 Welcome to the homelab show episode 22 Q&A ready for some Q&A J. I am ready Finally, we've been wanting to do this for a while But we needed to get a certain number of questions and we didn't get as many as we wanted to we have enough now So we could go ahead and do it. Yeah, the um They were slowly starting to come in and then we've seen some common themes and we can solidate them So they're not specifically from any one person sometimes They're because someone may have asked the same question in different ways We combine them together so we can answer those questions for you And once you run through the questions, we will spend some time going through and answering some questions and being helpful for the audience here, so First things first though, we got to think a sponsor of the show I know the node. Yes Yeah, and the note is awesome And you're using a note if you ever go on our website because it you know like I've mentioned before It's you know being hosted by Linode and the node is a sponsor of this particular Podcast as well as my YouTube channel because they're awesome their services awesome and we handpick our sponsors here So, you know, it's not to be taken lightly that we chose Linode. They're easy to use have a great dashboard They have all kinds of Linux distros that you can spin up even Arch Linux, which is crazy Crazy awesome and one-click apps. It's a really awesome service Yes now our website did go down and I want to highlight a problem with Linode on this one And that's if you give bad commands you get bad results turns out. It was a typo They don't just fuzzy figure out what we meant they actually read the command as it was tight It's garbage in garbage out right so This is one of those situations where you know, sometimes when we fix something we're like How did we fix it exactly because we tried a bunch of things and work but this is it's very clear what fixed it But the bigger question is how did it ever work? I had a typo in the FS tab file How did it ever mount that volume? How could it have ever mounted that volume when there's a typo in the FS tab file? It's been rebooting, you know when it's updating and things like that. It's been fine But one day nope doesn't even mount the volume anymore. I'm looking at it. I'm like, oh, that's wrong. Okay. How did it ever work? So Yeah, we dodged a bullet on that one. So it did go down. That was why it was my fault. I take full responsibility for that Yeah, so we just have to admit the problem with computers is they do exactly what we tell them to Yes, sometimes we think we're telling them to do something but what we're actually telling them is not that They are much more concise than us So That's a thank you Leno offer code down below if you want to get signed up for it But I wanted to adjust though because I got tagged in Twitter posted in forums apparently I that's actually make me feel good that people let me know the sites going down not bothered by it at all It was something we were aware of as well But it's cool that means people are actually looking because that's actually the worst fear goes down and nobody notices Yeah, you know what's weird though is that there's a Nagios check for pretty much everything on the server So I'm notified when there's a problem But there's not really a great way in Nagios to tell if a volume is mounted or not Because if you're checking the free that free disk space for example, and it's it's not mounted It's just checking the disk space in that folder It would have been mounted in which is going to report the same as the root file system if it's not mounted So what I need to do is just find a custom plug in but it shouldn't happen anymore anyway But it's just one of those things where you you know have checks installed and you think everything is good Oh that one thing that it's not checking for is the thing that happens. So, you know, it might be In this is actually kind of fun So this is me and Jay in real time discussing a couple ideas that I didn't think about but till right now I was just doing a video that'll be released. Uh, well, I she did release this video on benchmarking and I brought up the tool I just didn't dive deep into it. It's just an easy way to test for this exact thing Um, it's called IO ping and it pings IO devices to give you their latency on the system I was doing that to highlight when you're trying to troubleshoot IO problems, especially in benchmarking You can use IO ping to determine the latency of the device and you can ping it on a schedule And it will either stop responding all together or you can IO ping and just watch it slowly You know change response times I wanted there's a way to integrate that into nagios where you tell IO ping if the result is Well, nothing, um, yeah That'd probably work I think the easier way to do it because one of the cool things about nagios is that at the end of the Day it's looking for a return code So if you're doing like a you know, if directory exists return, whatever Okay, that's all you need to do So if there's like a so a sub folder inside the volume you could just say does this folder exist If it's not mounted it won't exist. It'll return something other than zero and it'll flag nagios But that might be another way to do it too. So one or the other will probably be uh, how I uh go about that Right All right onto the q&a What is the first thing and I think this is what you wanted to talk about because you've been working on this uh issue More so than me. I this is something I should do and that's power management Yes, I have been working on this for a while and there's two really important things like one of which I was doing Was I was shutting down my servers when I'm not using them because if everyone in the house is sleeping Who cares if plexus down? Why why pay for the power for that if we're not using that? um For some reason I stopped doing that but the other day I think about a week ago. I'm like, you know My power bill is like four hundred and seventy dollars I think it's time to revisit shutting down the servers that you know when they're not being used But even though the problem probably isn't the servers. It's most likely an hVAC problem We're not going to get into that but before I get into Shutting down servers. There's something probably we should look at first before we go down that route and part of that is making you know really good purchase decisions because A lot of people will do this and I did this when I first started with homelab a long time ago You go on ebay. You look for off lease servers, right power edge or whatever. Um hp server is um, and there's other models super micro and things like that and you find a server and you look at it like Man, that's got some good specs and usually they could be surprisingly cheap. So Before a covet. I think you could get a pretty decent virtualization host, you know an actual business server That's of course, you know somewhere between eight and ten years old But still plenty fast for homelab for like a hundred or 150 dollars and you're like, yes This is great. It's everything I need has the right number of cores right amount of ram. It's perfect so you buy it and um What most people don't do and what I also didn't do is look at the total power draw of the cpu that you're buying Because some of those zion processors can use a lot of power And some of them use very little because there's l series zion processors As well and if you go with that then it's going to use considerably less power So making an intelligent decision when you buy it Is important now that leads to another lesson that I learned too because of course I bought some zion processors that are very power hungry Um when I first started and what I found was that you can easily replace the cpu They're very cheap. I was shocked by this. I had three power edge servers. Each one had two cpu's cpu Sockets in them So six cpu's needed to be replaced and I bought the cpu for about 40 or 50 dollars On ebay and I got 10 of them I got 10 zion processors or something like that for 40 or 50 dollars like they're practically giving them away And they were the l series zion processors and it just so happens that all my servers use the same type of cpu So I replaced all the cpu's with the l series lower powered cpu's that really helped out a lot Also going into the bio settings by default. A lot of these are going to run like full power all the time I mean you can argue that you might need that if you're doing virtualization, but I don't really see a good reason for that in home lab I mean you want your servers to sound like a turbine engine like all the time So you could tune that down kind of make it more on demand for cpu scaling You can adjust the fan So those are the kinds of things that you should do first like make the right decisions about power If you're if you haven't bought something yet look at the total power draw Disable any components you're not using like if you're never going to use the onboard nick It probably won't save that much power But you may as well turn it off if you're not using it And anything else for that matter if there's add-in cards that you're never going to use like there's a You know raid controller. You're you're not using that just take it out Um, that'll really go a long way now if you do that and you still want to save some power You could consider having the servers power down when you're not using them And this is where the opinions and the audience are going to be very divisive Some people are going to say you should never do that servers are supposed to be on all the time Leave them out all the time and other people like me are like well if I'm going to save five bucks I may as well Right. I'm not using it. So why have it? soaking up power so, um That's one of the reasons why I wanted to talk about this because I've discovered a few additional things recently when I Decided to go back and have my servers power down Um, so the idea is basically setting up a cron job that shuts the servers off Maybe something like midnight 1 a.m. You're probably not going to be using them And then having something like a raspberry pi to issue a wake on land command to your servers To get them to power on now A lot of people in the audience know this tom helped me upgrade a 10 gig recently And I spent a couple of hours trying to fight with this and I'm like why won't this work like wake on land does not Make the servers up. It doesn't make any sense. Everything is configured. What's going on? so I don't know if you've experienced this but you're like googling a lot and you can't find an answer and then You just adjust your search terms just the right way and you find this one article that explains everything It's like the only article that exists. Um, I landed on intel's page And what it said basically was that we don't support wake on land with any of our 10 gig cards Yeah, like it comes you kind of have to set the wake on land on one of the one gig cards that are on the system As well, even if you're not using it for networking as long You know, maybe your primary networking but you're using it in order to do the wake on land. It's kind of an option there Well, yeah, that's true. So there's two different options that I found. Um, the first one didn't work out But it was possible. So I go in the bios for my servers and there's an automatic power on on a scheduled time thing that you could set up You could set the hour in the minute and it'll just turn itself on So at first I'm like, there we go You know, there's the there's a solution But I didn't want to do that because of course, you know The time zone is not going to match in the server versus the actual time zone So I have to do like Some math to make sure that I'm turning it on at the right time and then that also means Daylight savings, you know, and that's going on at the going to change it I don't really want to change anything. I want to kind of set it and forget it. So that ruled that out for me I didn't want to do that. So, um Some people may know this and some people may not so, um ipmi A lot of these servers have that it's like an ikvm. You can log in Via web browser the username and password you can get a console So you can sign in view. It's on the screen. You could power on the server power it off It's really cool And every super microserver I've ever seen has this including mine Um But that wasn't an option because I didn't want to like log in in the morning and remember to hit the power button Because that kind of defeats the purpose of automation But what I found out is that ipmi tool, which is a command line interface a command line utility You could just install What that'll allow you to do is interact with ipmi without a web browser You could just write a bash script So what I ended up doing was just in a cron on a raspberry pi. It's just going to execute this script It's going to execute the ipmi tool command. It's something like chassis power on if I remember correctly You give it the ip address of the server Um specifically the ipmi ip address and it'll just turn it on So to make it more intelligent, I you know, of course want true nas to start first It's the storage server needs to be on first and then it'll sleep five minutes It'll power on the um proxmox servers Now that led into another problem because I have two servers for proxmox in the cluster So if one server starts before the other you don't have quorum The none of the vms on either server will start you have to go in and start them Manually So what I did was I just added a couple of minute delay for all the vms before they try to start because by then Both of those servers will be up and running And then the final thing I had to do was adjust nagios to not care About certain servers when they're down because they're supposed to be down. So that's a lot of work Now i'm not really sure what the power savings are going to be But I guess we'll find out in a month and some people out there are very um Oppositional to ideas like this because you know, like I said, they'll be like, yeah Your server's supposed to be on all the time and you're just introducing You know unnecessary wear into your hard drives, which I don't personally agree with I think it's really not as bad as people make it out to be and I was setting my servers to shut off for years and no problem. So um, you as the homeland person you get to um Manage this for yourself. Do you want to shut off and that's up to you And something uh, I see the digital life in the chat there and something He's correct to christian mentioned was that if you're virtualizing your firewall Then this becomes something you don't want to do I'm not the biggest on virtualizing firewalls and there's another one of the cost savings Someone was just posting in my forums today about using like an r7 10 for a pf sense Right away. I'm like that's a lot of power to be used dedicated to pf sense I mean, I don't know the use case they have for it in terms of maybe they need that much power But a lot of times I've seen people find old servers and go Hey, I can run with some pf sense But now you're talking about something that's going to draw 100 plus watts just to be your firewall When it comes to some of the firewalls that so I've mentioned if you leave them on a lot Which ideally you're gonna leave your firewall on all the time and maybe you just don't need access to plex But that's where some of those Arm-based processors can be really handy for some of those firewalls, especially like the sg 3100 by neck gates A good example of it But there's other firewalls based on arm arm is generally a very efficient platform to build that on and pretty ideal for some Of the firewalls, but even though if you're just using some of the more modern some of the protect teleboxes Those are nice compact fanless quiet and generally lower power running it on a running your firewall in an old server It's a fun experiment if you don't need the kind of horsepower that that provides then you probably are going to Eat up the power bill more so than you'd like to Yeah, that's a that those are great points in addition to that Depending on where you live you're going to care more or less depending on that because If you're living in a place that has really expensive energy costs Like I think hawaii is one of them if i'm not mistaken then You're really trying to you know get these things to not use power because it's going to saturate your bill But other places power is so cheap that you know at most you're shutting down your servers You might save five bucks or something over a year That can really vary from one person to the other so I know, you know, some people are really against the idea Just keep in mind too that If you're against the idea is probably because you live in an area where power isn't that expensive So you're free to really not care and other people, you know, they're squeezing all this Or you're like my friend who has solar panels and actually creates surplus energy. So I have already started looking into that. It's too expensive right now But I my nephew works for a company that sells those things and okay when it gets down enough I am going to try to solar power my entire home lab. I think that'd be so fun That would be pretty cool. So yep, hopefully that clears up some of the power It is a little bit of a rabbit hole But it is something to consider and it's not just power as jay was pointing out last night And today is a heat wave here in the michigan area Heat is directly correlated to this so the more things you have on all the time It's not just the power draw it is the heat they generate that then heat has to be removed Of course, if you're in a cooler climate Um or in the winter Maybe you want to leave the servers on because you're going to form up the house and so there's That's one more little factor to throw in here is the heat dissipation something to consider so That's a real consideration because if it ever looks like I'm sweating in some of my videos It's actually the case because it gets super hot in the studio when I have the door closed And I'm still trying to figure that out. Um, yeah, the struggle is real. Yeah, the struggle is real. So Yeah Now ready for the next question. Yep So this was an interesting one and they were in more than one person word of this It says any chance to be bringing another guest occasionally the answer is yes And someone added on to that. Uh, can we spotlight michigan youtubers? Well, I don't know besides jay That many people that are into youtube into tech and in michigan The only other tech youtuber specifically in tech that I know in michigan I don't actually know uh him, but I know of him is detroit borg He's got uh, he's a apple it does a lot of apple and high-end device Reviews and things like that, but outside of the homelab this I don't have any contact with him Also, he's not doing what me and jay do when you narrow it down to what me and jay do The guest list gets a little bit smaller because we are people who both work in the industry talk about these things And uh, but yeah, we do plan on having more guests. We've talked to a few other people So that's that's something we absolutely plan on doing out in the future So if you are someone uh, who has a youtube account if you're a content creator in general and well like we had um Oh boy, uh badger The yeah, yep. Yep. Yeah, he was on here. Yep. Uh doing on here. So absolutely We do plan in the future. I have more guests. We've had wendell on here. So I mean He's uh, right in our right in our wheelhouse of things So yeah, if someone's relevant and a content creator and uh wants to reach out to us Absolutely. We we plan on and it's part of the future this podcast is having more guests on Yeah, I think uh, I think something to keep in mind is that tom and I we know lots of people We talked to lots of people but for the podcast the individual we bring on has to be able to talk about You know, homelab and for some people They could be system administrators, linux people But they might not be homelab people some people that I've asked will say well I don't really have a homelab I have all this stuff at work and I full control over it So I don't really need to do any of that and you know, we could argue whether you should or shouldn't do it Anyway, but um, that kind of thins the the number out I mean, we also have like michael lucas for example that I thought about reaching out to this thing is Um, he's a very awesome system administrator. Does he have a homelab probably? I don't know. I'm just guessing but if he doesn't then you know Like I don't know if we could have a reason to get him on but even if we don't we'll have him on our respective youtube channels For a different reason and I've had michael and I actually am working on uh video It's it's long. It's gonna take a little while before we get it out But me and michael are gonna dive into the history of free bsd So is a wealth of knowledge in the bsd community and he's a pretty well known author for a lot of different things And we've recommended in what mentioned his books on here matter of fact window when the episode we had window We we give a shout to some of the michael lucas books are great if you're a learning system And he's got some ones on ssh and a lot of other topics of zfs and the common things we've talked about here But uh very knowledgeable his ssh book. I consider it must read absolutely. It's it's the best ssh book I've ever read. I don't know if there's many other books just about ssh, but it's literally Like it's gonna be everything you need to know in one shot. It's it's just amazing right Um, all right next is what do you suggest for kvm solutions for a homelab? This is this is kind of a fun one because there's a few different options There's like the tiny pilot uh pi kvm There are always finding surplus things on ebay. That's uh, that's going to be one of those options if you need a lot of kvms The good news is a lot of boards have ip and i like j mentioned those are the low hanging fruit solutions and ones that are Very easy to recommend the downside is if your budget doesn't allow for at least a slightly more modern server You'll end up stuck in java hell of the way the ip kvms worked on some of the old Systems they use different java downloaders and things like that We and j have both reviewed the pi kvm and then i gave mine away To a lucky person that watches my vlog thursday, but that is um, definitely a cool little option The tiny pilot and a pi kvm. So they're both based on uh raspberry pies to be able to do that. Um, But that's And you can build your own too. Yeah Um, there's there's also the idrack, but that's also a rabbit hole because the newer ones as i understand it We'll use h205 and that's what you're looking for it used to be java for all these and it's h205 now So if your server supports an idrack and you can get that idrack on ebay and they're usually pretty cheap And it's one that supports h205 and it's compatible with your server. You can go ahead and do that I haven't used it myself, but I have um, I've seen that there's a docker container out there somewhere I don't know if it still exists now. This is it was a few years ago, but someone created a docker container that can allegedly, um connect to a java Interface for those that are on java and just show the console So you don't have to install java on your host system. You can just have it You just run the container only when you want to use it and then you just stop it when you're done That's an option I kind of find that this can be a little frustrating because If you look at the prices for some of these enterprise i kvms the hardware kvms that are rack mountable They can cost a lot of money and some of them might be bound to licensing that you have to figure out a way around And it's unbelievable how expensive these things are so the um tiny pilot Can't remember what the cost was some people might think it's a little up there I don't mind paying it because i'm supporting a really awesome person that's that's making that available But then when you look at the used ones on ebay all of a sudden that tiny pilot doesn't seem so expensive anymore So um you have to kind of weigh the pros and the cons But if your server already has an htl ml 5 like idrack or ipmi just use that because you already have it Just use that check that first And if not try one of the pi solutions, I think you could build your own too if i'm not mistaken Yeah, well all the pi projects do list the parts so you can order parts yourself Also each of the respective pi pi kvm projects both have a list And I think the listed are probably similar if not the same of kvms You can chain them to and what I mean by that is because a lot of people want to be able to do this You know Somewhat remotely that's where the pi kvm comes in but then maybe you don't want to buy five pi kvms But you'd like to buy a switch a kvm switch that has several adapters on it And we did some testing on this here at the office to confirm it worked with at least the model They said and what it does is if you take one of those cheap IO gear type of kvms like the basic ones that switch between two or three computers or four computers And then tie the pi kvm to that you we were able to send the control keys, but this is not universal That's why they've been working on a list on their project pages of which ones to get And the cool thing is those cheap kvms the non And you know, I would say non enterprise ones are really cheap, but then you combine them with the ip Abilities of a i pi kvm now you have a cool thing where you have remote management You have multiple server management and you have it at a reasonable price because if you go straight to buying like jason one of those used Uh commercial ones it can be kind of expensive and it's also we because we had one We wanted a second one here at the office and I can't remember the brand we had it's years old And it's only vga, so I wouldn't recommend it But one of the problems we had when we got one from ebay It was way cheaper than new it was like one tenth the price But it was blurry and they only had one and we turns out the caps were bad on it So we actually ended up soldering new capacitors inside of it So be prepared because again remember these things if they were in a server rack were probably on from the day They were installed and turned off and sold on ebay So they've been on for years and if they weren't of the highest quality or have bad caps at them Take that for what it's worth. Just something to think about when you're on there Yeah, absolutely another thing too about the tani pilot. I'm not sure if these features have landed yet But the individual I wish I remembered his name Anyway, he reached out to me and let me know that the tani pilot is getting a boot from isl support So you could boot your server with an isl image and actually install a notice right from the tani pilot But then also they're coming out with a power over ethernet version of it too Yeah, so there's more features coming out and like I said and someone pointed out that one of the projects was uh Is it pie kvm? There's tani pilot and pie kvm. They're two if you want to call them competing. They're both open source projects Um, the tani pilot one has like a business model where you can pay for support But anyways, someone pointed out one of those has the kick starter that kicked off today So check out both of those projects or they're both valid. There's both some Pros and cons of each of them and uh, it's hey, why not? It's fun to play with I mean any raspberry pie project. I'm a fan of Yeah, there's so many there's there we could just have a whole podcast about raspberry pies And we're not I'm not seeing we're going to do that because I already did already But I mean like a whole like like ongoing series about them, but um, we do like Enough content about those. I think we have that covered so yep. Yep. All right Next one now This is something a few people have asked for and it says love the show in future episodes Could you show more demonstrations of images and the things you're talking about rather than just displaying them in chat Demonstrating your tools would be awesome. One of the things we've done is everything we've covered Me and j reference the videos we've already done on these So doing a live stream and live demonstration is substantially harder and as we do record the show live Uh is substantially harder than the concise edited cut down and me and j will both tell you we spend a lot of time editing So when you think me and j are really good at something No, we've just edited to make us look good just fold us closer here But it's also edited to make it brief to make it concise to teach you something So we always reference the videos we're talking about so when we did a video about proxmox j has videos on proxmox We did a video about xcp and g i have an entire series on xcp and g as well And almost each one of these projects we've talked about we always link to the videos you reference or the playlist We reference is on there so you won't find those in here because this is targeted as an audio format podcast We host it on youtube out of absolute convenience and it allows easy interaction for a live audience It's got all the right things there, but it's then taken the audio stripped out We use a tool called stream yard to actually uh stream this to youtube and then our stream is recorded Uh, ultimately the goal is to have an easy to do podcast So if we started doing a bunch of visuals in here This would leave out those who say hey, I love listening to this in the car while i'm driving or You know i'm doing something else in my headphones because that would not translate So that's why we reference it and it's uh, and that's why all the videos in our show notes Yep, I couldn't set it better myself. That's absolutely the case and I think as long as you know, I try to train myself So as long as I keep this up, um You know describing to what people what it is i'm talking about so when I first mentioned ipmi I'm gonna let you guys know for those that don't already know what it actually is what it does What the goal of it is you can get a picture in your head of Logging into a web console and seeing a desktop in your browser In that general picture you have in your head is is probably correct So and like tom said we have all kinds of videos So if there's something we're talking about and for some reason we don't have a video on it We're probably mentioning it because we're already working on creating the video for it So just keep your eye on our channels. Yep All right Now, this isn't a really easy one. Do you prefer for diagramming uh draw i o or ms video You have to draw dot i o yeah draw i o um, and they've actually changed to diagrams dot net as they bought an adjacent domain It's the same They they actually have a story of why they did it apparently there's some controversy about the dot i o Tld so they're worried if anything ever happened They wanted to have a backup plan so they own diagrams dot net but both works as of right now both work fine Yeah, they have a little article on that um I've done a video of getting started with it is a wonderful drawing utility It has some amazing features that allow you to not only Embed things But you can embed things that you create in it as a png and then sub embed within that the actual Data that created it that means you can open a png that was created with it that had the sub data And pull it back out into the drawing program edit it and re export it as a png with it I mean I went far into the I think it's kind of a little bit longer a tutorial because there's a lot to talk about And since I did that video Maybe about a year ago. They've added even more things. They've added Like animation flows and all kinds of neat stuff. So draw i o one. It's free by the way. That's it's open source It's free. Um, I have talked to a couple people and developers I'm hoping because it has its own scripting language. It's all well documented for how you generate it of Building some plugins and this person specifically is working in power shell documentation tools to export In the language that it is so you can auto generate network maps from it or different Domain maps so in there's a lot of potential for that They encourage people to like that's why they document so well that they can take external inputs and build things with it so huge fan of draw dio uh, not a fan. I mean I use visio years and years ago and Uh, I'm just not interested in using anymore. I mean, yeah, but I don't exist It's kind of like it works so well It does so many things and it's free and it's easy enough because it's also web based is you can run it as an application or web base The web based one will allow you to share and edit with someone who Doesn't need a sign in or anything you can actually create a link on the draw dio or diagrams.net site Send them the link with it embedded and have them open and start editing the same thing not simultaneously I don't think it does shared editing, but either way you can get someone else working with it without they'll have an even load an application Yeah, is it still the case that visio is like an app only there? Is there like an online version now? I'm not aware of for visio, but I could be wrong. I don't keep up with the microsoft will I know there's license fees Yeah, that's the thing because I know in the past I I didn't use visio because i'm not trying to run a windows vm just to create a diagram And with draw data data excuse me draw.io being in a browser It's like it doesn't really matter what os you're using just open your browser go to the site and start doing it. So for me that I don't know if that's still the case now that visio was not in the in a web version, but That was absolutely the reason why I started with it and that's why I still use it now. So um, yeah Yeah, all right. Hopefully that answers that one and this one's gonna be a little bit of a discussion But i'm trying to keep it as simple as possible and that is the protection against ransomware now I have some good news and they just Not saying you're immune, but they don't target home users quite is heavily they usually Just target them with some drive by bs type things as I can describe it The as I do videos where we talk about threat and persistence I have an upcoming webinar I'll be doing with huntress diving deep into how threat actors pick a target and gain persistence within a target And it's a very focused a target act because they dive into financials They know how much money they have the other side of it is for all the efforts they put into it home users are they're just hoping we'll click on something and uh We'll get infected but the ransoms are usually much slower And less effort has been put into it because they don't always expect home users to have the ability to pay But i'm not saying you have a zero level threat So there are some things you need to do backups backups backups always have backups um, we just did a Our last one was about synology and synology's uh got a backup tool on there But whatever backup tool you have make sure you have it make sure those backups are kept Secure and separate from you as the user so the username and passwords you may log in with on your computer should not be The same as the username and password you log in with for your backup an example for me I have my username and password for my synology Then I have the admin user and password for my synology and I have them separated that way There's a limited amount of functions I can do with my day-to-day user and then only log in admin as needed You can do this on each of your computers That you got to keep this separation of privilege and separation of where those backups are stored the Next thing is going to be especially i'm assuming windows because that's where the ransomware is mostly targeted with few exceptions for things like when people Publicly expose things we'll get to that second I will talk about that but most part i'm assuming you're running windows the antivirus that comes with windows is actually pretty good um It's better than a lot of people realize Microsoft used to be the joke of the antivirus Uh, especially the free ones and it's the tables have really turned microsoft put a lot of effort into going Hey, let's make this a little better, which kind of shocked me. They've they've really stepped their game up So it's actually a pretty solid antivirus. Um, I don't know all the consumer ones There's a lot of them out there. So if you have an opinion on another one I I don't know. Do you probably don't keep up with that either to do you jay? No, I mean honestly, I think antivirus nowadays isn't nearly as important as it used to be because at the end of the day it's um What you use your computer for and whether or not you're following best practices Are you clicking on random links and emails? Are you making good decisions? No, obviously if you have the right vulnerability that that allows remote code execution that could still happen But at the end of the day you have images for your machines. You can get them back up and running You have a version of backup so you can get your data back That to me is more important to focus on than antivirus because antivirus is kind of like Almost like insurance about what could happen and you're hoping that if something happens That your antivirus will catch you doing something you shouldn't have done or maybe By mistake. It's almost like insurance like like medical insurance, but um, I mean I use medical insurance because medical insurance doesn't want to cover anything, right? So like sometimes antivirus is is just like 50 or 60 effective anyways So at the end of the day that time and effort you're putting into that you could probably just put more time into your backup Routine your images and things which is probably better anyway. I mean for most home users. I I'm still just going to go with windows defender I don't even see anyone in a chat suggesting anything otherwise Windows defender still it for like I said if you go look at the scores on it By some of the av testing it ranks up there with a lot of the other ones And usually the only time they ding it is slightly high false positives. I wanted to be one of the reports on it. I'm like Yeah, slightly high false positives is better than let something through like the detection rate for the same as some of the other antivirus But a couple more false positives, which false positives don't get me wrong They're annoying when you are trying to load a game and you go into a panic attack code Why is defender flagging this game file? Why does it not like the image files in here? Um, that's more of an annoyance than Likelihood of ransomware be careful what you click on a lot of just careful thoughts on things Now they do target users especially for banking and things like that They usually send out, you know, phishing emails phishing tax Those are more your attack factors at home users see the most of now the other part I mentioned about External access and getting ransomware that way there was a Assault on a lot of the qnap because of a flaw of them Well, do you call back end credentials a flaw with qnap or just a bad design? design, yeah, yeah, so they had um They had some qnaps or attack, but then there was a similar attack against Synology but Synology was credential stuffing. So if you had your Synology publicly accessible They were just randomly trying all the passwords on it and because some people don't use strong passwords Those are a couple times where they were uh attacking and using them the the qnap ones I believe they would ransomware uh the Synology ones they would turn into a botnet, but That's what they were doing then later. They could do something like ransomware and the third one is Two years ago now. There was a pretty big flaw found in one of the implementations I don't remember if it was next cloud's flaw or if it was a flaw in php um one the flaw in was attacking specifically next cloud servers and You had to get everything patched whether it was the php or at fault or a next cloud at fault The results the same of they would take over and leave a ransom note for uh, you there So obviously your big threat surfaces. Do you have anything publicly exposed? Then your internal threat service. Did you click on something to possibly detonate the ransom? We're on there. Um, and just become being very careful. So Yeah, um, oh and for people This is a fair question people ask like the the unified dream machines offer some threat protection in there Those are about useless. They are matter of fact, um, I tweeted I laughed there was a register article So the udm pro wasn't was getting bad updates for six months and nobody noticed It was not getting any threat intelligent updates. So it was actually six months behind before someone says Hey, these files are really old on here. Um, the being able when everything's encrypted Detecting threats at your firewall is hard Uh, you it may have a list of sites and me and j we a both of we were talking last night We'll be doing some future videos on companies working on ways to detect You know IP addresses and Uh creating lists by another company, but the problem is they're reactive not proactive The reason we know something's bad is because something bad was happening at that IP address Second if it's encrypted it usually goes unnoticed for a very long time So the firewall is to me if you're looking at your threat surface In or where you want to put your, uh defense in depth You probably want to take and put all the defense on the endpoint And if you have some budget and time left over it's better than nothing to have it on the firewall but it's even though the firewall is the Part touching the internet the browser is the part that touches the internet where most of the threats are occurring here in 2021 so right that's it's it's not that good of it and do not think of it as a substitute for endpoint protection Don't go. Oh the firewall will stop those threats. I don't need to worry about endpoint It's better to put everything on the endpoint and oh cool Also the firewall if it has the IP if it recognizes an attack if the attack wasn't encrypted and it could decrypt What was going on it would block it if if if if and that's a lot of ifs Right to me at the windows xp days when service pack two came out and everyone got that firewall and they're like, yes I'm secure now while they're clicking allow allow allow allow allow and everything that comes up Um, which pretty much defeats the entire point of having a firewall. Um Another thing I wanted to mention too is that when it comes to backups Please don't have your backup target mounted all the time Oh, yeah You know like when that malware hits your machine Some of it will target your backup first before you actually know there's a problem And if it has access to your shadow copies you could bet it's going after your shadow copies So you should have your backup source mounted only when it's actually doing a backup Because you know malware can't get to something that it doesn't have access to that's not mounted So please don't keep your external. I mean external hard drives aren't backup anyway Don't keep those attached all the time. Don't keep like your network mount to your backup NAS or whatever mounted all the time just you know Have it initiate that connection when it's backing up and then drop the connection when it's done You don't want that always mounted because that's what some of these malware. Um, you know, that's what they're hoping for Yep Yeah, so that that's that part of that, you know Keeping things separated and keeping the backup not even having the same credentials as whatever you're logging into the computer So obviously if they compromise your computer There's a risk they compromise your credentials and if those credentials happen to match the credentials of your backup system Then there's a problem and people assume because oh, it's just my home lab And I I do not agree with this but they will just start using the same password everywhere I have even at home I don't have the same password for my computer as I have for my nas as I have for my synology As as I have for anything because password generators are easy So I have gibberish for every password. It's just better that way It's and two factor and all that other stuff. I mean, there's all kinds of things you can do and you should do all of them I mean understand it's going to make things inconvenient, but that's the point the more you make it inconvenient for yourself It's also inconvenient for other people trying to get into so, you know, that's how it goes All right, so hopefully that helps cover that there's not a turnkey guarantee solution But there's at least mitigations and defense you could put on there How can we know in advance when you will be live streaming? I can't find scheduling on a website. Um Me and Jay work on this because life happens and because we both work in the industry We we end up with priorities being sometimes addressing issues we're dealing with at work Uh, so this is what makes it a little bit more challenging than Setting it but we're getting closer. Uh, we think we settled on with the exception of today Settle on doing it at 11 o'clock on wednesdays 11 eastern time We just haven't been brave enough to publish it because once you publish it it feels like you it feels like there's a lot of seriousness going on there Yeah, you know, we would have been like tom said on today at that time But the thing is, you know, today's the first day of school where i'm at in my area So of course the kids had a half day today around 11 o'clock is exactly when I had to go to pick them up So, um, that's not going to be the case going forward. I think we can say 11 a.m Eastern time wednesdays absolutely Of course, there could be another half day of school sometime later on this year So we'll you know Maybe let you guys know on twitter or put it somewhere where you guys can see it If that particular day we're not going to be able to make it or maybe even the episode before that We'll let you know we'll let you know somehow we'll send a carrier pigeon if we have to but I think 11 a.m eastern I'm at a point in my career right now where I think I can confidently say that that I'm ready to You know draw that line in the sand Yeah, so we should be able to do that and uh, if you Look and I did a slightly click baking video Should I sell my business or option b? And uh, I discussed some of the changes I made here to allow myself a little bit more content time So we're working really Solidly on this 11 o'clock on eastern time with the exception of today And there's going to be a video that I'm going to be making it might be as soon as next week It might be a week after that where I'm going to talk about my business and how in the reason why I think I'm going to be able to schedule this Advanced with more confidence. So I'm not ready to say anything right now But I will be making a video on that. Um in the very near future Yep All right, and now that's that's those questions we had I did see you know This was technically something someone sent us and it came up again in a live chat and it's about unrayed I've seen people comment on that and there's a few comments and videos. Why don't you do videos on it? I just don't because I don't use it. Um I really don't feel that From talking to people that do use unrayed it scales to the larger Size clients we have so it's not a client solution. It seems to be an excellent home user solution So if you want to use it, I can't tell you any reason not to use it But from a scalability standpoint and a manageability standpoint It doesn't seem to Have that same scalability in for example, if you were following me at all on twitter today. I was posting about 84 Uh 18 terabyte hard drives that we're building for a project Some of the projects we do here at lauren systems are large projects for our clients And we are then using the things we talk about this is the back and forth with my videos Because we're not using it and I don't plan on sitting down and learning the unrayed platform Um, it's not me saying not to use it. It's more about me saying I just don't use it So I've nothing against it if you'd like to use it. Uh, there's a couple I want to say the name is space invader one. He's got a bunch of videos on unrayed He's got a youtube channel called space. I think it's called space invader one Someone can correct me in the comments on that. That's the case. That's awesome because space invaders are amazing. What am I feeling? Yeah, I Yeah, but yeah, it's a it's a solid system. Um for people that like it the I know windows use it a couple times and um, I've seen a lot of people talk about it It it doesn't necessarily scratch our itches so to speak, you know Yeah, that's exactly right. Yeah It doesn't do anything so compelling that synology or true nas that if you're if I have all these different problems The the problems are usually in storage world solved by synologies or solved by true nas or some combination of them I don't I'm not finding things falling outside of there that I require that also true nas scale for those of you that go And but on rain has docker. Um, yes, I know and so does true nas scale, which is actually what I'm waiting on It's the familiar environment of true nas. It's the familiar environment of vm of zfs And uh, it's also the familiar environment at debian all rolled into one package So that's going to be for the docker solution for those of you that need it Which I don't use a lot of docker, but I know there's a demand for it. That's where I'm going for there instead of unrate Yeah, I think the biggest problem with creating content is time because If you if you saw my um my backlog and how deep it was about all the things that I want to go over You'd be like, how are you ever going to get through that because there's so many things I want to check out So, um, obviously the things that I'm using I'm already using it's super easy for me to make a video about it because I'm already using it and then every now And then I'll pick something from the backlog that I really don't know about and I'll just learn about it And then I'll make videos about it Um part of the problem on my end is that sometimes the editing process and all this takes a very long time So I'm actually in the process of looking at um a couple of volunteers to kind of help me out to kind of free me up a little bit, which is probably going to help me out with this, but um, yeah, like like tom said I'm going to cater to the things that I know and then I use and then if something crosses my radar It has to get me a certain level of excited before I'm like, oh my god I got to do a video about that right now like that like zero tier when tom mentioned that to me the first time I'm like that's brilliant. I want to do a video about that and then two years later. I did a video about that So that's kind of how it goes sometimes we we have a lot of a lot of catching up to do But as soon as I get the production Faster than I'll be able to turn around the videos faster and there won't be so much of a problem Yeah, the um other thing too is the uh, we like hearing the feedback from you We just kind of go back to some of this because that's what helps us produce some of the next episodes And you just kind of remind me j. Um, we probably should do one talking about tail scale or Zero tier. They're good things to talk about There's a lot of use cases in the homelab forum. So Um, what does the audience think of that? We got a bunch of people here So comment on some of the things this is a good opportunity because we're just free forming it here now We went through all the questions one throws some questions at us to those suggestions at us and uh, we absolutely We're always looking we have it don't worry if you have none. We're okay with that We will come up with ideas. We have so many more things to talk about Oh, yeah, we absolutely do another thing I would say too is if you're going to write a suggestion in Um, I would recommend instead of saying you should try out x I would say instead you should try out x because and then give us a few bullet points I mean don't send us a wallet text or anything like that. Um But just give us some reasons that might make us excited to try it out, right? So it does y it does z it does all these things Yeah, that's why I like it and then that would probably get my attention more than you should try x because at least I know what it is that makes it stand out from other other things and then I'll get excited possibly and Oh, yeah, definitely want to I have a use case for that or I know exactly the right Spin on a video where that could fit in and then it happens. So that would really help out too Yeah, so that's um Definitely important that you give us a little context of why we should be excited about it Uh, someone asked about buying a used nas You actually can get some pretty good deals if you go to ebay and you type in true nas or free nas in ebay You'll come up with a couple companies including unix surplus And they have some cheap deals on use nas. They can be pretty good And the nice thing is because you type in those search terms They actually will tell you they've put together a machine with known good hardware for true nas You can also type in probably unrayed or one the other Uh nas platforms using so yes, you can find some good deals on ebay for a used nas with a lot of drives in it Um and unix surplus we have I never I not a direct endorsement But we have had good experiences with them For the couple things that we bought from unix surplus They seem like nice people when we talk to them, but they're not a sponsor or any other affiliate They're just someone we bought some hardware from because they happen to have something I needed And my friend bought a rather large for you nas server for a project he had and he liked it so Well, there you go. There's all kinds of options too and Sometimes you can even go on your local classifieds or wherever it is you find out about local Sales and things like that and if you know, it's unfortunate when a business goes under Obviously, but sometimes if there's like a liquidation of a building and they had servers in there Sometimes they're giving those away for really really low prices because they're like get them out of here They're too big. They're too heavy. We don't want them here that we don't even want to lift them Just just someone please come grab them and I've seen that happen where I'm just, you know Oh servers. Yay desktops and things. I mean just keep your eyes peeled and local Groups and things like that. Yeah surprised sometimes you'll find and we actually have a couple times picked up some cheap brand new Racks that we got they had sides and everything they were so wrapped in they were already assembled wrapped in plastic in a warehouse They were on craigslist and on facebook after place. Yeah, we were like Let's they need they said they've never been installed. They were brand new. It was some warehouse They it was funny. I guess how they got there. The story was we bought this building We don't need these they were here wrapped in plastic just like this So they sold them for like 500 bucks a piece which they were like two or three thousand dollar flip trip Like really nice racks. So Sometimes you can find some killer deals like that I walked into a computer store locally here and bought some parts and they tried to give me a rack for free It was humongous. It was absolutely beautiful too. It wasn't just a standard rack It was like enclosed plexiglass with like this really bright neon blue outline I mean it looked like something that I would love to have in the background here But then it's like, yeah, that's not coming down my stairs. That's way too big I'm like darn it. But um, you know, you get lucky about things like that sometimes just keep your eyes peeled Just have conversations with people. You never know what you might find Yep, so I think that covers all the questions and stuff that's uh Reached it. We've wrapped up another podcast. We've done 22 of these that blows my mind. It's time flies when we're having fun It seems like just yesterday when we started this too I know I think it went even cold out when we started 22 weeks ago was this that was the beginning It's really hot now. So it's we'll keep this going all the way till next winter Yeah, we have like three seasons of cold in michigan. So it's very possible. That was the case. Yep Well, thank you for joining thank you for listening and thank you for all of those who Filled out the contact form and feel free to go out there and let us know what we should be excited about Or if you want to have a question and we plan to every so many episodes I don't know if it's going to take another 22 episodes, but every so many episodes will do some q&a We're always constantly rethinking how to do this structure if the questions come in any fast enough stream We will actually do q&a in each one of them at least if the questions will consolidate a couple of them that they're Solid questions. We think the audience wanted like to dive into absolutely. It's on our roadmap as well. So All right, well, thank you everyone for joining us and thank you for a little for sponsoring us and letting us download this and I will Interact and engage with everyone next time in the meantime You can find me and Jay on the forums on the twitters and On the homelabshow.com you can that's where you can do that form and contact us. All right. Thanks. Thank you