 Welcome to Vlogthursy number 331. Signal Messenger Security, PF Sense 2305, Tech Talks, some live Q&A, and my phone going off because people sent me messages and I didn't mute it. But always fun times here. What typo? It's PF Sense, PFS. Oh, yeah, I type on PF Sense. Can I edit this live? Will it break things? I don't know. That may PFSENSE, here we go. I don't know what'll happen if I break it, but hey, why not save changes? Will he save? Will it dynamically update? I don't know. So yeah, PF sneeze, we'll go with that. So I don't know, let's see. All right, everyone. You know, I should like have typo bug bounties because man, people love looking for typos. That would be fun. In my usual, oh, it actually fixed in real time. Awesome, I fixed it, I hit save. Eh, I don't know. Let's find out if that works. People saying yes, I'm happy with that. Chrome tab. Where and when I'm gonna be somewhere. Let's cover that real quick. I've been wanting to put that right at the beginning for as people ask, hey, Tom, where are you gonna be? And I can easily answer questions like that. MSP GeekCon, that's where you'll find me in two days. So that's coming up just in a couple of days from now. Next week, I'm excited, man. Everything's booked for that. I'm also going to be at the t-t-t-to IT Nation Secure June 5th through the 7th. And I was just invited to, and until I figure out if I'm going, there might be another place in October I will be speaking at. I was just asked to present at a event. So I'm still sorting that one out, so. And yes, I do like Secret Ardvark Hot Sauce. It's Secret Ardvark, I believe it was called, right? For those of you who haven't heard of it, it was good, it's good hot sauce. I was like, hey, I haven't had this in a while. So Secret Ardvark Habanero Hot Sauce, which is this, which now it has an stupid ad thing to click on it, but thank you very much for sending me this hot sauce. It was good. Well, it is good. I haven't finished it yet. That would have been a lot of hot sauce, but I did immediately eat. I opened and immediately ate it. But yeah, we like the bravado spice Reaper one as well. So yes, awesome. Yes, thank you very much for that. Yeah, there's the bravado spice. And I'm trying to remember there was one more you sent and it's on the tip of my tongue. Literally, it was on the tip of my tongue. Ah, fun stuff. All right, back to the topics at hand before I get way off topic. You know, I'm glad you actually asked this question right here, I won't spend too much time talking about it, but I do plan to make some, I'm not going to do shorts. I want to make, because the shorts I feel don't find themselves into the discoveries much, but I want to do short videos that are like just a few minutes long explaining the difference between a Z-Val and a dataset. So Z-Vals are block storage. Pretty much you're going to use them for Ice-Cuzzy. It would be one of the most popular uses for them. Next to Ice-Cuzzy, you're looking at using them for like drives for a virtualization if you're using Beehive in Chunas Core or for using the KVM hypervisor. Because it's a block storage, it'll usually be assigned to drives in a virtual machine that's running inside a Chunas. So nonetheless, let's cover the thing I wanted to talk about. Because this is briefly, I wanted to talk about Signal because I have a handful of videos on it. I don't know, but maybe I'll do a new video on it as well. But it just just really made me laugh because the most common question on a Signal video is, hey, can't you look into insert name of new thing that came out? I don't know if it's because it's the new shiny problem where people just get excited when they see a new shiny thing and they go, but Tom, I know this like software exists and it works wonderfully, but this company made claims that they're secure. I mean, can't you take the time to review and get all your friends to use this new company's encryption? Because Converso, a com app launched in September 22, build itself as next generation messaging app that keeps your conversations completely private, according to the developer. They included proprietary state of the art and an encryption and absolutely no use of user data, blah, blah, blah. Now let me throw you this link for those of you because I'm not gonna spend all day on this, but I just wanna mention how bad this is. Like if I'm not mistaken, they actually shut down. I think that was like, yeah. Walks back, privacy claims, pulls stores, pulls from stores after a probe. Yes, they were that bad. Like I don't even know why these companies, maybe they think they're not gonna get called out. Maybe they know there's a community of people that get excited when a new app claiming security pops up and they're hoping enough people will try it, but I just thought it was weird. Signal is like the de facto gold standard for doing secure messaging apps, not only from a app and design standpoint, but also further, they are a well-run organization with good leadership, like top to bottom. Signal, there's a reason a lot of us use it. And Signal has added a ton of features since my review. So I was like, how do I do an update or review on it? I mean, I've been a long time signal user and now I have tons and tons of friends. It seems like in the last six months, there's been a just huge uptick in the number of people I know that are on Signal. It's getting to be where so many people I know are on Signal. And before it was always a lot, because in the tech community, there's a lot of people using it. So I'm always just hesitant to try these new ones. People are always suggesting, but Tom, there's this one or that one, or the fact that people hate Signal using phones, phone numbers. I love that Signal uses phone numbers. That's my favorite feature. Well, probably not my favorite, but it's definitely up there. Like it's a combination of the encryption and the use of my phone number and other people's phone numbers, because I don't get spam on Signal. Isn't that great? I definitely know all the other ones. If you have just a username that people can find and people can just make up a username arbitrarily, you will get scammed and spammers just bombing away at it. So yeah, that's one of the reasons I like Signal so much. Well, let's see. Yeah, proprietary is an open source. I know, it's really weird. Now there's other open source ones, but some of the problems they have is one, they're just projects. They don't have what Signal has, which is an entire organization around it. So that's, it makes a huge difference. Why hello, Marcus. Tap three times on the floor. I will be able to hear you. Ha, ha, ha. My son's room is slightly above, I'm listening for him now. It's slightly above my office. So he likes joining my live streams. But nonetheless, I thought that was amusing and thought I'd throw my two cents in there on that. But in terms of the PF cents, let's look at this real quick. Let's switch to that, because let's jump over to, you know, I should probably start with the blog post because we'll talk about what's new in it before we talk about me. I mean, I started using it right away. I just updated again. Signal will be banned in the UK. Yeah, that's an interesting turn of events. And this is back to Signal as a topic. One of the reasons like they have been very outspoken. They said, we will not compromise on this. And it's gonna be kind of a collision to see how far the UK takes it. Regarding this, I don't know what they're going to actually do. They're gonna try and ban the encryption for not having what amounts to like a back door on there. I don't know, it's gonna be kind of a mess. Not sure how that's gonna go. But there is good news, at least we can start on and that's gonna be PF cents 2305. Let's go ahead and throw that blog post for anyone else who wants to read it. But there's a lot, this is not a major release, but a minor release, there's new things on there. One of these really cool is this new pack of capture GUI. I thought this was just really a neat feature they did here. So let me switch to that screen. And they really enhanced, let me zoom in a little for you. They really enhanced the UI a lot here to give you all kinds of detail. Now I've talked about how you can use SSH and Wireshark right with PF cents. So you can just SSH attach it via Wireshark right in there and use Wireshark for all your filtering. But without having to do that, being able to say, all right, let's just go through any of these options and grab this and untagged filter, filter packets without any VLAN tags, tag filter. I mean, just little nice things they added in here to make this more functional and being able to build everything, only tagged, untagged, et cetera. Like it's just kind of a neat feature to be able to do this and put them in here. If you're doing troubleshooting, this is a pack of captures are common and having this built in a PF sense is nice. Having it built in plus more enhancements of it. Hey, that's a cool feature that they've added on there. Scrollin' down a little too. I have not played with this at all. Layer two filtering support, that's interesting. PHP updates. Oh, UDP broadcast relay package. I haven't really played much with these things. Mostly I just wanted to see if it didn't break. So I haven't really had to play a lot with this. Temperature values, added support for PCH temperature value, DNS resolver, automatic ACLs, IPv6, open VPN, SSL TLS client finish crashes, low fragment size and improve the open VPN wizard call for testing and upgrade options. Now, when I did my open VPN video just from the other day, I made sure to do it on 2305. It doesn't look that much different, but I wanted to make sure everything's been working. I haven't found any problems at all. I haven't had any hangups in 2305 that maybe think I should roll back to the previous version by the way, because we have boot environments. And matter of fact, I should fix this because this is technically 2305 working. Hit save because the current boot environment I have. But yeah, I haven't had any issues at all with updating. I updated a few firewalls that I have actually even sharing the wrong screen. There we go. Share this tab instead. But I've updated a few of these systems and none of them have had any problems. They update itself, doesn't take long. It's rather quick and pain-free. So have they added support for iDRAC and iLive integrations yet? I doubt they will. I can't, I don't see them doing that. Could be wrong maybe, but I don't think that's on their roadmap anywhere. I wonder when all this will hit PF Sense CE. You know, PF Sense CE is getting really close. Last I looked and let's, been a minute since I looked at the PF Sense. Let's pull it up. Red and mine. We have Sense 2.7. How close is it? 90% there. There's not a lot of bugs in here. So there's 58 open bugs, 519 closed, 58 open. So I would say it's getting pretty close. They are definitely getting there with it. But, you know, it takes time. I wish they'd update more frequently, but I don't know. It would be nice if they put it all in one and had a better way of handling it so they didn't have two separate developments. But I don't know. I don't always understand fully what developers are thinking when they do this. So it would be nice. It was all consolidated, but it's not. And I don't get to make those decisions. Writing firewalls is hard. So that's, there's not, there's a reason. There's not like a massive variety of popular firewalls out there. Because one, learning them is its own challenge. And two, it's just, there's a lot that goes into writing. A PF Sense just has an incredible amount of code in there to be able to do all the features it does. And stay secure. You notice they're not in the news much for CVEs and things like that. So that makes a huge difference. They take the time to do things right and do things secure. Now, things I have been playing with, now that I got those couple things all the way, mostly it's that announcement about the PF Sense. But I have the Zima board, and I want to do a TrueNAS video with it first. It's not doing much right now. I should probably load some apps on it. But these little Zima boards, I should probably zoom in, because it's really small, isn't it? See what's the, it's just a Celeron N3450. They're not particularly fast. It only has eight gigs of RAM, but it will run TrueNAS scale. And I'm even gonna see how well it runs an app and know someone's gonna have a debate about this. There's a reason I made a video about how much RAM or how little RAM I should say you can run ZFS with. ZFS will work with a low memory environment. Actually, let's create a data set for it. So let's add a data set. Sync thing. Save, there we go. Now we got a place to put the data. Apps available. Sync thing. Actually, I believe I have to go to the settings first and go to advanced to disable, host pass, safety check, continue, save, let that do its magic. Is PF sense targeted less because of its lack of popularity compared to 48? I would say no. I wouldn't say it's targeted less because of its lack of popularity. It actually has a pretty huge install base. Matter of fact, it has a lot of people that expose it publicly. If you look on show Dan, you'll be shocked at just how many people have decided to expose their PF sense web interface publicly. That number is way bigger than it should be. I don't really think that's the issue because it's used at some very large companies. It's used in a lot of data centers. And I think they just do a good job on security and 48 has a absolutely garbage history when it comes to security. If you look up like the magic packet talk with, and I have a video where I have a lot of links to this. If you look on my rant on 48, one of the things that they've done multiple times is hard code credentials. If you look at the magic packet or the back door they put on the VPN and it came down to them goofing up the code. A customer asked for some custom code to put a back door to VPN so it could be reset. And then they pushed it out in production. Like their problems aren't just the fact that they're popular. It's because they've done really bad things and stupid things. Now they have since refactored lots of code and fixed stupid things they've done. But anytime you see a SQL injection and things like that or I think that's one of the latest ones on 48, it's a lot of code problems that they still have. What would be better to run VMs on a Xenobor, TrueNAS or Procrox? I'm not big on VMs in TrueNAS. So probably Proxmox. I'm gonna also try XCP and G on it as well just out of curiosity but I don't expect it to do very well there. I might try it just to see if it runs. Kind of just a fun way to play with it. But I wanna run some firewalls on it and I wanna test it with TrueNAS. Those are the two things I really wanna test it with. Z, my board has few drives, two few drives. Well, that's where, let me see, can we, you just gotta get a card for it and then you can put five drives here and two more here. So you can put seven drives on it. You just gotta have the right, you just have the right board stuck in there. So, what's wrong with signal? Nothing, I love signal. Worked with the section of firewalls and VPNs between can be interesting but once you know what you're doing, deal with it. One of our cloud using PF Sense and I recognized it. All right, cool. Cloud PF Sense works. Makes a lot of sense for Z-Boards by a few of them. He's in a set of OSDs, not a lot of performance but you get a lot of OSDs together nearly as much. Yeah, but let's go back to actually installing something on it. So let's install sync thing, see how well it runs that. I think TrueNAS is a novel thing. If you wanted to have an offsite data backup that's low powered setting somewhere, I know there's no case or whatever, but it's novel. I'm just trying different things on it. I just like it because it's kind of a cool little board and it's x86. So you have a nice single board computer that's also x86. Now home assistant is something I think this would be very ideal for as well. This would probably make a great home assistant setup. I mean, don't get me wrong. I love Raspberry Pi's. It's the availability of Raspberry Pi's that has people looking at other options. So it's deploying sync things. It's not gonna deploy incredibly fast. I'm gonna throw that out there. Yep, still use ScreenConnect. And good news for anyone that's in the MSP space. I thought this was funny because this was a question we were asked last year. Where did it go? Here we go. This was posted in Reddit. I seen someone had posted, Connectwise Control will be rebranded to Connectwise ScreenConnect again. So we're coming full circle here. So ScreenConnect is now back to being ScreenConnect which by the way, anyone who works in the IT community using it has never called it Connectwise Control for very long. We all call it ScreenConnect. Yeah, so that's a definitely thing. So isn't Zima the same shiny thing you berated about the apps earlier? Zima? Oh, it's not a shiny new thing. It's a inexpensive x86 board. So I mean, kind of x86 board that also has a PCI expansion on it. So it's not that I'm jumping on the shiny new thing. I was a big Raspberry Pi fan. And me and, it's kind of funny. Obviously, there's a lot of us YouTubers that talk but we even talked about how it's almost pointless because when you do a Raspberry Pi video in 2023 or even later 2022, most of the comments are cool project too bad I can't get one. So you have to look towards things like you don't wanna talk about unobtainium when it comes to the products you talk about. You wanna talk about, hey, this is cool. You can do this thing and you can get it. You can have this. First, that starts with one of the reasons I like open source so much. It's very accessible to every one second. You have to run your code somewhere. So, hey, shouldn't you have an accessible x86 board to run things on? And that's how I feel these are. They're relatively reasonably priced. They have a PCI expansion slot, which is why I'm having a few extra drives on here. And yeah, I think it's pretty neat. I got Tuesday on the board set up running Plex, Tailscale and Piehole. I just, there was someone had mentioned, I think in the comments when I post this before, like these are apartment friendly. That's a big thing too, because you can make the debate and it's relevant, it's relevant. You could say I could buy one of those mini PCs like a used mini computer. The downside is of the some of the used mini computers or small computers is even if they don't have fans in them or you know, you get a passively cooled one, you don't always have any PCI expansion slots on there. And they're not gonna be as low wattages, something like this. This is completely passively cooled, doesn't have a lot of RAM, doesn't have a lot of drive, but you can, you know, have the expandability to put something on there. It has SATA ports on there natively. And with the expansion card, you can add more. So I think it's a neat novel board where people can tinker and start building things with. If it works on the Xeven board, it'll run on a modest desktop. That's another really important point because it's not ARM, it's X86, it's that much more portable in terms of like anything you do on here may not run as fast, but you can run it. For example, we aren't talking about TrueNAS on a Raspberry Pi, not because the Raspberry Pi is super slow or anything, but because it's ARM and TrueNAS has not made to run on ARM. The number of people asking, can I run PF Sense on a Raspberry Pi? That's a really common question. And no, there is no ARM version that is part of PF Sense CE at all. So you can't get an ARM version of PF Sense CE to run your own, but because this is X86, it will run PF Sense. The PCI card is the one from them. I don't know them, it's on their website. If you go to Zima's website, I don't know the name of it, but it's the only board they sell that's got SATA expansions on it. That's nice that it wants to, that it'll do that, that's great. Yeah, ARM Kubernetes cluster with 10 gig connections, yeah. I mean, serve the home has covered a couple of those ARM servers that are out there, but I don't know that any of them are all that affordable. Yes, this will definitely run Proxmox as well. And to my knowledge, and correct me if I'm wrong, Proxmox doesn't have an ARM version, does it? I don't think they do, I could be wrong, which also means no Proxmox on the Raspberry Pi's. ZFS with USB's. I will tell you ZFS with USB's breaks. The USB bus generally seems to not do well with a lot of drives attached to it. I've had a lot of people tell me that they had a lot of problems with it. I see posts and forums about it, so I don't really know that it's a good idea. It just seems to be a very problematic idea. I wanted to move my home assistant to a Pi, but for the price, I got a Nutco 11 instead. Yeah, Pymox is a thing. Really, I did not know that, that's actually interesting. Imox. Pymox, Proxmox V7 for the Raspberry Pi. Oh, that's cool. So, Pymox is a thing. I never used it, but hey, it exists. Xenoboard has a 14 terabyte shared, 14 terabyte drive shared over the network with transfers 110. Oh, okay, cool. Yeah, I think the problem that is where the problem comes in is if you try to run an array of drives, the USB bus just isn't really made well enough to share all the data between the drives properly. So USB wasn't really dry. I don't think USB was designed for the high level of data transfer when you're running an array of USB drives. It's not the ideal situation. It seems to be where it messes up. Like transferring data to a drive over USB is usually not a big deal. Doing it to many drives over USB, back to being a big deal. That's where the problems come in. Too many tabs open. Let's close a few of these here. What was I gonna look at here? Was it something else? Oh, Sync Thing is now active. So let's look at the web portal. Hey, look, it works. I didn't set any passwords or anything like that yet, but that Sync Thing is working and how much memory do we have left? Oh, look at this. We only have three gigs free. We can run more apps on this thing. By the way, the team over at TrueNax IS Systems is really doing a good job of adding. Look at the application list, man. It's gotten way bigger. This is from them. This is not the true charts. These are all the official ones that they have. So I like that they're adding more and more things in here. They got tail scale. They've got Terraria, MB, Prometheus, StoreJ, WGEZ, Home Assistant. So you could actually, you could run this as your TrueNax and your Home Assistant in theory. Create a storage for it, shares. Actually, maybe there's something I'll try on this is running Home Assistant. That just seems fun. I like that when my staff names things, they're always coming up with something different. This is the billiards pool. So that did amuse me. Home Assistant, save. All right, I'll go to the apps and let's see if Home Assistant works. Install. Do you know, I think I need to fix something before I do this. The time zone is wrong. That'll bother me. Or it'll cause some drama somewhere down the lines. What is the time zone for this thing? A localization, there we go. I love that Detroit's in here, that makes me happy. Save Detroit, there we go. Presumably you can't present new drives. Can't raw drives from another device across the network in sort of the ZFS. I mean, you could make it work. I don't know if it would work well. I wouldn't recommend that at all. XCB and G is actually working on, they have, there's actually armed versions of the XEN hypervisor, but not of XCB and G. I currently have ZFS pair with Iron Walls, so I'm not too scared to use it confidently, but it's been running for a few months. That's interesting. Will XO GUI be replaced with the style of XO Lite or no idea on that? They're going, when they do the new UI design, it's going to have dark mode and everything else when they get to the new version of XO. So the new, the new XO Lite is going to be similar to how the new version of XO looks. Do you have any recommendations for physical monitor solutions for Synology Surveillance Station? I get a PC, run the software on it that pulls Synology. System76 makes really nice laptops. Jay has, I think I've reviewed one of them a while ago. Jay from LearnLinux TV, I think he's done a couple reviews of them, but their laptops are really, they're nice. They're a good quality laptop. My only concern would be am I correct for the Zima board about RAM? I mean, you can run ZFS with low amounts of RAM. Oh, you know what? I forgot there was one feedback question and I don't know if that person's listening right now or not. They asked a question about MSP pricing. I'm going to say that's really something. And by the way, I have a complete another channel now dedicated to doing business talks. That's a great comment to throw on our business talk channel. Basically, it's about how you do MSP pricing versus break fix pricing. So whether people are under contract, do you charge different rates? The answer for us is yes, but that's a great discussion that would go on my business channel. Maybe I'll reply to the person as well. But yeah, I still have that set up. And I'm still taking when people want to send Vlog Thursday at LearnSystems.com feedback. So that's still a thing people can do. Question about Docker networking. You know if I use Docker networks to put containers on separate VLANs? Kind of. There's a way to do it. You have to build the different adapters like in different VLANs and then you would attach Docker to them. It can be done. It's more complicated than I have time to explain here. But yes, that is something that can be done. You can have like one instance with multiple adapters and attach them to different VLANs. But Docker networking gets a little complicated. Well, complicated if you haven't done it before. So it's a relative term. If you're an expert at it, it's not complicated at all. But when you're getting started with it, yeah. Definitely some complexities with it. Let's install some Home Assistant on this. Hey, it's in the right time zone. I think that matters for Home Assistant. Home Assistant cares. Everything else, why not? Hit save. Let that run. Proxbox and multiple VMs. Yeah, I mean, the networking and the hypervisor is probably gonna be a little bit more manageable. But Portainer makes it a little bit easier too. Have you migrated clients from Linux VMs to Docker containers? Not usually. Not like, we're not a big Linux lift and shift company to re-engineer Linux for people. So not usually. We don't have, there's some, but there's not a ton right now of Linux work. So it's not what our specialty is. Most of the stuff we're doing is more in the small biz and medium size, I guess it's all over the place. But consulting on the different specialties that we cover, virtualization or storage or doing small business support and managing all the computers and systems for companies. So not really, we don't do a bunch of custom Linux servers for people. We have some, but it's not a lot. I could do a guide on forbidden router sets on top of Processor, you're routing VLANs. I gave up and did extra network here to split my network apart. Yep. The forbidden router as referenced by Wendell. I love that Wendell called it that. It was a great video. I've done one before a long time ago and I thought maybe I should, maybe at some point I'll do one again. The breaking down all the steps needed to load everything into one system. One system to rule them all where you put your hypervisor, your firewall and your storage server and everything in one system to consolidate it all. It's nothing I would ever run for a client for production, but it's something that for a home user and a lab user with a limited budget and would like to have everything consolidated into one small package would be more ideal for. It's also a good learning experience, just understanding how all the technologies interact with each other. Had the same question at the beginning. Yep. If you use peer Docker Compose, I would run VMs to this as well. Kubernetes actually have more networking options than I haven't used it. VMware has stretch cluster feature. What is stretch cluster feature? I guess, I don't get the reference. Let's say stretch cluster. A deployment model in which two or more virtualation hosts are part of the same logical cluster but located in separate geographical locations. Actually, yeah, the answer would be yes. I never called it a stretch cluster, but you don't have to have these at the same location. I can have these connected over VPNs. It will work as long as the VPN stays up and they stay in sync. You can even live migrate across the VPN, although it's probably not the best idea because things can possibly go wrong. But yeah, having one box means, well, it means an update to your hypervisor can make everything go down. So that's something else to consider. Home Assistant, well, cool. So Home Assistant plus true NAS running and go back to this tab. We still have some memory leftover, don't we? Oh, look at this. We still have 1.2 gigs of free memory. So, and we've got 2.6 gigs for ZFS cache. These things are nice lightweight applications. Yeah, stretch cluster sounds more like just cluster something because I don't think it's a great idea. I don't, this is the way I would manage that. Like if I had to have, and we have clients that are managing it this way, where they have XCPNG pools and they manage them from one instance of XO, but they just have each pool at each location. That works fine. There's not a reason for them to be in one single resource pool, especially when that resource pool is in different locations. Yep, we have a separate channel. What I'll do is let me drop a link to it. Ornstadt video slash biz, we'll get you there. I'm gonna throw a link in here, but yeah, we have a separate biz channel where we post all the business stuff. It's called business technicalities. We cover all kinds of stuff in there. I don't post as many videos myself there, but I have Brett and Chase and Slagle are rocking it out there. I gotta come and do a couple of, I have a couple of videos I wanna post to that channel. But they're doing a great job. They are interactive, they're answering questions. So yeah, reach out. That's where all the videos go when it comes to talking about the business stuff. I found that every time I was doing business videos on my main channel, I would lose subscribers. But I got the best feedback from it. Like the business videos got really good engagement, really good comments, people that really enjoyed them, but obviously the technical people didn't. I said, well, I can't make a channel that's all the things. So I made this the technical channel because that's mostly what it is. And then just created a separate business channel for all those other talks to go. With VMware and HP Nimble Storage, you can set up a Metro stretch cluster as they call it. And Travis does get to hear the live version being recorded. They record a live version on Tuesdays. I think they release them on Wednesdays, but the Tuesday is the recording day for the business technicalities channel. But yeah, go ahead and subscribe to that channel. I've got it linked in all of my videos. This is where the business videos go. I need you to do me a little more promoting on it just so people are aware. Like, hey, this is where my business content is. There's a lot of good videos on there. We try to talk about a lot of very relevant things for people that are not just working in tech, but business related to working in tech. Well, let's see, close a few more tabs. So we got Sync Thing and Home Assistant running on the Zima. That's pretty neat. Like I said, it's a novel board. I like playing with it. I maybe I'll give some away. I haven't done a giveaway in a long time. I got scared about giveaways because of problems some YouTubers had where YouTube didn't like the way things were given away. So I kind of shied away because I was giving things away for a little while and I'm kind of like backing off it for the moment. Sorry that I'm yawning. Tom, any cheap commercial server for, server that for Home Lab? I mean, it's whatever you can find. There's no like secret place for them. eBay's popular. I've talked many times about LabGopher. If you haven't heard of LabGopher, it's kind of cool. LabGopher is where you can find deals on servers on eBay and things like that. You know, what made me tired is I just had lunch. I mean, I got that, just before I was doing this I was eating and now I've got that like post meal lethargicness is snort on PF Sense for Home a Good Idea. That depends on you because will it work? Yes, will it have false positives? That's what you get to learn. It's one of those things where it's pretty neat but the number of people that wanted to work like magic or don't like that it started blocking things if they turned on blocking mode it's a good learning experience because you'll start seeing all these alerts and then you just start Googling all the alerts so you can understand if the alerts are real or what many of them are, are false positives and this is all the fun of tuning. So I think from a learning standpoint it's a good thing to use. If you want to be more secure I don't know how much more that really will help your security. So instead of PF Sense and Snort could you maybe try using a wire shark and a Miraport switch for it? That's a different use case though. If you wanted to do a Portmere that's only passive in terms of like if you want to apply some rules to it to see the traffic that's passive with Snort and Sericata they can work in IPS mode or they can work in detection or prevention mode. So in IDS is Intrusion Detection System or IPS Intrusion Prevention System you determine whether or not you want the result to actually block the traffic that it finds with passive you're not going to get that. We only 3D printed a holder for the card for the Zima so I don't have an answer for the, well I kind of do maybe not the one you're looking for but we did 3D print a little case for these drives so there's that. I don't know if that's the solution you were looking for but we 3D printed a holder here and yeah. So I don't know if that's what you're looking for or not. I've not spent a whole lot of time searching for the perfect solution for that. Live on a business, you know when we get enough subscribers that might be fun to do some live stuff on there. It's really hard when you don't have subs going live doesn't help you either because no one shows up. So it's certainly not as interactive once a month may be reasonable. I don't mind doing it, it's about the values. If I'm going to put the time into something can I create value for people on there and the live streams create value because I have a lot of interaction here. I like the Q and A part that we do here. There's like 150, 130, 140 people that are coming to these live streams, 124 at this very moment but when I have gone live previously on the business channel it just doesn't have the subscribers yet. We're getting there. YouTube is one of those things, it's a long game and being that it's a long game takes time before you get all the people on there. Well, it depends on how you configure it. Snort can be passive or can be active. So it truly comes down to how do you want to use snort? Do you want to use it as an active system? Well, then yeah, you can certainly do that. You can go in there and look at the alerts. Let me see if this shows any public IPs. Nope, I don't even know what these are. But, oh, what we'll do is let me filter for this because I already know what this is. It's my son, filter for his source IP filter. Ha ha ha, share this tab instead here. Here's all the false positives and whatever. Well, this is just user agent launch or I don't even know what all this is. This is my son's computer. And I just haven't taken the time. I loaded snort and set it up but I didn't take the time to tune any of it. But this is my son's computer right now and how many, there's a lot on here. I should probably get rid of whatever this is that it thinks is a message. See, can force disabled or move from the current rule set, why not? ET policy user agent launcher. It doesn't like whatever this is. It says it's a potential corporate policy violation. These are the things that you have to do when you get in the snort and start fine tuning it. Do you have any automation in place for TrueNAS PF sets? TrueNAS does not lend itself to being set up with automation tools. It's just not designed that way. Part of the reason why is because they do everything inside of a database. So because they have a database that they're storing everything in, you can't just update the config files to the way you want. You can't use Ansible to try to say, hey, set all these configurations settings. So that's not how TrueNAS works. So no, I don't have any automation around it. Now PF Sense does everything in an XML file. So kind of the same thing. Now you can build custom XML files and then just push them to PF Sense to get a base configuration, but there's no real official automation that works well with PF Sense either. So neither one of those are, you know, things that really lend themselves to being automated like other servers do. So there's not like an automated, you know, here's an Ansible script that will automatically deploy your TrueNAS in PF Sense systems. It just doesn't really work that way. Not something, gotta say thank you for the video from a few years ago on PF Sense VPN setup. Yeah, and I got a new one now. So watch the new one so we can talk about or debate about ciphers and things like that. Cause I know that was like among the topics that came up when I was doing the open VPN video. I made sure to come in there like I chose this is even recommended for our, from the people at open VPN unrelated to PF Sense, but they're like, yeah, you should use the Cha Cha Poly one. It's a solid protocol. AES isn't bad either. So it's not like you can't use AES, but Cha Cha Poly is really popular. There's a reason that it's used in WireGuard. Do you have any way to compare commercial hardware to TrueNAS? It seems no one compares them. I guess what do you mean? Do you mean how is it compared to a three par setup? If you ask the client that we're working with that has a three par system, they would, they will tell you that, you know, they're looking at TrueNAS and other alternatives because they have a three par system. Generally speaking, it comes down to the support contracts. Now for enterprise, you're going to see a lot more people with the set it and forget it attitude. Like they just want something that just works and they'll buy a long support contract. And you know, some of those solutions where it's put in, no one tinkers with it are usually good enough. But we definitely have replaced many of these in gone head to head with things like, I think it's HP calls it nimble storage and a couple other ones. And we've sold commercial TrueNAS systems. We actually sold a lot of 45 drive systems as well as an alternative to some of the commercial available out there. The problem is it's not easy to directly compare these because you can't even get public pricing. You have to buy like through resellers on these other systems and they're so different. It's not exactly easy to compare them in terms of, like I couldn't even find on one of them exactly. You got to talk to a sales person because I didn't see and correct me if I'm wrong on this. I think it was HP nimble doesn't have a good listing for exactly how many IOPS and how much it costs to get those IOPS versus you can work that out easier with the TrueNAS system. That's usually what you need. You need a certain level of base performance based on the workload. So you have to first understand the workload you're gonna use these for. Is it video storage, which doesn't need high IOPS or it needs a lot of stream speed or is it virtual machines or databases, that need high levels of small rights and how do you wanna configure that system? It's not an easy thing to compare. Storage is a, it's not as black and white of a, it's this fast and this and that's it. So yeah, BIOS is neat. You can definitely automate the BIOS system. That's gonna be something that lends itself to being built with automation. Yeah, we just looked at a quote and I can't remember how much less the TrueNAS was, but I mean, here's the problem of buy and do it. It's a matter of budget. I don't have the funding for my channel just to go out and just buy $80, $90,000 servers from each company. So if someone gave me a half million dollars to build the benchmarks, sure I could, but it requires half a million dollars to buy three different systems and run a series of benchmarks on them. That's where it gets a little bit trickier. TrueNAS doesn't do HA cluster. TrueNAS does HA failover with TrueNAS scale. They have a dual motherboard design. TrueNAS is gonna be where you're, they wanna use Gluster for it so you can build, but this is beta right now, this is not release. They are working on clustering with Gluster with multiple servers or if someone needs that type of solution, we'll usually sell them a 45 drive server and 45 drives will use SEPH. So you can build a SEPH cluster with 45 drives. It's not gonna run TrueNAS though. It'll run usually the Houston OS along with a SEPH build set up from the team over at 45 drives. So the short answer is TrueNAS does not have clustering yet. They're working on it with Gluster. But also if anyone wants to just buy me a few of those really high end servers and send them to my office, I will test them if you send them to me. So our address is on our website. And so if you have an extra $80,000 and you just wanna wire the money, I can help you with that. If you want to buy a couple of these services, send them over to me. Like I said, address is on the website. I don't mind. I know I can get the people at TrueNAS because they had before. Like if you sent me a storage server by Peer Storage or one of those companies and you mailed it to me and then I can usually get IX systems to send me one. They'll send me a demo unit to compare it. So I mean, we can do that. Oh, why is there Raccoon Jedi? I typed in to Bing Search. This was fun. I was using, not Bing Search, the Bing Image Creator to Dolly one. It's free, so I use it. And I typed in, I was just really impressed with how this turned out. I'll just pull it up, it's better to show you. I think this is better visualized of where this came from. We were talking about Red Pandas and I was actually really shocked at how well Dolly does Red Pandas. So this is the Image Creator for Bing. It's free, I'll pull up my creations one second here. So I make a lot of dumb things, but I mean, come on, Red Panda hacking computer. I was like, look at this, it just works. It also, so there's a couple of things it does well. It does Red Pandas really well. And it does, I mean, it does, sorry. Yeah, Red Pandas very well. And it does pandas and sombreros. So panda wearing a sombrero made me happy. So I made that too. I'm shocked at how well it does those things. So why? Because I can, because I typed it in. So do you have any insider on when WireGuard will be as practical, easy managed open VMCNs? Never is my answer on that. The reason why is because WireGuard is a different use case. WireGuard makes a good site to site VPN, but WireGuard does not have user management and it's not something that I'm aware of. The person who wrote WireGuard didn't go, hey, user management's coming later. No, he designed a protocol that was really simple, easy to use and very fast, runs in the kernel, supported in Linux, supported in a BSD, but that's where it stops. This is why I didn't understand the people's arguments and I ranted about this when WireGuard's early releases of people going, but Tom, it has less lines of code than open VPN. I'm like, it has less features. Of course you could have less lines of code. It hasn't been around as long and obviously it only supports a single cipher, meaning it doesn't have to have all the extra code that comes with all the extra ciphers. Also no user management. So that can be a challenge. And this is why open VPN is so popular still and will remain popular for a long time because it does have user management. It does have a lot of different features inside of it. So people use it. You can, in PF Sense, tie open VPN to radius authentication, LDAP authentication, which means you can tie it to your Windows server. So we have clients we do this for. They have a lot of users. They are already an active directory. They don't wanna put them and manage. No one wants to manage multiple sets of users. We barely wanna manage the users we have. We don't wanna have to manage multiple lists of them. So then you go ahead and put them together in one by tying it to active directory. So I don't foresee that anytime soon but tail scale is an easy example of building on top of WireGuard. So tail scale will put things on top of WireGuard like a whole user management and all kinds of fanciness on there. And I think tail scale is an awesome example of using WireGuard properly to enhance a product. Maybe they'll pay me to benchmark their system and channel figure. Yeah, I don't know. Single cipher is a main limiting factor. Yes, no, I feel as though the Cha Cha Poly cipher they use has been around long enough that there's not any flaws I'm wearing it. If there is, we're in for a really bad day on the internet if someone figures out a way to break that. I mean, yeah, it would not be easily changed because everything that's built on WireGuard. But then again, I mean, it could happen. Someone could go, I found it. I found a way to get around this cipher. It's pretty well vetted so I don't think that's gonna be the issue. And I think if it is the issue, it's not just Cha Cha Poly. If someone figures out a way to break the way our ciphers work, it'll probably break a lot of different ciphers if someone comes up with some clever method of doing it. And don't even waste my time saying quantum computers will do it. Cause no, I'm not, that's a far, I don't know that that will happen even in what I would consider near future of the next 20 years. Quantum computers, we've been on the edge of quantum computers for a very, very long time. I never got LDAP 2FA working in PF Sense. Maybe it's forum time. Just WireGuard for site to site. No, maybe I'm a client VPN setup. Yep, Seth really isn't good for small IO rights. Check out, inhibit vSAN technology instead for bare metal servers. Anytime you do use these clustered file systems, there are disadvantages with them. There's ways you can tune them. And I actually had the team on 40, if you look, I have a video and maybe I'll do another one coming up again, but I have a video on Seth's storage with the people from 45 Drives. But we talk about that. There's limitations to small rights, to small reads, but there's workarounds for those. And there's a reason they use Seth because they used to use Gluster. Gluster doesn't scale to the way Seth does and they are doing massive amounts of data at 45 Drives in terms of the size of the clusters they set up. Could you use WireGuard and dynamic running shows? Do you see Overlay being widely implemented in that way? I think that the Overlay networks are becoming more popular because they solve a problem differently and tail scale is doing really well in the market. Like in terms of people adopting it, they're growing as a company. The demand for that type of networking is definitely growing. It's really popular amongst IoT companies. And if you're into doing DevOps, similar Overlay networks such as Nebula, which my friend owns, that company, Define Networks Nebula. If you look for Nebula Overlay, you'll find it on my channel. But that, once again, is also something that's done a really, you know, done really well. So it solves the problem differently. So yes, I think there's gonna be more of it. But it's one of those things. It solves a problem that a VPN couldn't easily solve, especially dealing with a lot of IoT sensors and things like that. Things like tail scale just kind of solve that problem. So VPN wouldn't even been used. So now you solved a problem that VPN couldn't easily, your traditional HubSpoke VPN wouldn't have solved before. And you expanded the market more. You didn't contract the, you didn't cause the other market to contract. You expanded into a new market with it. So yeah, quantum computers will eventually break things, but modern quantum resistant ciphers are not on that list of things. This is so true. And people do not, like if you type in like quantum proof ciphers, they exist, many of them are in use now. So it's not where I worry. I've never tried WireGuard and BGP on PF Sense. But I mean, I imagine you can integrate WireGuard and BGP together and do dynamic routing on it. But to my knowledge, I don't know if it would work on PF Sense or not. All right. Well, I am winding this down because I have an event to go to this evening. And so I'm gonna end it here. I will make a dumb comment. So do, do, do, do, do. Here, this is what I'll leave you with, this stupid me being silly. So I did take a couple of days off and I went up north and I still spent all my time going through logs. That's what I'll leave you with. So TwinGate reached out to sponsor me, like because they sponsored Network Truck for a video, which means everyone keeps asking me about TwinGate. I don't have an interest in a product. I thought their documentation wasn't that great. They reached out to me for doing a sponsorship. I said no. So I've never really, I looked at it and said it's a proprietary version of tail scale with some different features. It's not like one-to-one, it has different features. But basically when someone in Network Truck is a really popular person in there, but he gets sponsored for something, it's just, it's predictable. The number of people when Network Truck gets sponsored for a video that will run and ask me about it, I knew as soon as I seen that video get posted, I'm like, oh, look, he took the sponsorship money from TwinGate. That means people are gonna be really asking me questions about TwinGate. So I did the video about, is it a VPN killer? Cause I actually tweeted back and forth with the Chuck about it not being a VPN killer. He was right about it being, it's not a bad solution that I know of. I don't know any problems with it. It seems to be, they have enough money to sponsor Network Truck. So, so that's my thoughts on it. I turned down the sponsorship money. Still starting to get PFCENSE to route to my VXLAN hosts. Yeah. So I'm glad everyone liked my jokes about logs. It's a lot of logs. Like legit, I was like, I was really impressed with how many logs. I was like, they de-forced the whole area. Let's just see if I have a picture like, I stood, yeah, I stepped back further for this one. And I'm like, there's just, this goes on for like half a mile too. So there's so many logs. Gonna need a giant log server. I just thought it was funny when I was out riding. So that's what I, for those of you that don't know when I, this is when I go offline, I'm usually going up North somewhere. And I bought another motorcycle. So I was riding this little motorcycle all around up North. Northern Michigan is very sparse and beautiful and no real internet connection. So it's where time goes when he doesn't want to be online anymore. Fun stuff. How do I love, I love the Honda Trail. I am really happy with this bike. So it is a lot of fun. It has been, I kind of, I've been wanting, I have the original Honda Trail and then I wanted a new one. And it's, like I said, it's just a fun time. I'm shy. I got the stock tires on it, which really sucked. But yeah, look, man, motorcycles, man, they just kind of accumulate in things like that. That's kind of a thing. So I have big motorcycles and little motorcycles. And yeah, it's just, I like motorcycles. I grew up on them, so the addiction is still there. Oh, there's probably a lot of bugs in those logs. Lots of bugs in those logs. All right, well, that's it. I got off topic, so now it's time to leave. Everyone, love hearing from you. For those of you that'll be at MSP GeekCon, I'll see you there next week. And until then, I'll be back in time for Vlog Thursday, though. I come back on Wednesday when MSP GeekCon ends. So everyone, awesome, and see you next time.