 Happy Sunday! How we doing today? It is not, um, beautiful outside, so I'm inside. It was nice out yesterday. It's like, I was gonna do a live stream yesterday and I'm like, it's just too nice. So I decided to do it today. Love answering people's questions. I actually have some servers to update, and I can update servers while I'm talking to people. And I also have a couple ideas related to this. I reached out to some of my other YouTube friends, and maybe we'll do some live streams where we talk about different servers and compare them, like XCPNG and Proxmox. And the reason for doing it on live stream is I want to do a speed run of setting one up, like me and someone else. So I'm good at XCPNG, find someone who's good at Proxmox and run through setting all of them up and talk through it. I think it might be a fun live stream because then you know we're not editing. We're not cutting it up. We're showing you start to finish in real time what it takes to set some of these things up. And I think that might be fun. So throw that out there to me if you think that's a good idea. I'm trying to come up with some good collaboration ideas. I'm actually terrible at coming up with ideas for collaboration. I'm always saying yes when someone invites me on their channel. I have no problem inviting people on my channel. It's just harder because I don't always have ideas that lend themselves to the collaboration. It's a thought I had. Second, making better indexes of these live streams has been a request many times. And it's hard because I babble on and answer about a million questions. Well, I don't know what a million. That's an exaggeration. We'll be more accurate. At least a hundred questions might get asked over a two-hour period. So one of my goals is I've been playing with a lot of AI systems and they are really good at auto looking through an entire video and placing all the commentary. So I'm playing with them. If you know a good one, awesome, let me know. But I want to find one that way. I can just point it at two hours of Tom babbling, but then produce something that people may find interesting because they can jump to something that's interesting to them where I had a discussion on a particular topic. If you know one awesome, if not, I've been reaching out to people and trying to figure that out. What's the best one to use? In email, and I'll throw that email and banner up right now, email the vlog Thursday at LawrenceSystems.com if you know a good tool for doing it. The problem is, it's not that there's no tools, it's that there's a bunch of tools. I don't know which ones suck and which ones don't suck. So if you know a creator using this, let me know. I realized I touched my glasses just before this started. This is my only problem I've had since wearing glasses, touching them. If you don't touch them, you're fine. If you touch them, then you have problems because I can't stand something on them. It's like one of those, I like perfect clarity all the time and it definitely messes with my clarity. So there we go. I got the, I picked it, just before I reached up and I just, god, there's still a spot on there. Let's see if I can get it off my shirt. It's just one little spot and it's in the middle, so it's making it worse. There we go. Now it's gone. Let's see here. Hello from Flint. I'm going to start working backwards. You launched a new channel. You're a tech career coach. Be open to doing the Proxmox install. I'd have to know that you're really good at it because I have to make it fair to the viewers that I'm not, you don't want to choose someone and I don't know it's because I don't know you. I want to make sure someone who's very proficient at setting it up. So that's the important part to me. But reach out, be a vlog Thursday, send me some information. People like Jeff from Craft Computing know it really well. So does Raid Owl. If you haven't followed Raid Owl's channel, who else do I know? I don't know him yet, but there is Dave's Garage. I think, not Dave's, sorry, not Dave's Garage. I'll have to find the channel. There's a few channels. I mean, I follow. There's some of them I know. So there's channels I know directly because I interact with the people like Jeff Geerling and them all the time. And then from there, yeah, what do we got here? DbTech. I know him, but I don't know how good he is at it. But where's the other guy? I get to make a whole list of channels. That's actually, on my to-do list is going to be building a list of all the tech channels that I think are good. And the downside is it's not that I think the other ones are bad. I just may not have interacted them, interacted with those people enough to really give you an assessment of whether or not they're good or bad. But I have our giant discord. It's private, sorry. But it's where all of my YouTube friends hang out. And I invited all of them there in case you're wondering, I've got something, fixing something on my hand. It was itching. The YouTube friends that I have that, you know, just we all are collaborators who support each other. And it's the names that you know, like Wendell. And as I mentioned, Jeff Gehrling, Craft Compute. Let me see who's in the list here in our discord. I'll be sure to get there. So many of us now. There's a lot of us in here. Rich from Two Guys Tech, Storage Review, Patrick from Serve the Home. I don't know some of the people by name. Oh, Techno Tim's in there. So we have, we have a pretty good collection of people, Chris from Crosstalk Solutions, Veronica of Veronica Explains. So we got a pretty good list of us in there. And I'll be, I'm going to make probably a page on my, I was really thinking this is probably a good idea to create a whole page on my website, where it has all of the people in there that I'm friends with, or at least I respect their content quite a bit. And so you can like find a bunch of good YouTubes or podcasts that I like. We've been careful to figure out what to call the group. We're trying to follow similar rules of how Nebula works. And if you're not familiar with how Nebula works, you can't ask to join Nebula. Nebula is pretty neat service, but you can't ask to join. Someone has to ask you. And it has to be decided by the group and collective to vote someone in, if you will. We're trying to come up with some rules. The problem is when other creator channels that I belong to, everyone got invited. And no offense, but if you have a lot of people who are only part-time or not serious, it kind of dilutes the group because it becomes harder. It just becomes a gender chatter. Our chatter is a lot more concise because all of us are pretty much, I think everyone in there is pretty much a full-time creator. And so we're trying to try to establish, you know, the goal is to gatekeep that we want people out. We just want the conversations to be very, you know, more in-depth. Me and Jay from LearnLinuxTV started this group, but it's kind of a back end. It's just been really good to be able to have a bunch of other creators who do exactly what you do and have the same struggles to work with on that. But then there's plenty. If I actually have other groups that recommend people start in, like follow Jay Klaus if you're looking into getting creative. There's a lot of good starter places that can get you a lot of information to get you so far. So there's a lot of other groups for this. There's been a bunch of TechTube channels out there. There's even some good subreddits for it as well. But let's get on to the topic of servers and stuff. So Hi Travis, you're updating stuff. Hello from Hungary. Awesome. Good morning from UltraLife. My ZenOrgishoreMovePif issue has APR. Should be fixed. Awesome. Yes. I forgot to say his name, but Apple, Appalard, Appalard. I reached out to him because he's really good and really interesting and a fellow person who lives in Michigan. So definitely neat person. I really liked some of his videos. Yeah, there's plenty of places for the novices to start, like I said. It's the same reason I don't do like basic one-on-one tech videos. I don't need to. There's so many of them out there that cover some of the more basic setup attack. That's one of the reasons I start where I start is opposed to like, hey, here's DNS 101. I mean, I cover DNS usually from an advanced standpoint, but I also get people who go, oh, I want you to cover Tom like, you know, do a networking one-on-one course. I'm like, I just don't have the time to do it. And by the way, there's a lot of great one-on-one courses out there. I try to lean towards just the advance, but I absolutely, you know, people need a place to get started. And if you don't know how to turn a computer on, I'm probably not the place to start. But once you figure out how to turn it on, and once you've got Linux loaded, because people ask you, I don't do a lot of tutorials on like how to load a bunch to. And I'm like, there's not a shortage of those videos right now. There's a lot of good, high quality ones. So I just tend to lean on towards the advanced side of things. Hey, Tom and Chad, I stuck my word and got net data, stuck to my word, got net data installed, still have some setting up to do. Doesn't seem to show scale app info. Hmm. Hello, Thailand Internet here is cheap, but limited stock. You have a problem? You hope I help? All right. Christian Lumpa. He's on the list too. That's why I need to make a page for all these people. These are all great people to follow. Christian Lumpa doesn't participate in the group. We invite him to the group. He just doesn't come in there very often. And that's fine. But his content's solid. He's a great creator. Yeah, CGNAT is definitely less than fun. There's no doubt about that. Let's go over to, oh here, this will enter, this will, let me pull it up here. There we go. Actually, I should switch to the lab version. There we go. Got to share these updates. I got a server to update. So let's do that update while I'm chattering about things. There we go. So there's some new releases, some new security updates. I believe it's in the blog post. Let's see what they are. I'm going to load them anyways. They just came out. There we go. December security updates. Let's see. We got here. Zen and Linux firmware and a controller domain have fixed several vulnerabilities. We also published them with maintenance updates, which we got ready and tested during public testing window for security updates. x86, I am, IOMMU quarantine page table levels. Twice in quarantine mode using Domzero could access leaked data from previously quarantine pages. It's not enabled by default in XCBG, but can still be enabled at boot time. Oh, yeah. This is one of the nice things. They are, the team at VATES is really careful about how they design XCBG. It's extremely security-first. This is why it's been so popular in the security ecosystems and large-scale providers. So you said electronic wizardry has great Proxmox content. All right, I'll check that out. What do you use for SIEM? We use Blumera. That's, I did a video recently, a sponsored post on Blumera, but Blumera is what we use for our SIEM tool right now at CNWR. What method do you use to monitor the quality of internet links, meaning you detect degraded performance or not just outages? Nothing. It's not really been an issue. We do speed tests if there's an issue. There's rarely an issue, and I don't understand the people who, unless you're having a problem, I don't set up regular speed tests or monitoring tests. It's just not that often it's a problem, but sometimes people will do that. They set up constantly running speed tests on there, and then they want to complain every time it goes a little bit down. That's going to happen if you have a lot of traffic on there. It's not going to be the perfect amount every single time. So we generally use monitor for outages, and that's adequate unless we're experiencing some problem or the client is experiencing some problem that prompts us to actually do this. Oh yeah, XEP and G is getting way more popular with the train wreck that is the VMware purchase at everyone getting laid off. I feel bad for all the people that got laid off, and it seems to be chaos over there. Let's see, other changes and improvements. Linux firmware, AMD microcode update, drop updating the families and AMD XP advisory does not support SEV yet, and therefore is not directly impacted. Small change to suppress GPU mon data, updated time zones, vendor drivers, ooh, updated drivers for Intel i2-25 and 226, updated real tech drivers, updated Broadcom drivers. So that's it, pretty simple update. So here's all the missing patches. Let's just go ahead and install the patches. This will automatically restart the tool stack on every host. Sure, I'm fine with that. So yep, now we're installing patches. This is the host. There's only one host in this pool. So I'll give it a minute and let it do its thing. Yes, the folks at BlueMera, one of I'm going to have one of their team members on to talk about pulling logs from Windows and tools you can use to do it. They do a lot. Windows is obviously going to be king when it comes to that. So I'm going to get one of their hackers because it's definitely someone who's really good at hacking some stuff. She spoke at a lot of conferences. She'll be doing a talk with me and we'll talk about Windows logging. That's going to be coming up maybe in the next week. I got to check her schedule and figure out when we can align to do the talk together. Oh, there we go. We've installed the patches. Security concerns with running PF sense in a VM are really more about you than PF sense. So if you do not configure the WAN properly and you let the WAN touch the other networks, there is more of a potential for that. So if you're not dedicating an interface for it, there's a potential for it to get goofed up by you inadvertently exposing something to WAN. That is the most likely scenario for security problems. Is it normal for the GPU performance so low at Proxmox VM that the, is it normal for GPU performance low at Proxmox VM than the Windows installed directly? Yeah, once you virtualize it, you're going to have a bad time. You always are taking sacrifices when you virtualize things. Hey, look, it came back. Have you heard about password manager safe and cloud from Russian developer stores data in a database file? I have no idea. I use Bitwarden. Bitwarden goes through regular security audits. They're, to me, the gold standard when it comes to transparency of how the company operates. So I just stay with Bitwarden. They're very, they work well. They're well integrated. They're very transparent. You can self host it. I just don't bother with other ones. What VPN do you recommend with PF Sense Connect from a low speed network? Maybe OpenVPN? I guess it depends on your needs. WireGuard and OpenVPN are both fine. It comes more down to your use case, but any of them work fine over low speed. So is tail scale? I really like tail scale. Especially for new people starting out, tail scale is one of the easiest ones out there. How do you prefer to handle WAN failover to avoid the primary link being activated back and forth when it's not 100% down about losing packets? You set the thresholds. That's the solution to that set. Figure out a different threshold if it's just bouncing. That's the only thing you can really do is you set how long the threshold is or how much packet loss you're willing to tolerate before it's back and forth. You can adjust those and fine tune the settings. CrowdSec, do you use any machines? Not right this moment, but I probably will. I used to use it on my old site and I just haven't set it up on my new site yet. It's on my to-do list. Wanted to ask if it's okay to have TrueNAS one pool, three disks, and RAID-Z1 and back it up to a second pool on the same machine that consists of one drive the same size as the first pool. It works, but if something physically happens to the machine, then you just have two copies in one machine. So you only have a limited amount of backup that way. Ideally, backup should be a separate machine. Ideally, more so, they should be off-site, but it's certainly better than nothing. How would you compare Blumera to Wazoo? So this question has come before. There's not much of a comparison. Wazoo is definitely a neat tool, but it's a very manual tool compared to something like Blumera being a very automated tool, and Blumera has a ton of cloud integrations for enrichment that you're not going to get with Wazoo. So Wazoo is neat. I definitely think people should test it out. I think it's an excellent homelab project. It's not really the same. It's not a scalable project to run multi-tenant systems like we do and monitor client security. It's definitely great. It's been made popular because Wazoo has been sponsoring YouTube channels. They sponsored a video from Network Chuck, and they sponsored a video with John Hammond, and this has certainly brought it more into the popular because they're sponsored, but they've reached out to me about sponsoring it. I haven't had the time or said yes. I'm also very careful about taking sponsorship. I have a content code of ethics, but the problem is the moment money comes across, no matter what I tell you, once I declare I was paid to say or paid to do a tutorial or paid to say how the product works, there's an immediate bias you may have towards me and it's almost hard not to have some level of bias when someone's paying you to make a product tutorial. It's one of the reasons I do so a lot of them because I have such a hard time with it is when it comes to doing a sponsored review, I've only got a couple on the channel. They're all labeled in a playlist called Sponsored. I make it as clear up front as possible that they're sponsored because I want to make sure all biases are always disclosed. I can give my opinion a wazoo with no bias because even though they offered to pay me money, I replied and said I'll think about it and that's where that sits right now. When you learn how much money these companies are willing to pay some of the YouTubers like us, these numbers sometimes can get up there in the $40,000, $50,000 to do tutorials to get their product out there. It's not like they gave us a hundred bucks. If you're wondering, once you get a really successful YouTube channel, you can charge quite a bit to a sponsor, but it also costs quite a bit to run a YouTube channel, so there's a lot of consideration there. It's not like the money's just falling from the sky to do this, but obviously it's hard not to be biased as someone says, if I give you $40,000 to do a tutorial series, would you do it and then not be biased at all? That's my rant on that topic. Down question. What's the difference between reserving static IP address at the router level for a computer versus a static computer? Do you assign at both levels? I do. That way, if I have to reload something, it always gets the same IP address, and sometimes because if my DHCP server could be down, I might assign it. Mostly, I rarely do it at the computer level, but some devices require it. If you're setting up servers, they kind of expect them not to be DHCP, so I'll leave the servers not DHCP because they don't want to be, but if they get an IP address, they're going to get that reserved IP address. I actually lean towards always 100% of the time reserving all IP addresses of permanent things or even really testing things on my network with the exception of random VMs I spin up, all servers, all switches, all devices, I always put static reservations in. Unify has been busy releasing new gateway products, but apparently Crowdstik Plugin for PSense is being worked on. It is. It is being worked on. I don't have a release date for it, but I've been talking to parties involved. I'm going to, I don't know how I can encourage it, but I'm going to reach out to the parties involved to see if I can't figure out why it's not done. I feel like it could be done sooner. I don't know. We'll figure that out. I just got tail set up properly tonight. Did some tests a while ago, just to tie the family away. Fam loves movies and shows. Yes. Easy setup and a free option is very generous, for sure. How do you handle automatic install and provision of VMs? I don't handle it. I just clone my existing VMs, but you can use Terraform if that's your thing. Terraform works with XCP and G. I think Terraform works with Proxmox too, so those are a couple options. I don't know who DSP Gaming is, so no idea why I sound like them. Actually, the server is up to date, but it's going to tell me I need to reboot to apply some updates. So let's go here. We're going to stop all these systems running so I can reboot this. How do you manage mail servers? If I increase the complicated hosted ourselves, I don't. I recommend people not to do it. I was a mail server admin forever. Since the 90s, I started managing mail servers in 98, I think, and I just gave up on it. I probably around 2016 is when I threw in a towel, like, hey, 18 years of managing mail servers, I'm good. There's no easy way to manage it. We don't do it for any of our clients. There is no path to contacting us and going, will you host a mail server? I'm like, oh, yeah, for a million dollars a month, I'll do it. I wouldn't touch it for less than that. I don't want to do it. I'll give you a number that's ridiculous to do it. So if someone, I say people that really push me on it, oh, come on, give me a price. Oh, here's a ridiculous price. If you're willing to come up with that kind of money, then you can do it, but I don't recommend running your own mail server. I recommend setting it up and learning about it because it's a good exercise and understanding how mail transport works. I don't recommend doing it. It's just not a great task. It's one of those things like mail servers are one of those things that I'm not big on self hosting. It's too hard to stay off the list. One of the other topics that have come up about this before is Linode is a popular place. They've been a sponsor of like the Home Lab show and Akamai bought them, but this is something I think Alan Jude talked about from two and a half admins. Microsoft decided to block all mail servers on Linode for six months, end of story. So anyone hosting them there, you had no choice. You suddenly lost access to being able to email anyone who had a Microsoft account. Then Microsoft, after lots of complaining and people doing it six months later, decided to unblock that Linode. That's the problem with it is you don't know someone's just going to block you. And when I say block you, this is the problem why I got out of the mail server stuff. I used to host my own mail server and I said, I can't do this anymore. It was just my personal one because people just aren't getting my emails. Gmail would randomly block me. I was using good clean IP addresses I had for years and they would still get unblocked lists. It's just a pain. Is the device sent for review allowed to be kept in similar pay for you? So that's a good question if that's considered pay or not. That's a fuzzy area. So yes, people send me devices. I don't think of them as paid reviews if I get to keep them because I'm not selling them for money. Then I would definitely consider it paid. I have them. I torture test them. I declare in the beginning of the video if something was sent to me, but I don't think of it as pay. I think of it as a trade for me reviewing it. Now, like the example is easy that already six device I got, I definitely received it from the person and did a review. Would I have ordered it myself to review it? Probably not versus this is my next thing. I'm going to work on a review maybe tonight. I haven't decided. I'm going to pull it up right here. This on the other hand, I purchased with my money because Unify doesn't send me things anymore. So I am reviewing this Unify device, the little Unify mini and there's no bias at all because I purposely bought it myself because I want to review it. So obviously, and these are one of the reasons I actually prefer buying things myself because I got the money to do it. It just removes any implied bias for things. Any thoughts on the Unify logo security thing? Yes, it's stupid. I mean, it's a security concern. It's also a dumb problem to have, but yes. I'm a reddit and my thoughts on it are, this is not a, this is, yes, that's silly. Why do you use XCPNG over Proxmox? XCPNG is used way more in the commercial market than Proxmox. XCPNG scales to larger size systems than Proxmox and we do a lot of support for it. We have clients, you know, I've talked about this before. We even had someone we helped move over 2,000 virtual machines off of VMware. We have clients, big companies, very large. There's companies in the Fortune 1000 that are using this, not the Citrix. They moved from Citrix to XCPNG. They're in the Fortune 1000 list. They're clients we've worked with and done consulting on to help sort all these problems out with their virtualization stack. So yes, it's very used. So we use it. It's one of those things. So that's my familiarity with it. I don't think there's anything wrong with Proxmox. And for HomeLab, it might be even be a better choice for people looking at some of the way Proxmox integrations work and it gives you a lot of features under the hood. Yeah, I don't know that the UXG light looks like something will make the MSP people happy, but I think it's going to make a lot of home users happy. I think it's a neat device. That's why I bought it. I think it's a good competitor for their other older product, the Unify Dream Machine, which I'm going to do a follow up on the original pill bottle one because I still have one of those and it works fine. So I'm going to do a follow up on the pill bottle one, talk about the new one, and yes, I think it's a good buy. I mean, too long didn't watch my video. It's definitely a good choice. You are using Bitwarden or Vaultwarden because of which free opportunities? As for me, if you inside Pastor Manager, and it should be a full fledged one with all the functions, I pay for Bitwarden. I don't use Vaultwarden. I have a license for Bitwarden. What do you think of the new Unify Express? I don't know about Versatile. I think it's a good product. I talked about my tail scale and the DERP servers in my videos on head scale and tail scale. I don't really have a lot more to say about them. I mean, opening ports is going to help avoid some of the DERP servers. If for some reason you have a firewall blocking things, if you integrate it into your PF sense, you can avoid the DERP servers as well. Running your own mail server is a total pain. Yes. Keeping on top of threats and everything else. Yeah. Okay. It was Jim Salter who had the little email. I was one of the people from, I'm bad with their names because there's three of them on there and I have a hard time just in general. I can't remember people's names, but I remember what they talk about. So, yes. Been playing with ZFS C1 and RAID 5 for the last couple of days. Raw throughput in my experience wipes the floor with ZFS. Have you thought about experimenting with our file systems? It depends. It depends on how you set it up. And of course, the ARC cache is substantially better than the way caching works on MDADM RAID and the integrity of your data and features you get with ZFS blows away MD and RAID. So, it kind of depends on, there's nothing wrong with MDM RAID, but you just don't get all the features of ZFS. It's not a fair comparison at all. It's kind of like, you know, I could make some crazy analogy, but I won't go, I'm not going to go into that right now. You get the idea. They're not the same thing. On the surface, they have the same basic function. I guess I'll use this analogy. My Dodge truck, you can compare to a large freight liner that can hold, you know, carry 40,000 pounds. They're both trucks in here in America by definition. They both will take you to a place. They have wheels and a steering wheel, but they're extremely different use cases. Is Citrix still part, is part of XDP or wasn't previously Zen server? No, Citrix used to maintain Zen server, which was turned into a product. They called the, what was Citrix's old name? Citrix calls it Zen server now. Citrix has created some name confusion, because they don't like the fact that Vates took the source code because this was an open source project that was managed by Citrix, partially open source, because Citrix would put some open source and a mix in a bunch of licenses for a closed source. And they said, you know, why don't this whole thing could be open source? And Citrix is doing a terrible job of the community. So Vates circa 2017, I have a whole video going over the history of this, you can find on my channel, but basically Vates open source the whole project and respond it. Do you stuff on your KVM deployments? I don't have any KVM deployments, and if we manage stuff, it's going to be a standalone stuff cluster. Oh yeah, what's the unified, the unified express. XCPNG has dark mode, it will in the next version. Well, it's not XCPNG, Zen orchestra in the next version will have dark mode. See, kind of the server came, make sure the server came back up. Hey, look, all the stuff's running again. So, and the host is fully patched. We did that live. It's so simple to patch. This is one of the nice things XCPNG, you could even do just rolling pool updates, they make it really easy to patch all the servers. If you had $500, $500 to build a homelab for beginner basic router, ideally PF sense, small eight port switch, small one PC with proxmox, do you have any ideas, recommendations? I really like the unified for manageability, but if you're going for the cheapest budget, you're probably going to look at something like the meeker tick. That's the word I was looking for. Meeker tick does really good for the basic cover your routing functions and things like that for the cheapest price. Hardware wise, I don't think the SG1100 is a bad idea, so that's another option. But the, I'm trying to think of what else would be out be in there for that list. Yeah, probably that. Then the mini PCs, there's a lot of choices on the mini PCs too. So hey, Tom, you ever changed your manager interface to XCPNG cluster pool? If so, what's your experience? We tried to change manager interface to a bond interface that didn't like that. I try to set them up in the beginning and not set them up later, but I have changed them, but I rarely change them to a bonded interface. So if there's a bug in there, I don't know because I don't ever need the management interface to be bonded. By the way, something I don't have one plugged in right now to show, you can connect these to the non-management interfaces and they still work. So there's there's ways to get it to work on both ways, even when it's non-management. Maybe I'll do a video talking on that topic. Have you switched your PSNT feedback into Kia? No. It's not feature complete, therefore I don't use it. When I hear Citrix, I think Citrix bleed. Yep. I'm looking for a password single faster with my Ukey and Windows sessions, but have to pay for Microsoft Entrust subscription for that. It's a shame. Do you know alternatives? Yeah, I use Linux. That's my alternative solution. Microsoft is barely security as a company unless they figure out how to upsell you on security and then you get to buy whatever security they upsell you on until they screw it up. I just truly am aggravated about the marketplace and Microsoft's involvement in it at any given moment. I cannot help but express frustration dealing with Microsoft constantly. They are just a truly awful company. There's just in no way I like them. I hate when people say, oh, they did so much good for the market. No, they destroyed so many things in the market. And here's another article. This is just the most recent of Microsoft's goopiness. Once they get a monopoly on things, they completely quit caring about security like this. So I knew this before it was out of embargo. I was talking about this with some of my security friends and they gave Microsoft time to fix it. This is now on the We don't care. We won't fix it. Yes. This is a way you can use DGP reservations to spoof DNS records to steal secrets. And Microsoft won't fix this. This is like, yeah, you know, then we're not going to fix that. That's not that's not our problem. We're not going to address it. So it's been dropped because Microsoft doesn't care. So it's it's mind numbing because I have to deal with Windows to make do I have to mitigate my this is where I find my job to be weird. My task as an IT services company is to secure clients. Microsoft is the only game in town. So I have to deal with it because that's what my clients have to run. There's not a solution to run the line of business applications on not Windows systems because of Microsoft's monopoly. But people are now burdened with spending money with a third party company to try to put security around a company that's worth a trillion dollars. And yeah, I don't know. That's my little circular rant on it. Every time I see citric news because they're trying to get someone to buy them. Yeah. No one wants to buy that pile of garbage. One of my one of my staff having a their updating systems right now. It's just like I am. Answer the question for them. Let's see here. Which one I have not tested much of the new unified cameras. I did test one of the turret ones. But let's see. I'm sure now says you have a backup replicating AWS history looking for online place to put things up. You can do it too. I prefer back plays but it should work fine with AWS S3 as well. Will you leave a recording of the broadcast? The thing is I don't understand English well. But in the future, I'd like to look at translation from a neural network. I always leave these broadcasts up. So yes. Hi from Budapest. Proxmox has two advantages for HomeLab. Cluster setup is easy. H8 cluster storage with integrated stuff management. Yeah, those are good points for HomeLab. How do you manage DHCP snooping and unify switch? As I see, is there no option set up specific port? I believe they call it DHCP guarding. I've never heard of a Freddie burger. Unify UXG haven't found a way to change a port for my IPsec VPN and PF census. No problem. Yeah, you'll run into a lot of limitations with the way it works in Unify. This is one of the aggravations. It's like, it's so tedious to look at a feature set and go, Hey, look, these two devices have the same features. They're not implemented the same way. There's nuances to actually using them. Then you go, I can't do this or I can't do that. That's when you start having all the problems. And I don't know. It's that's why it's so hard to do a comparison because you can run down that list. But until you've actually used these in production, then you realize what the differences are. Any recommendations for open source documentation systems like Confluence? I think Bookstack, I think it's what it's called. Bookstack is pretty cool. So if you're looking for something that's more Confluence-like, check out Bookstack. It's open source. I believe they have a docker install. They certainly have a demo. So let's see here. Yeah, this is a nice little tool. I think Bookstack's pretty neat. Any recommendation for someone trying to move from watch guard firewalls over to PF Sense? Watch my videos on how to use PF Sense. I don't really have another, I don't know if I have another answer for that one. Once you learn PF Sense, and if you already are pretty good at firewalls, learning PF Sense is not that hard. You just got to figure out where the buttons are. I have a TrueNAS replication task S3-compatible provider, works perfectly awesome. Any issues are going to Kobia from Bluefin. The only problems noted in my review video is if you have encrypted data sets and you want nested unencrypted. So if you start with a base encrypted and have nested encrypted, you have problems. If your primary pool is unencrypted, there's no problems. And if you only care about having encrypted things all the way down, that should be fine too. Does Unify have an option for auto updating? Yes, they do. That's one of the things I really like about Unify. This is one of the reasons when I'm looking for things for home users. I think these are great because the auto update option, I believe it's probably on by default, and that's awesome. We use internally Bookstack and works with less technical people, also gets frequent updates and features. Yeah, Bookstack has been popular for a long time. I've tweeted out a couple of times when people have asked, I don't use it, I've tested it, and I said, oh, this is nice. I just don't have a need for that right now. So that's why I'm not using it. Do you have a way to tell which port Ethernet ESP is making problems? That's more of a question of does your switch tell you which port is making problems? Not all switches give up that information. I read the docs in UB and they say DCB Guard works well when you use UDM for me. It causes a lot of door timeouts. Are you that worried about someone putting DHCP on your network? I get why you need to. It's just a, if you're worried about security, I mean, yes, it's good to have, but it's not, we have over 100 customers and it's very rare that I can find any ticket where our problem was someone stuck a second DHCP server on yours. I know there's a few tickets in there probably for it, but it's pretty low on the list of problems that come up. Not an impossible problem. Just not the most common one that someone's bringing and plugging something in. Really, if you just do notifications of anything new on the network, that's often enough because once something new on the network is on the network, that should trigger a ticket. If something new on the network triggers the tickets, then you can go, okay, let's start investigating with this new thing. Oh, look, someone put a router on the network that's handing out DHCP addresses. Good morning. Thank you for all your videos. You have helped me get my homelab up and running. I have 15 different services running in Docker. Thought it's on a backup solution. I'm looking at duplicati. Duplicati should be fine. Just however you're doing it, even if it's just our sync, because I just our sync some things for backup and it works great. It's simple and gets the job done. Have you tried using Synology NAS to backup to back place personally since it's unlimited storage? It only has B2Cloud as an option. I use B2Cloud. I don't use any of the free consumer stuff. I've always just used their B2Cloud. I like their B2Cloud. It's not that expensive. Of course, I see not that expensive. I do realize people's budgets are different. I have found it to be reasonably priced. I have 190 unified AP pros. How can I extract the Wi-Fi passwords of the users from M365 for free? You want to extract the Wi-Fi password. I don't understand what you're trying to do. You want the Wi-Fi password off of the... I don't understand. Maybe that's a better forum post because I don't know what you're trying. I don't know the goal. If you update the ZFS pool features, you can't roll them back. That's very true. This is true for any update when you do True NAS updates on scale or on core. Once the update occurs and you update the feature sets of the underlying ZFS pool, you cannot go back to the previous versions. I say it definitively. Very likely you won't be able to go back. There could be some circumstance where a feature flag is allowed and maybe it'll still read the pool. I don't know. Honestly, it could create all kinds of other problems. I don't recommend it. Once you upgrade, you don't upgrade the feature sets on the ZFS pool until you are confident that the version you have moved to, you are going to stay with. Sorry. Are you just trying with that Unify Express? Yes, it was. Once I had an incident with someone connected Wi-Fi, router, and then spoofed the whole network and was at school, rare situations, but definitely can happen. Yeah. I would consider school is a high-risk environment where you should have things like DHCP guarding on. Currently running products next might give XCP and Gigo to support PCIe, Pastru, have a NIC and HPA card I need. It does support it. They have documentation on it. I don't have any videos on it because I just don't use it. Trying to get my key workers nodes into a VIP for TeleSynics so they can all share an IP without being on a DCP lease. It's going to be lacking information out VIPs work after seeing your Vid. Hmm. Amazing and wrong tool for the job. I should go back to mainly signing leases to my cluster machines instead of VIX. I don't know why you had to sign a VIP via PF Sense, I'm assuming, to a cluster machine. I don't understand what the goal is because I've never tried to do, you assign VIPs to PF Sense. It does not assign VIPs to Systems. In which cases VLAN makes sense, like homelab stuff. VLANs are just virtual lands. If you have reasons to separate things, but using the same cable, an example I use in business that we use a lot is you may have a big building and you have a shipping department at the back of the building and you have an office with a bunch of people in there and a bunch of things in the front of the building and you want to have multiple networks. You could either A, run multiple wires across the whole building or B, use VLANs and then you partition out the switches to provide the different networks. So come down to your use case. Recently I tried my hand at Ansible. Thank you for your videos and Ansible Simifor. Oh, yeah. I don't think I did the Ansible Simifor video. Christian Lempa did and maybe Jay did it. But either way, I've talked about Ansible and I've recommended Simifor, I think, on the homelab channel. What do you plan on doing at the Unify Express? I plan on reviewing it. I bought it to review. Yes, I use a firewall. Did you ever have to recover company from ransomware? What's your experience? It's a mess. Yes. It's a disaster. But I mean, the experience sucks. We've had a recent person, they weren't our active client. They were someone who used us in a past for consulting and we gave recommendations. They didn't follow any of them and they got ransomware. Then they called us and we referred them out to an incident response company because the problems and the scale that they happened at and the size of that company, they were pretty big and there's not enough of us to get that company restored. Even if we pulled all of our employees together, the company's pretty big. So we had to refer them out to a bigger incident response company. But the reason we referred them isn't just because it's a scale and scope problem. It's because they didn't have an insurance because normally we don't get to pick who the IR team is. The insurance company does. But this big company who did not follow security recommendations also didn't follow the recommendation to get cybersecurity insurance. But of course, they were doing everything in a very bad way. So if they would have paid for cybersecurity insurance, the claim would have been denied because they weren't following any of the procedures. Matter of fact, this is something we're trying to push towards with people now is did you lie on your insurance form? We're just asking not because we're the insurance company, but we're going to let you know that if you pay money for cybersecurity insurance and you also lie on those forums, you are also having, there's no way around it, you're going to get your claim denied. You actually don't have insurance if you're lying on the forums. It's a hard pill to swallow, folks, but if you lied and said you have 2FA and you lie and say you have all these offsite backups, but you don't have these things, you'll find that the insurance company will deny your ransomware claim. The insurance companies are not in the giving away money business. They're in the insurance business. And that is not something people completely understand is how many claims get denied because it's not a new statistic that people talk about much. But if you say you're doing things that you're not doing, you're going to have a bad time. Sam's to bring you one piece of equipment he couldn't afford, what would it be? Time. I need more time helping one of my staff. He's got a host emergency. I would just actually bring him in and join the live stream here, but I'm going to instead just send him the instructions of what he needs to do. I gave him the instructions on how to solve hopefully the problem on there, but a time machine is that I can't afford one more like it doesn't exist. Having backs is good. Knowing how to restore the backup is better. The way I word that is really simple. Everyone, nobody cares about a backup. It works. Everyone wants to restore that works. That's what really matters. Today I learned there is a cybersecurity insurance. Yes, I have 190 unified AP pro managed on one unified gen two when the users connect to wifi. I want them to connect via Azure AD passwords. Can I do this for free? You would need to set up there. I forget what is the name is alluding me at the moment. Cashmas, but you'd have to do the tie in from like a radius server and set that all up inside of windows. Certainly not something I could walk you through here. I don't have a video on it. It's not that it can't be done. It's just complicated. So as long as you understand how to tie all that together, and I believe you have to tie it to an on-prem server, I don't know that you can tie it to an ultra ID server in the cloud. I think you have to have at least one on-prem AD server that probably also is connected to their ultra ID authentication. But yeah, there's a way to make that work. But to migrate PF sense solution for multiple open PMCs with about 300 little bandwidth clients, I'm a bit scared on the scaling any tips hardware using PF sense at all buy a fast machine by one of the we usually sell people the high end neck gate appliances. Those who lie in security us are not looking for security looking for compliance. Sure are. Which software firewall? I don't know. UFW is fine. IP tables is fine. I'm 40 minutes late to the party, but your server set up a race idea. How about getting three or four of your buddies that are proficient in each? So six people competing steps. Oh yeah, if I can get that, you know how hard it is to schedule people? That's been the real challenge. Tom is doing live consulting with his own crew. Yes, we are. Let me tell him right. He's need so they are. He sent me a screenshot and looking at it in real time here. I think that's the problem. I think I found this problem. He's not going to like this answer. So the system seems to have lost all of its drives. I'm sending a screenshot of a working system because he ain't going to like this answer. Yeah, real time tech support. This is a working system. All right. I'll do tech support for all of you. I'll do tech support for any of my staff that ping me. He's got kind of a messy dealing with opinions on observium for home labs, maybe advanced use cases from all business. I don't use observium, so I have no opinion on it. Some people seem to like it. I've never used it. How to manage YouTube live stream and do extra consulting at the same time? Yes. AI and firewalls, ready to see coming years. A lot more BS and a lot more overhype and a lot more overcharging for the BS and hype. The concept is there, whether or not it'll get properly implemented. I will see. For rackable home lab NAS, HL15 is going to be way more flexible than the True NAS Mini R, but I have both. I have both. I like both. There's more flexibility, though, and definitely more speed in the HL15. The HL15 is a whole lot faster. The True NAS Mini R, the biggest problem with the True NAS Mini R is really this. Let me pull it up real quick. I like my True NAS Mini R. It's just slow. That's the part that drives me nuts is this right here. They chose to put this Intel Atom CPU, and I'm sorry, that Atom CPU kind of sucks. It's fine for most people's use case, but when you're comparing the two, it's way faster to go with, I mean, but more money. More money, by the way, and more wattage, more power usage. If you can afford it, I think the faster is better, but if you don't need it. And for my example, this is how I edit all my videos on a True NAS Mini R. It's perfectly adequate to use 10 gig and edit videos and actually run the services that run on it. Perfectly fine. I run sync thing and a few other, like, here's my applications on it. I have a couple, I didn't turn this one off. I have R sync. I'm not really using this. I test it and didn't like it. I need to update this. So let's go ahead and update that while we're here. But yeah, sync thing runs fine. Net data runs fine. Net data and sync thing are my two, like, must haves for apps. Here's a fun trivia question. Can I share this screen? Yes, I, no, won't let me. As you say, it's too hard for me to switch and share this one right here. But the answer to his question, snapshots show up as a file. If you have, are looking at the raw VDIs in a file, he's dealing with a Zen server problem at a commercial client. The other things you see are actually the snapshots. So you don't just see the VDIs of the servers, you actually see their snapshots as well. Cool. I threw a few more things. I wish I could show, if it didn't have all the client stuff on the screen, I would be more than happy to bring him on and we do the troubleshooting. All the stuff I'm telling him, like, there's not often we have problems, you know, obviously, for as many servers as we have, I think the problems are few and far between, but I do want to, maybe I'll break a, maybe I'll break a server so I can do a live stream of showing how to fix it. Can you make a video on how to recover data from various CFS bull structures? Wendell made that video and it's incredibly complicated. There's no easy way to do it. There's really not much you can do. If you lose the data on CFS, it's faster to restore from backups. It took Wendell months of working and playing with tools to get any data back from that Linus event. He's got a whole video on it. Once you see how complicated it is, you know why there's no one making videos because there's only a handful of people that can do it. The two people that I know can do it where did the video together? I think it was, Wendell and someone else made the video just about CFS recovery. It's not something I recommend doing. As described, I got open VPN tied to Entra ID. The sync is on say AD server. Yep. Yeah, I would, Necky 8200 or 1537 are good high-end systems. The 1537 is pretty fast. Did I miss people giving you guff or not changing your name to Sunday show? Eh, live switch to live coding. I've been watching the background of our crew. Is it possible to set up router on a stick or layer three basic routing on a unified switch, Gen 1? No. It is not. Not that I know of. Tom needs to do live consulting to colleagues on a Sunday that means companies documentation is bad. No, it's one of those things where when a server takes a complete dive and it's not a matter of documentation necessarily, it's one of those we've exhausted the documentation and it still hasn't completely hit it. So the person doing the work on call on a Sunday is hitting some documentation limits with a pretty extensive problem. So I don't know about documentation being really bad, but this will get added to the documentation of process for things. Do you know a good way to get Unify OS Network Council to recognize all the clients in a network and show model info while running a PF sense router in the way without PF sense? I don't know. I have no idea how to get the Unify to show that information. Oh, you've seen an exact vision VM. Yeah, that's testing for, we have some customers using exact vision. Still be super interested to see a live stream of your, if you're working to it's impossible as confidentiality problems. That's the biggest challenge is the confidentiality problems. What do you think about staff members and people IT using AI chatbots to solve problems, get the steps, configure things? Yes, I encourage people to do it. How do you think of moving Unify? Would there be a big learning curve from PF sense of moving to Unify? You're going to lose features. You're going to end up with a firewall that's harder to do roles on in my opinion in PF sense, but it's not impossible. Now, this is something that I think should be in the documentation. It's not, there is a log he's missing. I know where it is exactly. There are logs in. All right, so I've cleared up all that. But I wouldn't switch my, I mean, it depends. I prefer PF senses of firewall because it's more flexible, has more features. If you don't need those features, then it doesn't really matter. You don't have heavy script of the crown job stuff. No, I do not. Yeah, it's cool because it can do the auto updates. I believe Kobia has some features for auto updates. I think, I think you can turn that on now. Let me look. Is there an auto update on here? I don't want them to auto update because I already had to roll this one back. This one I can probably get rid of. I'm not using this one anymore. I'll update it anyways for now, but I don't think I'm going to keep using it. The Homer update broke it, so I had to roll it back. I don't know why it broke. I didn't really dig into why. Router on a stick is a Cisco word for VLANs on a router. Yeah, but the question they had was, can I do it with just a switch and not a unified gateway? I mean, you need some other firewall to do it. I also think it's a terrible idea. It's a fun learning curve, but usually you aren't port limited on things so much that you need to do it. Do you use Cloudflare certificates for the apps on TrueNAS? Nope, I do not. I guess I could. I've played with Cloudflare tunnels. I spin them up for demos. I don't usually leave them on because I don't like trusting a third party to proxy things. Been watching for years. Appreciate the knowledge. Awesome. Is there a view plugin you recommend for PF Sense? Yes, N-top-NG. I got a video on it. So the TrueNAS Mini R will be fine for running core and being a mass storage whereas HL15 would be better for scale. It depends what you're using that storage for. For example, one of the problems I've had with the Mini R is this little processor here does not do well if you have really intense workloads for like virtual machines. So if I'm using this as a storage target for my VM system, it doesn't handle high volumes of NFS or iSCSI very well. It just starts choking on the processor. The processor hits 100% and you can't get the data. But for sequential data such as editing videos, it has no problem connecting and editing that at high speed. It just doesn't have enough bandwidth to do thousands of little writes and keep up with it at any speed. Can't you put your unify inside the PF Sense system? No. Highly not recommended. There's hacky ways to make that work. I can't recommend them at all. He sent me some error logs. All right, got that fixed. What is the best way to back up one TrueNAS scale server to another? Good question. The best way to do it is under data protection, build your replication tasks. As you can see, I have a series of replication tasks here. This is the way to do it, the best way. So this copies all of my video to the PurpleNAS. Actually, all these get destined for the PurpleNAS. So Tom's back up to Purple, my video archive to Purple. So these are all the options for doing that. At least those are my favorite ways to do it. Will you make a video about proxies? I'm not likely. HA proxy is the one I'm using. There's plenty of other people making videos about proxy. I don't use other proxies. I'm only using HA proxy. And there's nothing new to add to that video. That video for HA proxy is still relevant. Unify Express for a family member, my PF Sense with Unify Cloud Key Switches family member currently has PF Sense TP Link S4, but the Unify looks like an easy, dumb solution. Yes, I agree completely. When hosting Bitwarden, does it allow you to download encrypted XML file of all your passwords in case your homelab blows up? Sure does. More importantly, I have Bitwarden itself backed up. That's the more important part is making sure that you have backups of all the Bitwarden data. Bitwarden actually has, let me pull this up here. Bitwarden creates a backup of all the data. And I have a backup that data. And I actually have the Bitwarden SQL backed up. So I still go a step further and back up my XML files. But right here is all the different vault backups I have. So I even have 30 days of vault backups that are synced with syncing, which I love syncing for things. Because this backs up all my things, my notes, my phone. So as I take pictures, they automatically get synchronized to all the places I want them synchronized to in my lab. Sync thing is kind of my go-to from a backend real-time backups. What is the experience in that data memory usage? I see every time I have memory uses, which can lead to problems on smaller systems. If the system is that memory restricted, then don't. But I haven't really had an issue with it. It doesn't take up that much memory. But yeah, if you're trying to run this on some type of tiny device that doesn't have much memory, then you would have to be considerate of what you're running on there. Considering self-host of Bitwarden for a dark site, I mean, that's an option. You can just back it up. Even if you're not using self-hosted, you can just back up the file once in a while. And if the Bitwarden server's offline, if you're using the Bitwarden desktop or, and I think the desktop one's a little bit better for this, or you're using the Bitwarden plugin, the default option is if they can't contact the server, they still work. So if the server's down, I can still get to all of my passwords, because they're cached in the apps. Can I use a Cloud Key with a unified switch to still get all the features without the Gateway and have PF Sense as my Gateway and Farewell? That's the solution I use all the time. That's how all of our Unify stuff, even the Unify stuff I have at home, is all done exactly like that. You log into it real quick. Which one am I in? So here's my network with my stuff. And you notice there's a lack of a Gateway in here. So these are all my Unify devices without using, I'm using PF Sense. So you don't need the Unify Gateway. Thoughts on most recent Unify Express for Homelab personally. Idea but for an expanded two and a half gig internet, Wi-Fi 6 option. I think they're great for home users who want basic features. People who want a better firewall experience for their Homelab because they want to tinker more, you're going to be happier at PF Sense. But if you don't care about that, you know, Radial just did a video on his Homelab setup and he uses Unify. He doesn't spend a lot of time playing with firewalls, so it doesn't matter to him and Unify works fine. I like the flexibility of PF Sense more than Unify. So first you have to decide, do you need the features? And if you don't need the features, then yeah, you can go with it. I don't think it's a bad device. When you have wireless, what do you generally send them to auto? Yeah, I just leave auto on the power. What about planning, scanning tool do you use? I walk around with my phone and look for dead spots. Sericata or start for small business about 15 systems to servers. Do they have exposed ports? Do they open things up to the internet? That's the only time Sericata is really going to be helpful. Trying to monitor traffic with it is hard because it's a lot of false positives. It's not something we run in production that much for clients because it's not the best way to manage it. You have a lot of false positives to sort out a lot about. Can you say to Unify Express AP mesh mode? Sure. If you use another router, oh, I wouldn't buy the Express if you're using PF Sense. Why would you buy the Express if you have PF Sense? What is your recommendation for hardware getting started with Surenance? I'll look for the ability to connect six state drives. I mean, Brian Moses has videos on low budget builds, but the Surenance mini R is actually pretty affordable. So I don't know where your budget is. Do you recommend managing multiple users with Sync Thing and a central home server, separating users by devices folders seem messy? I don't know if it's that messy. I don't really think of it as a user management tool. I just connect all the things that need to be connected to it. So I don't maybe understand your use case of it. Upgrading proxmox. Should I go 7.4 to 8? I have no idea. I don't use proxmox enough to answer that question. Is IDS IPS necessary in a home environment? I let people decide that. It's fun, but then they realize how much work it is, and then they turn, first they turn it on to block everything, then they start feeling that they're under attack all the time until they realize how many false positives it are. And once you realize how many false positives they don't want to spend the time tuning it, then they turn it off. But that's not everybody's experience. You got to find your own journey on that one. There's talk of a unified edge device coming ultra. Need to play to you to our family members still using that? Yes, I still have them with the unified dream router. This may eventually end up as their upgrade, because the other one's getting a little dated, but it still works fine. Can confirm, tail scale is super easy and super simple, for sure. PF Sense is appliance for virtualize. You can virtualize it. You can load it on your own hardware. Both are options. I run Sarkot on my home lab internal network, so it does take two to three weeks to just monitoring and killing off rules to make false positives. Yep, that is, that is very true. Also true that Sarkot's not that most of the traffic's still encrypted firewall, they can't read it anyways. That's true as well. Both of those things are true. Let's see here. VLAN setup is done in Cloud Key and PF Sense. Yes. Sarkot is fine at home. You don't have the rest of the family wanting to kill you. Head scale versus net bird. Well, I've never heard of net bird, so it is net bird. Never heard of it, never used it. So I don't know if net bird's any good. No idea. I take that back. I kind of heard of it. I don't know how good it is. So they have a Windows, Mac, Docker, Android, cool. One thing about tail scale is they're pretty trusted because they've gone through a lot of security auditing. The problem I have with all these companies is, I don't know that they have or have not, but that's something that I care about is, have they gone through security auditing yet? If they have, awesome. I don't know because people have asked me about net bird, but I've never used it, so I don't know much about it. I don't know how much quality it is. Who's behind it? Not a ton of information about the people behind it, which is usually what I see here. I mean, it looks, I'm seeing if there's anything on here. And if someone can just email me, um, FAQ, here we go. Anything about security? So let's go. And this is like, this is tail scale, for example. Tail scale has got an entire security audit for their stuff. SOC2 compliance, security bulletins, works with external companies to audit this. Those are important things for making sure that the code's good. So it's not just about finding the code. It's also making sure they got through security. So until I find more information about net bird, I don't, I don't think I'm going to bother trying it. How do you know when a Docker instance is active running? You should probably use something like portainer or dockage is a new one, but portainer is more popular right now. And it can tell you all, it can give you a web interface to manage Docker. I use security union a lot, but it's a lot to take in. I found a compromise PC. It had a backdoor remote control soft front. And the end got their server that was stealing shut down. Yeah. I consider the possibility of by unified stress only for the layer three route in my unified switch. But like you say, it's not possible. I even try assuming window. Oh, no, I think the, what do you call it steam deck approved Linux can make a pretty good gaming system. A net bird is the former wire trustee products similar to tail scale. The old wire trustee was very basic, but does anyone know if they've gone through any security auditing that that's the whole thing that not enough people are really taking into consideration. This is why we have such a disaster of security constantly right now is it's one of those things like if you're not doing secure by design first, you're not going through code reviews and audits. And this is hard, especially you look at the big companies, they're failing at it. This has happened a couple of times when people have put open source products out there. And when someone takes the time to look at them, they don't hold up to scrutiny unless the team had a good secure by design first mentality on it. You know, bit warden went in with secure by design and still had third party companies find some problems with it. That's why they go through annual code reviews by two different companies. They alternate companies that do their code review at bit warden. I mean, it's not easy to write something. And when you talk about the transport layer, it's hard for me to have trust and VPN services until I know they've gone through some critical review. I actually talked about bit warden for a couple years as something I wouldn't use until they finish their security audit. And I held to my guns on that, that yes, I will not do it. But then finally, finally, they went through their security audit and then boom, I went and changed over to bit warden. So it's definitely one of those things like I, I don't have a problem doing it. I just I'm always worried until these companies go through some level of auditing. What does net data let you do? I have a video on it that might be better. Just search my channel for net data. I've got a whole video. It's just a monitoring tool. For me, Windows is only for playing games, but for personally me, Windows is for playing games in the occasional demo on a YouTube video to prove I could do something in Windows. But I'm pretty Windows dumb. I'm clumsy in Windows. Like I know how it works under the hood. I'm always clumsy as to where they keep moving things, because Microsoft likes to move things for the sake of putting things in a new spot. I don't know why they do it, but for reasons they do. Got my kids messaging me now. Let's see. Any good tutorials about multi peer wire guards setup where I can wrap between two different peers? Home firewalls, PF sense, others. I don't, you're trying to like have one system bridge the other. I don't think I have any tutorials on that. You could probably start with my how to build a wire guard server tutorial and go from there and start building all the routes in it. I don't really have many people asked for that question to build up a multi peer routing system. Yep, you can't and the anti cheat thing requires you to come back to Windows. Yep. Regarding STNs, your cheers is enough love also super easy setup and has some awesome built firewall. Yes, your tears a good product. I believe they've gone through some code auditing. I say I have the same standards for all these companies. How's your code audit look? I hope you cleared up my firewall question in the vlog Thursday email. Is there a firewall question? I think it's what I'm assuming it's the one you just emailed me and I'll answer the question now because you're here and I can pull the email up. I just upgraded network from Unify with protect. Now I want a better firewall. Can I just plug the fiber into the PF sense connect the Unify when to the PF sense land because I'm not sure how to get away from Gateway. I have a video on double Nat. If you want to do it that way or you can combine the two generally you're going to replace your Unify fire your Unify firewall with a PF sense one if that's what you want to do and chat GBP audit my code one day. I don't know that we're there there. Any thoughts? Thoughts on heightened regulation opens our software possibly compromising privacy and security. I don't know what thoughts I would have on that generally open source is better because you'll know if it's compromising you can look through the code and make better determinations you have to figure out or trust the company writing the software of what they're doing with the software. Netbird is saying GDP tower and ISO compliant. Well those those aren't security. I mean GTR is is privacy compliant. That's fine. I don't think that's a bad thing but I start with security then we'll go down to privacy. If you can't meet the bar for security you haven't met the minimum requirements. It starts with security. Privacy matters but the fact that you can self host these apps. I mean private self hosted apps kind of eliminate the privacy concerns because I control it then I am putting it in my environment and doing what I want and even if it wants to make calls out to places I can now monitor the calls it makes out and to make my own determinations. Security is way harder to determine if it's done. Application security testing is not cheap. It's not that these companies don't want to go through application security testing. The problem is it's expensive to do so. That's the that's the biggest problem with all of them. Do you still mess with untangle? Have there been any big changes or advancements? No. Arista's kind of let the company stay. I think they bought it. They're maintaining it. They're doing updates. I don't keep up with as much. We don't have many people using it. We have a handful of clients that just keep renewing their license but it works and it's not broke and the updates are working. For a multi-peer wear guard it's hard if you are new to the subject. If the server uses one IP address for the routing it's easy. Adding more peers with the WGX config you just need a different IP address for each peer. Yeah and then you just got to have the peers allowed to talk to each other and it should work. It's not something I set up off because no one ever asked me to. Recommendation for HEDs for a true NAS setup of roughly 10 terabytes of usable storage. I've been I just bought a bunch of Seagate drives. They seem to work fine. This is what I put in there. I got a deal on some Seagate Exos drives. So these work great. My Unify Gateway is a UDM Pro SE how to replace Gateway with PF Sense and still use Unify Protect because I have 30 cameras. Oh yeah I have a video that's complicated to set up. It's I mean it's not that complicated but I have a video on that topic. It's typing Unify PF Sense and my channel and you'll find the video I have on how to connect both of them complete with diagrams. As a do that just took a job and a place it lied on DOJ Fed Audits for 20 years I feel that. Yeah yeah people lie on these things all the time. I this is why I like you know transparency and open source and companies that actually do security and code auditing. It makes a lot more sense. Let's see where my employee notices went. Not it depends which drive. So according to your back please report Seagate has the highest failure each of all the brands but it varies the drives. Record age for this is always get the cheapest you can redundant setups if one dies replace it. Yep that is the that is a good idea. What services does your IT partner offers is what you use software in-house. All the same but more. So we offer all the same services we used to before. We merged and we've got more services we offer. So the differences we offer more Cisco more Maraki more experience more people more a bigger team since we merge. So it's all upsells on things which watch out for the green HTT. It comes down to which drives it's not even just a brand of drives because there's very few companies anymore for things. Western Digital is not with all their faults either. Yeah like buying cars. Some are lemons. Yeah all these companies definitely have some issues. There's nothing. Are these remote services or onsite services. I may be interested both. We have consulting we do around the world. So a lot of its remote onsite services are limited to Detroit and Toledo. Well some exceptions. We do out of state installs as long as people are willing to pay for a team to fly out there. We'll fly a team out there. We have companies doing that. We have another job we're doing where they're flying like well they're driving because it's close. It's easier to drive with the equipment but driving or flying is definitely on the list man. It just it comes with an expense. You know we've got people that spent thirty forty thousand dollars to get us out there to do a project sometimes even more than that. We had a school spend almost a quarter million dollars to bring my crew out there to get a job done and we did a big project for them and you know that stuff we'll do. It's just we're not going to go onsite for anything. I mean I don't know where the minimums are but you're talking about someone going to spend quite a bit to do that. Oh let's see. Yeah all of them have bad batches. It's it is pointless doing the brand argument for sure but I have an event to go to. I'm just trying to actually do this again tonight. Should I do a second stream tonight. Let me know in the comments. I told my kids we're all going. So here's a secret you don't know about me. Well maybe some of you know because I've done a video in twenty seventeen about this. I have a cousin who's a big YouTube star and I'm going to go hang out with her for a little bit at a pet event. So I'm going to go to a pet expo here in Michigan and go hang out with my cousin who has a big YouTube channel. Trivia would be leaving in the comments if you can figure out who my cousin is who has like millions of subscribers about pets. I told my kids I'd take them all out there to go hang out and my kids aren't young by the way my youngest is seventeen but I'm you know we're all just going to go and have fun hang out with my cousin and stuff like that. Let's see. Second stream please. Yeah I'll get the night people if I do a second stream. But yeah I indeed I do. It's a small trivia question. I built a computer for her on my channel. So if you dig around on my channel you'll find out I did a computer build video with her. It's actually one of the only pictures on my channel that has dogs in it because it's her dogs. Yeah stream twenty four seven I'd run out of voice. I'd run out of voice. All right I'm going to bounce out of here so I can get ready to go do a thing with my kids and that's about it. I think the employee said he's all set and figured this stuff out so I used to live in the Yipsey and Arbor here. Winners are so great there. It's nice in a winner. It's not too bad today but you're right. There's sometimes there's some challenges in the winter. All right I'm going to leave now. Leave your comments and thoughts down below. Connect with me over in the forums. Send your questions to vlog Thursday at LawrenceSystems.com and I'll see you next time.