 Just as I take a drink of water. It says live. It was spinning for a minute. I thought I had more time Welcome to vlog. There's a number 350 ace magic testing tech talk and live Q&A and there's something on my glasses. Apparently I touched them I want to jump right into this ace magic before I start getting way off topic. It usually happens here Wandering around topics. So let's see First time from Seattle using your new router. That is awesome Always good to test the packets when you have a new router going and I There's a challenge I'm having there's something right there I got most fit off. I got enough that I can it's not a thing There's the word. I don't mind that I've had that I need glasses like I put it off for too long I don't mind but boy. I learned how much I touched my glasses Not not the best thing but back over to the topic here these ace magic devices I have A few ideas that I'm really working on for the video for this So I'm trying to figure out how to make it a little bit more interesting or exciting on the review and I'm gonna Someone's going to celebrate this. So I'll go ahead and it's not that I'm switching to proxmox But I've been playing with it. So I will be loading proxmox on these as part of my testing Just so I can give a well-rounded like hey, I try these things on this Device and it works with it. So I think these are pretty cool overall and I they're really interesting to me because Wendell's mentioned this before and so a few other people and I think this is really going to start changing As these really powerful low wattage devices are coming more and more available to the home lab I think it's really going to change the dynamic of the use server market Because why would you want a use server that yeah, there's some nice things if you have a nice use enterprise server But with electricity costs going up and the amount of power you get out of these little devices for a reasonable price point This is not the cheapest of the mix here but it's I think there's just going to be a change up that we see over time to say hey these low powered computers and obviously You can throw the raspberry pi's into that list too. Raspberry pi 4 being out. I'm Five I not a big raspberry pi channel Jeff gearling. No has been absolutely. I watched his video on it like He's he knows those things inside and out upside down But I want to do back to like these ace magic some more in-depth testing with these So I want to test it with a few different things proxmox is going to be one thing obviously xcp and g's already on here But I'm impressed overall, which is how well these little devices work I think they're really going to make homelab a lot more Accessible and affordable and even affordable on the long term from the electricity side for people to do these Now the bigger concern of course is always going to be what about reliability with them and I bring that up because I have one of these in my hand make the screen bigger and These have weird failure modes and you figure these are not These are like essentially maybe a few generations ago, but like this one here the I think it's the first land Landport on this just died But it dies with the light on and it's a confusing problem like network ports just don't go bad that often It's a really it's not a non-zero, but it's really close to a zero It's just not the concern I have about hardware. Oh, well, they're not you're gonna have a network port die on a You know, maybe in a po maybe a po e switch in a harsh environment Generally an office setting environment like this was in please note the lack of dirt dust I did not clean this this was Pulled out of service only after a couple years because one of the ports died the lights come on on the port But they come on as soon as you plug it in the moment you plug this in They come on and I'm just like There might be some reliability issues that we don't know about because that was in service for a few years and This hasn't been even around for a few years, but I think with these rising systems I think we come to a level of engineering where Even these off-brand lesser known companies can probably make a decent device And I granted this one at 569 is a little bit more expensive But if you grab a couple of these the ability to build redundancy In your network, even if it's a home server network is really there And I think this is we're going to see some big fundamental changes with these And maybe this will kind of bubble up to the server world market too to say Can we build in these more compact uh systems? Wendell's talked about the I believe it's a 2u 4 blade system. That's pretty powerful. Um, I haven't watched caught up with some of his videos I know he did some previous ones with like gigabytes and things like that I think there's just gonna be a lot of changes when we can start packing a lot of power into these small places So I'm kind of excited about that. That's why we started grabbing these just doing a bunch of testing We have our internal use of Want new send out systems like this to clients because sometimes we want to have a box there For collecting data for being able to do vulnerability scanning So we have our own internal use cases, but I'm going to review it running proxbox running xcp ng So we can talk about what the General audience here is probably interested in doing with it And I'll mention our use cases because we're going to be running xcp ng in there and honestly I I've been just peeking this so it pulls full wattage doing tons and tons of writes and Yeah, the the whole um You know Reliability of it's been great. Like it hasn't overheated. It hasn't caused me a problem at all. So yeah, it's uh pretty cool. That's definitely Definitely interesting how it all works Let's see. Let me catch up all the comments here Afternoon Cody Good day from the land down under we have more Australians here today. That's awesome from the uk Looking forward to compare some video. Yeah, and I well the other thing I want to do is I'm going to put proxbox versus xcp ng I I really never thought about doing this. It's not hard to do. I said figure out where the files were I reused for onyx for testing and uh, I'm going to run for onyx on it and then Copy the for onyx results file so it'll merge all the results files together running the same You know set up essentially in proxbox versus xcp and g. So the same virtual machine across both systems to see what the performance difference is. So I need ilo who wants to go downstairs in the basement? Well speaking of that The this box just came in and it's a uh Remote kvm system. So I'm reviewing one of these as well and uh, this is going to be something so I don't have to It's even got wi-fi on it, which I think is cool. I I mean the company sent it to me. They didn't even tell me they were sending it So, uh, I don't know what it is. I mean, I do But it's kind of a novel little box here and I think these are cool. This is the Let's pull it up too. Uh, I have not even booted it up. It actually just came the other day bl icub so the Whoops database connection broken joy There we go. It's this device here and I'll send I'll send a link For people to see Um, but yeah, there's there's newer kvm options So we can control these devices without having to have ilo on them because you're right. I agree with you completely I need ilo who wants to go downstairs in the basement completely agree with you Uh, the tiny pilot. Yes, I've actually reviewed that before The homepage of ace magic reminds me of a different brand. Uh ace magic and another company share Like the same products they go under more than one name. I talked I talked about that in my previous video I linked to both pages and Yeah They're kind of confusing Uh, I saw a twitter post about you scamming someone No, I didn't scam anyone. I have no idea what you're talking about. I even I can I'm looking at my twitter and I don't even I I have no concept to what you're talking about. I don't even see a notification for it So no idea I will I always address if I you know, this came up someone complained last time about something so Let's see here Uh, waiting to see when you mentioned the first post. Uh, that was bizarre I love ryzen. We're looking at Adele our Yeah, the it is kind of cool the more server motherboards that are having ryzens in there and I have some clients with them. They're great Tom has Consistently ignored all of his correspondence weird Oh, okay. I see people are trying to So let's uh Get rid of the noise from randos here I don't know what this person is rambling about. Um There we go Confusing lts and ltt. I don't know I haven't seen it's been a minute since I seen Uh any trolls on a live stream. They definitely come they definitely show up. Well, let's do this There we go That has vps port which is actually pretty dope neat Uh, what do you think of the western digital ultra star? I don't have a lot of opinions on specific hard drives I don't study them We usually get ones like if you look at like the 45 dry state when you're building something or ix systems, they don't They tell us the hard drives based on performance of what they recommend So I don't spend a lot of time like researching what the latest ones are And I think it's kind of cool because you can get some information from places like back plays but Back plays offers you really accurate information about how those drives perform in their environment Um, I actually have a hard drive specialist that is going to be joining me for a really in-depth conversation about hard drive architecture and why it's so challenging to actually pick a hard drive architecture and And understand just the complexities that goes into building them and why it's not as easy as it sounds to actually do Easily reviews on there. So yeah It's uh, it's a tricky thing Thank you very much william for the donation greatly appreciated. Um, what's my opinion of k8s? I don't use them. So I don't have an opinion I see the kvm has a pie four inside. Uh, is that reliable enough for commercial use? Absolutely There is a ton of pies in commercial use for a lot of different enterprise applications Well enterprise usually like industrial applications probably more accurate, but yeah pies are Very reliable the the only thing you ever have a potential challenge with when it comes to pie is usually uh one of those The st cards like if you have a right endurance problem because there's too much writing to it that can be an issue but for the most part pies are very reliable Just a question. I want to install a short cat six sf tp cable between my rubus switches and my patch panels the only thing is the patch panels aren't cat six a well sf Do you mean sf sfp cables and cat six cables are different formats? So i'm not a hundred percent of your question here, but I think you're asking Is if the jack itself isn't cat six will it cause a problem? Not likely. I mean If fish if you're using for home use unless you're using a cable certifier where you absolutely are trying to Uh get 100 out of it great. I haven't done a video in a while. Maybe I should do an updated one I call it. I think it's titled like out of spec cabling, but it works I showed that you can even get with a cat five cable You can get 10 gig speeds out of it even though it's not rated for it So you can usually there's enough overhead and if you want to understand overhead better. I did do a video Discussing cabling standards how they're made with one of the people who makes cabling standards and we talk about the extra overhead So what they will certify for is this but will they work a little beyond the spec? Absolutely when they design the spec there's always a little bit of extra overhead in there. Um, so it generally works I have an ace position with rise in seven running a bunch of plex music server one gig port connector of astrology my nas Uh for the lawn and copy music two and a half for my network for the stream. It works like that Um, this one in particular happens to have a pair of uh a pair of the Two and a half gigs. So the one I was talking about earlier, which is share this tab Uh this one. So I the original one I reviewed just has the one gig and two and a half gig This new one is a model called am 20 both of those are two and a half gig Any recommendations for a 10 gig switch with at least five ports rg45 that won't cost me an iron a leg Oh, if it's sfp um, it's gonna be The unify one Like there's some good deals you can find For 10 gig unify switches This one sold out Here's the other switching that does 10 gig. They have a couple different models that do 10 That are in the lesser price, but that's as long as you're doing sfp When you're doing rg45 the price is going to go up quite a bit, but the unify switches are actually pretty reasonably priced There's just like this one here your aggregation two two 69 for eight 10 gig sfp plus ports Being live with youtubers is like having a job interview Yeah, actual ipmi is nice. I mean the commercial clients we have this that we have these are just fun boxes. I like to test You know, they're fun We don't have any of these deployed at clients what we could because sometimes you have weird controller stuff that you can't control But well you want to control, but there's no it's not something we chose to put in it's something we have to uh Do you know like we have to manage because we have some companies that are large industrial clients You don't always get to choose some of the stuff that comes within The realm of things to be managed. You didn't choose to put it in there It's it's somewhat supported by the vendor, but we also have to be able to access it. So yeah, there's all kinds of fun stuff Industrial pies are a thing even an explosion resistant cases. Yeah, that's probably a lot Do you ever try deploying via uh via infrastructures code? Nope not not really what I do Our xcp and vmr close enough in tech that you can have a mixed environment What do you mean? like I you can't live they're they're Similar in a way that they're both virtualization platforms, but you can't Live transfer one to another so They're both virtualization environments. They're both very similar to each other and When you're talking about the specific use case of vmware vmware is a large company with more products more Features in terms of all the different things that can do that's going to be beyond what xcp and g can do But it kind of depends what is your use case The sd card endurance has always been a concern of mine for a long-term pay use So i'm working on a project that provisions net boot. Yes I have seen that one of my friends had built a whole bunch of those that all were net boot Enabled that way they could just reboot them and have new images on them, which I thought was pretty cool But a long time on my That I wanted to test that Excuse me there goes Uh, it's one of the things I think can be pretty cool to test is set up some pies So I can just reboot them to anything I want It just been most projects. I set aside never really finished cool idea though for sure Great video on the cable testing. Thank you very much Um, if you just look for like a 10 gig look for game changer Cable that is the brand name is game changer. I have a whole video on why that cable can go further than the other cables Mikrotik 10 gig is not bad. Um, the problem with mikrotik is their interface is much there's a steeper learning curve Some people say it's easy. Some people say it's not That's a matter of opinion read through the documentation before you buy a mikrotik It's the things that I would say are easy, you know, I say like true nas is easy I do videos on it and then someone says but it's really hard and same thing with mikrotik I don't do it very often. So it takes me a minute to get through some of the mikrotik stuff But for people who do mikrotik every day, it's fluid. You're like, oh, yeah, you just do these commands and it works So if you connect two ends of a building but couldn't run new ether and optical for reasons Would you use mocha coax power line? Uh, probably point to point if I can't get a fiber run across the building ethernet or fiber I would probably go point to point. We have done point to point on a lot of occasions So your recent video with jason seamen as there's a preference for muraki hardware Over at hardware. Do you guys battle it out between pss and muraki when it comes to deployments? Not always it just kind of comes down to the use cases. Yeah, if you have We talked about a client that has a bunch of compliance requirements and They're just going to go with muraki because it just fits into What their auditor will put in there? I got an argument with an auditor because pf sense will pass compliance But then the insurance company says it needs to be a managed threat management tool on there Someone has to be actively engaged on it. So now pf sense isn't a fit to meet that requirement So there's nuances to it. It's not really a battle It just comes down to fit of what the client needs. Are they in a regulated industry that requires that etc, etc Do you use docker or rather vms? Uh, yes, it all depends on the use case I'm more partial to virtual machines because I like that everything's very segmented and there's less concern about Any type of lateral movement between here, but you know kind of depends on The use case of it How long does it personally take you to Currmp a cat 5en? I have not time myself. I'm really bad at it. I was never good at it. So minutes for each one Maybe five or six minutes. I don't know Awesome found the video More info on my questions. We are replacing the switches in our school with seven locations We want our new cables between the switch and patch panel, but all materials Uh, all material is still below cat six uh I mean, it should work if the budget's there replace it I mean, it depends on the budget constraints. Like if you can't replace it, you're gambling a little bit Ideally you want to rip and replace It will probably work. I mean, I'm doing a probably but I because I don't know the equipment But I've had and still matter of fact, I think right now No, not right not I think one of the patch panels at my office Even though we're running cat six and we have 10 gig across it I think we replaced it five but one of them was an older cat 5e panel Just worked it's in my old videos and I was like someone's like you can't run 10 gig through them. Like it works Like I plugged it in I get 10 gig. There's no errors on the port Is that a guarantee? No, would I install that at a client or a production system? Not recommended, but if the budget constraints are such that You can't deal with anything else then but if you're not running 10 gig It kind of it matters a lot less because cat six Is going to max if you're doing the cat six a it's going to max out, you know, potentially 10 gig That's awesome. But if you're only going to traverse one gig over it. Well, one gig will traverse even if you're Downing it to a cat 5e connection I guess he's going to get cable certify accesses to make cables that will be x plus bit Yeah You the certifiers measure the distance and if you go over in the distance You're not going to pass the certification Insurance causes so many stupid rules and jobs. Yes Do you recommend router board? Is that was it? Uh rb7 One of the weaker tick The problem is and the reason I never recommend them is because I just don't use them that much and I just really think the interface is clunky and So i'm not a huge fan of them. So we never recommend them but The people who know them really well recommend them because there's people who become experts at using them. So they like using them I mean They've certainly had their share of security flaws, but they've been patched like they keep When their security flaws found in a meeker tick stuff, they patch them I think they had some really terrible defaults which got them an even worse reputation Because they shouldn't have had the terrible defaults because if you are competing to make the cheapest devices There's a correlation between often the newer and less skilled people who are intact buying the cheapest devices Which is the recipe for bot nets. That's how that's how bot nets get formed someone says I want to buy the cheapest thing. Oh, it has a complicated interface But i'm just gonna next and yes my way through this setup and get it pretty basically set up not realizing The default setup left things open from a security standpoint. So Yeah, that's uh Fun stuff Why is windows long-term support kind of so hard for new purchase? I have no idea. That's a microsoft question I microsoft makes things hard microsoft makes licensing hard Uh because they're a company founded by a lawyer. Yes bill gates the harvard grand law school dropout um is why Pf sense has good defaults. Yes by default in pf sense up and p not turned on Wanside Also locked down that's default on pf sense I actually like there was a post in css asking what should be changed from the defaults to make it better And the one of the developers replied if there were better settings, they would be the default settings They always try to make the best default settings, which means Especially when it comes to firewalls a more secure setup, which is what you want for any of these All right now on to another topic is that let me Make sure I know what you're what i'm talking about here Drop I did this video so i'm going to reference the video um cyber security question okay for admins use ps exec I You should really lock down what the users can and can't do and that becomes a much more complicated topic so Should every environment's different what we have some environments where you don't expect any type of unusual things to be run then you have some environments where Especially developer environments where there's all kinds of different things that are going to be run So it's that's not like a yes. No This is it type question Uh, why do companies use closed eyes third-party tools like cross strike or Uh newscope and forget the basics just to be compliant I don't know Your point about power usage is good, but also have to count the heat generated by larger servers as cooling becomes large cost Yes But this other video I linked here. This is all about the new web pee vulnerability and Ah I see one more question. Um, have you ever wondered how client isolation works on wi-fi ap's like unify? Uh, is it just blocking broadcast traffic? Um, yeah, if you use a guest isolation Then it's doing it actually in this in the system itself The access point itself. It just doesn't allow it to talk to the adjacent things. It's firewalling it off So it's pretty basic. So I know how it works and uh For developers there is, uh, pam solutions. Yes We talked about that. There's a video on business technicalities where we dive into the pam solutions We use we call it the client protection matrix. You'll find linked in this video laurence system slash biz And that is or laurence dot video slash biz. That's our business technicalities channel We cover all the different tools we use. It's it's a long video, but there's links in there There's a forum post. We dive into all the tools. So So Lots of work to Remediate yes The remediation problem though and There's a lot of people asking for lists of things and let me let me pull up this because I want to discuss this This is something that's kind of getting out of hand in my opinion Um Pull up this one because this was an example Where someone said, oh man etcher is vulnerable and i'm like, ah So yes etcher the tool we use if you're not familiar with it Etcher is a tool for flashing usb's great tool very popular and someone's like, oh no, it's vulnerable to webp and uh, let's see Is it this one? Okay, they updated now. So they had the update on there one of the comments in here. Um It's not this link. It's a wrong link. But one of the things they were pointing out With etcher great. They fixed it and it should be fixed But people are starting to talk about applications that there's no path to execution I think yes these libraries should be fixed But if you're using a tool that will not View webp That means there's not a path to exploit it. They bundled this all in electron Which means it's an electron and yes that There is bundled within this electron framework that vulnerable feature But they're not using it and that is where some of the challenges where a lot of people are Kind of going back and forth about this And I get it it should be patched but you don't need to go into full panic mode because All these things like a lot of a lot of these companies They don't prune properly as we have to describe it. This is kind of the flaw of modern software development What they're doing is they go. Hey, we need to make this application work across several platforms Let's just use Electron so we can package this well, that's great Except the problem becomes electron has a lot of baggage with it. There's a lot of extra things Are you going to take the time to only meet the dependencies you need? Or are you just going to go? Well, why prune it? I'm not using any of those So here's my app that writes to a usb drive, which doesn't view images at all By the way, well technically it views like disk images, but it doesn't view webp files Therefore, how would you get code execution? Now that flaw in webp You you send a mail crafted webp to a messaging app that processes the webp image and allows you to pivot Out of that and then find your way to code execution on the system and break out That's definitely a danger But if you're not talking about an app that views webp files The risk is a lot lower. That's where some of the challenges become now No, this is where software build materials would help greatly because a lot of companies Don't have good software build materials But there's kind of another reason they don't is because they're like Electron and you're like wait a minute your build materials got a mile long Why why does why would these libraries to do this even exist in a tool like this? And this is goes back to you know, we try to find some of the easiest paths to develop and this has led to Frameworks with more features than needed being added in. It's just kind of a whole circle out there So yes, it's a security thing and yes Uh, watch my business technicality channel. You have to get out and meet people. That's what we talk about all the time There's there's no secret sauce There's you have to go out and meet people you have to go out there Be willing to make a thousand phone calls and get rejected almost a thousand times and then make another thousand phone calls And I don't I'm not exaggerating when I say sometimes you have to go meet A thousand people or make a thousand phone calls and try to figure it out The if if you want to see one of the hardest parts of it and why I tell people are you sure you're ready to start a business It's the marketing component. You can have the most awesome technical skills. I have a friend like this He's like, oh, I think I want to start a business. I said, well, I said I don't doubt your technical acumen in any way. He's absolutely brilliant at what he does But I said, how you getting customers he just I guess I'll talk to people I make That's you you you mean you mean you want to talk to a thousand people at least Like you have to really commit to things like that if you want to do marketing. That's there's no secret sauce on that Uh, are there any new vulnerabilities in microsoft? Or they still Still trying with patching azure The fun part is clouds cloud things like azure don't get cve's so who knows how vulnerable Things were or are in any of the azure stuff at all. So It's a weird day when an ide is ever susceptible to a cve Yeah, this is mostly focused on desktop applications more than anything else That's why this is going to be all those things It's going to linger on for a long time because some company's going to have it hanging out there And they have some image processor, you know some image manipulation tool and it has this in there I haven't looked at it. Maybe it updated. I don't really use gimp very often But I know you know gimp does webp images undoubtedly. It's vulnerable to this But I'm also never opening webp images with gimp. It just not something I do DaVinci resolve has it bundled but DaVinci resolve especially in linux Maybe it works in windows but in linux if you try to drag a webp file in DaVinci resolve It doesn't like it. It wants a png So I don't know how you would get in my DaVinci resolve tool how you would get code execution for this So I'm still running my DaVinci resolve editing suite even though it is potentially running with these vulnerable Libraries, but there's not a path to get execution. How would you do this? You have to get the file to me first The biggest vulnerability the biggest threat surface is going to be browsers and messaging apps And this was found in a messaging app. So this started with uh blast pass and Figuring out how things got on the iPhone so that this one here. Oh, let's see Why do I got notices a bunch of emails? I'll close them. All right, but blast pass is that iphone zero click once again They sent an image that exploited this and leverage. It was a chain of events But being able to you know First you have to leverage and exploit and then you got to figure out how to deliver a payload and figure it out How to actually make it actionable But yeah, that's how all this started was sending images to iphone is what discovered this and as the research came out It turned out that this library not only is an iphone But in everything and then we learned it was not just all the browsers need to be updated But all the applications that eventually can render those images And this is very true Memory and disc have become so much less expensive Like if you watch and you know, it's like the vintage computer festival and talking to all my vintage computer friends and discussions and It's a different world. They lived in they had they had this much. They had this tiny little box This is as much as we can do This is the limitations of the memory the processor And you had to try to use things in the most efficient way possible Now we have so much ram things can just be huge. They can just throw an entire library of things And stack their tools on top of that and stack another framework on top of that And actually, you know, your printer driver is 300 megabytes And you're like, wait a minute. There's probably only a kilobyte of driver and the rest is some framework and a bunch of bs They load it in there. So yes What do you mean? Clouds don't get cvs. They aren't bone or what is not Ah, this is a really interesting topic And whiz security has covered this couple times There's not a cv e when a flaw is found in a cloud problem. So when whiz security um Pull them up real quick here whiz security This is a fun topic right here this particular one and two called I just like it bing bang Bing bing boom So bing bang is how a simple development mistake could have led to a bing takeover These are security researchers who poked their way through the azure system And found a way to get to the being management dashboard through a series of interesting Methodologies, there's not a cv for this because they don't issue cvs for cloud This is a flaw in the way azure worked the flaw in the way azure did security There's no cv e look at the recent microsoft I did a video on the microsoft losing their key If you look at each one of them, there's five separate things that were found flawed in microsoft's key signing Methodologies and in there not just a key signing But the scoping of a key So the key should have been scoped to a lesser amount of privilege But it wasn't but note all those microsoft has claimed to fix There's no cvs assigned to it microsoft says it was broke It's fixed now You have to take the word for it So it's really interesting to Kind of think about it from that perspective They don't assign a vulnerability to it because there's not a version number like when azure fixes something It's not like oh, we were using azure 1.6 and now azure 1.7 That's because when you're doing it at the cloud level It doesn't increment like that. There's not like a new software version It's a hey We found a way that this pathing didn't work or this scoping was wrong on these keys And now we need to fix the scoping on the keys It's a binary answer has the scoping been fixed? Yes or no And there's not like a new version number that we see of of the software to say it's there So it's really it's an interesting challenge Uh my windows firewall rejects hope of vpn network and it's a different subnet our windows firewall rules better than that Uh It's rejecting it because that is the way the default firewall rules are in windows that can be overridden and changed You can do and allow to allow those uh your open vpn to talk to it You probably interest a thousand times but with an all-in-one system churnass virtualizing a psn proton emails Server bit warden having separate systems on bare metal. I mean I like separate systems But yes, you can uh window has a video titled the forbidden router I think it's what he titled it And it's a fun dive into virtualizing everything. I think it's neat. It's a fun challenge It's not for the newbie if you're a new person getting in technology This could be discouraging for you or it could be very rewarding if you figure it out It's a more complicated setup to do that But it's you know, if you're willing to work through any of the issues that may arise from such a setup Awesome and you will come out you will come out of it better than you came in You will you will have a learning experience setting this up if you're someone like me Yeah, I've set it up before because it's not hard for me to set up like I I know exactly what to do Wendell did a video on everything what to do. He's got a good write up on it as well Uh That is why they use a null terminator safe strings in memory, but it can be vulnerable to buffer overflows You repass it gets removed in red. Yes So it's a lot of people not issue a cve for a public cloud provider. It's finally happy for mobility And that's but how would you that's back to my point of How would you issue it because There's not a version number. How do you know that you could if you issue the cve How would we know when it's fixed like oh don't use version 1.6 of azure 1.7 is the good one to use You don't get the choice of what to use. That's why they can't issue a cve so they can Disclose it and companies like wiz can do security write ups and then we know it was fixed But there's not a history matter of fact What the only challenge really comes is you can't go to the cve database or vulnerability database Because it's not like wiz is the only company who's poked at microsoft wiz is a recent company Who's poked at microsoft and found some flaws? That's actually where the bigger challenge is is finding a write up to the history of these flaws So you can maybe establish patterns of behavior Now why are patterns of behavior matter for a cloud company? Well where there's smoke there's fire So if we constantly see that they've had scoping problems and there's been several researchers that have tested different segments of scoping problems I bet there's more scoping problems and that's It can be like if you're looking at a history of cve's looking at you 40 net if they find that there's 40 net Buffer overflows in the way their open vpn handles things it turns out the way their vpn handles things can be Of source of pain which it has been the number of cve's in 40 net that are all related to the same area Not uncommon when there's a cve in one spot in a system There's usually ways to pry there and find more cve's around that same system unless it gets a full code rewrite with clouds We don't really know they they fix the things that are known to them But how many things are unknown to them? We don't know Windows forbidden router videos are amazingly fun. Yes I used to run that kind of setup trouble is proxmox updates took everything down. That's why I don't run it either that way It's only about 40 years since dos had a 640 kilobit limit. It's been a minute I do you know when it comes to the firewalls I like the firewalls on bare metal more than anything else like I can deal with My virtualization server being down, but if my internet's down at the same time as virtualization server I really don't like looking things up on my phone to Troubleshoot like a hole on let me read this command off my phone. Oh, here's the command that fixes it Oh, it's it's a lot of characters You know You can use a hardware firewall. Not this particular one because it's broken. Well, three three out of four ports work on this the firewalls hardware-based firewalls It just doesn't take a whole lot to run pf sense You get one of these and you can go pretty far with them. You can have a used computer granted the wattage Usually keeps people from doing that nowadays. So at least having your firewall on bare metal I think makes a lot of sense virtualizing everything else. Hey, that you know the case can be made for that too No versions exist, but they can record dates at least. I think they should do this um so you know When something was vulnerable so The example with the microsoft one So how long were these not scoped properly because that means anyone with this particular security key can do this Do you have to notify everyone? I don't know. I think there's probably ways we could create like the cloud history from these companies I don't know who's going to maintain or run it, but at some point that seems like a not unreasonable thing Uh, would you recommend hyper v over proxmox or v spear for windows environments? Nope. I don't recommend hyper v to anyone I don't need I think at some point microsoft will drop hyper v call call me crazy here There's going to be a time in the future when I think hyper v is going to just kind of Not be something microsoft offers or supports anymore Free software that will auto patch. No Uh bare metal on psense everyone virtualized. I hate using my phone for anything but phone calls I don't even like using my phone for phone calls If you really want to get deep into weeds uh of string handling buffer overflows look up linus torvalls Uh Plus yeah Yes, you're not wrong Uh strl copy strs copy or strl cat. Yes totally agree here, but I don't know back to the summit, you know rolling back a little bit the whole cbe thing is uh It patching everything is just a job. It's it's what we do and the worst offenders microsoft It's so hard to patch for them, but other software companies also are equally Not great Yes Only reason is hyper v is if you have very if you are very sensitive to microsoft os licensing And live in a hundred percent microsoft world. Yes Hyper v is alive and kicking on desktop and it's super replaced for oracle virtual box and the non-existent broadcom vmware player um I mean Virtual box works fine I guess Yeah, I don't know I'm just not a big hyper v fan. I don't of course. I don't run windows. I'm a linux guy, so I I don't think much about hyper v. We support windows customers all the time, but We got a split way of customers of vmware. We do a lot of consult I'm not uh vmware and xcp ng pretty much those are the two Hypervisors that are prevalent amongst our client and vmware more so we probably have more clients running vmware We do a lot more consulting with xcp ng, but we do a fair amount of vmware consulting as well Uh, what do you even pay uit guys for we never see you? Yeah Yeah, when you patch everything and everything goes smooth and nothing explodes They they want to know why they're paying you because you know nothing exploded, but then when something explodes What do we even pay you for I that yes? Yep, yep, yep I still have virtual box on my on my computer I I don't use it very often I pretty much use it if there's something I have to do in windows to demo Um for video It's just it's convenient because it's on my desktop pc that I could just record it on the screen That's it. That's all I have like I don't use I I boot it up more often So it has all the latest version updates because I hate when I have to do a video and windows decides We're gonna update Oh, no, this is this is gonna take a minute and I have a fast system But you know windows why are windows updates so slow? I don't know. I just the way they're written It's just part of the fun, I guess All right, I don't know that I have many other topics Um You're going are oh you going to the msp event in chicago october 13th it compass group Uh, I was not planning on that that is not that one's not on my radar. Um, what is I know I'm gonna be Doing It nation, but I don't know when that is uh I also know I'm going to a data center. So I'm doing a tour a cover a data center invited me to film So once the details are worked out, I'd love to talk about that. That's going to be exciting I um So I'm going to it's going to be a data center in chicago That's uh, they told me I we're working all the details up. It's so far. It looks like I'll be able to film there I'm all for it. So I'll be bringing you a bunch of fun video from inside a data center Including I believe they have flywheels and they said they can talk about the flywheels I'm confirming all this once this is confirmed. I'll be doing a data center tour and covering all the stuff Uh, what are your thoughts on unvr unvr pro as a reason upgrade for 12 cameras? Um I haven't looked I haven't used your nvr finder in a long time and it depends on if those cameras are 4k I have an nvr pro it works They're okay I I like Synology better than vmware because of the expandability But for a lot of basic home uses it starts with Fit does it fit what you use? Does it fit your needs? I don't think it's a terrible product It actually works pretty well. We the one we have at the office. We've had for a long time Let me log into it. Been a minute since I looked at it Pull up the office nvr here Oh, I guess I gotta log into it There we go. Oh no one's at my office So we have one of these unvrs Unvr pro works great. Like we don't have any issues with it, but it You know, I just think there's so like it does good job for the basics I think it's kind of cool the way you can scrub through footage. See who's been walking around in the office Uh, that stuff works really well for it. Actually look at the rear camera The quality is good Vehicle detection. So let's play back the vehicle detection here It says there's a vehicle There it is So I think they did a nice job on these as far as like usability and everything Quality looks good. But I But for like someone had messaged me just yesterday like, oh, how do I back up my unify nvr? You should do a video on it I'm like, there's no official way to do it. So I'm not doing a video on it If backing up is one of your requirements for your nvr to make sure you have offsite data Don't buy this. It's not designed to do that Uh, what features would cause you to choose vmware over proxmox or xcp and g on the assumption that you need a feature given a customer's new upgrade upgrade deployment um Not it's usually when they need like horizon or something like that. There's not a there's not an equivalent in proxmox or the xcp and g for like the full horizon delivered applications uh So like that would be we have a client using it. So that would be one of those things that means we're probably not doing You know, uh, vmware Or we're not probably doing xcp and g for them So there there's usually limited exceptions like that one or something that's exclusive to vmware, uh, that they're using Uh, regarding windows farewell blocking opening of subnet. Could I use pf sense up on that to spoof the same subnet vpn and land? I don't There i've never tried. There's probably a hacky way to do it. I wouldn't do it though. That's that I mean I imagine you could do a layer two and make it work, but it would work terrible There's a reason it works the way it does It's better to modify the windows firewall because that is your path of least resistance to get the thing done Versus trying to spend hours Doing something that it wasn't supposed to do in pf sense to obscure and make it look like It's coming from the pf sense gateway instead. I did try udm pro last year and disaster In terms of management udm doesn't offer much Yeah, the other firewall rules are really bad the way they work. So Last week you said nt n top png uses a lot of money Do you think a xeon is enough cp horsepower not cosmet or should upgrade to the dual? Well, the question isn't about if it's enough horsepower the question comes down to Well, here's an example and I'm gonna log into my home one here Because I'm using nt up ng I have a lot of connections a lot of things in my house So I'm talking about a home user But my my system here is about the same speed as the one at the office Which has even more connections on there being monitored. So this is a Let me find it here So here's my system And it's one of the celeron j14 Uh for j4 125 and we'll say tpu mark So this processor scores all of 2972 and it runs it fine So what is the one you said you have a xeon e5 267 97? So what do we do here search? With some model number again So e5 267 97 I'll do it this way That's sure if I do it this way There we go. So this one scores 20 000. So it's 10 times the processor of mine. So Yeah the There's not really a comparison, but it all comes down to what are you running, you know Someone asked me how much logs. These are discussion I had someone wants to build a log server. They asked me how much Storage they should get and I'm like, well, what are you doing? They're like, well, I'm running two large hospitals and I'm like, well That still tells me Very little because you're gonna have to start figuring out. What are you logging? What do you want to log? How many connections are there? So, yes, it's a big medical facility But you start doing that so Using n-top ng how many connections do you have you have a million connections? 6 million Overall connections you're monitoring. Is it a 10 user network? A thousand user network a 10,000 user network? I don't know those are the questions that you have to do for scaling on this But for my home use my simple little uh processor here my Celeron g14 25 runs and top png fine with a cpu mark score of 2,972 What is vmware horizon? horizon Where is there at? Essentially, it's a vdi solution so VMware horizon virtual desktop intro app delivery. This will let you do app delivery It's integrated into there. We got some clients using it. It's it's a beast of a product. It's expensive product too. So Do you have any guide on graphing meter pdu? um Nope I don't even have a way to meter my pdu so Think my homies be roughly on par with your home use thinking on top will be fine. Yeah That's the thing it there's a lot of confusion always around pf sense people Assuming they need a way more processor than they need I'm what I probably would consider a power user. I've got open vpn running. I've got wire guard Running. I've got site-to-sites running. I got a lot of things that tie and run my you know Not incredibly fast connection and it's not even my cpu's is idle the whole time It just barely uses any cpu power to doing this Uh citric and zen and king of vdi citricks Citrix vdi is zen server xcpng is something completely different There's a ton of naming citricks did that's very similar, but not similar in actual product only similar in naming So yes something the data center video will show They measure I don't know if they I I'll ask if they how they measure individual racks If they do they measure power in the data center for sure I don't I well it's a colo so they probably have it broken down as I've been in some data centers But because they're not part of a colo, they're not measuring at all the individual Wattage of the rack, but I imagine if you're leasing it out. Maybe they do but then again I doubt it because when they're providing you a rack They're providing you they tell you what the max amp is for the rack you you have this many watts You can't consume more than this many watts. This is how it works Have fun. Here's your stuff, you know, here's your connections Yeah, the servers themselves do have it and you're measuring it, you know differently when you're measuring in a server Versus measuring at the rack level because there's always there's always conversion losses This is actually why I believe it's facebook a demoed this years ago It's all part of the open rack initiatives. Like if you centralize One power supply With some level of redundancy in it, you know, it's actually like a dual system and then one conversion of The 240 because a lot of the rack stuff will be powered at 240 because it's a more efficient power delivery and then they Power everything else dc in each rack That's actually a better way to do power delivery because if you think about it each time you have a power supply There's an efficiency loss converting dc to ac converting ac to dc so We track power through the ports on the pdu, but the facilities team is using a special app for that. Okay It I mean the facility team is going to measure because they need to figure out how many watts the building's using But I imagine they measure a lot of it at the at the primary ups Yeah, I mean granted it was forever ago that I worked in corporate We measured everything by the ups that was our The the ups had a certain load and we wanted to make sure we kept it under certain capacities So we didn't care about what was plugged in necessarily in a specific manner We made sure the overall performance of the ups and of course We had plugs labeled around the building and someone would always plug an electric heater in there And you'd have to run around screaming at people to find out who did that Can you add a second router to access the internet through an uncontrolled router? I don't understand that question but kind of a Roundabout answer you can actually have multiple gateways. So you could have more than one router It just kind of depends on the setup of what you're doing Um, you can specify more than one gateway. So I'll answer it like that, but I don't know exactly what the goal would be for that Uh So possible. Yes practical probably not Key for us is bail on staying out the phases and not overloading the pdu. Yes Can you imagine how youtube has to manage dc regarding storage scalability of database, etc I'm wondering how this is done at scale Really interesting to see how it's done at scale. Uh building out very huge scaled systems is the hyperscale companies They're using all kinds of interesting stuff to to build and um Like facebook, I remember there's a couple write-ups facebook has a really interesting They write stuff. I don't know what they do today, but this was a few years ago They released how they write things in php, but it all converts in real time to Some type of compiled c programming so they could still write in a language they knew but it compiled it down to be faster There's a lot of stuff at these hyperscalers that's being done. That's Very different than what you may be doing on your desktop in a way. It's similar, but it has to scale out in a very different way I see here's an interface outbound stats widget on ps and stats for it says 7 to 15 max is this only on vlan's worrisome running Uh, I wouldn't worry too much if you're not having problems if pings aren't dropping and packets aren't going To the bit bucket in the sky. You're probably fine. So I don't Really know what interface areas you're talking about or if they if they're not affecting you It's probably not a big deal. Like let me see. Does mine have any interface errors? Oh, where can I pull that up at? Try to see where it'll give me the details Uh, is it under diagnostics? I've not it's something I so rarely ever have to look at is interface errors I've not seen it be a problem in forever Yeah, I'll figure it out later That good form question if you want to talk more in depth about what you have I'm seeing because of the behavior with vlan's and n-top vng added all my vlan interface to monitor and he I'll show up and n-top vng by the traffic mostly shows in the base interface not the vlan I don't know My my vlan interface shows up they Mine are working. So I'm not sure why yours are not Yeah, dashboard interface statistics. I'm just trying to see if I can pull it up without it having all my stuff in there So does it show what does it show when I pull that up? because it's actually Drop this on here It shows Apparently I have uh 408 errors on that interface Five on this one So some of them have errors Hmm the wire guard interface has some errors There's four on this one So I don't know I In terms of troubleshooting not something I talk about very often because it's not where my troubleshooting Usually is it's rare It's not a zero that I've never had a bad cable, but it's very uncommon to have a bad cable Now this is an exception. This has a bad port on it, but the port doesn't even work So there's not even a there's a link light that stays on but pf sense on this thinks there's not a link light at all It thinks it's disconnected Oh, yeah, I wonder what those indexes look like huge The way they do all the replication between them Is one of those ads at the homepage and pf sense. I'll drop in and I'll drop into forums Yeah, I mean, but if you're you're seeing an error, is it causing you a problem? I always start with that. I mean If it's not causing any problems, then What are we gonna base it on the troubleshoot? We can swap cables and see if the problem goes away We can swap it to another ethernet port see if the problem goes away swap different ports on there But if you're not experienced packet loss or drops Then we don't we're moving it around to see if we get the errors go away, but the errors don't have a ton of meaning That's that's where the challenge Comes in on there. So Hopefully that makes sense All right, anything else for the live stream here Example, I see ps5. Yeah, I don't know Mine works. I I don't look at it very often I do wonder something interesting like I wonder why something's using a lot of bandwidth I look at it and when I've looked at it, it's working Um, I can't really reveal it here because it would just have all of my public IP information in here And I don't feel like dealing with that So I don't know post and forums. That's my answer post in our forums if you're having a problem with it Best thing is to definitely do that I saw ltt video on level one text. Wendell kbm. Have you ever used it? Uh, no, I haven't I'm familiar with it. I've talked to Wendell about it. I I just don't have a Need to switch things that are on display port, but I know when people do Wendell is the only one making the device Like I've always been fascinated the fact that Wendell built it like that alone always I know he worked with some different manufacturers like he mentioned in there But the fact that Wendell is doing that level work is just impressive. Wendell's a wicked smart dude and That was another like he has a video where he just talks about cabling standards. It's an older video But boy, I mean he really Dove deep to understand the problem to build the solution. So I think it's awesome. I just don't really need it Have you ever done two pf sense installations both having vpn making the other pf sense vpn data go through the first one vpn inside another vpn that is I don't know why you would do that Um, now you can redirect users, but actually redirecting a pf sense itself itself That would probably be a big headache to where you say only connect here and then pipe all your data out here Because pf sense has its own data stream now you can redirect users so they use that one But once again terrible idea just causes the headache not that you can't do it. It's you run out of bandwidth Usually you're trying to squeeze everything out of one location So you're tunneling from over here a group of users and pop on them out over here If it's a couple users sure But Yeah, I don't know what problem you're trying to solve Um with that too I mean you can just do a full tunnel vpn and it'll squeeze the users out of that But even that sometimes causes you run out of bandwidth Any place for pf sensitive to or for using all ports in a switch like mode, but multiple vlands on all ports I mean you can take and set all ports as trunk But I don't understand what the question is you can set all ports as trunk on Like unify for example So but I don't understand what the goal is Two different ppns. So the second vpn company doesn't know where you are I mean I guess I mean you could vpn from one and hop to another I don't understand what the use case is It's Yes You could do that I just don't understand the why you would do that Maybe maybe I ask why too often. I don't know I've I've joked around with people like I don't know why you would do that But this is how much we charge for consulting and setting it up. I I think it's We we actually had this recently where Someone asked who might they they paid me for consulting to tell them About a product they wanted to use and I said I wouldn't use that you're going to run into a lot of limitations And now they're consulting with us to get the product out of production because we didn't recommend it And they tried putting it in after a few months of floundering with it They're not going with the idea that we have and I'm like Okay, I mean We'll take care of it. I never say it. I told you so I just say here's my bill like ah Do you ever set a single dedicated putting a router like an access port the only you can figure the router and browse the internet I did that recently. It's fun. I know how to do it. I don't really do it because that would be inconvenient Start on pfSense. Do you still IPS policies? Ah Yes, but It's not that simple. It works. You can do it But the problem that people learn very quickly is if you set it to like Security and max detect. You'll spend a lot of time chasing false positives That's the way that works How would you maximize your security? you so If someone were to you're not really vpns are about Hiding some privacy. I don't know much about security from a vpn in terms of that like so you're gonna I mean If you have if you're paying the bill on the last hop They still know who you are if you're doing it from a friend that friend will if you're doing something Where they have to trace back to that person they will then find that connection in that system And then jump over to you. So I still don't understand at all The purpose of that I want to be a plug-in four switches the mini pc running pfSense five ports on it one for ran But I want to have multiple vlands across everything switches are for unify Looks like I had to configure everything per port I mean, are you trying to create a lag between four ports? You could do that if that's what you're trying to do Hey, you can't really pay to you can pay vpn bills anonymously But you usually can't pay internet providers anonymously That's I mean, maybe I Maybe concast will take my money, but I pretty sure concast has to have a name your isp usually wants a name in order to Set up billing they want an address and Yes, so that would be like at some point. There's a paper trail of it Tor as I see was mentioned here would be part of it too But there's no lag Then you can't just connect all the ports that way with no lag you may as well just use one port I don't understand why you'd want to use multiple ports Second vpn doesn't know the isp Well, how would it not? I you I don't know. I'm not you that's a flights of fancy. You have fun with it Trying to have something like a more home router set up where all the LAN ports are like a switch Uh they You want to go from I have a video on how to set this up like with unify switches and pf sense, for example You set a trunk port and you just want everything on one network. Well, then you don't even need to use vLANs So that's probably I'm probably describing a term which is why I'm googling it for Googling on it for someone who are yeah It's I don't know what if you you can set up vLANs or you cannot use vLANs You can have one port that goes into a switch and then everything you just plug in there Just like one big trunk to a core switch. Yeah, you just Send all the vLANs on there And then it's a core switch If all the ports are trunk I I guess I just don't I'm always I'm confused about the goal here. I want to help but I don't know what the I don't understand what the uh This is one of the things I've talked about is the Um What the goal is is one of the questions I have a lot when people post in forums sometimes they write too much It makes it hard to answer and I'm always like you should start with you know What first step when answering a forum poster or question is what are you trying to do? So what is the outcome you're trying to get to what do you think is stopping you from that outcome Is the second part of the question and the third one is at least give me some details about What errors you may have and that's it you don't need To add everything else because there was a couple times someone actually had dm'd me because they were upset I didn't answer their forum post and I said one there's no question mark two. There's three paragraphs But after they dm me I looked at the three paragraphs and I said I think you're asking about a hard drive But you had an entire discussion of your history of using a nas system and the history of using true nas But I don't know what the question was it felt like just a long three paragraph statement So I always try to get people like You know narrow down to the goal. Let's talk about how we want to get there What do you think stopping you from getting to what you want to achieve and uh going from there My 5g unlimited isp doesn't require a name and takes Several possibly untraceable sources, but I use my credit card sounds like you possibly desire to use criminal activity So i'm not going to name my isp I mean, there's like I said, there might be some isps out there that do this I I don't I've never really researched it much But thank you very much for the donation. It is it is very interesting that there's companies out there doing it But they're not long for this world in the big picture at least not in the u.s That's just that it's not going to fly with governments. No no doubt. I get the need for privacy I'm not I'm not saying we shouldn't have a more privacy focused world. Don't get me wrong I am a very strong advocate for privacy You know hiding your real identity Uh, is a real need on the internet. The problem is the internet wasn't designed It was not architected for anonymity So you're all you're fighting a system not designed for it and you're fighting a lot of Well lack of any privacy laws that would give you more rights. Uh, I'm I'm a big fan of Corey dachro. I am also here, I'll show you Got my updated card here. I am a member of the EFF So, yes, I donate money on a regular recurring basis to the electronic frontier foundation to fight for rights and privacy big advocate of it, but I'm also telling you it's not easy Be I know it's not easy because I'm involved in the things that we want to do to fight this I also backed Corey dachro's latest book on uh The seize the means of computation great book by the way So is this other one uh choke point capitalism both really good books talking about how many of these companies are just slimy and their relationship with Their users is terrible and I I love that he coined the phrase and shitification to talk about this greatly I am a big fan of Corey dachro and all the rights about privacy So definitely it's a near and dear to my heart, but that's so that's also why I know it's not an easy solution I'm looking at a backup solutions in my true nest box even back Please starting to make More metal look cost-effective any solutions I can fire up and just the backup and shut down again. I mean you can fire up another True nest box and clone to it and then shut it off Brian Moses has a write-up on this was talking about these I built a true nest running on a Zima board the zima board pretty cool definitely can solve some of those problems for being low power and things like that, but it It still has to be turned on and off. So it's kind of the annoyance Can be used for good or bad, but that's how life is. Oh, absolutely. The internet can be used for good or bad There's no doubt about that. It's it's not the technology. That's the problem. It's how the technology is used I can walk an 18 by a 5g access point monthly sim cash no id or account Um, do they still let you do that? I don't I just don't know. Um, because I've never tried to be that anonymous Normally if I want to be anonymous, I don't even go to an AT&T store. I can Find somewhere that has a wi-fi access and use it You're describing how I feel about searching for recipes. Yes, I agree. I'm I'm a very Brief just give me the ingredients list. I don't need the History of this that doesn't add to the recipe any, um, You know, there's times maybe I want to know history or something, but that's not the same time I'm looking for a recipe for something Home automation, what do I do? Uh, yes, I am a big fan of home assistant I need to do a video on it because I know more and more people were talking apparently Hugh. I seen A Rossman had done a video on the latest thing that Hugh had done screwing people over and he uh Yeah, the Hugh's decided to change terms conditions, etc. Etc. So it's probably a good time to do a video on this, but I have a bunch of stuff on my Home assistant that automates things So it's completely self-hosted locally managed doesn't require internet if a thing happens Mostly it's just turning lights on and off on an automated basis and actually my studio is controlled via this as well So I can turn my studio and the different lights and cameras. I can turn this camera on or off So this is like my studio camera that I can say I hit this button it goes off. I hit this button the lights will go out on me I can turn this one off. I think you can see this one behind me See how you see the purple on the door If I turn this off The purple goes away Turn it back on the purple comes back and I can change the color of it. So if I wanted to have Red behind me. There we go. I should change it. Yeah. Now I got red behind me I love Home Assistant for automating things. It's pretty cool. Let's see here Have you read the Snowden book? Yes, I did. It was great. I I thought it was a really good book Um, I recommend it. I I think it's a good read because it it is abstracted from all the BS surrounding it and more concise about the things that happened And I think we have a better version of the nsa today because of Snowden. That's my opinion I'm not an insider by any means. I have never worked for them, but I I think the Highlighting of problems they had in the past has led to a more cooperative future where they realize They should be protecting us I applied to mortgage recently and the application said they will send my data. So good luck with that probably yep We people in western countries do not even know how bad it can get when government spies on your internet use People have different rights in china. Well, they have a There's a different right set or lack thereof in china is as well. So definitely all these have a lot of issues In most e-u countries, there is no such thing as criminal activity on the internet The judge won't send says as a prison for something you have done on the internet That depends Which e-u place it is So certainly certain cyber crime is looked at as crime But there are there's a reason a lot of the threat actors are hiding in areas where it's not treated as a crime So it it does vary from place to place. Yes Sim can be pinpoint tracking. Yes I just got my new firewall last night the n100 dual two and a half gigs Sadly, they are real tech but pf sent seems far. Okay. I think they've gotten better with a lot of real tech stuff Uh, I read that amazon may be charging for alexa. Um I've never used it and I don't plan to use it Well, I take that back at one point. I got sent a free alexa device We set it up in the kitchen of my office. Therefore, we could play with it Knowing that we were talking in front of it awareness We chose to set up the alexa, which we know is not privacy oriented So we could goof with it at work. We do not use this. I don't think it's been plugged in in a long time So, uh, but that's as much alexa as I've ever used. It's really not my thing What do you know about core boot? I mean, I'm not a core boot expert. So When you isolate iot at its own VLAN should home assistant reside on a same vlan or also be segmented from the iot vlan I do not put home assistant on the iot vlan because you can set it up So home assistant can reach out to the devices but more specifically I use this I have an extra one because I'm playing with another home assistant. Um, this Does both z-wave and zig b my iot devices if you will are all most of them are z-wave and zig b therefore They don't have internet access at all. They don't have a different vlan because they're all controlled wirelessly through this Therefore it doesn't matter like I do have eco b for my home, uh Furnace controls thermostat controls So I do have it reaching out to that, but that doesn't mean it needs to be on the same network I have the home assistant reaching out to it. So yeah, home assistant doesn't need to be on a um On a separate network I don't have the kind of connections with raspberry pi for them to send me out a new raspberry pi by two People in china have rights china is a very complicated situation uh It's weird how I don't know. I it's a very it's a different culture. So you can't just You can definitely say that they have a human rights problem. That's not in question It it becomes a more complicated topic because the culture and values are so much different in china Then they are in in other parts this can go through to any region And I don't know the easy answer for it. I definitely think they have a long history of human rights Atrocities that I do not agree with It's not aligned with the way I think so that's all I can Yeah, I don't really have to do about it right now. It's uh, it's something I I have concern for but I don't know It's there's just times in my life where I go. I don't know how to fight the problems I see there So I just donate money to the ef This is way easy if you want to call it a cop house solution my company must uh co-op of china because Uh, we got uh branches there. I'm assuming you mean branches and Let's say you want to create an ssl server website. Can we done in a chinese citizen and go website? Yeah They have a lot of rules around that the We had a few clients years ago that they finally got rid of all their china stuff because it was just too much trouble for them They also realized that the things they were manufacturing there By having a division there they realized they were Actually copying them even to more of an extent. So Yeah, is there a good thread? Light bulbs out there. Is any good thread light bulbs? Are you asking about light bulbs in terms of iot light bulbs? You know, I have some of the lights that are in here are actually those phillips hue lights, but because they work off of uh There's z-wave. I think z-wave or zigby whichever protocol they're using Um, I I don't have to actually deal with them. They're hues lights, but I'm not using anything hues They don't talk to the internet at all in order to work because they're just using the z-wave or zigby protocols um, if you go on the home assistant site, there's um Oh Is there a good thread is a protocol? I have not used thread You isn't what is that new one called there's a new iot I know there's a new one. It also has a name. What was that one? 222 Yeah, there was I seen stacey on iot I listened to her sometimes and she talks about it because you have um There's a whole list of them. I I yeah I don't keep up with this. It's not my there's z-wave. I know z-wave and zigby because those are the ones I'm using There's a bunch of them out there. I'm not an expert on any of those matter That's the other one Like what a dumb name at least zigby and z-wave. You can google and find matter That's the I need to get a smart light bulb that turns red when i'm in a meeting too many people walk in Yeah, and I don't have that as a problem as much but I No one really comes in my office because i'm downstairs No one feels like walking downstairs to my office while i'm working So that's why other than my son who purposely comes in here knowing i'm on a live stream That's a completely different topic. He he knows i'm on there. So Yeah, that for no extra. I don't really have it as an issue But I could put like an on-air sign outside my office door that that would work Oh thread is a new radio spec for the new matter protocol. It's like a zigby 2.0 got it I My lights turn on and off fine with zigby ain't broke. Don't fix it um I also don't want to change out my light switches. They work They they they turn on they turn off with with my uh, I think my light my lights are z-wave I'm pretty sure I bought them on amazon. I made a list Let me look up my amazon history If I could put in Because these are the ones i'm using these are ones I installed they work. These work great. These are the in brighton uh z-wave smart toggle switches They No problem. They they have been absolutely my raspberry pi that runs home assistants in the basement These are around my house and they work wonderful. I've had no problems I bought these as it as it says here last purchase in january I installed them as soon as I got them. I installed them and they've been working fine for Uh, what has that been like eight or nine months? Yeah, the um, I know there's a few different wi-fi ones I didn't want any of the wi-fi ones because I didn't want to deal with putting them on the network I used the clapper to control various lights. Yes, just clap on clap off. Those are great I like those Let me see what was in a long time But in a few years you may not be able to buy I don't know If if they go z-wave has been around for z-wave zig-bees been around a long time So I think there'll be a number of years. You can still get them Random thought for a video, but uh, just bought a pocket size router for $100 can use for my phones as a hot spot provide internet Has wi-fi ports and wire guard Yeah, I never use those things just the problem. Uh, the little hot spots I use my phone as a hot spot and rare occasions Oh, no, I don't care if my son walks in he he wanders down here I'm indifferent to it He want he sometimes just shows up Wandering wandering in on me I'm indifferent to it as a event He usually comes down here because he wants pizza or something It's it's also his little nod to me to say hey, let's go ahead and order a pizza dad. So I'm fine. I can I know he's playing video games right now Which he'll probably want a pizza and I'm out of water I didn't bring enough water down here and I'm thirsty He's not watching right now. So no reason that he's apparently no pizza do anytime soon. Yeah, he he is 17 so he's completely capable of letting you know when he's hungry Because that's what teenagers do they hide in a room playing video games when they want to let you know they're hungry They come out of the room and say feed me But I'm gonna wind this down here. Um, I'll see if he wants food. I got a few things I want to go do Thank you everyone for joining. I'm just babbling. So I don't want to just drag this out Love doing these live streams and I will see everyone later I gotta finish a review on the Synology and This box here because this box is pretty cool But I uh, haven't really dug into it yet outside of looking at the website on it. So Yep, have fun everyone. Uh, hit me up in the forums if you want to answer those complicated questions I do like the forums when we have a whole You know a good discussion on some of it Um, that is the place for it Is TrueNAS scale the best foster file serving versus Ubuntu TrueNAS scale is going to be more appliance and turnkey versus You could use Ubuntu. It's just more manual to set it up. That's the easy answer Um, I don't know which one you'd rather set up a turnkey appliance with all the features in a web interface Or manually setting up things in Ubuntu. Both will get you there. They're going to get you there in different ways All right. Thanks everyone and take care