 I just I'd laugh at this comment right away Alexo is from Australia, Alexi Alexi. She is from the land down under. She's right. We typically late. And I have to say that joke every time she posts. I like that her last name looks like koala. Yeah, because there's koala bears there. Yeah. That's a good point. Nothing gets by me. Nothing. So, yes, it the land of koala bears. Oh man, today has been a interesting day, which we'll get into shortly here. Because me and Steve have been working on a threat that popped up on Sunday and we're trying to get a full diagnosis of it. And where that is, and I'll I'll actually share. Once we get started here, I should share with you, Steve, what I've learned since I talked to you an hour or two ago. Oh, there's a lot more. There's there's a story keeps getting deeper. But welcome to block. There's a number 318. Let me switch to my vlog Thursday notes. I like to say where I'm going to be. And I'm probably going to do maybe next week. Maybe I'll bring them on the live stream. My friends that are putting on MSP geek con, they're really talking me into going. So I guess I have to go. And if I mentioned that I'm going on the channel and have them on the channel, it's a conference for other IT people, IT professionals. It's going to be in Florida. So I don't know if you go to MSP geek con, you can find out because I have I've already forgotten. I know I'm here. What I'll do is I'll post it in the chat and people can click on the geek con. Yep. MSP geek on 2023. It's May 21st to the 23rd. Get your tickets now. But where's it? Oh, it'd be down there after I'm down there. Yeah. It's a conference for MSPs by MSPs. But then unless Orlando. So oh, yeah, that's almost where I'm going. Yeah. If I fly, that's where I land. Yeah, that's so I will be there. I need to book my ticket and stuff. But I want to answer because people that took the time and let me throw it up down here on the banners. I did set up the vlog Thursday at LawrenceSystems.com for people that ask questions that I will answer. And I'll try to answer them in the beginning of the show because there's only a couple. So it's easy until this becomes an intendable, you know, of actually trying to answer too many questions that come in a couple weeks. Yeah. Everybody catches on and does it. Yeah. Once I get bombarded with emails, I'll create summaries of responses. I'm looking to get in cybersecurity. I'm looking for materials and hardening Linux. Do you have any videos or resources? And the answer is, yes, Jay and LearnLinuxTV has a bunch of resources to cover. He's got like all of your stuff. I believe he actually has a specific topic on hardening Linux with a couple different tools. So Jay covers it so well. He knows it better than Tom. Therefore, I recommend Jay's videos for my own on that. The other question that came in, I think I only got three questions here. Someone likes my, thank you, who likes my videos. And I thank you for the videos and information about amazing resource. I apologize. I've been asked already. Was there any suggestions and guidance for considering leaving manufacturing and getting into IT, specifically DevOps engineering? I have a degree in primarily work with industrial CNC machines. We've given the entire career change. My initial thought was DevOps engineering and be good skill set. I have a passion for networking. So I have considered CCNH for occasion. I have a fairly complex home lab set up. That's where it all starts. TrueNAS, TrueNAS scale, PF Sense Ubiquity, Unify, Home Assistant, XCloud, Bitward, Mastinon, Plex, Suricata, OpenVast. Hey, that's a good one to learn. And other services. It's all about getting the experience is the hardest part about starting IT is getting someone to put your foot in the door on that. Yeah. I mean, that's probably the hardest part is they hire almost more on experience than they do on everything else. But the everything else, maybe a different degree or certification is how you can get in the front door to even have a discussion with someone. So getting those sorts or might be important. They want the guys who've seen some stuff. Yes. And it's like, once you're an experienced person, you can just start walking and hopping jobs all over the place. But if you're good at following and working with CNC and things like that, if you're good at following a logical process, then you can easily transition. My friend actually told me one of their people that only started like six months ago, he's a trained, hazmat chemical specialized in some like hazardous materials, chemical engineer. And now he's their top cyber threat guy for a very large company. And he says, eh, I deal with documentation and hazardous stuff all the time. So he just decided one day he didn't want to do that no more. But with no degree, he just went and hammered out like a plus security plus network plus, he got those three search that's all he started with and jumped in at the ground floor of the company had to take kind of a pay cut because chemical people make a lot of money. But nonetheless, it didn't take him long to climb the ranks and jump up there. So it's absolutely possible. It's just a matter of figuring out where you want to start. And that's the hard part. But if you're willing sometimes to take a pay cut from maybe a really good career, because you just don't have the experience that just some sacrifice you might have to make. And once you get experience, if you're good at it, you'll ramp up fast. And it also comes down to what you're doing. If you're doing a back breaking job, it might be worth the pay cut not to break your back that one. Yeah, the last question is, do you have any resources on asset and wealth management? Not really, I'm not an expert on that. But I will say where my favorite financial advice person right now and has been for quite a while is probably Scott Galloway, he he has a lot of podcasts, he creates a lot of media, easy easy person to find, read his books, jump on the Jordan Harbinger podcast and you can find episodes of him on there. And of course, on Scott Galloway's podcast. But I mentioned both of those because there's also Ray, the guy from BlackRock, you can find him on there too. But that's wealth management. I thought about putting a blog post together like I spend some time understanding it because you have to figure out what to do with money at some point in your life and try to be responsible. But I'm not the expert in it. So and I really found too many like dedicated YouTube channels. I used to like one of the I used to like someone but they turned into clickbait channels. What was that one guy? There's this one guy that started out so good with financial advice and he turned it all to clickbait once he broke a million subscribers. It's like, that's like a repeating story because honestly, he makes more money now than he did giving out boring or financial advice. Well, and a lot of them too. You remember they were really popular for a while, but they were like all 20 somethings who you know, had you like I had made my first half million dollar working for my dad's company. Yeah, and that's part of it. Like Graham Stephan is the one I'm referring to. His content was so good at the beginning. And it just I don't know I kind of had to quit following on like he had some really solid financial stuff he talked about. And he's a smart guy. He still has some good content. But I know he lends himself to the algorithm a bit too much. So there's my financial advice. Scott Galloway is a real deal though. Great stuff. Oh, another email came in just now. A general discussion on the current landscape of Linux. I don't know what that means. Oh, and don't worry, the person said don't don't say my name on the stream and not a problem. I make sure I don't say people's names. I do respect the privacy on there. Linux has a bunch of different kingdoms, I guess you could call it. We all worship the same kernel, but there's many kingdoms that worship this kernel. That is not what's pretty good. I'm going to tell I'm going to tell you that's how we're going to do it. It's we all worship the same kernel and me and Jay actually did a I think the most recent no not the most but the one before we jumped into Linux distros. So the homelab show two episodes ago which number was that we actually covered that. So it's a topic it's a talking heads video but nonetheless it was titled wait not that one. Hold on out there tunnels. It was which Linux distro to use episode 85. So we talked about which will next distro and the most popular ones to use. We covered quite a few of them too. So one should I use? Yeah, which one should use? Oh, more general threat landscape for Linux. Never I read that wrong. Current threat landscape for Linux. Got it. Threat landscape the threat landscape for Linux is not not an easy one to cover. So that's that's that is a challenging topic and the reason why is it the threats you see in Linux are very, very different than what you see in Windows. So generally not user initiated. That is one of the big things. They're almost always like, Hey, we found a flaw in Apache. We found the flaw in log for Jay. It's it's not often the flaw is natively directly in Linux. It's it's like we found something that was running on there that we were to get into. So example, example, like Alasian Alasian runs on a lot of Apache Tomcat, which is just a security nightmare to manage because it's so old. And people keep finding bugs in it. And they exploit the Linux server. So threat landscape is not it's usually not Linux. But for example, though, there was a problem found in sudo. There was a couple problems found in a couple of other things. But a lot of them like they don't get the news because they're harder to exploit because they require local user access. And you don't usually have local user access on Linux. It's usually running. And at last seen server, it's running a database somewhere. So that's why the threat landscape is so different for like something is not there. It's just a very different but I don't know how to cover it as a topic. So yeah, if you have more specific questions, maybe that would help me. It's why it's also why antivirus for Linux is really limited because it doesn't really, it's not the Linux things that are going wrong. It's not like Windows. It's usually the exploit is there like WordPress. It is also the way it's talked about WordPress pretty much runs on Linux. But there's been a ton of WordPress breaches. The word Linux never comes up, but they're all running on Linux, because it's not a Linux problem. It's the it's almost always the application problem because that's the part that's facing it. QNAP is in the news all the time for their godawful software. We get clients who have them like I have a QNAP. Why? Why? Or the the worst is like I want to put Plex on it and port forward it. It's bad enough. It's a QNAP. Don't open it up. Yeah, but and that's the problem. Once again, you're not dealing with a Linux problem. You're dealing with the QNAP problem. But yes, QNAP problem. Misconfigurations are pop. Yeah. So yeah, the threat landscape is definitely different because of all that. It's it's just there's less of it. I mean, the Mirai botnet is on there. So let's see. I will send you. Oh man. I'll talk about later. All right. Back to the topic of PF Sense because that's the other thing. Let's get that out of the way. PF Sense, the new version's out. Yay. So we've been out. Have did you update Steve? You probably didn't do it yet. No, I just logged into mine today and noticed it was there and I'm like, well, I don't want to press that button right now. Yeah. But nonetheless, we can let me share my screen real quick here. Present share screen, which window? Oh, Chrome tab. But yes, I'm now running the 2301 release. It is fully up to date and working. So yay. I should update the 3100 behind me because I bought I should actually get the 6100s out and update them. I'll do that when I get back. But I wonder if they fixed that issue where it takes forever to get an IP address and you don't get a gateway if there's no wan hooked up. Yeah, that was a problem that you were tracing down. And it affects the 3100 as well. So it's something with that build. Yeah. So that's interesting. So that'll be a fun one for to play with to see if we can repeat some of the problems we had found. But the upgrade, I can't say when I went to the release candidate, I did have some bugs, but also and people make a big deal about this. But honestly, all you have to do is go to system package manager. And this is what's solved all my problems. By the way, I have boot environments. So I was able, you know, when I had the problem, I just rolled back to my boot environment and remove things. And what I had to remove to make it work, right was I removed pf blocker and I removed snort the snort loaded. Yeah, source. So loaded. Once I remove those, the update went perfectly fine. So I was like, awesome, this works. And you know, no complaints. It's only two things I had to remove. Now, you may have to remove something else, but they say to remove some of the packages. By the way, by default, the packages when you set these up, they automatically will install with the same settings when you reinstall them. So you're not at risk of having to reconfigure and reset up all the packages or anything like that. So no big deal there. Grayson, how you doing, man? Thank you for the donation. WordPress features. You use classic press. No feature bloat. Yeah, I don't like the Gutenberg editor. I mean, I don't use it much, but it's it does add complexity to it. I don't know. There's always that balance. The more complex you make it, the harder it is to secure. That's for sure. Thank you, William Daury. Always appreciate the donation with wide open West Internet. If I root my cable on them, I always have to reboot pfSense. If I reset the nick, I never get a public IP again. I was about to respond to that, but yeah, that's weird because I don't have that problem. Near to why? I wonder if it's an issue with do you have their modem? We both have our own. I think you have your own, right, Tom? Yeah, I'm using the wide open West modem. Okay. See, I'm using a heiress modem. I just replaced my old TP link one. Yeah, I even had I haven't really had any problems with the wide open West has worked really, really well. Me and Steve both like wide open West as an Internet provider. As long as you don't use their DNS. Well, yeah. But there was an outage. Everybody, I couldn't figure out what everyone was talking about. They're like, well, I haven't had Internet all weekend. Mine's worked. It turns out their DNS servers were just down. Yeah. Travis has been updating systems. So, we updated the 3100 at the office. So, that's working. 3100 is one of our it's one of our spares we have. We have the 8200 and I didn't have time to update. I'm gonna update the 8200 tomorrow because I want my Friday to be exciting. Yeah. Steve's not exactly for an exciting Friday, are you? Oh, no, I'm you're gone. I'm never gonna be in the state. Yeah, that's right. You're gonna burn it down. You're like, go ahead. Go ahead and update all those things. It'll be my problem Monday when I get back. I switched from Hyper-V and basically no firewall to Xcp and gmpf sent, which is all great. Also switched to new hardware and restoring metadata and configure the back of the first install. Well, I'm glad you're off of Hyper-V. I don't think Steve has any love for Hyper-V either, do you? You don't you don't like the Microsoft virtualization, do you? Oh, I've been like, wait, wait, wait. In my mind, I was confusing Hyper-V and vSphere. Oh, okay. Yeah. And I'm like, is Hyper-V the Microsoft one? I actually don't hate it. It's not bad. Where I find it really comes in handy is because whenever you have a license for server standard, they give you one virtual license as well. So you can run a VM within your main server and that saved us a few times where client gets a server and then vendor comes in and wants their own server to run a software. And we're just like, okay, we'll spin it up on a VM for you. Yeah. Re-license. Here you go. Also, I switched new hardware, restoring metadata and giving the backup on my first install. I don't understand what didn't work, but it did not work. Your backups didn't work on XCPNG. That's the part I'm a little confused about. Had to restore it manually. It's a how to do this. Not sure because I'm not exactly sure what didn't work. Hmm. Yeah, maybe I'm maybe posting the forums. That would be the best we can walk walk through the forums, either with XCPNG forums, walk through what process you followed and try to figure out where the gap is on that and we can solve it. Oh, I don't know if you knew this, Steve, but this is a new feature in 2301. You know how it says like pf blocker and g devil and pf engine? They merged them. It's just pf blocker and g now. Yeah. It was the right one half the time anyway. Well, we wanted the devil because it was the uh, that was always the latest version. Okay. Yeah, the other one's the old version. Okay. Three re-images to set it up correctly. I think we had that discussion before because of the memory settings that I said I think someone posted the forums. There's something you can set to get the faster memory settings. I forgot to tell you that, Steve, on our rise in XCPNGs. Did we get 3600? I think so. I'll look into forums. I think someone figured out how to do it. I, well, we also didn't try, they might be on the newest BIOS. We tried the new BIOS. We did, did we to get on the new actual new one? Yeah, I think we're on that one now. Okay, because we had that weird shutdown issue and they released a new one. We were on the beta because they didn't even have the original BIOS when I built the first one. If you weren't on the beta BIOS, you didn't even have XMP profiles. So you would have to like manually go in and time everything and I couldn't get 3600 working. 3200 seemed to work. Frank says the SG3100 has a bug in the open VMPN tunnels. Is there a forum post? You can just answer yesterday because you can't post links in here. Is there a forum post on NetGate about that topic? Just wondering here. I didn't see the... Yeah, I have it up on there though. I see it on the screen now. I forgot you can do that. Yeah, I'd have to see it and test it. Yeah, let me know if there's a forum post on that because that seems like an odd problem. Because a lot of people... You put on the NetGate forums. Yeah, the NetGate forums because there's people that... I don't know if that was a question or a statement. I don't know if he was telling us that. Yeah, the post is there. Oh, okay. He says on the NetGate forums. We don't really do much with... Oh, wait. Yeah, we don't really do much with... The pass through? Yeah, the GPU pass through. It's one of those things that's just not really used in the... Corporate world. The corporate world doesn't use it. Hold on. Yeah. Let's see, there's a lot of people posting. No Web UI after 2301. There's a lot of posts in here. Tail scale service won't start. Is that what you're talking about? He said open VPM. Okay, Obi-Wan, can I be established? Here we go. Here's that one. Oh, and the ZFS is supported on there, Steve, because this is someone talking about a 3100 with it. They're finally doing that? I guess. Maybe, I don't know. I thought when you talked to them, they said it was just an arm limitation that it couldn't... So it solved a lot of our life problems. Yeah, maybe not because I realized I looked at the top there. This is a 40. This is a different model. But there's a fix here. So there's a kernel change you make from reading this, right? Yeah, there's a bug for it, and it sounds like there's a fix. Updating manually allows it to start. So yeah, there's a workaround for it. That's the important part. It's supposed to have forums when you see these problems, and check them there. So many people just go and complain about stuff. Yeah. Hey, that was me in the forums. I needed to change the sensor, and I'm going to do it was in the shell. Yeah, because that was the other problem. It starts tripping the voltage sensor and gets mad. Yeah. Yep. Do you need a separate NFSI? It's because the HD... I'm responding to that one right now. Okay. Local NVME is enough, and there are cards that support multiple NVMEs if you need more storage. But ours is actually only running on a pair of WD Blacks. So it runs on local, I think they're what, 2 terabyte WD Black NVMEs? Yeah, something like that. Yeah, I think we have. And if you need more storage, you can always get... I want to say that I want to say that board supports. Now, granted, you got to check the manual because you start getting kind of limited with your PCI lanes. But I want to say if you're not doing anything crazy with the networking then, I think it has support for the 4x4 bifurcation. That might be. Those little cards were definitely a problem for the bifurcation stuff. It's finding the... Well, the card itself wasn't the problem. It was finding a computer on motherboard that supported it because a lot of your consumer boards only support very few support 4x4. A lot of them support 8x4x4, which is... Yeah. So you get three of them working. Cool. I think Wendel's done a video on bifurcation, but it's definitely... It's not a topic I've covered. It's more for hardware, people who dive deep into the hardware boards to cover what doesn't, doesn't work. I never really just grabbing a board, loading the BIOS and logging into it. No, it doesn't do it. Try again. Yes, it's not always well documented. I don't know if it's as well documented with the boards. When... You know what? It was Wendel from Level 1 Techs when he did the... I think it was the 45 drives one. He had a problem with bifurcating because there was a mislabel in Super Micro's documentation. And because he's Wendel, he figured out that the labels on the board were offset by one to the labels in the BIOS. So when you set the bifurcation and it didn't work, you were actually setting it on the wrong port, if I remember. It was a weird esoteric thing he found in the video. So... Got any suggestions? Protect teleboxes? Yeah, the J4125 is more than fast enough. We still... Jeremy's just died, but we still had a bunch of J1900s still out in the wild. There's still a few out there from before NetGate had affordable boxes. Is this the one that died? That, that's the J1900. Is this the one he had that died? Yeah, it's the same model. That is the old J1900. So we have more of these dying? They're old. We bought those before the 3100 existed. Yeah, I know, but still. Like, we bought a few of these and I wonder if that's an interesting thing that they're dying. So... Just age, they're aging out. Parts are going bad on them. Again, we bought them before the 3100 was even a thing. Then we went all in on the 3100. But yeah, I would definitely... I ran one for years, it worked. I ran a few little built ones like that. I would say, depending on what you're looking at, they do have a higher end one. I'll see if I can find the link to. That has 2.5 gig support. Oh, yeah. Yeah, do the Amazon link and throw it. If you sent it to me, if you... I'll send it to you and you can make the referral link. Yeah, well, no, no, because... Or can you post links in here? Yeah, I can post links. I've already posted a few myself responding to questions. So you can even notice them what I do. No, I'm not paying attention. No one appreciate me. Any opinions on Signal Messaging App or Moving SMS Support? I have no opinion on it. I think there's just some challenges they had with maintaining it. I'm indifferent to it because the people that use Signal, they use it to talk to Signal. I never liked because I never used the blending of the messages. I don't like doing that. I have my messaging app and I had my Signal app and never the two-shell meet. Mostly because I rarely text from my phone. I actually text from the web app, which is because I use Google Fi. That's most of the reason why. Keep up the awesome content, best signal noise ratio on YouTube. A awesome Andrew. We're using Sonic Walls in the company and they totally suck. Me and Steve can commiserate with you on that. Sonic Wall sucks. The only thing I see if PF Sense can't do is DPI to sell, which is a suggestion to protect web server behind PF Sense. Well, web server is behind. You're using Sonic Wall as a web application firewall? That's weird. We use Zoras. I did a video. I have a whole product demo on Zoras. Zoras is our web for deep packet inspection in terms of filtering websites. Everything else. Zoras is our answer for that. The reality is people aren't all at their office anymore. That's one of the reasons we have to use tools like Zoras. Because it's not like all of our clients sit behind one firewall. They may sit behind a firewall. They may go sit at Starbucks and you have to be able to filter their computer whether they're at Starbucks or at work. When I activate in the interface, WAND-HTP6, does the interface get IPVD? Pretty dedicated. I don't know. We turn off IPV6. Leave hate in the comments. I'm a troll when it comes to IPV6. There. There's the... Yeah, that's the model we've started buying. We got a few when the 3100 was discontinued but the 4100 was not yet out. And there was that weird gap of... We don't have something to sell clients. But those have 2.5 gig support. I'll second this statement here. CrowdSec is a great way to protect web servers. And if you haven't seen CrowdSec, I think I did a video on it a while ago. CrowdSec is really cool. Actually, here we go. I'll throw it in there though. I'll throw a link to it. If you don't know what CrowdSec is, Jay from 1LakeCBS sent a video on it. I've done a video on it. I like where they're going with it. I got to revisit the product. We just don't do as many web servers and things like that that need the protection from it. But nonetheless, it's a really cool service. I'm running it on our website. So something I am using, I just don't do a lot of videos about CrowdSec. I got a top 10 N-1505 with the I-226 Knicks. I don't know. I don't know enough about those to know what's supported and what's not. But for what it's worth, yeah. The only challenge is, if you're using your own hardware and you like to get PF Sense Plus, the problem is going to be that you can't download PF Sense Plus. You have to download PF Sense 2.6 and then register it to get PF Sense Plus and then do the upgrade in place. So this depends on how you configured CrowdSec. So the way CrowdSec works, brief overview here is pretty simple. You know what, they have something on our website that shows how they work. Because it's a really simple idea. When Thread Actors hit stuff, they have a pattern of attack or common IPs they use. And what CrowdSec allows you to do is see all these attacks, aggregate the attacks, share them, open source. So they're doing crowd sourcing of all the knowledge. So when an IP starts attacking someone, let's say a WordPress attack, whatever that is, it aggregates all that information. They have two components. One is the listener. The second part is called the bouncer. And the bouncer, as its name may imply, bounces people away. So as this something happens, so someone attacks Tom's website, and if that attack is new, it may not be in CrowdSec's list. So the agent goes, look at all these crazy login attempts hitting my server. And the bouncer goes, yeah, that looks terrible. So let me bounce them because they've hit the login page too many times. They've done something that's in the logs that looks like they're doing an attack, not just viewing the site. And then it flags that IP. Now, flagging the IP once isn't enough. It has to flag over time across multiple hits. And then it ends up in their threat database. And then it sends out a signal to say that IP should be banned in the threat database. And then it blocks the attacks, provided you've configured it that way. That's the important part. The best part about CrowdSec is it's easy to make pretty world graphs out of the logs. Yes, it does have a pretty graphing interface. If you log into their console, it looks neat. So I'll definitely, I'll give them one. I got to revisit it. It's definitely cool. I mean, bouncer logs because that isn't necessarily what shows up in the dashboard. No, I think it all shows up in there. Oh, look, I gotta see. What was the dashboard look like today? 36 scenarios. Drop it in here. I think it's share this tab. Oh, look, log4j is still going out there and hitting my website. Shocker. I don't, it's not a flaw in mine. It's just stuff trying. These are some of the ones that are on mine. Does my bouncer need to be updated? Maybe. I forget where the reports are in here. Yeah. I'll play with it later. Maybe I'll do a new video on it. They have lots of documentation. Read through the docs. They have everything in the documentation. They're actually done a great job on documentation. Instead of where's Tom gonna be, where's Steve gonna be? In the fields of Northwestern, Illinois. Yeah, I was gonna say Steve's going to a town called Lanark. Mm-hmm. Steve's going to visit some friends in the middle of nowhere, corn country. I like it though, because there's no speed limits. You do 90 miles an hour through there. And nobody cares. There's no one around. I didn't see another car for 30 miles. So back to the topic, because I literally just got a message a minute ago from my friends over at Huntress. So these are, I'm gonna do a whole video on this to dive deeper on it. And we have a volley of emails going back and forth because we had a client and there was a threat on a Sunday. And the threat popped up and Huntress analyzed it. Now, this is not a fully managed client. So that's gonna be a big prequel of fire. This is a client who we resell some products to, but we're not like actively engaged in managing everything with this particular client. They have internal IT. So they just have us monitoring some servers and buying Huntress and buying Sentinel-1. So the threat pops up and Huntress, it goes through, because Huntress gives you a log, and it goes through two different analysts at Huntress to do a deep dive into what's going on. Then Huntress says, yep, confirmed. This is bad and alerts us. So after Huntress alerts us, the next step is basically us going into action and saying, hey, Huntress has the option to remediate it, but we want to remediate it yourselves. And actually I called Steve. Steve got on there. Steve got mad really quick because our own security stopped him from doing his job. But that's a different, that's a story for another day. Yeah. So I kind of didn't like that I copied the command line stuff to stop a service. Yeah. Our own suricada flagged Steve doing something because it watched the commands and said, you're trying to execute commands on a computer remotely that was looped through our network. And nonetheless, that was an easy fix. I just bypassed Steve real quick on that. But what was interesting was, well, aggravating, interesting is wrong word. One, we don't exactly know how to file it out there. So there's still that part of the investigation being ongoing, but we reached out to our friends at Sentinel-1 who we have the premium service for. And we want to know why Sentinel-1 didn't flag it. And so that is the current status. Now once now we have back and forth with Sentinel-1 because Sentinel-1 said they didn't see it as suspicious, but their own evidence kind of from the Sentinel-1 discovery tool referred to as deep insights that gives you all the logs of what was going on. Sentinel-1, it looks really suspicious based on your own tools. So we got this little argument right now going that will be made into a full detailed video. But I'm going to be very, very implicit and detailed about how the threat hunting process goes with logs and times and screenshots. So I can kind of, I don't want to, I'm not here to throw Sentinel-1 under a bus. I actually just want to point out this is how hard threat hunting is sometimes. Now what the other interesting part they didn't tell you, Steve, was there was a new form of... Is that what you found out after we talked? Yeah. Well, no, after we talked, what I found out was there's a new bug that was just discovered in IIS. And what does that customer have exposed publicly against our best, against our better judgment and telling them not to do it in an IIS server? So I speculated, and this is where I threw it back to the Huntress team because they're good at threat hunting, I speculated that maybe this new bug found in IIS could have been the source of this file magically appearing. So yeah, because we don't know, and we don't know the mechanism and neither did Sentinel-1, the file just showed up. And the original write-up for this particular malware attack against IIS right now, it actually exploits a flaw in IIS and creates a reverse proxy. Sound familiar? The difference is the publicly disclosed version only creates a reverse proxy in memory. It does not write it out to the drive. But if that same mechanism can be used to exploit IIS, maybe it can be used to write a file out to the drive. So I find it really interesting. So that's kind of the security topic that I was wrestling with today to get that sorted out. I will do a deep dive video on it. And does anyone use it? Oh yeah, it's actually used very much so from people who use it as an RDP broker. Oh yeah. Eric and I did some work last two, three weeks ago with a client who they have a software that uses FTP and IIS. It's just how the software works. And they're like, yeah, I don't like it, but I can't really afford a whole new software for my company. Yeah. So there's a lot of challenges where it's a lot of challenges with it, that's for sure. Companies are deeply embedded in certain products because they've got entire businesses built on it. It sounds great from the outside, rip and replace. That sounds great for my chair. If you're sitting in a CEO seat and that chair comes with all the responsibility of what it costs to do that, not just in product costs, but in user training, you'll know why they leave it so much. Yes, we run Syracout at the office. I seen someone ask that. So yep. Yeah, you want to cost the company a lot of money, change one little process and make it two more clicks and watch people lose their minds. That should do. They're going to have to do their job. Yep. Yep. Hey, Lauren. Apologies, man. Any issues with 23.0 unstable? Heading to the PFC. I love your picture. Yeah, I know. Shwing. We kind of... I think Tom's going to update us to 23.01 Friday night. Friday morning, buddy. I want real fun. Again, I'll be in a car. Steve's like, I'm leaving. You guys can just break everything. I didn't mind when you were there doing it either. I'm like, okay, I'll be on my steam deck if we're down for a couple of hours is what it is. I tend to personally... I always kind of give it a week. But Tom, break it first. Yep. Tom does a lot of the testing. Order some LTS merch a couple of weeks ago. Only a week out now. I can't wait to answer why I have cats on my shirt. Yes. I love the cat ones. I think it has cat six. PFC has got wedged today. Lots of latency. Call quality, have you seen this? Not yet. We haven't really upgraded many of the clients yet for it. We always upgrade ourselves first in all of our lab stuff. So far, I'm doing this on that and I've been doing the release candidate testing for a little while. Oh, and Veronica's right. The IIS frustration to Linux pipeline is very real. Yeah. It's just... Oh boy. I arrive at the office promptly at 9 a.m. That's all right. I get up promptly at 5 a.m. So I'm going to do it first thing in the morning. It actually makes an excuse because I usually have coffee at my house. So I should go down to Big B and get a coffee. I think they open at 5 or 6. So I'm going to get a coffee from Big B and go hang out at the office. I can probably do it remotely without a problem. But yeah. Probably maybe. Just in case. I would push the button before you go to get coffee. Yeah. And maybe by the time I get coffee, it'll be ready. So yeah. Then while you're already out, you can make the determination to have to go home or the office. Exactly. And for my next trick, I have a question for you, Steve. Because... Oh boy. I know. I don't like it. Oh, this is a good one, though. Okay. I just got to find it because it's the post I just did the other day. Where did it go? I have so many posts in my forums. I don't go there enough. It's life. Too much stuff to do. You leave. You stop doing work around the office and hang out in forums and on your computer. I stopped doing work around the office. I go do work around my house. Yeah. There we go. I found the post. Okay. All right. You know I was testing the speed test on the Trinest core and Trinest scale, right? Yeah. So if you see these numbers right here, read speed of 161 and write speed of 289 on a share, am I using a 1 gig or 10 gig adapter? 10 gig. Yeah. At least because that exceeds 1 gig. Exactly. So just on the surface, you can answer that question. Yeah. Do you know how many dumb comments I've gotten on YouTube? You should have at least used a 10 gig connection, Tom. And I'm like... The max for a 1 gig would be 120-ish. Yeah. Like the spicy takes on, I get. There's I think a debate. What about at math? Yeah. You're better at math. That's one of the reasons. But 125 is assuming you could saturate 100% of gigabit, 125 is the max. So anything greater than 125, you are past gigabit. Yep. So let's read this person's spicy take. At least test with a 10 gig or faster, dude. Really? Really? It's clearly... Is this... It's still relevant. Home users rarely have 40 gig. Yeah. It's... But that's still not the core of the argument, guys. I know. Like he's right, but also he's arguing the wrong thing still. Yeah. We're going to downvote this person here. But look at me, people upvote this. Like you're looking at my numbers and telling me I'm not testing with... At least test with a 1 gig, dude. I mean... I'm like... Sometimes a dumb hurts. Well, and it's like somebody just said a lot of people get hung up on at Big B versus Little B, but they also don't understand you multiply at times 8. Like, so 1000 divided by 8 is 125. Therefore, I didn't just make those numbers off. Yeah. But this is... It's actually a lot of my job is this sometimes. I get consulting calls where I want to provide all the internet to these apartments. Okay. What kind of speed do you want to provide? Gigabit. How many apartments are there? A hundred. Okay. You've got to find a hundred gig internet coming in, dude, to segment it out like that. Yeah. Oh, man. It's just so... I don't know. I couldn't... There's YouTube comments as well that have the same spicy take-off I should have been using. So... I don't know. I just thought that was amusing. I'm like, I'm like, Steve's going to spot this because I knew... Steve's done a lot of consulting calls with this exact problem where people can't math. They don't know why their VPN is slow. And you're like, you want a VPN that exceeds the speed of the internet, sir? Well, no, I don't. Well, no, no, you do. This is something you've asked. You just don't really... Yeah, it's... Yeah, I've talked a lot of people back. Like, they think they have some major issue and like, no, you just... You have a math problem. Why is it so slow? You got 30 megabits up. I don't... You need to look at Fiverr. You know, I have a lot of those talks. Yeah. Oh, fun stuff. There we go. Steve typed it out here. B equals bit. Yep. Big B equals byte. Little B is a bit. Big B is a byte. There's eight bits in a byte. Yeah. Veronica nailed it right here. Math is hard. What's real wild is when you get into the... One, another one of my favorites is when it comes to hard drives. A one terabyte hard drive. And everybody's like, well, it's not a full terabyte. You lose some to formatting. And I'm like, that's the big common misconception. You lose some to formatting. I'm like, no, you lose it because humans don't understand. We use a base 10 system and computers don't. They use a 1024 system. 1024 bits in a kilobyte or 1024 bytes in a kilobyte, then 1024 to a megabyte. When you make it human readable, you have all these little numbers that add up to something when you get to that scale. Like I think at a 750 gig hard drive, it's 50 missing. Yeah. It is a flat percentage. But yeah, it's... You have security set up separate land dot two dot... We actually have a whole lot more networks than that. Maybe I'll talk way more. There's too many networks. We finally redid it. We redid it. So there's even more than the last time I talked about how many there are. I mean, it's just a matter of having a lot of different interfaces. I'm not sure what your question is. I will probably... I've got videos talking about how to separate things out of a network. I've got videos talking about how to do a TrueNAS and how to do an XCPNG. It has physical multiple interfaces. So they're separated out physically that way. They don't... In some of them like storage network, for example, you can have some networks that don't even need to be in PF sense at all because I've talked about building storage networks. And if you dig around, I've got an old video where I talked about how to do it. You build a storage land, you create a VLAN for it, but you don't need any DHCP. Yeah, we have an out of hand storage network. Yeah. You just create a VLAN for storage and you implicitly... And you could even put it on another switch. It doesn't even have to be a VLAN on the same. Ours is actually... I think it is a VLAN, but it's also on a physically separate switch, on a separate port, completely out of band. Yep. So you can build them out of band. It's just, you know, because your storage network shouldn't ever be routed and they don't need to be routable at all. So when you build out things like the storage network, just don't even tie them to your firewall. Why? It's not a need. I mean, unless you have some reason to access them, but generally it's usually that you don't. I seen someone ask if we had a favorite two and a half gig card. I don't. I don't like two and a half gig. I go 10. I don't understand people's fascination with two and a half gig. There's driver problems. And in God forbid you go real tech, then you're going to have real problems. So many people have had so many problems with those real tech cards. You don't go real tech at all, ever. Well, there's actually a note in Shurnass Core because they removed the real tech driver because it was corrupting iSCSI. I was like, like, shocker. There's a problem with the real tech card. So that's why I need to tell people to go Intel. But the 10 gig cards, even the Intel 10 gig cards are cheap now. They're, you know, I think it's, I think because it's still cheaper for manufacturers to do, we're starting to see it more just in things. Because it's super rare to find motherboards with 10 gig ethernet ports, but we're starting to see more and more with 2.5 gig ports. Yeah. Yeah. SD-WAN for out of band management? No. I don't understand that. Yeah. I mean, usually SD-WAN solutions are not necessarily out of band management solutions. I'm not understanding the question, probably. What was I going to say here? Okay, I got them all. Hard drive confusion is the fault of marketing departments. Look, do you see this gray hair? This gray hair was there because of the arguments and lawsuits that flew between ViewSonic and a few other monitor makers for the measurements of monitors before all that got changed. Yeah. You got measured diagonally. And then I remember when they started putting on 14-inch monitor, 13.7 viewable. Yeah. So the other box that came in today is now hooked up. I can't say what it is because we can't release information until a couple of weeks from now. I'll tell you about it offline. I think I can, maybe I can share a picture of something. I'll give people a hint. This is a picture of the box that came in. Yeah, I'll send a picture of the box that came in. No, I guess I don't have it. Network related? Nope, storage. Okay. New gear. That's all I needed to know. You know what it is. What leg of everything does it go in? Okay. Here. I'll let the people on the live stream have a sneak peek because I don't think that violates any NDAs because it's not very descriptive. It just covers the who. Yeah. It's hard drives. I'm pretty sure hard drives aren't. I'm sure IX system didn't make hard drives in there. Those are not covered. And we're recent. We actually have a lot of those boxes come through. Sorry. Like for your management campus goes down. Like do you have an LTE for it? Not really. No. We have a, it's always weird. I see a lot of people who want to go LTE for their failover. And I'm like, I think we're spoiled because we're in an area where we have multiple ISPs. Yeah. Um, because my answer is why don't you just get two different providers? So we have a lot of clients now who are their fiber for their primary with a copper coax for the back. Yeah. There's, it's not of, we don't have that need for that out of band management. Like that to buy an actual LTE. LTE is just, it's rare. We have a, I mean, one customer who has Starlink, don't we? We have a couple. We actually have a customer who, I think they're, are they in, I think they're in Indiana. Same thing. They are like 40 miles out of a major city, so middle of nowhere. And their only options are Starlink and the Wisp that the county has. Yeah. So, and I think the Starlink is actually their failover because the Wisp is better. Yeah. So that, that's a challenge. If you're in a rural area, that's probably all you can do. Yeah. We've had people in, you know, the mountains in Colorado where they have DSL and that's their primary. And then they're like, yeah, I'm getting Starlink for a backup. Yeah. I mean, here, me and Steve, even at the office, yeah, remember, we have three fibers available at our office right now, three fiber options, and two cable internet providers. Michigan's weird. We have actually, we probably could get four fiber. Who do we have? We have AT&T. AT&T, wow, has fiber on the building. Comcast could do it. Comcast. One, two, three net. And one, two, three net. Okay, four. So we got four fiber options. Then we have two coax options, which would be Comcast and Wow. Then we have AT&T, who, whatever it is they offer, U-Verse DSL, who knows. Yeah. We've used some Pan do it in the past. You know, they're nice. But I mean, I don't know. I think people get really hung up on some of the more expensive ones. And yeah, it's aluminum. It stands there. It has screw holes. Yeah, people really get hung up on that. I seen someone else asked if I had an opinion on NextCloud. NextCloud's a really popular service. So yes, it's nice. Do I use it commercially? No, because it's impractical. But for a home user, yeah, if you were looking for a nice private place to keep all your data, I think NextCloud is a great place to do that. It has great sharing and editing and all kinds of cool features. I just don't use it commercially because it's impractical for us to manage it for clients. It's cheaper for them. The problem comes with a lot of these tools. It comes out of scalability. You know, how easy is it to use? How does it scale to a larger company, for example? And who's going to pay to manage it? And you can't just set it and forget it because that's how we end up with bigger security problems. Yeah. And that being said, it's cheaper to give them, even if it is Microsoft's X dollars per month, which keeps getting to be a higher number, that's still cheaper than what I'm going to charge you to keep maintaining and updating it. It just doesn't scale very well. Now, if you buy it directly from NextCloud, it's reasonable. They sell hosting services to NextCloud. They'll maintain it for you. But then people go back to, but I want it for free. And we know which client always wants it for free. We had to have a discussion about is NextCloud is actually a good solution for all of his woes, other than we ain't going to maintain that NextCloud form either, not for the price he wants, so low, low price and nothing. So Travis brought up the cost of symmetrical fiber. And actually something WoW started doing is they offer fiber that's not asymmetrical now. You know what they call it, but they'll give you like gigabit down 200 up. So you still get that high upload more than most people really need, but it's way more affordable. Like as opposed to the hundreds to, you know, thousands of dollars you'd normally pay for bi-directional gigabit, you're talking in the 2,300 range. I did not know there was a V2 of Rackstuds, but if someone wants to tag, here, do us a favor, because this is how Rackstuds will mail me things. Go tag our torture test video at Rackstuds Twitter, or maybe I'll do this later if I remember, or message them and say, hey, this guy tested them. You should send them like two bags of the V2 ones and see if they send them. Rackstuds has never reached out to me. They randomly mailed those two bags we have, Steve. I don't remember even getting an email from them. Did they email? I thought you ordered the second bag. No, maybe I did. At least one bag family sent us one, but I'll bring the weight plates in and we'll break some more. Yeah, we'll break some more of them. I will say my only complaint with them is when you had something non-for post and really heavy, so it kind of had that pull on it. After a while, the plastics would kind of start getting stuck and they were really hard to get off. Is it possible in the US to get two fibres having two physical routes? Yes, depending on where you're at. I mean, when you're building out data centers, I used to have a client that did this. They had two different ends of the building where the fiber came in from two different providers, but they paid for it. So could I get it in my office? Oh, no, no. There's coming in from a different poll at my office is going to be stupid expensive. But if you purpose build a place, you're building a data center, that might be a feature you consider as part of your location. Is that available or how much is it going to cost you to build it out? So it's possible to be done. Yes. Level three or no, one, two, three net. One, two, three net has an interesting option because if you buy fiber from them, there's that big tall building behind us and they'll beam us the second connection for a backup. And I just I was responding to that too. I just did one for a client. He bought like Verizon AT&T have them. They're like the little cellular hotspots. They have an ethernet cable and he just plugged it into the WAN2 port of his P.F. Sense. Yeah, I do have XO and IPMI in the same network. I don't. Maybe you make a video and show it on stream when you have time. We don't have them. They're on separate networks. XO and the IPMI are on separate networks. Any idea how to convince someone who is caught up on using Cisco iOS to switch your P.F. Sense? No. Causally. I mean the diehard Cisco people are the diehard Cisco people. I don't it's it's a battle. I don't fight. It's a hill I'm not dying on. Yeah, I just like and I got to admit that I mean some people are just so dead like they love Cisco. Then that's it. I'm I'm not here and I'm not here to sell people. I this is the same reason people when I get comments so I'm convinced me to use this instead of that. And I'm like why I'm not here to convince you. I'm here to give you information. I'm not here to tell you what to do. Don't listen to me if you don't want to. I just create data points. Here's all the data points for true NAS scale and true NAS core. Pick which one you want. I'm not here to tell you you have to use one or the other. It's the same thing with when it comes to the firewall. People said Tom open sensor P.F. Sense and even at the end of that video I said just use some common sense. All right. I remember that. Yeah. So nonetheless that's yeah. Fun stuff. Use common sense. Can you use true NAS to back up an unraised server? I have no idea because I've never used unraid. I don't plan to use unraid. I don't think unraid is a bad product. I do think unraid is not the product for me. That's the best way I can describe it. I think unraid became popular when Linus used it and they've maintained a level of popularity from Linus but not many other YouTube channels. I think bite my bits and what's that other guy? Space Invader 1. Those are the only two people I can think of that still do videos on unraid. It is one of those problems for a while. What was those guys name? The long haired dude that does the hardware computer reviews. Gamers Nexus. Like he used it for a while but after some point there's a video of him in Wendell. They swapped it all. I think they all use true NAS now. It's kind of like a maturing thing because unraid does not have I know someone told me they're getting ZFS in the future but because it's not ZFS based it doesn't have the resiliency that you get from using a ZFS system to store large volumes of data. I think it's where a lot to these people who like Gamers Nexus as an example they started like hey we're going to make a YouTube channel and then as they grew big as a company doing all the things that they did they realized the limitations of some of the stuff they were building it on. So I don't think unraid is a terrible product but I don't see I don't ever plan to use it. So I can't answer the question. I can just rant about it. Yeah Linus Linus moved away from unraid a while ago he's been using true NAS for a long time he may not have done videos about it so recently but I can tell you he's been using it for a long time. I consider unraid because of the different drive yeah this is people do like unraid for that reason you can hodge podge strife together at any moment and just stick more in there and make more raid. Like the synologies taking a CCA course just right now here at iOS isn't that fun? Yep. You know I actually studied all that stuff I didn't mind it I never went through and got my CCNA because I'm like oh it's five and three years I ain't getting that till I have a need for it. Yep never need it. How many years ago was that Steve you took those? How long was this talk about like 10 years ago? It's been at least 10 years. I think the I think going through those classes for me it was kind of whatever I was there. I think it taught a lot of core networking stuff that was incredibly useful and I would recommend at least you know if looking at and going through because it still blew my mind the amount of people who didn't understand how to count IP addresses between subnets and conversions to Hex and stuff like that. Tom just left me. Did you answer the best way to back up a NAS server? Oh no I was still talking about the Cisco thing. Did you tell me to answer that? I'm no. Oh no no. Copy to another NAS. I am. Oh the best way to back up a NAS to another NAS or online. That's a that's a philosophical question. Just back it all up to another NAS or to the cloud. Yeah. You have the storage VLAN on the switch but if I have only one XCPNG server and one storage NAS server is direct connect to each different? No. Yeah I don't understand the question. He's asking if he only we have a switch because we have two XCPNGs and multiple storage servers. He wants the one to one it so you could direct connect them. Yeah. You don't need a switch just direct connect them. Yep. You can I mean I think I can't remember if I've ever done a video about direct connecting them. It's not hard to do it. One time we had it set up that's why I feel like I did a video on it. You can like if you have 10 gig you can take two 10 gig DAC cables plug them in and set static IP on them and just direct connect the two devices together. It's good enough for home lab stuff. It's not something I'd recommend in production. Something I'll mention here too because Steve mentioned what the Cisco stuff you are talking to two very experienced networking engineers to do global consulting on this stuff who neither one of us have a single certification. He's anyone's ever wondering. I was just responding to Max because he talked about I love subnetting conversions and hate it with a passion. I was the odd one out who could just do them in my head. Like I could just count them out and run with it. Yeah. It really comes down. Once you get the experience it suddenly doesn't matter. And especially if you're in the cyber security world you'll find it matters even less. One of the you look at some of the top security researchers like Geohot. Geohot is just world renowned for some of the stuff he's done. George Hott's. And I don't think George Hott's had. I don't know if he has any certifications like Tavis Armady one of the best security threat hunters out there. He's one of the top researchers at Google's Project Zero. I don't think he's old enough to have certifications. I see now I don't know exactly what he is but he looks pretty young. And it just comes down to if you're good at it if you're experienced at it and once you get an in at a place. Yeah. Well I don't think people who are using Direct Connect are worried about our DMA. I'm gonna throw that out there. They're just trying to get the two boxes to talk to each other. So XCPNG anything like VMware or NSX. Yeah I mean it's XCPNG is very similar to VMware. And I have a video where I compare the two. I've been seeing VMware's corporate and has more things it can do. But that's not the point. And I brought this up to a lot of people when they say it doesn't do everything. You know this product you recommend can't do everything this other product can do that you're comparing it to. I'm like well no it it can do the things that the business needs it to do. I don't care if it has a bunch of features that aren't needed that the client will ever use. That's not relevant anymore. Matter of fact why is VMware in the news so much lately? That's because VMware came up with this what is it called? They rolled their own discovery protocol and turned it on by default. And my understanding at least is not everybody uses this particular feature but somehow they publicly exposed it and this is what led to all these VMware boxes being popped. It's a feature that I understood correctly from the write-up. It's not even very popular for use case. So I don't get it. Good chunk of admins we work for don't understand much anything about regarding IP subnet speed lands or basic routing. I just responded to that one. Somebody asked me what I do and I'm like I make things talk to each other. That's it. How do you know if your PF sense is blocking something like trying to find IPMI old Supermicro motherboard you can't locate it? If it's on the same subnet your PF sense has nothing to do with it. I would put money on it's probably static and you're not sure what networks it's on because that would also explain why you don't know the ARP request. If you want to cheat and find it you have a Unify switch you could try plugging that in and then at least figure out the IP when it tries to reach out to it. Yeah. Do you recommend great login production? Yeah. So I want to do a video about this and maybe I'll do a talk about this as well at MSP GeekCon and maybe they'll listen to me. We use a lot of open source but I'm not this Yahoo Cowboy IT using any random open source project. When we choose a project or I mention a project and I talk about any commercial usage of it I talk about having support contracts such as XCPNG. You can get full support contracts TrueNAS. Yes, it's open source. Yes, we're an IAC systems reseller who sells five-year guaranteed response time SLA agreements that are covered by TrueNAS for support on these products and Greylog is a company that makes a great product but also has a full support contract. So what I recommend using it without the support contract for mission critical business if you're really good at Greylog maybe you can get away with it. I probably recommend buying some support from Greylog. You can even buy implementation from Greylog to get it set up. So I would recommend it for production. It's definitely a very high quality product. It does offer support. So if you're considering it and the fact that you're asking tells me you're not really familiar with Greylog so reach out to their support team. They even have paid add-on threat hunting packages you can do with Greylog. It's pretty slick. One day I'll do a video on those. Let's see. I think search are stupid and experience shows far more. Yes. No. I'm not. There's a lot of debate about this. I've covered it in a video topic before. It's easy to hate on it but it's getting better. And it's getting better because as the market matures we're getting better at having better tests. God when I started the tests were terrible and we used to call the people paper MCSEs. They were my favorite idiots. So I remember when the A plus when I looked at taking it they were still talking about ISA slots. I'm like no. If it has that it needs to go away. Yeah I don't. So this person's really hung up on these questions. So you guys have Ryzen Lambert but also Ryzen and Ryzen 2 but only have two physical servers. No we don't. How do you have three hosts with two physical servers? It's because we got three. I don't. This person's been watching my videos. These are three hosts with three separate IP addresses. They are physically three boxes as well. Excuse me I gotta pick up some. So they are three boxes. Steve can attest to that. He'll vouch for me on that. I built two of them. Steve built two of them. I built one of them. So I built two production ones. Yep. And I'm the one who picked out all the parts specced it out ran in bottom. So they are. They're in third physical. Two of them are in the same rack. One is in a visit. You know what? I wonder if maybe you did a video where you showed the production rack. They are in separate racks. So there are only two in the production rack. The lab one is in the other rack. The open air rack. That's probably the confusing part. Yeah. I have a picture. Technically we have four because we or did we get rid of the other XEP or the other Ryzen box. We got rid of them. Well we was actually loaded with TrueNAS now. That's what we did the TrueNAS thing on. So they are correct. There are only two boxes in here. The third one's in the other rack. So that this is we have a someone who's been following my channel to ask all these questions. With a 40 40 no 25 gig the potential for 40 down the road. But 25 gig OM5 fiber run between them. Yep. Yes. Fun stuff. Should we ask Eric if he wants to join in the fun? Sure. He left mumble. I don't know what he's doing. Okay. I don't know. He said he was out of here. He's probably done. He was on a booking call and then I don't know. That was I think four to five and then. You've never talked about powering the production of homelab racks and redundant power say oh. So there are actually some pretty cool ways to do that. Yeah. So there are as we as most of you know Unify makes their weird or they call it arty s or whatever redundant power supply whatever their stupid boxes that can't turn your switch back on if the power supply dies. Cisco and them have a lot of switches that have redundant power supplies. But I can't think of the guy's name now. The guy who we get the lithium ion battery backups from. Oh yeah. I forgot. We did a video on UPS's together. They have these switches that you can take a single plug into your switch and have to power feeds into it. Yeah. That way if you didn't buy the expensive extra three four hundred dollars for the device to do that. They make a thing to do that for you. So right now are both of our racks run off of some heavy duty lithium ion battery backups. So if we lose power they're going to keep going for a little bit. And then when you get to like the big production level we had a couple clients asking about these where they want I think they're called like ATS switches or something. And you can then take two power feeds in and power one of your switches or one for your UPS's. So you can bring like because the way theirs were designed they had two rails so two separate circuits and they can bring one circuit down to fix something while this one stays up and then reverse. Yeah. There's the power transfer switches. We got to do I still have the little tester and it's really cool too that's sitting on Travis's desk. Oh yeah. The one we it's the same as the kilowatt basically. It's fancier I like it better. I think it has memory storage like you can remember. Yeah. What you told it. And we just we have racks in his house. Yes. Yes. Of course Steve has racks. All right. Do I lift the camera to show it? Yeah it doesn't matter. The people just want to know they want to know if you know you have a rack because of course you do. You all have a rack. I have a weird custom rack it's actually made out of an IKEA shelf and open rack rails that have been cut down and fitted to it. Yes. Yep. See he's also got a punching bag. And also evening Cody. So how you doing man? How's those Unify updates going? Cody Cody's the Unify guy. He's got a lot of videos on the topic. He's he's he cranks them out man. He's I can really relate to him because he's like me. Really obsessive about all the videos. Racks by a carpenter. Actually yes. Yeah Steve is a carpenter. Steve helped build some of this studio in here. I did the framing in for the walls and yeah. Oh yeah I meant to ask you. I think we can get away with a the pin spacing might be close enough we can test it. We might be able to get away on that with a they make a USB 3.0 right angle conversion. Yes I found the same thing. Okay and then there's another company but we'd have to get it from basically them because they don't have it like an Amazon or anything that makes little right angle ones. Yeah this is our current pile of dumb we're dealing with right here. So hold on let me make sure I'm not disclosing anything if I share. All right I can share these photos. Let's say as long as you don't. Yeah but basically what we're dealing with here is our epic system which I'll throw this back up on the screen. We're building an epic system and we found kind of a flaw right away which was we didn't notice it until we put the board in we're like oh boy they're down here so we have to figure out how to how to get that working properly. That's going to be bend the pins up that's definitely on the thoughts there now. But the problem is looking at last night that is. That's not an easy that's not a yeah it's not it sounds it sounds easy it's definitely not. So they need to get 3.0 out yeah I also seen you did a couple grand stream videos so that's interesting you and Willie now are the grand stream people. People keep asking me about grand stream I don't know I I'm not that excited about it so Willie likes it as they ask Willie about it that's been my general answer for people asking that question. Get yourself a solder suck and replace those rating old pins the straight up ones. I could actually do that. Actually Steve if you I actually if you want to go crazy if you dremel off the plastic. Yeah you don't have to dremel the plastic off it slides off. Oh does it. I know I had to push it back last night because I butted it up against the edge I'm like oh that's got to go back. Oh it will slide. Well that makes it easy then that's I didn't know it's slid. It slides. Well if the plastic slides. You think take it off and see if the pins sit on more and we just put it in and then put the board in. Well no I mean well what two actually two answers here let in here. There's two options if the plastic slides on it. Yeah those come off. Oh you could slide the plastic off and trim them back that's like a no brainer and then you have enough room for it to work. Well you're not gonna not really because you're not trimming much off that bottom one. No they can still slide in sideways. It doesn't need much it only needs like a millimeter and I that it needs the distance that that plastic piece is. So I think that would work. I don't know it's an interesting problem for sure. Yeah I mean. Now that I know that they'll slide off I think that's an easy solution. Yeah I knew they when you first showed me the picture I assumed they slid off. I just didn't try I mean but if you were with a screwdriver. That would give us the distance I need to slide the little things over it so. You know you think just take it off and try to slide them on as is. That might even work. My eyes are deep enough. The only downside is you got to pull the board out do it and then put the board back in. Yeah I know. If you can't I tried. Yeah I know. But it will about fit that way. I also thought about just taking my knuckle and pushing on the side of the case and seeing if I could bend it out that millimeter. Because this is for a group of engineers I thought about do they even care if we trim that part of the case out because of this isn't going in a rack. Going in a. A vehicle. Box. Yeah trunk. So. You know even if you didn't desolder if you pulled out the plastic the pins could easily be redirected up. I don't know. I'm always leery of that just because. They're covered. You break it at the board that's a hot mess to fix. They're copper. I know they're copper. How much was that board that we're messing with here. Four or five hundred dollars. Okay. Yeah. It's not too bad. Way less than the processor. Yeah. Yeah. Yeah I could actually desolder those and redo them. That's actually in my wheel house. Pretty easy. We like the Slim's Cat 6 cables. They're fine. I don't have any problems at all. Yeah the flat ones are awful. The flat ones that's a different story. I've talked about that many times man. Don't use the flat ones. They're garbage. Moldy popcorn sounds disgusting. I don't know. I never know what to charge. Yeah. Let's see. Here's another thing question someone does email then. Do you have any recommendations for a smart card solution for Windows environments primarily used for pin plus card login for workstations and small medical practice with an on-premise AD setup? Besides YubiKey no. And I think there's a Windows login set up for YubiKey. We just don't have that many people that use that. But YubiKey is probably the only one I can think of that is a trustworthy affordable one. I think smart card stuff is just less popular. Like we use we have some clients using Duo and things like that because the problem is people lose little things. They don't lose their phones as often. Except for that one person. Were you? Yes. You remember that person that was angry at me for not allowing you to bypass? We had a client who had Duo for remote desktop. They forgot their phone. Forgot their phone called in. Well can you just turn it off for today? No go get your phone was Tom's answer. But that's like an hour drive. And yeah. I didn't particularly like the person either. Their attitude was terrible and it was because they're not it's indirectly. We just managed a server and this person called us directly all Huffy Puffy. They're supposed to call the person who we managed a server for first but they did not. They're not directly my client and we just do this. We were just doing the security monitoring and hosting part of it. It's a client I'm happy is gone. We didn't want them. They threaten to leave. We said great. Don't let the door hit you in the butt buddy. They stayed for a few more years and then finally left when somebody gave me a deal. Yeah. They threatened to leave so many times and we kept going please. Please. The weird part was the other IT people thought it was going to be like a hostile takeover and I'm over here like no come get the server out my rack. I don't want it here. Yeah. We'd love it to go away. How soon can you take it. I was actively calling them. Hey you need to come get this thing. Yeah. How do people not realize they forgot their phone. I don't know. How do people not realize we when we did more customer facing stuff. We had people come in and not realizing what store they dropped their computer off at. Yeah. Exactly. I agree with this. The smart card starts to hassle. I don't really see it often anymore. So I don't know. And you know the reality is if you look at the threat landscape like the term we used earlier it would have smart card have prevented half the attacks that we see or 80% of the attacks are night. Even let's go smaller would have protected 10%. No. They're not that type of attack. Most of the problem is the user has privileges. They click the thing in an email. They were logged in already. It's not the smart card that was the problem. It wasn't that someone got their login. It's that they click the thing when they were logged in. That's pretty much how attacks happen. Either a externally because you didn't patch something and they got in remotely or B it's B it's them clicking something while they're doing it. I don't know. Oh. Okay. That's got a message. Nonetheless. All right. I never leave anywhere without my phone. So I used to have a magnet on my phone that would stick it to the fridge and forget it around the house. I'm not attached to mine. Yep. What are your thoughts on PF Sense Community Edition compared to PF Sense Plus? Go with PF Sense Plus. I mean it's free. It's free for home users. It's free for lab use. If you want to buy support, they have an option for it to buy support. So why not use it? I don't really... I've done a video comparing it already. So that part's like that's done. Like I did the video. Oh, let me find the few extra features and it's free. You should just do it. Yeah. So I don't see a reason not to share this tab. You should be doing it for like the backup function alone. So home, no charge, no charge, tack light. I think they have a blog post that in the future... Yeah, here it is. It's just right here. In the future, they're going to offer a tack light for $1.29 a year in the future. But your home stuff is $0. They want to offer it for free. So... They want you using this at home. They want you learning it. Yeah. Because if you use it at home, you're going to want it in a business. Yep. The one feature, the one killer feature to use it for... Let me pull it out. Where's it at? I'll pull it up in mine because I got to rename something. But the one reason you want to use it, and I commented in my last video talking about this, is look at Tom and all the things he's doing with boot environments because it makes it so easy just to roll back to other versions. Like boot environments is the biggest reason to do it. The medical practice is complaining about constantly logging in, specifically for workstations that are in exam rooms. Uh, Windows Hello is supposed to solve some of that, but I don't know if you can use it in a medical environment. I don't know what the rules are for that. Oh, I don't think we have any people using Windows Hello. I don't think we have anybody using Windows Hello. You familiar with it, Steve? Yeah. It's a weird... It's a one-off thing that Microsoft introduced. Yeah. I call it one-off because if you don't see it... No, it's... Logins are inconvenient, but so is losing patient records. So I don't know the happy answer to that because if you gave them a smart card to log in, then they lose a smart card and you don't know where it is and you find out someone swiped it somewhere down the hall, do you have a breach or not? Now you have a bigger problem that you have to do reporting on it. So I don't know that it... It just pushes the can down the road for the problem. I don't know that it truly solves it or do you... You know, is medical places have to... Because if you don't know who accessed it, you... This is that weird line because I was talking to my friends about this. And once it gets all done, he'll... He may come on a channel to talk about what's like working in an environment of this tight, publicly disclosed, publicly traded company that he works for doing cybersecurity is even when nothing was lost, at the thought that something was lost, you have to follow proper SEC disclosure because you're not sure how or what was exactly accessed. So you kind of have to do it. So if you lost it, you know someone logged in, but you don't know what they looked at of anything. It could have been some curious person who swiped the card and they left that workstation unlocked and people in a public space had access to it. You should be doing a disclosure, but it's kind of a fuzzy thing of did anyone really take anything? We don't know, but man, what a mess that becomes. We had this debate last time. What is TACLITE? I forgot what it stands for. It's an acronym for their support. I never knew what it said for. Yeah, it's on their thing. Somewhere on there, it says what TAC stands for. I just thought I thought it was our former client. No, no, no, that's a dead, that should do. TAC, what's this? Somewhere in here, the very old Nike subscription, the abbreviated TAC, but I forget what it stands for. I don't know. It's a Custer thing, but nonetheless, yeah, the TAC thing, are you sorry I got distracted when someone messaged me? You'll be distracted too, Steve, because I'm going to message you what just was sent to me. Okay. What are you sending it in? I'll throw it in signal. Oh, okay. It tells me where I got to look. That's all I'm... Yeah, it's from Frank. Like... Bill or Frank? Okay. There you go. I copied and pasted it to you. All right. Sorry. Technical Assistance Center. So someone's figured it out for us. Okay. Yeah. He's not wrong. Frank's not wrong? Technically not. Okay. All right. That's tomorrow's problem. Yep. Have you ever used Next DNS or similar DNS service that has native ad blocking? I haven't used Next DNS. I recommend Quad 9, but Quad 9 is not... I'll play with malicious and porn blocking. Yes, but they don't have the ad blocking. And Next DNS offers ad blocking. You know, honestly, and I think Steve will probably back P.F. on this, you block origin. You block origin. I like it better than P.F. Blocker, sorry. Because there are certain things you can't block still with P.F. Blocker because they put it on the same server versus you block origin is in the browser and says, I don't think you need that little sub window on your YouTube video, even though it comes from the same place. Yeah. So I don't really have an easy answer on, you okay? Miles was asking about the prank. Apparently, Frank came in. So... Yeah, I figured. Yeah. Silliness. Nonetheless, sorry. Sorry for the distraction. We have office drama. I feel bad about it. So I forgot about it until you sent that message. That was a conversation. Yep. Because he hated the neighbor because she had him. Yep. Ah, stupid. All right. Let's see. What are the oldest hard drives you guys run? I've had some go seven, eight years. I got some WD blacks that were in a server at a school that's long since been closed that had seven years of runtime on them and I used them for another two. Yeah. You know, I was going to do a video about the drives you retired because this year, early this year, no wait, late last year, December. In December, I retired drives that we started using at the very beginning of 2015. So they had like seven years of on-time hours. I have those two HGSTs. Yeah, I actually still have the drives. God, they're loud. Yeah. They just, I can lay in my room and hear them banging away in the nass. Yeah. So nonetheless, the You might hear them now. I don't know why they there'd be talking about them. Yep. Uh, oh. Love that shirt. I have tried to find one seemingly nowhere to find. That was such a random thing. They sent it to us. They did have a couple other ones. Yeah. There, I think I don't cycle my shirts out enough to tell they're pretty worn. I think I have some more in my office. How long should you let spare drives sit on a shelf? I mean, If they're not spinning logically. They'll last forever. That. They're, they're mechanical things. Usually what goes are the heads or the motor. Right. So yeah, it's usually not an issue, just them sitting on a shelf. And usually, like if from a client standpoint, if you buy extra drives for a client or even, you know, here's an example we did in our office. We retired some of the old servers. I had some hot spares in a box. And we threw the box out with the hot spares because the stuff got old. Like it wasn't very, I mean, throw it out, throw it out. I actually gave it to a friend who could use it. That's where the big ugly server went. I had a friend who was so stoked to get that. So he ended up getting it. I gave him the spares that we never used. Remember the small spares? Remember that hold the bottle with eBay? So they usually, and this is not uncommon, even in the corporate settings, companies may buy a certain number of spares, but when they recycle out the hardware, they'll cycle out the spares with it. They don't, the spares aren't bad at all. It's actually one of the reasons you have companies that have so much good, almost an unused hardware that you'll find on eBay or secondary sellers like that. Remember years ago, we got those servers that were at Sears and never plugged in or turned on. They were spares. Oh, you wish the permissions were easier. The permissions are a little confusing, especially, especially in true NAS scale. Oh my gosh. I need to do a video on this, an updated permissions video per scale, because there's a bug that's really annoying. It should tell you and warn you about the silliness going on here. Yeah, I think I can do it with this one. If we go here, let me edit the dataset. Actually, advanced. Okay, down here at the bottom, it says ACL mode, POSIX, and then we can change it to ACL mode, SMB or off. So we'll leave it at POSIX. I'm not going to save this setting because I want to show you what the differences are when you build these out. So if we're going to go ahead and edit this, test two, we're going to edit the permissions, which are POSIX. Then we're going to set ACLs. It option is a preset. Sure, we could try a preset if we wanted. POSIX open, POSIX restricted. It recognizes POSIX. But look at the way the menu works on this. See how it's got the object, read, execute, execute, and maybe you want to add Tom on here. And then we want to add an item and we want to set the items. Maybe we want to use a user here, user Tom. But what we've done now is start breaking things. So if I hit add another item, then access one out. Let me see if it'll actually do it. Nope, because I don't have any permissions. See if I can save access control list. Okay, this time it worked. But that menu is what I want you to consider. It's hard to do is I can't do it side by side. So I'm preparing to set. Okay, this is it did. Okay, did what I wanted to it failed. But here's this menu looks kind of strange and it doesn't seem to have the right object stuff. Matter of fact, when I click on stuff, it keeps telling me Ace. It says Ace, not ACL. I don't know why, but it says Ace has errors. Let's go back over to our data sets. Let's look at my video one. Now the difference here is this data set is set to advanced options. This is properly set to an ACL type SMB. All right, so what does the permissions look like? It should be the same menu, right? That would make sense. No, the menu system looks different. You actually have slightly different boxes. You have different options. You have different items you can add. You have these. This has caused people a lot of drama. If they didn't know to set the data set to a certain ACL type, they can't figure out why their ACLs can't work. And there's no error message other than it doesn't work when you try to do it. I get why people want... They've just had so many like UI element things that could be solved by telling you, like, hey, by the way, when you set permissions, make sure you set the data set type. Or, hey, while we're here, why don't we set the data set type for you so you can get the permissions added that you're clearly trying to do? So it's kind of an annoying problem. Ace has data rot on drives being stored. That is a completely different topic. It's not a spare drive if it's a stored drive. If you have data on it, it's not a spare. It's just a drive you have it on there. The only way to stop data rot, keep the drive spinning on a ZFS pool. If you do that, the drives... ZFS has correction. If there's any... And it's doing... Because you have it across many drives, it's doing correction across these many drives. You can't do data correction if you only have it on one drive because what are you referencing against? So that's a problem. It's just one of those things, like you need to understand how the bit rot works. So you lose a couple of bits out of one large contiguous file. You need to be able to reference that in some way. The way you reference it is the parity that's spread across other drives. That's how Linus lost data. He wasn't doing these ZFS scrubs. This is how he goofed it up with TrueNAS. The ACL should be redone from the mount up. Yeah, we'll go with that. Does TrueNAS have an available repo with the open source software? I couldn't find it. Where do you download? They have a GitHub. It's not in a repo, but they do have a GitHub where you can get all the source code from. I don't think they give you a manifest on how to build it, but they do have the source code. Permission seems to overload with users to any options, but not nearly enough explanations. Your documentation is also out of date and doesn't line up a blueprint. You are correct. Because I know there's another update coming soon, I've been holding off because they've been doing so many element changes. If I did a video on it, the video becomes dated really quick. So I'm just keeping up with how the permissions work. So when I feel like they've become interface stable, I'll do it and go from there. Then it might be a question for them. I don't keep up. I know they gather their source code posted somewhere. I just don't know where it all is. They probably have their own private repos. They sync to it later. I don't know. That's a churnass question, not a Tom question. I don't rebuild it from source and because it is the same problem with PF Sense. PF Sense doesn't give you the build manifest, like all the details of how to build the software from source. Like they have the source code out there for Community Edition. They don't give you the manifest of exactly how to build it. So that's like you can go through, you can see what's in there, but are you getting the exact parameters of the build? No, the way and the process by which they spin and build it is not documented publicly, to my knowledge. Oh, let's see. Well, I'm going to go grab a drink, Steve. You want to entertain the people here? Yeah, I was just running through questions. I feel like I got to answer all of them, man. I know. That's what I try to do. We try to answer all the questions here. We're not big enough. We're not the man show. We let the stuff to scroll through because we can't cover it. I mean, I get it with them that they can't, but that's life. I'll be right back. Yep. Yeah, there was nothing wrong with the drives. It was just I retired that box. In fact, it's like sitting down there. It was an old ProLiant server that I had a WD Black as a boot drive and it ran two WD Reds for my storage. And then off the WD Black, it ran my game servers. I replaced it when I got my five base analogy because that has much bigger drives. And then I have a faster server just for running my game servers now that just has a 480 SSD. No hardware raid is still... I wouldn't use hardware raid in the old days when you had the Nvidia chipsets on boards that you would build it with, but it's still largely used in Dell servers. So when you get a Dell server with the actual card, we usually tend to let the Dell server do the raid. And then we go from there. Don't use Toshiba drives. I just saw... I don't even know what Toshiba drives is. You're referencing Toshiba drives. Just don't. The running gag used to be when we were customer facing. Toshiba would make a nicer laptop if they'd stopped using their own drives. I'm using whatever case you really want as long as if it's a full ATX. I'm using that level 20 MT. I like it because it has lights and extra fans. Really, whatever fits a full ATX. If you want to change the heat sink that's on it from the one I was using, I had to use one that had, I believe, a 92 millimeter fan. You should be able to get cases, stand-up cases that are a bit wider and you can fit like a Hyper 212 with the 120 mil fan on. They're pushing the... The Boss cards only cover you for boot drives because you can only do the two drives and they're the usually... I think one client, I think there's a little NDMEs that slid in the back of one of the servers we got, but they're still doing a hardware raid for, hey, I need somewhere to put large amounts of data. No. We need large amounts of data. I like big data and I cannot lie. I had something on my mind I was going to say and it just completely fall out of my head. Toshiba drives. I remember the Toshiba drives I had. Yeah, I remember I said, don't get Toshiba drives and then we kept replacing Toshiba drives. Yeah, I didn't even know what the context was. Somebody said I already answered. I already answered most of this. Okay, go. It was rapid fire question around while you were gone. Absolutely. Whatever your time is worth. Yeah. How should I code camera installs? It comes down to what you're doing. What we started doing for a while with our previous wiring contractor, it was a flat price. It was a camera, the line drop for the camera, time spent mounting and pointing the camera. He didn't really have to do the programming of the camera though. So, and we would just price it out as it's X per camera because we know it takes this much time to point it and mount it, this much for a data drop and this much for the camera. And it made it much easier for the customer to digest because now they're not nitpicking like, oh, you upcharged me 20 bucks for the camera. Your drops are how much? It's this much per camera. You take it or leave it. Yeah. Oh, the video I'm working on because some comments have been coming up because this question is one of the things I can keep redoing the video every year. I kind of like this, right? The debate of Synology versus TrueNAS and that's been kind of a fun one because of the debate topic. There's so much more to it. So, I started putting together an entire write-up of, I went detailed on this for all the features and little, and I have so many more videos now. So, for each feature, I have a video you can watch for all the ones I have videos for, I should say, of what that feature may look like on TrueNAS or what that feature may look like on Synology so you can better understand it. So, now I'm going to do a really in-depth review that is going to be not too long because I'm going to link to the other videos if you want to dive into how Synology active backup works, how Synology snapshots work, how Synology replication works. I have separate videos on those things and I have separate videos for some of the TrueNAS features that are compared with it. So, this is the problem with products, especially with the complexity of NAS products. If you ask the question of can it do this, the answer may be yes, but how it does that is very different on the two platforms. The two long didn't watch for this video and I'm going to throw this at the beginning. Synology is just damn easy to use. Synology is simple, Synology is easy. You click a package, the package installs and it sets up. TrueNAS scale is not easy and that's one of the things I'm going to have, like I have a video on how to set up apps and scale and if you go, that looks complicated, yes, compared to the way you set up and happen Synology, it's extremely complicated. So, yeah, definitely a topic that's coming up soon because there's so many more features both of the boxes do now. What boxes? I drifted out answering questions. Yeah, TrueNAS scale, TrueNAS for Synology. Yeah, gotcha. Big differences between them. I mean, Synology is so turnkey for stuff. It's just like click and go. It really is and the amount of functions that it has, I think that's what really sets it apart. And how easy it is to use, I mean, it's just you click the thing and go and it just starts working like freaking magic. Because people also, the either or question I kind of get because my answer is why not both? But the active backup for business that I'm using and things like that just works so well. I back up my studio computer, I back up my gaming computer, let's say 216. Yeah, so it backed up today. It's so smooth and works so well. It's a hard comparison to make. It's like, oh, well, if you want to load in one of these applications, I can just load it, open it up and it just magics together. You can't do that. It works in scale, but it's just not the same. TrueGamerMove drinking out of the two later. Yes. I can palm them like most people palm a 20 ounce. Yep. I've been avoiding eating the pizza that's sitting here. Yep. I just got, I actually just got dinner like right before this started. Oh. Yeah. I have my MB server, my download station. This is stupid though. This is the one broken part of Synology. I didn't even look if it's still working. It's probably still broken. Oh, the CMS. CMS, broken. Don't use it. It works with one system, but that's it. It's connected to my one Synology. It works when we're on the same network. Yeah. Once we're not on the same network, it just breaks. Yeah. Your computer is named Stu. Yes, it is. I like fun names like that. So my turtle's name was Pokey when I had a turtle when I was a kid. I had a duck named Honker. Pizza. Tomorrow I'm having broke back pizza from Papa Murphy's. I have no idea. I've got no context for that. They're the same now. In the new version, they are the same. That's what we should do. We're going to fix this because Tom probably has the wrong version in here. Yeah. Which one do I have? We'll go to the package manager. We'll delete the one I have, which is probably... Oh, look. Let's trash it, guys, for doing it live. I don't know if this will disrupt my connection or not. So we are confirm removing. There. PF blocker devil removed. Zoom in so people can read that. Available packages. Because they're the same version, they're the same. It doesn't matter, but you don't need to load this one. This will be the development release going forward, but right now they're at the same version. So now we'll just install this one. There we go. We're doing it live. Oh, broke back pizza is the cowboy, but covered with white sauce. I didn't need to know that. Has untangled changed as it was bought out? I don't really think it changed. But they did. I think they eliminated the free download. It's behind like an email registration. They still have it last I checked. Been a little while since I checked. They still had the free one since I checked, but we just don't do much untangle anymore. Like we have a few clients on it, and they keep renewing the subscription, but it's, I mentioned earlier, we talked about web filtering. Zoros is our go-to because firewall filtering is a headache. What do you think, Steve, would you use Synology with a 30 plus camera install? I was trying to log into my unified controller, which is broke again. As long as you use the right Synology, you just got to cross-reference what Synology supports. Basically the amount of can't, the way they calculate it is it's like resolution times number of cameras times frame rate. So as long as you buy the one that has the processing power to support what you want to do. Yeah, I would definitely use it for a 30 camera install. Yeah, this is another Synology. I haven't done a video on this yet, but I mean, we do so many Synology installs. This is another one. I can't remember if I posted any photos on Twitter about it or whatever, but we do a lot of them and small ones, big ones. It just works so well. So yes, the answer is commercially we use it a lot because it's such an easy turnkey solution. There's that turnkey word again, turnkey. Yeah, and it really is. You hand it over to the client and say, here you go. Zoros is only US-paced, do you know another solution that is available worldwide? I do not. Is Zoros not GDPR compliant? Is that the problem? I don't know because we only have purposely when it comes to managed contracts, we'll resell like Huntress or set in the one overseas, but I don't think we really do. I think we can, but we don't because we haven't really had anybody ask, but things like Zoros and things we contract to load on computers that we keep to the United States because legal problems, no client has been big enough for us to have to deal with the legal problems if we were to service a client in Europe. There's a whole different legal set of parameters that I would have to navigate. I don't know how often US companies, like we consult overseas, but we don't do any management of computers overseas because that can get us into legal hot water. Yeah. I actually have a question for everyone. Sure. Because I'm frustrated with this. Does anyone run into an issue with your Unify controller and I'm running it on a PC where, and I don't have it open all the time, you launch it whenever you, it loads, but whenever you go to the settings page or the devices page, it throws a 500 there. Is it you running out of windows? Yes. That's true, dude. It's your fault. It's your fault. I'm not loading something completely different for two APs. It's your fault. You can load it on your HomeAssist on a Raspberry Pi. I might have to at this rate. I think you should. Back plays. It can run within HomeAssist? There's that. Yeah, go to the plug-in options in HomeAssist and you'll see there's an option to load it. Okay. Yeah, it loads as a Docker image. Do you have a, you can load on a Synology too. Do you have a Synology? No, I don't have a Synology. Oh, okay. I'll put it on the HomeAssist. That's always on and not being fully utilized enough as it is anyway. Yep. Back plays. To play off the other comment, broke back plays. I don't want to go there. Are there any decent wireless security cameras? Not to my knowledge. No, a lot of them are just... The PoE problems that you run into, and we're doing a lot of commercial installs, so you need to get power to the corner of the building where you want it. So the best and most effective way to do it is to run a wire over there because you need power. So that's why the wireless ones, they exist. I imagine there might be some good ones, but we don't ever recommend them. By the time you get power over there, why didn't you just run underneath in that line? Yeah. It's easier and didn't require permits. That works this way. He's going from the EUTS in the US to EU, yes. There's like weird rules they have that I may not understand. We can consult by people buying block hours from the EU, because we're just doing consulting. But when it comes to the contract part, the contract rules are very different and jurisdictionally between different countries. So we avoid those. What's my preference for hosting a unified controller? Linux or Linux? Those are the only options I choose from. Any one of those three options I mentioned work. I've been playing with Truecharts. Truecharts works. It's got it. It's not without its issues. So yes, I have Truecharts. It works, but I don't know. I like it from a tinkering standpoint, but that's actually exactly the problem is the tinkering standpoint of it not doing, not working as well as it should or I don't know. Like Fresh RSS works great, but not everything works great in their application. But on a fun note, look at all these apps. I can scroll up and down for all these applications they support. Everything, I can filter for it. So if you go to catalogs, we say Truecharts. There's a lot of apps. So I think it's great. How good each of these apps are? Do they work? I don't know. Some do, some don't. That's the problem I've run into. It's always a work in progress. That's the challenge. Reloading Unify until it fixes it. That's what I'm doing, mostly because I didn't take a backup. Yeah. Oh man, I might be turning this off soon. It's seven o'clock. That's fine. I got to run to the store for my trip tomorrow. The Jeep. Yep. All that fun stuff here. Yep. We'll go a few more minutes here. Give us those final questions you have. Yeah. What do you use for Rack Diagrams and Linux? Rack Diagrams and Linux is going to probably be my favorite tool for just in general drawing anything. He uses draw.io. I freaking love draw. I draw stuff by hand still and he gets mad at me. That's true. Because I can't, I'm the same way with Photoshop. I can visualize the thing I want, but then the line doesn't go where I want it and I get frustrated. Yep. So let me, I'm pulling it up. Oh, that didn't work. Yeah. You can move a Unify controller to a Linux setup. You just backup the config, load Unify on the Linux setup and then restore it. I told it's authorized to use my Google and it's not using my Google. That's weird. Yeah. Whatever. Open existing diagram. Who knows? It just started working magically. Anyways, diagrams.net. Highly recommend it because it's cross-platform if you want to run a local application. This is, I'm using the web one because I had some stuff saved in a web one. I don't use it very often. Yeah, it does not, it says it's there. It sees the file, but doesn't let me open it. That's weird. Whatever. Yeah. I'm not gonna, I'm closing that window. Um. Broken. Yeah. M-Force. I don't know if it's open source, but Synology does have their photo application that works very similar to Google photos and you can use it to backup photos from your phone and whatnot. Um, I have not used it, but there is at least one. The good and bad. So photo prism exists that's open source, but there's always a but, right? I don't think it has any auto backup apps or anything like that. It has some cool features. It's got some face recognition and things you want that all are managed through the open source. But the problem is compared to Synology photos, Synology photos that, let's use that word again, turnkey. You load it, you get an app. You load it on your phone. It backs up your phone to your Synology and you're happy. It just works. Um, it's less setup and things like that. So less to manage and just works really well. So I'm still using for all my, if I don't, I use Google photos for anything I don't care about being in Google's cloud. If I have a particular photo set I would like to take and only have it private. Well, then I'll share that with my Synology because that is held by me internally. So, um, Synology, that's one of the things I'm going to be talking about when I do that comparison video. Synology makes that really easy to do with their apps. Let's see, Brian, where can I find info to create a second WAN port on the NetGate 1100? The OP port should already be configured as a VLAN. It should just be a matter of setting it, the address to static and giving it a gateway. Yeah. And that's just, the difference between a LAN port and a WAN port is whether or not it has a gateway is a simple way to describe it from, from PSense's perspective. PSense upgrade a new version on 2100, flashing blue light and no admin web page available. Are you getting an IP address from it all or what level is it not working? Yeah. Council cable, man. That, if you're not even getting an IP, then Council cable because the whole thing's doing nothing. I've never used Zen Armor, so my answer is probably it's not worth the money because I don't have a reason to use it. For you, you're probably not familiar with it, Steve, because it's more popular in open sense. Zen Armor is like a deep packet inspection thing that you can use inside of OpenSense or PSense for like web filtering and stuff. Yeah. The firewall is, every day the firewall becomes blinder to the traffic that passes through it. It's why, if you care about the traffic and you want to protect the endpoints, you load something on the endpoint to do it, not the firewall. It's the, it's not as easy. So what software do you guys for your mass imaging devices? We don't really mass image devices. Yeah, we stopped doing that years ago. Yeah, pretty much like Windows Installer and then you can... Windows 8 kind of did away with that because you just popped the flash drive in and let it go. And look, I reloaded, I installed Unify over Unify and it works now and I'm going to leave it until it breaks again, probably. It works now. I'm going to make my change and be done and then forget about it again. Yeah, I mean, if you get really good at it, you look at things like Intune and Autodeploy, there's deployment scripts that script everything to get your system to where it needs to be. There's exceptions to that. If you work in certain corporate environments, they call it the golden image, but man, anyone I know that has to manage that and keeping that image up to date is a headache because the goal is to try to keep it up to date so I can just re-image a computer and have all the latest updates. The problem is every month there's more updates to Windows, but in between there's also updates to applications so it requires a lot of management. Yeah. Until there's a way to just do it with a live system? Yeah. That's what I used to do with when I played WoW. I kept a live copy on my server that I would just open it up once in a while and okay, now I just got to pull all those files. Yep, exactly. The imaging systems is less practical anymore than it used to be. Yeah, Windows 8 was the first one to really kind of do away with that because they made it so easy. Put Flash Drive in, it ran and grabbed updates during setup. Cool. Move on. Yep. Pretty much. Yes. Now Windows updates just need to be as painless as it apt update. Yeah. Linux makes it easy. Yeah, Linux makes it easy, but you're right, Windows does not. I mean, it's just a whole another, Windows is such a mess when it comes to that. This was actually one of the discussions that had come up before. And I'll pull it up here. Basically, one of the things I've done to make my life easier, and I just fired it up again. Where's it go? Hold on. This, share this tab here. I wish to have, I'm sharing. Me and Jay talked about this on Learn Linux TV. And if you just leave one of your, you turn on the auto updates, and I just fired this up. I had it off because I was cloning it. But if you fire up a Linux template and you leave auto updates on, which this is almost, is this got a UI on it? Oh, huh. That's weird. Okay. It does not. Anything I did. But this is my lab template. So, you know, it's up and running right now. What is, okay, it's on this drive here. It auto updates in the background. So it's always up to date. And then when I have to do a video on something, we just hit stop and clone. All right. We cloned it, you know, or make another copy. I can give it a name if I care, but cloning it with the fast clone. We go back here to home. There's a clone. There we go. I have another one. And I can now start this one and do the thing I wanted to do. And when I'm done, I just delete it. It's so easy to do inside of, like a virtualization task. And the way you do it in Linux, you don't really need to rebuild it each time. It's pretty fast to do it that way. From Sydney, Australia. From the land down under, L-A-N. That joke never gets old. Or maybe it does. Steve seems tired of it already. No. You're like, this is stupid. Oh, I'll leave with this because I see, I think... Do you see something I don't? No, I'm going to laugh. You're going to laugh because he's clearly watching because he did this. What do you think of Broadcom network card, Steve? No. No. Yeah. The person, he's got some, he had some problems that I solved by saying, why are you using Broadcom? And he was using 25 gig Broadcom. Yeah. Don't use Broadcom. Real tech works at gigabit sometimes. But just go with Intel, and your life is, your life is better. I always... Intel, yeah. When you're getting into the big boy stuff, like the 10 gig and 25, definitely Intel. I've always been partial for a gigabit, like on consumer boards and that. I love when it has like a Marvel UConn chip because I remember years ago, you pull like a computer out the trash from like the 80s with a Marvel network adapter. And it's still work. Yeah. But I think it's Melanox makes some good ones. Yeah. Once you get into the high-end stuff, there's other companies out there, but just stay away from Broadcom. That's the best advice I can have. There's not that many companies making 25 gig card. Real tech, I don't think plays in that space. And I did not say two and a half gig. I didn't say 25 gig. So... Just get Intel. I'm laughing because you may have seen my post in Slack about... I did. Yes. He just emailed us at the vlog Thursday, which I think is funny. And he sent me a speed test and it's wild. So it's how fast the speed is now that he swaps his cards away from Broadcom. So if you're watching, dude, awesome. I don't know if he comments or not. I'm not going to say his name. Fun times. All right. I think we've answered all the questions. I don't really have an answer for this one. Is it easier upgrading from 22 or upgrading from LTSL to... I would say it's easy either way. I don't know. I don't find it that painful doing the upgrades. We use a combination of PowerShell and Ninite. Yeah. You can use PowerShell to reference the Ninite. You can use PowerShell to call the Ninite. Yep. That is true. And if you're not sure how to write the PowerShell, you can use ChatGPT to write the PowerShell script to call your Ninite. Yeah. I'm showing it out there. Yeah. It'll write the script for you. I'm just saying. All right. I'm going to wind this down. We went for two hours. Thank you for joining us. This was fun. Have a safe trip, Steve. I'll let you know how the upgrade goes. I'll message you if it explodes or if we roll. I'll be in the car. Just call me. I have nothing else going on. It's driving for seven hours. You have seven hours of driving out in the cornfields. No. I mean half of it's Michigan. Literally the edge of Michigan is the halfway point for me. So then Indiana and Chicago, then corn. Something like that. Oh, I realize I got my neck gate back scratcher. I like these are cool. Like if there's something a vendor should send us, it's freaking back scratchers, man. I'm just like I like shirts. Shirts are good too. I don't get me wrong. I like shirts, but I like back scratchers a lot. So they need to start putting logos on pants. I got enough shirts. I'm sick of buying pants. Yeah. Bring pants to the next vendor's shop or swag. I don't think that's going to go well, but hey, thanks everyone for joining us and take care. Yep. Bye, everyone.