 Welcome to vlog Thursday. I already forgot 294. So 294. And I see the first question in here that I'll, I almost titled it this because this came out from ubiquity. What do you think of the new Unify Wi-Fi man wizard scanner they just introduced? Will you be getting one? I don't know. I haven't bought all the different ubiquity things that come out. Just because they released something I thought it looked neat. I don't know that I really need it because I've not had a problem on my phone. And I think a few people pointed out on Twitter, something interesting. And I think this is probably very relevant. So people had asked, and let me find it right here. Share my screen. Share screen tab. Oh boy, too many things open. Where'd my Twitter thing go? There we go. So someone, I don't know if this is true or not. I don't get this if it's right, but it seems that feature is the same as the app on Android. That's the part I don't really know is what does it offer beyond because they haven't given us a lot of details. What beyond what I already have on Android does it offer? That's the real question I have because someone said the Wi-Fi scanning app works better on Android than it does on Apple. I don't know that to be true. So it's not an easy question for you to answer. So I don't know. Will I get it? I don't know if it's cheap. Maybe I kind of want to get back to doing a handful of the Unify things. I know Chris and Cody from Mac Telecom Networks, they jump on all the stuff and right away. Willie did a video as well. Willie Howe on the fact that Unify is going to offer a warranty on things. I just have a lot going on. I have a few other projects I'm working on with a few other more technical videos. So I just kind of skipped on those. I still like covering the VLANs and how to set things up, but I haven't been diving as deep into some of the other things such as that topic right there like every time Unify releases something. Hello from South Carolina, Germany, Israel, Belgium, Kenya, and Hungary. And it is a sad day in the UK. I figured people will comment on that. Yeah, that was unexpected. We thought the Queen was going to live forever. I'll just say it. It's I'm not, you know, I don't keep up much with British monarchy, but I see the Queen's been an icon that spans many decades. So yeah, it's a sad day. We all thought she's going to live forever, but apparently not. So we all mourn her passing. Let's see here. Great networking. Apple doesn't allow third party access to the Wi-Fi antennas on iPhone. Yes, you can do this in Android phone scanning, but you can't do an iPhone. So maybe this is an iPhone add on is what that's targeted for. Hello from the land down under all the way from Australia. Wow. So that's definitely the so far. I don't know. I think Australia is the furthest Iceland. Iceland's actually way closer than I expected. I didn't realize you can from here in Detroit, you can get to Iceland faster than you can get to the other side of America. Like I was kind of surprised by that piece of information. It's other than the fact that there's a connecting flight. You got to hop out of New York. There's not a direct flight that I'm aware of from Detroit to Iceland. You can go from New York to Iceland, but Australia, that's a really long flight. By the way, one of my friends was just there, Matt Lee, who I've had on the channel. So he just got back from there. What else we have here? It might be okay for tiny deployments, but for any real Wi-Fi Analyzing, you need something like ECOC. I don't know. I haven't used that particular tool. I have another person from Australia. So very cool. On right to the topics, though, that I wanted to talk about. And I'll mention a couple of them here. I didn't mention this before, but I'll bring this on one up. It's something I had in my, I didn't put it in my title, I should say. I've been playing with a pretty neat thing called the air gradient. And it is an in-home air quality thing. Jeff Geerling has talked about this before, and I've been tracking the, and let's go to the last 24 hours, or maybe it's 48 hours. There we go. So you can see when the windows are closed or open, the CO2 things that are going on, you can see this is when I had the AC out at my house. It's pretty dramatic how much the CO2 levels go up in my studio. So I thought this was interesting. I'm starting tracking this a little more. Jeff Geerling did a video on this, and I already got some people commenting about how they automated it to turn things on, like vents and things like that. But it's really interesting because one of the problems that Jeff Geerling mentioned is the fact that you can have kind of a bad day, so to speak, where you don't realize why you're groggy, and it's because your CO2 levels in a smaller area. My studio is, I mean, it's not tiny, but there is a lack of circulation here a lot of times because I don't need any, well, I didn't think I needed any extra circulation, but the reason I'm bringing this product up, didn't you have to install a CO detector in the USA during COVID? No, there was no mandate for that, not that I was aware of it all. But what this product does, and I'll be doing like you're talking about it as a kid, they sent me one as part of a review. So Fold is closure up front, this was sent to me. And also, what's up with their site? Their site is kind of weird. Yeah, all right. Their site doesn't work unless you put the www in front of it, which I don't understand what makes it do that. But these are open air gradient is part of an open kit. So it's not like I'm just saying, Hey, here's some cool product. But you have the build instructions, the kits and the software, and it's all open source. And this is where in why Jeff Geerling covered it with it being based on the Arduino, it's all open source, and you can modify it to send the data somewhere else. Jeff Geerling has entire GitHub project that breaks down how to send all this data over to things like Home Assistant. And it's really neat. I think it's just a really cool kit. I wish it was a little less expensive, but it seems I think reasonably priced if you buy it, because the sensors themselves and even Jeff Geerling mentioned in his video, when you buy each of the individual sensors, it starts adding up pretty quickly because a couple of these sensors, you know, they get some cost to it, but purchase kits just so people want to know how much they cost. So I can get that out there, pull it up on their site. The DIY basic kit with some soldering is $67. So the PCB, well, that's really cheap for the PCB, DIY pro kit 96 and pre soldered was which I went with because I, I just didn't feel like soldering things. The only thing I do is push some pins in pre soldered kit was $128. So it's not, it's not outlandishly expensive for the data you get. And of course, you can by default use their cloud to upload all the data, which I'm doing for my demo, or you reflash it with like the firmware and the instructions that Jeff Geerling has. What I have not done, and this is what's kind of cool to me is there's ways to trigger automations based on things like turning on a fan or event based on data that comes out of it that people have built. So a few people talked about that. I thought it was really cool. We had to install one in our venue. The maximum allowed was 1200 really. That's, that's rather conservative because I don't think the, the danger zone here I think doesn't get to your up to 19, like a thousand is acceptable. That's why even with this one, it's in the yellow when it's at a thousand. But yeah, 1200 keeping above 1200 is definitely good. It generally with the window open stays about 400 for me. But with the windows closed, it got up to about 900. It seemed to steady off there pretty well. So it's a pretty neat thing to play with. I'll drop a link here for those interested in it. But it's just called the air gradient. If you type in Jeff Geerling, because he's already got a video on it, Jeff Geerling air quality. He's got a breakdown video of how to put it together, how it works with some GitHub entries in there. But I'll probably do a video talking about the fully assembled one and the simplicity of it. Definitely good to have on these. You have gas appliances. Yes. And I do have gas appliances. Yeah, I agree with this. I have, because I do have carbon monoxide detectors. I have a couple of them in my house. So that's pretty common and standard, I think in most US homes that they're well for modern code. The way it works in the US is we don't necessarily update old buildings to code unless there's a remodel go on. So that's definitely, to say they're common. They're common part of the code, but they're not necessarily common in terms of how many of them they're out there or in use. Gas devices would need a CO2. No stoves, at least here in the US, do not ship with any type of CO2 detectors with them. My 12 kilowatt solar system has been delayed due to weather roots are reaching a measured 190 F on the surface and how to stays melting shoes, the installer. So that's not fun at all. How do you calibrate sensors for the gradient? My assumption is because I don't have any special calibration tools. My assumption is that they are pre calibrated devices. I don't have a better answer for that. So I don't know I'm going to be playing with it, but I without buying really expensive test equipment to certify it, I don't know how expensive it is. I imagine we can always start with my favorite. We'll look on Amazon, type in CO2 sensor. There's other sensor quits on there, like the Aronet system. Oh, that's kind of expensive. So these things go for like a few hundred dollars on there on Amazon. But yeah, I don't know enough, like I don't know what a high quality sensor would cost. So that's the real question. What does a high quality air sensor fully calibrated cost? My guess would be because once you get into precision test equipment, it's going to be pretty expensive. Had a ticket come in the other day, pen test team can't access a server. Oh, yes, that's a fun one. Those videos, some video I watched me make has someone much gas over making doors to a TLO. It says be interesting. Can you split port a VLAN with one port standard interconnection, the other VPN connection, PIA use PFC, I mean, yeah, you can apply a privacy internet to a VLAN. So yes, people are busy testing screwdrivers. I didn't even click any of the screwdriver videos. I don't get the hype about a screwdriver. So Linus says, I have a fancy screwdriver and YouTubers get excited. I don't know. Maybe I'm missing the boat on the screwdriver verification stuff. I don't think about it that much. I mean, if you have a guess, the way shows you need a carbon monoxide detector alarming your house. Yeah, the CO2 carbon dioxide is when levels are high, make you sleepy. Yeah, carbon monoxide is deadly. So let's just go back to canaries. There we go. We'll go back to canaries texting it. But yeah, it's something I'm playing with. Now, I'll also bring this up because I have done more integration speaking of playing with home, home assistant. I've done more integration. I integrated my Synology NVR into my home assistant. I also it just I didn't take the time to do this. So this is something I've been wanting to do for a while. I finally got around to basically, I have the ability now to control a few different things in there. So I can see anytime I want the driveway, the front porch, if I hit this button, well, this one's just going to turn off this particular light. But if I turn it on here, which I'm not going to want to it turns on all my studio and I have the wake on land to turn on my studio computer. So I finally just I knew how to do it, but I was like, yeah, I got to get around to doing those upgrades. So now that that's upgraded to the latest and set up properly, it works. Also, hey, look, there's a there's an update that needs to be loaded. So we'll go ahead and install while we're why not doing it live. So that's my home assistant update on there. I don't know if I'm really going to do a lot more home assistant videos. I don't use it near as much as other people do and other people have better videos. How do I know that? Because I learned more about home assistant from all the different people who make good home assistant videos. There's a lot of them out there that have a lot of good information. So I don't know that I'll spend a whole lot of time making home assistant videos. Let's see. What are you running your home assistant on? I do have it on a raspberry pi four works quite well from that. No snapshot before upgrading home assistant. It does a backup. You zoom in there a little bit zoom in there and see create backup before doing it. So it does a backup and then does the install. I don't really need to do a snapshot of it. It's been I've had it since January is when I moved into my studio. So it's been running and running all the updates since January without a problem. And I have a backup if I have to reload it, I'll reload it not to not overly worried about it. What speed is your nick for wake on land? One gig? Nope. No plans for any ZigBee Z wave stuff. I just I mean I have Z wave stuff in there but I just don't plan to do videos on it. There's so many people doing good videos on that topic that know far more than me and I don't plan to get so far into it to become an instructor on it. I thought you're using home assistant XC PNG. Yeah, no, no, I'm just running on a raspberry pie and the reason why is I don't want to deal with pass through. I'm running it on a raspberry pie so I can do the Z wave device. I like the Z wave devices they work. Someone's when I mentioned Z wave in another video, someone mad and possibly someone will be mad in this video as well. People get big angry. They go, but Tom Z wave is proprietary and you're an open source guy. I'm like, but Z wave has good range and works with the devices that I could find that were pretty good on Amazon with good reviews and a couple companies that had Z wave support. I said, this is the thing I want. So I went with Z wave, but feel free to be big mad in the comments and let me know what you think about me using Z wave. Someone will have an opinion on it. That much is for sure. Now I've also been and this is where we built an entirely another server and got the same results. So having multiple servers and still getting the same results makes me think it's time to talk about this. I'm going to do a video on the build of it. This is a Ryzen system we're playing with. Basically, it's a new XCPNG server that's running Ryzen, but this is the part that blew me away and let me find the, where's the one graph that looks the best. Did I click the wrong link? I did. Let me get to the right link. Let me find it. This is not the link I was looking for. I got to find the final test results and pull them up. Where did it go? Here we go. This should be the right one. All right. So this side's the Ryzen. This side's the Dell. And this is the part that really kind of blew my mind for XCPNG. So by switching it over to Ryzen, we're using the same storage target. It's just a server with NFS. So there's nothing different. They're connected to the same switch. They're connected at 10 gig. So all comparison is pretty much the same. Now I have an R720 and an R7630. The 720 is faster than the 630 because the storage network, you know, running over 10 gig, the Broadcom card chokes when you do high IO. It just starts losing packets. But the 720 has an Intel card that doesn't. So you actually get better performance out of the 720 compared to the 630 that we have. But there is a crazy amount. What is this number here? Zoom in a little bit more. Come on. Got to scroll down to it. Yeah, here's the comparison. We'll just do these charts because they're probably easier to see. But on every step of the way, the Ryzen was just so much faster. And you're looking at it going, how is this at a thousand IOPS? This is at 690 for the test they did. Or like random read, the Ryzen 341 versus 135. Like every test I did, the Ryzen beat it. And by a good margin on some of them, like especially some of the sequential read tests. And it almost doesn't make sense to me how it's that much faster because it's IO we're dealing with. We already knew it's faster in terms of like CPU power, but the IO performance is like a big boost on here. It's almost like I connected to a different storage server, but I didn't. So when I do my video on the Ryzen build for this, it'll be kind of interesting to talk about because I can't believe it's that much faster on IO performance. Have you already used a Pi KVM? Yes, I've used a Pi KVM. I did a video on a Pi KVM. If you have a choice, would you prefer running apps in Docker, Synology, on a Synology NAS, or running on a Raspberry Pi? I don't know. I haven't really played with Docker on Synology. So Raspberry Pi, because I haven't done the other one. What's the best efficient firewall with SFP port way in for home use? The 6100, Nuc8 6100. I'll agree with this with Eric. Yeah, third party Docker images. Yeah, I'm not big on a lot of that. So I like to know where my images came from. Unless it comes from officially the company supporting it like Bitwarden, their service delivery model is sending you their updates via Docker container updates, but they come from Bitwarden. So I'm fine with that. Ran home assistant on XTMP along with PF Sense. Pastry was definitely paying to figure out the Z wave stick, but works when she set it up correctly. Yeah, there's ways to make it work. So yes. Z wave has two websites secured. So an interference of Wi-Fi, ZigBee is in a 2.4, so it applies to Wi-Fi. That's one of the problems that people have mentioned. Have you tried remotely or only control software like Connectorize, but open source and it works really well? I don't, unless they've gone through some type of full security review, I'm less interested in those products. Because there's remotely, there's Rust Desk is another popular one. But until they've gone through some type of security audit, I don't really, I wouldn't, I mean, they're all those novel toys to me until there's someone who really vets them for security. Performance difference on one MTU. The MTU is the same 1500. So it's not different on either one of them. I did the 2700 to 5900 on my X40 system best CPU upgrade ever. Travis, you're not late. You're at work. Z wave devices are certified. ZigBee is not. Yeah. Open source doesn't mean secure, but it's up in the right direction. Yeah, open source opens up the option to audit the code, but it has no bearing on whether or not anyone actually audited it. So we use Connectorize control. That's the better go to for a long time. I have a video on it. If you search my channel, you'll find a video on software we use to manage your clients, which is Connectorize control. But yeah, we have videos on it. I've talked about how it works. I made a couple different videos on it. So listening while at work, that's cool. Just got a storage server, want to use TrueNAS. Do I have to restore from backup from Proxmox? Or can I use ZFS pools from Proxmox? I don't know how well it would work pulling in ZFS pools from Proxmox. So I would, yeah, not sure about that. I have no experience trying to import from third party that wasn't built with TrueNAS. I mean, ZFS is ZFS. I just don't know what version Proxmox is using for ZFS. And if it's obviously, if it's older than the one for TrueNAS, it should import fine. If it's newer, you're going to have problems. We currently don't use a PSA tuned out for a bit for your rise and server using a motherboard with IPMI built in. Yes, we are using an AS. We are using the AS rockboards with that. I'll make a full build parts list. I don't have them in my head because one of my staff members built it, not me. So I'm not the person who has that. So big points for any system that's secure, vetted, open sourcing will be help self-hosted. Yes, me and Eric are completely agree on it. Yes, I am, I not only have used them, I'm part of people who get early releases to things because the developers know me. So, yes, the backstage, the new backstage features are really cool for how they do that. I might do an updated video because I'm kind of excited like, hey, look what they're doing. Also, other companies, why aren't you doing this? This is great. There's more coming too. There's a lot more development coming that I'm under NDA for. But for the backstage part, it's really neat. I got to see it and I'm happy that it's come out. Hook up, look up historical flow data. I want to see a choosing bandwidth of 3PM on a Tuesday. We dump everything in a gray log. So there, so I don't really, I mean, I have what's that other tool that I try to remember the name of. We've done a videos on it. It's a plugin for PF Sense. That's usually how I look it up. And top PNG. That's how I managed to flow in PF Sense. I got a video on that one. You mentioned 45 drives before. Have you deployed a self cluster to a client feedback on a razor coding? Not really. We've talked to many. We don't have any big clients. We've consulted on some of them. We've talked to people who are using it, but they deployed it, not us. We just helped with other aspects of it. So myself know I haven't done any deployments, but the team at 45 drives does a lot of them. So we work with them on the engineering of it because they have a lot of skill in that. Energy prices. Yes, that's a problem. I've seen someone posting some memes or something about it about European energy prices being really high. Yeah, that sucks. What kind of interconnection? I have 300 down, I think, 250 or 300 down at my office. I can't remember. But it only has like 20 up. But at home, I have 500 down and 100 up. So I actually have faster connection at my house. I mean, I like to 100 up because I upload things so much. I think connect-wise backstage features are a great direction. Just need a little bit of work and bug fixing to be fair. There's an incredible, yes, Eric uses it all. Eric's one of my staff members here and he does use it all the time. So yeah, it's definitely it's just a cool feature with the backstage. Maybe I'll, I wonder if there's something I can pull up as a demo. Hmm, you know, I'll do a demo later. I don't know if I want to do a live demo right now. So I'll put a demo together to show you how backstage works. I'll set it up on one of the computers that we have, I'll remote access it and show you how that works. Just upgraded the Nick in my open-sense trials, one gig to 10 gig. I purpose at line speed, however, speed test show that uploads much slower. Thought some incompatibility with the 10 gig card or, or your provider can't, um, you could have an incompatible with the card or your provider throttles it. Providers offer things, but not necessarily the same way people think they do. It's the best way I can describe it. People like, Hey, I have this. Yeah. But you can't always achieve it, especially the consumer ones. They don't come with the same level of guarantee. Um, there's always some fine print, at least here in the United States that says we're offering this 100 meg up, except for you can't get it all the time. It's like the unlimited data plans you get on the phones. Your phone has unlimited data. Well, except when you use this much data, we throttle your unlimited data to a slower speed by the way. So yes, that's no gig speed. I don't really need it. So I don't care. Um, yeah. I don't think there's anything sense there either. I just, I just got to turn on a computer or something to do it with. I'll do it as a demo because I think it might be worth talking about enough people might be interested in it. So provider always indicates up to good luck reaching the up to limit pretty much all the time. What are your thoughts on ice fuzzy versus NFS for 10 gig two and a half seems expensive. I don't understand why people, I should just do a rant video on two and a half gig. Maybe I'll do that coming soon because I just ordered some more cards. I can get 10 gig cards for so cheap. Why do I want to mess with two and a half gig? I don't, I don't understand. Like people seem fascinated by it, but why? Because I, what did I just buy on eBay? I just bought a couple of these and we'll pull, let's pull them up. I mean, I'm not understanding the, uh, come on, where's my purchase list activities. So we'll just pull these up and throw them in a thing over here or share a screen. How many of these did I buy? I bought a couple of them. So these are so cheap to purchase. Like, why would you mess with the two and a half gig when I can buy, um, these are, I bought three of these. They're a hundred dollars a piece. Is the two and a half gig that much of a cost savings? And it's one quarter of the speed. Why not just buy some of these, uh, Intel dual connector. So dual 10 gig connectors and they're a hundred and four each. Like what, what's the use case that I'm missing that makes people excited about two and a half gig? That's the part that's always got me scratching my head. Um, because the two and a half gig drivers aren't always working well. So I mean, I prefer NFS over iSCSI, but I don't know someone if they have an idea of why you would go two and a half gig over that. So I don't know. Let's see. Skip two and a half go to 10. Not a big price difference. And not a lot of switches. You can find more 10 gig switches that you can find two and a half. There's just been, they've been around longer. So I don't really, yeah, uh, X5 20 with dactyre switch. Oh, by the way, the other ones that I bought that are in here, I mean, this is more money granted. Um, but this is a two port 25 gig card for two 99. So I bought some 10 gigs and some 25 gig cards. So I don't really, uh, I don't see the need for two and a half gig. I mean, if the board comes built in with it, like Eric said here, I think some boards come built in with two and a half gig. Cool. Still neat that they're building it in. Go buy yourself a $100 10 gig card and get four times the speed. And, uh, yes. So those are, that's my thoughts on 10 gig. Got a few pitfalls and switches when you need 10 gig SFP slot only goes to one gig. Always fun to clean up someone else's mess. Uh, what switch are you using a 25 gig? The unify aggravation switches. So, um, our unified network has a few of those unify aggravation switches. So pull them up real quick here. So we have probably two of them. Where's the aggravation switch? There we go. So we've got a few things that we're starting to plug into, um, the 25 gig. We got a few more to plug in as well after that. So yeah, 25 gig. Oh, and this is not plugged in there anymore. That's the Synology one, but we're getting more 25 gig devices to plug into these. So I like the fact that there's four of them. And, uh, it links to the production rack, which is also another pro aggregation switch. So we have, we have a couple of these for redundancy. Um, the SFP modules are cheap though. The, if you get a DAC cable, you don't need the modules. You just connect everything with DAC. So if you get everything with DAC, then awesome. I don't want a two and a half gig over 10 G, but if a product has two and a half key that is preferable to preferable to one G. Yeah, maybe it comes in there, but some of the residential router space, but once again, back to earlier conversation about what they say they'll do and what we actually see happening in the market in terms of, you know, being able to, uh, get the actual speeds for a home lab, get a 10 gig connection, bought myself a unified flex XG Synology and 10 gig Nick. Yeah. Um, the other thing I wanted to mention, and this is the security conversation I wanted to have because people secure the wrong things. I'll get this opened, copy, paste. And this is like a persistent thing that kind of drives me nuts. Um, for what people ask me about security and what actual security is. The problem is, and just watch the partner on board a company that specializes and, you know, but this is the part that really matters. You know, there, there, it's supposed to be a company managing things in a secure way, but they're clearly not. Um, NLA disabled, password complexity, showed in screenshots or shared domain user, RDP exposed, windows and points. And there's a lot of discussion about this. You don't realize, didn't realize that get so many DMs in this. Here's the backstory for those interested. From the data hunters view, the company, uh, uh, sorry, from data hunters view, the company was really secured by an in-house resources was compromised and since then encouraged them to get help from a mature IT security team, the compromised company chose the managers rather for, uh, for that expertise. Huntress is part of the MSP stack in our roles, largely been helping MSPs better understand security as they onboard. It's not uncommon for an SMB client not to be fully transparent when they go to SC for help. No, SMB wants to get hit with a big project before the managed services begin. Also uncommon as we only later discover a mountain of technical debt. Yes, when you engage with clients, you often take on all that tech, all in all, this is a rough security situation. Uh, it is very part positive story, poor busted practices that finally are getting fixed. It helped compromise businesses, but some of the other mess, um, with all this in it's the number in me, uh, pull it up and find it. Let me remove and pull this over there's a couple of conversations that spurred off of this from when I was tweet, I retweeted it as well. So where's my retweet from this, uh, scroll down a little bit and right here. So this is the one of the fundamental problems. Another day, another open RDP port that's, you know, my comments on this, uh, I would love to say the problem is going away, but there's so many opportunities out there. I don't really see this issue being solved anytime soon. And basically these are the results of, you know, in the last 24 months, 5.1 million open RDP ports, um, down to 4.6 back to one month ago at five and currently in August of 2022, 4.8 million ports open. So many people really just go the wrong way with security. I watch people do this. They always ask me about all kinds of esoteric, crazy things, thinking that's what they need to work on for secure, but so much of it. The CISA announcement today was, please patch this major vulnerability being exploited from 2018. It's always like the same broken record. Uh, and I know patching is hard. There's a lot to do, but this is where most of these attack vectors come from. It's one of the reasons we spend so much time focusing on the endpoint. You close off the ports on a firewall and then you have a process by which you update everything. That's the security that is the bigger reality of this. And there's a few other people that commented. This was also posted on LinkedIn and I think someone who specializes in breaching and, or dealing with breach and incident management, they said almost every thing they've done this year, every ransomware breach was all related to RDP and they've done a lot of them so far this year. It is crazy to think about. So it is so many people just skip over a lot of the other security stuff and I'm like, just hammer down, focus on what ports are open, take a look externally, don't open up anything. My friend works for some, well, a couple of my friends work for large companies, but one in particular, like, you know, having a beer with them talking about a security incident they had where someone just opened a port. And it was like that all the stuff in the world that came down to an open port was how someone got into their system. I exposed RDP on a dynamic DNS client on my laptop, went out and about to use PSense only out RDP from the DMIC DNS for the clients fully qualified. I just use VPN, that's the better way to do it. So RDP and poor patching. Didn't bleeping computer today have something on that? Yep, here we go. So when you look at this, this is from bleeping computer today. CISA has added 12 more security flaws, a list of bugs exploited in attacks. Now these are just constant attacks. The QNAP is in there again. D-Link, I don't know what a DR6, I'm assuming this is one of their, I'll look real quick, I'm assuming it's one of their routers. Yep, Wi-Fi routers. Those are getting patched, those are at somebody's house. These are going to be, these are going to be a botnet. These are going to be a botnet. These are going to get deadbolt ransomware because people like QNAP. What else do we have here? Just everything D-Link, it's just a bigger botnet coming. But this is the one that drives me nuts because so many times this was, this was a way of ingress. This is being noted that there's regular exploit, but this is from 2018. This isn't new. This is a 2018 CVE. This is scary. Is that 2011? Am I reading that right? I'm, I shouldn't be shocked. I should not be shocked that a 2011 is still, is popular being exploited now because as long as that Wi-Fi router, that D-Link router is plugged in, nobody changed, ain't nobody changing that thing. Close everything, use the VPN. We can stop it, close everything. Just close it. We're going home, folks. We still have, we're under attack from 2011 CVEs. Pending updates on TP-Link. I'm fuzzy on how TP-Link does security. That's, end of life in security is kind of a problem, I think, for them. And I don't get any clear, warm, fuzzy answers from. So that's one of the reasons I haven't, I mean, the testing I did, the product I tested with TP-Link worked, but their site was a mess. The documentation wasn't great. It's probably fine for home users who want Wi-Fi. I don't have enough trust in them to say that they should be something I use in my product deployments. But yeah, this is just crazy when you look at this. It's like, come on, our 2011 stuff is still attacking us. And how many people are using an old phone from then? Probably too many. I'm going to guess it's outside the US when it comes to the phone usage. I'm assuming. Most of the people I know, maybe it's just the circles of people, I know I won't rule that out. Are you generally using newer versions of Android? So such as myself, hey, guess what my phone's doing? Because as soon as they come out, installing security update, I'm always keeping my phone up to date. So that's one of the reasons I like these. So have you heard of the exchanges point? We're kind of trying to read all emails, send us different users. Fixed in August, we had no head to active extent security. Yeah, there's many messes. I just really dislike exchange. No one should be running exchange server anymore. It should be retired. Microsoft doesn't care about security of it. So you shouldn't use it. Microsoft will only do security on it when I don't know when they're embarrassed enough to do it. I don't even know how to describe their behavior pattern around it. So I do need to do a migration. Should I do it live? I need to migrate one of my XP and G systems to that Ryzen so we can do more testing. I use a QNAP but no problem almost NFS plus I SCSI with no QNAP on it. I mean, that should work. If you don't publicly expose a QNAP, sorry, yelling a little bit. Must need more oxygen. I'm all the way down to, will this read in the camera? Oh, that's cool. It kind of works. You can see my CO2 levels, maybe focus, 578. Anyways, I mean, I've heard people tell me they like it. It worked, but I mean, don't publicly expose it. That is the lesson learned from that. Don't publicly expose your QNAP to the internet. I'm building a server right now with connection to my DMZ internal LAN. The DMZ is layer two only VMs need. VMs will need to bridge the DMZ interface to get to the internet. Yeah, the more you can lock things down, the better you hire a third party to protect your emails to exchange. Hopefully, hopefully they do a good job. Because the exchange server itself is a mess. Not like I said, not a fan. And I used to do exchange admin. So it's not like I'm talking from someone who just doesn't like Microsoft. It's more talking from, I just don't like exchange because I never thought it was a good product. I always thought Linux servers were better because they are when it comes to mail, but Microsoft's deeply embedded ecosystem to the business world means you end up using exchange a lot. And it's just is what it is. I heard yawning is not about actually about cooling the brain. I've heard a couple of things. I've never, I've never really dove into the science of it. Like I was told these things when I was young. So yeah, I don't know if they're true anymore. I have no idea for the home stuff, a peeping, gumada, lion's king of older equipment, five years is still supported. It's if you can point me to a concise end of life and product life cycle for their devices, that would be great. But I don't know where I can find that information. So without that information being available to me, not sure what to do. I've been in contact with TP link engineers for Pernebug. They seem competent responsive. Well, I've heard some people say that I've heard the opposite. I mean, they copied Unify, which is kind of cool. But I don't know. The only exchange ever gets patched is Office 365 when it needs it. Are there alternatives to exchange? Sure, there's Office 365 and GC, but nothing else, especially if Outlook is used. You're right. That's the problem. There's not really an alternative. There was a couple of write ups and Reddit of people giving up, there was a people who did write ups and giving up running a mail server. And then I can't remember who had the article, I've seen it pop up a couple of times. And they were referencing that of the email war is over. And it's something I've said for a few years. I did mail hosting. I did manage it. It's just unmanageable anymore. I don't think it's worth the time to try to manage your own mail server. It's not the scenario I think we should live in that we can't do this anymore. But it's where we ended up. So the realistic person that I am says email wars are over. You go with G suite, you go with Office 365. The person who wants and the other side of me, my of two minds, the world I want is where y'all get to run any of the servers we want. We all interoperate together really well and it works. But that isn't the reality we ended up with when I came to email. So some people still run there's Zimbra and there's a couple other ones out there. But it's just yeah. Yeah, 365 uses exchange managed by Microsoft and Microsoft seems to care about the security of that product. I think only can be attributed to too many different things like being tired down at Fox chin. Or you saying yawning and me wanting to yawn. That happens because the fact that yawning is contagious is always interesting, not for everyone, but for a lot of people, if someone yawns in their area and they see them do it, other people will yawn as well. That's a common thing. It doesn't affect everybody, but it's interesting. Wait, where's the other question? Someone said, interesting question about, yeah, good question about end of life. Well, this is a problem. If I sell someone a product, and I want to know when's the end of life on that product, because I want to know how long it's going to have support for when companies don't have anything about their end of life. And a couple people messaged me about product that TP link had like abruptly ended without warning. And I'm like, Yeah, that's scary. And so I started looking for that piece of information going, what's the expected product lifecycle? And there really isn't one. So they support it until they don't want to. And I don't think that's a that's a business risk. I mean, for a home user, like, Oh, I guess I'm not getting firmware updates. And as long as there's not a problem, I can live with it. When you deploy hundreds of these to a office in a whole building full of them. Someone's expecting that thing to have support for X number of years. China set up a mail server and EC two instance for a client turns out upon port 25 is blocked. Yeah, probably not surprising near. Can't disagree more time. Let's say you need mail mail log button here. I don't know how to get it from Google. I don't understand the question. End of life drives it budgets. And what do you mean you can't get it from Google? If you have G suite that you should be able to turn on logging and go back as far as you want for the logging in here. So maybe I'm misunderstanding something there. I could, well, we can do this in real time. We can go to Google, I could log in and tell you how long the logs go back because we have G suite. So if we go into probably would be the security settings or security logging apps devices. I don't know. Where's that devices directory? How reporting? Duh. Audit investigation. Admin event logs. So how far back can I go to these go? Staking a long time to load. I wanted to load the tool tips for me. Thanks. I don't really need the tool tips. But let me find specifically the user, probably user log events. There we go. Thanks. Don't show tool tips. That's what's taking so long. So filter probably depends on how long you want this to go back for. Look like there's rules for how long it's set to. Reports. User reports. Accounts. They updated. I don't go in here very often. So view latest, through option of view oldest. So I can see just how many years back it goes. I know that some of the logs I have are for are older than a year. So nonetheless, I don't know. I'll look at that later. You can always export and extract the logs. That's actually one of the options Google has in there in the admin. I was looking at it. I was going to show up and it's got all my email addresses and everything in there. I don't need that exposed. Try industrial IT. It's supposed to work for up to five to ten years for the company's lifetime. Yeah, if the company goes out of business after a few years, it's a whole other problem. Could you run an e-commerce site behind HAProxy? What about payment process and certificates still doable? Sure. I mean, if you have a web server and that web server has a shopping cart in there and an integration, I don't see why you can't have HAProxy in front of it. I don't see why not. We are partial to using Stripe for our payments because we don't want to we don't want to manage people's credit cards. We let Stripe do that. That way I'm not the one handling the credit card. So we don't handle credit card data, but it's up to you how you want to handle it. You want to bring the credit card in and process it. Make sure you're doing it well because you will assume all the risk at that point for doing that. So maybe you're fine with that risk. I don't know. That's really what the question comes down to. Are you fine with the risk of doing it that way? Stripe is great until they pay with Amex. Well, yeah, there's fees. That's part of life. I meant to answer the question, was the email sent a precise time or not useful advocate agency? Not clear where you're going with that. What else was I going to do? I think that's all I had on my list here for things. You know what I forgot to do? I forgot to do this at the beginning. Where's Tom going to be and when's he going to be there? So if anyone wants to meet me in person, I'm going to be at DattoCon September 11th through the 13th, 2022. So that's next week. I'll be at DattoCon. I'll be at Gurcon October 13th and 14th of 2022. I will undoubtedly be attending the Ohio Linux Fest and that is in December 2nd and December 3rd of 2022. So those are the confirmed events I'll be at. Oh, I got to add this one. I'll add it to my list right now. So it nation secure for IT nation 2022. I'll be at that event. I need to add that to my list. I know it's going to be somewhere else. We'll add this in here. This is November 9th through 11th in Orlando. So let me add that to the list. It nation November 9th through 11th. So that lots of lots of places I will be for those of you that follow me that want to see how you in person. Hot sauce of the day. That's a good question. I don't know if I shared this last week or not that my friend was spending a week and a half. Where did it go? We had a bunch of hot sauces. You know, I did share it last week. So it was two weeks ago that my friend Jason was hanging out and we had all the hot sauces. So I think I shared that picture from last time. So nothing new. We didn't get any new hot sauces lately. So we have the just this one right here though, the if we want to pick one for today, it would be the Melinda's ghost pepper steak sauce. It's like ghost pepper A1. It's really good. So what is the best event to come to the USA if I was to come from the UK as an MSP owner? I think the IT nation event is pretty big. There's actually a lot of people that come to IT nation from the UK. When I went before, I met quite a few people that were traveled couple, I think two were from Australia. I was like, wow, that's really far. But yeah, there was a handful of them from the UK. So that one's probably pretty good. I've never been to Datocon before. Datocon is obviously probably short notice for you, but Datocon is next week. And I've heard it's really good. That's why I'm going, but I haven't been before. Yes, a lot of flavors that day. It was a good lunch day. What note-taking app do I use? I'm still having migrated off of Google Keep. It's on my to-do list, but Google Keep is still my favorite note-taping app because it just works so well. Google Keep is pretty cool. Just straight Tabasco. Tabasco's pretty good. I don't have any problem with Tabasco. It's simple, but yeah. I did spend, I just got back from hanging out with, and you may recognize them from the Business Technicalities channel. Me and Sean went to, me, Sean, and a wife and everybody, we went to, come on, stupid thing load. Wrong one. I was just in Chicago. You may recognize Sean, so we were all having tacos. So yeah, that's a little bit of traveling that I did as well over the weekend. I'm trying to travel a little more, but mostly I stay in the Detroit area. That's where I was born, raised, and I mostly wander around. But spending a week in Pittsburgh was pretty cool too. Pittsburgh's a pretty cool city. It's only about four hours from here. Do you swap out clients who still have old Nike 3100s? No, there's not a reason to swap them out. They stopped selling them, but they're still relevant. So just because they have a 3100, they stopped selling 3100. So if that 3100 dies, yes, I'm going to replace it with something else, but it's not, end of sale is not the same as end of life or end of support. It's just not an end of life device right now. Oh, increasing the warranty to two years, we have so few things we've sent back from Ubiquiti. I don't think it's a big deal. I think it's one of those shows confidence in our product because the APs and switches, the number is not zero, but the number is also for the percentage of equipment we buy and install. It's really, really low failure rate. So I think it's just them doing a good job. So current biggest challenge is MSP owner. I don't know. That's a tough one. I don't really know what one particular challenge on making sure everything works all the time is the hard part. That's, you know, or I could say dealing with users. That's definitely, it varies from day to day what it is. There's not like any one particular challenge. I know for most MSPs, it's going to be leads, lead gen unless you have a really, really good marketing and sales process. Lead gen is usually the number one MSP problem, but I kind of have a pretty good lead gen system and we're good at following up with the leads. So that's less of our issue. But Ubiquiti's had two years. If you buy directly from them for a while now, no. We've been buying directly from Ubiquiti for a while, but the, I think Ubiquiti's really just trying to cut out the resellers too. They used to sell on Amazon. They got rid of the Amazon, then they have the resellers, but the resellers aren't in love with Ubiquiti because they give them extremely low margins. So what's the open source to publish applications like Firefox? Is it X to go? Yeah, X to go works for good for doing that. Do you keep a backdoor access to client routers in order to fix things remotely? We have, as I said earlier, we have Screen Connect. So we have remote access to our clients. We don't have to keep a backdoor. We have remote access to our clients. Do you keep all the firmware updated all the time? Is there some policies you have to urgent but I recommend it update you apply? It is a struggle all the time. We want to keep the firmware as up to date as possible. It's a challenge. There's like an endless, the more devices you get, it seems like you live in an endless ocean of updates. Some people have had warranty problems when not buying directly from Ubiquiti. Well, yes. One of the problems is when you buy things not directly from Ubiquiti, you're dealing sometimes with resellers who bought the kit and now they break things out of the kit. So that's definitely an issue. 4100 versus 4100 max? No, I think the only thing difference is going to be how much hard drive you have. There's no speed difference in it. It's a drive and memory. So those aren't really going to cause a speed difference. Any other final questions people have as I wind this down? Things I can answer is I went through the list of topics. Oh, I think I brought up a little bit kind of related to security. I'm still working on the video. Hopefully I'll get that done tomorrow for two videos I'm working on. That'll be done hopefully before I get to Datocon. Business email compromise? Discussing that. That's a big topic. So business email compromise is like bigger than ransomware and people don't realize it because it's so boring to talk about. But I'm going to talk about some of the methods, how it happens. I am working on also possibly a video with David Bumble talking about some of the YouTube channel takeover stuff that happens. So I reached out to David on that. I got to talk in some more detail with him on it. So I tested anything in keep all programs on multiple computers network update. Yes, Ninja RMM has updaters in there for it. There's also tools like Ninite that will update things. So those are different. Ninite Pro will do it. And so our RMM tool does a lot of it. Building a virtualization server and looking at Proxmox at a loss dealing with storage though. Do I install TrueNAS to ZFS in a VM or should I integrate Ceph server? Well, if you want to learn Ceph, integrate Ceph. Do you need Ceph? I've got a whole Ceph episode on our podcast. We have a podcast where we talk about Ceph. But it's up to you. I never like virtualizing TrueNAS. So my answer to virtualizing TrueNAS is no. Do you have tips on keeping staff morale up? Don't be an asshole. That's the biggest one. I think I'm doing that. I'll feel free to let Travis chime in if he's still in here. I don't know. What do I do to keep staff morale up? Buy food. We bring hot sauce. Do you use any mobile threat defense like Wanderer? No. Do you use a program to set up systems by images? No. That's not really needed. Support your staff? Yes. I haven't used Gluster. It's low on my priorities list of things I feel like testing. It's neat. It's maybe I'll play with it in TrueNAS, but it's low on my list of things to do. If you go back to that episode where we discussed Ceph versus Gluster or Ceph in terms of 45 drives, we talk about some of the shortcomings Gluster has when comparing it to Ceph. It doesn't mean Gluster's bad, but it's something to consider when you're doing large-scale deployments. Biggest deployment during UDM Pro? We don't deploy UDM Pros, so nothing. We're able to get lunches all day, and while I'm new to the team, frankly, we all get along pretty well, so that definitely helps. Memes. Memes help keep the morale up. We'll go with that. You got to have memes in the office. 45 drives update? That's going to come in about two weeks for the 45 drives update video. I've done one technically because I did the one where I followed up with the petabyte server, but following up with my 45 drives server, which by the way, too long didn't watch. It works fine, but I probably two weeks out on that one because of the travel plans I have and other projects that'll come first. Takes me a little bit. I can log into it. I can show you it working, but there's nothing really exciting about it, which is exactly what I would prefer. Nothing exciting has happened. By exciting, I mean nothing's broke. We are running the latest version of Churnass on here. I actually have a whole lot more data to pull to it. So as I bring in more data, that'll be better for the review. So, oh yes, meme conversations are great. Meme game is on point. Yes, that's always the thing. What's your ratio for number of clients at PF since they encounter packages? I don't know. I missed the update to petabyte. Yeah, there's a YouTube video I have where I did how we did the petabyte project and follow up six months later on the petabyte project. So I've got videos talking about that 45 drive server just less about ours. Yeah, you don't want to have an exciting data day. We had an exciting and fun time recovering data. Hopefully not. Not what you want. So yes, share any new IT memes. Oh, so yes, pretty much for anyone who wants to follow me on Twitter. Most of what I post, not most, I post things that are, you know, realistic on Twitter, but anytime I can find some humor on here. This is my the Star Trek vendor prize. Yeah. What else do I have on here? Oh, windows encountering an error, hand them Linux, Linux enthusiasts. So yes, I post a lot of memes on Twitter. That's where most of memes are. What else do we have? Oh, StarTruck. It's 500 year mission to explore strange new woods to branch out new life and grow new forest to see new forestation to boldly grow where no wood has grown before. So yes, pretty much I post memes. Oh, and Jay was hacking my computer last week. This one actually blew up quite a bit here. So client only test was listed in scope. This one got like a few thousand people liking it. Tom does memes. Yes, that's you're on mute. Oh, yes. The rise in system we are building to boldly go. You can tell a theme about me and Star Trek where no van has gone before. Some nightmare stuff. My only fans video. Hey, I mean, you got to do an only fans, right? Hey, everyone's an admin. I got to review this. The thing that looks like a red bull can. So this is the ubiquity UFI six mesh. YouTubers. The Navy like and follow obey orders dominatrix and ring the bell more subs. There we go. I'll leave you with that one. So yes, just go to you don't have to sign up for Twitter, by the way, to see my Twitter memes. You can just they're all I my profile is not private or anything like that. So if you want to see memes, but not participate in so in the what do you call it? Well, we got to do this one people using space instead of tab. So yes, that's definitely lots of humor. I like to post on places. I don't know where else to put it. So it goes on Twitter. Should I post it in my YouTube feed for stuff? I don't know. It doesn't seem appropriate for that. Maybe I'm wrong. Maybe I don't understand things very well. So I don't know. Whatever works. But nonetheless, I'm easy to find in the forums. If you want to have a more in depth discussion, as I always like to say, thank you everyone for joining. Thank you everyone for clicking the like button. Matter of fact, we should probably pull up the live stream. And before we leave, can a few people click that like button to make the YouTube algorithm happy? And as YouTube social media platform, I'm going to say yes. So if you're on here, you are participating socially on the social internet. So there's apparently 58 likes there. I guess we got to zoom in to make that a little more visible. So there's our likes. Let's get at least past 69 likes. Surely we can at least have that many likes on here. So we'll give you a minute to click on all this. Oh, glory to the algorithm. That yes. Yes. I can definitely agree with that. Oh, glory to the algorithm. It certainly drives my life in some fashion. Oh, someone unclipped it. We went from 66 to 65. Oh, my live stream is the only one you watch. Oh, thank you. Appreciate it. Oh, cool. We passed. I was hoping we'd hover on the internet funny number of 69. But as I said, thank all of you for joining. This has been great. I love hanging out and talking with everyone. If you decide to join Twitter, you can feel free to say hi to me on Twitter. But no, I don't do tech support over Twitter. I only do engaging conversation and memes. My forums is a good place to ask questions. So forums. And I think that's all that's that's all I got for today. Looking forward to making more videos and keeping things going. Thanks, everyone, and take care.