 Welcome to vlog Thursday 299 Someone asked me what special thing I'm gonna do for 300. I don't know So I'm open to suggestions. What do we do when you have 300 live streams? Posted I have no idea um Actually, I think my couple of them weren't live so 300 vlog Thursdays at least we can say I have 300 of those I don't think I did the first Some a number of them live, but we have Why she will start here good afternoon from in my office from Travis So Travis Travis is the closest to me geographically. I think Melburn Australia, you're probably geographically the furthest from me Poland Netherlands Ireland all right, we've bounced around the globe a bit here That's always exciting me all these people from all over the place Switzerland Italy saw my European friends joining in here Chicago, I like Chicago Chicago's a cool place. I don't know if I'm gonna live there man. It is There's a lot of traffic. So Let's see. What do we got here? We have an agenda So we want to stick to it because I'm not gonna be on here for long. I always say that I don't know if that's true or not But I feel like I want to go do things Let's start with where you can find Tom and that's gonna be Gurkan October 13th and 14th 2022 and that's next week by the way So I tweeted it. No one tweeted back at me Maybe people the 17.4 thousand people that follow me on Twitter Apparently aren't going to hear kind different audiences, but nonetheless if you are going there. Hey, I'll be there next week It nation and that's gonna be November 9th through 11th. So those are a couple of things I'll be at and I'll be at the Acronis cyber fit That's I think the eighth and ninth. So yeah, a couple different things Let's see. What do we have here to Belgium? Belgium Dutch Spain Egypt all over the place more Netherlands Saudi Arabia. What else do we have? Ah newfoundland, I don't think I see that one very often. That's that's cool But let's just jump into talking about a few changes from the people over at XCPNG I wanted to jump in that because like every month they just released new cool things and Man, I just I don't know. I'm such a fan of the way they do that I'll see we could probably just jump right to I think it's better if I present it as a tab Now this is the you know less exciting but the general maintenance things have been released There's a bunch of bug fixes to the 8.21 update. I haven't rolled. I rolled some of my systems I didn't roll them all up to the update Bug fix, you know, if you add s or IOV I don't if anyone the whole lot of people probably aren't using it as much But you know, these are things that are important to get fixed bond update relay ignored Bug fix boot failures to IO MM use on some hardware. There's a forum thread on it They're actually really good at just those little details and making sure that they Get fixed like they really are in the forums just hammering out any problems that are found in there and definitely doing it To do we have compression support for open SSL Rebuilt without compression support, although compression was not offered by default Clients don't enable compression now is better security wise not to support at all due to ah, yes There's a reason for that. That's this right here. That is the Compression ratio info leak made easy crime. I remember this. This is from a long time ago. When did that come out? 2012 yeah, it's a way you can get this is one of the reasons you turn off compression and open VPN for the same reason There's a way to defer Data going through there based on the way the compression is actually really clever But yeah Received a fixed back ported Citrix hypervisor topics was addressed possible segmentation fault to be create a lot of snapshots at the same time I've seen people do that and break things. So that's a good update Updated storage manager creating local isos that is a mount point for another file So someone to mount it the patch was not accept upstream because it touches legacy code Citrix won't support according to all per who answered what we considered it safe be useful to apply to Xcp and G okay, I Don't think I've run into issues, but I've seen it where the iso mountain gets stuck and I don't know it doesn't happen Doesn't happen too often, but it's a thing. It's a thing that has happened. All right Let's switch over to where I think the more fun stuff is and that's over here in the Where did it go? Zen Orchestra Now this is where they do a really great job of Updates, and of course, it's the exciting stuff like the file level restore on S3 backups And this is their new split mode split VHD where each block of small files not compatible with the file of restore feature Not only can use file restore an S3 backups, but also while using backup encryption now I am looking to test this I'm re-engineering the backups at my office that we do and I'll be using all of this for a second one of Things that you may not realize is an orchestra It's actually easy to have multiple targets for your backup and then you can try all the different options So I can maintain my first set of backups as I always do Then I can start testing another set of backups at another remote has to refer to another target for my backups and So I've already started some of the testing on X for I guess that I'm a re-engineer how I do a few things on there Web hooks for snapshot. Yeah, this is neat I think it's cool that you can possibly notify a VM be an HTTP request before a snapshot This opens up some interesting possibilities because you're saying that before your snapshot you can actually send a HTTP request to tell it to do something and this might be really handy in case of you're running a database where you can say hey Send this before we do the snapshot and it will queue up the database Let's say to do a dump into a file that way all your transactions in flight Get written out somewhere like maybe a cache flush There's probably a couple different things you can think of to do with this To put things in a known state that way when you restore from a snapshot you have some way to do it With pulling it as opposed to the potential for losing data in flight. So that's kind of clever And they're you know shut down restart a service disconnect user purge sensitive data That's another one, you know, you could purge sessions or whatever Just really neat empty a trash bin Or slash chump. Yeah, that's a this is probably a really good one. They're accidentally getting it will just go firing a bunch of useless data So that's pretty neat allow NFS subder on creation We've been asked about this feature for a while. We managed to finally improve it creating a VM service party in center So you can now point directly to a sub directly without needing to export it from NFS This is kind of a neat way because the way you did it previously as you just set up multiple exports I really like that they added the sub directory option now You can have a single export and for me, it's usually true and asked I set up a single NFS export But then create a series of sub directories under that export. So definitely Something that is you know, pretty cool that they're going to have on there I'm just like I said my overall happiness was then has been the fact that there's just so many new features that They just show up every month like magic. Well, it's actually not magic. I should be more specific It's not magic at all. It's the work of very Dedicated very hardworking developers and those developers work because people buy subscriptions to The zen server. I have been talking to more businesses as we do consulting and I'm just like really Beating into some of their heads that yes, this product works So I'd like to continue the further development of this great product and keep people employed pushing out new features I highly recommend you buy a subscription for said software. So I always encourage businesses to do that and of course for the homelab people I have an entire way to compile it yourself if you just want to run this in your lab. So yeah, it is a Really solid system for doing stuff Handing for that beacon service that monitor tasks. I always forget their name it ping does not get resolved You can send a notification. Yes I have hyper v server using data center license Keydeck because how would I license vm sexy v if I make it over instead of hyper v without burning through I don't know The windows licensing. I'm not an expert on so I don't have an answer for your windows licensing question Um, I I don't know So that part that part is not something I am an expert on But uh, what were we doing today? Did we get these created? Oh, look, we made some more windows vms. I can share those Because we are building another lab activation needed Um, and for our lab stuff, we're just using some generic licenses that we have Um You can just use the temporary stuff for it. See that was that one running on we'll go back to here But I have some one of my staff is building out these windows server. You get like six months demo So we're building a demo server because people are always asking me some active directory questions We have some real work. We have to do to lab things out for clients. Um, but we also have Uh, some of this to do. Um, so we're talking about some networks on there Didn't get the net. Why is it not doing that? huh I don't know why the network's not showing up. I'll figure that out later. I should know its ip address But we don't I don't know why that's not working We did though set up more servers and I don't know why this one's using that with cpu but We do have some vms on here. So let me go find one of them so we can start it this, um Key at Kyle Kyle a bunch of Oh, where did mine go? Oh pharaonics. There we go All right, cool. We'll start up the pharaonics lab There we go. We'll talk about uh, how that works I still wish xcb had the windows guest tools in the iso Uh, the upgrade thingy only solves Uh, the needed drivers. Yeah, I mean is what it is I don't know. It doesn't bother me much because uh I mean you can use in the weird argument that I have heard from a few people Is because the six you can use the citric drivers as well Um, but I've heard people go but the six drivers are closed source time I don't want to load some closed source drivers on my closed source operating system What? Like I I don't know Uh, that's not the network I wanted to associated with so let's see we needed associated this network There we go This is our uh, this will be part of our system There's actually something I should probably point out and I need to do a video on this because this topic comes up a lot um Let me pull up a thing to log in here You know what I guess for this I gotta share my screen differently. So let's remove stop Present a screen we'll gotta go An entire screen this one How's that gonna work? Like that there we go All right, and zoom in a little bit Now this is the one thing I'm gonna have to talk about Actually, I can probably move this This and this over and this over and this here. There we go The way if not I lose all the comments Um, but what are the basic things? That not everybody realizes you have to do and that's this one right here. So if we do Where's the command? It's Trick it down a little so this looks normal There we go the um What are the things you have to set up when you're sending up Zen server? And I'm gonna cover this on my upcoming video on how to get started with Zen server These are what they're named now this first part here e0 e1 e2 This is what they used to be named and here's the Interfaces on there and what drivers are using and what I've done is Made a quick script so that will interface rename update e0 p2 pp E1 this one and you have to line up the interfaces for all your systems to be the same And uh, that's something that I know some people struggle with they ever write up on it I mean, this is not secret information. It's in their documentation But it's one of those things if you're mixing and matching different servers Uh, you want them all to have the same plugs in the same places Now normally you could just move the network cables over the reason I can't just move the network cables to line them up is because These two here Are 25 gig connections So in order for me to get the 25 gig connections set up and working I needed it to be those because these are only one gig connection because we built out all of our new Ryzen servers with 25 gig uh network settings So I wanted them to be, you know extra fast so we move things around Um, you know get it get as fast as possible when we move VMs between different places and things like that Virtual box versus VMware performance differences. I don't know. I've never compared the two um The last time it's been a little while that someone did some research and um, They weren't comparing virtual box. They were comparing VMware to zen to I think it was just VMware and zen you can find it. It's some research from a couple years ago, which Put them extremely close in terms of your processor uh It's really close to bare metal like your bare metal speed Um between hypervisor and bare metal is not substantial And your virtual machines because they're not neither one neither zen nor vmware add a ton of overhead So yes, there's absolutely a uh loss, but it's not that substantial either way So they end up being really close to each other I don't know where virtual box falls. Um on that at all because no one at least no one I know Outside of people who run it on their desktop like I do. No one really uses Virtual box that and is worried particularly about performance of it Oh kvm was the other one they compared. Uh, it was some research. So they compared kvm Zen and vmware and all of them were really close to each other in terms of performance Of course now that that's a couple years ago We have to know now, you know, is it is it better or worse than it was before? I don't know um Really haven't answered to that one Let's see. Let me pull this over here because now Wow, that's weird. Google chrome is ready. Why did it tell me that? We'll go find that vm that's running here There we go. It's that zoom in a little make it easier to see for people That will pull the ip address and we'll start some abuse. This is one of the things that's important to do is Run lots of abuse on these things Uh I think that's right address. Yeah, look at that We'll do this test here. We'll do option five No, I don't care about saving results We'll pin all the processors to see what this thing can do um, one of the things I'm going to do because you notice how we've gotten All 24 cores here in use. So if we go over here, it's gonna There we go. Here comes our ramped up cpu usage So we have 24 cores assigned to it one of the questions some people have is can I start another vm? With this many cores and the answer is yes, you can You can over provision cores. This is one of those things that I think a lot of people get confused about Is doesn't it use up all the cores into nothing? No, it'll share between them I've even done some tests and it's kind of interesting because it will uh If I assigned another vm. So this particular machine only has 24 cores. So let's go ahead and Actually, I probably have to stop at first and clone it Well, let's just do this. It's busy, but let's go ahead and back up restore How long will it take to restore something? Yeah, let's just do a restore while it's running that. So we're going to do this Then we'll restore it here Uh, test rise in two generate a new mac address. So it has a different ip address hit okay We'll watch it do a restore while it's simultaneously beating it up But this is some of the testing we did to make sure everything works on it and yeah See that your store is going to be completed in 56 seconds. We'll have another vm that we can run on this I can't see anything about virtual box performance wise only if the ui is a headache and sucks to use I don't know. I I find the ui for virtual box. It works You pull up my virtual box instance here I have a pf sense demo a run zero demo As i'm working on a new video for run zero my sysco thing that I keep forgetting about uh windows 10 And yes tom has a windows xp. We can fire it up because why not because sometimes I have to Pull things out of windows xp, but it'll it'll run here all windows xp. Just fine. So yeah, it's really fast too by the way Come on go windows xp do I can't remember if it has a sound in it from windows xp or not I don't know if I ever set the sound up on this. I just use it because there's a few things I needed out of windows xp Go windows go it does stick right here for some reason there we go Windows xp Still has a team viewer nine Swish do anyone ever use swish? I don't think I have any swish files actually on here I used to use this for designing stuff years ago Yeah, I don't have any I have no demos on here for swish Oh, that's an old version of google chrome Uh, what else was on here light room three some old stuff. I used to use dvd fab anyone use that join.me urfin view So yeah old stuff here. All right. We'll shut down windows xp would I don't think we need it today I tried on my practice here. Supposing dedicated storage when you can't really painful Uh, yeah, maybe Vbox has an issue of video drivers and it's latest update. I don't know if they fixed it. Ah, I don't know It works What's the ram usage? I mean What do I even have it? It only has a gig of ram assigned to it. So I mean it windows xp did not use too much so not Not a lot there going on Uh From proxmox easier connected. I think it's easy depending on if you understand how it some of those work I don't know Where's the other thing I just restored? There we go. So this is another pharaonics and it's got to be This network Whoops, that's not the one eth zero There we go. I can fire up another one here We'll have two instances of pharaonics running So here's the main one. Here's another one Actually, this only has eight cores. So we have to boot it up But then I'll stop it and assign more cores to it kind of show you what happens How do you drill down the settings in your security camera since you have a background in photos? I bet that helps Uh, can you make a video on what some of the settings to do? I have my video On uh, synology, I don't really know I don't know what settings you're looking for I have this video here on Setting up the synology. So maybe that will help you. I don't I don't know what you're looking for I go over all the settings that you put in to the synology surveillance station for the cameras because that's what I use So hopefully that helps all right Is it booted up? Yes, let's stop it Let's assign some more cores 2034 24 cores you can't assign more cores than exist in the system But you can assign as many as exist two more than one vm. So this one has 24 Let's go back over to vm's Hosts, uh There we go So both of these have 24 cores assigned to them And now we'll show you what happens when two of them run 24 cores and Can out the processors. Let's actually break this down differently We'll team up sit here and split the screen So we need this one logged in It's fun to play with all this stuff. So we'll have this one running Five I'm gonna not turn it on yet I watched that really helpful thinking you may have made other tweaks. Nope Nope, I'm all the tweaks I made are in that video all the settings and everything I don't keep any of uh Any of that on there Will you do kubernetes install using bare little nope? I don't do kubernetes. So, um, I'm not the person ask I think jay has some kubernetes videos I don't have any kubernetes videos because I don't use kubernetes I mean, I use it inside of true nas so I can't say I don't use it at all But I don't teach things that I don't use We should be able to actually now you gotta remember what the command was This one right here We're running both at the same time Let's just show how this works Uh, that's a password A B There we go extracting packages we got to get it set up so both of them have it Yeah Alta vista for sure Yeah, there's a few people network chuck into that has uh Definitely have some videos on it. So there's there's plenty of people out there doing kubernetes videos I'm not one of them because I don't use kubernetes All right. Now I can get this one kicked off again All that one installs downloading the sequel light Oh, let's see I know what to do when we're waiting This is what this is when we do it all live, right? It just kind of shows up like this It's this thing doing Well, it's installing things because there's our there's that Let's do this too As I remember I think I have one one two three four We have net data running on it too. So we can actually see the Net data usage. Oh, we can also look at the heat CPU temperatures. There we go Watch our voltages and our uh CPU temp. So CPU temp right now is 44 We're gonna fix that. I think I can I zoom in this? Yes There you go. That should be more readable Uh zen is supported by the way inside of here as well. So it recognizes zen it recognizes those It recognizes some of the things running in it, but we're going to focus on what happens to the temperature When you start running all these There we go option five No enter no enter Now both of these systems are going to be ramping up CPU So we're gonna watch in any second now the CPU should go crazy Have you played about expo like X to go? Nope. I've used X to go, but I have not used the other one I don't know if it offers something Uh Better that the other one doesn't I really don't know. So here we are we're achieving Looks like what about yeah peeking up here in a 50 percent CPU usage So it's pulling the CPU on this one. We go back back Pull these out. You can see both of them are going to do the same thing. They're going to share The CPU usage and the processor here we go. It's certainly raising in temperature here too 50 but nonetheless, this is what it looks like when you over provision in CPU The hypervisor itself will just take care of it. It just makes the magic happen So this one's going to use that much CPU And this one will it's going to split the difference between all the cores as they go back and forth And if I stop one, this will actually end up higher on the other one But it's also fighting probably oh disk usage too. So disk usage is probably another limitation because you're both pulling from the same drive How much what's kind of an iops are we getting out of this and about 80 000 iops out of it So not not terrible Small amount of IO wait time a little bit of latency But Yeah, this is some of the testing I've done for the server you watch it slowly raise in temperature Because it's uh getting beat up a bit But you can do that that's a common question that people ask those about over provisioning cpus, but works perfectly fine I'm gonna probably stop doing it because I'm just wasting cpu cycles and electricity at this point But maybe sometime I'll sit down and put a whole foronics test lab of what it looks like when two things run together versus when they run separately Um, you know see what type of efficiency loss there is between there? I don't know it's almost questions people do ask a lot Drag this screen back over here I can There we go, we'll pin this I like the way it looks this this is the screen I see I see it like that so Uh Where's a good place and source? Source service for sp's internal stuff in my home lab on the cheap How you know I've brought this up many times Lab gopher if you're buying if you're looking for cheap um Lab gopher is probably one of the easier places to grab them from It's just lab gopher.com and uh, you can find deals from I mean it's it's searching ebay So you're finding deals on ebay. That's probably the cheapest place unless you have a local recycler Uh, if you want something where you get a warranty and someone actually tests it and gives you high quality equipment Uh, tech supply directors an offer code. I have for that. That's another great place to do it I modified my windows xp where the home page got changed without my knowledge Uh, it's well, we didn't have funds to buy a backup solution Hmm I don't know it's been a long time I don't I haven't other than the windows xp I have for those rare occasions that I need it. So yeah Uh, most to miss that party. I covered the zen updates right in the beginning Like I said, I don't I'm not putting a ton of time in today for the vlog Feel free to ask any questions though because I'm at I'm at the end of what I have to do because My goal is at four o'clock to be out of here is I got a few projects to do Oh, I think worth mentioning. Um I'll bring this up Is invoice ninja were um almost ready I say almost Let me see if it refreshes There we go Do I have any clients in here? I don't have any clients in here to really Show anything But invoice nin Let me put the screen back on invoice ninja v5 is just about done For us it's been out for a while what we have Uh, some testing to do because of the volume of invoices that we have I thought we had do we have more than one demo company? Oh, that's right. Here's a client There we go. Here's what the new invoice ninja looks pretty nice. Um, it does have a dark mode. Where's my dark mode at? Why isn't it showing? I don't know why dark mode is not showing. I don't know. I'll figure that out later works fine And this is my non-production one. Um, but yeah, this is uh What we're going to be migrating to because I'm finally finally getting off of the old version of uh invoice ninja Which is still supported but you know, eventually got to move away from it Um The it's a lot of it's built on some older technology and everything's moving to that v5 So that's something uh, I'll be talking about once I get over there to it. So Oh, do I talk about security? Yes. I did want to talk about security. Um, I just dove into on my last home lab show Uh, kind of just ran through a lot of home lab security stuff So check that out on the last episode and where I cover a lot of things But just in general when it comes to security, I'm sure I figure out what I want to cover next because I The demand is there for security stuff, but I always try to figure out um What's very relevant to the audience and maybe I'll show some more investigative stuff I've shown how we do set in the one things, but um I know there's a lot of demand for set uh me talking about sarah kata But I really want to get a video done on security onion That has been one of them for a while that I think is just very valuable to the people that want to get into understanding security Um, but yeah, it is you know, it's kind of a one I'll throw the question out for you But I think probably a lot of people would like to see a video on security onion There's been a couple people ask me about doing an updated video on sarah kata It really hasn't changed since I did the last video So I always try to figure out, you know, where the value is because it takes a certain amount of time to produce any of these videos So I have to make sure that the value it provides the changes that have occurred Would be more valuable than a video. That's just two years old That yeah, there's a couple little things that changed that are pretty minor and not significant to the video. So Um covering wazoo Yeah, wazoo is a um, that's a big one It I have to really sit down and play with that. I want to But because I haven't used it. I've used security onion a lot more than I've used wadu So, um, it's on my list to check it out because I think they've put a lot of engineering into making it easier to use So that's on the list of things i'm going to do Uh is wazoo as well Perhaps a bit off topic, but she labored a bit on setting number of cores for cpu and a version machine kuda Uh would more cpus more cores or cpus. You better. How's it translate to the host? Um, it depends on the host So sometimes people do it more for licensing reasons than anything else It doesn't to my knowledge and someone correct me if i'm wrong Uh assigning it two cores Um or assigning it multiple sockets doesn't matter You can sign two single core sockets or one socket two cores and I don't believe there's anything different But the way some tooling works outside the open source community world They're based on the licenses So sometimes you may want to assign your virtual machine based on the licensing needs you have So I don't think that's probably a big deal there. So virtualization security Um, it's virtualization security is the Same as any security. Uh, there's not anything especially you have to do when you virtualize it It's like separate your networks. That's an important part of it Whether it's virtual or not network segmentation is still one of those things Uh zen is actually really solid on security Zen does really solid memory separation So it's actually kind of got a lot of inherent security in there That makes it harder to cross boundaries for things. So there's that as a technical thing, but that's usually not as much a Where people are are warning so um For those who don't recognize oh cc++ certify. Yes. Yes. Awesome. And gradually got that on there I got your certification Uh Pfsense 2.7 stick with free bsd 12 3 instead of finally release date Uh, I don't know what you're talking about because Isn't in the neck eight slash blog So we'll just share the screen over here read the blog post So where's it at here moving to free bsd main Pfsense and community edition are both going to the new version So I don't know where You got your information, but the people that write this Unless i'm reading it wrong We are moving to the version of php by ps 8.1 mail space decision to move the base operating some bsd From 12 stable to the current development top of the tree version known as head Uh writing in 14 current so The project Is going to that one. So I Don't know what you're talking about Uh in terms of that So hopefully that helps Uh paperless ng don't know what that is The screen feature you're using is pretty cool. Uh, I should get that for my computer Let's see Here's the challenge tom versus jeff from craft computing Doing what? Doing xco. What's xco? I've got an accountant. Uh, I got an accountant clients who Work from home guy deals with tons of high value info needs security many projects locking down as consumer residential network any advice um Selma pf sense Windows doesn't like greater than two socket setups. Uh, I think you need licensing for some of there There are mitigations for the zen inspector meltdowns In terms of virtue, uh, in terms of virtualization vSphere is king of the enterprise whereas among Hosty friders linux and kvm um We see tons of people moving from vmware over to xcp ng so Oh, tom and jeff craft computing proxmox on the same hardware scripted tasks, uh, maybe CPU scheduling. Yeah, there's the mitigations are not something It's handled at the um hypervisor level the dom zero in xcp ng applies the mitigations there. So Uh, there's probably a way to do that set xo a to vm's sequentially instead of all at once Um, I think you would do that with the job scheduler. So I think that's the way that would work There's a job scheduler and you could probably schedule them Uh to migrate that way instead of all at once, um I don't know. That's a good post that question or forums That's a I think there's probably a way to set limits resource limits on that You build a resource limit for the number that could transfer uh, and then create a job to transfer them I think that's how that would work When setting a custom gateway it breaks interland access any idea Um, don't set a custom gateway So I don't I I guess I need to know the whole scope of the scenario you're trying to do To get that because if you are using a gateway You can also add static routes on the gateway that it's pointed at so that static route will allow it to have the other routes Um, but that's it with I'm only telling you a partial answer because I only have a partial piece of information You'd probably have to post that in some forums. Maybe the pf sense forums or my forums to get someone to answer that Revived as a hyperrider is kind of strange. It's in technology over so many years So you can get as much traction as other hypervisors It's used at a lot of companies. Uh several fortune 500 ones are using it as well So I can't say that it doesn't have traction. It certainly doesn't have the popularity of vmware um But you know, it doesn't have the marketing budget of vmware either to make it a household name So, yeah, the um, there's definitely a ton of companies using Zen server we consult with a lot of them and uh, a lot of them are pretty big You know, we're under nda for some of the clients. Um, this is kind of always interesting to me when companies like Hey, I love your youtube channel. That's how we found you. Here's an nda so you can't say that So you can't talk about us being a client and here's all the project we'd like to help with Which is fun. I mean, I I'll take the projects whatever Um, but these companies are you know, very very big and uh using a lot of zen server stuff So it is pretty cool It's the same thing like someone told me pf sense was only consumer. I'm like, whatever we're you know, how many large Companies are using it a lot of companies just don't talk about their infrastructure So it's not like you can get this quick list of oh, here's all the fortune 1,000 companies that are using this in a as part of a mix in our networks all the data centers that use it Yeah, there's there's a lot of companies use it so What is people people ask this I have no idea I don't even have pf blocker and g turned on at home right now I'm much more a fan of just using the you block origin Because that way if something's blocked I unblock it with my browser and don't have to go anywhere else So I don't use it that often. I know people get like obsessive with it So I don't really know what the best feeds are but they do have if you go to reddit r slash pf blocker There's lots of people asking the same question and then arguing about the answer. So Could be where's could could be uh, could be what I do at work not vmware zen or kvm. Yeah Can you see how many use neck heat versus the custom built some huge number of them are using the neck heat hardware It's pretty common. We just consulted with another big company in the medical field and They have a series of all h.a. Installed one of the the highest end neck heat boxes and they're buying more of them where There's a pretty big company with six locations Across the u.s. That we're migrating them all to pf sense right now Uh, it's kind of a hostile takeover because their old company has been Nothing, but difficult not giving us all the information. We need to build the site to site vpns But um, it's on most of the time with all the businesses It's rarely not that gate hardware pretty much all the business ones and the ones we deployed for business We just use the neck heat hardware because it's consistent. Uh, so it's just a lot easier that way Another plus for you block origin over pf blocker can filter the same domain Uh And the dibs not just a dns. Yeah, I just really like you block it just works um For filtering things and I can also look at it and see what it's blocking and Click a button and stop it. I have a few times and it's just a way the marketing stuff works When I have to sign up for things normally it would sinkhole. This is an aggravation I know I have to go to this website. I know it's got tracking in the website. Whatever It's part of the business thing that I have to do So I'll I didn't want to put exceptions in every time pf blocker caused me not to be able to Click the offer codes and marketing links that I need to get discounts. Um, you know, I yeah, whatever. Yeah Yeah, you block origin sometimes works too well. So yeah, I'm probably Oh, let's see What else is there in here any more questions we give it till four o'clock. So that's about eight more minutes Eight more q&a minutes. Um, I do security in error. I was gonna do some rundowns on some of the security news Um, oh, this is a good piece of security. No news. This just came out today. So let me pull this up one um Let's see So the to to do to do I seen this tweet and I was like Wow, hold on here. Let me actually Why is it? This is where oh stop. There we go share I wish they made this easier Anyways this Somebody ping me something interesting day nord vpn threat protection does ssl man in the middle Uh, network side of all port 443 traffic. I don't know if anyone has really looked at this before that's interesting um Nord vpn doing some man in the middle stuff. Yeah That's uh Going to be an interesting discussion. There's already, you know, this just got tweeted a little while ago and So what one o'clock. So just a couple hours ago Yeah Obviously don't enable the threat protection feature Um, but I did find it interesting the fact that there are man in middle of man in the middling the uh Key on there So, uh, yeah The scan of requests upside is local on that server side Yeah, I don't know. It's still interesting Other people, you know, swift on security terrible idea I like this response here. Nice job NSA So, I don't know. It's going to be interesting looking into what is nord vpn doing there. So Uh, what do you think has a steeper learning curve vmware xcp and g proxmox? I don't know. I don't have an opinion. I'm going to say uh Maybe proxmox. I think when I first set up proxmox, I was confused But then the last time I set it up, I seem much less confused by it. So I don't really know I didn't find any of them particularly confusing. I don't deal with proxmox very often at all mostly. I deal with xcp and g and vmware Uh, when setting up wan failovers, it better to set the fault gateway as wan fail or use firewall policies I have a video on wan failover. Probably watch that video or more Importantly go read the pf sense documentation. They outline exactly what needs to be done for that. So There's more to that threat. Uh threat about nord kevin is going to uh, delete. Oh Threat about nord kevin is going to delete the tweet kevin. You think kevin will delete the tweet? I don't know man I'm always dumbfounded that uh How much of the internet it well, especially lately exchange is um Propped up by someone who tweet says gassy the dog like this is this is how we get our security information Uh Oh, he's gonna delete this thread. I don't know Let's find out Full of you assume the competition is less some of you fiend companies owned by a handful often less obscure. Yeah, that's true too They advertise in an encrypted. Yeah, lots of discussion on this But um on a security standpoint, one of the reasons I follow gassy the dog Is because what did he tweet the other day that really had me laugh? Uh It was all about the Where is the tweet about the messed up exchange The exchange stuff is just a disaster right here so it's Microsoft has just bungled another this is proxy net shell um One of the victims ran exchange servers will be a third party MFA solution Uh, they thought pretty much failed to protect them as auto discovered outlet clients is always basic off the exchange on prem So Microsoft has just dropped the ball because they don't care because there's zero incentive them to care at all about exchange And I kind of laughed that here's the wealthiest company in the world Microsoft who releases exchange kind of Well, half ass is the only way I can describe it. They don't do a good job with security on it They don't care to do a good job because the only alternative pushes you back into their product of their office or i'm sorry Microsoft 365 product net office 365 and the way we are able to secure these Terribly patched garbage exchange problems is we look for a twitter account by a guy named gassy the dog And gassy the dog will tell you how to properly patch it because Microsoft can't be bothered to tell you how to properly patch their product Matter of fact, one of his tweets was really the one I was looking for which was particularly funny was Microsoft should read their own source code that's You know because it is just It's just so bad And it's just mind-numbing people last matter stress and cyber security um And it's because if you're responsible for some of the stupid stuff here You're like, yeah, you know think about that from a job standpoint. I like that. This has been amusing He's been posting these two like this is where we have to get our security news because Microsoft has neglected to actually Do it properly. So we have to rely on third party people to uh, tell us what Microsoft is failing in Yeah, that's my security rant Oh, he said he was In xoxo a go to host advanced tab schedule granularity to core. Oh, okay I'm assuming that's under uh host then advanced tab schedule granularity. What is that? So I'm looking hold on. I probably should share that tab Throw that in here You said go to host advanced tab Set schedule granularity Is it a custom field you need to add? four sockets static guest Hmm interesting Unclear what that was about then my t department said we My t department, uh, we have a said we were forced to switch our below pf cents to 40 net. Oh What pushed you guys to switch a salesperson? I think I Uh, yeah, maybe sometime I'll have the vates people on there Oh on the xcp host So if we go to the host itself Got it status Oh, okay Got it. Okay And reboot to apply the updates neat. So that's where you set the schedule granularity. Okay cool I forgot what this does may one day. I gotta look in the notes again. Someone asked me about this and I forgot what it does If someone remembers what the power on mode does, let me know Specular store bypass mitigation Have to look at the host settings not on a vm. Okay But I agree. I'll reach out to one of them and see which one of them wants to come on sometime. Um I like the team at vates. I've talked to them a couple times. They're great people I mean the product kind of speaks for itself But if you spend time in your forums, they're really on top of it when it comes to like, uh You know just Fixing features and things like that a couple times they've jumped in and joined live streams and things like that I'm always impressed with like how fast they work on things Some operations are faster with core schedule granularity Huh, that'll be an interesting test and figure out what is or isn't faster based on that. So That would be interesting Definitely pretty cool Well, I went past four o'clock. Is there any last couple questions anyone has before I uh jump off of here And go on to my next task Of really I got to finish some accounting stuff So a few other people in here, uh In case my question unclear, I'm talking about how the vm On scale cannot easily mount your next storage since me and ping. Yeah, that's a known issue I don't know when they're fixing it, but they are aware of the issue Did you see jeff gillings video about kvm pci? Yes Yeah, that's pretty neat the little um kvi kvm pie cards are pretty cool Those are um, yeah, there's some jeff's always got so many, uh cool, uh pie projects going all the time Definitely pretty neat All right Seeing there's no questions, um Or at least no more final ones. I'm gonna bounce One thing to note. I'm not sure how I'm gonna do vlog thursday next week Um because I'm going to be at gerkan as I said So I will try to do something maybe from my hotel room at gerkan in the morning Uh this so I keep it consistent because once gerkan gets going I probably don't plan to uh do any other one So my guests will be I'll be doing an early morning Uh while I have my coffee of vlog thursday, so Uh, let's see Yeah, everyone's aware of it. I don't still know what they're doing about it The bug is now like three versions that it's been around. Um, so it's people know about it. So it's not um I don't know it just for reasons. I may not understand It's a lower priority from the fix if it was a high priority. They would have fixed it So yes, I didn't look at the back end of what they're doing wrong. Um, whether exactly how they implemented But yeah, hey, at least people are aware of it. That's always where it all starts But thanks everyone for joining and I will see you next time and try to get a few more videos posted somewhere in between All right, take care