 Welcome to the homelab show episode 104 Q&A and some miscellaneous updates. How you doing Jay? I'm doing well and how are you? I can hear you better now. We had a late start here because microphones and technology troubleshooting issues, you know, there's all these extra things you have to know as a creator It's not just that we want to talk about all the topics We're gonna cover on your homelab today in a Q&A, which we have a lot of Q&A We had some delays and changes because of me and Jay having vacations and such There's a lot of questions on there But then you know we started a few minutes late because suddenly Jay's microphone wasn't Jay's microphone anymore You know, I feel like one thing that every operating system just does a poor job I don't care if you're on a Mac Windows Linux I don't care they all suck at this and that is managing audio devices like we're not asking for much We we want to be able to set a default or primary input device without Plugging in a webcam for example that we have no intent on using as a microphone and then the operating system just decides that that's the new input device and We should be able to like pin these things or put a score on them or have some kind of Configuration I think every operating system needs to put some work into this because I've heard even non creators complaining when they're trying to join Zoom call and then they can't figure out which microphone it decided to choose that day. It just gets irritating Yeah, this is a common problem and it's it's only because of you Jay You help me sort out the Linux script that I have to force every time I computer boots The things go out of order because I have many devices plugged in and I have it forcing exactly which ones I want to make the priority so but yeah Why that's not and not a function as you said I could build a weight like set a weight for each device in there So if any of the developers who work with audio stuff are listening, you know, there's there's a good There's a good feature request. I think there's a little extra things like that. Yep And I'll say is a little bit of a background I have a video coming out and we're on a new You know, I want to say format which I'll mention in a minute But I decided to recase my recording PC because I've got the new nebula case from system 76 so of course I put the guts of the computer in there and Because I didn't have every USB cable in the exact same port that they were in before I rebuilt the computer Then now the computer has to find its way again because now it's just confused because every USB 4 has a different device in it Like it's just weird. Yeah Computer stuff. Yeah, it's fun computer stuff Me and Jay both have something to start out with it's a little different and we don't necessarily gonna have this every show But because I found some extra time to read a book I've been wanting to read and oh, I didn't have it pulled up. Jay's got one, too But it's some tech book recommendations essentially Mine is where the where wizards stay up late the title I kept seeing when the wizards stay up late, but it's where the wizards stay up late and it's the history of the founding of the internet and boy, there's just a lot to unpack in that book it was actually a pretty interesting read if you want to do a deep dive on the history of it and You can learn what's true and what's not true and I think the book starts out with some of that There's a lot of myths of how it was this project or that project the details of how those honeywell systems got built and the surprising nature of how little Honeywell customized them and how many things were shipped wrong They were just not reliable systems and it was really interesting like yeah, they crash sometimes But no one no one leaves them up and running for very long So they actually all the engineering we take for granted for things like having a watchdog timer that automatically reloads a program and the hardware There's just like some really neat stuff I learned that was all kind of invented out of the necessity of a Constantly running network because before computers are like you compute data with them and then you turn them off You don't leave these things on and you know, that's weird So it's really really interesting all the little details I picked up out of that book So I'll throw it out. There's a pretty if you're interested in the history of how the internet and a lot of this stuff started all the people involved It's a great read I'm going to recommend once upon Atari how I made history by killing an industry That's gonna be the book that I recommend that's written by Howard Scott Warsaw And if that name sounds familiar if you look into the whole ET Atari Biasco with the whole development It's a fun Look into the you know behind the scenes from back then and then also he also talks about how things are now Goes back and forth between current day and then previous day working at Atari, you know Previous Atari employee, but it's just written so well and it's just it's hilarious It just gives you insight into that, you know time period and the one thing one thing I'll say about this book recommendation thing is it's always going to be Geek culture home lab culture things that are going to be within Home lab. It's not always going to be a home lab specific book, but it's going to be within the tech You know could we have to have something to read when we're watching all these progress bars that just take forever I mean it's either stare at that or read a book while you're waiting I mean you can get some reading in while you're you know running your home lab So it's a mutual benefit, but yeah, once upon Atari how I made history by killing an industry That is pretty cool. All right. Now the next thing I want to mention up is going to be Some rata updates and I don't really have much I was gonna talk about xcp and g But I'm gonna I've summed that up in a couple other videos And I'm gonna probably do a longer one because there's been so many changes So I will be doing a new like getting started with xcp and g and covering all of that because we've added so many features Since I did my last getting started with it It's a product that's really enhanced quite a bit and so obviously a popular virtualization platform in the home lab But I will mention net data, which is just an awesome me and Jay both have videos on that data They've really not just on a facelift. They threw a few new features in there Now they have the net data and the net data cloud and they have the net data cloud where you can Put all of your things together, but they added another feature and I haven't explored this and I was you know Springing it on Jay here if he has they have a way you can Locally push data from other nodes into another local node. Have you tested that at all? No, I was hoping they would do that because I feel like there's a lot of TCP traffic You know going in different directions, which isn't really a problem if it's not your data center But as soon as you have all these net data things, you know in your local network That's a lot of traffic so be cool to be able to route the traffic out a certain direction if you know Based on what you said that kind of seems like what it does Yeah, so it's kind of neat um because a few people have asked about like well I want to have all my nodes in one web view but not have to Use their cloud and one of the ways you could do it is obviously is you could just iframe these in In build your own web interface for it. It's not hard to do because they're all just feeds But the fact that they have this whole Consolidation it's not something I play with to really see how it looks But the concept is there and I think that's pretty neat. It just came out with the latest one, but it's definitely um It's definitely a really cool system Someone was mentioning in the chat room about uh wishing there was a windows agent Isn't that something that they're working on? I know I thought there was some kind of news I'm not saying it's ready, but I thought they were working on it There's somehow you can have it attached to windows, but I don't know what all it gets out The problem is it's it's such a linux centric system Um It's just one of those things that it's I don't know how good they're going to be able to make it inside of windows Windows just does not work the same as linux. It's just they're far off the base And I I don't know how much of a use case that's going to be like so I don't know how good that would ever be But yeah, because I thought they were working on it, but don't take my word for it I I thought I read that but I I can't find the source obviously I'm pretty sure but I guess it's just one of those things I think that uh, there's a lot of people that want it So I think they're well aware of the need for it those that want that feature Yeah, it's it's just one of those things because it's a completely different code environment It's not like there's a similarity in the windows kernel and the linux kernel other than they're both kind of Yeah, that makes sense All right, um Someone says do you think net data is this and it day is not sim at all. So that's a complete it's just a monitoring tool Yep, very different very different things. Where do we want to first start on the questions here? What's the first one you grab randomly? I will just let's see what oh, okay the easy one so um Someone wrote in to let us know that a website that we previously recommended has changed the url So it was privacy guides.io or no privacy tools.io was the old one But it's privacy guides.org. So if you go on that website If um, you want some recommendation on privacy respecting applications and things like that They have recommended tools on that site I haven't gone over every single one on that site because I've used the previous url for a long time But I just found out about the new name this morning right before we hit record So I haven't like went through it But if it's the same site and I took a quick browse and it looks pretty good. So if You want to just browse some recommended apps on that site? Maybe it could give you some inspiration as far as some of the things that you could run or Maybe you could just kind of see what their opinion is based on Something that you're using because they have things like, you know web browsers and service providers and different things that you can Get into in the privacy implications of those apps and services Yeah, um, I seen the comment come up in the chat here Is nixos and your radar at all jakes? It's not on mine. It is okay. It absolutely is It's just been some development held on some projects lately that I need to get out the door and After I get probably I think I just got to get the next 10 videos out and I could and I oh I have these all recorded. So it's not like I have to record 10 videos I just have to get the ones I've recorded out before I record something new or plan But it is on my list and it is I've heard some very interesting things about it. So I am excited to check it out Yeah, so it's I and I think uh, some of our friends have done videos on it But so that means eventually to land itself in the home lab here Yeah, I think it's just a matter of um, you know new distributions come and go all the time So sometimes there's a bit of a filter But I think it's pretty clear that this one is at least going to be around a little while I I mean we really don't know but I think the Excitement around the platform is at least telling me that it's healthy right now So I'll I'll I'll check it out see what I think and I'm not sure what content in particular would come out of that But I'm sure there's something there. So we'll have to see what I come up with Yep, um, I'll take the true nest one that just says a feedback and question here Now this is uh Let me see right here I have a true nest scale related question and this question comes up a lot in the forums This is a scale really question and couldn't figure out We deployed an app and forgot to set up a host path the database in the app So the database now lives Inside of the container as our way to migrate the database and the container to uh, get it over to the data set That is very app dependent But if you figure out where this is because this is where people sometimes even set up docker images Which essentially is what you're doing here is you're setting up a docker image and you didn't set the storage for docker so the Data that you want stored somewhere is now stored within it. So when you update the docker app it can Take all the data away with it You have to try and figure out where those mount paths are And move or copy those files over to where they should be and then go back and update it That's one option another option is does that particular app have its own backup and restore And some apps do like you could just export the entire config fresh rss. For example, let's me export the config So if I were to set up fresh rss Improperly I could export that config Reset it up properly and then it would be blank and then I would import my config And that's like the fastest way to do it the it's just more tedious figuring out where those mount paths are and copying that data, uh, but if you do look inside of True nas and you do like a zfs list now the web UI I believe hides this from you But if you do a zfs list from the command line it I think it gives you all the paths for all the mounted things It's it's because they hide the it's all in the ix applications dataset, and then it's all broke down underneath there That's where they store all the data For all the other apps and if you don't choose To use a host path because they give you the option where you can just let it be stored in there The only time I use that like let it be stored in there is when I'm testing an app And I'm not going to be permanent. I'm like, well, this looks like if I spin it up Why bother creating a host path for I'll let it create the data because if I like the app I delete it and then go through the setup procedure on it So that's why they let you do that which is kind of cool But there's not there's not an easy way and if you look up you'll find this tool called heavy script And you'll find the documentation to be bad and you'll find it Really confusing so do I people have asked me to Do videos on it and because true charts uses this and it's broken Even the true charts people don't have good documentation. So I just don't my recommendation is not to use it That's why I've been creating tutorials on how to properly set up the apps I don't have tutorials because each app gets broken differently when you don't set it up properly So it's too hard to try to show you how to get the apps for each one out It's better for me to go right and I'm sorry if you have done them wrong and You're just gonna have to go through some of those challenges I completely agree. I mean if you're lucky The app will have an export database button and the in the ui somewhere. I mean, that's great But you're still dealing with potentially having to convert sequel light to another database engine, for example And that gets even more complicated The other side of this too is that You know, should you care, you know, and I'm not trying to like You know tell the person their question is not important. It's very important But it's just like an alternate way of thinking and maybe this person already thought about this But you know performance obviously takes a hit if you don't have a decent database server But then again in the home lab, we don't have you know hundreds or thousands of people using the app We might be one person or maybe someone in the Several people in the family or in the home might use it You're not going to notice the performance penalty because you're just a couple of people It's not until you start scaling it up. Anyway, like my Fresh rss. I think it uses sequel light by default. I'm not mistaken. I don't notice any Performance penalties the database flat file is right there in the same data store inside trunas. It's backed up I can have different versions of it and everything and and i'm okay with that Um, you can't argue it's more proper to have a proper database server But at the end of the day you have to think is it worth it? Is it working okay now? Or perhaps someone wants to learn the process because they want to know how to convert one thing To another and just like you said it's always going to be App dependent. Um, it's like it's it's pretty much The same as doing a lift and shift where you want to you know transfer An app on a server to another server It's like almost like the container version of that but just the database but it still Has the complexity of a lift and shift it's it's I wish there was like you were saying some kind of a tried and true single thing you can do There are some odd Things that some people do that they swear by for example I've had people that Subscribe to microsoft azure not because they want to run vm's not because they want to actually use it for production But some people will use the database converter within azure because i've heard that it's one of the best So you can go from post-dress my sequel in all different directions I can't personally vouch for it, but I know people that will literally Just use azure for that one thing even if they don't use that cloud They'll have an account just for that one feature anytime they want to convert a database which is pretty funny But um, it could be something to look into if you are able to get like a flat file of the database And you want to convert it and then do like a my sequel Or import or something like that could be a possibility, but again It's just what i've been told i haven't vetted that myself yet Yeah, i'm gonna jump on two more questions real quick here This comes up a lot and this is a challenge with the way podcast feeds work We're aware that a lot of times it gets stuck at 99 and we got a goof with something in wordpress to make that work They ask if we use blueberry and wordpress to send the podcast out So yes, that's something we'll address and work on for those you That only get so many episodes back. That is a weird problem. It does all the forward episodes It's the older ones that there's some quirkiness for the way the rss feed works And the second one is going to be hello I'm catching up on the show recently listed episode where you spoke about multiple ssid's as a method of segregation I have a I've read that too many ssid's can reduce performance. Is that true? If so, how much? Performance that's going to depend on the wi-fi device and it's usually not the ssid's It's the number of devices that get attached now The newest version of wi-fi does a better job with this but essentially the Was it called time division multiplexing? I didn't have the words pulled up on there There's the time division multiplexing system that is used in wi-fi can suffer from Weeding and round robbing its way through all the different devices when there's more devices You can have some more slowdowns on there So it's not necessarily that having two ssid's may have an issue But if you have 30 40 devices spread across different ssid's you're going to have a slowdown The reality is one of the reasons I don't do much wi-fi You know speed testing which I know people get excited about is because it's so hard to measure on wi-fi because you're dealing with Interference you're dealing with different device types We've we have found so many and if you read through the updates for any wi-fi access point It'll always be like found problem with In certain name of phone and that phone may even be a flagship phone Where you have two phones sitting next to each other and one consistently gets faster speeds to the access point for reasons that are unknown chris from cross talk solutions actually had covered this when we were talking about the One of the wi-fi devices me and him both reviewed of how for some reason that wi-fi device doesn't I think it was the iphone it didn't like and I had Tested some sysco equipment that actually died on me, which I thought was funny It's why I never finished reviewing it because One of the access points died it if you set it to wp3 my pixel Six would not connect for reasons. I don't know only my pixel six my older phones and my pixel seven all connected But the pixel six wouldn't and one of two Lenovo laptops two different models Wouldn't connect but swap it back to wp2 it will wi-fi can be quirky and it can be Speed and performance variations are a lot. It's one of the trickier parts on there because as much as we have well written standards Yeah Company is implementing those standards as well is kind of a challenge Yeah, I I think the only thing more annoying than wi-fi is bluetooth and dns Those are two things more annoying than wi-fi. I think those are the only two things I could think of that are more annoying than that is and I've seen the comment here in the live stream Airtime fairness isn't always fair. You are correct and Trying to really break down what that is if if you want a performance You want speed then you go hard lined. I've never had the need for speed with wi-fi and neither do any of our clients Our clients always care about connectivity Um, so if you're trying to get the most speed Consider hard-wearing like if you're looking for the lowest latency best connection for playing games You want to transfer files from your video editing rig like me and jade you you're going to want to focus on You know getting that thing hard lined in that's that's the best most effective way to do it Yep, I absolutely agree. I I will hard wire anything that I possibly can And it's especially painful When you do content creation because if you want to you want to let's say edit something on a laptop On your couch They're going to transfer the video file to it and you know sometimes I'm on the couch and I forgot To grab the file so I'll grab it over wi-fi and then as I'm reminded You know something it is not it's like a 10 or 20 gig Amount of files or something and it just takes forever But then of course when I'm wired in it it's super fast and even if my wi-fi is running very well I mean there's all these fluctuations that could happen like you said it. It's just Um, it's just weird. It's just odd To say the least But you just kind of you just kind of keep adjusting things for your environment until you are annoyed as least as possible Right Absolutely. All right. You got a couple questions you can answer I do and one of which is is more general, but we've had several Comments that I've received by email that were made by people to this show And also the enterprise linux security podcast because we talked about red hat and all of these So I'm going to try to address all the kind of blanket red hat Yeah, but it's one thing I want to address is that This really odd thing where it's like someone will say You're wrong because actually it's this this this which what they're saying is exactly what I said I'm like, what do we disagree with again? I'm I'm I'm not sure because You're telling me exactly what I said and sometimes I wonder if people don't hear the full argument Um, for example, someone wrote in has said well red hat has every right to do this and I agreed I mean, I literally said that it's their trademark, you know, it's their Um distribution they could do whatever they want with it and I absolutely agree and um someone mentioned that the the code is still available on um, you know to paying customers and Um and things like that it that the code is still available. It's just Who it's available to that's different, which is what I said same thing Um, so I'm not really sure what the confusion is but just to make sure that the point is accurately per You know conveyed on my part Yes, red hat can do this. Yes. It's their trademark. Um, yes they're a company and they can pivot to do whatever they feel they need to do to Earn more profit, but our point has always been that despite They can do this That you know, it's caught what their negligence and impulsivity and lack of communication is causing damage to the industry So it's not about it's less about can they do this? Yes, they can but they just don't go about it in a responsible way, especially when they Tell literally they tell all the linux and rocky linux You can continue to exist. You can continue to get the source code And then they pull it but they said that they could have access to it So you never know when they say something that's just going to randomly take it back and enterprises They can't rely on that. Okay. It's it's okay for a company to have a mistake every now and then or miscommunication It happens and yeah companies can change direction, but when We have this many mess ups and and communication failures in a short amount of time You know, if I was running an enterprise, I wouldn't be able to trust a company that Says one thing and does another one month to the next that's always been the the problem here and this unpredictability causes damage and Yes, the source code is available. It's just who it's available to and specifically they're trying to Kill downstream distributions right after they said they can exist So I just want to be clear that nobody is saying that redhead is doing something that they can't do here It's not a matter of can they do this It's a matter of should they do this and are they throwing their own Customers under the bus. I say yes, but I I say the last thing I'll say in the meth on this though is Yes, it's a complicated topic. We also Literally said on the show, you know open source is hard. We had an episode that covered that So there wouldn't be a debate if everything was 100 percent infallibly like wrong on one side But there's gray areas here, which is why debates exist But just make sure you're understanding the full argument and our full point before you write in because I've received no fewer than probably 10 emails that made me wonder if anyone listened beyond the first minute. So just wanted to throw that out there Yeah, the um, we already know led red hat has plenty of lawyers. So the we're Neither me nor g are lawyers, but I feel confident that red hats lawyers reviewed this before doing it So legally I think they can do it. I'm I'm I feel confident in their legal team's ability to Do that, but morally no, they shouldn't so in their legal team You know they shoot down including things like mp3 support and fedora and they're very um, you know There's a video codec that was a target of this recently So I don't think there's any question about the legal team Looking into things because they always err on the side of caution historically to the point where if there was like a Small percentage chance that something could backfire legally. They just don't do it So the fact that they did this means one of two things They made an impulsive decision that their lawyers didn't get, you know, uh get a say in which I absolutely doubt happened Or b they checked with their lawyers and and everything is is is, you know fair or not fair But you know they can do it and I think just like you said that yeah, they I would be I think it'd be more shocking than the red hat announcement itself if the lawyers didn't look into this It is just no way they they looked into it. They know Yep. Yep You see the one that says lxt in the home lab. So let me read that one out Yes Yep All right I like to hear your thoughts on using lxt in the home lab proxmox next should be or the fate or my flavor at the Moment, but lxt has some quite interesting features. It might be something your audience is not so familiar with Not entirely bad choice to the home lab on fairly low spec pcs and hardware if you want to cluster some small form factor pcs Maybe do you have any pros and cons of using lxt use cases or management tools? I do and they want you to say lex d and lex c which I I have a hard time making myself say that because it I don't pronounce things like just three letters. Anyway, but just throwing that out there, but I actually used lex d in production before proxmox because at the time I had a Very scrawny server. It had maybe eight gigs of ram Um and maybe four cores. It was pretty weak And I wanted to get the most out of it So what I found is that I can only run a few virtual machines on that But as soon as I switched it to doing everything in lex d then um I was able to just really get a lot more out of it like run a like Probably three or four times the number of containers versus virtual machines on the same hardware so lex d is Just just to give people a bit of background lex c linux containers is a um container I mean this this predate stalker just to give you guys an example and people that use docker. They know that You know, it's a layered approach, you know, they're every time you make a change There's another layer and if you you know delete the container number not delete it But you stop it or kill it and it has no more work to do it dies. It's gone And you have to engineer your own stateful method to keep your data lex c is is like a virtual machine approach to Containerization Which is weird to say because linux containers predates it But I say it like that because I think it makes the most sense because most people know docker before linux kernels so By virtual machine approach what I mean is you can get a mac address And that can get forwarded to your firewall or dhcp server And you could you can you could treat it like a server. It's going to have the same mac address every time If you were to spin it up save a file in your home directory and stop the container if you started again It's still going to be there because it's completely stateful by default. It's it's really really cool. I like lex c a lot lex d is kind of like lex c with extra features there's zfs on top of it there you can have clusters They add additional features that um and canonical is the main Now they're the the actual steward of this because they it was fully Open and then they kind of just wanted to I'm not saying it's not open now But they just wanted full control over it which you know, it's their project or whatever they want to do But you have to understand canonical pretty much owns this now But they They do add some good features here and I think if you like zfs if you like to cluster things I'm pretty sure that does migration too Um and that this is different than what's what's in proxmox because proxmox has lex c built in And which is pretty awesome. It's just lex d has a bit more features added on to it as far as pros and cons. It's Really down to the application if you're running like a simple web server Why not just make it a container? I mean that's simple, right? If the app doesn't have a problem running in a container And you're constrained on space. It's absolutely a great way to go It just depends on your use case another question. I'll I'll grab someone in the um In the chat room asked about the homelab video that I put out this week where I talk about my homelab and In that homelab I mentioned that I'm not running any containers in production Now one thing to keep in mind about my content is it's unless it's newsy like something that just happened in the news It's usually a month old when I put it out because I have a queue where I record and it goes into a queue And then um, they're the videos are prioritized and they could be like a week old when I recorded them I've had some like four months old Before I tried to get that one out because I wanted to get it as current as possible But I think it was about a month old because right after I put that video out I started moving things into containers into the kubernetes stack and I talked about it in a recent episode like smoke ping is one Uptime kuma is another heimdall is another one i'm running So i'm running a handful of containers in there now. So the next time I do a homelab video, I'll probably I think the next one is going to be more about ansible But sometime later I might revisit that and talk about the containers because my homelab keeps changing just like everyone else's So it's just the content creation thing. Sometimes it's just a pipeline and there's a little bit of a delay But as of today, yes, I am Absolutely running containers in production. Yep. Um Just so people know because I seen this question was asked and this is really recent news I believe july 24th was when this was released. So you should have a patch by now That is the zen bleed which is the similar to the was it specter meltdown It's in that kind of class of bugs where it's figuring out how to escape and get information out of past cpu boundaries This is not an attack that is known in the wild and I really I don't think to date other than proof of concepts and academic researchers not I've not seen any infiltrations or Exfiltrations, I should they have data that have occurred exactly like as an attack vector So it's just something to be concerned. There is a patch. So I wouldn't recommend not patching I definitely recommend staying patched on here. Uh, so I don't know how much I would worry about it I would worry about things that you plan not to patch and that's a bigger broader problem Like if there's patches available, you should have them loaded and specifically because they've already released the Microcode updates because this can be fixed in software Definitely do those patches and then you don't have to worry about it Yeah, I mean that's there's a reason why they're made available and if um, you're worried about An update, you know bricking your install then why don't you have snapshots get your snapshots implemented So you can go right back to right before you installed an update so if there is an issue you have something to go back to but Um, yeah, absolutely. It's all your updates. Yeah, and it's like anything else. There's it's one of those things It makes a lot of news Tavis Armandy the researcher at Project Zero Google is Damn amazing at finding bugs that dude has found some of the most just read through everything Tavis Armandy has done And scratch your head at how he figures it out because if it's there's the good news is he's working for the good guys Tavis is a bug Reporter he does these incredible write-ups and they are works of art like the you're scratching your head the esoteric things He's been able to find and I'm just happy he's working for the good people He does proper disclosure context all the companies go through the full cycle of things. So Um, it's not like this was found out in the wild everyone was being attacked and there's like Oh, no, if you didn't patch you were at risk for some period of time Uh, I don't I don't know anyone on the bad guy side that is quite as skilled as Tavis Yep, I totally agree. This is good Uh, do we want to jump on the topic of ad block ad blocking on mobile devices? Yeah, that was one of the ones I was going to talk about too because it's one of the email feedbacks that we've received and Um as a bit of a um background I hate smartphones I just want to put that out there because people get surprised when They find out that I run an iPhone and I'm just just putting that out there And the only reason I do is because I hate all smartphones. I hate android and I hate apple as well I just just like the iphone maybe one percent less. So I kind of go that direction I kind of feel like phones are a necessary evil It's like people need to call me, but I hate looking at it. So it's complicated Um, so I I never you know really cover phones much But they do exist and one of the things and this is why this email struck a chord with me is um Browsing the internet on smartphones is just Horrible like it's so different than on a computer because you you have auto playing videos that jump in front of you more often you have Um focus breaks and it's made worse by the fact that a lot of these browsers where you know If you get a notification you go off to another app and then you go back to the browser Then it starts you back up at the beginning like right now. For example, I'm replaying final fantasy 4 So I have this little very short walkthrough on my Browser and every time I switch back to it it starts back at the front So I have to go Keep scrolling find out where I left off so I can I could continue that part and then deal with ads every single time It refreshes and then ads will sometimes itself make it refresh losing my my place I mean phone browsing is um, I would almost rather just have a dent have a dentist do a root canal Then deal with this But the the also when you have android in iphone, there's different things that you can do as far as um You know ad blocking dns It's one thing if you have piehole at home and you're on wi-fi and it's going out that way You're pretty good But anytime I leave the house and i'm you know away from my piehole I get all these ads so what do I do? Do I just make my piehole publicly accessible? Well, that's a bad idea because then you have dns men in the middle attacks That'll be you know stupid easy to pull off against me And um, you know, we had a conversation about this last night because it's It might be easier on one platform than another and there's quirks in one versus the other But it's it's kind of like a problem I really want to see solved because it's to the point where I will sometimes just wait Until I get home to look something up because god forbid using a mobile browser Yeah, there's um, I see someone commented like you can load some of the extra browsers on there I'm like android. I use android But I don't bother with the ad blocking on it because it just ends up breaking some things One of the challenges is if you try to do it globally first You got to make sure the phone's not trying to do dns over https Which I believe is a default on modern androids, but that can be Varied by each individual Device maker may have some customization they put in and then for me I'm just using you know the pixel series and I think there's some chrome flags you have to set but As uh someone who has a waifu plays clicker games a lot If you go through all these settings and you do the favor of blocking ads Then you'll find out that these silly clicker games that she likes can't load anymore because they say you've loaded an ad blocker So until you disable your ad blocker, we can't load these games and these apps anymore I it's kind of a person case by case basis. It's not something I have a ton of experience in Um, I'm kind of a j. I just don't care for the browsing experience We actually talked about pulling out like a pine phone or really I just prefer to use a small laptop to browse the web and Use ublock right in the browser to kind of solve my problems with it That's been my kind of go to I wish there was a better answer But the device lock-in that you get the walled gardens they create are to really keep you as a captive audience They there it's it is a really cat and mouse game So it's it's not just you who might be looking for this and finding it difficult There is trust me a lot about making this difficult Being pushed by these large companies Yeah, someone in the chat room mentioned using like vpn to get to piehole and that that's that I mean that's accurate You could absolutely do that but what I find is that a lot of places are strangely hostile to vpn like they just think vpn is evil like um going to a like a fast food restaurant trying to connect to open vpn and it just won't connect But then I I leave the restaurant and it's fine And some carriers block ports that other carriers don't and then if you're using wi-fi at like a hotel They're notorious for this crap and they're also notorious for it being slow. So while that is a valid and clever work around it's Add there's some added frustration because what do you do just make your vpn server run on 443? I mean that doesn't sound like a good idea to me But they don't block port 443 because that's part of the internet I mean you can do things like that, but let's see that's the problem with mobile computing Every time you have a solution that's valid like this one Then there's a complication in this realm that kind of makes it Annoying when it normally shouldn't be Even like if I wanted to just access my home server via port as you know 22 for example, it's going to be blocked or something like that It's just um and I know how to work around all these problems But when you get to a point where you're constantly working around problems just to use your device You start to hate it more than you already do and and if if you are a system administrator or you are one Then there comes a point where the phone is an anxiety device because you're so wired to think like a server's down That even if you're someone that loves smartphones I'm telling you after 10 years working as a sys admin you'll hate them as much as me Even if you're like the biggest smartphone aficionado on the planet sys admin work will break you It'll make you hate it and I'm on the other side of that And um, it's like I still to this day think a server's down every time My phone goes off even though that's not the case So there is a little bit of bias I'll admit to here about why I hate smartphones But it is a very chaotic and complicated and annoying Um, you know type of computer right now and I I think that we need more control to just Be able to make sure that we don't see the things that we don't want to see we should be able to do that But you know, like you said lock-in that kind of makes it hard. Yep. Um Home lab notifications. This is a good topic Now this is going to be where there's different approaches to it and a lot of service is just like email There's no doubt and the good thing is you can usually find and there's some I've talked before like when I talked about doing notifications of pf sense There's a couple different free email services out there that do I think one's called mail hop They have like a free tier that gets you like 100 emails a month So as long as you're not getting more than 100 a month you can stay under free tier I think that's what it was at least last I looked but My solution whenever possible is I pipe all my log data It not for my business and my home lab I just push it all into gray log and then gray log you can have Different trigger notifications and different actions on that instead of email I actually have gray logs sending things to slack because I like slack and I just happen to use it for business But you can use webhooks to kind of alert however you want and because you can have the trigger and gray log For example, I have xcp ng is a common one that actually doesn't have any native facility to do alerts But I have certain things that will trigger an alert and when those alerts are triggered gray log knows what to look for in the Syslog and then we'll issue a trigger for example of a radar a failing I have a couple mirrored boot drives set up and if one of those boot drives fails It sends a notice via syslog that gray log parses and it's going to fire off a webhook to let me know that Hey, uh, this particular server has got this particular message on it and it'll actually send me the Message as well But you can have webhooks even tied into things like home assistant You you know, I this is something I might I might do as a project Because you can do home assistant with webhooks and I've used this for synology talking to my home assistant I think it'd be kind of fun to have a flashing red light that whenever one of the raid systems or a true NAS system kicks an error that home assistant turns on a red light And I happen to have one of those red lights floating around somewhere at the office So I could just put it on there. So it it's like if that red light flashing One of the servers has a real problem and I need to address it So you can get clever with this and keep it all in-house and not use slack I just happen to use slack because I'm in it all the time I don't necessarily mean that other people are so if you look at something like where do you want to Land webhooks home assistant me and jay have talked about this. I believe we've done a An episode on it on the system It's definitely easy to find a ton of information It's one of the best self-hosted applications for home automation and you can build automations based on webhooks. And so It this is kind of the path I went jay's going to talk about some of the other ways he has notifications set up yeah, so the The first thing I tell everyone is to avoid email when you can but the reality is you There's no such thing as 100 avoiding it and case in point pretty much every modern application Most not all how we'll have some kind of an API key where you could you could use some kind of like you were mentioning slack You could just have the messages go out there. I like push over for this That's what I use for notifications to my phone But the problem still is that some applications have no capability to Send messages that way Sure, you could you know put something in the middle and work on that But I think the person even mentioned they didn't want to run their own server just for this Which which I get because if you if you're running a home lab You should run the things that interest you you shouldn't feel forced to run something just because you have to right? So I totally understand avoiding this and good on this person for wanting to avoid Sitting up an email service something that I don't think anyone should do anyway But so what I do to solve that is I'll use push over first but for the edge cases I forgot the name of the service because it's cheap and they just take a few dollars a month for it But it's an outbound smtp server off the top of my head. I mean there's mailgun. There's Isn't there's something involving oh mailchimp. I was gonna say something with a monkey. What was that mailchimp? Mailchimp is letters that one's not I don't think there's any ways to connect to it Mailgun has an api and you can do you can do integrations with that matter of fact I use mailgun for my My forums because it's an automated api call to send out mails for forum notices Yeah, that might be the one I'm using too So sometimes you'll have a situation where the api is impossible and it really wants like an smtp address And it won't accept anything else in that case a really good email outbound service will give you like An app password not your account password. You generate an app password You put that in the password field. You could have like one per service when you need it I like to do it that way just just just pay for a very cheap outbound service better If you could find one free, but what I find is often the case Is everything that I've used that's free all of a sudden isn't free, you know Not that long after and I end up paying more for it So then I have to switch to something so sometimes it's like if you can get it for just a couple of dollars Still they could change things and you might have to quit that service But I think your chances are less likely that you have a you have some support you can get I mean you're giving some money to them. Don't run your own email server Um, you could if you wanted to just create like a throwaway gmail account I'm not sure if they'll keep it open for you if you're not like You know using it normally or if there's terms of conditions here But there is a way to get an app password and gmail and many of these other services And you could just plug that in if you want to go that direction. So um pushover Is one of those things I use but if there's a better one out there I'm not saying that I use pushover because it's the best honestly. It's the first one that I found and it was affordable If there's another solution, that's fine. I might even consider it But I think that's the direction I would go just use an outbound smtp service And get pushover anytime an app supports or has an ability to hook into pushover Definitely go that direction or whatever it is. It could be slack matter most rocket chat number of others Um, if you want to go that direction But for the ones that can't just have a outbound plan b email server to use and I think that'll be what most people will need for that That'll work and I think this is a we'll answer some a few of the questions back here real quick I meant someone mentioned uh security onion. I just wanted to say that was episode 42 We did cover it. I think it's an awesome project One more question someone had and I know it was recently done by network truck It's wazoo wazoo is a cool project. I haven't had time to use it in a number of years It's a fork of ossec Ossec was always really tricky to set up and I just never got around to doing a video on it wazoo Is a fork done by elastic and they made it a little bit easier I think it's a great security product as well that question was from uh up earlier So if there are a couple a couple projects you're looking to start with hey, definitely Security onion and wazoo are fun to play with and you can integrate wazoo into security onion as a feed Yep, someone mentioned that Setting up smtp and proxmox is hard and I just want to say yes. That is true. It is Weird because I find proxmox is very easy to use and clever the UI I have a lot of great things to say about it But I'm going to throw it under the bus their email system sucks Like you have to I mean you literally have to go on the command line and Not that this scares many of us right because we love the command line But some of us don't want to even mess with email and with proxmox You kind of have to and the reason why I didn't mention proxmox is because I automated that years ago like setting up the smtp out and all that So I don't I never think about it I literally just throw my automation system at it or actually I just throw the config files on it And then it's fine, but I really do want proxmox I want them to put something in the GUI for people that preferred that method to be able to plug in their smtp information Or at least an api key would be even better But that's like one thing that I think proxmox really should do a better job on Because it's strange that they figured everything out except for that Doesn't make sense. Yeah, you kind of have that same challenge with xcp and g because they they go They'll go further. They don't even have an option other than if there's nothing you can do what you want on the back End because it's linux, but there's not a facility built into it So you can build your own monitoring you can export your syslaw now even through their UI You're able to just take this log and pipe it somewhere So my answer is gray log because I send everything the gray log Gray log is my go-to place that way all my notifications come from one thing and then I have um uptime kuma The only thing not in gray log is uptime kuma and uptime kuma keeps an eye on gray log So if gray log goes down, I know gray log goes down Uh, well gray uptime kuma actually matters a lot more than just gray log But that's my secondary of hey tom, how would you know if gray log went down? Exactly and I I've had situations where you know, you have you have to watch the watcher and if you don't something silently fails It's a watcher Yeah, total agreement on that It's probably an episode in and of itself to kind of just talk about the messaging chain because sometime I mean, I wish I had an answer like just do this one thing on all your apps and it's fine But every app wants the data separately even worse you have Let's encrypt built into all these but not all of them support the same dns checkers than others So you might be using a service that allows you to validate let's encrypt easily on one And then another doesn't even have that built in and then you have to go in the command line and um There's a few rough edges here that are are kind of curious to me that they still exist when everything else was made easy but If any developer is listening and they they have some spare time I want to contribute something to proxmox or whatever. I mean this might be something to look into Yep All right. This is I think the last question we have here is hey, tom and jay have a question for the upcoming q&a episode I have multiple vms in the cloud if you at home all run debian base distros good for you run debian Debian from time to time ssh and each of them check the logs upgrade packages The the base is provisioned via ansible, but I still don't do I still do upgrades manually I'm looking for a tool that gives me a single management interface for all the linux servers The closest I found is the cockpit project But it runs each host independently, which is simply better than the ssh way Do you any tool or how you would optimize the each regular maintenance operations? My short answer is you could technically do this with zavix and have it monitoring everything and letting you know What the status of those servers is but I think jay's answer is probably going to be a little bit better of You have the systems all auto patching themselves Yes unattended upgrades is something I install and there's there's something like that for other distros But since this individual is also using debian, I just have a template ansible for The config files for unattended upgrades. So they're fed in via via that And then I have variables in the config file for the email address and the information so that way, you know Someone can get a hold of my template. It's fine It doesn't have my actual email or any credentials in there But it has placeholders as you'll see and it's a really good system because Then ansible is going to make sure that every machine has that and then you'll get alerts from unattended upgrades itself that the updates ran. I'm trying to remember the name of that I haven't used it myself yet, but um Someone in our circle used this uh for ansible and did a couple of videos It is right there in the web browser. It wasn't awx or ansible tower It was something relatively new that's getting a lot of buzz right now that I want to look at you I can't remember the name of it though. It's is it sum of four. I think it is Yeah, I think that's I'll look it up while you because the other thing is um You are also running ansible. You have the system uh checking for Changes that way if you push a change in ansible all the systems you built with it. How often do they check in? So, yeah, that would be the internal ansible solution So basically the way it works is that I have a variable That depending on how important the machine is the variable might be five. It might be 15. It might be 30 And that's how many minutes it checks in basically So if it's super important it checks in every five minutes if it's not really all that important I'm not wasting traffic and the way that I I set it up is I use ansible pull because I Feel that ansible pull is far superior than normal ansible And I won't even use normal ansible. That's how much more superior I think it is But I also it allows me to do some things like Create a system d unit that handles the check-in So the system d unit a system d timer goes off whatever that value is and then it checks in But what happens if it fails? Well, I get an alert But not only that I have it set up to schedule itself to run again Like an hour later just in case there's like a temporary 404 and a you know Debian repository or something so if I get a failure I just kind of I look at it But I don't really get concerned and then because it's going to try again And if it fails the second time I got to go in there and look at it And then I have health checks.io that gets pinged every time a server runs So if a server doesn't run or is silently failing Then health checks.io will email me and say hey this server hasn't checked in in a week You need to kind of go look at that so that kind of helps me find any machines That might be kind of stuck on something which doesn't really happen often But I have a lot of things built in like for example when I boot a machine It won't even check in to Ansible for 45 minutes because if I needed to like pull some data off a machine You know a machine that was Decommissioned the last thing I want to do is have to contend with an ansible run while I'm just trying to get data off of it So I have logic in there for that It's just going to run 45 minutes after it boots But then after that it runs the the number of minutes that It's a configured for so there's A lot of intelligence that I built around this like it even knows when itself is running So it doesn't run against itself. It creates a lock file like oh you're already running a job So no you're not running too So that's going to stop it from tripping on itself, especially if a provision runs so long that the timer goes off again I have that logic built into it and There's just so many things that I I know I'm probably forgetting something like really cool But basically I built all that logic in with ansible pull and I I feel like ansible pull gave me the ability to customize all of this Ansible normally is run from the server toward the machines And if you're doing that you might want to look into semaphore Um, and yeah, it does look like that's the name. Yeah, it's it's uh semaphore ansible christian lempa that digital life He's done a video on it. He's a friend of ours friend of the channel Awesome dude awesome person. I really like him. Uh, by the way, he he one of the his things about youtube is he's uh, He mostly speaks german He's not the best english speaker when he started and youtube was a way for one to share his passion and technology also Uh, so he could become a better english speaker and i'm impressed like when we have conversations with him because neither me nor jay speak german He's just super. He's really articulate It's i'm just sitting here trying to learn different programming languages fluently and this guy is just doing all this And he's multilingual on top of it. It's like oh my gosh Um, so yeah, that's um, that is right. He did do a video on that So that would be the direction I would now granted I haven't used it yet But I feel strongly enough about his recommendation that if he's recommending this that I have no problem Recommending it based on his recommendation of it. I will probably do a video on it myself at some point It's a pretty slick. It's a pretty slick system for managing ansible. So absolutely. Hopefully it answers the question Do we have any more j did we cover them all? The last thing i'll mention is I will be releasing my ansible solution publicly So if you want to see what the heck i'm talking about, uh, I don't have an eta I have some checks and balances to go through and i'm going to basically make it a public Meared repository so my internal solution will mirror to the public one So when I make a change internal, you'll see it um in the public as well And then it'll also have a video and some documentation that'll tell you how it works It won't be like you could just drop this in your home lab and it'll work There's going to be some things that you will need to change and it'll be in the documentation And part of the fun is getting it to work in your environment You wouldn't run it on production But if you're curious how I do things you want code samples You want to know how the chain is set up how I check this how I check that How the system d thing works along with ansible all of that will be in the video and you'll be able to download that repository yourself And uh, you know just hack away at it. So if you're curious how I do it, you will be able to find out I don't know how soon it could be a week. It could be two months, but it's called Nodeforge That's the internal name that I call the solution So if you see a video that references that then that's the one that i'm talking about and that's going to have it in there So definitely wait for that. Um, I don't know if you have an answer for this. I know I don't at all pve I'm seeing this proxmox virtualization version eight virtual environment That's the product name because they make a mail gateway and some other things. Yeah, um Network card changing names every time changing order every time it reboots. I've never I don't experience that next cpng. How do you do with that in proxmox? So There you shouldn't have to it if you have this problem that means something else is broken By design proxmox doesn't have this problem. I've ran it on countless machines installed it reinstalled it to do tutorials for example And I've never once had this problem. This was a classic linux problem altogether where you would have And they mentioned this the persistent rules file Which would be created because you'd get like a Identifier for the network card into the map it to eth0 eth1 and so on but then later on they switched to the The new naming scheme which is going to be based on the position of the network card on the bus so if the name is changing and The weird thing about this is that it according to the what the person said it's changing from the New format which could be enp You know a longer name. That's kind of generated based on location To like the standard eth0 and then back again that tells me that Either something is getting Something is configured to tell it to not use the actual naming because Persistent rules that file should not be necessary anymore today in 2023 on any distro. You should not need to touch it They they have this figured out. So there's something in there that's Maybe de-configuring it or putting it back to the old way or flipping it back. There's there's another Ingredient here because by design out of the box proxmox. It just doesn't have that problem. So yeah, I wish I knew more I wasn't doing this in seven. It's hard to say, you know Yeah, they said it wasn't doing this in seven. It happened after I dated eight As a non proxmox user. I don't know but maybe they introduced there's a bug somewhere is a guess Now my question then would become was proxmox eight a full install Or was it an upgrade? I could tell you that I upgraded to it I didn't do a clean install. I've been writing the the entire seven series into eight So I didn't in place upgrade throughout Um, if there is a bug maybe if you install it Fresh you could experience the bug But maybe I don't experience it because a config that is proper kind of stuck around and maybe only new people get it All of this is just guesstimates and in theory on my part. It's Odd it's not normal I'm it's just really hard to say like sometimes I just wish I could just get these machines in front of me because I really want to know what it is now, right? But without having physical access to it It's it's really hard to find out and sometimes people just need another set of eyes and You know that that something we run into all the time We know our systems back and back backwards and forwards We're going to filter out some things that someone else may not filter out if they were to look at it And there's been plenty of times where you tom have pointed out the obvious to me and I'm like, oh my gosh I didn't even think about that. So um, there's just so many different things, but I would be really willing I'd want to know about more about this because Um, even though I'm saying I don't have this problem You never have a problem until you do and it's always possible that this could be a big problem and he and this individual is the first one to mention it so um Maybe this is some that'll affect more people and I need to know about it. Maybe it's a situational thing But either way, um, that would be a very annoying thing to have to deal with. Yep All right. Well, let's wrap this up. Thank you for all the questions you sent in We this is this is one of the things me and jay were waiting a long time for We're kind of excited to see all the questions that come in now. So we love doing these q&a episodes Oh, yeah, definitely definitely a lot of fun. Um, but See you all next week. We definitely have some more things planned We we try to figure out which one we we're doing our list and going wow, we got a lot of things to talk about So we really do yeah, there's so many things we want to talk about send us episode ideas too because I sometimes when I Come up with an idea for the show. I'm like, why didn't I think of that sooner? That's just too obvious. I should have been within the first 12 episodes or something So I think there's definitely some missing pieces here. We need to kind of round the edges on so Absolutely. Well, thanks everyone for joining and we'll see you next time. Thanks