 There it is. I was looking at the wrong screen. I was like, why isn't it live? I've got more than one screen up Welcome to vlog. There's a number of 358 Home lab tech talk and live Q&A. Happy Thanksgiving for those of you that are celebrating Thanksgiving I pretty much I think it's just a u.s. Holiday, but I believe like any holiday Probably there's people celebrating things elsewhere because the interesting thing about holidays is it's kind of fun Just mix all the cultures and say hey, let's do this over here. I don't know. I have friends outside the us That you know, maybe because they brought their us heritage with them are celebrating it either way That's why i'm doing it early in the morning today is I have lots to do traditionally Thanksgiving is a Day that people get together eat a lot of food and there's a lot of family things usually going on So I didn't want to one People who want to catch the stream go. Oh look I can't really precipitate live because I'm doing family things also myself. I'll be doing family things. So That's why I'm doing it now. Anyways that little long ramble right there Welcome everyone. There's not as many people here in the morning as I kind of expected That's why I usually do things in the afternoon, but nonetheless Let's start talking about a couple things and one of them is going to be security this is a Topic I want to dive a lot more into As always One there's just going to be a lot more security things to talk about. We just dealt with our We're kind of dealing with delegated There's a customer a client if you will someone who's just booked some consulting not when we manage But there's always a lot of things when they go wrong There's a lot to talk about because it's not at all about talking about the company It's about all the processes they had what processes worked what processes failed How they could have done better because Bringing forth a lot of that insight is how we help people prevent this from happening in the future and uh, that's a Really big topic me and jason were kind of rolling around and definitely want to dive into Just some of the overall lessons learned on things And i'm going to share this thread right here over on reddit so people can read along with me This is Kind of related to it and i'm going to jump to the part here. I love that huntress did this They did a nice threat report for what they see small and medium-sized businesses And there's a lot of details in here But let's just jump to some of the stuff in here that I think is really interesting because i've seen so many changes and One of the discussion at reddit post is great because once again huntress very much engages the community on things But the summary of all the different attacks that they've seen this is just really interesting because a big Right here This is the part that people This is a result of better security But this is where the threat actors are pivoting to a decreased reliance on custom tools and especially malicious binaries and intrusions Until final actions such as a ransomware deployment As a result many classic mechanisms for identifying emitting threats such as peer antivirus solutions are less effective for countering intrusions and What they're doing here? There's a couple factors one's called lull bins. I love that. That's called lull bins live off the land And this is because there's so many tools available in powershell and everything else that you can Build quite a bit of tooling with the existing Binaries that exist to figure out how to attack an adversary So these threat actors get in here and they're like, hey, i'm gonna Not going to run some weird software or download some weird software that'll get caught I'm going to use the currently available tool sets This is why tools like seam are becoming so important anything that can monitor for changes and go. Hey That's unusual This person in this particular department doesn't usually run powershell in this way or these commands and then that leads people to Understanding security better. This is just a really nice in-depth report kind of showing And we work with huntress so we're aware of a lot of these things The huntress did a nice summary of them But these are discussions I have with the huntress team because I you know probably engage with them maybe once every week or two You know just discussing with people there I ended up knowing a lot of the different hackers That work there and uh, there's some really smart smart people there to keep an eye on this Tool usage intrusion scripting your object non-mailware 29 percent. One of them in here though is the rmm tools There's a summary of this right here Observed rmm tools this is This is the challenge and I've run into this a few times myself Connectwise is getting better at this, but hey the success of the product is a big reason the Screen connect being used as an initial attack factor. There's a couple different factors in this sometimes it's one of those things that you run into where Someone gets a hold of the it persons The msp their screen connect session to take over the client that does happen sometimes But a really common thing is people spinning up or specifically those people are threat actors Setting up instances of these commonly used remote tools that you'll find Out on the internet they go. Hey look, this is a popular tool And it's not going to be flagged by any type of av system because it's a legit tool It's not the tool. That's the problem It's once they get someone to install the remote access tool Then they use that tool to pivot and do the things that they want to do because it runs at a high privilege level So this is it's just breaking down things that we really know and kyle talked about this at the it nation We talked about this in our talk. We're going to do an updated talk of how I would hack you identity focus security What they're doing so often when I get on these isn't always ransomware But a lot of times looking for business email compromise It is amazing how much of it's this and I know they have a chart in here for this Suspicious inbox rules are 47 of what happens. So they get on The system you have two factor you've got all the things done right with your office 365 or even g-suite account So whatever your cloud account is Instantly the moment they're on the system They grab your session tokens because they can't bypass the 2fa They can't bypass all the security you put around the login But if they get on your system that is logged in they steal your session tokens And the next step from there because session tokens if you've done conditional access policies, right They expire. So you're constantly having to re-log into things but So they don't have to re-log in they start modifying your rules almost immediately So even if you find out a threat actor was on your system and you get them off and you didn't get ransomware You don't know that all the problems are solved because you have to understand whether or not they stole those session tokens And I made a mess of your email And this is absolutely like something you just have to watch because this suspicious inbox rules. Yep That's what basically happens immediately. They start forwarding your email somewhere else Because by forwarding your email to where they want it to be forwarded to and especially if they're leaving a copy for you So you didn't even know what happened. So you're still getting your emails They have rules getting your emails. They start doing password resets via email And maybe they create a filter that stops Password resets from getting to your email, but it does forward those to them There's different rules that they may follow to get into your system But um go through read through this report give you an idea of what the threat landscape looks like I just thought it was great that they put this out that there's also no paywall. There's no, um Advertising here. You can just read all of this data This is great. This is um, I love companies that take the time to publish a lot of this out there Oh and the good news is quackpots are going down. Uh, this has been a mail where it's been around for a long time So there's some positive news in here, but man Post intrusion access tools observed. This is the trend now We're seeing less cobalt strike and more of these rmm tools. So yes Default ports any benefit in changing them You know Very very little you you may get a reduction in noise because if I had port 22 open to the public internet There's going to be just a lot of things that look for it But if you look at the modern tool sets that are out there showdans an easy example Showdan doesn't care what port you put things on you can put it on a port and it'll identify the port that it's on So if you find that whatever thing you have publicly exposed is already exposed in showdan People then use showdan to start figuring out and there's other tools besides showdan But showdan will start making it easy to figure those things out going. Oh, look, uh, they've moved ssh or Some other service to this other port and it'll still identify the service But you do get some reduced noise because there's out there plenty of tools just scanning for port 22 Or whatever common ports are out there Good morning from germany awesome The land down under awesome all the way you australia i'm assuming Welcome to your first stream Yeah, doing it in the morning I'm probably going to get some different people in here because it is I get a lot of people in the afternoon Um when I do it, but that's going to be a lot more us I don't think because I'm on the eastern standard time, uh as many people are awake this early But imagine european people are like, hey, it's not late at night for me Oh, let's see here What was the other thing I didn't have a ton of things to bring up today Because I was going to keep it rather short because uh to get on with some of the family things Feel free to throw any questions you have at me. Hello from norway netherlands. Absolutely Oh, this was uh The true nas I gotta find the bookmark for it Yeah, the True nas is bothering me a bit by this I don't know what the solution is but I posted this the other day I it's funny because I usually if I make a video, I know people from true nas I tagged them in my uh twitter posts about the video. So I know they see them But no one's really addressed this issue in true nas yet It's europe europe europe prime time. Yes, maybe I should do some morning ones calling my european live streams And it's late night in australia so Lunchtime in the uk turkey day absolutely But this right here, uh min i o so it's already been deprecated from the latest version of true nas scale And they turned it into an app, but then it's also now been announced It'll be missing from the next update. So 13.1 of true nas core will also get rid of min i o Now it's good reason for getting rid of it. It's got some security problems But it's just kind of annoying that they haven't really addressed the certificate issue in it And you're like telling people to use it. You're putting the option for security certificates, but not Working or testing it properly and you know, I post it in the forums and i'm got dead air I got one other person just says I have the same problem and i'm like, okay Oh, and now a third person just thumbs uping it So that's the latest alert on this is a third person giving me a thumbs up on this problem These are some of the annoyances I still have like I don't know I I don't rely much on any of the s3 stuff But if I know a lot of people do we've helped enough clients with it and my solution has just been to run it in a linux system and Set up min i o because it's not that hard to set up and then point it back at the storage server It's kind of a pain compared to you think you're nas having something integrated like this would just be an easier way to do it But this has not been something they've been able to really sort out I had servers on the open internet used to do fine by running ssh Alternative ports starting a few years ago. There have been lots of brute force pass. We're guessing on the alternative port. Yeah, it As people start changing ports things just move the same thing like people who move rdp on separate ports This happens a lot You obviously find tons of them on 3389 looking at shodan, but uh, yeah, there's lots of rdp not on those ports anymore It's on other ports, uh, let me find out here shodan Oh, this is fun We'll grab i'm gonna share this tab here Uh, this one said it had rdp. Let's find out Oh, this one's on 3389 Let's find ones that aren't on 3389 3388 eight for example Hey, look these people changed. There's the 3388 So it really doesn't matter You know moving a port it's still The Its response is rdp is kind of as simple as that Which which doesn't bode well for people because then now it's exposed and then flaws and rdp are a problem Have you any issue with pf sense 2.7 upgrade systems and it corrupted both To the point where they can't boot so far none of them have caused a problem. Um I the thing I tell people to do is before they update reboot your system Because if the system has a problem that keeps it from rebooting and then you also loaded an update The problem still existed and the update didn't fix the problem This is one of the just processes reboot it once before you update Then you know if it doesn't come back there was going to be a problem. So this is where These systems have really long uptimes matter of fact Most of the uptime is going to be probably since the last update And if something goes wrong and something runs out of space But maybe the box just keeps on working because the service is having crash But they won't start back up on the next time. This is why a reboot is important Oh, they Yeah, I've seen um It's been on my to-do list to test I got to get back to that uh testing crowd sec with pf sense Let me look that up. It's not an official one is the one thing that drives me nuts, but I do like crowd sec Let me find the uh There we go There is an article I'll throw here. This is right in the netgate forums. I'll see testing for pr Or anything Crowd sec finally coming. Is there any updates a day ago? Actually, let's look further. Is it in there now? That would be interesting So I got so busy. I never really had time to test it on there systems We'll go to the packages available Yeah, I don't see it any available packages yet. So I don't think it's officially there So definitely looking forward to it being official though Uh, nobody has mentioned anything about removing open vpn and cobia can't find an app for this I don't know why you'd want open vpn in your Uh nas. I've never thought to do that And I don't think vpn inside the problem is you you need updates more frequently than I think the app can be updated Or is updated is probably a better way to put that but the um Change over an xc. All right. Let me find this real quick. Let's actually Pull this up The better solution I think if you need vpn tail scale is definitely one of those options So what vpn options are in here? Yeah, the current vpn options are Wg easy tail scale and zero tier so you can still use wire guard in here But I don't I don't really have a use case where I'd really I don't really use a vpn inside of my nas This is why none of these are installed I usually think vpn is something I use on my firewall that way the firewall can manage one vpn connection Because usually not one thing I want to talk to it's several but they do have wire guard and tail scale and zero tiers So you do have options in here Will be a plugin as far as they know, but the open sense which has had crowd six plugin for a while So cool. Good to know that they're in there Are you in the xcp ng discord by the way? Yes, but I'm bad at I get so many notifications in discord. It's hard for me to manage. So yes, I'm in there. Let me look Yep, definitely in there I go to their forums every day if you want to actually talk to me or the team I should say The forums is where I spend all my time. I just don't think discord is useful for Uh Figuring things out. I think it's actually terrible at it real-time chat requires me to be real-time engaged And by the time someone says, oh, didn't you see my post in discord? If it's been two days, it's a mess versus if I'm here in xcp ng I can go to my notices And read the things I was tagged in so I can reply and have a very concise searchable indexed reply I think discord forums suck I don't think they're great at all Got notified by email from crowdsack that they had it. Okay. I'm sure they're gonna have it soon I know I have some links that from crowdsack about testing it Have an off-site nest uh pulling backups. Yeah wire guards probably gonna wire guard or tail scale is going to be your best way to do that So, yeah, if you don't if if the remote location doesn't have a firewall that you can load a vpn Go with wire guard or tail scale because yeah, it looks like they didn't get rid of um Open vpn my guess is they didn't want to maintain the security of it They're pushing more things to apps because you don't want to have to do an entire os upgrade every time there's an app change And that is where the challenges come in So they're separating and this is just pretty good common sense from the people over at ix systems for both versions of truenas Separating out os updates versus the updates for the apps So the more things they can push into an app is going to be easier for them to maintain Because matter of fact, they're not necessarily the ones maintaining it They're just pulling it from docker and then pulling it into the app um This probably leads me to a really good article. I read today Well, I don't know about good But it was someone going on about just how challenging maintaining open source is everyone wants their free apps No one wants to pay for them And this is the challenge at open source right now trying to find developers for things. It's hard And it's hard to say if the open source ecosystem is really shrinking But you know, I had this whole rant I did two weeks ago on our home lab show about firewalls and all the open source firewalls are just gone They just can't find project maintainers for these because The reality is it takes a lot of skill to keep these up to date and developed And if you don't have a good business model to support it It's really hard to maintain it same thing why there's probably not an open vpn server app My guess is no one wanted to maintain it. So they Narrow down what they want to maintain. This is actually the challenge iX systems does have a funding model around true nas They sell iX system sells hardware that has true nas on it That's their business model and then they take that and give you true nas But they have to decide what is or isn't going in true nas based on how much time they can allot to developers It's like any other business. We'd love to give you this software for free But we can only put so many features in it because I can only hire so many developers to maintain those features So if those features start falling off and I have to make a decision Do we add More developers to fix the vpn problem that's used by very few and certainly not used in the enterprise market Or do we focus on the updated d-rade and updated zfs features? These are how those balances That it's it's just the balances that are kept for things and it's on It's one of the things like a lot of these open source projects Especially when they have a corporate sponsor are going to lean towards the features more so that the corporate world uses And it kind of leaves a lot of the other people Like the person here needing the vpn kind of at a loss because I think that was pretty much like I work mostly With I don't I build a lot of homelab stuff myself I interact with the homelab community a lot But obviously my job what funds me and why I have so few ads on this whole youtube channel Is the fact that I have a commercial company where we do enterprise level consulting And I have zero times ever set up a vpn on a nas for any of our business clients And true nas and ix systems knows that there's not this high Demand for it. So my guess is that's why they dropped it which is unfortunate, but Um it until we can find someone Yeah, and the developers need to eat. Yes I wish to use single pc as hypervisor. How do I access web interface cli is it possible? Xcp and g has xo light But xo light is very beta maybe alpha right now. So xo light gives you very limited control over things It keeps getting better It's hopefully going to be pretty good by next year But if you want to access it, you can either a ssh in or be you you need to use zen orchestra Zen orchestra is the ideal way to manage xcp and g I got bs from a guy in restating. I pay yearly for a few services They run servers. Therefore you should pay them I pay you Oh Yeah, there's I don't know. I someone was arguing with me on twitter, which I thought was stupid They had the dumbest argument. I just thought i'm not going to engage with them anymore I I gave them my two cents and i'm not going to keep engaging They were complaining about net data charging for their cloud service So net data is a business that gives away their monitoring software for free and open source. That's wonderful If you would like to sign up for their cloud service to get All the data aggregated in the cloud and have different analytics processed on it and have notifications sent from the cloud service They charge for it And someone was angry that they charged for it because apparently if you do something open source Apparently you have to host it for free for people Uh as well, so I don't get it Thanks for your stream. I learned a lot over the years I you've inspired me to get out of my comfort zone and try new things bought a ps that's recently. I love it Thanks again. That is awesome Uh I love when I hear people diving more into tech taking control over it I think self-hosted is still extremely important too many things are just as a service And it doesn't give you as much control over your data And it drives me crazy because I don't mind paying for you know my years ago self I would especially with yeah, I think about black friday coming up I used to buy lots of dvds I wanted to own the movies and I was like cool the movies I want to watch are on sale and I can watch them anytime because I own the media I have no problem paying for the creation of it Like I don't think there's any problem that I bought a dvd of a movie or blu-ray or whatever And I own the media. I can watch it anytime I have now supported the people who created the movie and that ecosystem and I think that's great Same thing with music now everything's like oh, we're just going to never actually give you the media You're going to pay for the right to use it in some way Maybe through an extrapolation through spotify or some music service subscription But the moment the moment you stop the subscription So does all of your access to that media and I think that's something people are getting a little aggravated about because companies try to sway You to use their particular service by simply signing an exclusive deal with your favorite artist Now your favorite artist is no longer on the service. You're currently subscribed to and now you have to make a decision Well, some of the artists have signed with this one Some of the artists have signed with this one. Which subscription service do I have? And this has come back to the home lab where people go. No, I don't mind buying and downloading it This is why I'm a big fan of like Corey Dockrow. I buy all of his books I support it the last few I'm Kickstarter and I get to have a absolute copy of them to put into my library And I think that's wonderful Happy Thanksgiving from New York. Happy Thanksgiving from, uh, Illinois. Awesome Thanks from the uk for the reach of scale video. It seems you're really Come on. They really come out in the last few months. I really give them Uh, another go open source google photos alternative Yeah, I'm still using Synology for my photo stuff as an alternative to google photos because I get to Maintain it myself But I know that's not open source and it does require you to own a Synology I'm looking at the other options anytime I've tested them. They usually disappoint me in terms of not being a speech or complete But it's been a little bit since I test Open source doesn't equal free. Correct Yeah, tail scale is awesome. I did a video on tail scale Using it with TrueNAS scale. I think it's great. Like that's just an awesome solid solution Greetings from Australia. Did you ever test power consumption on a server with different hypervisors tested? In scale, okay that's a Challenge To really get that as a good number because it probably depends on The hypervisor itself and how you configure it and what services you're running in that hypervisor So that I don't know. That's an interesting test. Maybe I want to dive into I have a handful of systems and I'm working on like a budget homelab build video but It is interesting think about the I love all these little devices. They have Low power consumption. Patrick from serve the home has reviewed this. This is on my desk because I need to review it If I have it on my desk going to keep staring at it I know I'll get it reviewed But yeah, uh power consumption comes up a lot and testing the power consumption between different hypervisors Interesting. I might try it But it comes down to what features you're using and I bring it up like that because If you compare to xcp and g to proxmox, you'd probably find proxmox is going to use more power if You start loading all the extra services on proxmox that may not exist on xcp and g So you have to create a baseline of well, I'm going to use xcp and g but it doesn't have for example a built-in seph System, but if you load seph and you start replicating it to something else Well, that's going to use a lot more power because it's more compute to be able to calculate that If you're running zfs Well, zfs is still a software managed raid which does have some cpu cycle counts on there And uh, there's it's a lot of those little things that make it hard to really test it comes down to what people's use case are Never a question short run cable isn't 30 feet poe plus cc Uh Good always useful always useful copper. I know it's expensive wherever you might be But I I will admit the cca stuff I'm a lot of people told me about bad experiences with it I I don't trust it. So I would definitely avoid it This was a great article um I'm gonna pull this up because this is Something I think is absolutely I I might probably do a dedicated video because signals added so many features But yeah, there are pretty costs around 50 million in 2025 free isn't stable long term without backers many small subscriptions Signals the world's most widely used private messaging app and our cryptographic technologies have provided actually privacy beyond signal app itself Since launching in 2013. I've been using this for I think I started using in 2015 or 2016. I've been using this for years And they are absolutely like none other. It's just an amazing thing. But this is the the really big part Everyone wants their free thing But this is what it costs to run signal The 1.3 million dollars per year for storage 2.9 million dollars a year Uh for servers 6 million dollars per year in registration fees bandwidth is 2.8 million And additional services are 700 000 dollars per year The cost of story storing nothing and serving everyone. Yeah, that's It's a lot so Just like everything else the signal message and files are at least unencrypted when you send a message signal Temporarily queues that message for delivery as soon as your message delivered a small bundle of encrypted data your message can be dropped from the queue the storage of unencrypted files is temporary And undelivered and then encrypted data is automatically projected a period of inactivity even though Everything is only temporary. This storage still costs 1.3 million dollars per year Yes, it is I let me just drop this article in here. I I recommend everyone read it So they understand what it costs to host things at scale Synology got a great product and their prizes their nas is cheap versus what you can do with the nas. Yes Building my first home lab building 10 plus years of your videos An xdb it really helps. Uh, I stepped Stepped using stopped using zen back around 2007 while I was coming a long way since then. Yes Literally, so I'm reading slow I really liked your demo Synology management. I just loathe to get one. I'm a churness all in And Thanks to you I moved away from non-raid storage or data. Yes, absolutely Thoughts on a framework laptops for primary workstation offices environment I have heard lots of good things about them But my boss is a bit weary since they only have a one-year warranty. I haven't heard anything bad I I've heard nothing but good about framework, but I've not had enough hands-on experience with them to really tell you much about it. I Generally speaking, I don't think your warranty is bad but You know for some convenience reasons even we buy some of the Lenovo laptops with longer warranties that way If a customer has a problem, we're not dealing with it. So that does come down to the business situation of things But I don't think framework makes a bad product from anything. I've read so far I think I have only one or two friends that have it and I have enough tech people I follow that have used that that really sing its praises So I don't know everything bad specifically about the framework, but do have to dive into that a little more Running your own media will cost around $300 just empower per year um Six million registration fees Yeah, what are those? I'm assuming They have that all broke down in detail signal and curves expenses when people download signals sign up for an account or when they Re-register a device we use third-party services and a registration code via sms Or voice call and verify the person in position of giving phone number and actually intend to sign up for a signal account So yes, this is the cost of not letting all the spammers Take over your system The the love hate people have a signal I love signal because it uses phone numbers the number of people that are angry that it uses phone numbers I know they're working on an alternative identity But like for example, I have lots of communications with my staff that I need to be secure How do I know Instantly that it's my staff. Well, I have them into my cell phone. So when I link them up a signal Unless they change and yes, they have done this. I'll see a safety notice change if they get a different phone So now I can actually find out that. Hey, did you actually get a new phone? I may talk to them, but I'm always clearly identifying who they are with signal and it's not easily hijacked. So yeah Yeah, I think it'd be worthwhile as well to do a full dive on this a lot Uh, yes, technology does have an off-lash NAS device I do have a video on surenance scale permission settings and how to set them. I find acl computing. Yes, I do you can Lawrence Lawrence dot video I'm gonna throw this here. This is my entire true nas playlist. I've made everything pretty simple It's Lawrence dot video slash true nas and that will get you to All the different true nas systems um But I've got a whole video diving into the acl thing because yes, it can be confusing One of your videos you show more than 60 sites in unify controller We have 23 sites on our cloud controllers with 700 devices And the devices page is lagging on something of note Is this So the device page may be lagging, but it depends on how fast of a system you have And The system i'm running on Is quite fast that it comes down to speed. This is a Uh rise in nine 9500x That's running our unify controller So are you running it on something that has a that level of speed equivalency? That's the question how fast of the drive access um So it's to to get it to be fast it comes down to how performance is a system Do you have additional performance? Uh supply recommends splitting across two servers? Yeah, and sometimes that's the solution once you it it kind of depends on the number of devices We have a couple clients that they have like a One of them, I think has 6 000 people So that are accessing the wi-fi across like 300 plus devices That's on its own controller. Um, and it's the controller is located inside that particular. It's a co-managed it So that controller is managed by them on prem Is there a better way around or a better way than using a vpn? A better way than what? I've got a video about using tail scale as your vpn. So I think that's definitely a good idea Um That so I maybe need more context for that question to answer it I've got signal and session no phone number needed But session is a pain in the butt especially with non techies and that's the whole thing the number of people I have so many people in my context, especially non technical people all using signal That's one of the things about signal. They've made it so easy to use the non technical people because if If it was just up to technical people we could just use pgp for everything, right? But then that makes it harder for more average people for communications if we signed everything with our pgp keys There's some challenges with that But if we you know use signal, well, it's just a lot easier You don't have to be that technical to sign up for signal and have privacy So, yeah, that's probably a good video that I dive into that as a topic Server electric costs my always-on server 30 watt 24 hours by 3ci 260 watt $9.8 total gas Electric per year. Yeah It adds up it adds up We're lucky that we have a lot of Less expensive power here. So you're see, uh What is your I guess it kind of depends The signal use rcs Signal's not a text messaging app. That's I'm assuming you're talking about the uh sms rcs signal Uses in the internet to relay things across signal servers, but encrypts each device and the end so It's not using It they this is a controversial thing because they removed the ability for it to be your text messenger I never used it is that never liked it is that I always like to be separate. So Uh need to have a solar panel battery that will help lessen electric expenses Yeah, yeah, my power bill gets to be a lot here and it's a lot more at the office just from all the servers I try to spin everything down as much as possible when i'm not using stuff in my lab I always look at what can I turn off? What can I have? less of in my lab to Make things go. This is one of the reasons even though I I have the money. I can afford a bigger power bill I just don't see the point in it. So I still think a lot about energy efficiency But this is one of the reasons that I have this particular box running still Is this little intel adam cpu? Is very low powered. It's an adam c338 at 1.5 gigahertz look at our two threads we got going here and uh, yeah it's Not going to be very fast, but it's really power efficient and it just is so I can have an extra backup of things So I'm always thinking about what can I turn off? Um constantly as I sit here with all these lights on for a studio But even these I make sure all of these are set at a more minimal power and I don't know. I tried to be efficient and I can but yes A single uptake in uk is still very low. I try to spread the words of clients Construction I do spread the word as much as possible probably 10 percent of the clients are aware have it. Yeah Yep um 24 7 uh Nast and you can use sleep functions. Yeah, that's an option as well I haven't really gone that far because there's certain things like I could and maybe I don't know if it's a good experiment or not because I don't like the idea of putting in hard drives to sleep because with spinning drives spinning them up is a Higher wattage event So if I run and I do run backups a couple times a day to mirror my nases I could power it down But I don't think the power savings versus the surge of getting it back up to speed and a wear and tear in a drives may make That worth it Uh, so that becomes its own challenge now if it's ssd. Yeah, that's that's different Yeah, that's one of the reasons even like my home assistant Is running on let me pull it up I still have this running on just a raspberry pi 4 Because that way one I can shut other things down as needed and I still like the home assistant Especially because it's how I run things to you know Look at the cameras real quick at a glance change the settings of the lights automate the settings of the lights Make sure I didn't leave anything on in my studio so I can power off my studio right here I can make sure my space heater I can turn it on or off right here Because it's rather cool in my basement But I don't want to heat my whole basement. I only heat the part I'm using which is my studio So yeah, it's always think about I think about a lot of the stuff Probably more than I need to I don't know. I think it's a good exercise Good morning and hope you have plenty of room for the jerkeys. Yes, I do and thank you Long time larker first time comment. Uh, I work for a very small msp My boss wants me to set up an azure hybrid set up for an existing client I've only on only have Only to have the on-prem server bd commissioned. Yeah, that's gonna happen Still wondering how you got your camera feeds into ha um Yeah, I keep saying I need to do a video on that, but I don't think there's anything special about it Uh You just pointed at the Synology There's a if you look I mean I'm using it as a analogy, but where is You just I'll tell you gotta tell home assistant. Um, I'd have to look up the instructions to walk you through it Because it's I've had these set up for such a long time But you tell the you do the Synology connection and From there Let me pull up my Synology real quick as well But I've allowed Home assistant to talk to the Synology matter of fact because this Synology is on its own separate network I had to do some firewall rules for this but by allowing it to talk to the cameras You set up the interactiveness It makes it pretty easy to do And then you can take that data from the Synology matter of fact the connection of Synology is both ways Surveillance station in home mode I can hit this button right here and actually change the settings on my surveillance station from home to away mode So I can do this and of course I also have home assistant accessed on my phone So this makes it really easy for me to Make any of these changes even when I'm remote or glance at my home assistant and see the camera feeds at the same time I even have like a separate dashboard that's got less things on it for my wife. This is what she sees She can just look to say oh look a package on the porch or someone in the driveway I need to do a home assistant video for how I have things done because you you can also feed the Synology Event data into home assistant and then create triggers based on that with web hooks Uh, you might want to consider courts here for your basement. I have one on my desk. Just keeps my hands warm I did heat. Yeah, um, I've looked at different ones and there's not a massive difference in them so the one I have is actually a I don't know what to describe it the radiator type Uh, the reason for a radiator tape one. It's quiet. It doesn't make any noise So it can be on while I'm recording and there's no chance of noise But I know the courts ones are pretty popular as to The blink cameras the cheap ones work with home assistant. I don't like all the cloud-enabled cameras That's one of the reasons I like the Synology so much is because I can run all my cameras not cloud enabled. I can Run them all locally not have any type of Cloud thing going on or my data going to a cloud or anywhere. I don't want it to go So my even though they're only looking outside I don't want them potentially accessible because I have a lack of faith in many of these cloud companies Well, one I do have faith that they'll charge me a subscription I don't have the best faith that they have the best security on these things. So being able to Not have someone else see what's in my backyard as I show my backyard on youtube But I have chose to show my backyard on youtube I am I am not You know arbitrarily being chosen by others for what you want to see on these Do you run services in separate virtual machines? For example one for next cloud one for unify controller or you run them one virtual machine then in docker kind of depends on what my Risk is so I don't really like things all in one But sometimes it's a bunch of services for me that I'm less worried about maybe I'll run them all in one But you got to kind of think about how would they escape to each other? How do you want to lock them down from each other to prevent any type of Potential issues. So it's more efficient to run everything in one Docker one virtual machine with a bunch of things running in docker That's going to give you the greatest level efficiency, but not necessarily the best levels of security So that kind of comes down to your use case certain critical infrastructure things like unify I don't run unify in docker. It runs as a independent vm. There's no official docker support for unify I don't use next cloud maybe in the future. I will but I'm I would probably run next cloud, you know, if I did it in docker that if I was Using it to you to manage critical documents. I might want to keep that separate But there's a lot of little random services. Maybe you don't want necessarily Kept separate that you Can consolidate into one It's always kind of playing out the risks Hi, Tom interested in airplay and similar or anything your clients and networks optimize it I don't know how I would optimize airplay. I guess I don't understand it as a question I don't use airplay so Real link are fantastic cameras. I don't know. I've had more problems with real link Amcrest seems better, but yeah I'm curious on cameras. How would you set up cameras without unify or Synology? Uh I don't know. I mean There's nvr software out there some people like blue iris, but I don't like the fact that it runs on windows So I'm not a big fan of blue iris. I don't know any good open source nvr software There's nothing out there that I would say is good. There's stuff out there But it's not near as feature complete as the unify Synology or any of the other commercial platforms out there Home assistant walkthrough. Yeah Uh till the green on a cloud-based uh video void I just supply them to less technically littered people with a little budget unify g3s. I'm happy with Uh not the best video quality. Yeah Frigates nice, but I don't know that frigate. I would say is feature complete like it's a good tool But if you started lining up frigate against some of the commercial ones You'd probably find it doesn't line up quite as well. Not that I'm saying frigates bad or you shouldn't use it It's just one of those challenges Uh shinobi is the other one I was going to bring up. I always forget the name of it Um, maybe set the I have a bookmarked. I go through my little nvrs. I have bookmarked and shinobi is another one it it's not It's just not feature complete. It's that's the big big I try to figure out the best way to say it other than that Like it just doesn't have as many features or the polish you're going to get from the unify or Synology solutions That's why I can describe like how I feel about it Oh, let's see here Look at the my wife get food Let's look at the cameras again real quick Uh, unfortunately motion I Talking like our earlier. Let me uh stop sharing that tab Where is the link to this? So I can share it back out So right here, you notice it hasn't been updated in a number of years And this is the problem with open source project Motionized the linux distribution that turns your single board computer into a video surveillance system Due to personal reasons, I can no longer actively involve in this project If anyone's interested to take it over, please contact me Three years no one took it over Wait updated read me Nope, someone just yeah, that's all they updated the read me This is the problem like everyone wants the free software, but no one wants to develop the free software Um, so it kind of becomes a challenge I don't know. That's what happened to motion. I if anyone's wondering Any idea why major companies like walmart or the government are using for outdoor surveillance cameras? Um One of the big players in the market is going to be access and I mean So we do consulting on cameras a lot and I like when people start out with Oh, man, I can't go with one of those chinese cameras I need an american-based company and then we show them the price and they go all right I'm gonna go with the amcrest. I'm gonna go with something else and It is a challenge because if you look at how much the access cameras are They're about eight times more expensive than their counterparts. They're not like just double the price They're substantially more now unify is not bad. I don't think there's any restrictions on the unify ones I know of and the ones from sonology The they don't have a big variety, but the surveillance cameras from sonology are now certified So you can use them at some of the big places. So unify is getting bigger into that game If you're considered, uh, apple silicone, there's a few projects to run linux naively and m1. I'm personally considering this for my instance, um uh I hate I hate how much I like this stupid macbook I'm not ready yet to put linux on there until it gets more feature complete But this laptop works really really well. Uh, this is a mac m1 the air Oh, I mean to me it's just a terminal all it really is is a browser terminal and an ssh I ssh to my jump box that's in linux and I get things done So it doesn't like I'm really using the mac os on it And replying to emails 99 of the time on it, but I will admit the m1 silicone awesome I really hope I would love to load linux on this I would love a feature complete linux on there that was Is good as the mac os runs on it because the battery life is ridiculous on it Like I'm super impressed with just how long the battery lasts on that thing Which is exactly what I want a nice passively cooled terminal that I can sit on my couch with for four hours If I want to hack it away at something. So Yeah What about scripted once again, you can cobble together Some features, but it's not the same as a feature complete mvr So it's not that these things don't exist or as someone said right here. Frigate is not very newbie friendly probably true agent dvr I don't think there's anyone um There's The the problem is there's not any drive To really put together an open source mvr It takes a lot of money to hire a good developer team to manage an mvr project How is that going to get funded? This is why there's not any really great open source ones out there because no one's found a good funding model around it I I've talked about I kind of gave up on this I was going to build and I still want to but I don't know even with all the You know people I have that follow me that work in the tech space I wanted to build a better open source document management system for managing it documents, but Man getting that funded learning how much it would cost to build for one and then figuring out how to pay for it all Uh, I I had people talk about some of the ambitious things I had to do and I talked to a few people They're pretty realistic and said yeah I mean you you're gonna have to start with about 200 300 thousand dollars and then figure out how to maintain it from there and it's like okay, I can Come up with that money But I at some point I need a return on that money because I can't just leave a giant Hole in my retirement fund of I I cashed it out to do this thing that has no way to make any of the money back This is the challenge with some of these open source ones So who's going to put together if it takes you know 300 400 thousand dollars to really build a good nvr system with a good team of developers that are experienced Then how do we reap the money for it? That's a challenge and this is why there's not a lot of uh Ones out there, especially because usually someone's going to want an open source one to support all the cameras So a camera company May not want to do it because if the camera company were to build the nvr They're going to want it to exclusively work with their cameras the hardware companies Synology that's kind of what they do you can only get Synology surveillance station on a Synology device So they've invested a lot of money in building their surveillance software because you have to buy their device for it So they have a funding model for it. But yeah, this is a whole uh challenge around it Yes, uh, uh, I don't know how you say it. I'll see Uh, as a hi is the apple arm linux. I believe that sounds right um But yeah, I use my macbook m1 to code and xcode and it's slow. I need Uh And I need earplugs to code I do all my stuff in vim in a tool called I do my text documents and tool called zettler But the I just do everything in vim. I'm but I don't really program much So you're just why if you watch me do anything, it's not going to be wonderful. I'm not a real killer A real programmer at that stuff. So I'm not like great at it I personally wouldn't use apple silicone just for home assistant. The m1 chips are powerful But yes, they're small x86 pcs that handle home assistant perfectly for one tenth of cost Well, and you look at home assistant on a raspberry pi like I have over here I mean my My raspberry pi is low wattage arm based runs home assistant perfectly fine So absolutely like this is a uh You know a solid system for doing this A friend of mine has an m2. Is it bad that I was annoyed by how good it was? Yeah, they've just done such a good job on there Yeah, 200 300 k the bare minimum for that project. Uh, it might not even be Considering having an average senior dev salary. Yeah, this is a real challenge. Um When you're building out some of these projects is what a senior developer costs today You know, I was talking about this with netgate because there was all the hate with netgate of the fact that they You know are charging for the homelab addition and I granted they should have just charged for it not Changed it and it went back on it. That's definitely a different topic but the Number of people that are kernel of kernel developers that are working for netgate If you look at what a kernel developer makes and I think they have three or four people who are uh kernel developers kernel developers make Based on salary and I don't have any friends that are actually the kernel developers But I have friends that are close. So this kind of lines up their linux developers. They're making close to $200,000 a year so how do I um How do you fund a team of senior developers making almost $200,000 a year to write really good solid code And then give the product away for free That's yeah as he It's still strange to say Any final thoughts on pfSense? No, I have no more thoughts than I had before on it. They miscommunicated. They misstepped They went back and fixed it Do you have any use case for trying out the latest raspberry pi? um I haven't really because my home assistant runs fine on my pi 4. So there's not a need to move to a pi 5 Do you send any logs from home assistant to gray log or prometheus? That's a good idea. Currently I don't I didn't have a use case for that, but I've never really looked at what logs it would send So that's how do you send sys log out of home assistant to prometheus or I would use gray log But that's interesting. That's where I've heard the word before. Yes. There's a japanese beer called that I've had that japanese beer. I was like, that's a familiar word, but I can't remember where I've heard it before If signals not a text the messaging app. Do you text I? I text with very very very very few people um I text with the couple non technical people who don't use signal And I use the default app that's in my android phone So yeah, I'm not That's uh Yeah, I don't really try. I don't care about third party text messaging apps. I don't text much at all It's not not much of what I do All right, you know, I want to look for that other email real quick the circle back on it because I think this is a crowd sec Let's pull this up because it's almost here. There we go This is the crowd sec for pf sense We have created a pf sense package with simply ui to configure security engine of firewall mediation and bouncer small medium log processor nice So they've submitted the package to the pf sense developer to review awesome. So this is we're getting close So yes, this is uh From the crowd sec blog. I'll throw a link in here on On that They actually get the link There we go So people want to know I just wanted I was thinking about that and I'm like I want to I want to do a video when I As a topic so Any other final questions? I'm going to wind this down because I got to get going to Go do some things and go visit some family. It's been great talking everyone. I'll give this five more minutes So five minute warning throwing your last questions here if you're a lurker Just wanting to throw questions. These are 136 people here. Um, or just say hi, you know, type that in the comments the things I'm working on hopefully by the end of the year Is going to be kind of a sec I want to do a security roundup for some of the things we've seen in Uh 2023 I want to see if Jason's game for talking about this We have a few assessments we did that were really eye-opening with clients like Ha some security investigations that were also interesting Morning time. I've been trying to figure out a solution for rdp Linux Linux have been using x rdp And it's okay. It was worrying if there's a private solution like no machine work well I never have the need to Remotely I always SSH to the Linux systems. I'm not doing anything in the UI remotely with Linux But x to go I've done videos on x to go. That is another alternative you might want to take a look into Happy Thanksgiving. Thank you very much much appreciated DNS recommendations. I just did a recent video on this. I still choose 9.9.9.9.9 So 999 9999 4 4 9s quad 9. There's still my favorite dns Is there a good unified course that won't break the bank? It's a good question. I need to start working on actually putting a whole course together at some point um May I can find a sponsor for it so it can be free? that might be um Might be a good idea right there because I could definitely teach a whole unified course As a matter of fact, I want to teach one to our internal staff, which I will also try to make externally available What is the best way to percent ice because the approximate like one block for every vm or different block for every vm? I don't know because I don't use proxmox. I have no I can't say no. I'm going to have one customer That they're going to maintain their own proxmox system But we just don't really do any consulting on proxmox So I don't I couldn't tell you like the most optimized way to use it We'd love that sold You know that might be might be a way to fund things maybe I should look at doing Kickstarter campaigns For projects people want me to do and if they get funded I go do that project like creating a course on unify And everyone can benefit from it um that way we have a funding model to figure out how to Cover the time because if I do a deep dive and take the time to do this that's a lot of time Uh, that's why there's sometimes I I haven't that I'm trying to make a lot more time for myself to be able to do these long-term projects But I still have a lot of things I've been doing in my lab that are also kind of commercial related ventures To fun things. So yeah, that's an interesting think about um there Who is quad nine google it you'll even find videos and interviews on my channel for quad nine Definitely, I've talked about them a lot. They're a great free dns service and they're a non They're a special organization I believe they're nonprofit Um, I do talk to david, but I don't know that I I wouldn't do a course through the course system. I think jay from learnings tv. He tried that he Me and him me and jay talk a lot and learnings tv where he publishes all of his courses for free He's had the best luck with that. He did not have the best luck with creating separate courses to put them on different services youtube is the best platform for it And I still think that's true Lorker here just want to say thank you for your videos I was in it 10 years and went into uh satcoms back in it three years ago your channel's helped so much awesome Good to hear uh, that you're in there. I don't know if Howard Hughes is your real name or a throwback in reference to actual Howard Hughes Either way makes me smile glad to hear you're in it and happy Yes quad nine is in swichelin now Uh, how do you get the energy for all your projects? Do you work out a lot? I work out very little That's one of my problems. I need to work out more Uh, I I need to exercise more. I at least at a minimum exercise Once a week that is the minimum I do every week I try to do more but at least I get one thing in a week I do I go for walks to listen. That's why I listen on my podcast is when I go for walks or bicycle riding But mostly I'm I'm a workaholic because I can't stop Uh, what are you gonna do another video with Jeff? Hmm I don't know I should I talk to them all the time. So hopefully soon. We got to figure out something we can talk about proxmox one ip per wm I don't understand One ip per wm. What does that mean? Well, any course you create will definitely will support it awesome. I much appreciate that What was the lesson learned by my best hypervisor ever xcpg? Hello from another lens awesome Do you have any plans on creating start to finish playing pf sense with all plug-ins used say for a client? We use very few plugins for a client, but yes, I do want to do some new Start to finish tutorials and pf sense. That's high on my list of things to do They now that both versions are on The latest version of uh, bsd. They're both feature parity for all the basic functionality Um, I really want to do that my getting started with pf sense and a new version of it That is for sure How do you feel about where guard these days a reader disappointed to find it was rather tedious set up and running and required a lot of Cut and paste no expert for keys I'm fine with that because I know how to do it, but I I don't have an answer for Making it easier. I don't know that there's enough demand to make it easier Um, I don't know so my opinion is I like it, but it's one of those things we do a lot of wire guard setups We set this up constantly for clients. So we're good at it And I don't even think about just copy paste copy paste save Look at connected and hey, let's build some routes. Um, yeah, maybe I'll do some updated tutorials But I don't have an opinion on I it'd be great if the developers made like an export this file import this file type of setup But I don't know if they're going to do that or not I'm having problems with true nas Cobia next cloud over tail scale tail scale. Maybe I won't launch. I could do a video on setting up properly That's a different problem. So maybe the problem is the videos get dated because they don't have the best deployment of next cloud because If next cloud gets installed on true nas I believe you have to still go to the command line and edit it and I don't know why they don't just fix that They don't have it set up properly. So you can access from certain IP addresses. So I I don't know. Maybe I'll look into that The problem is the video gets dated quickly because with updates to next cloud and changes to true nas the video becomes irrelevant pretty quick Which I don't know why they don't create better tutorials or just better documentation. I can reference on it. That would be wonderful IBM is among the sponsors for quad 9. That is correct Uh, I've got a load of resistance bands stuck in the door frame. So I don't have to go exercise handy for traveling hotels. Yep What is your smallest client? I think we have some clients that only have like, I don't know like Five user clients. We still have some small ones out there I've thought about creating a github page for your favorite open source projects to use kind of like awesome Uh home assistant Uh, maybe Maybe I mostly post these things in my forums So I don't have to use them on github, but I don't have a current forum post on this But maybe I'll make a forum post on wall the apps tom currently uses Have you seen dns stop working from time to time on pf sense had issues with that? Um, they've allegedly fixed a lot of that Uh, if you're having problems file some bug reports because I haven't seen it on here But someone asked me that yesterday. So people are having the problems You just need to figure out what what the catalyst is what's different on your system than systems that aren't having problems So posting in the pf sense forums is the best way to get that addressed Enjoy your videos because I have an interesting unify and pf sense. That's awesome You need to bring back to how they got hacked. Uh, yeah Yeah, I don't know we got to do something. Um It's challenging we would love to do that. You're right with me matt and jason For your small clients you provide full msp or they more break fix uh msp We the we do break fix work. We still do it But someone was mad yesterday because we couldn't do it the same day They wanted consulting on a problem and they were upset that we didn't have immediate availability for them They were like called in the morning and wanted immediate availability. I'm like, I don't have the immediate immediate availability for you Uh for this so that's been kind of a challenge is scheduling them in If we're not busy and I don't have a bunch of things scheduled sometimes we do have same day availability But yeah, we do break fix but the break fix is kind of a challenge We try to schedule people all the time because that's how you can be most efficient with your technicians Keeping a technician twiddling his thumbs waiting for someone to call Is challenging because you don't know who's not every day someone wants same day As a matter of fact, a lot of people are fine with scheduling out the service ahead of time Yeah, I want to bring it back. It's figuring out timings with everybody Xavier doesn't even live around here anymore Matt Lee. I love Matt Lee. He travels a lot though And so that's a challenge me and jason jason has a lot of commitments as well So we've talked about doing it. The problem is finding three people and lining their times up is hard it's hard with two people and me and jay from learnlux tv were able to almost do Quite a few homelab shows on wednesdays But even you notice we miss some especially with the holidays and everything Jay's gone this week again doing other things. So he was not able to make it. So we didn't do the homelab show So that's a biggest challenge for those how uh that but I even if I bring it back doing it myself on a regular cadence That might be a fun way to do it And then I'll bring in others to join me as they have time So that's kind of my thoughts on that like I'll I'll run with it I'll let them figure it out if they got time Like I'll I'll establish a time to do it and other people can figure out if that time works for them And if it doesn't I do it anyways That's sometimes how I how I do things Uh ask if I can come to a site few hours from now. Um, no, yeah Can you have an msp without break fixes still have customers? um, the problem is if you want everybody to sign a contract You're gonna You're gonna narrow down the people that will choose you Maybe you're getting rid of the people that won't but the reality is if the only way you'll do work for someone is on contract But they're skittish. They are Worried whether or not You will be a good fit for them. This is the um, let's date before we get married problem of the msp They kind of want to know whether or not you're good at something before they sign a one-year commitment with you And get all of your tools loaded on their system It's a big commitment for a company to switch it companies if they have an existing one But if they can work with you on a project you can prove that you're someone That you would actually be good at doing there Yeah, I should do a collab with codie. Um Cody's great for sure Uh hot sauce vids not likely And I just say not likely because they they don't perform well on the channel And I lose subscribers substantially because it's off topic from tech Uh, thanks for the access camera mention ever used any outdoor housings that actually hold a full-size digital camera uh Nope not I mean probably 10 years ago, but I had longer than that I I did one back in 2008. We had this specialized project for a school. We did with special heated large housings But yeah, no that I haven't looked at anything like that in like 10 12 years Oh, I'm not I'm not ready to go grab turkey yet. I just got to go Go visit family that I have to leave and I'll get going on so But yeah, I guess I've ran this enough. I went another 15 minutes No, you're absolutely right no one's but the thing is no one's messaging me that I should be somewhere else So I can I'll keep being here, but maybe I'll do another live stream over the weekend Thank you all everyone. Have a happy Thanksgiving love hanging out with everyone hit me up in the forums That's the easiest way to engage with me on a lot of these topics Especially if you want a more in-depth answer with a lot of links posted The forums is a great place to find me over there and thanks