 And we're live. Yes, welcome to the Home Lab Show, episode 101. Q&A plus some miscellaneous updates. How you doing, Jay? I'm doing awesome. How are you? I'm doing good. We're gonna talk about, we have with some feedback stuff, but we wanna get to a couple of news topics. And well, I don't know our change logs, news topics. I'm gonna kind of go with yes. Yeah, we could just call it the change log or something and I don't know. We're kind of adjusting the format. We're talking about it, but I don't think we're gonna change it too much, honestly. But yeah, we need to, there's some miscellaneous to talk about and I think that might be a good place to start. Yeah, one of the miscellaneous things is, and people have been, and I'll be doing a review of it, of course, people have been talking about PF Sense 2.7. Will it ever get here? Isn't it dead? In every version of PF Sense CE or Community Edition is allegedly the last version, according to every YouTube comment for the last, how many years I've been doing PF Sense videos. Yeah, all the projects dead, they're gonna change it, but they haven't and it's fun. Maybe I should go back on those videos years ago and start replying to comments and linking to the new 2.7. But it's in beta, beta release candidate, I should say. So it's pretty close. It's beta slash release. I was actually testing it even when it was in development and it worked pretty well. And I wanna bring up something though that creates a little bit of confusion. So you have Community Edition CE and you have PF Sense Plus. Those are the two versions of PF Sense. But there's always confusion because people think PF Sense Plus costs money and I wanna get it out of the way that it's free for home use, it's free for lab use and it's free if you have neck heat hardware. So there's three ways you can get it for free. So if you wanna run the Plus version, which is going to have a little bit different of a faster release cycle that's available. And PF Sense Plus is PF Sense CE plus other features. That is a confusion point that people seem to have. Like they think it's completely a different operating system. It's completely different, but it's actually just a few enhanced features. That's why if you do the upgrade from PF Sense CE to Plus, it actually is a really short process. It just goes, oh cool. Let me swap these couple extra features and it reboots and then you're on the Plus version and you can jump backwards to it. So they're not substantially different but of course the big deal going to 2.7 or they number it the 23. They're using like the year month numbering for the PF Sense Plus versions. They're all moved to FreeBSD 14 Current. Now there's seems to people who we're thinking, you know, well that doesn't come out till, I think it's maybe August is the official release date for FreeBSD 14, I'm trying to remember. And they're going ahead of time but you gotta remember PF Sense, both Plus and CE is heavily customized by the folks over at NETCATE. Therefore, they're not worried about other packages that may not be certified stable for the full OS release because one, they hand pick and compile the stuff themselves. They're not just grabbing out of beta repositories but they put it all together. But it's still great to see it coming along, moving forward and there's a blog post you can easily find, I can leave it in the show notes. You can upgrade this. It's gonna be just like PF Sense Plus, PHP 8.2.6, the open VPN is upgraded to 264. There's a bunch of other miscellaneous changes and under the hood changes, a lot of rewriting of things, including added support for the new Chacha 20 Poly 1305 to IPsec and deprecating some of the older IPsec stuff, which is interesting because I hope no one's using those really old rusty ciphers. Please tell me you're not using them. I hear when people complain about the deprecation, I'm like, don't complain about it. You should be on a path where that's like, oh, that glad that doesn't affect me. I'm not using that really insecure protocol. The only reason you use it is not because you're trying to get a PF Sense talking to a PF Sense, it's because you're talking to something that probably shouldn't be on the internet anymore. It's probably past its end of life. You have a point there and your description of PF Sense Plus kind of makes me think of it like DLC for PF Sense. Yeah, it's a couple of enhancements and those enhancements are not part of the public code repository, but if you were to log into your PF Sense Plus and poke around because you can still SSH into it, they're not block boxing it where you can't look at anything, you'll actually go, hey, look, all the packages and open source stuff that I'm familiar with that it's built on top of, the only part that's technically not part of that, but you can still see, it's written in PHP, by the way, so you can still look at the logic and poke at it is the, what is it, the boot enhancements and things like that. So I'm a big fan of the PF Sense Plus, even for home users, even if you're not using a Nekite device because it's free, I don't see any reason not to use it, but hey, they still are updated in Community Edition and I'll kind of comment on this. I wanna throw this out there as a topic that B&J will want some feedback on. Feedback at the homelab.shows. We're gonna be reading feedback, but open source isn't free and the way people think it's free. It takes time for someone to write good code to put things together and I kind of wanna tackle it as a topic. I actually unrelated to PF Sense is, and obviously PF Sense is funded by the people at Nekite, most of the people that develop PF Sense happen to be on the Nekite's payroll, but also pivoting over to things like XCPNG. I've seen someone was upset in the forums, they had kind of an esoteric problem and they suggested they buy support and a person did not like that answer. You should be able to support me in this forum. I'm not getting the support I expect and you're like, we have support contracts that we sell and by the way, you're trying to do something weird with the layered VPNs in a virtualization system. Like you're doing something that's kind of like, not like a product broken, like you want support, you're getting the product to do something there, but it's almost things where you have this weird challenge and the team over at Bates has talked about this where if you make a product so incredibly good, it doesn't need support, you're gonna sell less support contracts, which kind of create a problem of how do you fund that model of building good software and giving it away for free? Now they plan to keep giving it away for free, but it's always trying to figure out how you can have some business model. That's why I say open source isn't free, someone has to pay people the right code. Now, whether that's them doing it as a hobby or them doing it in the case of like this, who's Bitwarden for an example, the way they fund it through things like service delivery, like, hey, all the code's free, but if you would like updated package management and maintenance, we can offer hosting or offer service delivery through that and it makes enough money to keep paying the developers and Bitwarden I like as an example because one of the things not all open source projects go through, but Bitwarden goes through on a regular basis as code review. Code review is $100,000 or more to hire third party companies, to audit your open source project. OpenVPN actually did this and it was donated from PIA, the privacy internet. They had actually been the ones who funded it because OpenVPN needed a code audit and couldn't, didn't have enough money for it at the time, so a third party and it's back to some of these challenges. I want people to think about that a little bit and give us some opinion on it, hit us up at feedback at the Home Lab show. Maybe it's a topic me and Jay dive into, just probably as a video together, but it's actually, yeah, I really do. I mean, the summarize depending on my end is that if there's no statement of work, there's no SLA and nobody owes anyone anything, period. That's just the bottom line. Doesn't mean that no one will give you something and nobody will put it out there or cater to a feature. I've seen many times, you know, an open source where someone says, you know, wouldn't it be awesome if this feature existed? They put in a wish or a feature request and it happens. You know, we have that ability. So we have all these benefits from open source, but nobody's owed anything. I mean, sometimes the person responding in a support forum for an open source project could be someone that just volunteers one hour a week and never makes money from it. They just love doing it. And then you have companies, like you said, supporting it. So I think it would be good to adjust the expectations here because I feel like with some mindsets you give someone something for free and then they just wanna take an inch and go a mile with it. And you know, you gotta really just think about this in a human level. I mean, you were saying that there's $100,000 in a code audit. I think about 25,000 of that is the amount of coffee you have to purchase to get through millions of lines of code without falling asleep. It is not easy and is often not something that people want to do unless you're a computer science major that seems like an anxiety inducing like mountain of work to go through. And I tell people as well, just because the code is open and can be audited, doesn't mean it was. It means that someone can do it as they did. So we can talk more about that in a future episode, especially if enough people tell us that they want us to do it, then we might do it. And I wanna bring up a comment. I see someone said, sounds like you're advocating that having a free broken product is good because it lets you sell support. These are the exact answers people give. And I'm like, no, by no measure at all am I saying they should sandbag or leave broken or leave something out that forces you to buy it. I'm talking about people need to consider the business model how these things are supported. I'm not saying it's an easy answer, by the way. That's why it's a discussion. I didn't give you the definitive guide to how to fund open source because that doesn't exist. There's a lot of different opinions of it. And there's just some challenges that companies have run into where they, like I said, I believe Vates has a whole blog post where they just talk about it. And they are absolutely completely committed to keeping the whole exit CPG platform 100% free. That is a top to bottom promise they have. And there's other companies that make similar promises like our friends over at CrowdSec. Now CrowdSec has a different way of monetizing it, but it might be like I said, a fun discussion on there of all the different ways you can monetize it because there's more than one way to do it. And there's just some of the challenges. And I like when companies or groups and individuals that run open source projects have things like just donation options. Is that enough to do it? I've actually heard people say the problem they run into with donations is it's so inconsistent and people seem to want to have a regular salary to do their work. And they said the donation stuff is so hit and miss, like great, we got a donation. We've got three more months of runway to pay employees. If we don't get another donation or a donation, enough donations, what do we do? Stop the project. Everyone has to go get a job somewhere. There's some real challenges from business management stuff. That's why I think it's a fun discussion. I know it sounds a little off topic for the homelab, but we also are pretty heavy litics in the homelab. And I think it's in the wheelhouse of something that's interested to a lot of our audience. So hit us up feedback at the homelab.show me and Jay love hearing from you. I would also say that it might be more on topic than you think because there's all kinds of homelab people some people that are beginners, right? They don't know as much and they're learning. Then you have the expert level people that are able to submit a bug request or a bug report or something like that to an open source project that, let's be honest, we scrutinize our homelab more than enterprises scrutinize their entire data center. And I'm not even kidding. Like the average homelabber, I would bet anything has built a better set of infrastructure than some data center people because they're all spread different directions, but we use it and we'll be more likely to find a problem in the code. So if anything, I would say, it might be more on topic, but then on point about your mention about, that I think that was more like a snarky comment that person made about it where, what do you do? Just put flaws in there. That's more of a just a dry joke in my opinion. Nobody is gonna do that. I mean, think of it this way. If a company did do that, I can promise you, they will make the face palm section of the network podcast that I do, the enterprise network security, or enterprise Linux security podcast that I do. I can't talk today, but it would make the face palm section of that podcast if that ever happened. And that is just, yeah, no, I totally understood what you meant. It's not to speak that person's comment too seriously. They're just being hypothetical about that. But the thing is, it's difficult to build a support model around something that's free. And you and I do that more, we have to realize we already do that. We put YouTube videos out there. And yeah, we might have courses one day, but we'll always have free videos out there in just the same frequency we have now. And we give that away for free. And we're building a way to pay the bills by giving out information. So it's not all that different for us as it is for them. No, it's definitely related to that. So onto another update. I did a video on it. So that'll be where the more in-depth version is, but yes, to an ass scale is moving right along. They've got some new features, new updates, well, and new deprecations. They actually titled it, new things deprecated. I thought that was interesting. And I knew it would cause a little bit of confusion. So I tried to be as articulate as I could on the video I did on there, but essentially they're getting rid of R-Sync modules running as a service in the UI. You can still, at first I thought they were getting rid of R-Sync, which was concerning, but it's actually just the modules. I guess the modules natively, because they just listen on a port, I think it's eight, nine, seven, none the less they just listen and there's not really much security on that. I don't know if you've ever used R-Sync as a module. You probably use R-Sync as a- I mean, like as a system service or a demon. Yeah, I have. I personally haven't run into a use case for it that can't easily be done a different way. Like I've never, as long as I've been using R-Sync and I use it a lot. Oh, I mean, like I can't even tell you how many hours of R-Sync transfers have happened over my career. And not one time have I found anything personally that would need the demon or service to be running. And I'm not saying there's no use case for it. I'm sure there is no one's gonna develop it because they have nothing better to do and it serves no purpose. I get it, it probably does. But I don't know if that has anything to do with it. If other people agree with me on this, is it the case that the use case is going away for that in particular without taking away from R-Sync? I mean, I've never been handicapped with R-Sync by not having that feature. So that's just me anyway. Yeah, I'm assuming most of them you're doing it over SSH and they're still leaving the R-Sync within the build, because it's back to our, hey, check out our show on appliance versus build, but appliance means they're gonna limit what you may or may not have, but they're not removing it from TrueNAS, they're just decided it's not going to be a module with a menu anymore. They also took out, but well, removed where it is. Took out was probably the wrong way to word it. MinIO, which is a really cool project, you should check out independently. But MinIO also is built into TrueNAS. The problem is, MinIO has actually got pretty rapid release cycles, they're always adding new cool features, but the appliance problem is it doesn't update individual things. It updates the whole operating system at once, each update. So they are deprecating it being built into TrueNAS and moved it to being an app option. So you can install it as an application, which applications then can get updates on whatever release cycle they want. So there's a new version, cool. There's a new version of it. I haven't really tested setting it up that way, but because it's officially supported from the people over at TrueNAS, hey, I think it's going to be a better way to do it because you're going to get a newer version. I imagine this just makes sense. If you're building appliance, how much can I remove from the core of the appliance and put in as an application to get updated on a more regular basis? Because, oh, there's a new version of MinIO or what if there's a security vulnerability in MinIO, we want to get that updated. We got to re-spin the whole OS. Oh, that doesn't sound like the way we want to manage that. I imagine we're going to see, well, they have a list of all the things we're removing as that, but most of these things that are removed with the exception of the R-Sync modules are going to, they have another way of doing it through the apps. But check it out, the new version of TrueNAS scale. I'm pretty happy with it overall. I updated on June 13th and today is June 21st and all my updates went smooth and things went well. I want to just, so it doesn't get lost because I want to ask the question, they said they have a Neckate 3100 and I want to know if they should update to the 23 release. I think it's going to be 23.05 of PF Sense. Plus the answer is yes. All of our clients that have 3100 still in service, we've updated them to the latest version. So I don't think there's any reason for a Neckate 3100 not to be on latest version, but back up before you do it. Right, absolutely, absolutely. I wanted to address or at least acknowledge the news from Red Hat today that you asked me this morning what my thoughts were on and I'm like, well, I don't have any thoughts. I just found out about it from you because honestly I overslept this morning and as you texted me about this, I'm just getting the haze from my eyes and whatnot and I had a chance to read it. So I do want to put out some initial reactions. I don't want to call these thoughts because I feel like that means that I thought more about it, but I'm going to be thinking a lot about this. So what I'm talking about is the news that the source code repositories for Red Hat are going to be sent to us stream, okay? Now, at first you might think, well, what's the big deal? Sent to us stream, they've been positioning that as upstream kind of thing, but let's peel that back a layer and just think about the distributions that are based on Red Hat. We have all my Linux, you have Rocky Linux. There's a number of these and they basically do what sent to us used to do. They repackage the source code and give it to you without the branding. They're able to do that because the Red Hat branding isn't there. They have their own branding. That's why it's all my Linux OS and not Red Hat or play on the name or Rocky for that matter. Now, according to Veronica's, which is the link that you gave me, it does kind of seem like this is something that's gonna make it more challenging for these distributions to exist. And this is really concerning to me. It's like, I look at their blog on the Red Hat site where they made this announcement and there's a section at the end that says, why make this change? And it's just like they may as well have not even included that section in my opinion because it says nothing, like literally nothing. It's like in the open source community, we're really good at making software. We're not as good about communicating changes as we would like to be. That's why I feel sometimes people get concerned and upset because they think something's happening and they don't know because of the communication. But the communication this time doesn't even recognize the rebranded enterprise Linux distributions at all. And the reason they give in summary is, there's lots of engagement and excitement about CentOS Stream. And at first, that's a warning sign to me because I'm like, is there? I mean, don't get me wrong. I know a lot of people like it. I'm not going to say that no one likes CentOS Stream but I talked to a lot of Linux people on a regular basis, countless people. Not one person has brought up CentOS Stream in conversation other than to express frustration over the new normal. Now, again, I think CentOS Stream probably is a good product. And when I look at it, it doesn't seem flawed or anything. I don't have anything against it from a technical level. But it just kind of seems like I just want some numbers. Like if they're saying there's lots of excitement and engagement over CentOS Stream and that's why they're doing that, that's fine. I just want to see numbers. I want to see adoption numbers. And maybe I'll look it up after this podcast is over but that's a little red flag to me. But that aside, I'm going to be talking to some individuals that are behind these distributions like Rocky Linux, Normal Linux OS and off camera get their reactions because I feel like they're going to be able to give me a very well researched opinion because this affects them and either this is not going to affect them and they didn't communicate it right and they're still going to be an avenue for them to exist or I don't know, I guess we'll find out but I wanted to just put that out there that literally today, I guess this is as close to breaking news as we've ever had. Red Hat is changing the game again and this is why if anyone wants to know why I don't cover Red Hat on the channel it's not because, well you laugh but it's not because of any disdain because regardless of how I feel about it if people want to learn it, they want to learn it. They don't care if Jay loves it but if Jay can teach it then Jay will but the situation is imagine if I just recorded a tutorial series on Red Hat just to wake up to this news and I have to rerecord a number of sections and Red Hat has been changing things so often that it's hard for me to do a tutorial series on it because for all I know in a month now it could change again and invalidate the series. It already invalidated the CentOS tutorial series as soon as they made that change. So if anyone out there is waiting for Red Hat coverage you'll get it, I just can't tell you when it might be a month, a year, a couple of years just whenever they decide to settle down with all these changes but I just wanted to mention that too. Yeah, so it's definitely, it's interesting and it kind of relates back to some of our open source stuff. Obviously IBM bought Red Hat, things seem calm for a while but they're clearly not calm now. Well, if everything is as they say it is then I feel like what this might cause is people to double down on not using Red Hat. Like they might, I'm not saying that this is to kill the rebranded distributions because that, I mean we don't know it might very well might be that might be the reason why they're doing this or that might just be a coincidence, we don't really know. Hard to say. But it does affect everyone and I feel like this is gonna push these enterprise Linux rebrands to become their own thing separately, their own thing away from Red Hat and then Red Hat will lose, you know another wing of its adoption which they really can't, with the layoffs they can't afford to lose that right now this is not a smart decision so far. Right. Anyway. If you're going, if not Red Hat then what? Well, go to the Home Lab show, episode 100 where we go on about DBN12 and we really like it. So definitely if you're just going, what instead? Cause I don't like to complain about something you never talk about the problem unless you have a solution or are working towards it or asking for the community effort towards it but there is a solution, it's called WN12. And I wanna just, you know, you mentioned that so I wanna know, and maybe there's a way to do this it'd be kind of fun, just to look at like if there's a way to see installation numbers for Debian in a reasonable amount of time I know that it's hard because we could have a flash drive with our distro on there and not report to anyone that we installed it we could even have a machine that's running an emulation computer in our closet that maybe is connected to a TV or something and not the internet, we really don't know but if we could know, it'd be interesting as drama starts with the corporations and the company and if you watch the Debian numbers go up so as this news is breaking about Red Hat you know, is Debian servers seeing more downloads? I would have to say probably because a distribution that doesn't change much is going to look very, very, very appealing right now. Yep, so that's definitely interesting. I'll answer just a couple of questions that popped in there I'll actually pose this question to Jay blindly if a project updates more frequently does that automatically mean it's more secure because this is an argument people make all the time? No. Okay, yes, there is a slower release cycle for the PF Sense CE and some people like Open Sense I don't have any problems with Open Sense but it does update more frequently maybe that's something you want as a home lab you go and I want the latest greatest updates and I love that they have tons of package updates and I don't mind doing them that's fine, that is your choice if someone who manages businesses with many of them I kind of like the fact that there's not a ton of updates now you can say that Fortinet has many more updates substantially more updates than other products but I also did a video on Fortinet and just how many CVEs that were above nine that they had because they keep forgetting and putting a password inside their own VPNs in a whole series of problems they have a history of it so once again, update frequency is not an indicator of whether or not something is secure it comes down to how well the code is written and even though PF Sense CE is based on 2.6 the current release, there's not any known vulnerabilities in PF Sense so just because it's old doesn't mean it is they have been good in the past as NetGate has when there's been a problem for example, there was an IngenX problem a number of years ago and they used IngenX in the backend so they had a point release to fix that IngenX problem this is like four or five years ago so they do stay on top of if one of the things that they have has a flaw they will send out a patch but if it's not flawed, it doesn't need a patch so it doesn't need an update I'm going to elaborate even more on that so let's just think about this in terms of I'll call it scope, the update scope or whatever clever term we want to put on this if we look at Debian since we were just talking about that, last time I looked and I'm going to warn you this number is inaccurate it's just the last time I looked it was like there's like 65,000 packages in their repositories, okay so when you look at Debian or any other distribution I mean Debian's getting security updates all the time why? Well, the scope is much larger they don't know what you have installed you might have installed PHP you might have installed IngenX or maybe you've installed neither of those and you installed something else they're the general purpose operating system and other distributions are the same they have to keep updating everything because there's more to update now when you have open sense I can understand the excitement around updates because, and here's the difference between Linux people and Windows people, okay if you're a Windows person and you get that notification that there's an update you're like, oh, again really I just did this now a Linux person gets an update like, ooh, new features it's like getting presents under the Christmas tree constantly this is one of the reasons why Arch is so popular because there's always new features in things so if these updates give people new features in open sense I'd say, yeah, no wonder they're all about it because they really love that and I love that but to your point when we get down to security updates open sense isn't gonna have 60,000 packages the scope is much smaller they're gonna cherry pick the kernel they're gonna cherry pick this whatever they need is what they're going to include because the threat surface is larger when you have more packages so there's interest in keeping it slim but as you slim it down the number of things that can be updated diminishes and you're going to get into a situation where yeah they didn't patch this vulnerability well it didn't apply to their users because they don't even include the thing in the first place so why would they need to patch anything the best way to think about it from a security standpoint in my mind is match the CVE if there's a CVE in the news and it affects routers how fast did they patch it? That's all that matters nothing else matters but that alone when it comes to security if it takes them three months to update a security vulnerability that's critical that's not good but if there's never any update for like months and then there is because a CVE was announced and they patched it immediately that's what build confidence it's not the number it's the response it's quality over quantity and time to response that's what matters but with HomeLabbers it's strange because it's not just about security it's like ooh why regard ooh this I want this I want this because we get those things and we're excited about those things and I will admit when you have something like PF Sense that changes less often it's not as exciting in HomeLab people a lot of us some of us don't like exciting but some of us really do so I think that's kind of what it comes down to and why that mindset exists we just have to think of it in scope of new feature or security patch lack of security patch is there an actual issue or is it just not something that applies to the distribution so I think that's all that matters and we've seen this both in the feedback that was messaged to us like just people asking to do a HomeLab episode on on Raid neither me nor Jay use on Raid I don't have anything against it I just don't use it it's I know it's not as performance oriented as Shurnass and it doesn't use ZFS being that I'm a big ZFS fan and so is Jay due to the integrity and all the wonderful features of the ZFS file system that's one of the reasons I don't really use it now on Raid is getting ZFS I know they're working on an integration for two problems I don't know very well how they're going to be implementing it to it will eliminate the number one reason people want us to do an on Raid video the reason they want us to is because on Raid offers this flexibility of just adding drives and expanding the Raid kind of on the fly the problem is with the way ZFS works you can't do that so if on Raid uses ZFS they don't magically solve that other problem at all they actually now create the reason that you thought you wanted to use on Raid so I don't know that it's really going to push me towards it unless there's some killer feature that they have some enhancement that would be better than Shurnass then I'm like cool but for now Shurnass and I've also talked about and me and Jay were actually on this topic last night 45 drives with their just running Linux and then you throw Houston OS on there to manage ZFS that's a great solution I have that running in production with clients it's a great system so there's other ways to do it and on Raid doesn't I don't know where on Raid fits in that like what is the reason Tom would use on Raid over the alternatives I already I'm familiar with I like learning new things when that new thing comes with hey you're going to spend some time learning that new thing but you get with it this incredible feature or performance enhancement so something against on Raid I just don't know what it's what it holds over the other systems that I currently use that would make me want to go over to it yeah I think a lot it's that for me too it's also time you know because some of the things I've covered lately have especially oh by the way the system D videos out today I totally meant to bring that up at the beginning of the video but that took a bit and it's just and I realized even in that video there's more to do but there's just a lot to cover and sometimes it's just down to time yeah that's that is always what it comes down to is much as we like to bring you the latest and greatest and the cool things you can run in your home lab that often the NAS is kind of like just a stable base that we build things on because we have to keep our videos recording and have to keep all of our data somewhere we want to talk to you about new features in NextCloud or something like that because that's you know Jay's got some great tutorials on NextCloud that's something where people there's a lot of questions around I think it's a great system if you are privacy oriented you are going you know maybe I don't want to stick all my stuff in one of these large cloud providers NextCloud is a pretty good alternative and definitely popular in the home lab world for people looking for that so you know Jay's got a whole tutorial about getting started with it and I think it's a great platform yeah I think another thing for me is hardware because I use my hardware like I always tell people you know look at look in your closet and repurpose something that you know you're not using that's what we home lab people that we do that all the time but I don't have I mean I literally take my own advice I have nothing other than maybe a couple of hard drives nothing consequential that is just not is being unused I'm using my stuff so maybe one day I'll just set up a program or someone can just let me borrow a server and I'll just use it as the basis for a tutorial to teach people something because I feel like you know it's probably getting to that point now because if someone donates a server it's going to enter into production and then it won't be a test server so if I have to send it back to someone that'll probably keep me honest so I guess it's a hardware issue as well but we try there's only a million things to cover but we'll cover them eventually yep and as I just want to remind that we're seeing a couple more times because we think one of our format changes is making sure people know feedback at the home lab dot show that's an email address that's what the symbol is we actually don't mind we actually get less email we were really hesitant to use the emails we thought we'd get overwhelmed with it we're underwhelmed at the moment not that we want spam or anything but we're just saying hey if you want to reach out to us we haven't taken the time to engage with people we like engaging with people that join the live stream here as well so this is we do want to make sure we are is interactive with the audience to make sure we're fulfilling any of the requests you have and hey reach out that's something we really do want to very directly engage with the community exactly and another feedback item I actually lost the comment because it's in one of the YouTube videos I think it was it was in our Debian one is you know because I feel like we answer comments in YouTube videos but sometimes we might want to bring them up yeah but this was in regards to actually my Debian review but it was list is mentioned on our episode 100 because we are talking about Debian and bringing up the fact that Debian you know works well on old hardware and has a great community and all of that's true I mean that that's absolutely true it was about a comment I made in the video about Linux isn't just for servers I was just talking about the mentality other people have however true or false that might be that's what people will say and sometimes it's just me reporting on the general mentality of things but but it absolutely is true that Debian has an amazing community and it's not just like this version is the only good one I mean it's always been good it's just that I've had issue with the fact that they don't cater enough to people that aren't fortunate enough to have open hardware maybe whatever computer they can afford the only thing they have has an Nvidia GPU or has a Wi-Fi card or something and I think that's important and in the comment it basically looked down on Debian for adopting this change to and the comment said something about whiny users but that's not that's not what it is at all and the person called it bloat and it's not let me get rid of the bloat thing right now I'm looking on Amazon and for $21 I could buy a 512 gigabyte SSD drivers are megabytes it's not bloat I don't care it's just not bloat if it gets somebody's hardware working it's necessary but not only that it's not going to be installed or even in use if there's no hardware that needs that driver so it pretty much the definition of bloat just doesn't fit here this is a necessity because we've been trying in the Linux community for decades banging the drum letting proprietary hardware companies know that you know they're doing a disservice to us by not giving us the source code because we you know are running into bugs security issues and some serious problems because of these drivers and we're asking to fix them you know we want to we we want to make this stuff work for the users and Debian wants to make their distribution work for their users but the reality is these companies aren't listening and we we have to let people make full use of their hardware while we're trying to figure this out I would hope there's a solution that requires no proprietary drivers but Debian made the right choice and I think every distribution absolutely must facilitate hardware because even though the criticisms against it are all true and I agree with all of them the reality is if you if you talk about Linux to your friend for years and then one day they're like fine I'll try the Linux thing and they do and their wi-fi card doesn't work their Nvidia card doesn't work guess what you lost that person forever they will never try Linux again ever okay I want to be doubled down on that they will never try it again it's not and these people unlike us they don't care about the politics they just want to use they just want to use the system they don't want to know what new arguments led to it exactly that that's what we are up again it's either we get that user or we don't it's just that simple and no amount of telling them how evil proprietary hardware is is going to make them feel like they're going to be okay with not making full use of the hardware they bought so I mean yeah it's true that Debian is a great distribution for older hardware absolutely their community is amazing and by no means am I criticizing Debian here or trying to because they're the subject now but I mean other distributions have the same mindset they're not unique when it comes to this so I'm only pointing the finger at them because they're they're the current topic but the reality is Debian has a very hard situation it's like do we cave to what we believe in to give users a good experience or do we double down on that and try to educate users but the education thing isn't working because the only people that could really make people hate Nvidia is Nvidia themselves Nvidia is the only company that can make users hate Nvidia okay we Linux users cannot push people to hate Nvidia only Nvidia can ruin themselves okay they're the only ones capable of this so in the meantime we just got to get everything working while we you know figure out how to make hardware drivers suck less yeah it's it's an ongoing challenge getting them on there and I'm excited to see even to the hardware manufacturers it's getting more accessible for people in the home lab to be able to get these I know maybe one day I'll review and buy one when I need another upgrade the framework laptop because I think that's one of the cool things out there because we just had this discussion at work where you had to buy some new laptops for employees and we were talking about Lenovo has I think it's a firmware blob and they won't let you change the Wi-Fi card because it expects that Wi-Fi card to be in there that's still the thing now because I ran into that like five or six years ago or something yeah and it's still a thing that some of these companies are still doing with different locks that you can't swap the Wi-Fi cards in them and it's like they just they're not favorable to the community I could tell you why that is Oh yeah the actual reason why they do that and and this is something that a lot that is a little bit of trivia Windows trivia surprisingly coming from the Linux guy there's a I forgot how many points it is on the scale but basically I'm sure you remember how you know if you had like Windows XP Vista whatever you changed the hardware and you got to reactivate it so what ends up happening is if I remember correctly the network card is worth three points and I think it's up to 10 points there's a different point value for every hardware that's changed Oh yeah for the changes right so a network card is like I think everything is one point the network card is three so that's going to be the most likely thing to trip the activation and you know they're selling OEM licenses and everything so technically the light the installation image is going to be fixed to make this very unlikely to happen but the situation is licensing and it's matched to the hardware such that the network card is that important and they'll get more support calls if they let people do it it's not just my network card I just installed doesn't work it's my computer onactivated which is a completely different support call but the thing is I'm not advocating for what they're doing by no means am I saying they should be putting that restriction because my mentality is if the user decided to make a change they decided to take responsibility for that change when they call support it's not their job to enforce it it's what the user is going to do what the user can do they can people I've seen ThinkPad people change the screens just because they want a better refresh rate it I mean when we have people with the ThinkPad they go to extremes here okay but there's still no excuse and I wish they would stop doing that I really do yeah it's just a lot of tediousness on there and you know we're always advocating and back to the like the homeland people like you want to be able to tinker with the hardware that's part of the joy of doing this is being able to tinker with everything so I'm always trying to avoid companies that lock you in and don't let you tinker because you should be able one be sovereign over your data to be able to tinker with the hardware you have to customize it to your needs and how your use cases fit so yeah I'm not a big fan of any of these companies that make that harder for you to do I think the best way to think about it in my mind is that the company's involvement between you know in between you and the product should stop at the cash register you buy it you own it they're out of the picture and unless you and unless you have a warranty claim that you need to you could have the the vendor back into the picture but that whole involvement should end at the cash register when you pay for the product and then if you need to warranty it RMA it whatever their policy is that's fine but it's like they want to keep having their hand in the relationship after the cash register imagine you know buying a movie and then having a company contact you for a review constantly I mean we might end up there someday but usually it's generally agreed upon you buy a retail product and it's yours but they would have you believe otherwise it's just a weird mentality if you think about it it is yeah but nonetheless uh is that all we have are we at the end of the list Jay oh gosh we have like so many more things I think we'll need to do another QA and I probably hog way too much conversation this time so um but you know what just give us some feedback and hopefully my long-winded responses will generate some uh feedback from the community because we would love to hear from you guys where are you guys come on yeah and we also um one of the things I'm looking at is possibly there's there's a tool and I'm gonna see how it works that allows you to record and embed a voice call so we can actually play your voice if you want to this is we're still gonna keep feedback at the Homelab show but for people you know I've like type in all those words I just want to press record and send these fellas a message that they'll play on the show and answer the questions uh we like doing a lot of this like I said we want to make sure we're really focusing on a lot of this community engagement uh because we do care about the communities we're in we care about supporting and we care about bringing more people into the homelab and uh which is it's been fun you've got to in me and Jay over our career got to engage with people a lot we were talking about missing the old distro parties that happened or the actually I think it was even before Jay's time I think it was in early 2000s when we used to have Linux install these parties yeah we had release parties but we haven't got all of us at the Linux user group meetups and things like that it's harder to do that with a global audience but hey if we can at least have some feedback and engagement with people they just we want to make sure we're helping everybody out and getting people started on this because it's never been a better time to be a homelab we did an install fest of penguin remember that we had a oh yeah we did that was when you introduced me to gosh it's right in the tip of my tongue that you I did a video on I can't remember the name of it um the ventoy that that's when I saw Ventoy for the first time was at penguin and we did that install fest so yeah they're a lot of fun we should do that again sometime somewhere yep yeah the arranging install fest for an international audience is a little bit more challenging but it can be done somehow we'll figure it out download this link let's all let's do a big I don't know group party and get get everyone installing Linux I think we could make something happen yep all right well thanks everyone for joining us and uh we'll see you next episode see you around