 All right, so I'm hoping that we're live. I'm just waiting for everything to get caught up here. Sorry, it's taken so long, guys. Trying to get the chat to show up in the screen. Normally Tom does this for me and I don't see a way to do that. So we'll begin the actual episode in just here in a moment. I just wanna make sure that enough people on here. So bear with me another moment and we will get started. All right, so hello everybody and welcome to episode number 65 of the Home Lab Show. Today, Tom is out on a mission. So he's not available today. So he asked if I wanted to just go ahead and wing it. I decided to go for it. So I thought I would title this episode dev random because I'm going to talk about several different things, address some comments that we've received, maybe some things in the chat too, talk about my time at scale, which I literally just got back from and I'm editing footage for right now. So there's gonna be a few things to talk about today, but before I get into that, we need to talk about the sponsor for this particular podcast, which is Linode. Linode is also the infrastructure provider for Learn Linux TV as well. So we don't just drink the Kool-Aid. I mean, we really drink the Kool-Aid. Well, I guess that's a bad analogy. But anyway, the fact is Linode is a Linux focused cloud server provider and some people might think, well, why are you talking about Linode, a cloud provider when the whole point of this podcast is self-hosting and homelab? Well, actually it's not just self-hosting. A lot of times I tell people that, homelab is about strategically hosting things where it makes the most sense. And Linode, for example, being a cloud provider can be the ultimate DMZ. If you wanna run a blog instead of just running it inside your network and letting people in your local network just running out the cloud and then you don't even have that problem. And then also we talk about things like tail scale and all those overlay networks and related technologies. You can spin those up in Linode's platform. There's going to be a link in the description down below that you can use to support this podcast by clicking on that link and you'll get free credit that you could use towards a new account, $100 of free credit, good for 60 days. And you can spin up some Linux servers and maybe run NextCloud or any of the other things that we talk about on this podcast. So thank you to Linode for sponsoring this episode as they've done for I think the majority of the episodes except maybe one or two or something like that. So anyway, so with that out of the way, let's just go ahead and get right into it. So I figured what I would do is warm up by talking about scale, which is where I was in Los Angeles for quite a while actually. And it was such an amazing experience. The majority of last week was spent there. And it was actually my very first Linux conference and I was able to network with a lot of people, some of which are, I feel, a good fit for this particular podcast. I don't know who, I don't want to name drop anyone because I don't know who will or will not be on the podcast and what will actually ultimately come of that. I mean, I've talked to people from, for example, Seth, NextCloud, Mattermost, GitLab, Jenkins, a number of others. I can't even remember everybody. I'm actually working on interviews on the LearnLinux TV YouTube channel. And if you're coming from Tom's channel and you're not aware of mine, you can go to learnlinux.tv and there's a button on the top right corner. It takes you right to the YouTube page or the YouTube channel for the page and you can check out the content. I'm actually going to be uploading at least two videos sometime today and then subsequent videos will come out of that. But scale was actually my very first ever Linux conference which is, that has shocked everybody I've told that. But keep in mind the popularity of my channel came up right as the pandemic, unfortunately was also ramping up. So there wasn't really much of an opportunity especially as I was quitting my day job to do this full time. I envisioned it like, I'm going to be talking to you guys in person and networking and just hanging out with you guys but it didn't work out that way unfortunately but now I'm more than making up for that. So definitely had a lot of fun at scale this year in Los Angeles. So let me see if I can get caught up on the comments here. So one moment. So someone in the chat asked if Tom is actually out today and yes, Tom is on a mission. He's out of the office today. So just asked if I was interested in hanging out with you guys and doing a little bit of random chat. So I figured, why not? I love to talk about tech. So I figured I would go ahead and do that. So anyway, I got out to Los Angeles for scale last Wednesday and I was there actually I just arrived back home yesterday. So I think I was like the last of the people in the group to make it back to their house long story. I'm a klutz when it comes to missing flights and things like that. So some of the things that I saw there, I know you guys are totally interested in Seth and that's something that's definitely on our list. So if any of you are thinking about writing in and telling us you should do an episode on Seth, trust me, we're planning on that. So no need for that. We're already looking into that. It's just a matter of who's on the list. That it's just a matter of who's gonna come on and talk to us about that. So what I figured I'll do, because I think, I mean, you'll see the scale content on my channel. So I probably don't need to say any more than that. You'll get all the information there. I don't wanna be redundant today at least. So what I figured I would do is address some of the, you know, Q&A type questions that we've received. There's probably at least a few in here that we would be able to cover. And then if you guys have some questions, you wanna just insert ad hoc into the chat. I'll look out for that. And then we'll go from there. So let's see what we can do for our first question here. All right, so a couple of the things on here I'm not personally familiar with. And then some of which are going to be more in Tom's realm. And it looks like there's actually quite a bit of things in Tom's realm here. But when it comes to one individual who wrote in, somewhat annoyed, I don't know what word to use about us recommending hover and the prices being a little bit higher. And I think one of the things to, you know, think about or one of the mindsets here is that we're going to recommend the service that we feel is the best balance between, you know, value and price. And yeah, I've heard before that hover for domains is a little bit higher than the competition. Now, one thing to keep in mind is that for us customer service is huge and is slightly more important than price. Now, don't get me wrong. If a domain that costs $10 cost $100, we can't recommend that because that's insane, right? So if hover's a few dollars more, the school of thought is that their customer service has always been fantastic. I've never had a situation that they couldn't help me solve. And this was even before I'm famous on YouTube, obviously. I'm not trying to say like, yeah, they always help me out and throw themselves at the problem. Of course they do because I'm the YouTube person. And but no, it's not like that because even before then I've been using hover for quite a long time, even before my YouTube channel was a blip on the radar and what kept me with them as a customer service. And when it comes to Tom and I, it's like, are we going to recommend something cheap or maybe something that could be a few dollars more but is going to give you guys a better experience. Now, keep in mind, hover is not a sponsor. They don't even, they've never even contacted us at all ever. So I couldn't even tell you the name of a single person that works at hover. We recommend it because we've had that good experience. And if we recommended a company that's cheaper, that'll save you money, obviously, we'd be doing a good thing by doing that. But at the same time, if the customer service isn't there and then you get a bad experience, you can't get your ticket resolved, you can't get anyone to help you out, I feel like that is worse than maybe a dollar or two more because then you're losing real time and you're getting even more frustrated. So for us, that's kind of the school of thought there. And hover has just never really been a problem. We've just had nothing but success with them. And that's why we recommend hover. Now, in full transparency, they could become a sponsor if we reach out to them. But as of right now, there's never been any arrangement ever or any conversation other than me asking them a question when I'm buying a domain or something like that. So yeah, I just wanted to address that particular question that came up. I was thinking this would be a Q&A episode and it is gonna be kind of that. But looking through these questions here, we didn't get that many. I will acknowledge that someone wrote in and mentioned that there's only like the last 10 episodes in Apple podcast. So I just wanna mention that I'm acknowledging that. I didn't look myself, but I'm just gonna take you at your word for it. We'll look into that and see what's going on there. I think we've run into that before and someone on the team fixed it. I'm not really sure what it was, but I'll look into it or Tom Will or one of us will look into that. So yeah, I've heard you and I acknowledge your point there. So that being said, you guys can enter in some questions into the chat box. And what I'm gonna do is maybe ask you guys some questions for a change actually. Yeah, I have to stay hydrated. Hi, I learned that lesson about staying hydrated when I was in California, believe me. So I have a question for you guys actually and you can write in in the, you can go to the website and fill out the contact form there because I understand some of you guys are driving and you can't really interact. You're probably listening to this after the fact. And then currently we have 52 and counting people watching live because I didn't do a good job advertising the time. So it's a little bit smaller than most, but one thing that has occurred to me repeatedly is that ham radio is very popular when it comes to Linux. And I feel like there's some overlap here because people that are into ham radio, they love to tinker and spin things up and build things. And one of the more interesting exhibitors there at scale was Arden, A-R-E-D-N, which they're using the ham radio mindset technologies. Actually, they are ham radio enthusiasts through and through for like an emergency. And that's what it actually stands for, the amateur radio emergency data network. So they can actually help emergency personnel where needed. And they're just doing an amazing job. And I feel like I'm doing a disservice by talking about it because the scale of Arden and what they're doing is so huge that it's like, and it's impressive that I encourage everyone to check that out. But the reason why I'm bringing this up though is because not only is that like people taking their love of tinkering to a whole new level and actually helping people in the world, but ham radio in general, there seems to be a overlap with Linux and ham radio and the enthusiasm of tinkering. So my question for you guys is if a ham radio episode is in order, if that's something that you guys are interested in, you could write in and say that that's not something you think would be a good fit or if that's something you would be excited about, it could even be something I do on the YouTube channel and not the podcast or maybe it is something that we'll do on the podcast. So you guys want to let us know that's something that you guys are interested in. There's a chance that I might be able to find somebody who knows ham radio and could come on the show and give us a primer on that because it might be something that I'll get into. So what I wanted to do is just kind of pose that question out there for you guys and see if there's any interest there. Again, I've mentioned Seth because you guys have expressed interest in that as well. And I've actually had a conversation with a couple of people there at scale on the Seth project. And then we'd have, you know there's other technologies that I'll probably do tutorial videos on including but not limited to GitLab. That could be something to talk about matter most. They seem really excited to kind of get out there and engage and when the project wants to engage with the community and they're excited about that it makes me feel good because I feel like they get it and if they're wanting to engage in the community then that's pretty much a requirement for me because if they don't want anything to do with the community it's like really wrong with you guys. But anyway, yeah. So I'm already seeing some positive comments about ham radio showing up here and we'll look at the feedback form too and just see if that's something we can get going on and having more guests on the channel would excuse me on the podcast would be great too because there's a lot of people that were a lot. There's at least a handful of people that we're talking to to try to get them on the podcast. So yeah, so I thought I would answer that question about hover why we recommended them which of course is customer service that's the reason and then pose that question about ham radio. So when it comes to our recommendations in general hover or otherwise, Tom and I both are of the same mindset. It's literally like we really do look at things for a really long time before we show them as a sponsor or mention them. Now speaking solely for myself, I could spend months vetting any of the companies that I recommend before I do so. So just always keep in mind it's not just the price. Obviously, yeah, again, if they gouge you that's not something we're cool with at all but we even go and check there they've been breached and things like that which is a huge one because it's like, yeah, we're gonna recommend a company and then find out, oh, yeah, they've been they've been leaking personal information due to our vulnerability that would be really embarrassing. And those are some of the things like when you make content you really gotta pay attention to because if you recommend something and then someone's personal information leaks as a result of that we take that extremely seriously because you see breaches on the news all the time. So price, customer service, security mindset all those things really come into play here when we talk about these companies. So Hover is definitely not a light recommendation. We love the company and what they do in their customer service. So again, I'll get off the Hover soapbox because I don't wanna spend all the time doing that. So anyway, there's a question about if there's any interest on doing an episode on SSO and yes, there's interest in doing that. Now, I don't know how much or how likely that is because it, one of the things that I feel like we need to investigate, especially me more so me is why there's such an interest in SSO. One of the things for that, for example is I use Ansible for everything. And I think I've said that like 10,000 times. So apologies for the 10,000th time that I've said it if you've been watching since the beginning on that. But I use Ansible to manage the user accounts and provision and make sure all the user accounts exist in all the systems. So for me, that's not SSO, but it gives me the same end result as SSO. SSO in companies is kind of one of those things where I have mixed feelings about because it is very convenient to be able to have one sign in for all the things, but then you also have one sign in for all the things which means if a threat actor gets a hold of that account they have one sign in for everything. So I do kind of feel like there's a bit of a balance that's needed with SSO. I'm not saying we won't do it because just because I do it a different way doesn't mean I'm gonna say, yeah, we're not doing an episode just because J does, doesn't see a value in it. It's not like that at all. In fact, I like to be wrong. So and the reason why I like to be wrong is because that's the only way you can learn. So when I'm wrong, I learned something and is there some value in that that I'm missing most likely? Otherwise why would you guys be recommending that because there must be value otherwise you wouldn't recommend that. So that's definitely something where we are in discussion and I think we were right before all these vacations and conferences, we were actually looking at throwing together some ideas for that episode. So I would say it's a pretty safe bet that it will happen. So just for you guys to be aware, yes, we will definitely do that and there. It looks like we actually have a ham radio enthusiast with a call sign right there in the chat room. And before I actually, I was gonna show the comment. One thing I've noticed about ham radio enthusiasts is that they don't censor, hide, or retract their call sign at all. They freely give that out. And me not knowing as much about that is most. I don't think I'm doxing somebody by showing their call sign if I click on it. I just wanna make sure that when someone technically gives you their call sign, they're kind of giving you permission to show it is what I assume, but I don't want to assume anything that might not be true. So one individual says that this sounds like a job for LDAP and I don't disagree with that. I really don't. It is a thing that makes sense, but also I sometimes wonder, Ansible or whatever your configuration management solution, making sure all of your systems have the same accounts and password hashes and home directory value or metadata values or whatever. If it really matters in a home lab, and obviously I know in home lab, we overkill the heck out of things, right? That's kind of part of the fun and having a full LDAP solution. It kind of seems really cool. But one thing we could maybe cover is what the different values are. So if you guys want to write in, I think that would be a great opportunity. And it's not for you to sell us into the idea of doing a show on it, because I think we will anyway. I just want to make sure that we're rounding the edges with our knowledge and there's nothing that we're missing here. So if you want to write in and just maybe also mention why you might think LDAP might be a better solution than using Ansible to provision your user account across all of your systems. Because I feel like with LDAP, you have a central place to manage your user accounts. But with Ansible, you also have a central place to manage your user accounts. And yes, I know it's not the same thing as SSO. It's not going to share like your session cookie, for example. So I know one value is you sign in and you're signed into everything. That does make sense. But then again, we have to make sure we keep the security mindset of that as well. Because I feel like I don't have to tell you guys about that because the audience of this podcast, you guys get it. You know about security, if you don't then you're learning about it. So there is that as well. All right. So one individual is talking about power consumption with a screen named Feed Me Donuts. You know what, you could Feed Me Donuts too, because man, I'm hungry today. I skipped breakfast. I should never be able to do that. Power consumption is a very, very, very important thing to keep in mind. And here it's averaging 40 to 60 watts powered on and running. The R210-210MK, you know, this is one of those rare moments where you're gonna see me kind of like take a note here. Thank you, by the way. I'm gonna just Google these model numbers and just kind of look this up myself because I think you've actually beaten my previous build videos. I've had some build videos on the channel where I built some servers that were, I think 50 or 60 watts when they were powered on. And those are actually obviously 40 to 60 watts is definitely going to be lower. So yeah, power consumption absolutely pay attention to that when you're building a home lab because depending where you live, power could be very expensive. It might not be very expensive. So I mean, obviously power isn't that expensive. And it's dirt cheaper you are than you probably don't care as much. But power consumption and noise are things that people really do need to pay attention to, especially if the server is gonna be somewhere where, you know, like a common area in your house. You know, you invite a dinner guest over. It's like, why is there a jet engine in your living room? Is what comment they might have. And power consumption, obviously you're greener if you get the power down, but also you save money too. And I think for a home lab, people saving money means buying more gear. That's what we do. It's like, yeah, I'm able to save $1,000 a year. I also spent $1,000 on this awesome server over here. That's kind of how we do it, right? This hobby can be really expensive just to keep in mind. There could be like a free geek location near you is something to look in as well. They recycle technology that might be a place to get some gear as well if that's something you're looking for. So, and any tips you guys have run into about models to run or if you're using a specific server model and you'd like us to know about that, definitely write in and let us know about that. And we will look into it and consider that, consider mentioning that or any power savings tips that you guys have run into. Cause I feel like these are the things that we need to share on this podcast with the community around this podcast. So yeah, there's definitely a lot to be said about that. And you guys, wow, look at the comments. Obviously, if you're listening, you can't see the comments but you guys are really representing right now which is really, really awesome. And yeah, with less power, less heat, absolutely. And that's also the case here in the studio which I'm afraid I'm gonna start sweating anytime which thankfully for the people listening and not watching you won't have to deal with seeing that because I'm rendering video in the background on the Thelio that's literally going to be like two videos that I'm gonna try to upload today. And of course this room heats up anytime I have my desktop running because it's a threadripper with some pretty decent power, pretty decent specs there. So obviously I need to get my power consumption down because I'm a freaking hypocrite considering I'm telling you guys to, you know power consumption is a real thing but I'm rendering video in my defense. So there is something to be said about that. So here we have Christopher mentioning something about SSO here. It's a better solution for GUI and web apps less important for a console or system logins. There's a lot of popular web apps that need login and having an SSO option is great. So one school of thought here is that when it comes to a homelab it's great to have other options. And just because I do it one way, I don't want it. I mean, the whole point of homelab is that, you know no two people do things the same way and we're able to kind of like show each other the way that we're doing it to inspire other people that might want to do it the same way. And I think it would be kind of bad if everybody did it my way because then there wouldn't even be anything to talk about. There wouldn't even be a debate. There wouldn't be a conversation. So I feel like that's the spirit of homelab right there with Christopher's comment because he's actually mentioning a use case for that and that use case might resonate with someone else and as much as possible we try to be unbiased as well because just because Tom and I do it one way it's not just about that. It's about understanding all the different options. And one of the ways that this is so great is that you learn all the different ways of doing things that can help you at your job if your job is working in IT as well. And then you can some of that can bleed in if maybe your people at your company ask you do you know of an alternate way or solution to do this? Yes, I have been practicing for years. Well, actually that's probably not what you'd say. You'd probably say I've been checking out this solution and this is what I think of it. And then it might be a consideration for the company to use as well. And that feels like a really redeeming moment in the life of a homelab or when a company uses their idea, right? Because there's companies I used to work for that are still using some of the technologies I turned them on to because I'm still in contact with some of the people there. So it feels very useful to me. So Fido becoming the standard over the next few years, I hope so. You know, there are some questions that I feel like I can ask you guys and I already know what the majority of you are going to say. And that's not common because we all have very different opinions in homelab. I mean, that's why it's so fun because like I said, we have different ways of doing things. But there's a few things I can ask you guys and I feel like I don't even have to ask. Do any of you like passwords? There might be one or two of you that might say yes. I doubt it, but I feel like the general consensus here is that passwords are annoying and that nobody really likes them. It's just kind of like I have in the studio mouse right here. I can't, I could tell you 20 years ago, I wouldn't think that I'd still be using this today. We obviously track pads, we have replacements, but we always have physical mice. Some things just never seem to go away. Password authentication is one of those things and I don't really understand that. And with Fido, you know, specifically Fido 2 being password list, that it's just so amazing to me and we have the technology now. Sometimes it's just like herding cats to try to get, you know, companies to follow suit and support it. And, you know, when Feed Me Donuts here, this comment that I'm referring to that came into the chat room, it feels like it'll slowly become a standard over the next few years, I agree. Apple is using pass keys and I'll admit that I haven't fully looked into it yet. So apologies if I'm getting this wrong. But obviously my complaint is that it would be like very Apple specific. And that's fine if you are an individual that only plans to use Apple products, but one school of thought with this is that I don't really believe in like full reliance on the platform. Full disclosure, I use an iPhone too, but I know that surprises people, but the reason is I don't like cell phones at all and I don't like Apple, I don't like Android, just a personal opinion, no offense to anyone, obviously, but I just dislike Apple or the iPhone 1% less. And I have to have a phone, I don't really want a phone at all. I don't want anything to do with a phone, especially not a smart phone. But then again, in today's day and age, you have apps that alert you about servers being down and all these other things. And sometimes it's really hard to get away from those things. Anyway, more back to the point. So if my point is this, if Apple was to do something super egregious, not that they haven't done egregious things, but we're not gonna get into that, I could totally switch to another provider tomorrow, not care, I just don't care, I really don't. And in that case, maybe that is the tipping point and then I like Android 1% more than Apple and I'd go that direction. But if I go that direction and I'm using past keys, which is Apple's password list, I think it's a 502 equivalent or it is 502, I'm not sure yet, still looking into it, that it's gonna be locked to the iPhone. So okay, how do I transfer that to another platform? I think that's the important thing here. We can't have a password, or excuse me, we can't have a platform-specific solution for this because that benefits that one company. We need to take our data and be able to move it around as we see fit. If we wanna use this platform, that's fine. But then maybe tomorrow, we wanna move to a different platform. We should be able to do that freely. And I'm worried about maybe sometimes that's just not going to be as easy to do when you have a company like Apple. Now in their defense, hopefully they're doing it right. I'm gonna look into this. Hopefully they have a mechanism through which you can actually get your past keys or whatever they're calling them today out of their platform, put it in another platform that you're using to make that truly owned by you. The user that you own your data, no one else owns a data but you, that's important. If we can actually maintain that, then I feel like that's what is really gonna make this work. But also we have to get the companies to move off of passwords. And what's interesting about this is that normally companies are kind of like anti-change, especially when it's something that might let people move out of their platform, but also keep in mind that companies lose a lot of money, constantly lose a ton of money. I'm talking about all the companies, not just Apple, not just Google, like every company out there, that company that is a profit company and they use passwords, which is everybody. When you call in the person who answers the phone, if you were to call in and say, hey, I forgot my password or I can't log in, then obviously they have to pay an individual to answer that phone call. And is answering password reset calls really the best use of that person's time that you're calling in? Now granted, they're probably happy to help you out, but at the end of the day, the more support cost, I mean, the more a company relies on passwords, the more plausible it is that people call in for help with that and they lose money. Obviously I'm not saying we should hire fewer employees, but I feel like those employees talents are probably used or best used with helping people with other things, not just resetting passwords. So I feel like I just don't see companies liking passwords. I don't see users liking passwords like you and I, and I don't see companies liking them either because I feel like passwords are the bane of everyone's existence at this point. They're annoying to everybody. So hopefully this goes in a direction that's open and keeps our data safe and allows us to retain full control over that. As long as that's the case, then I feel like it's all fair and then it's good. We can get rid of passwords. And wouldn't that be nice? Passwords are on the same list as like the Flash player back in the day that I couldn't wait for that to die. Sorry to bring up the Flash player. I'm sure that makes a lot of you anxious. It makes me anxious just thinking about it. But I remember just trying to use browsers on 64-bit Linux was a pain because of Flash because of some websites relying on that. And when Flash went away, man, was that great. And when passwords go away, that's gonna be probably even better. So, and then at that point, maybe we'll have conversations on this show about how to have a completely FIDO2-oriented login system with everything and take the whole login thing in a completely different direction. I think that would be a lot of fun. And of course, someone has to play the Java card and bring that up because if it wasn't Jim, the IT guy in the chat room bringing up Java, then I would probably bring it up myself because it's just Java's one of those things that nobody can run it right because the garbage collection, the way it handles memory, it's good. But at a certain point, it gets really hard to scale it and to maintain it. And then of course, it's heavy anyway. And as somebody that has managed a lot of Atlassian installations, you know, things like Jira Confluence and whatnot, anybody who's done that line of work, they'll tell you like it's a pain and it's annoying. And yeah, hopefully we can get rid of Java. But that one thing I like to say about Java, right once, exploit everywhere. That's the official slogan. Oh wait, actually that's not the official slogan, but it may as well be, right? They say right once, wasn't it right once, run everywhere or something like that? But I just say right once, exploit everywhere because of all the vulnerabilities that became a laughing or a running joke in the community for quite a long time. So someone mentioned that I am blurry. Now, for those of you that are watching this on YouTube after the fact or are watching it live, I'm gonna show you this problem being corrected in real time or close to real time. So watch this. What I'm gonna do is actually pause one of my backups because that's probably the reason, right? Actually, I take that back. I don't have any backups running. So anytime I have that pixelation problem, it's usually the fact that I have backups running. Either the problem just fixed itself, my backup's just completed or the problem is my internet provider. When I can blame Comcast, I will definitely blame Comcast. But that blurry J problem happens quite often. So I usually assume you guys are telling the truth because it's definitely a common thing here. Okay, so a couple of people are telling me in the chat that it's doing okay. So at this point, what I'm going to do we're about 35 minutes into today's episode. So if you guys want to just throw some questions at me in the chat room and I'll read the question out for those of you that are driving. So I don't want you to get into an accident, try to read anything, obviously, don't do that. But yeah, throw some questions in there and we'll go ahead and I will, used to saying we on this podcast, but I'll go ahead and try to maybe give you guys some feedback on some things. And when it comes to time here, just to kind of, because there's a little bit of a delay, I'll talk about some of the projects that I've been working on. Nothing too exciting. The whole backup thing is because I've audited like my entire backup system, I spent like an entire weekend testing backups, making sure they work, which I do regularly anyway. But just auditing my data, how it goes to offsite and how it's backed up and everything, knowing that a resync was necessary was a little hard, but that seems to have been cleared up now. And what I like to do is have everything central on my TrueNAS, but then I also have a Synology that grabs a copy daily of everything on the TrueNAS. And the TrueNAS itself does snapshots, like every four hours I think is how I have it set up and then nightly it copies everything offsite as well. So I have all of that going on and sometimes I'll download things back just to make sure I can open them, test the backups, which is super important. And as a consequence of that, that resync took a long time at causing, some of the live recordings that I've done to show me very pixelated because I have a download speed of 1250. That sounds great, right? But my upload is 40. So 1250 down 40 up. That's a huge difference. So do I have a favorite logging aggregation application? I've been using gray log, but I'm not gonna say it's my favorite. It's just what Tom used in his video. So I watched it and kind of just did what he did and checked it out. I'm open to alternatives too to check out as well. I thought maybe it'll be fun to kind of see what else is out there. So if you guys are using something else, you can write in and let us know about that. And maybe I could do a comparison or a tutorial video on whatever that is. Unless gray log just happens to be the best solution. It is working for me. I feel like the problem with recording content or being a content creator is that if running a homelab and creating content at the same time means that one of which is going to be neglected. And I can't neglect the content because then my channel just goes down because there's nothing on it, right? So it seems like I'll build something and then it'll sit for a long time and I don't touch it. Someone at scale, this is interesting, met me as several people did came up to me to thank me for the content, which is really nice of them. And they asked me, this one individual asked me how's the Kubernetes cluster going these days and the honest truth, not so well because I haven't had any time to run on anything on it yet. So sometimes I create something for content with every purpose in mind of using it full force but then I may not get back to it for a while. And yeah, sometimes that just happens. So gray log is one of those things I feel like I've set it up fairly well but it's more TLC and adjustments on my end. But you guys have like something to recommend to us as often the case, then let us know. Now, another one from Feed Me Donuts here. Now I'm getting, every time I say that screen name, I mean, I wanna snack so bad right now. Brings up ransomware here. Now that is true, you can use TrueNAS to bypass ransomware if you do it right. I don't wanna make it sound like just using TrueNAS by itself alone is enough to do that but assuming that you have snapshots and being the case that it's a copy and write file system with ZFS, then TrueNAS really does put you in a really good position to negate ransomware. And I know there's been several comments about ransomware in the Q&A that I have seen. So you guys have been asking for that. So I'm gonna address ransomware right now and this isn't gonna be like a complete thing. Sometimes I wonder if something I explain is just gonna be enough or if it still needs a deeper dive in a full episode. So what I'll do is just talk about it a little bit and then if you guys are of the opinion that a full episode is still necessary, that's absolutely something that we can still do. So when it comes to threat actors and malware and all that in general, one thing to prevent is lateral movement but that's more than just people. Obviously it's mostly people because if someone gets into your system, you don't want them to have full reign like just walk in one door and then they're in. If any of you guys have seen the show Get Smart, it's one of my favorite shows of all time. I love that show. I can watch those episodes on repeat and it's just so great. If you haven't seen the show Get Smart, you really should. But what does it have to do with lateral movement? Well, if you've seen the show Get Smart, you already know the comparison that I'm going to make which is the intro where you have Maxwell Smart, the main character in every episode as it starts. He is going to the headquarters and there's door after door after door after door to get into the facility. And I feel like IT security done right is like that. So if somebody wants to break in to get through the first door, not the second, hopefully and at some point, hopefully stop but when it comes to storage and ransomware it's kind of like the same thing. What you really don't want to have happen is that someone to infect something and then all of your systems get infected with the same ransomware. So an example of this, let's say somebody gets into your system and they infect all of the files with ransomware that's in your sync thing. Now that's scary, right? Your sync thing, a syncing utility we've covered this gets infected and all of your files have ransomware. Now that's not so bad, obviously it's bad but if you have versioned backups and sync thing, which you can do you can go back to previous versions and you can roll back to how it was before but if you don't have that turned on and somebody gets in then the lateral movement in this case is they've infected the files on one computer and then sync thing is going to sync it though those changes to all the others. If you don't have versions turned on, well, that's bad. Now same with TrueNAS though, if there's gonna be snapshots hopefully you're taking advantage of that. The whole idea is that you have snapshots frequently enough to where you're not going to lose data if a threat actor was to get that encrypted. So for example, if you had a snapshot system where you took a snapshot every Friday night at midnight for example, Friday morning at midnight in that case then you could lose a week right there because you roll back and then you lose that entire week. Now that might be okay. For example, I have a weekly snapshot for my music collection. I still maintain MP3s and AUG files because we can't trust Spotify to keep the albums ready because as soon as are available, I meant to say as soon as they have an issue with licensing they'll pull that music tomorrow and not think twice actually today and not think twice about it. So I'll buy CDs as long as they're available and I still rip CDs to this day but I don't buy music like every day new albums come out once a week. So a schedule, a snapshot schedule for music of once a week is fine. But when it comes to business documents it's every hour because I'm always working. So I can't lose a week when it comes to that. So when it comes to negating ransomware it's important to align your snapshot schedule with the frequency of change within that particular data set. And that's very, very important. You don't want to lose that information but you also want to protect against any ransomware that might not be obvious at first where it might kind of get into your backups and then have like some kind of a time where it makes itself known and hoping that your backups have aged out by then. So you want to make sure that you have snapshots and backups that go back a little ways maybe even a little longer than you think you even need that much retention because you'd be surprised. But those are some of the tips there that you can use and that's especially the case of use offsite backup as well because you could set up your backup solution on the other end to also have versions as well. So you turn on versions. For those of you that use Windows servers I think I'm a bit rusty on Windows nowadays but they have a previous versions. It's called I think shadow copies if I remember correctly where you can have that enabled there. And then on Linux we have time shift for the same thing because you could use that for the same thing there. You could also use LVM snapshots on Linux as well if you wanted to do that at a Linux level. So if you guys still want more than that when it comes to protecting against ransomware let us know maybe we can get Tom and I together to really discuss this more in depth. So if you think that there's more we can go into on that subject, let us know and we'll definitely consider that as an episode that we will do. So I have an individual right here that is asking if I've had a chance to get HA proxy or traffic to provide secure certs, not yet. So that is on my list for sure. Traffic especially and I have a few others that I wanted to go over as well. I don't know when that's going to come out. I have about 10 more videos not counting the scale content to get uploaded for you guys like one of which is an updated next cloud tutorial that's coming very soon for next cloud specifically for Ubuntu 22.04 now that that's out. And I also have an eGPU video coming out. Oops, I think I gave that away, darn it. I actually did that on purpose. External GPUs definitely gonna be a video to go over. You guys really liked my docking station video so that's coming, I will do a video on this as well. Now, Tom has a video, if I remember correctly on using HA proxy for that purpose on his channel. But I think for mine, when I do content about it I'll probably go about that a different way. So it doesn't really require a PF sense. It's not that there's anything wrong with that. I'm a PF sense user, but that being BSD it kind of falls outside of the scope of Learn Linux TV. I mean, Linux is more than just a part of the name. It's really the focus. So if it's BSD, now that there's anything wrong with BSD, BSD is great, but maybe if I had a Learn BSD TV that would be fitting for that. But maybe that's something that we'll go ahead and cover in another episode. So here I have Josh asking me which software I use to rip CDs. And it's called a Sunder, A-S-U-N-D-E-R. And what I do is I rip my, and I say MP3 is kind of like how people say Kleenex when they mean tissue. I actually use AUG format for everything and I use the highest bit rate for AUG you could possibly get which means the files are gonna be 25 to 30 megabytes a piece. So not quite as big as a FLAC file. It's still gonna be lossy, but it's not going, it's going to be like the best quality that you can get and probably overkill to be honest. But I believe it's 499 kilobit audio, if I remember correctly at the highest level on a Sunder if you choose AUG and then you crank that all the way up. What I've noticed on a Sunder is that the CD database lookup is broken, it doesn't work. So you will have to type in the artist name and all the titles of the songs yourself which really it can get tedious, but it is what it is. And you can, that means you also have to add the album art yourself. And then what I do is I use easy tag to make sure that all the MP3 tags and here I go again the ID3 tags but you can also have metadata and AUG files is replicated across all the individual tracks. So a Sunder ASUNDER for ripping CDs and then easy tag for going back into those files and making sure that the metadata is there. So all right, Kona silence. Yes, that is one of the funniest things about Get Smart and also the shoe phone was a pretty funny aspect of that show as well. So I'm gonna scroll back up here, see if I didn't miss anything, doesn't look like I did. And if I did, just go ahead and repost that question. I won't complain at all. So we have Noel, might hold on saying that right now. Well, Noel, sorry, apologies, I'm not good with names but using engine X proxy manager probably something I should check into as well. What else do we have here? Yeah, and PF sends have another, the same person here talking about that. PF sense is a great way to do it. And I think if you're using PF sense, it makes the most sense honestly because it's already the main thing but I also have a container that I've shut down but before the pandemic, I had this Lexi container running in Proxmox that was a proxy that everything would go through and I built it custom. I just installed engine X and I created the config file for each service that it's proxying to and it worked fine. I could get a cert for everything I wanted but the only reason why I stopped using that is because ever since the pandemic started, I'm remote far less often not really feeling like I need a proxy as much although a proxy can be just as useful internal as well. So I actually shut that container down and it still exists. I could turn it back on right now and then it would let me into those services remotely but I leave it off because other than skill recently, I'm usually home most of the time. So I don't really get as much use out of that but that is one way to do it. There's actually many ways to do it. So and we have someone, we have biker Chris from the UK. I love the UK. I really do. Some of the most amazing people are from the UK that I've met. So yeah, shout out to you back actually because I understand how cool you guys are. But yeah, we love sharing knowledge. It's fun. And I feel like the reason why it's so fun is it's because I feel like it's important when you're in the trenches, so to speak, like you're doing IT support and you're helping people, you're figuring things out. When the first stage of your career, everything's new and you're like, I've never seen this problem before. I've never seen that problem before. I've never seen that problem before. You've never seen anything before until you have. So you work through all these problems then you get to a point where you become something of a subject matter expert. I'm not saying, I don't like the word expert. That implies there's something to learn. But I feel like when you reach a certain level in your career, it's important to lift other people up to where you are, to go back to the people that are new, fighting in the trenches and just support them, teach them and lift them up, bring them to where you are. And I feel like that's what the content producing thing is for both Tom and myself because we've been fighting this war in the trenches for so long. And then after a while, it's like, it's time to lift people up and teach them the right way. Not the way that people wanna be taught because it's not always the same, gotta be realistic but use reality but make it easy, lift people up to where you are and help. I think that's what everyone should do if you have any kind of talent or interest in teaching. And even if you don't, you can get good at it if you're not good at it. So yeah, shout out back to you, Biker Chris. Thank you very much. So let's see what we have here. So another question here, and I think I can go on for probably another 10 minutes here. I'm being asked here, do you use raw Ansible or do you use something like Ansible Tower AWX? I do have AWX installed, I never use it. I feel like I should use it more. What I do is I use Ansible pull, which I feel like is the ultimate thing for me. And here's why, because most people when they implement Ansible, they have a control server. I'm not talking about like a tower, I'm just mean like just any Linux machine could even be your laptop where you have Ansible installed and the keys and whatnot. And you can just fire up Ansible job and it'll go out to each machine via SSH and execute the commands, which is how Ansible works. I don't like it that way because the problem is I use the same Ansible config for laptops, desktops and servers. What's the problem with that? Well, I'll tell you what the problem is. This laptop I have in the studio right now, which of course you can't see if you're listening to it. I have my HP right here. If I had an Ansible server and it's trying to hit this computer and it can't, then it's gonna error out. The fact is this laptop could be suspended in my bag as I'm walking around. And if I get an error, which I would get for every laptop that I own that's not currently powered on right now, I was flooded with error. So what I've done is I use Ansible pull, which is kind of like the inverse of Ansible such that Ansible pull, which comes with Ansible, by the way, if you install Ansible, you automatically have this. You could run Ansible hyphen pull. If I remember correctly, it's dash U, I think it's dash capital U, and then the URL to a Git repo. And it could be a private Git repo as well. So you don't have to make it publicly available. Then what happens is when the computer's up, it'll do Ansible pull, which means it pulls down the Git repository and runs it against itself. And you can have machine-specific configurations with Ansible pull, which don't listen to anyone if they tell you that you can't. I mean, it's hard to do, which is why some people think you can't. But once you get past that, then you have each machine downloading the configuration to itself and running it. But you create another problem though, because you do wanna be notified if there's errors, if something fails. Or if the job hasn't run in a long time, I use healthchecks.io for that. So basically you make that the last play in the playbooks and you don't want that to be the first one. You want that to be the very end. And if it gets to that and it sends that healthchecks.io ping back to that service, it clears and you have a timeout, you set however many days for that. So maybe if you haven't had a job run successfully in seven days, you wanna be alerted to that. That'll help you understand that maybe you might wanna look into a machine if it hasn't gotten to the end of an Ansible playbook. It means it's failing earlier or it's not running at all. And you might wanna look into that. So that way you don't get into a situation where you have a situation where you just, nothing's running. And you wanna know about that. So healthchecks.io is what I use with Ansible pull to accomplish that. And ever since I've done that, I couldn't go back. It just makes so much sense. And another thing about Ansible pull is you can use cloud in it and put your Ansible pull command right in the cloud in it config file and make that part of a template in your VM solution. So that way, anytime you spin up a machine, you at least get a base config already provision there. As soon as you boot it up, it's going to download that and it's going to run. And the other thing you can do, I think it's dash O is the option with Ansible pull, which means only if changed, which is pretty cool because you won't have it running over and over again. It'll only run if you actually commit a change back to the repository. So you don't waste CPU cycles on running Ansible for no reason. You don't want your config management solution running over and over and over again, just cranking up the CPU. You only really want that if there's a change for it to run. So that's how I do it. All right. See, yes. And that's interesting. I think I just accidentally answered a question from Ben that was asking about what the service was that notifies you if crown jobs aren't running. And that is healthchecks.io. You could put that health check right in Ansible. You could put it in your crown jobs, whatever it is that you have running. You just make it the very last thing that's important. So you don't want the health check ping to run at the beginning of that task because at the end of the task it could fail later. You want it to be at the end. And then you can just go to the healthchecks.io and you get a certain number of checks for free. I can't remember. I think it's like 10 or maybe more than that. I don't remember, but they're quite generous of what they give you for free. So I would check out healthchecks.io. And then what it does is it gives you like this hash value. So it's like a, I think it's like an equivalent of a curl statement. And it just posts that with that key in that hash is a match to the job that you set. So you give the job a name, then you get a hash value in a URL and basically just says, make your crown job, hit that URL. And when it does, then it clears. By default, I think it is set to 24 hours if the job hasn't run it'll alert you. I think that's too aggressive. I set mine usually to however long the job is supposed to run plus one day. So I like to just make mine seven days. I think it's fine for me. You might want something a little bit more aggressive than that, but then I just add another day to it. So it's healthchecks.io, which has been great. I've been using the heck out of that. So that's what I recommend. All right. So I'll answer one more question. Actually probably a couple more questions because this next one from Noel is another, is still part of the earlier question that was asked. So Ansible pull is running from the server or the endpoint itself. So for example, in front of me today, I have the HP Dev1. On this computer Ansible is installed. And because I installed Ansible, the Ansible-pull binary is also here. So if you install Ansible, you can check this yourself. I think it's the user bin Ansible pull if I remember correctly. But if you list user bin and grep for Ansible, you should see that you have Ansible-pull there, which means it comes along for the ride. You didn't ask for it, but it's part of it. And so this notebook right in front of me, what it'll do is on a cron job, it's gonna run Ansible pull-u with the URL to the git repository. And it's gonna run it against local host. I do have it using the host file anyway, because if it's a laptop, it gets a certain configuration, server, it gets a certain configuration, it does need to be different. We don't want it to be the same in everything. I'm not trying to make this a server, right? This is my notebook. So it's running locally against itself is what it's doing. And I do have this, my implementation on GitHub for the Learn Linux TV GitHub, if you wanna check that out, my implementation is there if you wanna check that out, but it is very out of date, probably two years out of date at this point. So keep that in mind, I've changed a lot. I do need to re-sync that at some point, but you could get all kinds of examples from there. You can see how I've implemented this. It might be a little confusing at first because you're literally gonna be looking at something that was in development for like five years before I put it out there. And it's probably beyond what anyone wants to do, then again, probably not, HomeLab, right? But Ansible pull runs local host on the machine itself. So if I put this notebook in my bag and it's suspended, then Ansible pull isn't gonna run. There's nothing to air out. And when I open it back up and the crown job fires again, then it goes ahead and it runs and does what it does. And I also have a service called Pushover that I've been using recently that I have Ansible hook into that if there's an error while a Ansible task is running, then I'm gonna get that notification right away. So healthchecks.io is there to make sure like if it doesn't run at all, then I get notified. But if it runs and it errors during the run, then I have a error checking playbook that will hit Pushover, which then alerts my phone that there was a problem and I need to go ahead and look at that. So that way I'm always alerted if there's failures and I don't lose that aspect by using Ansible pull. So I hope that helps with that question there. And Ryan clarifies that it's 20 crown jobs for free with healthchecks.io. Thank you for that. I thought it might be just wanted to be sure I'm telling you guys the right thing. I don't wanna give you guys misinformation. Bomber asks, how's the dev one going? It's they don't seem to ship to the EU. Well, that's, I wish they would by now. That's weird. Usually they're shipping proxies. I don't wanna recommend one in case it's a bad one. I don't know of any anyway. There are ways, but you're gonna end up spending more if you use a proxy when it comes to shipping probably a lot more. The dev one has been great. The only thing for me is that I'm, I mean, I got to use it on the trip quite a bit, which was cool. But I'm almost always home, like I mentioned. So it's like, do I use the dev one or do I use my Thelio, which has a thread ripper and a, you know, 3090 in it. So my Thelio's gonna automatically be chosen by default given how much more powerful it is and it is what it is. But when it comes to laptops, the dev one is it. That's the one I've been using the most to the point where I'm probably even just gonna sell off a couple of my other ones at this point on eBay. So I really like it. My complaint, my only complaints of the dev one is that there's no card reader. I wish there was. And it's weird. I thought for sure there was a card reader when I reviewed it but I can't see one to make that on it. So there's no card reader. And because of Intel shenanigans, which Intel is, oh God, Intel don't even get me started on them. The fact is they are making it hard for AMD to have Thunderbolt, which this does not. So when I was doing my eGPU video for external graphics cards, well, the dev one couldn't be a part of that because it doesn't support that. Which again, I'm sure they would have put Thunderbolt support in there if they could have but being the situation is what it is that that's all it is. But if you don't care about Thunderbolt, not being present and having to get like a USB card reader if you do anything with a camera, I feel like those are the only downsides because the build quality is great. The fan stays quiet. The battery lasts a long time. The screen is bright. It's super fast. So I've never had a situation where it was slow except unless the internet itself is slow, it is what it is. But so far, yeah, it's been absolutely solid and I'm really enjoying the computer. So I do recommend it wholeheartedly. No hesitation at all. And the fact that it can actually run Debian, which is one of the hardest ones to get working on a lot of hardware, that was very impressive to me that it was able to do that. I am trying to, I think I did use the non-free Debian stable. I can't remember, check the review, but yeah, it's going well. So let's see what else we have here. All right. So I am going to call it right here. One thing I will mention as an aside about my own channel is that I do plan on live streaming more often. So I am sorry about that, guys. It's just been the content producing has been taking so long and the workflow and the rendering process or I should say editing process is a long time, but I'm finding ways to shorten and I've achieved, I've shortened it enough now to where I feel like I can engage again. So that was a unexpected part of my going into business for myself. And I think I got it figured out. So after this week, I'm hoping to do more live streams. I might sneak one in at some point later this week, which if you're listening to this after the recording date, then it probably already happened. But either way, just check the channel and I'll have some live streams on there. One of my goals is to get a recurring live stream going like Tom has on his, I think it's live stream Thursday or don't quote me, but Tom has one on his channel regularly, at least one. And I'm going to do the same there. So that being said, this was the dev random, probably one of the most random episodes of the history of this podcast, but I had a lot of fun hanging out with you guys as I always do because our audience is awesome. We love you guys and we have a lot of fun chatting with you. So continue being awesome like you already are. And Tom, I don't remember if he's back for the next episode, but you'll find out because getting closer to that will either be me or him or both of us. And then as vacations and conferences wind down even more then we'll get back to our status quo. So anyway, with that out of the way, I had a lot of fun today. Thanks again guys and we will see you in the next episode. Take care.