 And I'm always late says I'm live, but I'll also say I'm late See that's one of the first comments on here. Welcome to vlog. There's a number 332 MSP Geek on debrief PF sense tech talk and some live Q&A, you know, I realize mostly turns in live Q&A and by the way There's at least once a week a comment pops up that is Post the live show asking for time indexes if anyone's ever bored I'm gonna like the time indexes and send it to me. I would be happy I don't know. I should probably just put it like a paid position I you know eventually I'm gonna need to hire some people to help me with this I just don't have time to note in time index as I shift between topics But if anyone volunteers for that absolutely At some point I'll probably hire a person for it, but that's not today I am not getting a hundred million dollar offers like the folks that line as tech tips, but you know The channel does well enough that I will be hiring people eventually that is that is on the do list Not just technical people who work for the tech side of things, but maybe someone on the creator side as well I think it's time I do that but The things we're gonna talk about and I'm gonna throw this up here now because I like when the questions come in even afterwards We have the vlog Thursday at Lawrence systems calm. I will answer questions that get emailed there I'd be my best to gather them up during the week and you see, you know, it's weird I figured and I was wrong about this. I thought I would get more emails than I do I usually get a few and which is fine. Now. I don't reply to them. I'm just gathering them in an inbox I well, I get some weird things sent there because people can It all just filters into a specific box and I read through them and go. Hey, there's here's questions on there There's sometimes questions people I'll send that I don't answer because it doesn't make any sense Or I don't know what they're talking about but for the most part I answer a tech questions I should say there's certainly off-topic questions that have gotten in there But nonetheless MSP geek out was amazing. Oh cool. I got and I met so many of you super cool interacting I Try to make it as clear as possible like hey cuz someone even I was in the pool and someone had made a comment I'm like, well, is there you just chill or do you want to talk? I'm like, oh, I want to talk I'm here at a conference. I don't care if I'm in the pool. I'm not doing anything Matter of fact, I had joked because my friends are like, we're all gonna go get in the pool I'm like, let's go changing to go change and I'll meet you at the pool and I was in the pool They ended up at the bar. So I Wouldn't but nonetheless, I like engaging communicating with people doing the talks putting it on. It was just an absolute blast John Hammond always is like, he knows when the camera's up. He's ready for that You know the big smiling face in the background. John Hammond's always funny like that It was definitely Just such a good time the event was really well So if you were unable to make it this year and you're wondering if you should go next year No, the date's not set yet, but the answer is generally yes You probably want to go jump in on this if you're a technician looking to learn I did have at least one person I met that came all the way from austria and uh, so I was impressed I mean people came from all over the place for this event. It was uh It you know kind of give you an idea if you're wondering if there's a lot of people there about 500 people Most of it was the first time they'd ever been to a conference and it was just great You had just top-notch people to and talks all about education not vendor pitches Not people trying to sell you anything. Uh, just teaching people and you know talking about how to move like talk I did was you know from help desk to leadership how you make those transitions and a lot of other people for You know, how to be a better problem solver how to Understand the technical things how to engage better. So it was just a lot of fun hmm and my son is aware that there was um Lots of goots Not not goose But lots of goots. There was just so many goots. Um That's the mascot of msp geek And they wanted us to steal them. I think I feel that way and people certainly started gathering them. They're there are um there's photos of these being gathered from all over the place and I think there's at least one photo I seen pop up that is like there there is a culmination of all of them where they got together And where are they? Hold on. I'll bring this photo up real quick here Because they're kept that was like in the middle towards the end Here there's uh Bring this one up There were more of them. They were gathered. So this kept going on and on Uh until they were all in one place. I guess so it's It's part of the fun. I mean it's a geek conference. So you got to find the nerdy stuff. You got to have the fun with it. Um It was definitely a good time So much fun to be had but nonetheless, I can't just rant about that. I actually want to talk about something. So Oh, let's see Oh, no gray goose. Yeah There's plenty of photos of goots in a conference room On on the discord channel. Yeah, join the msp discord channel. So even if you missed out the event itself You can still join msp geek. It's it's a community. This is just the event of that community So if you are interested in joining msp geek inter discord, it's a bunch of like-minded technicians This was their conference, but you can still go to I was it I got the wrong one. It's just It's msp geek just calm Or is it that org? Yeah msp geek.org there we go So you can still join msp geek itself so this is A lot of members 18,000 members. So definitely big Let's celebrate an uneventful night when zig cell world is burning things are helping me ditch those boxes. Yes Another week another zyg cell zyg cell or zyg cell. I think it's zyg cell But yeah, they they've been on fire I just don't like them and Especially because some of their cvs were for back doors and I was like, yeah, that's no That's not something you want. You don't want a system of back doors, isn't it? Especially when they're hard coded passwords That's why I say back door poor coding That's why you describe that Let's jump over though. I oh where I'm going to be you can find me in just a couple weeks at it nation secure So if you see me there hit me up say hi All that fun stuff that's going to be in roughly two weeks. Um, I pulled that up real quick I get the exact date so people know what i'm saying That's going to be this event here it nation cure june 5th and 5th 6 and 7th of 2023 That's going to be in orlando I've seen this is a big event that costs a lot of money to go to it's it's not the same as msp geek It's a it nation security conference. There'll be some good talks there but you know, definitely going to Be a good time if you're in the it space, it's a it's a neat event all right next is the questions I have that people sent in and Couple these are interesting. So let me pull this up because I don't I'm going to answer the question by going to the net gate site and Go to their product page Because I think the answer is if I looked here Go to buy now I don't think there's an accessory or is there accessories? Yeah, so The question the person had so now that we've got the page pulled up so we can answer the question um The question was do they have if they wanted to get the SG 2100 can you use it with the net gate rack mount or should you get the 40 100? No, the 40 100 is is probably is even better 2100 good 40 100 is a little better The specs are in there. Does it really expect difference? But the bracket that I know of won't fit this So this doesn't have the same mounting bracket. It's a little bit smaller than if you went to the um Right here the 40 100 these are on a bigger piece. So these have the rack mount thing So if you go and click on the 40 100 you can then go to the accessories here and you can see they have a mount kit with it I mean, it's up to you if you want the mount kit. I It's nice. It's a nice aluminum out kit. I've talked about it before But it's it is kind of a little bit extra money. I do like the way it looks. I mean we have one I think it looks great. Um, it just for if you're a home user You got to decide if you want to spend the extra money But it's a nice product is well made says net gate on there and uh, it makes it look good How's it going tom? How can I policy route traffic? A port 25 to a digital ocean linoad pod or vm I have a go through the internet, of course the pf sets on my side my speed blocks port 25 It's less about policy routing. It's more about probably Tunneling your mail server traffic. You're well, you're trying to do out Of 25 So how can I policy route out to 25? Is that is that the goal? um Because usually you just change the up on port and so it lands on someone's 25 or they blocking outbound The if it's outbound 25 One of the easy ways to do this is use a vpn And do a policy route to say this IP. I have a a privacy vpn video that shows you how to do You know, whichever one you want, whatever a privacy vpn company you want Just swap out the privacy vpn company for like a digital ocean or where or linoad and from there You would just have that connectivity between Your pf sense in there and then you create a policy on the System as I do in that video to say this should route over this Gateway so if you do to open vpn or wire guard, you'd set it up as the gateway So yes, it's uh Yes, it's the outbound Yeah, you just set it up to go out that gateway and once it goes out that gateway, you're good to go It'll it'll push out there And uh, it's the same as my uh privacy vpns. It's it's not any different at all in terms of how you set it up It's just the you'd set it up with a open vpn server Would be the one in digital ocean that you set up instead of in certain name of privacy vpn company But then that'll work so you can then use it and you don't want to use a privacy vpn company because They're never on a list that will get you through an email but hopefully Digital ocean or linoad will be allowed to send email The problem is you're still going to have a lot of spam You're going to have to try to get it unlisted because even if you grab a random ip out of digital ocean Uh, they actually talked about this on two and a half avans I don't know if it was digital ocean or linoad one of those two Microsoft just decided not to receive email from for three months and it was a discussion They had on one of the podcasts. I thought it was kind of a funny one But it was all things microsoft just decided there was too much spam and the way they saw the spam was they blocked large uh Blocks of ip address in range that spammers use this is one of the reasons i don't bother with mail servers They're just not worth it because you'll end up you end up with it working until it doesn't and when it doesn't You're really aggravated because you're like oh look microsoft decided digital ocean We have now blocked you from port 25 and what do you do? And you you can't exactly influence microsoft and you certainly don't have the pole digital ocean does And uh, it's just a real challenge when it comes to sitting up mail servers. It's just one of those things that Yeah, um I don't know. It's a it's a tricky problem. I wish you the best of luck, but that is a solution to it um, the next question that someone had sent in it's actually the same person i had the uh um same question about this right here in terms of the uh The brackets they'd also asked about this and i've i've covered this before in its own video about setting up cameras But the question people always have is if I put these cameras on there Do they need internet access? So it says I know some uh, may bring it over here I know some smart home options uh some smart home options with cameras like you the iot land is where home assistant should live Um, no, and I don't have home assistant iot uh land Do you have any rules? So please allow your home assistant talk to the camera land if you do What do you do in automations and home assistant and cameras and land and I say the way you do that In in home assistant and let me pull up my pf sense because I could just show the rules But when I do my home assistant video, this is the part I probably should dive into a bit You end up creating very specific rules to allow traffic across here So let me get finding the spot they're asking for And it's this rule right here. Let me just uh, share this tab and edit the rule so the camera land blocks internet access but um, if the source is 192 168 60 15 the Synology nvr specifically and the destination is 172 16 16 12 That's my home assistant on my other land If that's the source and this is the destination We're going to allow it to pass the traffic Now I could go further in this and say hey instead of protocol any I could limit the protocols But I don't uh, whoops I didn't pull that up. Um But right here is the whole rule set I'm saying that my Synology and I do this because there's more things I could get more granular But I'm not worried about it much my Synology is allowed to talk to home assistant And because it's a lot to talk to home assistant, it's You know, someone could call me out on this. I should narrow it down to Uh tcp and then port 80 so it's only because it does webhooks. Uh, that's the part it needs to talk to Actually, I think there's two things it talks to I'd have to sort out what ports it's using and I could add them in there I didn't leave it at any because I'm just not this is not my huge worry um in terms of uh security but My Synology is allowed to talk to my home assistant This is how they communicate and this is what allows my home assistant to be able to easily see things like All my uh cameras and it's able to turn my lights on and off and it's able to create actions on this So uh, you just create a rule from you know to allow from one spot to the other spot. That's what solves that problem Good evening. I run an issue as a pf sensor to career cap to portal I couldn't make whatsapp call any solution of that. Um, I don't know why you wouldn't be able to make a whatsapp call my guesses you would have to authenticate it through the captive portal and something wasn't authenticated Um, not really sure. I so rarely use I hate captive portals. They're a pain. They're always causing problems Uh, they're just all those things you spend a lot of time troubleshooting There's not like an easy snap my fingers type of answer with captive portals And you are right. Jim salter always sounds exasperated when he's disgusting email hosting Yes, anyone including myself who's done email hosting or jay from learn Linux tv We are exasperated because we have dealt with so many problems the email hosting It's pretty much come down to google and microsoft do email hosting google controls the consumer market with gmail microsoft controls the Biggest part of the business market with their office 365 Everything else in between is some level of disaster and well They're not sure big enough to mitigate it and have somebody you know it microsoft unblock your domain Um, that is just where the problem is google has some of the same issues when someone gets on a spam list You might be there and then you have the email blacklist checkers and things like that So Dealing with email is exasperating. That's that's just the way to describe that I thought i'll doing a video on it. I can't decide if it's actually good for the community You're not for me to do it. I would just end up ranting about what a headache it is Like do I invite that drama into my life? That's the real question about the email stuff The it's a mess. Um The next question was about the zima board we have we have a zima board. I'm running shurnass on there I'm working on a video for it But someone had asked they said hey tom, you know, what about putting uh, best way to set up ssd For cash drives on that If you are thinking you're going to get performance out of a zima board You're not matter of fact the zima board only has two and a half gig ports in it You're not going to get performance out of it That I wouldn't waste the money on cash drives. You could put the money towards the u server That has some cash drives in it. So I don't think the zima board will be the performance or ideal performance situation for shurnass, so Yeah, that other question. I mean, hey, I get it. It sounds like a good idea also cash drives on zfs I've got a whole video called demyst They've just right up started called demystifying the cash. I have like it says like zfs cash explained I think is what I titled my video. There's so much nuance into the way the cash works That's one of the things that try to tell people is like It's just not as simple as you might think it is Therefore you should really read into it before you waste any money that your best money on zfs Is always spent first on memory Lots of memory then figure out how much storage you need then then go back and figure out There's still budget left for memory if you want performance on zfs you throw memory at it now This is where the mistake comes in where people say zfs is ram hungry. I see no It is not ram hungry. It is ram efficient It will use it if you give it to it, but if you don't give it ram It works fine. It'll keep plugging right along and you won't won't have an issue with it Um Have my system I like to log into that we'll pull up over here We'll log into it here Throw it back up on the screen And look look I still have half a gig of my eight gigs free On a zfs system, which by the way this has um 21 terabytes available so it's You know, I'm only using 17. It's just a backup system And you can run it on a low low memory environment. It'll work. It's just it's not performance If I want that data back, it's gonna take a minute It could take a lot of minutes to get the data off, but I'm fine. It's uh, it backs up all my videos If it takes several hours to get my videos back. It's not it's not a big deal. It's not a Not a huge problem That's something I'm worried about. Um, I I'm just comfortable knowing that the data is there and I have access to it If I need to Um of note, what do we got here? Let me see if I can pull this one up um So I am running now Pull this tab up The latest version of pf sense 2305 release I was already running the beta And uh, it was working great. So I went ahead and loaded this one. I'm working on a video for it But I'm pretty happy with it. So I it's been You know came out just yesterday. I've only had it running here for 11 hours But I was on the beta before so Not not any bugs to report You have eight gigs with your network though. Well, it's only a one gig connection on that so the the bigger challenge is Getting data off here one it's only got four drives in it And those four drives are not particularly fast combine that with the uh network connection in this is you know, it's it's kind of um One gig interface So with it's only a one gig connection I'm limited like even if I had a faster connection. I'd run into the limits with the how fast the drives can serve it up So it's going to take a while to copy the data, but I'm not worried about that Like it's going to copy how it copies and you know, if I have a catastrophic failure of my flash system Then I'll eventually have it all restored. Um, it just won't be restored fast But I don't really need to restore it fast most the majority of my videos once I'm done with them These go in the archive So if for some reason and there's also a cloud copy of them as well But the way it works is I have active projects on a flash array Um, then I slowly migrate old projects to spinning rust systems And it's not often I want I don't know what to do with all of them Like I I haven't often referenced Any of my old footage and I'm kind of debated about like hey Do I need to keep any of this like should I get rid of uh some of this old footage? And uh until then because I'm not out of space I'm going to keep storing the footage until I'm going to be forced to deal with the problem And then probably just purge it because what am I going to do with the extra b-roll from a four-year-old project like I don't need it that much and a matter of fact I usually because I already pulled the best of the b-roll into the main project Um, I would probably just reference the video again If I wanted something out of it. So um in all the years I've been doing youtube now So I've got so 2017's when I built the studio. So let's say Roughly from 2017 on forward that is six years now Of data and I've not referenced it, but just a couple times So six years of data was only a couple times referenced. I'm probably not too worried about it Not not really a big deal. So I'm like, yeah, you know nothing nothing too concerning On to another topic and uh, let's talk about cyber security again. I'm doing another talk So I thought I'd pull this up Actually, there's a couple things we can talk about here I get all queued up but this one here Let's go zoom in share the tab um, I'm doing another talk and It's a fun talk. It's a code of armor building resilience Uh against cyber threats for developers So I put this together and what's going to be is me talking about The targeting of supply chain developers And I'm going to be doing this as a private talk But even when I do a private talk because I like to have a lot of resources for people to read further You know all the sources I built the talk with and other times There's suggestions in order to level up your understanding of a security topic But I posted this here and I can drop a link for anyone interested Copy link to post And throw it in here There we go. Um If anyone wants to comment or throw ideas out there So I do these because I very much believe I am not the smartest person I very much believe I'm smart because I interact with the community And I'm always trying to be around people smarter than me who might have answers to questions like this And I can put the talk together. So I know what I am going to talk about I have quite a bit, but I always you know, sometimes there's that little nugget I get handed by someone that little you know extra thing and I'm doing this in the in a A couple weeks the talk itself is for a private event, but the um I still want to make it publicly available if I take the effort to put something together Even if it's for a private event Unless they pay me or for exclusivity at the event, which just doesn't happen But if it's if it's one of those things I can put out there and send you a youtube video Where you can get educated too for all the time I put into it. Absolutely Um I want to make sure I can share that information out there Did you get a chance to play with uh, ethernet fire fire ethernet firewall if this firewall is like a book communications within the same Vlan so You can't um Hold on before you do that. I'll add context to it, but keep all your old footage. I know I think about it I I think it's a good idea, but we'll figure that out Let's talk about this other question you asked here because there's a lot more to this one That won't work and it's kind of a fundamental for how networks work, but we did turn this on. I believe I have it turned on Let me see if I have it turned on in this system we do So we can show it. So this is a new feature of um pf sense Because this is the new 2305 version and what we have here is I need to zoom in there we go Ethernet rules you're like great. I can now control Specifically we'll look at like if we would the lab 101 we'll grab that So this interface direction inner out protocol We're going to look for an ipv4 protocol source single host destination and what these are is layer To filtering this is a new feature they added but The question you asked is can it do enter vlan and the answer is no it does not It doesn't block things within the same vlan or land really you're you're saying subnet Vlands are a logical way to break things up whether you know So you can take one piece of cable and have multiple subnets on it vlands is a methodology to do that but the problem is If you look at it from the broadcast domain when something's in a subnet, what does that mean? It reaches the gateway if the request which in this case the pf sense is the gateway It reaches out to the gateway When the other devices are not on that same subnet So if we're both in the same subnet and I have an ip address of 192 168 dot 1 dot 8 and you're 1 dot 10 and pf sense is 1 dot 1 It doesn't have to ask the gateway it knows you're in the same Subnet therefore it's going to talk directly to the other person pf sense has no effect on that So this won't help you at all in terms of if it's on the same vlan or if it's on the same land or the same subnet However, you want to word it But that's just not going to be any different. They will Not be able to do that This is for it has to go like through and route through the pf sense for this rule to apply I've played none with this. This is not a feature that I I find it interesting. It's developing it I don't think it's often I get a request for it So yeah That's um kind of a kind of one-off one so Hi, tom for wi-fi security. Would you best use w2a? I'm just gonna for each user or simply do he personal but with enforcing ssl vpn into f a access to our resources Um I don't understand where the vpn comes in at all Like you want a vpn inside your network? I don't I don't understand I I may I'm missing the use case for that a vpn I mean you someone asked me if you could encrypt all the traffic even inside the network and like you can vpn inside of a network It's possible. Um, it's not likely something someone would do But in terms of wi-fi security you yeah, I mean The thing about when you use wpa and you have a good password for it It's not arbitrary to crack despite what somebody may tell you that it's crackable anything's crackable at some point If you do wpa enterprise with certificates now They need more pieces to get on to your network. But is that what you're trying to protect? This is um, where I kind of got to do a video on essentially zero trust what it means and how people get that wrong You want a vpn to secure? authentication for users leaving the enterprise Like you I I still vpn to secure authentication You leaving the enterprise Leaving like there you want them to use a vpn to get outbound connections um It sounds like a really complicated setup But I'm not sure this is where I'm not sure what threat you're trying to mitigate against This is also one of those things where if you operate and build your network under Essentially what's like an assumed breach model where being on my network doesn't matter much matter of fact being on my network I mean I'd ask how you got there But if you're there you're not exactly just getting into everything If you hit my like there's no known vulnerabilities right now in true nas for example So let's say you're on my network you can hit my true nas, but you need a vulnerability to do it And unless you have one ready, um, well, you know, so um With p with a psk users leaving the enterprise would be able to connect to the wi-fi Unless you rotate the psk Your your goal is to Get rid of the users When they're not like so you want to have someone leave They leave the company and you want them not on your wi-fi anymore and you don't want to have to change passwords That would be a use of using like the psk and authentication like Large company has an ssid You have to set certificates up and that way you can you know have a per user certificate that way you can revoke Said user who no longer works here now you can remove their certificate. Yeah, that's the best way to do it I mean vp ending seems like A more complicated way to do it most of the some of the large companies that use it like places my wife has worked um The the thing they usually do is the certificates are installed on the laptops that are per or whatever the computers are the equipment supplied by the Uh company they they have them my wife's laptop is you know, she works for a large bank So her laptop is very locked down. You can't even ping in on the network. So if they You know get rid of if she quits the job or turns that laptop in Um, you can't you could extract stuff on there But there's a key and everything's assigned to her that laptops assigned to her and that's what locks it down It all depends on how you do your application authentication You know, some companies just have a big wi-fi because they don't care because it doesn't really matter The wi-fi is not the method by which you get on the things And this is also where um, I just remember the company today and they're rolling out a trust system based on Using it with tail scale and because they're tagging the devices So users are going to get acl tags and tail scale to assign them resources or building out the infrastructure for this So you basically the user Is an assigned certain tags like you're allowed to operate your tag says you can get to this server this server because these are the Privileges you need for your job And the way you do that then is it doesn't matter as long as they have internet They're now then tagged and then it brings them to the authentication of each of these servers But there's different ways of doing it It's just a matter of figuring out exactly what the goal is when you're doing it And in what's manageable. That's always what the it all comes down to what's manageable Uh It's always always the fun with all this stuff What you can do what you can do well Next topic besides the security one and a pf sense one. Let's bump over to this real quick because I think this is cool Now this shows just a mature company in terms of the way they're doing it These are the the people over at xcp and g the team at vates and this is a dev blog update Unleashing the power of a unique atomic design system and what they've done is They've really stepped down and came up with a standardization For how they're going to roll the design out for xcp and g and xo light So they're adopting color screen color schemes for light mode color scheme for dark mode putting it all together Setting all the buttons you you build out. This is like here's all the elements that are a standard in our Guidelines for our developers once you have all the set. It's just really nice ui stuff Now we can start looking at how they're going to build out the tree How they're going to build out each one of these how the uis are going to look for it And uh, it's just I can't wait for the new version I'm just like so happy with the way all this looks. It's such a nice modern design And it looks okay in light mode. I think it looks amazing in dark mode So I'm really like there's doing a nice job on that It's uh, this was just announced. I think today they dropped all this on here, but Yeah, it's just really cool to see Uh, where they're coming along with it how they're doing the design. So that's another thing. I'm just excited about um, this project is really Like from when it started it it was pretty cool It's become not just like a good way to manage virtual infrastructure but it's become a Easier way to manage it. It's become a a good ui experience. Which who thought you know, you have soft to unify Unify created such a good experience with network management and now we're seeing virtualization experience and I'm seeing awesome uis for this I think this is just Really neat to see all these pieces come together like that. It's just really cool Hi, Tom. Thanks for making a amazing Trunas content. I have a Trunas on a single SSD right now Can I create a mirror boot pool without reinstalling Trunas? Um, if you look there's a Uh, write up on it I've never done it, but there's there's an instruction how to Add a boot mirror after the fact. I've never done it though so, um the Ah the trickiness is it's kind of risky to do the easy answer though is to Grab a boot pair install them. You know, grab your backup file the config backup Then reload pfs reload Trunas on the new setup boot pair and then restore your config file And that's another way to do it that way works. I think the other way There's a way you can take and join something in to do it I don't remember. There's a process someone has written up in the forums on that You don't like the pf sense. You think it needs a new ui The ui and pf sense is one of those things it's People will be angry if it changed But new users always are like, hey I like to see a new ui. So I kind of get it like It's it's it's not the most intuitive from day one Uh, and I'll even complain about this right here under diagnose. If I wanted to reboot it Why is that under diagnostics? What if I want to shut it down? Why is it called halt system? It should be under system Right that makes sense But it's not so I uh There's things I could certainly concede to be improved But it's not I think where they're focusing your time And there's a lot of challenges, uh with firewalls And the more complicated you end up making certain things or you end up taking away from something else There's a finite amount of developers on there. And I think that's just one of the challenges. They don't have, um A ui designer who can jump in Yeah And I think if you know if they if I were to Suggest if I if I were waving the magic wand of where the money goes for development You might say hey that thing travis says right there a uh Dashboard would be nice and I know they're working on it. This is this is something that's in the works Well, if you go into the no ui route, there's vios maker tick has a terrible ui, which makes you use Why does maker maker tick have a ui? I don't know. I'm that's a different problem. Um, but nonetheless, there's Definitely, um, there's always room for improvement, but it is the challenge of where do I allocate the money? This is this is not they don't have unlimited funds. You have a finite amount of resources You know, business is really playing any of those, you know, real-time strategy games with limited resources. That's Running a business the resources are never infinite You have to try to bet on certain aspects of it and hopefully you're doing things right that will progress the project forward And the users forward on it and figuring out a way to keep the funding going and the popularity of the project And somewhere in between you hope you don't get attacked from a security vulnerability Because you didn't put enough effort in one specific aspect of it To be honest, there are no good or bad uis. Just ones you're not used to. Oh, no. No, there's definitely definitely bad uis there's There's so many bad uis There's there's we we're seeing an improvement, but uis are definitely there's some of them that are If you've worked in the uh Enterprise it space and some of that software and it was not designed by people who thought about Ux design at all Yeah, there's a lot of bad uis However, there's so few vulnerabilities to open vpn and pf sense a few patches while other vendors like 40 net have lots of Bones is it the power of free bsd? No, so there's a bigger challenge first. Um for a number of years 40 net has just been Had some really bad coding practices and this is this is at the heart of the problems When you don't have developers who are thinking security minded Because the underlying of many of these firewalls are still linux os's or bsd There are a lot of open source tools cobbled together in order to do it But some companies choose to use open source tools as they are other companies go I can't let the world know i'm using you know this Uh vpn that might be open vpn I must sprinkle my magic upon it and my magic upon it will make it so feature rich and stupid Oh, wait, we didn't think about security. Did we we just wanted it to be magic and better than like just an open source project and then we've now injected a bunch of um You know just mess around it. It's just it's so stupid, uh and 40 gate has been at the top of That so it's just yeah Talking about bad ui. Did you have any ugly 90s website? Yes, I did Man, i'm not telling you what it is though That's that's a project because I imagine It's findable with the way back web machine if you can figure out what the website was. Um That's an oscent challenge if you can solve that puzzle what tom's The oldest website for tom and uh, it's not thomaslaunch.com. It's uh, I own that domain, but that's not the old one Um It wasn't geo cities either. I had a domain my first domain. I think I bought in 95 or 96. It's the first time I bought a domain Um, so if you're good at open source intelligence, when did I buy thomaslaunch? There's a trivia question I don't even have the answer to because it was not the first domain I bought So let me let's pull who is real quick Who is thomaslaunch.com and when did he buy that does it even does it have the original date in here? 2001 so yeah creation date 2001 So I did buy that one back then but yes definitely tom there Was it about my truck? No, it was a nerd site. Uh, it was not there is the truck I what is the truck I had back then that would be the real Do I have a picture of one of my old trucks? Maybe not Yeah, that's the dig through the history to try to find that Somewhere somewhere one of my old trucks What truck did I have back then? Actually, I have I have a picture of one of my trucks that got wracked Yeah, the um Somewhere Hold on it might be worth no Thought I had a picture a picture of my daughter, uh, and me when we built one of my trucks This is my is a picture. I had for a while. There it is There we go. We'll throw that picture up there This is 2003 when me building a truck and my daughter playing with screwdriver. So yes I did have a bunch of old trucks. I used to build hot rods back then out of trucks and things like that. So that was I had a I had an orange truck. So Yeah The um the different all the fun vehicles I had I thought I had a picture of the orange one. It's it's buried somewhere The orange truck was after that truck So many fun things Looking thought I had it maybe not Oh, there it is That was the other this is what that so you start with that mess you see and then later you go and you build something That looks like this um when it's done. So Yeah, those are those are projects time used to do before well I'm still doing tech that tech is what funded all that because those are expensive projects Uh, do you still reckon a mobile laptop and a pixel phone pixel phone? Yes, but I went with the dell laptop And I don't remember the model. It's the dell laptop that has the OLED screen I went with it because the OLED screen Works really well. Hey, just want to say hi tom. Thanks for your videos about sharing crash cameras I'm super happy with them. It's a little funny that my robotic lawnmower sometimes detected as human There's a cat that the amcrest not every time But once a week, there's a cat that gets detected as a human I don't know why I don't the cat just it gets in the right position in the driveway And it's like human detected and uh when the human is detected in my driveway or vehicle The uh amcrest cameras trigger home assistant to turn all the lights on so That cat gets scared off because the cat the cat doesn't like when all the lights come on. So but yes, that's the thing That is a challenge that happens Probably have a video of it somewhere. I can share but it's definitely it's the one downside of those as you get You get some of that See if we go to the recordings And we look for What is it called? Advanced event. That's how they refer to it then the camera is going to be driveway and we'll look for the cat This time it was a bird I don't I don't know either I don't see a person but see how the lights came on the lights came on because it thinks there's a person It said there's a person this bird apparently but the birds are there all the time They don't set it off every time but this particular time the birds set it off Because you notice there's not there's not that many events that are at night because the night's the only time I um Looking for it. So here's another one. This was what? 518. Oh, this was actually me coming home So there's not that many it is I know the cat if I turn into like motion events the cats there more often We have a few yard cats that just kind of wander around. No, that's me Someone's actually me Yeah, so there's not many of them. Hey, there's me loading motorcycles Here I almost Interpret easy So it's still human shape shifted as a cat Now if there was six cats, that's a whole different thing. So if it was cat six No, unfortunately, you're not going to be able to get amcrest cameras working with unify protect unify exclusively works with unify and Unified cameras technically can work with a Synology that can be made to happen But the unify cameras or the unify nbr only accepts and connects to there might be some hacky way Someone made it work, but i'm not aware of any It's not designed to do it at all as part of the way they Designed it was just to really keep you in their ecosystem The cat story is absolutely hilarious I went from having several hundred motion detections alarm false alarm station to finally be able to use notification system itself you can Probably the cat thing doesn't happen, but maybe once a week the cat goes by more than once a week It's part of its track. It goes between my yard in the neighbor's yard another neighbor's yard But it's only once while it gets sector human what you can do Is inside of each of the amcrest cameras as you can go through and fine tune the settings to Try to eliminate false positives on it. So there's ways to tune it to make it better That hopefully help but overall It's a um It's just kind of tricky. It's it's It's just not too big of a deal. It's really how I feel about it Um what that once in a while notice I get like a whatever as I don't want to make it too not sensitive where Someone's in the driveway and it doesn't do it But so far I don't know where that threshold is because right now the threshold is pretty You know for it's still pretty low. I have plenty of room to go up It it never not detects a person so many times there's a person In the driveway it always sets off a detection. It's very consistent at people and cars It it's never missed on but I don't want to tune it up to the point where you know, it it's uh Like that percentage or whatever scoring system it uses Eventually tells me when there's no person in there That would be bad that would that would defeat its purpose altogether All right, did I get any more emails because I'm going to wind it down here if I don't have any more All right We do have some feedback on the Home lab show too. I got a similar bucket for that me and j Um We just didn't have time to do a few of the home lab shows because I happen to be traveling on wednesdays Like when I was for msp geek on so uh because of some of my travel schedule, I won't be able to do that But Good day there Just upgrade a true day of scale had to set up some apps in Uh apps with vlands Hard to set up apps with vlan. Oh, yeah, is it hard? Yes Uh, they don't make that easy. I'm going that out there. I don't even have a video on that as a topic I'm kind of wait till it gets a little bit more interface stable and then I'll do that as a topic But right now no, um, it's it's challenging. We'll just say that There's also let me see if I can find this article because I thought this was interesting This was posted the other day there's kind of Let's see if we can find this by searching 2023 tools past week what I think this might be it and what I want to do is cover some of the problems I've run into about this so People were complaining about this off the chunas scale and then you know the number of people that want to talk to me about Unrayed I just don't use that I don't have anything against it use it if it makes you happy but one things I noticed was This is right here from this article. This was a comparison of unrayed versus true nas Uh and pricing both nas and most concerned for factors for consumers in regards to your nas the better choice True nas core version open sourcing completely free time for the home user's demand storage Of course, there are two versions requiring some prices of our services. You can choose them based on your demands And maybe this isn't the one this sounds like a copy of the other one and One of the problems they had was they actually said you had to pay for true nas scale. That's not true and that was where some of the um Aggregation I have with all these articles that pop up is the number of inaccuracies it's kind of Annoying to me. Um, that's why I've been trying to make those charts when I compare things And I don't know that I want to do one for unrayed unrayed technically is a close source paid product It's not I think unrayed pricing. Let me look at how much unrayed costs unrayed Cost I think your pricing is cheap yeah I mean That's That's not some crazy pricing So 59 dollars, uh, you used to try for 38 89 dollars for 12 of the statutory races 129 for unlimited um By once used for life. It's it's not a subscription. It's a one-time fee to use it I think their pricing is very reasonable, you know and things like that But it's just weird for the you know the article To talk about the one I'd popped up because it got suggested in my little news feed You know, I look at the news feed on my phone once a while and it has different suggestions for things And I was like, man this article is just wrong and I think that's either a they're having these garbage ai systems Write these articles, but I've seen this repeated before where they keep saying true nascale costs money It doesn't true nascore and true nascale. You can download for free um true nasc enterprise is a Same version, but basically you're buying enterprise support. You're buying a support package And you don't have to buy it, but enterprises do Get it. So there's a cost for that, but it's called true nasc enterprise And you would probably assume by its name true nasc enterprise that it's a paid version Like if you were just guessing if I laid the three versions out true nascore true nascale true nasc enterprise Which one of these three do you think costs money and you would probably guess right? Yeah, so unrated price tiered based on number of storage devices. Yeah, it's not I don't think the pricing's bad on it I don't have anything against the way they price. I think they're very reasonable But I don't I don't use it. It doesn't have the performance of true nasc And I'm just not worth it. It's not worth it to me to go try to take a time to learn it either Having more options for how self-hosted non-cloud is good in my book. Oh, yeah Yeah, I the thing is people arrive. He's asked me to do videos on it. I'm like, I just don't have time I don't use it and I don't have a use case for it And I already know there's someone else who does videos on it because they do Manufacturers a few people not just one person or several there's several people who already have videos on unraid In you know, they seem popular. They have a decent amount of views. I'm like, then they're they have a good community forum so yes Have you seen the new ingenious on controller software? They're becoming more like unify every day called ingenious fit on prem um and ingenious is hot garbage so We we've looked at that and we looked at the first version the second version I I quit looking at because it was so poorly written I'm like I get where they're trying to do But here's an example. So ingenious sends me a switch I tried to review the switch, but I find the documentation bad I talked to them. I tell them what's wrong and what needs to be corrected in documentation They choose not to correct it Then I do I go ahead and do the review makes snide comment of I They have the settings wrong. Here's how you set them up, right? And by the way from the product was sent to me I did the review within a month or two because I wanted to actually use it for a little while So I stuck it in some stuff. I was doing in my lab Then they discontinued the product who sends a New product to someone and then discontinues it and genius does that's who Um, I don't get it. I don't trust that they have A solid plan. So I wouldn't want to bet anything on their equipment Um, I I you know, I feel like they're well intended but disorganized So I might be fine for home users, but I certainly would not want to bet anything on it Any decent videos on pf sense and ipv6 not from me. I don't use ipv6 AI firewall optimized software that sounds Like someone's pitch to get money. I don't think there's anything practical about that yet I've not seen anything that would make me want something like that Um, I mean, I've seen people who tell me I'm positive There's a bunch of enterprise companies that have an auto learning ai firewall that magics the packets to make you more secure I don't think I've seen anyone actually do anything that truly magics the packets until they make you more secure You've used an unread for years. It's great for what it does sensible flexible nasa Sim ah run our words here simple and flexible nasa with decent app container support It's not an enterprise nasa by any means, but it isn't meant to try and be that yeah I mean, they really do target the home user market, which is fine They made an affordable nas that is expandable for home users. Hoorah. That's a good That's a good thing to have in the market space I just don't need that particular thing for me personally, but that's why I tell people I don't know any reason for you not to use it. I don't think it's a bad product. It's not like a zike cell It's it's not like They're not in the news for a security vulnerability every day. They're not q-nap who also has security problems constantly. So Yeah Happy a number spacing unifies equipment. Thanks for sharing. Yeah The the you know the I want to like ingenious stuff I mean they had a few things at a good price point. The weirdest thing is here's a here's an ingenious story They mailed me another switch and I've not heard anything back from them We went to test it and then we were we've been scratching our head because it's not listed anywhere You can't buy it. So I kind of said why would I review this when nobody? Nobody not even amazon has it and the people who have it are some of the suppliers and I see Kind of have it. They have a listing for it. It's so expensive. It makes no sense The product is so overpriced, but it always says out of stock. So it's kind of moot point So I don't know if that price is what it's supposed to be And she just doesn't have a price on their website for it But yeah, they sent it to me I never reviewed it because I'm like, why would I review something no one can have And if they did decide they wanted it, there's a one website that listed it But it also doesn't appear to ever be in stock and it's also double the price of anything similar in the market It's so expensive. It's it's almost three times. What do you think we cost for the similar switch? So I don't like I don't understand a genius like they just mailed it to me Like well, they said, hey, do you want to switch you want to review a switch? I said, yes And they sent it to me. So there was some back and forth But when I got it, I'm like, when's this going to be available somewhere? And I don't think they ever replied and I never reviewed it Uh, so there's a meaning that would not end. Did you already read blogs? There's the email about Zima boards? Yes, I did I don't think you're uh, barking up the right tree if you want to put ssd caches on the zima board for performance The zima board is not going to be your performance choice. Um, that's just the bottom line It's not going to have enough memory to do anything performance oriented when it comes to that So could you put them on there? Sure. Would you want to? I don't know that it's the most effective use of money Your money would be better spent upgrading to a more complete system For nas rather than trying to stick money into I says now for a learning experience the zima is fun And learning what happens when you remove a drive assigned to cash that could be fun Um, but from performance standpoint, I mean, it's just not that fast So not where not where you'd waste the money for performance on that So we did cover that um, was there anything else anyone had any any other things before the class before tom winds it down Because I am out of water I have some videos I want to actually sit and record the updated pf sense because there are a few more things I want to talk about with pf sense 2305 um that For i mean the i've only found one thing that make you know throw this out there So, you know, those of you that are watching they're curious about this If there's any reason not to upgrade to it and the only thing I found exclusively is this and it's going to be Let me get this pulled up It may be fixed by now because this is from this morning Let's uh this Share this tab And we'll read together and see if it's fixed apparently uh syslog ng is broke That's the only thing I know of that's broken the 2305 version. We've updated a few systems Actually, it's fixed. So all right Oh, so they if I so this is already even fixed So the one which is one of the reasons I wait to do the video because they're actively working on stuff And when there's not many bugs or and they're kind of they're really minor their small changes So even this one, uh, which was a syslog ng bug has been fixed So awesome I love the unified products off wonder for good quality products need frequent updates I get the part for updates or featured assets bug fixes and whole patches. Yeah Uh, there's just there's a lot of feature There's so many edge cases when you're producing At the scale unify does so there unifies actually pretty good about I would say There's always some bug fixes. It's just the nature of writing complicated software There's always a level of bugs that are in there and you're just gonna have that that's just Uh, the nature but they're always pushing forward for better features. So that's also why there's a lot of updates Why don't we start then real sir eventually maybe one day? I don't know. I've been so busy. I haven't had time to play games Pizza for marcus me and marcus had pizza. Um, that's why vlog Thursdays late If I compare you big enough sysco boxes, which don't need iosas frequent. Can you comment on that? Um, yeah sysco Sysco probably a little bit less frequent because they're not they're not pushing more features into their boxes That's probably the biggest reason because the bigger list from ubiquity Is usually feature updates more so than it is Um bug fixes. They're just trying to get new features all the time now part of it's their own fault And when I say their own fault, this is a complaint I had like their vpn They could have put normal vpn from day one, but they chose not to And by choosing not to put normal vpn in there's been a ton of updates to Essentially bring it back to normal vpn. And I don't know why like why why did it take them so long to do this? I don't have a clue. Um But they did so It's like i'm happy they they've come around to it. They said, you know We're gonna do things normal. We're gonna go with a normal vpn here Um, so there's a lot of updates that brought us to that Uh, thanks. Just enjoyed listening a while. Uh, I was adopting Ubiquity 24 port poe switch to my home network You know something else worth noting if you look at the unify updates Because they're doing everything in a centralized controller that sysco doesn't offer in a coherent way That's a big piece of it because it's all centralized and there's so many things that are updated off that one controller software There's always going to be more updates because there's so many things connected to it. So that also drives more updates Any updates you can share on the zero, um, it hasn't exploded. I think that's an update. Um, it works. I Haven't really done anything else with it. I let it run for a little while just to see if it crashes. Um But i've been too busy to actually test it because i've been i was i've been gone at events So I haven't really done much to it Greetings from seattle awesome um there's also A few mini rise in systems that came in and those are being tested by my staff They uh, they're testing those out and playing with them. I mean the staff's up to zima board too It always creates opportunity for them to do things like that So I have them, you know poking away at it getting things set up. It just helps me Uh, get more done because that's kind of the always the challenge Thanks, you brought up some good points. Yeah with the unify stuff, like I said, they just Let's pull up like the latest, um unify What was it seven point fours and release candidate and if you look at, um It's mostly improvements like Port they're tuning this making this better improved Ux added support with ip db gmp proxy Added hover over for network names This is mostly added added added added improved. So there's some fixed gateway configuration or signing to their port profile Uh with unsupported link speed, you know edge cases Uh fixed validation errors after autoscale networks Uh fixed spam and trigger logs, uh caused by broadcast graphics interesting So there's always little stuff Fix unable to save firewall in rare cases And part of my question for sysco is do they ever fix the bugs or do they just like oh the work around is to just do this thing You know, that's uh a big I don't know some companies just let you suffer through with quirky software I am a i'm transferring 5 gig movie files Um to my zima board at 115 mag. Yeah, I mean it's fine for that It's not going to be performance in terms of small rights, but for things like that. Yeah Yeah, and kody knows because he covers all this stuff, you know added an open vpn server like This is something that most every even dd wrt all these other firewalls all have this and I don't know why but for reasons we can't quite understand on the roadmap of the world of ubiquity They didn't they did something different And they eventually Decided to do this So I don't understand like what what made them Like do it the hard way like we can't use normal open vpn. We have to completely come up with a Uh different way of doing it that's different. We're innovative. We're so innovative. We don't use vpns in normal ways So we're gonna tie it to a cloud controller that you have to bounce off of that you log into the cloud controller to Bring back the config from your firewall like why? Why did you do it the hard way? Yes, cisco does bug fix bugs what they usually do it is accumulated bug fix Yeah, they do their roll-up patches and things like that Up I need to update me. Even if I control I'm gonna just write an answer playbook to install everything Yeah You can do it. You can automate the updates on there. There's there's subscripts for it They already exist so you can grant them yourself or you can borrow somebody else's The g4 doorbells in stock that's interesting. I just don't have a use case for a doorbell. That's um If you my friends have asked you I'm like I just I don't have a doorbell I have a camera that can see my um porch and I'm fine with that Um, that's all I need. I never want to talk to anyone on my porch I The porch has intrusion detection so I can just tell it to Um, pull up the camera monitor But yeah, I can just look at who's on my porch with the camera and I'm fine with that We'll pull it up in there. I like the package cam at the base of the door German shepherds make for good doorbells. You're not wrong Oh, look, I wonder if there's a package Hey, look a package like I mean, I know when there's a package because I have a little you know, I can get a notice When there's an intrusion detection on the porch So, yeah, you said the intrusion detection system for that Question do you see a procedure a feature that tp link omata? You know if I want to be you can gain more popularity ubiquity given they don't seem to have supply chain problems like ubiquity does Um, even the ubiquity supply chain problems are not that bad most of them now are demand Instead of just being out of stock I don't I tp link is kind of just a bad copycat. I don't really I don't know. I don't get the right feel from them that they care about security that they care about product life cycle They just care about making something like ubiquities and making it just a little bit cheaper and There's a some weird. So we've had some consulting jobs Because we know enough about them that we took on some consulting with them There's some quirkiness with them my network engineers like, you know, when the rubber meets the road They're like these things have some bugs and I forget what it was and maybe eric will come on sometime and talk about it But there's definitely some solid goofed up bugs inside of the tp link. We've had to deal with I have the door pros way easier to do than try to wire a camera in that area of the house Yeah, if you already have a doorbell that's our thing. I I ran a wire to this area of the house. So Uh Think your camera mic is on. Oh, you hear the chimes Oh, that's funny We hear the cameras, that's funny too. So we'll stop sharing We'll stop sharing that so that's funny Yeah, I can't hear it. It's really weird because it loops the audio in From the tabs I share which is kind of funny So, yes, I I can hear who's on my porch too. In case anyone's wondering I can see who's on my porch I can hear who's on my porch. I just don't have the two-way option to talk to who's on my porch But I never want to do that anyways. I never want to talk to them They can tap on the door. They want I don't want to let them in or I do want to let them in So It's I'm simple like that All right, but I cover all the topics today That's the question So I can go back to I have a few more things to do Yeah, it's funny because I see the sites muted, but I don't think that works Oh, let's see. All right. Well, thank you everyone for joining Much appreciate all of you being here. It was great. Um, if Maybe tomorrow because I got a lot to do over the weekend may tomorrow. I'll do in our live stream I want to do a few more and I try to figure out the best timing to do it That's always a real challenge one or people on if I do a live stream Allegedly sundays when a lot of people are available, but I'm going to be out and about this sunday So sundays have been hard because I'm trying to take the weekends off a little bit, but Nonetheless love hearing from you vlog Thursday at lornsystems.com and uh, if you want your questions read on the air That's where you send them to you can always find me in the forums forums at lornsystems.com In the meantime, thank you everyone for joining. It was awesome chat with everyone and uh Same time works Same time works for the land down under. Yeah time zones are fun. I got you know Sometimes they gotta shift up so I can do it in the morning sometimes do it in the afternoon and uh, it's always fun Oh, even slaggle is over here so All right, man. Thanks everyone and take care