 All right. Ooh, got your volume down. We're gonna have an echo if I don't do that. There we go, volume is down and welcome to, ah, you know, volume, echo, lose, train of thought. Welcome to vlog Thursday number 269 today. Ah, yes, let's us figure out, all right, that's all stuff that's there. Is there anything interesting on my phone? Who tried to call me? That's interesting. I should have looked at this before, right? Man, I just wanna see who to miss call is. Oh, there's people at my office or I don't know. Oh, I know who tried to call me. Anyways, completely sidetracked, right? And we have stuff to talk about today. Things are green and oh, let's see. Tom's getting things ready. Let me get the comments ready so I can read them. There we go, I've got them all up on the screen here and then the screen behind me is just for show the fact that they, there we go. All right, focus Tom, phones off at least. Good morning from Australia. Is it morning there? Eh, sounds about right, that's cool. I'm gonna be straight up honest though. I do not plan to do this for incredibly long time because it is absolutely beautiful out today. It is 71 degrees and I want to go outside. I've been working since 6.30 this morning or so, so I'm like, time for a little break. Nonetheless, there's still stuff to talk about and try to figure out where I should start. What did I have in the title here? I think I mentioned some ZFS stuff. Yes, ZFS and security. So the ZFS stuff is, I did that video and it's weird because there's just the what about people and I was like, look, I explained it in the video and I almost need to do another video for all the what about scenarios. Like, well, what if I had more drives or what if I had this and I'm like, there's a reason ZFS is so in-depth and that's one of the reasons I link to all the other articles on that topic. It's just because I try, if I do see a repetitive question where something isn't clarified very well, I always try to answer it is best I can. Therefore people can gain a better understanding, understand how these things work. And some of my videos are response to someone who comes from the misunderstanding, you're like, oh, I'm going to put a bunch of MVMEs in this system all set them up for rate caching because we have a rate intensive application and I'm like, no, that's not gonna solve the problem you have for your performance. And this is where some of that, why I make some of these videos on things like ZFS is to make sure I want people to have the best understanding possible. And if they still decide to hire us for consulting, that's fine too, because then we can consult and help get their projects set up attuned and everything else, that's great. But I'm just trying to be as open as possible when we're doing all these things. It's a very complicated topic, but I think the more people we have understanding it, the better the ecosystem overall is around supporting it because it's just covering all those details and things like that. But boy, we have people from all over the place. Let's see. He said, Australia. And we have a good morning from Germany or hello from Germany, it's gonna be afternoon there. North Carolina, so you're in my time zone. We're in Eastern time, which of, it is 304 Eastern time right now. Come see it, Manistee, as in Manistee, Michigan, come see us on the bike. Yeah, I plan to do, I actually plan to do probably bicycle riding today, but I might get one of the motorcycles out too. I can't really, I haven't decided. Yes, you had a what about question as well. Yeah, and I do spend a lot of time replying to comments. I think it's important if something was not clear or contextual, I do reply to comments quite a bit. I always for clarification, sometimes even offering up another video. I think you had a question about metadata drives and Wendell did a video on those. Switzerland, lots of weekly nerd talk, yes, absolutely. Bulgaria, I didn't do a video on metadata and I probably should have referenced Wendell's video on metadata. Wendell breaks down the metadata in his video. He's got, maybe I'll add it to the video description to mention it. The testing's different when you're doing stuff with metadata. So I don't think it makes a big difference with VMs, but Wendell breaks down the use case for when you have massive indexes of files, then it does make a difference to have all your metadata on some type of fast storage. And so yeah, if you've got collections in years and years of small files, data like text or books or that type of data, the metadata lookups are gonna be faster doing that. As I understood it based on Wendell's video, I haven't really directly tested it myself, but so much of the consulting workloads that we do are more related to the virtualization and storage targeting. Honestly, most of the people have a fast enough server that even when they do have 10,000, 300,000 files, it's not, whatever that number is, even when it's those big numbers, it's usually not a huge issue because they're buying servers with like 256 gigs of RAM in them. So Sweden, 2005 in Sweden right now, India, Kentucky, Texas is cool. Everything's bigger there in Texas, right? Greece. Yeah, the ZFS metadata hasn't gotten as much air time. I thought about just doing a dedicated video to ZFS metadata. That way I could do a short video on it and maybe I'll reach out to Wendell who understands it and has used it better. Wendell's done a lot of that fine tuning to make sure it does it. So maybe I'll do a video with Wendell on it. Might be even an idea. Hello from Austria, Texas. Slovenia, UK. Hello from the Alps, Germany. Oh, good memory. Okay, yeah, I did remember the question. Brazil, Ireland. I don't think sync performance helps with the metadata rights. My understanding is it's a metadata, I don't know, I'll have to dive. It's been a while since I've read about it because it was such a new feature. I'll dive into it, but I'm pretty sure Wendell covered it. And if I recall correctly, he did a video in 2020, the metadata cache really just sped up the lookups of lots of small files and things like that. So that's not, that's a very different use case than that. I don't know, I'll dive through. I'm a big, as I've mentioned many times, RTFM. I will read all the technical manuals on this. I will dive deep into the, how these works, but it's gonna be, maybe I'll do another video and dedicate it to that. Cause you have, I think it's a little bit well understood. Jeff from Craft Computing did a good job on dealing with deduplication data. So that's another aspect that's pretty cool. Let's talk about deduplication. But, and that's another type of VDev is you can store all the deduplication tables on there. But I am probably gonna do a video at some point on deduplication as well, because I wanna cover it from a slightly different angle on VMs. Heard that RDMA ROC is coming to TrueDance. Looking forward to that. What do you think the supply chain will catch up with ubiquity? I don't know because I will tell you, I have had, you know, lots of conversations with vendors all over the place about supply chain problems. Not just ubiquity. Well, I've never had a conversation with ubiquity because I don't have any direct inroads or context there. But I know other manufacturers and I've talked to them, this is a real problem in the manufacturing business, whether you're making cars or anything that requires chips right now. There's not an easy answer for it. If you dig deep enough into the topic, you'll also learn that companies that are able, so there's a picture of this. There's a very finite supply. There is not, the supply number is not zero for some of the IC chips. It is not enough to satisfy the demand, but it's not zero. What that means is from a supply chain standpoint, it's a bidding war. And who has the money to bid right now? Well, big cloud companies. So this has actually become kind of a problem of who gets the priority for these things. If there's a finite amount of resources to build the product you're looking for, it's gonna go into companies that are willing to pay the most for it. And it's created some really weird imbalances in the supply chain. I decided that two days before vacation to start pushing new VLANs through my store. Hey, that sounds like a lot of fun. Actually Travis, and I think you have my email, I am in need of your services. So email me, cause this is a reminder to now that I see you posting in here. But yes, I wanted to, if not, I'll reach out to you. Don't worry about it. And if you're on vacation, wait til you're back. It's not, no rush, no rush. And we've been joking about an opportunity to meet. And so I'll come out. So if you don't know Travis is local to me. So, all right. The meta-media VDIV can also hold small files which could help potentially random writes. No, not well, is your VM a small file of random writes? That's my, you're correcting your understanding if it's gonna help with lots of small files based on a certain category, my VMs are never kilobytes. Throwing it out there. So it's small writes in, as in leading to small contiguous blocks of files, not the write itself. You're not splitting it between the VDIV. It's not how that works. So that's why I don't think it's gonna help it all with VMs, but it makes sense for Windows use case that he had in the video. So I don't think it's a VM thing as much as it's a lots of tiny little files as in the metadata. You know, if you type directory in a, dirls when you're indexing a directory with lots of little files, that is something that takes time. And if you have that on a faster set of drives, it's going to go faster. Oh, yeah, hello from Taiwan. All right. Oh, I'm glad people like the ZFS cache video, awesome. Bought six HP servers, took them four months to deliver. Yeah, it is a problem. I need to open 90T. I need to replace 92 UAPs, Wi-Fi 6. Yeah, we have a lot of people content just looking for stuff. That's the one playing with two NAS NFS with 16 NVMe drive sync on off tricky as one slot for spares 14 as data. I cover that in my video about whether or not you need one. You have to have something. So if you look at the way IX systems builds or systems, they're using like the NVDEMs and things like that. Look at the specs on like their M50 system. You get an idea of how tricky it is to configure this because once certain parts are so fast, there's not as much benefit of adding. You have to have something faster in order to catch up with the writes. Awesome, you learned a lot from the ZFS L2 Arc video. That is great. I think email I have doesn't technically go to you but you have mine and I'm on Signal VSL. The guys should have that, perfect. You're in our system Travis, we will connect. I'll just say that. So and enjoy your vacation. I don't know when you're coming back but I'll send you a message and we'll work out those details. So what would be very interesting is a video about D-Doop. There are not many information about D-Doop and ZFS there's also, no, Jeff from Craft Computing has a great video on D-Doop. I highly recommend watching his video on D-Doop until I get one, then then I'll say watch his still and watch mine. So if there's no raw material shortage or any product shortage, it's all on it. No, there is a material shortage. Everything, there's so many steps in a supply chain and it's not just raw materials. It's like if I said, I wanna build a fabrication plant. If we said, I wanna build one right here in the Detroit area. Cool, how long does that take? Well, years, that's one of the challenges with doing this. You can say bring it back or build one but you can't just spin one up when you don't have the fabrication. There's a lot of, there's a collision of things. Risky Business Podcast, if you look they did a really good deep dive in supply chain and there's so many challenges at every angle. It's a calamity of errors. It's almost like, I can't believe these several coincidences happen all at once. We have a drought in one area that doesn't have the ability to get enough of the materials and water in. There's a whole collision of errors that happened or just events that happened that caused us to be where we're at. Right now, metadata V-Dub is still very situational depends on record size, adjustment in general case, not VMs. Yeah. Sync off is always going to be faster but you're literally lying to the system. I'm fine with it. You're losing five seconds for the data but I'm fine with it depending on the workloads you have. Five seconds is a lot, for example, for a database attached to a cloud service that's writing data to it. What, in, you know, I will see the name of the company. I would say my friend working there was a really interesting study on this of how they were doing the data transactions but they process in a single day, you know, several million web transactions that they need to keep track of that do go into databases. And just the nature of this, but five seconds is a lot of transactions to get lost. So you really have to think about that from a, so, you know, that's the high end side of it. The other ends in between the five second commits, all right, what's going to happen? What is five seconds of data on a VM if the syncs are turned off, you know? This is, there's a lot in there. Company Industrial EM consults, imports, reboots, robot equipment from Japan, automation from manufacturers nearest delivery date for the equipment is 18 weeks. And that's for the cables, yeah. And Brett's right about this. They're, you know, this is going to create a new issue is that Ukraine is one of the big suppliers of Neon. You're thinking, oh, but we don't use Neon signs. Well, it turns out we use Neon in a lot of some of the fabrication of things too. So there's that. And that's, this is a recently new event. So this will figure out how long this takes to mess up the supply chain further. Yeah. Yes, digital supply chains have also gotten a lot more attention, security, recent events. Yes, for sure. I really don't know the answer to this question because I haven't had a job in 20 years. Arkham, Tia, search any good. Would you be able to get jobs with them? I really don't know. I'm just less, I'm less qualified to answer that because I don't hire based on search. I think they're better than not having them. I mean, like security plus and network plus are definitely, I would recommend getting them. I think they're good, but yes. Hey, love your videos. I'm actually sitting up at PowerEdge R620 for the Home Lab. Unfortunately, I'm learning the hard way that two and a half inch NAS rated drives are harder to find. They are. eBay can be your friend on that since it's your Home Lab. Keep an eye out and hopefully you can get lucky on some of those. I'm just saying it's only as complex that people in charge want it to be. If there's not truly a physical shortage of rear metals, that's obviously different. I've worked in supply chain. Getting, sometimes it's amazing when you work at larger companies or deal with larger supply chains. Just seeing how many, getting a lot of people organized to a task, get them focused on a process that brings us towards a completed product is a lot of work. I, in my early days, didn't understand middle management. I certainly understand it dramatically better now and how much need there is for it because I don't know, just there's a lot of, when you've worked in it, you're just like, I don't know what made this group of people kind of get off track or do something else, but boy, does it happen a lot. Terri says, server supply has a good resource for two and a half inch drives. Okay, cool. It's been a little while since I've looked for them, but eBay's always been one of those places and I'll throw a shout out for this site here as well. LabGopher, LabGopher's pretty cool. I mean, you can, this is specifically when you're trying to buy the servers, but you can filter for things like this, like filter for specific servers, specific models by brand, by Dell. This is just kind of novel. Like, hey, let's see if we can find a deal on an R730, we'll sort by the gopher grade of great. Maybe we need more memory in it. You can even start by the CPU passmark. Let's go something faster with more memory. Like at least 128 gigs, there we go. There we go, 2U, $1,000, seven days, cool. And then you can click the link and start finding servers. One of the things I've often recommended when people are looking for things like this, and oh, by the way, if you didn't know, I've told people this too. If you look, hey, look, hashtag home lab, and I'm not endorsing any of these particular people, but there is a lot of places that offer things like this. So you can go through and say, all right, this is something I'm interested in getting. It already matches what I was looking for. So yeah, just a few thoughts on that, in case you're interested when you want to buy stuff, hit eBay. If you're a home labber getting started, there's a lot you can learn on eBay to get that done. We have the same water cups. I have no idea, I don't know what model this is. This is my wife's, I took it, because I like it. I know very little about that. Back at you from Scotland. I welcome ongoing enlightening of IT and advanced and interesting QNAP, taking network card, offload, bandwidth, demands, and tasks. All right. Some of those 620 servers complain that the Dell firmware is on drives. You are not wrong. Water cup, bully. Actually not, you guys will laugh. My wife couldn't take it to work anymore because she works in a place that doesn't allow cups that say this. So it's hers, hold on, see if I can get it, there we go. It says, I will put you in a trunk and help people look for you. That is my wife's cup. So that's, I took it from her, but it's because she wasn't using it anymore. She actually took, I think I had a different one that a vendor had sent me and she took mine because she can't have this one at work anymore. But that was a while ago. Technically she can have it at work. My wife works from home now. So you broke something, printer won't ping on network. Well, let me tell you, printers are so finicky, they may just break for looking at them wrong. So don't, 100%, when you're testing VLANs, use something a little bit more reliable. Wand around with your laptop, plug it into ports, make sure it gets the right AP address. You can't go by whether or not a printer works because on the best of days, with the best of settings, printers sometimes just are like, nah. Printers are like the lowest effort sometimes of work put into them to get things done. Bash that like button. My dentist bought a new boat and called it the Tooth Fairy. All right, that's, I like that. I had not heard that one before. So we'll go with that's good. We'll go with that's a good one there. Actually I'm gonna make sure this gets off. Quit. Quit, there we go. Things that might pop up in the background. I refuse to take jobs that require printer support. We all wish we could do that. You have to, this is part of your IT career. You're gonna fix printers and then you kind of move beyond it. The goal is to elevate beyond printer support all the time. Why won't fax machines die? Mm, not wrong. Not wrong. That's, yes. That's, I don't know. Faxing is still a thing. I wish faxing wasn't a thing. Don't get me wrong. I am all for faxing not being a thing anymore. But here we are. Faxing's a thing. Oh, you know, and we'll pull this up. I'm not, I, you know, someone may be curious about this. And I'll bring it up. The comment system on YouTube has gotten much, excuse me, gotta think of how. Oh, actually, this is kind of funny. The comments on it. But let's start by talking about the comments on the comments for YouTube. So this is how I see YouTube comments. This is what the channel comments look like. And these are public. So I'm not sharing anything that, you know, people can't see by looking on there. But one of the things is I see comments based on time you posted them. That's the default way they're shown to me. So even if the video is an old video, like this one here from, I don't know when this was from maybe 20 years ago, or I'm 20, 20, not 20 years ago. But I see them like that. But one of the other things I'll always, you know, try to make sure I'm clarifying is people who do things like tell me that I am, shame I knew for promoting misinformation and things like that. And it was a debate of Telegram and their end to end encryption. I'm always checking. And I don't mind if people want to mention technical accuracy of things on here. By the way, if you notice a lot of times my replies are rather concise for this, for the most part. And I think that's important. I tried to engage with people for those of you that have not commented before, feel free to comment. I don't mind insights or notices. Like this was, and this is actually very helpful. And I think this was something I really thought about. And it's not a mistake. It says, I'm pretty sure Lawrence just said, that L2 arc makes for efficient writing operations. I think that's probably a mistake. And I did say it, which is correct, not the mistake. L2 arc or cash feed-out, as a storage advice, you attach to your pool as much simpler system compared to the arc following, allowing for an efficient write operation at the expense of hit ratios. I was referring to, in the context of being a more, a less complicated L2 arc, a less complicated algorithm than arc. So arc has a very complicated algorithm to figure out how efficiently to get the data in here. And I was referring to the way L2 arc works, which is basically in out like a ring buffer type thing. It just goes, it says, hey, data pass through here. Let me hold on to it. The L2 arc is just a simpler system. Therefore, it's also simplified the way it writes. Cause if you're not spending a lot of time thinking about how to write the data to the L2 arc, it's there. But nonetheless, this is one of the reasons I take the time to go through the comments. I always want to make sure that the content I put out is technically accurate. I'm always looking for, and boy, the hardest part of my editing is actually, I review my videos and try to double check that technical accuracy is there. And that's hard, cause you're reviewing your own work. And it's hard for me to outsource that to someone else because that's a lot of technical things to know. Sometimes I've had my staff, I usually prior to posting a video, I put it through questions and either ask people I know or staff to make sure the line itself is technically accurate if I say it that way. And then I just have to audit to make sure I said it the way that it was written. So that's, which is its own challenge. Words are hard. So yeah, I think it's a Yeti cup. It doesn't say Yeti anywhere on it, but it probably is. It says Yeti. I mean, I look, it does not say Yeti on the bottom. It says, do not microwave. Do not, safety stickers. It's metal, do not microwave. Let's see. I have a question. Why can't I back up my UDM Pro, the OS, not the apps without logging into the equity servers? I don't know. Cause you, cause they designed it that way. I really, yeah. Oh, that was your comment. Really? Or there was your comment. I tried to reply to a lot of people. I didn't reply to that one next. I don't really understand your question. Just so we're clear. While you're here, let's look at this together. And I go back through the ones I don't understand. Sometimes I post I don't understand. What do you think about two one terabyte NVMe, two partitions using one for RAID one for log? I don't think you can do that. Is I was trying to understand what you're asking. And what do you think about dividing two one TBMVs into two partitions using one part for RAID one, log in their part. You can't, I don't. So it's clear on the part. Thank you. You can do that. I'm not aware of any way to do it. So do I think it's a novel idea, but yes. I haven't gotten, as you can tell, I haven't had a chance to answer some of the more recent ones yet. But I'll go through here and that one's fair enough. While I'm here and you're here and now we all have the answer together. So now you just need to release a video on how to use rdam. And so I've seen someone commented about this. I'll let the look when it's built in, I'll use it because I don't think that's, I don't know if it's a native function yet. So I'll wait till it's part of production before I do any videos on it. An experience with ASUS StoreNAS, is it, are they the ones that are the same as QNAP? I don't know that for sure. I haven't used them, so I don't have any experience with them. Thanks for the HA Proxy and let's incorporate you. Do you have information on how to back up the configuration for HA Proxy? Use backup PF Sense, that's it. When you back up your PF Sense setting, the HA Proxy settings are in there as well. So there's not anything special that you do for HA Proxy. You just back up PF Sense and the configuration settings you have are also gonna be inside of there. US government is keeping facts alive. So is the medical industry. So yeah, there's, yes, there are definite problems in all those industries that seem to enjoy faxing for whatever reason. That is definitely an issue. All right, let's do this real quick. Because I'm not gonna keep this live stream going too much longer. I'll keep going a little bit longer here. But go ahead and hit the like button because right now we only have, it just went up to 42, we have 42 likes. So if you wanna hit the like button, I'm all for it. So nonetheless, that's always appreciated, helps that YouTube algorithm tell people that they should be watching my content. We're all just, you know, submissive to these algorithms to decide what we're supposed to see, right? Oh, let's see. Would an SSD cache on TrueDance speed up the box, 20 terabyte storage, 24 gigs RAM as, what kind of cache? And I answered that in my video, essentially. It's going to speed up depending on your, basically your workload more than anything else. So that's a huge one. It comes down to the workload and that's why I made that video covering that topic. The almighty algorithm, yes, for sure. Scale Unified Controller Docker. I don't know if that's a question or a statement. But I imagine that's something that would, I'm going to, it's gonna be a little bit before I get to them, start doing some scale videos. Everyone wants to know Docker ones, but actually Techno Tim, big thumbs up, did a great job on him. I should tweet it out and, you know, he did a good job on talking about how the Docker and what the different settings do in there. I watched the video myself, it's solid. I actually have a comment in that video. My only comment at the beginning was setting things up in data sets rather than folders, comes down to how you want to manage things, but that's my only comment on that video. And I literally commented that and talked to Tim about it. So Tim's great, he has some really good, but a lot of great Docker content. So do you have any update on scale versus core speed? We have a lab server set up to test it. We just haven't done the testing. So when we tested on one system and scale was substantially slower, so we built another system dedicated for the task. And it isn't, we're just not done testing yet. So once we get around to the testing, I'll of course publish all the scores. I might get the testing done tomorrow. I'm gonna assign one of my staff. I'm starting to have some of my staff help me out with testing because I'm a little overwhelmed with just too many things to do. And I don't have time to do them. So I'm gonna delegate that particular task, which I haven't delegated before, is some of the testing. But you know, I'm in training someone how I do testing, how to log all the numbers and reset the systems on it. And you know, it takes time to get people trained up on it. And it's also the hard part for me, I pay these people. So I think about what makes the most impact for what I'm paying them for. It's really as simple as that. You know, in servicing clients is generally where I get the money. So I need them doing that to keep paying them consistently. But you know, YouTube has a strong value coming back and these tests I think are important. So I've had to make the decision that I'm going to have to pay someone to help with some of the testing on here. So yeah, it's a lot to do all the testing. It's just, it's first knowledge, careful to make sure you're doing it scientifically and accurately. So it's a little bit of time consuming because each test is a whole series of tests that have to be run, even though you can script all this but you can't script reloading the system and setting all the system up. I mean, you can to an extent but there's still some level of labor involved in doing it. So it takes time. My testing core is much faster with NFS than scale. Yes. Someone had an interesting suggestion in the TrueNAS forums that I, I don't have time to do this. They had a suggestion that there is some problems in the Linux kernel with the way it handles the encryption. And if you're using encrypted drives, it's slower. I don't know if that's true. I'm certainly not gonna, like I don't mind reloading my system and swapping an operating system and leaving the data sets intact. That's easy. What I do have a problem with is if I do this, I don't want to blow away all my drives. I mean, I have all the backups of the data but it takes, when you, when you start talking about the volumes of data you're like, it's a lot of data to copy back over to these systems just to try and unencrypt it. You know, so let's look at like my one TrueNAS system here. Get logged into it. This is one of the ones I did the testing on and you know, it's not much. It's only 3.2 terabytes of data and it's all flash drives, but it's still all those things. Like I don't feel like reloading it to try the same test over again with unencrypted. Copy all the data back again and re-encrypt it because I always set my drives up as encrypted. But someone did make a good point that there are issues that have been reported but there's unclear if those issues directly or do not directly affect TrueNAS scale with regards to using the drive encryption and ZFS. I don't know. So yeah, there's a lot more testing to do. For home users, the best way to host software to manage AP, wait my PC didn't reinstall the controller software yet. What's the best way to host the software to manage the AP? I mean, it depends on your technical acumen and whether or not you have systems to dedicate to this. Cloud keys are not super expensive like the Gen 2 ones. I mean, they do have a cost, there's not crazy expensive. Cloud key Gen 2 is the easy way. I prefer to run ours in a virtual stack in our servers because we already have a bunch of virtual servers. So a Unify one is just one more server in that virtual pool. There are Docker containers and things like that as well as people may have mentioned. There's even one for Synology if you already have that. So you can run it on TrueNAS, you can run it on Synology. There's options for where to run it. How difficult is the setup? Authelia and connect to my PF Sense, I only have, I don't know, I've never used that day so I have no idea. Fixed the printer issue. Was it the network of the printer, Travis? That's what we wanna know. So we can't really maintain a UDM Pro with local account after setup. I don't understand why we're forced to trust your equity, the admin credentials for our gateway hardware. I have complained about that in my videos. I don't know why that's a thing. So you wanna set up that as partitions on there? I have, I don't know, never tried it like that. So we, there's all kinds of fun things you can do it in a lab. So I just don't know if I'd recommend it for production environments. And you want instructions for how to solve Docker? Well, I'm not doing any TrueNAS scale Docker videos at the moment. So when I get around to them, hey, why not? The most requested thing already has been Plex, but the Unify one will undoubtedly be up there. So when I get around to it, it's gonna be at least two weeks, three weeks before you get around to those videos. Now, I don't know if it still does. I know there was projects to get it running on a Raspberry Pi. I don't know how up to date they are. I've never tried it. I've seen people talk about it. It's not something I've tried using. Raspberry Pi for them. I imagine it'd be kind of slow on the Raspberry Pi. It would probably have to be a Pi 4 at least. It'd be my guess. But I don't know. It's not something I've spent a lot of time testing at all. Do you have your own cloud player? And all their cool DDoS protection tunnel features for home lab users, public service services. I've never used it, so I don't know. I can't say that I've dove in enough to the technologies they're using to say good, bad, or other. People seem to like it. It's a novel thing that they're offering it. And this is probably its own truth right here. Can't get pies for a reasonable price right now. You're not wrong. The availability of pies is definitely short. So tips for implementing and testing a zero trust-based environment. Oh boy, do I want to rant on a zero trust thing. That's my favorite buzzword, zero trust. So I've seen a company today. I'm not even gonna name them because it's not worth my time. And I'm not here to, because if they were the only company doing it, sure, but they're not, the company offered a connectivity solution with zero trust. But immediately I looked at how they're architecting it and saying, we have to trust you, middle company. And they were claiming to be better than a VPN because they're zero trust. I'm like, no, no, you're not. I literally, right now, if I want a VPN to my house, I have it loaded on my phone or my laptop as well. And if I want a VPN from my laptop to my house or my office, the only people I trust are the people that set it up. And of course, that the software is accurate. I'm not including other people in my trust boundary. That seems like a good way to say, all right, who trusts this? But if I have a third party orchestrating my VPN, it's not zero trust, it's zero plus you. I don't, and this is why I think it's so much of a buzzword because there's always like zero trust, but let me add a lot of context on it. So I just feel zero trust is this overused buzzword. And it always needs a lot more context to define where your trust boundaries are for things. I mean, zero trust is things that are turned off and completely locked down that only you have access to because you're not trusting anyone but yourself, which isn't that still a trust of one and not zero? I don't know, you can see how it's a little fuzzy. I just don't like that term. I think it's just so misused in cybersecurity right now. I'm using PF Sense Combine two ISPs on a little computer and a virtualized PF Sense install on TrueNAS and same box. I don't know. I've never tried to put PF Sense inside of TrueNAS. I have no idea. Seems like something that might work. So definitely network, forgot to switch profile on a switch port. Yep, that'll do it. Tagging in ports. It seems really user friendly, but these are the cloud fairs the same VPN providers pushing the chain of trust beyond someone. So yeah, I agree. This is indeed a pixel six. Any word on RDMA and BME support TrueNAS scale. People keep asking about it. I don't know. Don't have an answer for that one. Yeah, non-marketing zero trust. Zero trust with multiple profit center layers. Yes, there we go. Have you been getting short on Raspberry Pi three without problems? Can also install Docker on Pi and unify containers. Okay, so someone's at least in the comments here has said, yes, you can have that. So internal search for SSL, no out of local land servers with the trouble. So yeah, always when you're saying things like zero trust context matters, it is just a huge thing when you're thinking about this saying, what is the context of this zero trust you speak of? This is a really important thing that matters. So we understand we're all on the same page where you're talking about this marketing buzzword. It has now found its way into the marketing materials or everything. And by the way, this is kind of a cool. I'm, I finally found something I like taking onsite to do videos. I've did some, I haven't published them yet cause we did, we're not finished with, well, the project's almost done, but this is going to be a way to make it easy for me. Cause boy, this works great. One, I can hold it like this, but I can set it up and do project videos onsite and the camera on this pixel six is really cool. So for those of you wondering what this setup is, this is a moment case. That's just a magnet. And it's really, it will come off at an angle like this, but if you don't hold an angle, I can even pick up the stand and everything like this. So that's one of the reasons I bought the pixel six. I wanted something with a really good camera. I like that it focuses on the camera and I'm back here now. So actually I'm using StreamYard. I could connect StreamYard to here and wander around with my phone too, by the way, that would actually probably work. So I'll move that over there. But I do use my phone for some of the conferencing stuff and I like just being able to put my phone on stand. So I'm at eye level or not like this, I don't want to hold the phone. I think system says already made course corner scale, but not when. Yeah. So it's all about when is really what it comes down to. It's about being stable and usable more than anything else. So best 40 gig card for true dance scale. I don't know. Don't have an answer for that one. When we get ones, even the hundred gig ones we do, we're ordering them from IX systems. So we actually buy their hardware with their recommendations. We're not, I forgot which ones they're putting in it. So I don't know. I don't always look. When we, a lot of the projects we do, when they get to that higher end, you need a hundred gig connectivity. We're using IX systems hardware. Matter of fact, frequently we've gotten those ones with the redundant motherboards I've reviewed on my channel and things like that. I'm not really staring at, or as I don't spec out what network card goes in them. We just order them from my IX systems. They're gonna come with usually a five-year support plan on them. We're doing part of the implementation in a network. We have a client that we have these and they're just, we were moving VMs with XCPNG and we thought it wasn't moving them. We're like, I didn't see them move. I'm like, oh, it's done. That's what it's doing. So it's wild to see how fast they are. Yes, that's the Pixel 6. Have you experienced radius working with Ubixi switches? I know my staff has set a few of those up. I personally haven't done any of the radius with Ubiquity switches. So I got nothing on them. I think one of my guys did a project for a client with them. I don't know how good that works. When will the video on your new studio? It came out a while ago. I covered it, I don't know. How many weeks ago was it? I had to look. So I had a video covering, let's look here. It says new studio 2022. So we'll throw it in here. Pixel 6 to a cloud key. I don't have any idea what you're talking about there. Why would you do a, you don't VPN to the cloud key. So I recommend PF Sense for VPN. That's my suggestion to get that working right. But yes, wireless charging still works with this case. Oh, I don't know. I also see someone to talk about this right here. Russia created their own CA because they got tossed out of others, something that I can't understand. People seem really concerned about them creating CA. You don't have to load it. And I'm pretty sure none of the major companies are going to force load that CA. So I don't really think that's going to be an issue. So I don't know. People think way too much about that. We do a bunch of installs in studios here in India and it sucks that we don't have our systems here. Far as I know, our systems is global. We ship to Europe. So I can't imagine, I don't have any clients that I've shipped to over there. But my understanding is they ship all over the world. PF Sense is a solution, yes. So that's, yeah. What was I gonna say? I don't know. Too many people are confused about a lot of security stuff coming out of there. I actually recommend people listen to the latest episode of Security Now that Steve Gibson put out on the Twitter network. There's a lot of good information about what is and is not happening in regards to all of that. Maybe someone will get a better understanding. Maybe some people will not. So why OpenVPN does not work when proxy-enabled with Cloudflare? I don't know, I don't use Cloudflare. So I have no idea what you broke if you are turning it on and they broke something. I'm not sure. I've never used a Cloudflare one. It's one of those things I thought about doing. Obviously there's a lot of homelab people that want to use it. But I don't like that it, my basis understanding is because it felt too tied to Cloudflare and I'm not a big like monopolistic person. One like one big business, not an open source project. I mean, if I'm with a company supports an open source project and backs it, that's a good business model frequently. But when it seems like it's very centric to this only integration with them, then it becomes a little weird. Now you may say, but Tom, haven't you recommended Let's Encrypt a lot? Well, the automatic certificate protocol that Let's Encrypt use, the Acme search system is not proprietary of them. Matter of fact, it was more of a proof of concept. So other companies would hopefully adopt it. Let's Encrypt obviously became extremely popular for that. So I do recommend setting up things with like the Let's Encrypt certificates or things. But I don't know, when someone gets a unique to them technology, I'm always a little bit more hesitant unless I really have a use case for it or they fit a market need that I have. So I'm not sure if I'm ever going to really dive into the Cloudflare thing. It's really not on my roadmap of things I want to do. Security Now ad spots. I was literally just talking about that. And this is silly reason, but why? So I have these aftershocks. They're the bone induction. These are not in my ear on the side of my head. I really like these. And we were talking about it at the office. I said, but the only downside is, and this is the conversation I had today, is they have a single button on the side. If you double tap the button, it jumps ahead in a podcast. And I said, the pain in a butt part is two taps, jumps ahead, one tap, start and pause. But three taps goes backwards. The problem becomes when you're listening to a podcast and it has a four minute ad read, is you have to now press it eight times. And what podcast could you be talking about that has a four minute ad read sometimes? I get it, they gotta pay the bills, but you're right. Some of the ad reads are just really long. I mean, I try to put mine in the beginning, like when we do our Linode one for the Home Lab show and we joke around a little bit about it. I mean, it is part of doing the ad read, but I try to keep it reasonable. And I don't know. I don't know the right answer for that. You can subscribe to the Twitch network thing they have to get no ads as well. Well, let's see. Free BST Disabled Warrior Impletion Kernel. This may be a sense, not support it. No, that isn't true. You are confused. Free BST Disabled Warrior Impletion Kernel. I don't think that's true. We'll look it up. Why not? We're sitting here. We have the internet. I just gotta find it. It's on their page in here, which is gonna be here. If someone knows the exact link for this, but I think that's supported here. Where is it? So, installation. Free BST Package Install WireGuard. Open BST Package Add WireGuard Tools. So, it seems to be in there. That's the user space go one, and this is in the, this one's in there for this one right here. So, and it's in user space, because this is under tools, this is under, this one looks like it's a user space, written in go. Far as I know, where's it at here? Latest, squirrely. I don't know. If someone has an exact link to that, that would be something we can talk about for sure. If you use Cloudflare Proxy, it changes your DNS name to one of their IPs, but only Proxy, HVSNOT, the ports for OpenVPN. Back to this question though, did you have a link or something where you can post on there? Cause it seems to be available under OpenBSD, and so I don't think I'm a good fit for Floatplane. I've never heard back from them. I don't think with that many subscribers, I don't think it's a subscriber problem as much as is alignment problem with what they want. I'm too much into the heavier tech content than something like Linus. Like I think the people on there are more about some of the gaming stuff and the broader audience things. I don't sort by YouTube channel by what will get the most views and then make more of it. I do much more deeply technical videos. So it may not just be the right fit for them, especially cause my deeply technical videos are almost always leaning towards higher end things and less consumer things. There's a crossover of people building at home labs of course, but not a crossover to people building gaming things and stuff like that. So hopefully that makes sense from Floatplane standpoint. Hey, like and subscribe. So I'm, I see your comment here, but I'm not exactly here. You're talking about something to happen in 2020. You're talking about something to happen recently. You're adding very little context to your statement that is currently not in current. So that much I'm a lot less clear about but the people at Netgate are funding the development of to my knowledge, all the WireGuard and a lot of, they fund a lot of kernel development for those of you that didn't know. So hopefully that makes sense there. All right, we'll give it 10 more minutes or so, maybe five, I don't know. Let's do some rapid fire questions. I'm willing to answer before I go do some wandering outside cause that's where I plan to be next. Yeah, I'm just confused of what your point is. Late 2021, is there some thing I can Google a name I should search for? I don't know. Post in my forums, if I just don't understand the context of the discussion around it, it has free BST stop supporting WireGuard. I don't know. So nonetheless, yeah, the forums or tweeted at me, I'm fine with Twitter posts. People tagged me. People tagged me in silly things in Twitter all the time. One particular person, I actually, I think my last comment to them was they blocked me a couple of times. They tagged, they, they, I'm not gonna say they, they don't know how to post like the, they won't listen to forum posts. They like to go on Twitter and rant and tag me. And then I always, I said, I told them last time, you do the same thing all the time. You, you won't listen to what someone told you to do in the forum posts. You don't wanna take the time to understand the product, but you will take the time to tag me and the company's complaining about things not working. And I'm like, I don't respond to tech support on Twitter. There's a reason for the forum post. What's your position on CVE202, 202278, patch it. Does that, my position on CVEs is they should be patched. I don't even have to really know the whole number. Let's look up which one that one is, cause it's not ringing a bell on the top of my head. I don't have every CVE memorized. I try though, you know, I'll put a few of them on my head. 20-2022-0778, whoops. I guess it matters if I put the right numbers. So, let's see. Compute to module square root contains a bug that can cause it to loop forever from non-prime moduli. Okay. It's, we're gonna need some clarifications on this right here. It says it's affected. Address is released. Open SSL shop create on-prem. Issue is reported open as sell by Tavis UrbanD, fixed develop by Benjamin. Here, we'll switch to this here for those of you that wanna read it. Well, this is too small to read. Any process that parses an externally suffocates fly thus can be subject to a denial of service attack at the infant loop. If it also reached all parsing crafted, reach when cracked private keys that can contain explicit elliptic curve parameters. So, I'm not, I have to understand a little bit more. Would this also require, so you have to know what private cryptography they're using. Also, you'd have to craft a key then get the person to have that key examined by their SSL implementation in order to do it. So, I mean, it sounds like something should be fixed, but how hard is this to exploit or rational? That's, you know, that's where it comes down to. Isn't just that it's bad, but does it, how exploitable is it? Cause there's two pieces to the scoring system. You know, this is trivial to exploit. Also, this is not likely to be exploited because it's trivial, but you need to have inside access. Or for example, dirty pipe, dirty pipe is very bad. That was a least recent problem in Linux kernel, but you have to have some local user to gain privilege to it. So, depends on your situation. If you are a hosting company, this is terrible because you have many times people have SSH access to the systems. So, yeah, that could be a very bad problem. But if your Linux server doesn't have multi users that have access to be able to do it and exploit that, then it's less likely to be a problem. Invoice-in just still doing a few. I talked about it last week, yes. Boxer breached your commando and my wife has joined the chat. My wife will answer for me. Do you want to join Tom next week? She could, I heard her, she's upstairs right now. I think I heard her come in so she could actually join today. Putting AGA proxy in front of your interface and server would help in regards to security or will it not have any impact on your security? You're moving the security. The putting AGA proxy in front. So, if I'm running, let's say a Unify controller with AGA proxy in front of the web interface, just the web interface, don't put AGA proxy in front of all the ports. You're gonna have a bad time. But if you were to do that, you have changed a little bit. Now, if there's a vulnerability that AGA proxy can also pass along to the Unify controller, you've done nothing for security. It's a vulnerability that can pass it. If this vulnerability were not to be passed by AGA proxy, you've now stopped it. But now also, if there's a vulnerability in AGA proxy, now they have access to AGA proxy. So, you're just changing up the tools. It's not necessarily you're making things dramatically different or more secure with AGA proxy because anytime you add complexity, you add more potentials for security problems. Yes, we are cooking cabbage. I actually, when I went upstairs, it hit me. At first I was like, whoa. And I'm like, oh yeah, that's great cabbage. So, good news is it's so nice out. We're gonna open a window today. So the house, so we can share the cabbage with the neighbors. Yes, corn, beef and cabbage. Happy St. Pan of these day. And that is for anyone that didn't notice things are green. They're not usually green here. So, wife already opened the windows. All right, any more questions? We got a few more minutes we'll go. So I said I'd go about 10 minutes on this. What are those next couple of questions people have? We need a load balancer video. Why? What are you trying to load balance? I don't spend a lot of time setting up load balancers. So I don't do videos on them. Maybe that'll change one day, but it's not, it's not high am I to do list? Maybe one day, but that won't come out any time soon. I mean, it's not that you can't set up things like HAA proxy with load balancing. It's got some options in there for it. It's just not an everyday use case. So hopefully that makes sense. Delicious garlic food. Just that alone. I just put, I ate a lot of garlic yesterday. I'll eat a lot of garlic today just because I like eating a lot of garlic. Technically, Tom has a load balance video HAA proxy. That's yep. So probably there's a delay, but yes, absolutely. This is true, the HAA proxy and load balancing. Is there a good rule of thumb of sizing RAM on MSQ server? That's probably a great Google search that I don't know. I don't not set up many Microsoft SQL servers. I used to years ago, but I don't think I ever had, just you always need more memory and then more licensing because I remember even, I remember this is when I was like, oh man, I don't often do any Microsoft servers for SQL. The couple I did and I was like, really? If I'm not mistaken, if someone could correct me if I'm wrong on this, but if I'm not mistaken, you can only use so much memory and then there's a license fee that you have to pay for the different version that allows you to use even more caching memory or something. I remember reading all that and it's like, it's complicated. I'm like, most of the ones I have way more experienced enough is gonna be something like MariaDB or MySQL. I've never used caddy. There's a lot of people I've seen doing videos on it. It seems to be really popular. So do you have a video that will integrate or add security to HEA proxy? Well, it's not a web application firewall. So it doesn't, it's not designed to add security. It's not like a product that goes, hold on, we're going to filter all the traffic through this device. That would be like a WAF or web application firewall of which I don't have any videos on or planning doing any videos. So once again, it goes off topic from the cover, what I do cover. Your website is doing well. I mean, oddly, and if you start looking at, you know, setting up something on AWS and their load balancing system or putting Cloudflare in front, I mean, really kind of depends. That is something where I do see like the, you know, when you have a high, a website that just gets a ton of hits, setting up something like Cloudflare for things like that. So yes. MS per core licensing is painful. Yes, Wendell did a video on this. I thought was really funny Wendell from level one texts. He talked about the expensive nature of doing certain processors because of the extra license fees you have to pay for performance for MySQL. So yes, definitely Microsoft's licensing is just less than pleasant and confusing. Yes, add security in web apps. There is also depends on a design of the application or is no one size fits all. This is very true. There's so much to it. It comes down to one of the fundamental problems of programming. So many coders stop when their code works, not when their code is secure. This is a fundamental problem and often not driven necessarily by the coders but by the demands of delivering the project. So we have a ton of just poorly written apps that we're just waiting to find the next exploit in. Have you tried any of the general hot sauce? I don't think so that one doesn't ring a bell, but nonetheless, I'm gonna go outside and go do something. I am done for the day, I think, and I'm going to go enjoy it. Thank you for all of you that hit the like button. They came to hang out on this wonderful St. Paddy's Day. And so happy St. Paddy's Day to all of you, whether you celebrate or not. If you don't celebrate it, it's just Thursday. If you do, awesome. Cause hey, why not? Why not enjoy the day and go do something fun, be safe out there. See y'all next time. I watched my videos on ZFS to dive deeper into the topic and whatnot. And my rant on my wonderful rant on the topic of zero trust security. I'm probably gonna do a video on that. Zero trust what? That's probably what I should title it. Let me know in the comments if I should do a zero trust or tweet me on that. If, I don't know, maybe I'll find someone else to do a rant on. What does zero trust even mean? Please define it for me. So, yes. Do, do, do. Awesome. Thank you for all the kind words here, folks. And I know what you're saying. The only time I've ever had to work on any Microsoft stuff is because some stupid line of business application at event that one of our clients had that only supported that as well. When I'm looking at products, if a product says I only support SQL and everything, I'm like, I guess your product is just not for me. Yeah, so, mm. Softer to find zero trust. Let's just keep buzzwords going. Tag me if you wouldn't there. Let's just, yes. All right, thanks someone. I could rant more about this, but I won't because I wanna go enjoy the day. Take care, everyone. Thank you very much for joining.