 You know, I was testing some camera things and trying to figure this out. Is it better if I do it from this angle or if I do it from the angle where I'm actually looking over one of my monitors? When I look at it this way, I see things very direct, but I can't see the chat, so I have to kind of glance over for the chat. Does anyone have any opinion on any of this? Does it matter? I guess that's the question. Does any of this matter? Let's pull up a couple things I wanted to talk about and get that out of the way. I'll wait for some comments to roll in and see if there's opinions on this, of which way the camera should be facing. Actually, I was pulling up really old photos of me for something I'm working on if you're wondering what's in the background over there on my screen. So that's the thing. That's actually the first thing I want to talk about is site updates. And I guess this is where things get a little bit tricky if I do it this way. So we can present, share screen, and you know, there's actually more than way I can do this. Let's do it this way. Does it might look better if I did it this way? Thanks, Chrome, for giving me notices I don't care about. So let's go ahead and present, share screen. Oh, I didn't. I have to enable sharing. Hold on. Always these details. Edit name. Well, maybe not. Maybe read the chat before I get any further. I listen more than watch camera angles. Good for me. When you get those hexagon panels in the background, if you look at my studio tour, you'll find a link with all the parts in it, including the hexagon panels. They're on Amazon. If you type in hexagon sound panels, you'll find them. But the link to the exact ones I bought, you'll find in if you look up studio tour, which I'm getting ready to do a new studio tour, but the old studio tour has all the parts for everything in here. There's a lot of little things that people might be interested like my keyboard, my desk mat. I have like a full parts build for all of this. It's so I always try to document everything because that's one of the problems I run into is not just like the idea of how to do something. But also what parts were they? What's the exact model of something that you have? And I'm working on my home assistant video, which to me, like there's a lot of great people doing home assistant videos. But the problem with them is like they don't always list the parts they use. I like the tutorial, but I don't mind reading a tutorial, but I really want to know what lights worked well with your, you know, setup. That's to me like a huge thing. Let's see. New here. See look after. Oh, no problem. I don't mind. If you look, there's actually a kit.co link in all of my descriptions. It should be in the live stream as well. If you look at my kit description, everything's broke down with different videos for what parts were used in different videos. I got to go through and update that because occasionally this is just an Amazon problem. It'll link you to something that doesn't exist in Amazon anymore. Well, I'll tell you unavailable. It still exists as a landing page. It doesn't show that part, but from there you can usually figure out like, oh, they've now changed the model number a little bit. But I try to make sure all of that is somewhat well documented. Why want to let me share the screen? Let me try that again here. Because it should let me share screen. Oh, now it worked. Well, kind of. I have to add it back in. Anyways, the part I wanted to share anyways is this. You can check this out. This is on my site right now. This is a new update and I'm working on putting together the question people ask all the time. How'd you get here? What was the history? Now, the site's going to keep brief like this. I don't really plan to add anything more than a video to the site. And that's kind of my goals to be able to have. Like that question gets asked a lot. I don't usually do what I call this a self-indulgent video where I talk about just me. But I know there's enough people and I'm one of those people who are always interested in how someone got to where they are. That's an interesting topic. But because it's an interesting topic doesn't always mean it's the right topic for me to figure out how to put it on my channel. But I will make one that pairs with this right here. And I'll be very clear in the beginning of that video. This is not a tutorial. This is how Tom got here. Here being the present day when I record the video. And this will be the whole history of everything else. So yeah, these are all those questions that comes up a lot. And it was I like to do fun things when I can to make it a little more graphical. So, you know, I put some of my childhood when I got my first computer. When I got my first tech job, which is actually 1995. My first sysadmin job where I wasn't just fixing random. I mean, I fixed some business computers. Then we go to 1998, 2000, 2003 when I started my business. Suburban electronics launched PC pickup started the YouTube channel. New location, new studio stopped my retail back in 2019. So it's just all that worth noting to I've got a newsletter I'm launching. So that's a I mean, I guess it's a little self-promoting for me to say that. But hey, it's one more thing I got going on is the newsletter. People ask about want to being able to catch up with things I'm working on. I plan to do a newsletter twice a month. So that's 24 newsletters a year to just have a list of videos and list of things I might find interesting that you may find interesting as well. So that is the goal there. Oh, let's see. Someone asked a question. Hey, Tommy at Thursday live streaming and Jason talked about advanced layer three features that in Unify is a Cisco course. The best way to learn this stuff. I would say Cisco course is a good way to learn it. The one nice thing about if you go through and I'm parroting this. This is not my own personal experience. I've understood that a lot of people find great value in the Cisco classes, not just because you learned Cisco, but because they'll teach you networking. So the answer to that is yes, Cisco always covers all the fundamentals of networking in a lot of their stuff. So you should get a more rounded education, understand layer three routing better by achieving some of the Cisco stuff. I'm trying to figure out who I'm promoting today on accident. I get cups given to me from vendors and this is all accidental promotion. My T is apparently being I'm shilling for whoever MSP CFQ. Is that what they're called? I don't know who they are. There's someone who gave me a cup. I will shield for my friends at Huntress though. You got to do this. It focuses. There we go. I love their breaches and brews events. They do. There was beer in this one. I got it. It's just water now. And yeah, but learning, learning the networking. See, one of the challenges I have is I'm a, I'm not someone who's ever done. And one of the things it's not omitted. It's the fact that it doesn't exist. And I'm going to cover this when I make the video. But when I talk about the my story, if you follow along with it and you realize my first tech job was 1995, I graduated high school in 1994. I did not go to college. I didn't really like high school that much either. I didn't do well in school. I didn't like going to school. I always spent time like I was a kid that skipped school to go to the library. I like reading a lot. So I spent a lot of time in the library and my, my, that's why it's harder for me. Like I don't have a history of taking structured classes ever to I've done like a couple of training things. Like I recently did a stuff thing with 45 drives, but I don't have a history of structured learning. I have zero certifications. I never even bothered really with any certifications like pursuing them. So I don't, I always parrot what I know from other people, but I know some of those search are really helpful for other people. So I do recommend them. I mean, it comes down to whatever learning method works for you. That's, that's always how I look at it. Afternoon. Those are, those are secrets of your life. The guys are looking for to compromise your life savings. I'm missing some context on that. FYI, your website photo, the orange joint conversation button has white text. So you can't read it. Really? Orange joint conversation button. Oh yeah. Oops. That was, that was working. So I will thank you. Thank you. I will definitely, so people, I see what you're talking about now. That was, I don't know when that broke. Here's the question. Is it broken all pages? Weird. It just broke on the mouse over. That's, okay. Thank you. I will, I will now fix that. It's always fun finding these little things that are wrong with stuff. What are your thoughts on ACI learning? I'm currently taking basic scripting course. Seems very engaging. They also have networking courses and certifications. I think they're a good place. I've got an affiliate link. I think still works. I haven't talked to them in a while. But I, I've heard good things about them from a lot of people. I've talked to the instructors there. Overall, my, my impression of the people there is very good. And from that, now have I done classes? I did, I surveyed a couple of them. I never really pursued any of them that deep, but I went through a handful of advanced tutorials here and there when I first started with them before I, there's a lot of things. Before I have someone I work with for an affiliate link or some type of promotion. I try to make sure that like it's not crap. So I went through them a few of the courses and said, this is pretty good. I think my son went through a couple of them because they gave me a few free users to test it all out. And I'd actually, we were probably going to do it with my staff as well at CNWR. We used to do it at launch systems and then it kind of, we kind of got away from it. I want to, we want to bring back some of that learning at CNWR now. So we're trying to find a good one. And we're probably, the top runner right now is the ACI, ACI learning. It used to be the, I want to say tech TV, but that's not what it was called before then. The CSS is Borked. Yes. That always happens. CSS gets Borked. That is a challenge for sure. Now something else I've been working on is an updated review of this. This is cool because I can share two screens. There we go. IT Pro TV. Yes. They're using the former set of tech TV, which is pretty novel. Let me make this a little bigger. But I've been testing the VPN support inside of here. There we go. I've got the Unify Express set up in here for VPN. And one of the things that I realized, let me probably, I got to log into the Unify Express. Let me pull this up next. Get this pulled up. There we go. They, this is a feature they did not have, but now works is proper policy routing over WireGuard. This now works. Now I don't know when it started working. I know the last time I looked was a long time ago and it wasn't working. And I'm really happy that it's working. I'm not going to say impressed. Impressed is to be the wrong word. Relieved. This is the challenge I've had with Unify. Is they keep these features going for a long time that they're on their roadmap. It takes them a long time to implement features that should have been there on day one. Unify went like the long way around to getting normal networking. They're like, let's keep reinventing everything. Let's keep trying to do things in the weirdest way possible. Let's take the VPN, not force you to cloud registration on your devices. Well, first they did. First you were allowed to not have cloud registration. Then they forced cloud registration. Then they took cloud registration away. But if you wanted your VPN to work, you needed cloud registration, which made no sense and made people angry. So now they're back to using VPN without cloud registration. My problem with Unify is the roadmap makes no sense. And finally, they've come back to like, oh, I guess people just want a VPN on their firewall. You think? You think people might want a VPN that just works? Well, we got that. And then they finally added some policy routing. And now you can actually VPN WireGuard site to site and then policy route to the other side with certain services. And I'm like, wow, this is like innovation. Well, not really innovation. Just you went back to normal. You put the feature in that actually people were asking for for a very long time. And after you did everything the hard way by building it in the clouds, you finally just said, oh, I guess we can probably remove the cloud component and just let people do it. Now I think Teleport's cool. I got to look because I guess they released a Windows client for Teleport. Teleport's novel. But the thing you're lagging behind on now is if people want to use something and tail scale being in PF Sense is huge. So I think that's really cool. And that's another great feature that they have on here. Well, in PF Sense, but they're lacking on the Unify. Maybe they'll decide to integrate with some of those or that's kind of a, that's gravy. It's not what I would consider a core need, but cool that they have, they've coming around to that. As an MSP, would you secure access to all customers firewall using SSH and tail scale, net bird or office data standard firewall for the VPN? I, net bird, I, net bird has not gone through a full security audit. I will, that is on their roadmap. One thing about any of these is making sure any of these companies have gone through some level of security auditing. I believe tail scale has, there's a little piece I need to research going forward, but I'm pretty sure there's some security reports you can find for tail scale. Don't publicly expose SSH please. That would be bad. Put everything behind more hardy VPNs. I think tail scale being the bigger company probably has gone through and they're more mature. Tail scale has gone around, been around long enough to be well secured. I think tail scale is not a bad option. The downside is you don't necessarily want all your clients managed by tail scale on the same network unless you build out the rules properly because if one client gets compromised and they're all on the same tail net, that compromise then could lead to your other clients. That would be terrible. So definitely not a thing to do. I think I might do an updated video. We have one on business technicalities, but I might do a more technical one on this channel. It's called the client protection matrix and it's all the tools we use. Now these are commercial tools. These are not, you know, free open source tools. There are a lot of the commercial tools we use to manage all the security for our clients. And because we're, because we have an RMM and we have Screen Connect and we have Auvik, we have ways into our clients network without setting up separate things. So that's, you know, something to think about. SNSP, would you secure? That's the same question. Shame your market cap, enormous sales and rather half hazard direction. It's a shame they don't, they're not brilliant on a core bunch of products. Yeah. So in essence, what are some of the benefits of talking out loud? It's a way I can observe reading this and wasting in any essence. What are some benefits of talking out loud? I don't know. I'm not sure what you're asking. Maybe you're trying to waste my time. Did you ever get free range router or use the virtual router OSPF, BGP? Is this basically router, Linux, BSD? I don't use that. I don't really, for what we do with our clients, I don't really have use to hear this. But I notice the VPN in certain countries don't get commercials and watching YouTube. It's strange to me. Any insights? Yes. That's actually true. You can look that up on Reddit. I'm not going to talk about that. Someone posted, I forget that someone has a list inside of Reddit of where you put the VPN. So you get, it's because there's some commercial problem with YouTube. I'm not going to say it because YouTube might demonetize my channel for mentioning it. But if I say, if you look on Reddit for this, I'm sure you'll be able to figure it out. Just put SSH and anything but 22. Don't put it. If you think hiding on a different port will fix it. No, you're wrong. Don't publicly expose SSH, please. That's my ask. Now, you can call me out because I probably have some lab stuff that has exposed SSH when I'm setting it up. You can call me out on that and I will say, yeah, you will not find exposed SSH. Or if you do, let me know because it's by accident on other infrastructure we run. Sheriff of Routers, seems to be quite a few videos we're into, but how security seems to be a fork of open to routine. We can't find an issue. I don't really get travel routers. I talked about this in my live stream. People get excited about them. I just throw tail scale on my devices when I travel. That's been my solution for the last year. I have tail scale. I like tail scale over OpenVPN because of the convenience of it, of it being an always on VPN. Not that I find OpenVPN not to work well, but if you have your phone and your laptop and you want them to talk to each other, you can have them talk over their tail nets. And that way, it's not round robbing over to your house. So if I have a couple devices and I want them locally to talk to her, or I have, and I do, I have devices kind of scattered around on different networks. The nice thing about having something like an overlay network, tail scale or I recently reviewed network, it gave people an overview of it, I should say. I like the fact that it's just an always on VPN. It's always there. I can always rely on the tail net existing and the clients talking to each other. And after a year of usage, it's just so seamless. I don't even think about it to do. I understand if you don't want to answer, what made you merge with senior? Did you get bored? I just wanted a bit more hands off role. That's actually something that is documented on my site. I have, I have two things. I have a whole video on it about the merger. So let me throw that back up here. But if you click on the my story on my site, I outline it right at the bottom and let me zoom in a little bit, make it easier to read. But yeah, I, yes, I did not run the business anymore. I got burned out running the business side. I love tech. I don't, after 20 years of running a business, I was fine not to run a business because the bigger the business gets the, you know, sure you make more money, but then you have to deal with business things more and more. I just didn't want to deal with the large scale business things. They just don't interest me. They are a drag to do. And I just, they drag on me and make me go, I don't want to do this. And if I find myself not wanting to do this, I asked myself, why am I doing it? I don't have to do this. I, you know, matter of fact, for a moment, I said, you know, do I sell it? But then it would change my channel dynamically because my channel comes from lots of real world experience. And if I sell my business, I lack the real world experience. But I mean, I can be a homelab YouTuber because I like that stuff. And I have several friends that, you know, have experienced in homelab and a background like I do in corporate IT. So I thought about that for a minute, but I don't know. For now, I want to remain active because I really enjoy the community. I enjoy working in the IT services space. I have a lot of fun. It gives me a lot of insight. I get to play with all kinds of really expensive things that I didn't buy. You know, I have a video I'm going to be filming on Monday or Tuesday with like a couple hundred thousand dollars worth of equipment because it's fun. It's not like when Linus Tech Tips does some super expensive thing that was sent to them. These are real world projects that customers paid us for that I get to engage and interact with. So that's essentially why I merged. So I don't have to think about the business side as much, but I can still participate in the tech side and maintain control. If I take a job somewhere, someone's going to put some duct tape over my mouth and tell me what I can and can't say. That is off the table. That is there's I am. I am very much my own person after running a business for 20 years, and I don't like restrictions on what I can and can't do. I wouldn't do well with those. Weigard, any problems with tunnels? Not reconnecting issues. No, I find Weigard extremely reliable. Thoughts on CMMC, I2, Phipps, Chacha 20. They're popular. You have to say more than thoughts. Regarding Weigard, do you want to hit problems? Nope. So I wonder what 24 will bring in the tech space, ubiquity. Yeah, interesting. Thoughts on how secure backups in a homelab keep encryption keys on a piece of paper. I have a few of these. Let me see if this will... I like we can do this. Focus close on it. There we go. These are the hardened US... It's kind of hard to open. There we go. Oh. I can't explain that one. Oh, it's the sticker fell off. Where'd the sticker go? Anyways, these are extra backups. I keep them in the... There's a rotation of them offsite and fireproof safes. These are Lux encrypted, and they have my actual backup keys to decrypt things, because anything that's sort of offsite is encrypted before send. So you have to have your full tabletop plan. So putting them on these really solid, tough USBs. They're called the Survivor Series USBs. They're solid. They're waterproof. They're supposed to be shockproof. And they come in this really fancy like, you know, you twist them together and I got a weather seal on them. But I like these. I have a few of them because I don't want one copy. I want multiple copies of all my keys and locations that are not here. And it's all my encryption stuff. Yep. Edmant finds... We'll find SSH no matter what the port is. Shodan finds SSH no matter what the port is. RDP as well. I've never used OpenVPN cloud. No thoughts on it. Absolutely don't play the alternate ports game. Yeah, more people saying that. Tail scale versus zero tier. I've done a video on that before. I could do an updated one because tail scale's gotten faster. So that's a big thumbs up for tail scale. They've done a lot of updates to the open source go implementation of WireGuard. Therefore, they've gotten faster. Travis likes tail scale because it just works. Getting kicked off a cab call. Hmm. OpenVPN on my barrel router with Verizon 5G. Works great. Be pretty good bandwidth speed. VPN. You can run SSH on all servers though root should not be allowed only a private key. Rest accounts limited. Yeah. I prefer to keep it not exposed at all. So are you part of the leadership team? Principal architect. Yes. I'm not the only one, but I'm among the people who are on the leadership team and solutions at CNWR. I test tech and ideas, but they ultimately get approved by Jason Slagle's president. So he is the ultimate yes or no guy for things at CNWR, which I'm fine with. Me and Jason get along well. We actually think a lot alike and we agree on a lot of the solutions. You don't find me and Jason at odds with each other because we both think of things in a secure way. We get along really well. It's actually been six months later. It's kind of interesting because we learned that people around us have learned, oh boy, we have another Jason and my people like, oh, me and Jason have a lot in common. So the people around us are like, okay, those two just seem to, like we can half finish sentences and know what we're talking about. To swap size effect ballooning and small memory size Linux VMs, I imagine to an extent. MSPs will be CMC2 certified by every three years to handle clients with CMC contracts. We're actually, Jason is on the board for Trustmark as well. So we're working on Trustmark. We're going to do CMMC. Eventually we'll have probably at some point I'm thinking we're going to end up SOC2 as well. We're going through all those different ones in all the different frameworks at CNWR. So that's definitely stuff we're working on. Let's see. WireGuard mobile devices is flawless. I've always used WireGuard before an overly network unless I need it. For a late fly, I just checked that every single SA server they have exposed, there's a lot of drop of crowd. SEX has 50 lines, forward 50 attempts until last restart, 76 time updates. How much does QET benefit PSNs VPN compared to AES, IPSEC, EMB? I think they have some numbers on their site. I don't know. I'd have to do modern processors are so fast I'd have to do some testing to tell you how much faster. There's probably someone who's done the testing. It's not something I spend a lot of time in. Usually the challenge with VPN isn't whether or not they have QAT, it's whether or not they have enough bandwidth from the ISP. Especially here in the US, I think we run into ISP bandwidth more than we run into limitations of VPN. Because people are like, oh cool, I got a VPN that can do 1.2 gigs, but I needed to do 1.2 gigs. What's your internet speed? I can't get over 100 meg. Well, I don't care how fast your VPN is, if you are stuck in a situation. Now there are of course very large corporate clients that do it does matter in, but for most of them it doesn't. What is the right neck gate product for 1G, 1G fiber? I think the 6200 to be fine for that. Is there anything special with the $300 unified cable? I have no idea. I haven't really looked at it. Is Jason open to new clients in PF Sense? Yes. Jason is very open to PF Sense clients. The reason CNWRO was not doing, I can't say no PF Sense, they weren't doing much PF Sense. They were doing a lot of Meraki because they didn't have any team members that were really as trained as we were. In IC Weeks, there are several people that know PF Sense, it's not just me. They didn't have enough PF Sense people. Now they do. And it turned out one of their guys already knew well, and the other one picked up on it really fast. One of the other network engineers there. So now we have like four or five, maybe six of us, six techs I think that know really well the PF Sense platform. And a few of us know the really advanced stuff in there. Well, I don't even know if that's, HAs considered advanced. We've all gone through it so much now. It feels mundane, but yeah, we've got a good team now Jason was already running PF Sense for some of his own equipment. So Jason himself knows PF Sense. It was, this is the thing you have to make a decision as a business owner is do you do the things you know how to do and also can you level the techs up to it? Like I'm more of a Linux guy, but you'll notice that we're not pushing for a lot of Linux services because most of my team supports a little bit of Linux and a whole lot of Windows. Jason didn't just, doesn't just know Linux, Jason actually wrote a book on Puppet. So if he's actually an author as well and when you start diving into things like Puppet and Automation, you're like awesome. So you guys sell a lot of Puppet and Automation? Not right now. We have only a couple of texts on staff that know as much as Jason but he's got a history of building large scale infrastructure managed by Puppet. So you have to decide there may be what the business has versus what the owners know the services you offer it's actually, it's a lot. How do you anticipate meeting requirements for Puppet and Automation? So, Jason, do you want to ask your stack? We will. We will, our stack is compliant for all this. So that's really not a big deal. Thanks. QAT you can run down rabbit hole if you want something in particular. I've got an Adam base unit QAT senior year. Are they more into the partner space? I don't know what that really means. I guess he's a maintainer. He maintained Puppet for BSD, but yes, he's old school BSD as well. I was wondering about because I have many students doing replications and always get SSH filled logins. Seeing that to be a big deal. A wild network Chuck has appeared. Hello, Network Chuck. How you doing, man? Nice to see you wandering into my live stream. Network Chuck knows how to bring the enthusiasm to the tech. He's definitely can be fun. I'm excited though because he's got that sneak peek. It's been a long time coming. I know a little bit more than I can probably talk about, but Chuck's working on a 45 dries, which by the way, I'm wearing a 45 dry shirt. So yeah, I'm waiting for that. He did the teaser video and I know he's slowly getting around to bringing us the full video on that topic. So that's definitely exciting. What I mean, partner space is NetApp HPE on that space? They don't like HP or NetApp any more than I do. They were running before and continue to run TrueNAS. TrueNAS runs part of the colo where a lot of CNWR services are hosted. So between the colo and a lot of they have a lot of hosting they do. One of our clients is partially managing a data center. I can't say the name of the client, but I will say it's big enough company that you heard of. Definitely big enough. We manage a lot of that stuff there and the back end to some of that's TrueNAS for some of the things we do. So Jason already knows TrueNAS. It was already running things. We are more this is why the alignment for our merging accompanies made a lot of sense. We're like, oh look, you know the same things we know. Can cat 6 cable riser run without the vider in size so we can get cat 6? Loas is selling a thousand foot box of cat 6 riser without the internal divider. I imagine I don't think it needs the divider, but I don't know. I'm not, well I have a whole video where I consulted with the person who ratified cat 6. His name is Dave Brera and if you you'll find that video on my channel from a couple years ago, but I mean the cat 6 standard hasn't changed. I don't remember if the divider is necessary. I don't have that information in my head handy, but I don't think it is. I think it's needed for cat 6a but I don't think it's needed for cat 6, but please fact check me on that by looking up the standard. Hi Tom, USG and a cloud key. Need an AP and PoE switch makes sense to get a unified express and AP for future VPN projects. This is a small 500 square foot space. USG and a cloud key and need an AP. I think the unified express is a good deal. It'll route it one gig but I noted the limitations. It only has unified networking. The cloud key actually has unified protect on there. Do you need unified protect? If you want unified protect, you're gonna need something like a cloud key. It depends on if you go no, I don't need that. I only need the network application. The unified express is fine. Hopefully caffeinated and I see Chuck says third cup today. People thinking network check for the content helped me with putting virtual machine in my laptop. Awesome. You know, it's always good to see this is a discussion that came up on Twitter just yesterday is just talking about all the knowledge being dropped. YouTube has become a pretty amazing place for the tech community and network trucks part of it. It's about getting people more into tech, getting people enthusiastic about it. That's why I do all of this. Earlier discussion, why did Tom sell his split off? I didn't sell because I still own Lawrence Systems. Lawrence Systems became a media production company that produces all this content and I love getting people into tech. This is I do YouTube for that reason. I have a good career that pays me really well being an IT person owning a business but the fun I have is giving in-person talk sometimes. Jason's actually doing a big talk on reverse engineering at Codemash. If you're not favorite Codemash I'll be there. I believe so. I got to buy my tickets but Codemash is coming up and I love doing things both online, in-person online is easier because I can reach more people. It's, you know, hard to have a conversation with 200 people on a Saturday morning from the comfort of my chair but I can right now. There's 200 people on the live stream. Chuck, if you ever want to join the live stream just reach out. I do these a lot. You know how to contact me. Hi Tom, thanks for all your videos learning SSH key management. Do you have recommendations about how to storm back up? Do you see things to keep it backed up on TrueNAS? No, because my SSH keys don't change. I specifically do not have them on TrueNAS. I have my SSH keys earlier were talking about storing things on encrypted drives. This is where there are backups on my SSH keys. I do not like them anywhere because they, well, have a lot of power. My SSH keys are how I'm able to get into all my different servers. Now there's a password on my SSH keys so I've got the key plus password setup so it's actually secure in case the keys ever do get compromised. I at least have to have the security that someone has to also know the password to them. But if I find out in any way they're compromised, I'll start rolling and building new keys and redistributing them. But yeah, keep those keys very, very secure. In Europe we have fiber directly to the home. We don't need ONT. Do you have any recommendations on ONT? Not particularly. Maybe someone else does. Spectrum is rolling out gig over cable. Nice. End of jam, I understand for UK arrival for the Unify Express. Yes. Yeah, I don't know where, I don't know exactly the roll updates, but yes, they are rolling it out more. You and Network Chuck got me going, building my own PF Sense router. Yes. Chuck did that good video on PF Sense. Got a lot of people excited about it. YouTube and Labbing is how I learned to base tech skills. It's been awesome. Don't forget that like button. Yeah, the like button helps. Love Codemash. What an awesome conference. Good, we got some people who know what Codemash is. I've learned a lot from you tutorials the past few years. Having to find a hardware for a small 10 gig PSS router, at least two SFP plus does this even exist without DIY? I mean the 6200 exists, the 8200 exists. Those are both NETGATE devices with SFP plus. So I mean you don't have to DIY it. I'm sorry, I said 62. I mean 6100. Whoops. We'll throw this up on the screen. But I mean right here, right from NETGATE and it comes with PF Sense Plus and it's got SFP plus on it. Any particular topics you're planning on diving into in 2024 data center stuff. I have one primary one that I use. I don't necessarily generate one for every single server because you don't have to. Thoughts enabling auto-update and unify for remote sites? Yes. Don't put it on, well when you're doing the updates one thing I will say is do not I mean, where is this at? Don't choose release candidate. Choose official and you should be fine. So I have no problem leaving on official. I don't mind, I have mine on auto-update for release candidate because this is my lab. But if it's not lab, don't do that. No, I have not implemented SSH user certificates maybe one day, but that's not a today project. But here's a spicy topic. Let me pull this one up. I don't know if I'm going to do a video on this. Someone says I'm just spitting in people's eyes, but let's just break this down a little bit here and I'll share a link to the crowd here so we can all be on the same page and share this tab. I don't know if this is going to make a video or not, but I just wanted to have a link because so many people keep asking me because I've talked about this a few times. People keep telling me, but Tom you know, isn't the security better on OpenSense because they have more updates and my answer to that is links to their forum posts of how slow they are on security. First, OpenSSL-11 is longer supported and systems must be upgraded to support version 3, fixed PF Sense plus November 6, fixed in PF Sense CE November 16 and on the roadmap, but still not fixed for OpenSense. You know, every time I bring a PF Sense, people ask me why I'm not doing OpenSense. SSH Charapin fixed on December 18 fixed in December 28 took them 10 days to get the fix out. 10 days is not a real long time I'll admit but still people trying to tell me that I'm wrong that OpenSense updates security faster. That's not true. TCP spoofing vulnerability fixed on December 7 and fixed on December 12 and OpenSense and the weird thing was they didn't fix till December 19 in the business edition. So the business edition actually lags behind the other thing is a lot of people ask me about why I say OpenSense waits for things to come downstream from PF Sense and that's actually really simple. This is the NETGATE sponsored fix for things. People don't understand the ecosystem very well that OpenSense is pulling from FreeBSD. NETGATE is pushing to FreeBSD. NETGATE is one of the major code contributors to it. So when I say OpenSense waits for NETGATE to fix something and then pull it downstream, that's what I'm talking about. And it's not these are all facts. This is not like an opinion. This is not like some subjective I just don't like it. This is the facts and I linked to each of these facts in their own forums specifically the OpenSense forums, the PF Sense forums, the OpenSense forums here. OpenSense has public disclosure about when they talk about these and I'm going to compile probably I think there's a few more but I'm just pointing out the fact that they generally are behind and this is like my response to that because it seems like anytime I bring up and it's becoming less in the live streams but boy there's a ton of comments on there that I should stop doing PF Sense videos. I really need to do OpenSense videos and I'm like no I'm not going to do this. There's lots of updates that don't make sense to me. I don't know why they update so much other than you know there's new packages so they update them to whatever features but for firewalls security is number one and it seems to be lacking or at least lagging behind in OpenSense yeah well this is part of it someone said and it's kind of complicated but yeah if NETgate stopped doing anything and stopped contributing stopped existing you would lose all those contribution firewall updates that go into the BSD now people's answer is well if NETgate did do it someone else will that's kind of wishful thinking it takes businesses to employ people kernel developers are expensive they happen to have I think five of them working at NETgate that are BSD kernel contributors not like part time BSD NETgate pays them to contribute to BSD and when you start going oh okay who's going to pay these people a good wage which a good kernel developer is going to make $170, $180,000 a year someone's got to make their payroll and then have them update free BSD and this is where it's just kind of a a headache so to speak to figure out how that works if NETgate doesn't exist is this the PF sense versus OpenSense people will always be upset for more people to make their own for me empower people to make their own decisions well so I just I just dropped the facts I'm not here to give an opinion of I don't like one or the other I'm here to show you the facts is why I put all the links in there you are repeating OpenSSL all the time it doesn't make it more important second I saw yesterday movies with I don't know what you're talking about nothing is perfect make your own decisions I've had a look at it doesn't do for me so if I was like she does layer yeah the layer 7 stuff doesn't happen in PF sense so if you're in layer 7 I don't recommend PF sense even I don't understand why so many want him to move to OpenSense yeah the number of people like every day in the YouTube comments every day on those PF sense videos there's someone else making comments of I should stop doing PF sense I need to do OpenSense videos I'm like there's other channels doing it go watch those channels there's neck eight made some bad decisions that's a sad fact indeed there are many companies that have done the same right it's here's one of the things you know when I walk down memory lane of firewalls I did this in one of the videos and I don't know if this makes another YouTube video but I made it in the homelab show me and Jay walked through all the history of dead firewalls all these projects kind of share one thing in common they didn't have a good business model around they didn't have a way to support the ecosystem they didn't have a way to support development of the product and it went away and this is why we don't have we used to have lots of firewalls and now we have very few firewall options that are open source there's very little out there anymore because unless you can put a really good business model around it it just kind of fades away neck eight put a business model around it that allows it to work and OpenSense relies on PF sense updates to pull that downstream because OpenSense isn't contributing back they're just pulling down and everyone likes their free firewall and they do supply they do sell hardware that's how OpenSense funds it as well I think they're more popular in Europe so I've never once seen any of their hardware here in the US but that's how their business model works I mean they have some business descriptions as well but I find it weird as I noted that it took them a couple weeks to fix a security issue in the business version but they they seem to have a lag behind on how they do the business updates but either way you know this it's just kind of the facts of the matter I like answering people's questions because I keep asking them but now I made a link and I just I'm going to reply with that link each time they ask the question of what I'm talking about when I talk about security the lack of drivers for some network cards what what network hard issue are you referring to because by the way if I'm not mistaken NetGate is the one who wrote the drivers that because at the time went into the newer version of BSD so about a year ago Linus Tech Tips did a video talking about using OpenSense because he needed a driver I'm not mistaken NetGate did all the code commits for the driver but at the time NetGate was in release candidate to get to free BSD 14 therefore that driver wasn't available but the driver actually was written for both 13 and 14 so OpenSense because they were based on 13 had it and now PF Sense has leapfrogged them to go to BSD 14 so now they have it and everything else so far as I know there's not any well I mean real tech but the real tech isn't is less a driver support problem and more of a real tech is crap problem yeah and this is exactly it if I'm not mistaken if you look at who wrote the NetGate who wrote the drivers for I-226 should actually find it was NetGate once again OpenSense benefited from that coming downstream and this is actually why PF Sense jumped all the way to 14 for their base for the OS is going to free BSD 14 because that way they're on the cutting edge all the time of the things they're committing at the time PF Sense OpenSense was on 13 while NetGate was on 12 so the OpenSense people got the driver for them but they got it because NetGate wrote it this is that circle I'm talking about how the how the sausage is made so if NetGate doesn't rate the driver or if NetGate says we're not going to participate in the OpenSense community anymore then what do you do because they could just they have the developers they can just write the drivers for themselves and not give it back and then OpenSense would you know dry up this is kind of a problem you know it's just a it's a big circle of there's not really an easy answer to this and the drivers is only an issue if you're trying to run a system on kit that is isn't really up to the task real tech just belongs in the bin we'll definitely say real tech belongs in the bin real tech and Broadcom 10 gig cards are just a headache we just saw the we saw the problem earlier this year for a client they had a bunch of problems that turned out to be their Broadcom cards I told them not to use Broadcom they got a deal and started using Broadcom I didn't really check what they used they asked me for before they built out everything and they went with the one I didn't tell them to use they later switched it to Intel chips and all their problems magically disappeared I've had some weird bugs with Broadcom and it's just like they link at 10 gig but the performance over time is very inconsistent and especially around virtualization stacks Broadcom drivers just kind of suck Melanox are fine I haven't had any problem I think I have some Melanox cards I have some Intel cards both of those seem to work great what is it the Kinect X4 I think those didn't NVIDIA buy those now doesn't it I think it's an NVIDIA company now but either way yeah Melanox are nice if you can tell a server if a server spectator you still have the Broadcoms yeah Dell shipped a lot of those as well it was some Dell servers that I've definitely seen these in I'll swing it back because there's so many people here now I do have a question because this is the you know I'm going to work on the video to cover how I got here and with that story how much detail goes into it I don't know this answer so I have this on my website but how much detail are people interested in because it's usually the live streamer people say hey Tom you know how'd you get here when would you when did you get your first computer or whatever how'd you get it working in tech in 1995 I'm going to my video will expand on each of these on here but is there some level of detail I should go into that's always the question stopped all retail operations split emergency I have one more card to add at the bottom like what I'm doing today but yeah if someone has some comments they want to throw in on that that would be great this is one of those things that I don't know the answer to I got to fix that though small bite size chunk bite size yes what happens if I switch okay it's kind of neat I actually have two buttons now because I can control it from this screen and that screen TLS 1.3 is a problem now for some systems the bigger problem is going to be the EHLO the encrypted hello ENCRIP this is going to break things let me pull this one up yeah encrypted hello is what's really going to break things TLS 1.3 makes it harder if things are properly encrypted they have to have a certificate to see it but your SNI header is not encrypted this encrypts the SNI header SNI header says what website are you asking for because part of the certificate process I think they got they probably have a graphic here somewhere here we go one of the challenges is you have to ask for a certificate so how do you ask for a certificate if a server can host multiple certificates well you say you know server name indication I would like to go to LawrenceSystems.com please give me LawrenceSystems.com certificate it responds with the certificate but that means if they start encrypting that part of it suddenly you don't know what website someone is going to the only way to do it then is going to be installing a certificate to break the security and so yeah that's a headache have you worked with MeekerTik environment any opinion on it MeekerTik is cheap inexpensive has a steep learning curve and not so great documentation but it works it kind of has a niche following of people who like the Wisp market for example seems to use a lot of it because they don't work on big margins and the equipment you know will get the job done and they pack a lot of features into a small device downside is the learning curve can be pretty steep and the device itself can be a bit quirky I think someone said it best there was a quote and maybe it's in my forums but someone said MeekerTik is that device that you'll find some weird answer of some incantation that doesn't make a lot of sense but you know by copying and pasting out of out of that post you'll get the device working for some reason and I was like yeah that sounds about right it's a tricky question but sure I'm always sure the deep details understanding can become long-winded which some folks don't like I'm all for it as I find the details interesting it's like I said making that video is just kind of a self-indulgence so I'm trying to figure out how deep I should go just looked at real tech wow 79 billion of revenue you know one of the things that I kind of laugh about a lot when people are talking about looking at revenues for things for example does McDonald's have the best hamburger do we sell the most hamburgers are you trying to make a McDonald's hamburger is real tech the McDonald's hamburger of the networking world we sold the most does that make us the best and I don't know if they actually sold the most I don't know if that's really quantifiable by just looking at their revenue numbers but yeah there's a lot of companies that are big doesn't mean the quality is there if you look at tech education the amount of technical education on YouTube is absolutely impressive tiktok's bigger than YouTube does that make tiktok a better platform because man I will say there is a well I mean there's plenty of it on YouTube as well I guess there's a lot of bad and misinformed tech education on tiktok there's good education as well it's it's yeah numbers don't tell the full story make your tick making making easy things awkward and difficult things random I don't know what you're referring to Honda sold a lot Honda and Toyota Toyota still I think Toyota is one of the where does Toyota fall like they're in the top three for probably vehicles sold in the US and they're pretty big globally too oh the yeah VMware post-broadcom deals yeah definitely they're making a disaster well they're gonna make a bunch of money and my guess is they're gonna melt Broadcom will melt it for what it's worth and they'll figure out a happy balance of how much more they can get away with they're just gonna keep turning the knob until they get enough money out of it and once people start to leave they'll dial it back a little it's a game they play of how do we extract as much value as possible looking at my next 10 gig switch XLTP link maker tip have been on my radar but haven't pulled the trigger yet yeah I mean the maker tick ones definitely budget friendly for sure I mean if it's between Proxmox or VMware I'd choose Proxmox but for me it's not between Proxmox and VMware I prefer XCPNG sorry get the hiccups XCPNG is my go to hello there and a quick thanks to Broadcom yes yes not a thing to Broadcom network cards but boy a random Oliver Lambert he is the head of VATES and the XCPNG project I am you know check out I was their latest post on all the new features for XCPNG they just keep making it better we are me and Jason we've decided we decided a while ago but this is now hasten things the way that we're we're actually I have three people at CNWR that are is it VCP what's the certification for VMware whatever that is I don't have it but they're all VMware certified and they're all angry and they're all we are holding classes to teach everyone at the company that does technical things XCPNG because we're doubling down on it 2024 is the year of XCPNG it's been on the roadmap that we've been pushing it more and we're using it more but we now have to get rid of some of the VMware stuff matter of fact the way their new licensing works with their partner program we will be in violations of licenses if we don't migrate everything so we are we're doing a full like some of the stuff that's in our colo is going to be moved over to XCPNG as well so yes yeah perfect timing you just wanted in while it's talking about it so downside to using a layer 3 for instead of pf sensor vlan routing the problem is your layer 3 switches aren't always that fast so if you need this if you need inter vlan routing what's faster the switch you buy or the the pf sensor you have the problem with a lot of them maker tick and I don't know what models do and don't allow the maker tick they're like hey we have layer 3 then they're like oh by the way it's all CPU bound and it's not very fast so your pf sensor may route faster in that situation mostly you if you need speed don't put those things on separate vlans you're probably doing something wrong one of the problems is people don't try to route storage don't route storage that's I've got a video about storage design because we solve that problem for people when they go oh I should put my storage on a separate vlan and run it through my pf sense and then try to figure out why I'm having all these quirky issues with my insert name of hypervisor using target storage across the firewall for some reason top three reasons to use XCPNG I would say scalability stability and the stability on XCPNG is amazing and the integrated backups so there's a quick top three reasons just fired up a new server in XCPNG tried it after watching a video always use proxmox where he is exciting to pass relaking it so far you know what though Travis you could just watch my youtube videos and learn but we're gonna have a sales training meeting on XCPNG too about how to sell it that's coming next just running in general as I don't know is the migration VMware to XCPNG very difficult or involved or relatively easy they've actually wrote some tools XCPNG has a VMware migration tool actually this well this is when they started doing it let me figure out they have try to find the latest blog post on it oh here we go but yeah they've got documentation on how to do that migration from a few different things but they have XO to V2V so this is from VMware they got a whole write up they got an import tool so yeah this is actually a built in feature now kind of helps make it pain free yes definitely doing this very soon updated XCPNG I'm hoping to get that done maybe in the next couple weeks because straight while the air is hot the VMware thing has lots of people upset what distribution XCPNG proxmox is based on Debian XCPNG roughly based on CentOS but it's all supported by the VATES team yep they built that I've virtualized my PF since so there's not an easy simple way to pass your PC cards and single ethernet ports to XCPNG so that's a no go I don't understand why people are so wanting for XO store I do have a video on using clonezilla to migrate VMs as well that's a completely another solid solution yeah clonezilla makes it a lot easier to do I also should pull this up I have a lot of XCPNG lab servers I'm excited for this this is getting a lot better this is the whole XO lite system this is a it's very beta still but this is going to be the new look for XO as well and I think this is pretty awesome because this is a good way to kind of get things started in XCPNG but it's like I said it's still not completely this is not completely finished yet but this is going to be the new look because this is the current look of the full version of XCPNG or I'm sorry full version of Zen Orchestra well technically this is the self compiled one you can see all my net birds I've been playing with net birds and tail scales but I'm I'm thrilled with that I think it works beautiful I do I'm going to do a before I do the get started video my video I'm actually doing next is how to self compile this that's something where this is the free version self compiled which I'm too commits behind we can we can we did a live update on Thursday there's two more commits since then hey thank you very much for the donation much appreciated no I haven't made anything specific about migrating from proxmox XCPNG why do you need vSAN that's my question force refresh okay I'm willing to do that see if this got the latest version now let's try this I can open up in another window maybe it'll I will try XPG few weeks have VMware and Synology virtual backup on it locks up the server snapshots quite often hmm I don't use over I don't really have an interest in it do you have a complete bare metal disaster recovery video for XCPNG no but it I can make one well yes I do actually I have some backup videos where I talk about how to recover it's really easy to recover systems I will say this is true people are oversold on hyperconverge infrastructure and for licensing reasons I don't always think they need it as much as they think they do and I think it was sold to make more margin actually are using version bundle XC81 yeah I'm using what's bundled in 8.3 because this is this is a a standard 8.3 so this is the system I'm doing it on and I think here yeah this is just XCPNG 8.3 when you have a new XOA video will you touch on the advanced feature script like just encrypt SSL automation yeah that's why I need a new video there's actually a lot in there I wouldn't do the let's encrypt so the package wasn't updated yet okay just the online GS I'll have to play with that then I'm excited if you have a posting your forums about it or want to DM me the instructions I'm more than happy because I would love to you know once it gets a little more feature complete I would certainly love to do a video on XOA I love people are excited about that what backup solutions do you use for XCPNG that's really simple all the backups are built in XCPNG so this is this is one of the things and I have a video talking about how the Zen ecosystem works and how Zen works with XCPNG and how XOA works and one of the things about this is having the fully integrated backup solution is huge this makes I mean it's amazing how fast this can run so for example right now I have CASM running right here and if I wanted to run a backup of CASM so you can see the VM is up and running let's just go kick off a backup real quick and I have the backup specifically telling it to shut down so we can say shut down this job it's going to shut it down restart it do the backup and we'll see how long it takes and this is just a little mini PC that this is running on so it's got to stop all the services that are running grabs a snapshot you'll see this count changed to now the VM is booting back up now I don't have to take it offline to do it I chose to do it because I want it at a stop state but watch how fast it's going to do a full delta backup of this and by the way this is not connected to 10 gig either and the backup is done so if we go back over to our backups and look over the history of them we just transferred 1.36 gig here's the backup report and I've got a whole detailed video talking about some of the other fun things you can do like for example if I wanted to validate that this backup was good I can actually do a restore health check on this I can actually do it to restore it have it reboot the VM without the network attached to confirm the VM can boot from this image like that's all integrated in here the backups are amazing and a huge selling point on there so did you link television awesome perfect just had the two mini PCs delivered so I think it would use going on one of them if you DB Tech is one of my creator friends and has a lot of great videos and if you need help just reach out to me I'm more than happy to answer any questions my friend Raydowell as you know on my youtube he also did a video on XCPNG I'm solely getting my friends into it I need XCPNG to drive an array fail issue with UID trying to recover individual VMs are incredibly easy does the backup get offloaded to another system why yes it does that's actually one of the beauties of this when you go to the backups on here you can have backups that are NFS SMB or Amazon S3 so anything that you can attach an NFS share to or you can attach a SMB Windows type share your standard CIFS file system shares as long as you have access to a NAS you can sort with those or I guess you could copy it over to a Windows box if you needed to and they're not in any weird format I mean they're in a format that is special so to speak to Xenarxia but it's not a proprietary format if it's easy enough to just point the system right at those and pull the backups back I have a whole video diving deep into how the backups work as well would you build a DC colo24 use XCPNG to host cluster of TrueNAS a bulk storage server run containers on the TrueNAS or in a VM at XCPNG on the host I would not run any containers on TrueNAS but that is a relevant build matter of fact this is what we're building right now at CNWR so I'm not just saying I would do it we are going to put XCPNG in at a colo when you manage it back up in XO we'll go through it or handle all inside the XCPNG host XO so that is something it does do which SSL search to use a PF sense? Let's Encrypt you know this is someone asked me before about using something other than Let's Encrypt and my answer is why like I'm partial to Let's Encrypt for all of my SSL needs I've been a big fan of it a long time I'm actually friends that work at Let's Encrypt so if I get stuck on something when I'm doing a video and then I'm stuck on a certificate with my friend I have his cell phone number if I need support I don't abuse it though but he works he wrote a lot of stuff for Let's Encrypt Let's Encrypt I have the utmost faith in is there a free open search utility that is quick and simple to check what may be slowing down a network I mean yes no net data works really well I love net data but you have to have net data on the host to try to figure out what's going on what's slowing down a network is a extremely broad topic it has to be narrowed down to figure it out because your switches will have a lot of good insight your firewall usually has a lot of good insight sometimes though you have to do some wire shark and look at the packets if you don't have anything that's capturing packets is there an auto boot delay an XTPG so VMs boot in a specific order you can I imagine some people probably do have a use case for this so you can take a VM you can say auto power on and then you can say where's it at it's an option in here somewhere I'm pretty sure there is affinity, GPU, RAM, boot, firmware I think this might be something you have to set from the command line now that I think about it because you can auto power on oh duh it's right here start up delay in seconds so yes I'm looking right by it this was added I don't think this existed years ago but it certainly exists now so you can put in a number here so many seconds so when this host boots up this will delay 30 seconds before it starts I don't need auto power on for this but yeah that's an option in here so if you back up with all retouch appears replicate to a storage mirror and then back up to tapes off site yeah yep that's all possible you can send it off to whatever you want and back it up again it's just files so there's not weird about the files not in a weird format it's just an NFS or SMB share you send it to the NFS or SMB share and then do however you want to do to back those up if XPG got VM integration sorted they would pull huge amounts of IT departments in maybe pull a bunch of huge departments in it don't want to pay the VM licensing that's an alternative option I would say actually internal IT it's really only a problem in the MSP space it's not a problem in the corporate IT space we have a very large corporate client very big company that uses all XP and G backups actually have two of them now that are like big companies with thousands of virtual machines and they use the XP and G backups it saves them any VM licensing at all they actually build their DR plan around using XP and G so there's it's one of those things like if you're going to get the backups anyways you may as well have it now where that's a problem for the MSP space is managing all those backups from one central dashboard yeah that's a challenge and that's our problem in the MSP space is how do we manage if everyone was using that for all their hypervisor backups how do we manage visibility until that we got some ideas we're working on but that's not that's not fully flushed out right now so ACME and PF Sense or separate Linux VM with Serpott I do it all inside of PF Sense 90 is 90 certificate life versus 12 months I very much predict this all certificates are soon going to be 90 days that is being pushed for and I think it will happen but I my certificates auto renew if you're not automating your certificate process you're doing it wrong automated certificates that's the solution it's not about this exploration it's about the automation I don't think I don't I know my certificates expire every 80 days I have 10 days ahead of time that all these are renewed so I don't every 80 days I get a new certificate it's automated I don't even think about it I did have it get stuck once over five years of running it and wasn't even in PF Sense PF Sense has worked every time but I did get it stuck on my website I don't know why all I had to do was restart the service some weird thing happened where a service didn't restart one time in five years of using Let's Encrypt on my website that I can remember that being a problem yeah just like Oliver said right here you can use the Veeam agent inside that's our current solution for people who really because of Veeam but yeah oh that's actually interesting too it's possible using Vapps as well there's all kinds of little interesting topics I can make videos about with XCPNG I really want to dive into making a new series with the 8.3 and all the changes basically Unified Dream Machine, HA, Unified VPN what it's your having is that the IP6 site to site doesn't put SDS for the VPN server to connect to the SDS all thanks to Unified all SHA-1 non-configurable yeah Unified does not give you the best options for doing things or troubleshooting a VPN good morning from Canada thank you for all your videos you made me switch from ESXi to XCPNG with confidence I wish you and your family a happy new year and a happy new year to you Simon yes XCPNG is both open source and has full support if you want to buy support contracts and licensing and SLA agreements this is one of the reasons we are so bullish on XCPNG is it's very similar in functionality to VMware with a lot of the features kind of like how the vSphere and vMotion works they have their similar features the way they do resource pools but the other side of it too it's fully open source so if you want to use it in your homelab have at it if you want to say I want to use it in my business I like a full agreement and support an automatic you know delivered updates to the XOA system they have that too and they just release some new bundles for how they do support I have a key for auto renewing search that expire after 90 days yes gotta love companies are okay with everything breaking once a year yep I've never used the Proxmox backup server so I have no thoughts on it I think Jay from LearnLinksTV did a video on it Automate cert works fine in PF Sense Agreed sort of scripting side of other SCP out to share certs then picked up another systems yeah there's actually scripts inside of PF Sense the ability I should say to attach scripts in PF Sense I've seen people do this like they want their PF Sense to get the scripts and then also have those certs copied elsewhere you can build that they give you essentially the scripts to do that so you can build a script tie it to Cron tell it to update the cert after it updates run this thing so you can get those certificates pulled over to somewhere else so it's definitely something you can do I've had cert bot running since 2015 never had a cert issue at this point I don't even remember how to set up a cert yeah I do remember I remember hating it I remember having to do all the signings and everything else and all the silliness around it I I don't know I thought it was a hokey process and I was happy not to do it my video on PF Sense with the ACME cert is super easy follow my most recent HA proxy video I cover how to do how to do auto cert renewals have you had experience with Ansible Terraform or XDPNG main reason for me to stay on VMware is in a relation with those I don't have personal experience with it but you can go in their forums they have Ansible and Terraform support I've heard of Nutanix it's just taking a bunch of open source and gluing it together in a closed source way I don't use it I some people love it some people hate it some people say it's expensive I don't know I've not had much direct interaction with it it's it exists it's definitely a commercial um it's definitely a popular commercial option it's not as popular as VMware but you know they're seizing the moment as well because Nutanix is on probably a lot of people's list as well just because it's been around for a minute and it's got commercial support just like XDPNG does Terraform provider Ansible plug-in with Packer Packer I think Jay from Modern Lake CB has a video on how to use Packer to create updated images and templates but yeah easy methods to store unified protect videos externally using RTS video stream don't want to store it in my SD card or in my dream router I don't know any easy way to do that no I've never tried this is one of the reasons I use Synology is because they actually let you back up all your videos I think Univine does a nice job with their systems when it comes to the NBR but once again it locks you into their ecosystem and it has a couple things that people have been asking for that I don't know what's under roadmap for actually uh you know putting it together like as so you can like export videos or back them up because this is a really common ask with people and it's one of the big stoppers when they want to use a Unify NBR but have backups of all their data I'm sorry that's not a native feature in there so we steer people away from it what is ExoLite online uh ExoLite is going to be the basically the light version of Zen Orchestra and it's going to run directly on the system and it's all basically a really fancy app it's really cool how they put it together and it it's going to be like the light version to get basic functions of EM for people who want to get things up and running fast that's one of the reasons I got to do a new video is the once a I kind of want to wait till 8.3 is released or at least ExoLite gets more developed because it'll be a big talking point on how to get started with XCPNG I want to try and make it as clear as possible because XCPNG having two components of XCPNG being the hypervisor that runs on the host and XOA being the orchestration tool or XO if you're not calling it XOA is the appliance just XO is the orchestration tool that's why I did my explainer video for how the architecture works once you kind of get your head wrapped around the architecture and you get it deployed it starts making a lot more sense but that first step is always going to be the toughest sorry I have to go Chuck says I have to learn Tmux right now is he still here I did Chuck release a video on Tmux I oh wow he did he just did a Tmux video that's awesome yeah Tmux is great I love Tmux I think you should learn Tmux right now Blue Iris is still the go to Blue Iris runs on Windows that's why I don't like Blue Iris in an ideal world I'd like to get the online version available if you have internet connection otherwise going to have the package version offline working because you do yeah some of the air gap customers literally I just looked on YouTube and I see network Chuck dropped a video awesome good to see he's got another video out I personally dislike Chuck's presentation style but I can thank him for finally explaining Docker to a club yeah that's one the nice thing is Jay from learning TV has a Tmux video never Chuck has a Tmux video there are three potential people I just named and I know we're by far not the only ones out there with Tmux videos so you have the option to figure out what learning style you like and whatever person you want to learn from you have a lot of opportunities this is why I really like YouTube so much is it's really become a cool ecosystem for a lot of us out here to do some learning on things well Chuck definitely presents more technical than Linus that's one thing about Linus tech tips is he's just he's not that technical he's become more entertainer and kind of this was a debate on Twitter just the other day for example and this is not really a dig it's just the path they chose is different you know people want to do you look at people like MKBHD or Jerry Rick everything they're asking if they're the top tech YouTubers they do a great job on phones but calling them a tech YouTuber is accurate but inaccurate if your goal is to learn Tmux MKBHD is not going to do in any time I can imagine a video on Tmux that's still a tech YouTuber if you're doing a Tmux video but it's a different type of tech it is a more technical one so you kind of start have to subdivide the tech category to the maybe Linux tech YouTuber or people who are teaching infrastructure this is where things get really split up a little bit like we're you know we've been talking for the last 15-20 minutes about virtualization that's not something I don't imagine there's a world where you watch Jerry Rick everything or MKBHD switch from phones to virtualization topics it's just not what they do tech cutainment but there's still value in it if I want to know KBHD's got some really good videos I think his Cybertruck video is solid like I was curious about the Cybertruck and I think he had the best video on it and that's simple to me like hey his video awesome I think Jerry Rick everything would probably do a good video on it because he did a good video on the Rivian vehicle and that's still technology that I have an interest in that a lot of people do have an interest in so they're not really techutainment they're still tech knowledge that is interesting I feel like Linus and the like are putting a lot of false ideas in the heads of children and young adults false ideas in the heads I don't know what that means they are tech YouTubers but not really I prefer to home lab videos yeah that's more of what I'm into is like the home lab and teaching people about some real deep fundamentals but you gotta think about it this way the deeper you go into tech it's kind of like a reverse permeate if you're surface level you're at the very top the pyramid goes down like this the people go this seems fun I want to watch it let's get technical more technical the audience narrows down if you go all the way into someone if I started talking about and I don't write assembly but if you go all the way down to someone writing assembly language you get to a small very niche audience of who will actually want to take the time to learn assembly language same thing with networking as I go deeper and deeper down the rabbit hole of really so esoteric things or details of how virtualization service work the audience narrows down greatly versus if you go surface level you get more people so it kind of takes a whole ecosystem of tech YouTubers someone to get you excited about the tech someone to get you a little further in and maybe another person to you know get you some more details people ask why I don't do a bunch of like networking 101 videos and I'm like there's so many people doing networking 101 videos I don't need to for the views because if I did some more basic videos I get more views but those audience members won't stick around because a lot of people just want that surface level knowledge you know it's not that hard to do pass through on this at some point I don't need it that much if I know enough people do um in matter of fact even in proxmox you still got to spend a lot of time going through the command line to get some of the proxmox devices working but they have pass through not in the web UI you just got to go to the command line but after watching Jeff from craft computing cover proxmox pass through I realized you got to do it in proxmox as well in a lot of circumstances I did love a cyber truck video really depth I say network truck did a VPN kill switch completely incorrectly yeah I don't audit network truck stuff so I that's the thing because he's not he's not usually covering at the same topic as I do at that same level so I but I don't always have time to watch or see if someone's very correct in all the videos I have a homo lab with two hyper visors currently using local storage when possibility also had shared external storage what are some redundancies so two machines uh recommendations I mean do you want to build a system that's one option but that's a complicated one you could build it with a pair of synologies synology is actually probably the least expensive way and least trouble some way to get that started Gluster exists but if you're going to take the time to learn Gluster I would learn stuff instead what is the false idea you're right what's you're right that's confusing I guess giving them a false thing that being entertained means learning something useful hmm LTT's and some audience are very broad have appealed a huge range of views make up the air make up the revenue going to detail means lower figures yeah see I think someone said wow Gamers Nexus had a really long video on like the Linus controversy thing and my instant reply to my friends when they said that I'm like does Gamers Nexus know how to do a short video I don't I mean that dude's detailed and it's not a dig at all it's the fact that the dude is detailed I don't really watch much Gamers Nexus because I'm not into that type of hardware much but you know he's popped up a couple times because he's very detailed on that stuff and I think that's great there's there's obviously a demand for it Gamers Nexus he built this channel off being very detail oriented on the things he talks about when it comes to that I think that's great yes it's Oliver and yes he's a normal person haha Tom will never make a regular I suck at regex if you want to know all my regex secrets you'll see that you can just look at my chat gpt history that's my even when I wrote my stuff for if it's on my github my the regex I used in my github that drove my um great log video I wrote all the rules and I gave them away because I know people would like the rules I had because they well if they're helpful to me they might be helpful to you but I'm very clear I use chat gpt to write all of the I think they're in groc they're not all the regex is uh groc uses the former regex uh but it was easier to do it in chat gpt you're right you won't find it but I'm always willing to tell you how I did it or how or give a shout out to whoever gave me the resources to do it from my understanding reading the documentation for x2g you are forced to pass through the entire pcie card uh while in proxmox you can easily pass through a raw device like a single ethernet port um I don't think so hehehe regex is a craft I remember doing a lot of regex 15 years ago I stopped and I'm a more sane person so my friend who works for the Linux foundation uh he can speak in regex you either figure it out and it becomes something that is just absolutely you're good at or you're not and I it never clicked with me so you're right it'll either just clicks one day and you can think in regex or you cannot and I am I am on the cannot side of that hehehe how easy is migrating VMs from ESXi to x2g versus proxmox I've been looking at both uh I would say it's way easier to get something out of ESXi and into xcp and g because they have an import tool if you scroll back a little bit in the video or if you just search you know xcp and g vmware import you'll find the tool that exists to make that work the chat gpt improve your work yes uh what is a good entry what is a good entry to a good home network tired of the asp friday's like sells it has a weird dropouts been thinking of something high-end gateway router with one or two ap's you know I actually like the unify express it's basic but for a lot of people it's it's far better than what the offers but the learning curve is not too bad so unify express is your base level and I might do that as a follow-up video you know like hey what's a good budget home setup because I I'm going to put the unify express top on that list myself bigger learning curve but I do prefer pf sense but that's not for everybody and maybe you don't even care about all the things pf sense can do and it's not something you really need yeah regex gpt is a thing as well uh if you can't do I think it's your motherboard have enabled something to force break devices individual devices instead of grouping them nice perfect bit behind in your videos of my installations hop down this morning saw your last stream do you normally stream on saturdays I try to do it in a winner a lot I don't do it as much in the summer so I learned a great phrase and it's called productive procrastination I have a few things I'm supposed to be doing but this feels productive so this keeps me from doing the other things but I still feel like I'm getting something done I've been building out my studio and I kind of got stuck I don't know what I want to do next but I'm building out my studio but I said I read I just sat down and said I'm going to do a live stream because this is the picture I used for this is what my studio looks like I'm sitting where the chair is right now but this gives you an idea of my studio looks like and I'm building out more and more of it right now and but this is my productive procrastination is switching over to doing a live stream and talking to a bunch of people and answering questions liking the Unify router yeah I know but the Unify router works pretty good they've actually come a long way I have a bunch of Mac Pro 2012 with these successfully installed XCB Deana but dropped due to the power consumption concern is it okay to go with that I mean find newer hardware this is less power I mean that's I like XCB and G and I have it on some small mini PCs that don't pull much power I was looking at Unify can you run VPN on Unify this is the problem yes but big but how much VPN can you run does it have the VPN you want you have more VPN options in PF sense you have some VPN options in Unify but is some enough for you that's where the question is and that's why I got to do an updated video kind of explaining that they finally added a lot of things like policy routing and site to site with WireGuard kind of but it they've added these features in but there's still some things missing someone earlier talked about the way they do IPsec being a little bit weird yes you have fewer options but those options might be enough for you so I got a kind of video together on that you can have a four port Ethernet card three ports are passed here to PF sense one port to a small tune SVM very productive procrastinator as well I mean proxmox next year just Linux underneath so if you could do it in one you can probably do it in the other also I guess it depends on how you want to do it because you don't necessarily have to pass when it comes to network interfaces there's two different ways to do it XP and G does have some support for SRIOV there's that way to do it and SRIOV supports probably in proxmox as well so that might be a solution but you have to look into it you kind of comes on how your use case is USG light or if you're less than one gig stream router you can get IPS I don't think the IPS is all that effective but yes you get it was the best way to deal with an office with Wi-Fi setup of the multi tenant building I mean as there are more tenants than SSIDs where you could use a unified system so unified works great but you have a limited number of SSIDs do you have more SSID you have enough SSIDs to meet all the tenants if not you could just set up separate ones for each floor I mean I don't know if there's a best practice so to speak other than we've installed a lot of these we've done both scenarios we've done large scale apartment buildings but we also had them where they've only had a couple tenants and it didn't really matter we have one of them that has a VLAN that matches every tenant office in their suite numbers that one was actually pretty easy we're not the people that own the building but the way it was set up was we provided networking to each one of those tenants with a separate VLAN a separate range and then it was up to the tenant to figure out how Wi-Fi should work inside each of their offices how does one benefit from connecting PF Sense to head scale you can use it's all the benefits a tail scale but head scale is just a self-hosted head end for that can all VM and PF Sense network be available to head scale VPN yeah why not just use a dedicated bridge to VM rather than pass through the network that's what makes more sense to me for me OSPF implementation is silly and unified because experienced users don't know what that actually did yeah I if you need OSPF you don't want unified we'll just leave it at that I need a glass of water though I'm gonna be right back after I get a glass of water and after I find my countdown button where's it at oh here we go this is my be right back button that I'll throw up on here so yes I'll be right back I mean when setting up my own company's Wi-Fi how do I get the best results with all the floors tenants bracing oh yeah that's just the this is one of the reasons I tell everyone a hardware things as much as possible that's just something you're gonna have to deal with you try to set it to the channels that they're not using but when you have a big office building or apartment building filled with lots of Wi-Fi noise your Wi-Fi experience is going to be lessened so let me swap over to the now that I found it I'll be right back before this is over let's see here install windows on his PC let's see ooh open BST and then my Wi-Fi would quit working right you like my be right back screen build a Faraday cage that's a good answer I've never used any Elcatel switches so I don't really have an opinion on them if anyone's wondering though here's a couple more images of the studio I'm getting ready to do an update video on this I post this on Twitter an updated video an updated tour but this is like to give you an idea of what it looks like from where I sit and I built all this I've got a if you look at my old video on this I got a whole lot of details for all the things I built but yeah when I look there's two different ways I look at things this is the teleprompter that I have right here but I usually look at things on the big TV right here but these are the lights around me this is the camera that's over the monitor this is the camera that I'm pointing at right now but gives you an idea what it looks like behind the scenes these are the monitors I have and there's my little space heater because yes I'm in the basement giving idea but I have a whole like I said a whole tour on what this looks like if you have any desire to learn about networking at all levels Unify is the last device that comes to mind to me I mean no Unify is not going to teach you in-depth networking it makes networking easy are you concerned about the health impacts or radiation from Wi-Fi APs particularly more powerful UI ones at home no it's not the same type of radiation there are no known problems at all with the type of radiation that comes off of those devices I need to turn on my profile to make all my VM and PF Sense Network available to tail scale head scale network I I don't know your I don't understand your goal so probably posting in my forums would be a good start because I don't understand the goal because you're a video file to make tail scale via network I'm trying to access IPs inside my PF Sense Network I tried I mean I've got a video on tail scale with PF Sense and hopefully that video is enough to get you going on it but if it's not post in my forums as a home user what are some underrated PF Sense features one can use I know that even we're underrated I have a video on setting it up I think home users if you don't need the VPN features that are in PF Sense you don't need the advanced routing you don't need to be able to capture packets easily you know there's we start really diving into all the details of PF Sense if you don't need those features I don't know which one would be relevant to you so what's on the big screen right now you all of well kind of me me and you in the comments are under that's why I can look this way and see the comments and look this way and see the comments I don't know which way they're easier to read but that's on there my HP home nas server hardware no longer boot can we have a moment of silence for an 80 terabytes of data in limbo yes we can we can is your studio in a basement yes it is so what flood mitigation plan do you have dual sump pumps but we don't really have a flooding problem here my house is so when I stand in my basement I my feet are probably my waist is at the street level my house is up on a hill and it slopes down so my when they built the house they brought the dirt up and then put the basement in so the house isn't that low so there's not really a flooding potential here I'm also I forget how many feet above the closest river so I'm at an elevation so flooding is not really much of a concern typical linus guys it's in basement absolutely you're not wrong about that at all ever have issues is tagged on tag networks on tag networks go full speed tag networks at 100 meg I nope never had that problem before my guess is you've messed with the MTU if I if I see a problem like that I'm going to go with check your MTU settings on one of the switches because it's probably cutting some of the packets improperly and so you you probably have an MTU problem somewhere XCVG questions some reason a webinar face is so limited and requires center to do any real management or tweaking what do you what can't you do that you use XCP I don't recommend anyone use XCP and G center but I also don't know what you're trying to do that you can't do in the XO interface probably need to run a tail scale client on each device that's definitely one way to solve your connectivity with tail scales is loaded on all the devices but maybe that's not possible kind of depends what you're running he's not getting glass water he's dancing there's a chance of that not really I don't dance supposed to use one public IP and two pf cents access separate ABO in two pf senses you can't have one public IP on two devices mostly usb pass through that's only two things not common yet not many people ask for usb pass through I learned the system in question what are the most recommended rules for the firewall for small business screening I have a video on that it's called pf sense for business setup so I've covered that in detail they're pretty simple high alert systems I live in southeast Asia I want to dive into 10 giving networking what are the options here limited what do you think your microchip switches there's a learning curve with the microchip switches but they're very affordable so once you get over the learning curve of figuring out how things work in them they work they seem to be pretty reliable I've got just a couple that I've ever used I have one in my lab I keep it on for testing reasons it seems nice enough I mean it functions but the interface I don't think is great but then again once you get them set up you don't spend a lot of time in the interface usually at the interface setup and then that's it you know besides doing it for videos and labs I don't spend a lot of time in switch interfaces spent quite a few hours tracking this issue down I'm pretty sure it's an issue with real techniques so if you have real tech next you've answered your question I'm sorry real tech is bad yeah USB pasture for Z-Wave or Google Corel I actually have this is an extra one but this is the Z-Wave stick I use for Home Assistant this has been on my desk because I want to do a Home Assistant video but haven't gotten around to doing a Home Assistant video I have Home Assistant on another one of these two of them this one was at the office and I forgot what happened it broke I think the SD card went bad so now we don't have Home Assistant at the office anymore but we do have it here at my studio real tech Nix Suck you know I had this problem with the Broadcom Nix Suck as well so here's an example I was having really slow transfers which show me 10 gig transfers of VMs across 10 gig Broadcoms were incredibly slow all I did to fix the problem I was having which I thought was a server problem was swap out the Broadcom for some Intel 10 gig Nix and they transferred at full speed no problem Broadcom and real tech just I don't know race to the bottom would use PF Sense in front of a Unify Express no I wouldn't recommend that use the Unify for routing don't put a buy one of their buy one of their APs and use a cloud key don't mix it I mean I have a video on how to do it because so many people ask but even at the beginning of that video I tell you what a bad idea it is yeah right here's from the people writing the software don't use the Broadcom or real tech what can Home Assistant do I love Home Assistant because it does everything for me Home Assistant is the fully open source non-cloud way I manage all the things here in the studio so this is actually what controls lights it controls it's actually tied into my Synology I have automations on here tells me the weather sets the temperature for things but if I turn off the shelf behind me or some of the see what else can I turn off you see everything kind of getting dim behind me it's hard to tell when it's small but this is what controls all the lighting I see a little orange glow behind me this is also if I hit this button it turns on and off all the cameras the studio computer actually I don't need this camera on I'll turn that one off but if I turn this off everything would go dark for you because it would power off the camera but it's it's a really nice system for home automation I've got my house lights controlled from it Home Assistant is amazing because I don't like all this going to the cloud this is all hosted on a Raspberry Pi right inside of my own network so I don't even need internet for any of this to work well this one's not the one it's on now but it's on one just like it because I have two of these oh let's see Home Assistant does everything Emacs can't do yet yeah why Home Assistant's own device that way it's always on one Raspberry Pi's you can run Home Assistant on a Raspberry Pi 4 which are pretty obtainable right now I think it will run on a Raspberry Pi 3 but I'm using a Raspberry Pi 4 I like it on a low powered device I can shut down everything else on my network to save power, save energy and the Home Assistant still runs that's why I run it on a dedicated box and I thought about virtualizing it to get the idea of virtualizing it but I like the fact that when I reboot any of my virtualization anything I'm working on or if I take it out or move my rack around this being a low powered dedicated device that controls all my things means I can power things down and service them and my Home Assistant and all my automations around it just keep working that's my biggest reason for it and the general inexpensiveness of having a Raspberry Pi what I might move to though is that I want to continue in Home Assistant boxes and migrate everything to that I just want to support the project more I donate money to them I think they have a donate money option I pay for their premium subscription thing that you can do I just want to make sure I support that project because it is amazing my garage is not on it because I don't want my garage on it I like my garage offline that's one of those things if ever someone gets a hold of but it would be bad if they could turn my garage and make that go up and down so I purposely don't want it on my garage my wife has asked me though she would like it on the garage so she can turn it because I have the phone app and she's like oh then you can control the garage from the phone app and I'm like yeah but no I mean the phone app is so nice my wife has her own dashboard so she can control things I have a dashboard just dedicated so my wife can do things she wants to do on there because if I give my wife access to the studio I can make it funny to turn things on and off yes you'll find a whole list I have of compatible devices that's my big thing I'm going to be making in a video is the list of what devices work really well with it which is going to include pull this up on Amazon I really like these Zeus devices they work well these are the ones I'm using for the studio switches I also have I have to look I have a whole list of them maybe I can just pull up my let's see here Home Assistant parts, here we go here's all the stuff I've been using in my Home Assistant I have some of these this is the little Z-Wave combo some of the Honeywell switches and the Zeus ones and the Embryton there's other ones you can use but I'll drop this link in there for people wondering these are the things I'm using with my Home Assistant medium-sized business, unified APs you can use OpenSense for the firewall what would you replace the firewall with? PF Sense Do you think UI will make it possible for to dim blinding LED switches and you'd be in pro where I see you while I serve this neighborhood as a lighthouse forever I don't know probably I run everything on Pies in my home lab all their apps in their own containers Pies are awesome for this production versus test philosophy at work right there have you tried to bypass ISP modem ISP I do that myself but it's going to depend on each provider for using SFF devices for a server instead yeah the problem with a lot of the old servers and why I don't even bother reviewing anymore is they're just so power hungry the little mini PCs and the little Raspberry Pies are so efficient as best way I can describe it they're reasonably cost-effective, they're efficient and it just makes for you know, not having a big power bill how'd you know your system was hacked my house became haunted then I realized it wasn't haunted do you plan to set up home assistant with high availability nope it's not that important we used to put X10 remote power switch on the garage, show opener to disable and then power away disqualifies two-factor yeah, possibly geeks of power loss, how do you make sure all systems and networks get powered down sequentially? I don't worry about it, oddly the only thing I care about getting powered down is actually because the Synology is tied to the UPS and the Synology shuts down properly the other Synology is attached to it shut down properly but that's it the rest of them I don't care about the reason about the Synology is it takes a long time for Synology to do an integrity check on the I have a DBA 16-22 model the one for my cameras that one takes a long time to do an integrity check and so I tell those to shut down properly TrueNAS full the plug, I don't care, TrueNAS never has a problem learners of power outage I made a joke about how much you can abuse a TrueNAS system with ZFS without worrying much about data loss it'd be better to set it up the right way but I'm lazy and I don't feel like it I mean for businesses, yes we do for me, I don't care when your SD dies a few times well you can buy your ability SD cards or you can even put MVMEs on here, but yes I want to run OpenSense behind my ASUS Merlin my OpenSense AliExpress box doesn't have Wi-Fi so plan to run an ASUS and AP Bridge Mode things to look out for, no I mean I would run PF Senses at OpenSense but that's just me currently using the Think Center for all your homeland tell me about the DS 416 advantages to chew through 4 yeah it can take a while if you have to re-silver it from a power loss what time did I tell my wife I'm going somewhere I have to look at I told my wife by 2 I'm going somewhere I'm trying to figure out when I have to wind down the live stream what will Crodstep bring to PF Sense will it only protect SSHWF or will it be full IP ideas for clients too it only matters if you're opening things to the public if you're not opening anything to the public it doesn't make any difference there's not a reason to run it there's a way to put TrueNAS on one NIC and TrueNAS apps on another NIC kind of TrueNAS itself binds to all the network cards but in the TrueNAS setup you choose the interface for the apps which should be in settings advanced settings and you should be able to choose here the node IP and it should work and bind to that address I think I'm not huge on the way the apps work in TrueNAS there's a lot of shortcomings to them some of them are just the fact that things keep breaking in there I don't like running a lot of the apps it just is buggy TrueNAS as a storage server is amazing TrueNAS as an app server is buggy and I get a lot of complaints because I did videos on it and people keep asking me to do more videos but they keep changing the interface so my videos become irrelevant pretty quick on the apps and then people are like oh the apps broke I'm like I know they broke for me too and when they break things they don't give you much information as to why they're broke I think between Omata and Unify I would go Unify the price savings isn't there and Omata not a company with a commitment to security that's uh they just don't save much money off the Unify and their documentation is not as good their security is lagging so yeah I don't think I would go with Omata storage topics ZFS still go to looking at some of the other options expansion drives me insane yeah ZFS is my go to I mean it works it's very very reliable I don't expand oh I can't say I don't expand often I just move all the data from one server to another because I have enough servers that I always have two copies of all my data is it a pain yeah I'm dealing with it right now three terabytes I'm shuffling back and forth because I want to reload one of the servers and rebuild it but I got to shuffle all the data from where it is over there and then I got to make two copies of the 30 terabytes of data and then I got to rebuild the server and then I got to copy the 30 terabytes of data back over but it's all fun talking about drives took me four days to wipe 23 terabyte drives with a uh 3PASS do you have any recommended tool for multi wipe drives DOD no not really I mean there's tools out there for what is that one shredder you can use you can do 3PASS and Linux there's not the store 45 drives makes their de-storientator they actually make a big box that will wipe them all simultaneously so have to go pleasure to see you all here thanks Tom for the live stream great to have there thanks Oliver and I will be in touch I'm interested in of course we're we and Oliver chat from time to time because we are obviously big supporters here at Lawrence Systems and now CNWR of the XCPNG products so excited and I'll talk to you later I'm using Unray because ZFS expanding is feasible for a home setup yeah I mean and that's the thing if that's your use case then go with what works for you ghost devices I don't know I've seen them show up like that I don't know why you just got ready for some stuff to expire out of there you can search there's probably some way to push or force update the database to get them out what NDAA camera would you recommend there's not a lot on that list Synology makes one those sounds you makes a couple models so Synology or Axis are probably your two big ones out there have you tried Unrayed nope I have no interest in Unrayed Unrayed is definitely not is performance oriented as your systems that it's not performance oriented to your NAS it's also not ZFS so I don't know if I trust it for a long time archival storage I don't know it well enough to put my faith in it but hey how do you deal with updating firmware inside of a NAS it's a pain unless you have a Synology that does it for you there's not an easy answer for that any security cameras any security issues ESSI 6.7 in a dev environment trying to set up a network lab I mean that's pretty old I imagine there's a ton of flaws in it but someone has to be inside your network to exploit those flaws so it's up to you and your risk tolerance you know do you have a tolerance to the risk that comes with that that's up to you me I don't I don't run a bunch of old outdated stuff because I don't like the risk of running the old things and I don't have much interest in running the old things unless it's unless I have to because I have to figure some weird puzzle out of how to figure out a migration path off an old server yeah I know there's talk of unraged supporting ZFS the downside is if unraged goes to ZFS that also means they lose the ability to expand in the same easy way so it'll be one of those like hey we have ZFS but I want to use expansion oh then keep using the way we use it I think tactical RMM is a novel project I don't know what its status is today I was interested in it when it first came out and seeing where they go with it but I haven't really kept up with the development of it someone said it's it's available and exactly why I won't be using it in an unraged yeah yeah that's that's the whole challenge will it work will it do what you wanted to do that's what it comes down to I for data integrity reasons extremely trust ZFS and not a lot of other file systems and I have a lot of data that I keep spinning across mirrored systems that are off-site because I care about my data oh you must be new to the channel because this question comes up a lot and I'm all in on XCPNG Proxmox is fine it makes a lot of people happy but I'm partial to XCPNG you know I seen this in forums this is completely me reading in forums was a debate as there always is in the different forums like the VMware and some people are really complaining about Proxmox having a lot of because it's based on Debian a lot of package updates that sometimes cause problems I don't know Jay from LearnLinux TV keeps the system very up to date and hasn't complained at all about any problems does anyone know if recent updates have caused breakage in Proxmox I don't know the answer to this question I'm asking because I know at least I have quite a few of you on this live stream right now are Proxmox users new t-shirt I don't use Proxmox but you can I don't use Proxmox but you can use Proxmox yeah I trust so I take the things I see in forums with a grain assault or maybe a lot of assault maybe a whole big thing assault because the problem I run into is I don't know the experience of that user versus someone like Jay or someone like Jeff from Craft Computing who runs Proxmox they aren't complaining about it so if they're not complaining about it I don't think it's a problem because I trust both Jeff from Craft Computing and Jay from LearnLinux TV are very experienced in sysadmins so if there was a problem they would talk about the problem they would discuss it these are people I talk to on a regular basis and I've never heard them really bring it up in conversation I'm going to ask them about it but I think it's probably a non-issue and it come down to some type of weird user where people doing weird things because I run into that all the time where people are complaining about things but the thing you're complaining about is because they set it up wrong going from 7 to 8 broke docker in LXC okay how much of a concern do you think old bios are in systems of pfSense do you hardly or any of those cpu vulnerabilities affect pfSense they can be mitigated but they're not really a bios issue there's cpu microcode updates that fix those but then again some of these the ones where the cpu ones specifically are not likely to affect pfSense because they require someone to be on the machine to be able to extract things out of it if they're on your machine they're not going to go about it the hard way if someone has root level access to your machine they'll just read your ssh keys or anything they want out of it to get access they don't need to extract it from memory through vulnerability let's see this is the other thing a lot of people install way too many things and that can break functionality it's based on Debian so people start sticking everything in it I've seen people do the same thing like it takes more effort to get things in xcpng but I have certainly seen people do it and I'm like what are you doing this is why it isn't working you've decided to load a bunch of things that don't belong inside dom zero I mean I be careful what you open up understand the risk when you open up the internet to your system what do you think about a mixed unify and juniper environment sure it should work usual people have the problems of the drivers of bad hardware like real tech nick and then relates to many home users having a problem of computer laying around they want to use as an enterprise server there's so many factors involved never had an issue of proxmox we use since 2009 we use test repo for proxmox ve can have some issues yeah I like I said I don't think it's one of those things where some of the problems I've had people reach out to me for consulting about proxmox one of those problems they've done things that you shouldn't be doing they have built an underpowered server with their seph setup and they're like oh I can't get this to work or it keeps hanging up and I'm like how many users and I start explaining the workload on it I'm like you're running this level workload on your old del r6 10s that's not feasible there's a reason you have a problem here you know by the way this goes all the way to people doing things dumb in vmware we had a person trying to run like 30 or 40 vms were complaining how slow they were they had lagged together two ports and we're running a whole bunch of vms with two one gig ports not 10 gig but the switch and the device both had 10 gig but they had not set it up properly so it doesn't even in the enterprise world we certainly do some consulting with large companies that we kind of help untangle what they did or what sometimes someone else did and they inherited that's usually what happens is the person who set it up is now gone has been removed from that position maybe forcibly and then the next person comes in and goes oh boy look at this don't touch dom zero that's right should you treat it like an appliance yes this is part of the problem is not treating your vms like an appliance that's the double edge sort of proxmox if you treat it like an appliance I think it works fine but then people go oh have to get install all the things wow look at this oh no it broke ah yes layer 8 is the problem now I might have to wind this down soon because I'm realizing I'm going to run out of voice soon I'm almost amazed that I talk for these two hour sessions like this it's hard to believe that I do this for a living now that's that's the other part that entertains me what else was I talking about that we can share I shared the studio what else do we have oh this is kind of what brought this up for me where did it go because this this was really not that long ago this is what my studio this is because I built this myself this is what the studio look like I'm sitting roughly in front of where that ladder is that's where my uh desk is yeah the um it's uh it's kind of wild to look back and do all this because when I do my updated studio tour I'll probably include some of the old photos from like this is how it started and this is where it is right now it's been fun what date was that that was November of 2021 is when I started building it and what is it it's about almost 2024 I've been in this studio for almost two years well it'll be two years in November of 2024 another view from the other side but yeah there's a little window and stuff that you've seen in there what was the current recommendation for one gig and two and a half gig open PF Sensebox for home use I'm partial to the neck gate boxes but there's other ones out there that you can use I know some people like the little coton boxes hold on I got one let me show you this one because this is another one that you know here's a this one's actually branded quote Tom and the problem with these devices is they kind of fail randomly I don't know how to describe the failure mode the I don't remember which one of these ports one of the ports died just up and died and just quit working on us but the other ports work fine and device works fine we've had this happen to a handful of them I can't understand why I'm actually using one myself right now this is being routed through one of these and it's working fine and has been for years we bought them at the same time I think we bought five of them and two of them just died and I don't know why but the way they died was the port just quit working the other ports work so I'm kind of mixed on how reliable those are new question my internet speed is less than a gig of it my router my gateway LAN I only plan to 10 to switch we bottleneck to some point better speed is only a gig of it well I mean if your internet speeds a gig of it you don't really need a router that goes faster than a gig of it I mean you could get one that goes faster than a gig of it but it doesn't have anywhere to go your choke point is your ISP internally you can still I mean I have I have a 300 meg internet connection but my internal network is 10 gig cheap Ali express specials why I don't protect to protect why I don't trust it yeah it's just kind of goofy my protect teleco Tom box failed ram we can't read or write any ssds I have in a box for shrewd it once in a while yeah there's just weird bugs don't do routing over that that's the big thing don't mix that routing but I'm going to end this here because I feel my voice getting worse I don't want to lose it I have if I feel inspired enough I'll record a video today because it's crappy outside and I don't want to do anything outside I should do something outside I should go outside someone will they say touch grass for happiness that's but two two and a half hours now good news for those of you that are wondering I've been going backwards I'm only going to go so far back because there's a cost to this and updating all the time indexes to put everything together I have an AI tool that's doing this has been pretty cool so yes I am silly putting chapters in all of these I'm just saying the beginning so people know that if you don't see chapters right away it takes about 24 hours before the chapters can show up but that's been kind of fun so people can kind of jump around and find things that are in here but thanks everyone for joining I don't know if I'll do this again tomorrow or not I'm supposed to be smoking some food tomorrow smoking some meats and having a party which may mean hanging out with the in the real world with people and so my technical friends that are coming over my house but if I don't do it tomorrow happy new year everyone I'll be doing it next year for sure so thanks and take care