 And welcome to The Home Lab Show. This is episode 46, Dev Q&A. We had a lot of questions. Well, you had a lot of questions. We had a few questions for our own. Me and Jay, we probably should have hit record when Me and Jay were just talking about SSH keys, now that I think about it. So- Yeah, because we can always edit that out of the one that goes out to the podcast networks and then the people that are streaming live could just hear us ramble on and on about whatever the heck we're rambling on about. Might be fun for some people. Yeah, we dove a little bit into the topic of SSH key management. And there's always challenges around it. So it's gonna be a feature thing where Me and Jay dive deeper into it as an instructional tutorial video. But let's get into this show here. And this is a Q&A episode. But first, the question is who's sponsoring the show? And I believe that's Linode today. Well, I'm pretty confident. I got an email from them. They are still sponsoring the show as of right now. So everybody knows. I know someone has asked us, and we don't have any inside information about the acquisitions and things like that. So that's as much as we don't know anything or we'd love to share information if we could. But speaking of the sponsor, Linode, if you wanna talk about some of these projects or you need a place to do some of these projects that's not in your lab because you need it pushed out to a public IP address, Linode is a great place for that. And if you're listening to this podcast, you downloaded it on whatever podcast app, it was pulled from Linode because that's where we actually have the server hosted, the WordPress hosted, we stick the files up there so you can download them, get the RSS feed. However you want to acquire this podcast, we try to make this really easy for people that go, I don't even like to use a phone or anything like that. I'm too privacy oriented for these phones and just download it. We try to cater to everybody on that. Linode has been a great partner to work with. They've been a great place to host projects or extremely dev friendly. This is one of the things that makes them great with all kinds of flexibility and options and lots of predefined scripts. So as we go through the podcast, you want to try out some of the things we talk about. We talk about quite a few of them that are completely available for just a quick click, install Linodes. You can start play with them, get them up and running fast and then of course tear them down and build them from scratch. So you can do all the learning yourself because that's where the fun begins. And if you like to do that with Linode, we have an offer code of Home Lab Show. So head over to linode.com slash Home Lab Show and sign up if you're interested in using it. It's a great service. We highly recommend it and we actually use it. So it's not just like a sponsorship thing. We were using it before we're having them to sponsor us. We'd still say nice things about them if they didn't sponsor us, you know, but I shouldn't do that in case they listen. No, no, they've been great. And I've been using them before they were even a sponsor of anything. So it's like when they asked me, do you want us to sponsor? I'm like, yeah, yeah, I've been using it. I'm already familiar. I don't have to do any research. So it's always great when you have a sponsor and you don't even have to read anything to find out about them if you already know. Yeah, when they offered, we're like, yeah, we like this product. So thumbs up to them. All right, let's jump into the Q&A. But first, because we talked about Ubiquiz last time, I will mention since that I have made a video and I can leave it in the comments, but it's easy enough to find on my channel. I mentioned, Jay had a video talking about how to set up Ubiquiz and I understand now some of the comments that people had and I want to do some clarification of, aren't there more than one way to set this up? And there sure is. There's nothing wrong at all with the way Jay did it. There's nothing wrong with the way Tom did it. But because there are different methodologies, I broke down one of the other methodologies. So Jay has the ones where Jay goes further than I do in my video because he explains how to set it up for some of your Nome login and a couple of different ways of managing it. But I specifically, because people had asked during our last episode, hoping we'd dive deeper into Fido U2F, I did a Fido U2F key video with these and that's actually what brought up the SSH key management questions of how do you handle multiple ED2519 keys because when you use Fido, you end up with an ED2519 underscore SK key and there's some logic in the SSH copy ID that won't copy both keys on there. So that might be a later show topic to dive into that. I mean, easily you can copy them manually by typing SSH copy ID dash I and specifying each key. You could create a config file and identity file, but that's what took me and Jay so much time to discuss because there's like more than one answer and they're both correct. It comes down to your methodology and Jay actually had a clever one of unencrypting and re-encrypting public key files, but that would bring us probably way off topic. Yeah, it's just like there's always a workaround and some kind of crazy kung fu command line stuff that gets you through certain things, but then you start to wonder if you're over architecting the solution. But sometimes it's cool to do so though. That's why we have homelab people because we love to over architect the heck out of things. It's such a fun learning opportunity. I truly enjoyed the reading I had to do and even some of the RSA, there's an RSA presentation, actually a lot of them you can find, they're all on YouTube, they're free, you can watch them and there's specifically one on FIDO U2F so they cover the entire breadth of everything FIDO U2F can do. I narrowed it down specifically to FIDO U2F UB key and it's just fun doing these deep dives and technology with stuff. That's why I think you're here as an audience and that's also why we're here to like have a big game of show and tell. Pretty much what we do for a living, right? It's a technology show and tell. Basically. That's a great way to describe what we do sometimes. Yeah, for sure. But we have people who sent questions and we love to answer those questions. So without further ado, where should we start? Well, I just want to, I mean, I could start with a quick one. I mean, I don't really have much in the way of answers but I do want to address this because I think this is something that most, or not most people, but a lot of people want to know about and it's one of those things I want to dive deeper into. And that was a question about, you know, core boot as a BIOS option, you know, like why would you prefer one over the other? So one thing I'll say first and foremost is that open source, I always prefer first unless I find a reason not to. For example, I'll try an open source solution if it doesn't work or it doesn't fit my use case, then I'll go a different direction but I always consider open source first. So when it comes to core boot, I'm pretty much just going to consider that by default. Now I have a few systems with core boot and I have several systems without it. And I don't really notice a difference between them other than the implementation of core boot. And this is interesting and I don't really know why this is yet. There's no options. There's no BIOS screen in this core boot implementation and I use this just, it boots, right? You could press a key to boot to a different device if you wanna wipe your OS or something like that. But there's no options. Like virtualization is already enabled and there's pretty much sane defaults. I don't know if that's normal or if that's the implementation from system 76. I like configuration screens but I don't know if that's typical of core boot. But I would say if you can get core boot, that's great. If not, it really matters. I mean, it doesn't really matter unless it matters to you because with Intel, there's security issues, there's privacy concerns with some of the blobs that are in there. And whether or not that matters to you, well, I mean, does it matter to you? I don't know, it does it. So I guess that's the big question there. I think it's a matter of politics or I don't know if there's any individual that's gonna be a target of a hack because they have non-open source BIOS. I don't really think, unless you're dimming the power grid with your home lab, I really don't think anybody is really going to care what you're running. And especially if you follow our advice, if you don't make your systems publicly available anyway, you could argue lateral movement might be a problem but it's probably not going to be concerned but it's just a matter of your personal beliefs. I always try to look for open source first and if that open source solution fails me, I'll try another open source solution and if none exists, then I go a different direction. But Coreboot has been one of those things that has served me very well but the bigger problem is at the end of the day, it's not really much of a choice, is it? Because do you have the means to reflash the BIOS with Coreboot? You might, you might also brick the motherboard. You might also have to get some hardware. I forgot what that's called. We have those little clamps that clamp onto the- Oh yeah, yeah. We can just tag and reflash it. Yeah, I mean, if you could do that, that's great but sometimes that's required because I remember one time a ThinkPad model that I have was actually listed for Coreboot support. I'm like, well, that'll make a really cool video. How about I just install that and see what happens? Then I read the instructions. It's like I have to actually connect some cables and do this and it exposed the motherboard and just I'm like, I don't wanna do that. I mean, I can do that but is it worth it? Probably not because the average person isn't going to do that because usually Coreboot is not going to be very easy to just drop in replace unless the vendor does that. And System76 has done that. They've taken a laptop I have that has proprietary BIOS on it and they've engineered a Coreboot update to where it just firmware updates into Coreboot. Like it's not even like a process at all. You just do the over the air. I forgot what it's called like the FW update command. Oh yeah. And just go to the next version of the firmware which System76 just made it the Coreboot version and then everyone gets Coreboot. That's great if a vendor does that but if it doesn't support Coreboot out of the box then I would argue there's probably gonna be some kind of some command line kung fu or some kind of physical contraption you'll have to make in order to get that on there. Yeah. It's really definitely tricky because it's such a small niche of things to support it. Cool. If we're moving more that way obviously I'm a huge advocate of open source and I'm hoping we all move that way but it's just not realistic or available to a lot of these systems. Right. I hope that Coreboot just becomes so popular that it's everywhere that'd be great. You know if it becomes a standard even better that'd be awesome. Yep. So this is an interesting one and someone has a use case or edge case here where they live in an apartment and I guess they have some computers in their garage. Now what they're worried about is someone tap in a line. How do you deal with the data transmission that goes across the line if you're physically networking it between two locations but there is some middle area where someone could physically get access to it. Obviously this creates some huge issues and could someone potentially. Now the statistic likelihood we're really extrapolating here because the likelihood is someone will see a network cable and not just do something dumb like cut it and actually tap into it really, really unlikely. You can though set up a port tap on here ways you could try to mitigate it. It would be like, you know you could do some locking of MAC addresses or port locking that might help. Honestly though, if you worry that this person hand was should I encrypt everything on there? Honestly, it's not much of a risk factor. We'll just throw that out there. This is a case that you think someone's gonna stop in split the wire, put a tap on there and listen, I mean possible. Yes, plausible, not as much but what you can do is just make sure everything's encrypted as much as possible. This is good security practice in general. This is even when you're doing things like having local data moving back and forth. Can you go a level deeper and encrypted? Most of the time the answer is yes. Even if you're using self-sign certificates internally that's fine because even a self-sign certificate is encrypted. Now of course if you are using self-sign certificates there's the potential that this person then could manipulate the data. So you're back to kind of square one. Could you go further and wrap your tinfoil hat really, really tight and set up VPNs between each device possible? But now I think you've gone over the top with it. But I brought this question up because it's kind of I think a lot of people when they are getting into computers they don't always look at the threat modeling starting by the most plausible things. They sometimes start looking at all the edge cases around there. I frequently just for consulting we do we find people who start focusing on things like that. But what the reality is you really need to look at the most likely, most plausible things first. And once you have all of those all the other things like how your different protection levels work do you have good passwords? Do you have 2fh turned on things? All those things are things you need to focus on because it's just the likelihood of you having something and it's just unlikely someone's going to most people see a wire and do something malicious like I'm gonna cut this wire because it will injure someone and I'm a vandal. Right, exactly. But I mean, I think one point to consider here I think this is basically the same as what you're saying is that if you focus on something that's not likely to happen and that's what you're focused on it doesn't mean that you shouldn't necessarily focus on it because you might wanna learn the security of improving that because that'll transfer over to a company. But what are the odds that someone's going to actually do that? And what's worse is you could be neglecting a more likely scenario. I mean, maybe you have a password while it's a good password perhaps maybe somehow it leaked out into all the tables out there and someone could get into your server from the outside via a remote connection. So at that point, what's more likely someone to tap your line or someone to use that vulnerability or that easy password because let's just face it if something is publicly available the whole world is trying to get into it. I mean, that's a bigger problem. So that's what you should focus on. But then if you're looking at is someone gonna tap my wires? Well, think about it like this. In my office here, if someone wants to if someone breaks in already all bets are off if they wanna just get a hammer and just bash my equipment they can do that if they have physical access. So once someone has physical access, all bets are off if something is exposed to someone like I said, they can cut the wire. But in all honesty, if someone breaks in to this studio, they're probably going to grab the PlayStation 5, they're gonna grab the laptop and that's what they're gonna go after that thing with all the blinking lights they don't know what to do with that. Chances are if you have, I mean you're probably not that kind of person I would hope if you have a career in IT where you know how to properly dismantle a server and steal the server. But in all honesty, people wanna get in and get out they're gonna grab your PlayStation they're gonna grab your Xbox whatever you have your laptop or computer and then they're gonna be out the door. So if someone has physical access to my ports I mean, I do disable all the ports that aren't used it's just habit honestly. But if somebody gonna break in and the first thing they're gonna do is hook a laptop up to my switch, probably not. The PlayStation 5 is right on the way into the data closet. So the first thing they're gonna see is that game system in a 4K TV and then you're just kind of focusing on the wrong thing here. And if it's a shared garage, like you said they'll cut the cables. So you probably just wanna make sure there's some kind of conduit or something that the cables are in some kind of metal thing to where it's harder for them to break in to be a little bit more determined. So just work like you said with the most likely to happen and then work your way down from there. Exactly. You know, it's kind of a little bit on this topic is we had a unmanaged business who hated the cloud. The cloud is a scary place for someone can steal your data but they own their big business with three separate locations. So we set up a VPN and did the data redundancy across the locations then their internal ID person after we got the VPN up and running at some later point, we don't know they're not a managed client opened up his QNAP where all the data was destined to. And if you've watched my recent video on QNAP you know that QNAPs have been the target of a lot of ransomware. So his opened up QNAP got ransomware. So the threat modeling of I'm afraid of the cloud they decided to open ports up instead of using a site to say yeah, the site VPN between the locations but they wanted easy external access and didn't bother calling us to help them configure another VPN. So they just started port forwarding things. So once again, risk modeling they were scared of the cloud and then opened up ports on a local machine thinking they're too small to be attacked. That was kind of the attitude they took. And I said, well, this is not recommended. And then they called us because they want to know how to get ransomware off a QNAP. And I'm like, well, there's the good news is the Bitcoin amount was hard coded. So Bitcoin took a drop. So you can pay less money now. Hilarious things in this industry happen when someone thinks they know security. And let's be honest, none of us know security, right? I mean, we could know enough about it to secure things. But I mean, even the most extreme security person and there's gonna be things even that person doesn't know because it's like a endless thing. There's just no shortage of things to know. But then you have some hilarious things that happened. Like I remember when this was quite a while back but it stands out when Firefox started to show this warning when your logins aren't encrypted. Like if you go to put your mouse cursor into a username field and it's not a TLS site, it's going to let you know that it isn't encrypted. And then someone submitted a bug report to Mozilla directly. Like I don't appreciate this. I can't remember how it went, but I don't appreciate this mine. I know my site is secure despite this message. I need you guys like to fix this because it's just like causing all kinds of problems. And he kept demanding his site was secure. I got to a point where, and I don't advocate this, someone that's following the comments literally hacked his site. And then in the comments said, well, by the way, I hacked your site and I broke right in, had no problem. So yeah, you're really not all that secure. So you're just proving the point that we really do need this warning on there. Yeah. Oh my God, I love it. So much fun. Now, this is an interesting one here. And there's actually a lot of tools out there to do this but let's go with some of the basics. I'm not, this is not a full guide, but someone says, I've been considering starting a WISP or wireless ISP in my area to buy better internet connectivity at a better price option that are currently available. Given your collective experience, how would you go about this? Where should I start? Well, one, don't just go with the plan. And this is a business plan thing. Don't start with the plan. I'm just gonna do it for cheaper because that's not always a rational way to start a plan like that. I do know from my experience of working with WISP in rural areas, they don't often work on high margins despite paying quite a bit. I know from the people that provide internet to where my dad lives in a very rural part of Michigan, it sounds expensive because it is. It's like $130 a month for very slow internet, but they're the only option and someone's able to probably price gouging. Actually, they face a lot of expenses keeping up all these towers with a low density area. So the first question is, is it a profitable venture? Can you do it? And is there a backhaul provider? So if there's an existing WISP, there probably is a backhaul provider, but it's an important factor if you're gonna divvy up the internet because sometimes people contact us, let's go, hey, I have one gig internet. I'd like to sell one gig internet to everybody. Well, technically you're not. Everything comes down to fraction after that. So make sure you do the math properly. Make sure you understand how much the backhaul is going to cost to get it there. Then you can look at things like, there's two big companies in the WISP market. There's CABMIUM Networks. I probably said their name wrong, CABMIUM or CABMIUM. Is it CABMIUM maybe? And I always say it wrong. If you Google it, Google will fix it for you because I spell it wrong all the time and Google still lands me on their site. They sell a lot of WISP equipment and so does Unify. Unify actually has, I don't know if they're still offering it one time, they were even offering some financing and funding to buy equipment from them to start a WISP. They even have the whole billing system. And I believe CABMIUM has this too, where the billing system gets integrated into your WISP equipment so you can properly charge. So that's kind of where you start on it. Where you land, once you start pricing out what it costs for a tower and things like that, you're like, oh, because we worked with the local municipality and the tower cost was quite expensive because it's something they're considering doing because they have, Comcast says there's not enough density to provide internet there. People don't want to buy houses where they can't have a high speed internet and there's not another option. So the city's thinking about putting it in. The city's got to the phase where they called, how much is it to put a tower up? Oh, that's kind of a lot. And it's just all the little things you have to consider in there. So you have the equipment fee, how you're gonna build your fee structure, how you're gonna recoup the cost of putting a tower up and then you have to do a lot of site planning. Now the cool thing is Unify actually has under sight some of the site planning tools. This area they're at is relatively flat, which means really tall tower where my dad is at has a lot of hills. So they were lucky and they were able to get the back hall wired to a tower that's also on a hill. Downside is there's a ridge and it cuts off half their customers. So what hill you choose can be very difficult. So there's actually a lot of stuff that goes into the planning of building a Wisp. A lot of tools are out there and there's a few people who have done really small versions of it. I try to remember, I think it was someone on YouTube, but if you type in Wisp, you find it. There's a few small time people that said, hey, I got this small area of, I know all the neighbors and I want to provide it. I mean, that can be a simple thing where you just share the bill and maybe you're kind of a Wisp, but be careful. Read the terms and conditions of your provider. Make sure they don't stop you from doing that or you can get in trouble for doing that type thing. I mean, I don't know the legalities of your area. You'll have to look, but Unify and Cadmium are your two hardware starting points and that's more of the consulting we've done with people is like the network engineering side, the pricing and billing side. I'm sure there's a lot of guides out there. I don't know them, but there is an event annually I will mention called Wisp-a-palooza and it's a big event for people who are, where all the Wisp people come together to discuss ideas and things like that. I've never been, I just know a few people that have gone and asked me if I would come there because I talk a lot about the site-to-site equipment and we use some of the site-to-site equipment. We just aren't a Wisp or get directly involved in anything more than network engineering side of it, so. Yeah, I would say could it be profitable? Maybe, but also keep in mind that the back-end providers really don't care if you're profiting or not. And like you said, some of them may not even want you to do it in the first place. Just to give you an example, like my internet bill here in the studio is 250 a month right now and I got notification and I'm trying to fight this that Comcast decided that I should be paying 600 a month for mine and that's what they're gonna try to force me into. So if I could reshare my internet connection and if I was doing that, then it's gonna become a lot less profitable when that bigger bill comes. So there's also that. But I think I did read or hear on, wasn't it security now that one of the people that writes in every now and then has a Wisp going on, I thought it was that show, but I could be wrong. I don't recall exactly. I don't remember that being mentioned. I think there was a few episodes. So maybe search for that because I think I remember that person having a video and some information about how they do it and that might actually be helpful. So if you have some kind of a price guarantee from the backend provider and they have in their terms and conditions that they don't mind you sharing that then you might be able to pull that off and depending on your infrastructure like your land or whatever, that could help or actually hinder you depending, right? Take all that into consideration and see who else has done it because I'm sure, and I've seen this before, like I've never seen a Wisp provider that was secretive, right? Usually someone is like, well, I figured it out. You figured it out. You figure it out. I'm not gonna tell you because that's my advantage. I haven't heard a single Wisp person like that. They're like, yeah, you wanna stick it to the big people. I'll tell you exactly how to set up a Wisp in your area and they'll just give you all the information that you could ever want and they won't hold back. So if you want information, they'll give it to you. Oh yeah, you'd be shocked. I mean, really with all the people there, I've talked to even like where my dad is serviced, they're all super nice people. Matter of fact, we negotiated and we were able to get my dad a discount by putting a tower on his property because his property is a relay point because he's at a high point to a bunch of other people in another area that are down and they can't get access to the main tower. So my dad's actually a relay point for a few other people and everyone where my dad is at, so it's picture rural Michigan, everyone's at least six acres apart from each other. So it goes, when we say neighborhood up there, it's not like the suburban neighborhoods we have in the Detroit area that I'm at now. It's a very spread apart. So Wisp is the only way it's impractical to even consider running some type of lines out to all these houses. So yeah, and all the people I meet in the Wisp industry have always been really cool and most of the time they're nerds like us who started going, how do we get better internet? And it turns, it goes crazy. So. Too bad you can't have like a small little broadcaster that you just hook up to a drone and just send the drone up and have like other drones that like trade places when the battery from one gets low, the other one goes up and it switches to that one and then you don't have to have a tower at all. Yeah, I don't know. There's probably some crazy creative way to do that. Although I doubt the equipment is light enough to be carried by a drone, but you know. And also with things like Starlink coming out, you're going to see more connectivity in those rural areas that has a lower startup cost. Starlink is, you know, not going to be great latency for gaming, but it's not bad for people who just, you know, better to know internet. So Starlink is, you know, becoming a lot more popular. I think it's going to create a lot of competition and fill in a few more gaps in areas. So that's something to consider like the long-term viability of the Wisp in the area. If there's already one Wisp, do you want to try to compete with that Wisp? Because then the next competitor entering that space could be Starlink. As I said, the latency issues are going to cause other things versus that's, you know, Wisp will have advantage over that, but it's just all the things and factors to consider it. I would say if you are an individual that has solved these problems and this is what you do, and you have creative solutions, please write us. Please send us a message. And we'd love to hear how you did this and how you solved this problem. I think that'd be fascinating to find out how people have actually achieved this. And especially it'd be great if they achieved it with a very low budget because that'd be even more awesome. Yeah. Someone did ask a stream, did the Google blimp thing? I don't know what ever happened. It had, it was, it was Google had a series of like hot air balloons or something or not hot air balloons, but blips because they weren't just a lot of air. I think they were like helium field that would float around and provide service. I don't know what happened to that. You can Google it, it's outside of. Yeah. I would say that it makes sense though, because a lot of the decisions that Google makes were made by people full of hot air. So why not have hot air balloons too? Yeah. Yeah, that's true too. And it's also the joke about, will any project with Google survive any length of time? Who knows? That's not a question we always have an answer to. We still have Gmail, so that's something. Should we talk about the DDNS service options? We could, but I don't have much to say. It's a little bit more of a correction, I should say. So me and Jay brought up and we had talked about owning your domain and we did one of the podcast episodes about that, but one of the things that people said, well, hey, hover doesn't have DDNS. And that's true, the detachment is the DDNS service does not have to be attached to who you bought the domain from. There are plenty of dynamic DNS ones. This person specifically is talking about using PF sense in their dynamic DNS. Now the good news is there's a very long list of a huge number of providers of dynamic DNS. Dynamic DNS is separate than the domain. So yes, we know that hover doesn't support it, but there are a lot of them out there. Now the next question is, which one's a good one? And I really know because my IP address doesn't change that much even at home. Now we have statics at my business, but even at my house I do have DNS registered and I just update it if my IP address changes, but it's so rare. So I don't know or have any preference for one particular service. I've run into people using a variety of services. I don't know the name of all of them, but pretty much the ones in the PF sense list, try each one. Many of them have a free tier you can try and move up to sometimes like a few dollars a month. So in the unpaid versus the paid tiers are often more related to whether or not they allow you to do your domain, how they handle the DNS for it, or how many requests they have different, you know, different pricing. It's not usually a free service, but it's a very low cost service. And then you create the, you go over to where you're hosted and either A, sometimes they have an option, maybe you change your DNS servers, or B, creating a C name to match the dynamic DNS name you have assigned. So that way your domain name or any sub extensions there of sub domains are all tied to your IP address. And if your IP address changes, it will change with it. So there's definitely options out there to do it. I know, you know, because you can do DNS on Linode, does Linode offer any type of dynamic DNS? I know they offer DNS via an API. So you can do service. I don't know. I never looked at it because my solution, I don't use this anymore because I have a static IP. So I'm out of the market for this kind of thing officially, but I know the majority of our listeners don't have a static IP because that's just like the added, I guess that's my benefit with paying $250 a month for my internet. But what I would say is that the C name idea you have is absolutely the way to go because you don't care what your DNS name is at that point. So I used to use, and I think they still exist, DNS-O-Matic was mine, and I could have several different services in there, which is what I really loved about it. It wasn't just one. And then when you have that long DNS name that's gonna be, I don't know, some number of characters dot something, dot something. It's not something that you can remember. You take that into your DNS provider. So if you bought a domain from Hover, for example, you create a C name and you drop that in there, home.yourdomain.com is a C name to that other dynamic DNS service. So for example, I had like vpn.mydomain.com at one point and that was just a C name to that dynamic DNS provider. And that was all I needed to do. So I don't really feel like, I mean, it'd be great if you use it through PF Sense and it works, but I would just use DNS romantic and then just tie that to a C name with your domain. And then at that point, you don't even care if your DNS provider has a dynamic DNS or not. You know what Jay, I feel like we need to do an episode on DNS and C names and that. I kind of sworn we'd have, now I got to look through the, sometimes it would be recorded at this point. But you know, we all know the joke. It's always DNS, but the reason it's always DNS I say is because a lot of people misunderstand DNS. They have a hard time understanding some of the fundamentals of it. So yes, there's a, oh, actually someone just commented, LaNode is listed in PF Sense as a dynamic DNS option. So I did not, this is a comment I see in the live stream here. So thank you very much for that. I don't have PF Sense pulled up to validate if it works, but cool that it's on there. So that's actually something that might be worth playing with in. Yeah, we can always, I think we did one on domains, but we'll dig through. This will be some show topic ideas as well. We love hearing from all of you that's where all these questions drive us to the things. We want to make sure we're teaching the class, everything. Everything we know. And then we always learn from you of what are some other things you want us to cover. All right. And I haven't used DNS for many years, but I am on my laptop right now. I looked it up while we're talking. It does exist still. I mean, I assume it's every bit as awesome as it was when I used to use it. But again, you can have multiple services tied to it, which is great. And that was like the killer feature for me. And then you just set up the C names accordingly for the different things that you want to map. And then you can just remember the C names. You know, you might have VPN.yourdomain.com, server.yourdomain.com, whatever it is. And then you can just have the names match. So just try a C name. I think it's easier. On to the next question. There's actually, this is the point of a lot of confusion. This is how to handle permissions, specifically we're talking about like Windows File, SMB, permissions within TrueNAS. Now there's more than one way to handle it. And it used to be a third way. Now the third way is old. So if you find old documentation about how to set up a FreeNAS, not a TrueNAS, a FreeNAS server with Active Directory as an Active Directory server, I believe that's a functionality that used to be in and later they got rid of it. It was never great. It's not like they were getting rid of features. They were getting rid of features that didn't work well. They did a lot of retooling over the years and it has a tie-in now in the current version 12 of FreeNAS or, well, sorry, TrueNAS, version 12 TrueNAS Core or the more recent release scale. They both have Active Directory plugins. Scale was released yesterday. I haven't dove into it, but so we'll focus on doing this in TrueNAS Core. It should really work the same in scale. If you have an Active Directory server separate and you wanna tie your TrueNAS to it, yes, you can, it will tie to it. And then the Active Directory server will let you know where the users and permissions are and then you can set those user permissions on different Samba shares. But what if you don't have that? What if you're someone who has a home lab and you have you and your wife and you would like to share files or you and anyone else on the network really, maybe you just have the kids or friends over, whoever it is, whoever that person is you wanna share but not share everything with, you can create folders and then you can create permissions on those folders. That gets really tricky. I've got a video on how to do it, but what makes it a little bit easier is in fact you can create groups and then assign those groups into the permissions. The downside is there's not a lot of amazing documentation on how to do this other than the video I made for it. They have some good write-ups to get you started but you basically create two users and you can create a group. Maybe you will call that group the photos and we wanna have a shared folder for photos or a shared Samba share for that. You can take each of those people, put them in that group and you do that all through the interface and TrueNAS by taking person A and person B and put them into the same shared group for photos then they can both read and write to the photos folder but then they can also have other folders that they independently have like my personal files for person A and my personal files for person B and they would not have access to those they can be on the server. So it can be done, it's a lot more rudimentary when you don't have something like an actor directory server installed but there is a functional way to do it. That was basically what I covered. I will probably do because there's been some updates and changes since I did my video. You can look at it and the changes are minor enough that if you watch my video even though the interface is slightly different it's close enough to the same that you could probably figure out what those extra boxes are because well there's little question marks next one was to describe them. So you can follow my old video but I am making some new videos now that scale is out and now that a core is at, well really feature complete at 12.U8 and I know they're coming out with 13 but I don't think they're changing much and sharing so I will do some updated videos soon directly related to like how permissions work and how some of that functionality is but it is possible to do. It just doesn't have its own like normal right click change permissions and set permissions on that and there are further extended permissions you can do from the command line so not just at the share level or the dataset level but even at the folder levels within the dataset but that's a lot of its command line driven still and I actually am going to dive into that so I can put how to do and how to assign permissions from the command line and set groups it's on my to do list to kind of make an explainer so the question comes up from time to time it's also nice to be able to know how to do it from the command line as you get a very precise level of control to go in there and say assign this user this group to this and set all the data on there so that'll be an upcoming one and what do you call it a little deep dive into all the little permissions it's definitely the most common topic when people set it up is getting all the permissions right with true and ass and I'm going to give like an alternate poor man's way of doing this because I totally get it like directory servers are pretty cool and if that's something that you want to learn you should learn it especially if you think like it's going to help you at your job there's no better way to practice than giving people shares and access to those shares and trying to centralize the passwords that's all fun but if you don't care one poor man's way to do it I know there's flaws okay I'm not going to just pretend like the solution's perfect that's why I say the poor man's solution is when you have the different computers in your home lab or in your house you can set up a dynamic DHCP reservation where that particular machine always gets that IP address when it gets an IP address it's always that one so you don't have to worry about somebody like you know I mean you probably do still have to worry about spoofing if anyone in your house knows how to do that but then in the share you lock the share to that IP so only that IP can get to that share so you could have like a kid's share that has all the stuff that you share with the kids in there and then their IPs are able to access it and their machines get a reserved IP from the DHCP server so they're always going to get the same and then you can do it that way now obviously there's flaws with that if there's anyone in your house that's very good with computers they could spoof the IP address and get into whatever share they want but assuming that's not the case and that's all you're trying to do that might just be the quickest way to fix it Yeah, so there's a couple different methodologies on there that you can do to get that working Yep All right, what's the next question in the list getting down to the bottom here We're getting pretty close so I wanted to touch on this one because someone wanted to it was RP where the initials asked about documentation you know that's a good thing to ask about because we definitely want to document how we do things and you know you could argue that automation when you write the code is documentation of it by itself but that doesn't really always work because for example, when I take notes there might be a command that I use but I don't use it all that often and there's some command options that I don't use all that option or that often so I'll just put them in a document and then I can go back to it and read it it's a lot better than the man pages in my opinion because I have it down to just the options that I use but that's a real issue, right? Now I'm going to suggest a different way of documenting that's going to at the same time teach you how to use Git this is very important so the idea is that in your documentation you don't include any private keys any passwords or anything that's potentially going to leak out or be a problem and what you do is you write your notes and mark down and then you commit them to GitHub now when you view them in GitHub you'll see it rendered in mark down and it'll look great but at the same time you're practicing mark down you're practicing how to commit to a Git repository and work on a Git repository at the same time you're documenting your home lab so by doing it that way you're learning all like several different things at the same time in exchange for the documentation because I know usually when people ask this they're like, is there a self-hosted documentation server that I should use? Yeah, absolutely there's a bunch of them but before we get to that I recommend just doing it manually in Git because like I said, you're learning mark down you're learning how to contribute to a Git repository and not only that if you want to get a job someday if you don't already have one then someone like your hiring manager might actually look at your public Git repository look at this person's notes this person has a bunch of notes on all kinds of different commands they really do try to learn what they try to learn and they look at this kind of thing so there's all kinds of benefits in using Git for documentation but I think it's overlooked quite often Yeah, and there's a lot to be said about a hiring manager noticing the fact that you did a nice job with documentation and have it all nice and neat that's big because it's something you notice that attention to detail literally someone I hired a long time ago their GitHub is part of a big part of why I hired them I was like, oh look this person's like and you know they do that if they document things really well they're probably gonna do it at work too if you know if they're doing it for personal and it also goes back to the community I love when I find someone with a nice write up on how to do something that's one of the reasons I take the time in like the Yubiqui one I have an accompanying write up and Jay does this as well at learnlinux.tv there's the video and there's the accompanying write up and documentation to how to do something I go with a further and me and Jay actually can both agree on this one of our favorite ways to document things is make a video on it because I can reference my own video occasionally I write my own books sometimes because I forgot how I did something like when I wrote it originally but Jay goes all out he writes an entire book on things and then I forget right after I publish it and I'm like, how did I do that again? I have to read it and then find out obviously if you put all your notes in Git you'll have to censor them like I mentioned you know leave your passwords out you shouldn't even be putting passwords in clear text anyway we shouldn't be doing that but also pay attention to your notes I mean if you have a documentation article that's called when the f-ing printer falls off the network because you're upset that this keeps happening and then you commit that up to Git I mean that might be a little humorous to be honest but you know just sometimes you just have to watch what you put up there but other than that as long as nothing's personally identifiable or talking about your rage against the printer which should be a parody band name now that I think about it but anyway just be careful what you put up there because everyone's going to be able to see it but I think that's also the benefit everybody sees your documentation what you're learning they can see like how you're learning has progressed over the years you know you start out you're brand new and then as the time goes you know you reformat the notes you make them better you put more commands in there and it actually shows your growth when it comes to knowledge I think it's an awesome way to do it Yeah for sure I see someone in there put PC load letter yeah Yeah I hate that message so much or my personal favorite when the rollers on HP printers because it happens more often or at least it used to when those rollers would get smooth they'd have no tread and then it can't really get the paper in and it gets jammed and then you got to replace like five different rollers LaserJet printers are fun said no one said no one All right I'll throw at least one question I've seen a scroll by here someone had asked and it's just something it's beta so I haven't tested it TrueNAS scale did come out yesterday in full release we have not spent the time to learn anything about a Gluster you know what I mean I know it's cool a lot of people are asking about how to set it up it's not something I've dove into it's not you're working you've been looking a little bit at Seth haven't you Jay I have I'm not far enough along to speak intelligently about it it's one of those projects I've been kind of working on here and there because I do want to do a video about that Okay That would be a fun one Yeah we'll dive into that cluster we maybe we'll just do a video on like Seth and there maybe we'll have some guests come in maybe I'll reach out to someone like from 45 Drives on Seth That would be crazy Yeah we'll just bring in bring in the expert or maybe if Wendell has a few minutes I think he does Gluster so we we've got two options and this becomes two more videos we'll do one on Gluster one on Seth and we'll bring in an expert because me and Jay we have read through documentation quite a bit we don't feel confident enough to be experts but I'm sure and you know what maybe even I'll see I know they're very busy with the release but maybe we can reach out to some of the people you know over at TrueNAS and see if they want to come on talking specifically about scale and Gluster because they've been developing it so why not hear from the people that developed it Yeah that's the thing I'd like I'd like to do more often this year is get more people more guests on this podcast it's always fun Yeah I see someone and thank you very much for the donation after watching your Quad9 video I want to test my PF Sense Plus box from Cloudflare but for some reason I do all the testing DNS leak shows Cloudflare after the flush commands so you want to switch to Quad9 somewhere you have in computers will hold on sometimes to DNS rebooting the computer like Windows will do that Linux really doesn't Linux when you change the resolve file I think it's pretty immediate I don't think it caches any of it and as far as Well now we have SystemD ResolveD in there in the mix too so we're not quite using the same files like we used to depending on the distro of course you're like doing that but I think it also depends on what DNS service you're using and then also there's some distributions they have DNS caching by default so you have to look at that too because there's some security that they've added to make your own laptop if you have a desktop installation a DNS provider oven by itself to try to negate some kind of attacks and you have SystemD ResolveD as I mentioned so there's a couple other things to watch out for too Yeah one in doubt rebooting fixes it because even I've been aggravated by the fact that Chrome will hold on to DNS matter of fact one of the things that some of the some of the browsers have started doing is because they'll use what's that new one D the DNS over HTTPS Yeah Yeah the Firefox is doing this I think that's what they're doing isn't it Yes so what that what the problem is when they start doing things like that they'll go around your DNS servers and you can't just block DNS that doesn't work you have to modify the browser to get it work because if you block DNS who cares it goes out of report four four three so you can't block port for what you could block port for three but you'll have completely different problems so if you're using a browser that's also using DNS over HTTP or HTTPS now you could end up with your browser being the problem not anything related to your Linux system or your window system or your firewall at all Yeah so there's there's a lot of factors in there check the browser because a lot of the new browsers have started doing their own DNS and browsers also will hold on to DNS until you forcibly close them and restart them that sometimes is just a troubleshooting tip when you're trying to solve DNS problems this is back to the complexities of maybe that's what we do how to troubleshoot DNS all the different things that can happen in DNS maybe we should title the episode how to survive TDS or anger induced by T by DNS because it's one of those things that let me say it's always DNS I mean, you really have to look at how deeply we mean that we don't mean like oh, check DNS first and you're fine like check the zillion quirks and things with DNS and one of those quirks buried in there is probably your problem because that's just how it is and I feel like we're also kind of losing control to there's a good and a bad to that because you know some countries are censored by their government and then they you know want to get outside of that so by bypassing DNS you know if there's a weak system there they could have that or you know DNS over ACTPS could help with that as well but then in the home lab that takes some control away because now your browser thinks that it knows more about your DNS entries than you do so when you try to go to a local web server I can't find that page yeah, because you're not looking at the land you're looking at you know the upstream DNS provider of course you're not going to find it and then you have to try to find a way to bypass it it just becomes so frustrating to deal with like we like the benefits that we get from all these extra DNS features but then there's an expense to that and at some point it's like we have these you know like open DNS that uses DNS to help you know make sure your young ones aren't getting into trouble online but eventually that's going to be even harder to do and at some point worthless so DNS is my you know it's one of my favorite things about networking and one of my most hated things about networking at the same time yeah so it's it's fun and I see people already talking about trying to block DOH it can be done I've also seen with the browsers if they fail DOH you're supposed to use local DNS there was at least one update of Chrome that didn't do it it just started breaking things we know because from the business side where we managed DNS for clients we're using different filtering tools and web filtering and it creates there's so many factors that create problems with it it's a moving target that's that's for sure it it is that like oh just throw the script policy or put this particular setting and then all of a sudden an update decides it's not going to obey the settings that you did and it's like you know you're pushing a bunch more settings and things like that but you know why we work in computers so I think of all the things that we've ever invented like the internet is the most unique in more ways than one but what I'm saying is though that you have a situation where normally when we invent something we adapt that something to our needs but I find that more and more we're adapting what we do to the internet so we've created the internet and you know we're not like in control of it anymore we're adapting to it now as if it's its own thing right so all these DNS issues and all these antiquated technologies that we're trying to adapt to and then everything is just going in its natural direction I love you know security and encryption obviously I think that's a great thing and privacy is great too so that's the way it's going to go it doesn't matter if you don't like it that's the way it's going and as a result of that DNS is going to follow everything else is going to follow it's like you know we the technology people are chasing the internet to adapt to it and catch up with it rather than have control of it to adapt it to our needs because that's just the way it goes it's just kind of funny to me how this has worked out it's like the invention that's a snowball that's rolling down a hill and just keeps getting bigger and bigger and bigger and bigger until it takes over the whole town yeah that's true but hey that's the end of the questions there so very very grateful for all of you that send in the questions we love doing this Q&A episode they come and go we do so we have we have more topics for our dev random we were going to do if we didn't have enough questions but we had enough questions we do want to do another dev random because or maybe I'll just do a video on proxy pivoting or something like that I've got a proxy change video but me and Jay were talking about this and a few other topics so but we we do like suggestions from the audience so if there's different topics you want to cover different things you want us to dive into maybe even revisit topics because the reality is these projects aren't static we covered them at a point in time and we may say a feature didn't exist well it's now the future and these products as they progress sometimes have more features and more things in them so I think there's going to be more more to talk about maybe we can be revisiting some of the projects just talk about the updates and changes on there so overall we're excited and we love hearing from all of you because that's what drives a lot of this and gets us excited you know answering the questions and teaching more people about this and sometimes I when you know someone asked the question we answer it and then you know off camera I'm like wait a minute that that's a good that's a good thing that they brought up maybe I should change the way that I do things too and then sometimes my own home lab benefits from some of the things that people bring up is just so much fun yep all right well thanks again everyone and see you in the next show see you later