, let's see Gotta run. Thanks for the answers. Take care. Awesome What do I think of Nutanix? I have no opinion. I don't use it. So Um Forget what Nutanix makes. Why do I know their name? some cloud scaling it's Multi cloud adoption your infrastructure What are they using on the back end? I don't know. I we don't use Nutanix. So Strange new worlds I don't know if I watched a trailer or not I probably did when it first came out Yeah, I I like the other more open solutions. I'm you know, a big fan of Obviously xcp and g people don't realize how big it scales or how big some of the companies are that are using it But it's very very used in the enterprise space. Um So that's definitely The uh Different software out there. I should say there's a lot of people trying to reinvent it to make it easier But you can do a lot even when you start talking about some of the other ones What's the one that wendl talks about a lot? There's a couple of them that wendl's really big on too. Um That also does some data center scaling stuff Wendl from level one text. He's he just did a recent uh discussion about it was a good talk But it really comes down to what is it that you're trying to do You got to start with what you're trying to do before you talk about the tools because um It it's the analogy I've given many times is you know, hey I have a dodge truck and someone can go on a rant of how it doesn't quite have the towing capacity of a of a freight liner freight truck And i'm like sure doesn't but why would I want a freight liner truck? I'm not holding 53 000 pounds in a trailer just not my use case so um It it's one of those things is what are you trying to accomplish first? Then you start thinking about the tooling that you're going to build around it You're going to build a website cool. You're going to build a social media platform that needs to scale the size of facebook All right. Now you have to think about a completely different set of tools for those same seemingly similar things um, you know, they just updated the Um secure boot systems in there. I'm not really familiar with the tpms inside of xcp ng though I know they're doing there. There's some stuff you can do now with a secure boot I don't know all about the tpms. I haven't really dove into that topic because it hasn't come up very often Most of the workloads that our clients are running majority of them Well, with the exception of small businesses that use it for you know, your one single windows server hosting But the majority of the use cases that come up for xcp ng are almost always linux workloads people running a bunch of linux servers So a lot of the consulting we do is getting their xcp ng server setup Often shunas is going to be their target for storage. Um, sometimes technology and Then we're doing the consulting and they build the workloads on it. We just make sure they have a platform by which to build on So that hopefully makes sense I say hopefully I'm going to wind this down in a few minutes. So I'll give a 12 more minutes of questions Um, I don't have any new hot sauce recommendations because I haven't bought any new hot sauce Uh, I've been using the old hot sauces a lot So If you wanted a single wireless access point behind pf sense router appliance, what we're not in unify, would you use? um I don't know Maybe I I always go with the unify because they're easy easy to manage, um I mean the tp link one seemed okay If you're looking for something budget friendly, um, I've tested Some of the aruba equipment and I have a friend his msp uses all aruba equipment And they're really happy with it. There's nothing about it that makes me a matter of fact We've done some install work for them We did the cabling and they installed all their aruba equipment and it all seemed to work fine. So I don't I don't really have any Feelings about aruba one way or another What hot sauce have you been using the most? um I've been eating a lot of eggs in the morning, which I usually don't do and for whatever reason you can call me out on this I like tabasco on eggs. It's the most basic hot sauce But tabasco plus eggs always is just like this the way it should taste to me like that combination not others Um a steve o's hot sauce for your butt. I've talked about that one before. I really like that one too I wish more applications to be compatible. Dr. Linux. Uh, it depends what where where workloads you're working in because many many applications are Um, Linux based, but I mean if you're talking about quick books and small business apps Yeah, the small business quick books or occasionally Sage those are two hugely popular ones and then all the line of business applications for small business Like, you know, I brought before like the carpeting company We have well few of them and they all run the same software that all is windows based So yeah, some of the line of business applications are windows based for small businesses but By the way, we had issues with multi-wan on to send you 100 using the copper switch ports Turns out that you actually have to use the expansion intel card. They sell, huh? Ah, yes, that mean I love that interview with damper era. He's awesome Oh, yeah, marie sharp smoke and marie. I do love that sauce that one's really good. I don't use it all the time But I really like it Uh, if you don't you work with maraki go. I have not touched maraki go Aruba is an hp company if i'm not mistaken Oh, let's see Best pizza place that goes, uh, they got hot honey out there I don't know I have no hot honey. No cheese toast and Uh, yes I feel the same about quick books. Not a great product Uh, Tabasco on chicken and waffles is definitely good Yeah, quick books is always always user issues. There's it's never just working If you don't want to work in automation with terraform, nope, I don't use terraform We're not we're not really a terraform uh place I don't have anything against it. Which is not what we are doing I need to back up my backups of credit card data back up to the cloud or buy and ask what do you recommend Uh backup my backups. I mean you have to have geographically separate ones And if you don't have two places to store it the cloud can be a good place to store your backups to have that geographic separation Ooh philly cheesesteak jalapeno cheesesteak. Yeah Yeah, there's definitely um Philly cheesesteak does sound good. Now I gotta think about food Food And they'll probably have food at the uh event. I'm going to We'll find out All right. Well, I gotta wind down to get going. Uh Yeah, facebook makes my eye twitch, but Yeah, that's um quick books is definitely quick books, you know quick books. Maybe you're twitching a little more There's there's no doubt. It's definitely I it is a lot of support So is sage to some extent sage can be kind of quirky at times, but definitely by far quick quick books. So Uh, do you have a tutorial on how to restore linux service from config? Or if not any recommendation for you to show your earnings Yes, uh, j talks about how to you j from learn linux tv learn linux tv The youtube channel has deployment uh videos. So how to do that? So hopefully that makes sense I don't have anything like the death, but he's got full he he does it with ansible. Uh, so he has ansible scripts that do that Advice you're moving from help desk support to linux admin learn linux admin find a job doing it There's there's always people's hiring and you can probably find a job with a um being a junior admin it is you know the hiring is a big mess and uh It's I there's so I I know people who own businesses who deal with people who constantly lie to them about their skills That are trying to get jobs and they get exhausted dealing with them And I know people who have really good skills that have a trouble getting their foot in the door at these places because they're flooded with people Um dealing with it. It's it the hiring and vetting process is difficult in it. It's that's the best way to describe it. Um I Yeah, there's it's it's an aggravation at a high level that it's not fun to deal with at all Why do people like proxmox over esxi pretty much the answer is going to be open source and free That's those are um the esxi. I think they have some tier they offer for home users But you know you take something proxmox or and I'm a bigger fan of xcp and g but the same answer applies People like that large expandability you get with all the cool features without having to pay the licensing fees that esxi charges So hopefully that makes sense But nonetheless, i'm gonna wind it down here. Uh, thank you all for joining smash that like button Actually, we should I can't switch to that screen. Oh, yeah, I can I can share How do I get it there? Do this And then do this Now what hit that we got 55 likes Let's punch up the like buttons a little bit before you want wind us down Uh Yeah, gpu pass through is definitely a thing Zfs is another feature. Yeah, that's a zfs is a great feature for uh proxmox So and zfs is also supported inside of xcp and g So i'm just gonna be fair because you know my preference is xcp and g but I don't hate proxmox Just because I like one product and don't use the other doesn't mean I don't think people should use it I think if you're good at proxmox and you're happy with it Awesome use it. It's it's nothing j uses it by the way and j i'm i'm good friends with j from learning cv And he's a proxmox user and i'm also friends with craft computing who's also a proxmox user so Hopefully all that makes sense ah All right, thank you very much and everyone take care Look at all those likes try and get it to 100 we're almost there Well, maybe maybe it'll happen in the post. Thank you. At least we got 92. I very appreciated all 92 of you who clicked on that so Thank you