 Welcome to vlog. There's a episode 293. So wow, that's a lot of them. That's interesting. 293 so close to that 300 mark just a few weeks away. Now in my attempt as I mean last time to be more organized. I have notes that I'll read from a little bit. As I want to start covering these things kind of on the regular as part of my beginning because I like meeting people sometimes. Okay, no all the time I do like meeting people. I'm going to be at a couple of events. So what I'm going to do at each of these vlogs is kind of let you know what where I'm going to be what I got going on. And I did confirm everything even though the hotel moved in a few details change but I will be at Datto con September 11 through the 13th of 2022. So you can Google and figure out where that is over in Washington DC and the details though. But I know a lot of you are in the IT MSP space so maybe a lot of you will already be there. So hello and greetings. If you if I see you there. Gurkon October 13 and the 14th of 2022 that's held in Grand Rapids Michigan so local for me. I'll relatively local it's a couple hours away. And I'm pretty sure I'm going to be at Ohio Lytics Fest December 2nd and 3rd 2022. So that's a couple of the upcoming events that I have that I'll you can probably find me at somewhere wandering around and things like that. So but the topic I'm going to be starting with today is the Krebs on security thing. I was going to do a separate video on it and I don't know if it needs a separate video but I figure I can just at least talk about it. So if people find this video they can jump in it right away. And we'll just read these thoughts right here. Now me and Christian crosstalk had done some videos talking about this. This was the insider threat which is a really tricky threat to deal with when it comes to doing things. You know securely is how do you deal with the person who's in charge of a lot of security potentially trying to ransomware or whatever you extort them essentially. We covered that detail but it's a sad thing that this person shows a really horrible thing that will pretty much not only get them jail time but also. I don't think they're ever going to work in this industry again anyone who figures out who they are Google that person's name. It's just not going to go well for me. This is a way to completely throw your career away. Now Krebs on security. He reported on it and this is basically the problem. Last year I posted a series of articles about the purported breach at ubiquity. My sole source for that reporting was the person who has since been indicted by federal prosecutors for his ledger on doing which includes providing false information to the press. That's an important aspect there because false information to the press. Well yes that's a big problem. Now there are people saying well Krebs should have multiple sources. I agree you should have many verifiable facts as a journalist. The challenge is when you have this type of information do you just not report on it at all because you're not likely to get a lot of facts. Or a lot of other sources about these facts. There's not always that many people involved in it that would have some knowledge. So if you only have a few people involved and only one of them is willing to talk. Obviously this becomes a real challenge to actually getting that documented so you did only have one source and but this is exactly what you want to see from good journalists is this time I missed the mark as a result would like to extend my sincerest apologies to ubiquity and I've decided to remove those articles from my website. And you know this is because as new information gets righted and this is ultimately what we're always looking for as new information gets provided we change our minds we update how we understand things. That piece of information was not known at the time that the person telling people that there was a problem was also the person creating the problem. So thank you Krebs for coming clean on all of this. Now kind of to extend and further read and I can throw this a link for people that want to dive into it. I mean see this is very related to this which is going to be ubiquity versus Krebs and these are different court motions and filing for those of you that feel like reading some legal documents. Nothing too exciting in here but basically ubiquity was going after Krebs because they claiming like a defamation and it hurt their stock value. Saying a journalist did that comes down to intent and I think they have a big uphill battle to prove intent. So any of these laws or any of the way these things work. It's about what the person intended to do not the actions are the results that happen. You've got to think about the purpose and the reason people do things and did Krebs go out on this article to inform us about a big company and potential security problems that was Krebs position as or was his goal to tank their stock which it didn't tank it dramatically. I mean of course anytime there's news about major breach problem with the company their stock is going to go down a bit. So it's uphill battle from the prove it but I think this is probably because this last filing. We can jump in real quick here on this. It was kind of weird because I don't really understand there's a series of extensions that the court granted to Krebs and in support of the requests. Let me think here. There was an interesting part of this. They didn't hear back from the lawyers and that's what I thought was kind of strange like ubiquities lawyers. Defendants Council hope that nothing tragic has occurred but this radio silence unusual and otherwise productive relationship so it's kind of saying that ubiquity quit responding so I don't know if that means you're dropping it. I'm not a legal expert so I don't know a lot about the details of that legal case there so nonetheless it I don't think it would be uphill battle to prove intent you would have to like prove he intended to hurt them and maybe he had a financial interest doing it. It's just doing it. It's a stretch and it's not the first time journalists have been targeted for things like that but yeah it's it is what it is. Team Krebs in the house. Yeah. Riley's here as well. I mean Riley have discussed this because you know it's an interesting thing. I don't know. I don't want to see people going after what is saying otherwise generally respected journalists. I mean Krebs is not perfect so someone's going to post links but Krebs that one time you know did this or did that. Yes he's still human. I'm not saying he is the single source of truth for all things but generally speaking he's got some good reporting. He does on cybersecurity and he's done some in depth things. I would overall say he's pretty credible. Greetings son who has joined the room. A wild Marcus enters behind me. Yes he's only going to post the lower half here. Did you just come to say hi because you wanted to be on the stream. Hi. That's my son has made on the stream. So he is getting a new computer build for his birthday. He says the goal right. Yeah. Because your computer is sad and slow. Yeah yeah so. Yes yes yes. Oh awesome. How does that show up inside of here. So I want to. Turn gifted. Yes. So this is interesting. This doesn't actually show up so let me go ahead and bring it to where I can bring it to share it. See will that work if I do this and share it back on here. See if that works. Hey look at that. So thank you very much Mac telecom networks for gifting that it doesn't show up in the stream yard chat so I can't show it that way. But I can show it here so the awesome for doing that donation there is definitely great. And I've referenced a couple times Cody from Mac telecom networks and their channel so. Yeah the gifting is new. Maybe stream yard hasn't caught up with it so you're not able to see it. I'm not able to share it through stream yard but I'm able to share it this way. Actually can I make this more readable legible. I don't know. Let me find out. Does that make it. It makes it look a little better. Trickiness of doing some of these things but. There we go. We have the gifted 10 warrants for some measures. So I know how that works. I'm completely new to it myself. I didn't know you could do that until this moment. So I have learned something on this live stream. Sadden soak period. Yeah. Oh to have a dad like Tom Lawrence. He just gets computers. Yes. Unfortunately. How's your hacking skills Marcus. Impactable. Yeah. His his interest in computers kind of stops that I'm getting a gaming computer. Yeah. I mean I know how to do the basics. He knows I got to make him learn more computer. I can do basic troubleshooting. That's it. Yes for sure. Do they have to prove intent if he claimed he was negligent in acting without two sources. I don't know that's where I'm not. One thing for sure. And this is holds true in the United States pretty pretty well. It is really not easy to deal with a lot of First Amendment things because it is very frequent the courts side on freedom of press and for good reason. There's a reason we have a good freedom of press. It is a fundamental thing that is part of our Constitution and is often cited and it is very important to have a free press that can say things and not have companies stifle that. So it takes a lot to prove that. So I don't know. My guess is especially that you know I'm not a legal expert but seeing that ubiquities lawyers kind of stop responding and some of the later things. And that's what those things are. Read through those court filings. Maybe someone who understands law better than me understands it. But I kind of feel like if ubiquity is not responding they're kind of like we're going to drop it or whatever. Because they know they I think they did to prove a point put people on mourning maybe you know a were could potentially do this but yeah. Have fun with geek stuff. I'm going to have fun with geek stuff Marcus. We'll get pizza when we're done. I know that's the other reason he's down here. Yes. Bye. User organization always ask for endpoint protection software and use things like that. The primary threat is internal not external firewalls. Don't get hacked like the movies. Yeah. We'll go with that. We've got lots of people saying hello hello hello from Germany hello from Italy. Awesome. It's not some money and can also use as moats or other incentives YouTubers can do like being able to do videos early. Yeah I am I am really ramping things up and I want to maybe hire an editor soon. So I can do that. I need to hire a social media person I think because I get caught up doing it. I like doing the social media stuff but I also want to produce more content. I mean if I spend time doing social media I'm doing less content so I need probably I would like I people say hey why don't you come up with some new shirts I'm like well because we're really busy and we're doing that internally. But I would hire someone to do shirt design so you know someone if you're someone who can offer up some shirt designs I'm willing to compensate for your time I'm not asking anyone work for me for free I would not do that. This is part YouTube is part of a business YouTube has an income to it and I don't mind spending that money with the people that provide value to the channel and social media. So I'm easy enough to reach out to DMB on Twitter or however you want to contact me or help form on our website. Never direct email I don't reply anyone who's ever figured out my email address or thinks they have. Most that goes to a bit bucket I don't have time for emails. I my emails are extremely like only people I know I might reply to everything else just goes to archives. Because I don't yeah I don't really have time to deal with that there's a reason I have forms and contact forms to organize that data just a lot of people talk to me and I like to communicate but just got to be cognizant of how I do that. How do you handle migrating is this the ice because he clans to true next to a new true next server. I guess it depends on what you're trying to do. You can just move the data and reattach it. That's one way to do it. You can copy paste depending on how like move the files I guess I need to know more context probably it's a better forum post than it is a post here but you know if you're moving to a new true next if you do the data. If you migrate the data and then attach it attach the ice because he to the new data location on the new to ask there you go. What was the next thing hold on this is why we have these lists to keep me a little bit on topic just a little it's a little on topic. Videos I'm working on before we jump into some of the other topics. P of sense for MSP Unify for MSP. Those are a couple of videos and business email compromise. Those are a couple of upcoming things I want to work on as part of the series because I get a lot of questions as how we manage it. So I'm going to tell you how we manage it and you may or may not like how we manage it and that'd be fine. But at least you'll have the answer because the question comes up so much about how we do Unify or how we do it's like a repeated question. So I want to make sure I'll have that clear like how we as a business manage these things. So just something that's going to be good talking points for people that are in the it space that manage things for other businesses. That's going to be hopefully clarifying to a lot of people who ask that question all the time. Speaking of silly questions before we get to the next topic there was at least one silly question that someone had today. And let's go ahead and pull that up because I don't understand this question. Actually where do we put that window? Where's that chat window at? Here it is. We'll get rid of the chat window. There we go. But someone asked me a silly question today and it's this one right here. We'll wait for it to load. And it's people who this question is not the first time it's come up and that's part of why I want to bring it up. Where's my other Twitter feed? There we go. Let me zoom in on the tweet. And it's just watch your recent podcast looking at go teleport. Can't see where documents, controls, implement, prevent and compromise. That's answered in there too in this tweet. I can for those of you that like to follow along with the tweet, let me just throw it in here real quick. But tail scale is not much better. I don't know what that means other than tail scale is not documenting what happens if a tail scale node gets taken over. Tail scale clear to comment. This is one of those things that people conflate a lot. They go, oh, tail scale is not going to do anything for security if my node gets compromised. That's correct because that's not the responsibility. Tail scale is a network transport layer management tool. Now it does have ACLs, but those ACLs are not going to be aware of who is operating a client. So if you have tail scale bridging connectivity between devices as it designed to and following the ACLs you put in place and then that node gets compromised, well, then the nodes compromised. The controls in place are not tail scale. So let's say you have file sharing trust between node A and some quantity of nodes, B, C, D, etc. based on the rules that you have allowed. Well, if a node gets compromised, then a node gets compromised. You have to work on your security side, not the tail scale side. But these are questions that keep coming up. They've come up in the comments on tail scale. Well, what if a node gets compromised? I'm like, well, then you have to rely on internal controls for authentication. And anytime you have a, even a VPN layer and an example is just general VPN, not just tail scale, but applies to both. Those are transport layer controls. You have your rules to allow or not allow people to access those transport layer controls, maybe some rules for what access that VPN permissions get. But then after that, that's not my only authentication. For example, in my own business, if you want to log into different things, first VPN, cool. That's step one. From there, there's a series of login pages people have to hit. So you have to understand that it's not tail scales job to solve this or insert name of whatever the transport layer is. And it's kind of a weird conflation people have of, you know, those type of things. I've thought about trying to put that into a video to explain like what, how you secure each layer and what the responsibilities those layers have within trust. But yeah, well, and this is it right here. If a node is compromised, you need to remove that node. Tail scale can't magically know the nodes compromised. Exactly. It's you have to have a process and a procedure for removal of nodes detection response detection. How are you detecting it? What are the endpoint tools that will lead you to knowing that is compromised response? What are the response triggers that you have? So there are there's methods in process you have to have in place for that, but it's not something for tail scale. It is a script maybe that removes that node that would be a response for that. So there's just some thoughts I had around that. It's weird how those questions come up quite a bit. And thank you, Grace and for the nation. Happy with the new entertainment only Google accounts specifically for YouTube. That way I can move on my email from Google workspace to start mail. You try to de-Google file your life. It's interesting trying to do de-Google file your life for sure. You'll realize just, you know, how Google integrated your life is. How do you solve requirements for multi-chaster redundant suches for MLAG? I don't understand exactly what you're asking. What is like you're asking what switch we choose or we have we have a redundant switch. What we did for client with all Cisco equipment. Is that the question? So yeah, not exactly sure. How do I get the questions to show on the stream? Just by clicking the buttons over here. I don't use Amplify, but I don't think there's any way to add it to Unify. Migrating actual data to the new TN server is easy. Updating all the VMIs because it targets with least disruption is the hard part. Cool. I don't know. We can do live migrations from storage with XCPNG. So when we move storage servers, I attach new storage server and I just migrate. I can live migrate the VMs to a new storage server without shutting them down. So that's kind of, you know, that's an easy way to do it is just that. So if we find one of the VMs here, maybe the lab template. Okay, we'll pull it up here. I spooked this up, but just get an idea so I can take this VM. I just hit start on it. It'll be running in a second, but it's on this particular system. This is a new lab system we're working on right here. If anyone's curious, I'll be doing a build video on this because a lot of people were asking about it, but it's just a simple new rise in system that we put together. But let's go back a couple. If I wanted this, once it's booted up here, show you that it's booted. If I wanted to migrate this, go to the disk. I can hit migrate and let me zoom it in just so you can see how that looks. Migrate BDI. Where do I want to put it? Trinity, do I want to move it to an ice-guzzy? I just move it here. I can't move it here because this is actually broken right now. I busted that one, but here's all different places I can move it to. Like even a local storage option. So if I were going to move this to local storage, it's got 1.69 terabytes there. It's got 19 gig here, not a whole lot. Here's another local storage option. Here's an ice-guzzy. I'd hit that, hit OK. I could just migrate the live VM and then attach it to the new storage and, you know, break down the old storage. So that's minimal disruption to me. We'll be doing it that way. TLS proxies are useful. I have a whole video on web filtering. Watch my video. I break down information on the proxies on there. If no is confidence, you can remove that. All right. So we already covered that. Security is a layered approach if you wanted to work. Yes. It's all about your threat model. If you're worried about tail scale being compromised, probably need to look at your layers of defense for anything else. Yes. We should have multiple layers of defense. That's the important part. And, you know, while we're in here, we'll zoom this out so it's not 300% bigger. We are using the latest versions of this. And why does that matter? Because there's a new version of this that we can talk about here in a second. Greetings from Canada. I hope this didn't miss this part yet. I'm in the process of selling in a Dell R710. Yes. So I'm here when we're going to talk about the latest version of Zen Orchestra. Back to school time. A new release of Zen Orchestra this month. Focus on backup and XO Lite. Now, I haven't tested this yet, but it's in alpha. They have a video where they cover this as well. Do some extra Q&A tests on this release. Expect to patch release tomorrow for missing elements in the current update. So apparently something's in there. But this is one of the things that people would ask for. Backup creation is a long-awaited feature. How now made possible as we add a block mode to your short data. This block mode is created to work with S3 compatible. How it is very flexible. A lot of us quickly add new features. We couldn't do in-plane VCH files like compression, able by default, encryption, and even deduplication of future. This is preview mode. So yes, not to be used as part of production. So those of you that are feeling like testing, awesome. Test away. Anyways, it's not possible to create an encrypted backup repository in Zen. Orcasha, this way you can back up your VM data in any location, even untrustworthy ones. For example, without physical access, lack of controls to your network, and so on. Now, pretty easy to do. Backup Christian works by the repository level. Now, we'll show what that means here in a second. The Zen alpha one, I might do a separate video on it, depending on how good it looks. This is the ability to run XO Lite. So you don't need a separate VM. I want this to have its own dedicated video of how it works, some of the things in it. It's really slick what they're working on here. And this will allow you without loading the full Zen Orcasha to administer an XEP and G server. It's just really cool what they're doing here. The way it works, the way you can go to the hosting URL in there, I think it's really clever the way they've implemented it. So definitely really cool there. Let's see if we got all these questions. Choo-choo-choo. All right. My son in here. Boo. How would you back up all your company's money on a factor? Money's not the factor that stops us from doing it now. I make full images of everything. We back up hourly. I guess I could back up every half hour of faster servers, but hourly seems adequate and reasonable. I'm not completely sure on that question. Money's usually not the driving factor for our backups for things. I mean, nonetheless, let's talk about this backups, because it seems to be on the topic of backups. Go here, backups, and we're going to go to settings, and we're going to go to remotes. And this is where you set those settings. So right here, I have my Synology backup test. Maybe I'll edit this one here. You go to the edit, custom options, and store backup, and encrypt all your data for this remote. So basically, you're putting a password in here to set the encryption on it. Pretty simple as far as how that works. Encrypt all new data centers. All the files except the encryption.json are encrypted. This means you can only activate encryption or change key on an empty remote. You won't be able to get data back if you lose the encryption key. Encryption key is saved in your Excel backup config file, which should be secured correctly. Be careful if you saved it in encrypted remote, and you won't be able to access it. Yes, that would be an interesting bug. And that wouldn't be the first time I had someone do this. They had a server, they had a backup, they encrypted it. They stored the decryption data on the desktop in a text file of that backup on the server. So on the desktop, they had that file. So when the server, in the most literal sense, there was a building fire that destroyed the server, destroyed all the backups. And when they brought... This wasn't a client of ours. This was an emergency we tried to help with, but let them know there's nothing we can do. They never backed up that encryption key. They left it on the desktop. So without being able to restore the desktop, they never could get to the desktop that had it with the server, the desktop of the server. So that's definitely make sure you create these encryption keys and know where they are or know what they were set to be able to do this. So I'll do some testing with this because I have different backup tests I run for testing all the time, testing ideas, testing how things work. So this is... One more of those tests that I'll be doing is how the new encrypted backup works. Now, the other testing I have been doing is... And this is right here. The faster merge, and this is the last or two updates ago came out with this. The S3 compatible backups store the backups differently. I did a video on that topic. So it's pretty neat. They're breaking them all down into tiny little files. And they mentioned that in the Zen Orchestra write-up because this is part of the backup they designed for S3. So by putting all these tiny little files together, you're able to get a different... Like they said, they can iterate faster. They can break down all these little VHD files and do more things with them. It's faster to do it. It works better. It's kind of a more clever way than trying to deal with large VHD files. So pretty clever how all that works. I'm excited with all the changes they're making to it. So definitely cool stuff there. What was the next thing on my list? Oh, you know, I did the TrueNAS video and the TrueNAS video... I pointed out, and someone of course there's the snarkiness people out there. Oh, nothing major is coming to TrueNAS 13 as if it's a dead product. But TrueNAS 13, TrueNAS Core specifically is, one, not dead. Two, is really made for the use case I have for it, using it as a storage target, using it for all of your reliable data storage for your target, so to speak, for all your VMs, all your mass data needs and I've got several systems updated. This is where I edit all the store my videos. Now I want to do some more testing with scale. Wendell did a video and he was less than kind talking about some of the problems with scale. But he's right. There's a lot of little quirky issues with scale that, well, yes, that's all there is to it. There's just some quirky issues with scale that hopefully they're working through and are going to get better. I might do some more testing with it. There's a few people that commented and I hadn't seen this problem in the betas but I didn't see them after but I guess it probably depends on what hard you're on and that's drives getting errors on them that go away after reboot. A couple of people commented on my YouTube video on that particular topic. The problem is if it's not easily reproduced it's hard to file a bug report to get that problem fixed. So definitely an issue there at least with whatever setup they're using but the best place to post these things is in the forums not necessarily as a YouTube comment. That's an important thing to think about when you're doing any of these reporting on here. I wonder if it'd be easier to use CryptoMator for backup encryption a lot more interoperable that way and the actual crypto is pretty solid. I don't know. I don't worry about like we back up to our TrueNAS and let me show you here if you go to storage pools if you look at like these VM backups they're all locked well they're unlocked right now but they are locked on boot so if someone were to take it like you see a little lock icon on there it's currently unlocked but if you're on this system you learn is and I set all these up this way every time you boot this up someone's got to put in a password to unlock those particular data sets that's because these data sets are the destination for those backups so it's encrypted at rest and that to me is pretty good. Also the VMs themselves some of them have boot passwords on them so the VMs are also encrypted at rest so when they do the backup they're shut down to the backup they're encrypted so there's not any there's multiple layers of encryption that you would have to get through in order to do that so there's a pretty solid level of encryption on there and this would be one more layer on top of that I don't know how necessary that layer is it's something I want to do some testing I certainly don't want to put my production backups under an alpha level encryption because it's pretty new as a feature so yeah but cool that they're doing it I've need to send an image to 32 computers in a classroom how would you do it? there's a few different tools out there for imaging I mean Windows I'm assuming assuming that they're Windows servers or Windows desktops Windows deployment services are probably the best bet for that you know there's tools out there I remember the name of them what was that one called it was a bootpe I haven't used it in years but there's a couple softwares out there what was that one it was an open source one open source disk and machine just open source, just cloning, five free clonezilla is another way to do it you can do it with clonezilla as well that's another way to do it so there's clonezilla and is it rescue I think you can do it with this one as well which is just rescuezilla so there's another one to do it there clonezilla, rescuezilla there's some platforms that are way more intricate for doing it I was trying to finally upgrade my home VLANs getting into VLANs, lack of supply backwars or make or take switches is what's darn annoying it sure is IT security labs check out their YouTube channel glad you can make it today as well how dare they not add new features to a product they focus a lot on stability and that's perfectly fine right here WDS is great USB with Rufus someone's going to have the comment in there fog server yes that was the one I was looking for it's been forever since I looked at this so I don't know the quality of it or the status of this project today but it still exists it's fogproject.org so that was a popular one how does one how does one Windows React migrating from Intel name and vice versa I know Linux has little issues Windows doesn't seem to care too much you can't do a live migration between them but barring live migration starting the VM on either one of them is not a big deal so that's um yeah I assumed you meant an XCPNG yeah that's but the um you it's not ideal that you should have mixed environments but obviously lab environments are what's available to you and what you got a deal on more so than uh you know everything else Windows may or may not have some hardware uh where Windows wants to re like Windows 10 might go hey look a different set of uh you know different processor that means it's you know uh something in a window what does the windows do it's the windows like hardware if it sees too much of a change in hardware it wants to re validate the license or something I forget what that's called but what the windows stupidity things um you can run into that Microsoft's convoluted and complicated licensing that they have so that's not much you can do about that it is what it is so uh are using amt or something I'm looking at this for nobody physically can reboot a PC so BitLocker is an option uh in Windows and it's the um Ubuntu and Debian both have encryption boot password you can that's built in you can set it up as part of the install so it requires a password on boot so that's not anything it's nothing particularly special in Linux it's just built into it matter of fact uh I think this one probably has it I mean like pull it up to see what it looks like so let me throw this in here this is one of the lab systems we have but it just comes up and uh yeah Microsoft product activation thing you want to be able to reboot a machine without being on site um I don't I mean have an IPMI if it's a physical machine if it's a um what do you call it virtual machine you're about to see how it's handled in virtual machines hey look it wants a password it's not any more complicated than that we just we got to put a password in it's blinking down there waiting for the password so you type the password in this is done remotely for people if we need to encrypt it um it's really not any more complicated than that uh ninja we've got one right now so let me shut it off four shutdowns I don't need it uh how do you manage your cryptic useful links you store them in password manager uh password is is there a site you can spin up and store them uh we use bit warden so we store them in our password manager yeah IPMI or old school use serial power manager yes yeah uh bit warden I you know I love bit warden we've been using it for quite a while now we host it internally you um if you host it internally you have to do some things such as make sure you have a valid certificate or you'll have problems and make sure you have a valid email server because it relies on emails uh for certain parts of approvals like it's a challenge response when you add someone as a user in bit warden and that challenge response starts with email comes back and acknowledgments go back and forth so you do need a working mail client and you need a working valid certificate it can be a reverse proxy it doesn't have to be a certificate loaded with him bit warden reverse proxy works perfectly fine and that's to get the plugin working correctly because if you don't the plugin will error out sometimes I spent a while since I tried it without a cert but if you don't have the cert um yeah you're gonna have some plugin problems it just in rightfully so the plugins looking for valid certificates so gathering of those keys automated though no you set the keys on an individual basis so there's no gathering of them you uninstall set the keys therefore you are creating them as you go so as you create these keys you need to store them somewhere uh bit warden seems like a pretty good vault to store those in um seems reasonable and if you're a business like myself and you're using the enterprise version of bit warden that allows me to create shared vaults between staff members that way not one staff member only has access to the vault then bit warden's a good solution for that if the drive is ticking in the box is that a good uh is it ticking the box yeah yeah actually back onto the true dance topic speaking of drives that make clicking or ticking noises a good segue right let's uh let's talk about that because I want to do a video maybe about this this is my science the new drives just came in today for the new we're building in our true nas server um but this one's got errors one or more devices has experienced an unrecoverable error and uh I want to make a video talking about how to deal with unrecoverable errors and what that means and I have an unhealthy true nas here so we'll do this um unhealthy true nas video coming up talking about things you can do problems you may see um one of them is going to be let me zoom back out so it's there uh let's see here which one has all the errors or is it is it 887 or is it 88 I think two is the real bad one so let's go ahead and there we go control-a I think it's two we said right watch me type on my way through this ah 88 is it p2 unable to get nice types there we go it's 88 zero I think the other one's 82 this is the one that I want to look at for old age and look it in here where's it at how many hours does this drive have spin up time raw read reload power on hours 60 let me make this font size bigger power on hours there we go 65,685 hours so there we go how many hours has that drive been running converted to years what make are these drives I'll get the drives a second uh bit locker where you can store yeah I mean bit locker you're going to store an 80 microsoft then point manager that's a different animal than what I'm talking about here with the linux ones so what about the uh drives so the model of drives was 65,000 hours let's go to top here what model is this should be at the top here these are hitch hot hitachi ultra star uh 7k 3000 now this drives got some errors on it for sure um but nonetheless uh it's still spinning it's been spinning since 2015 I believe that's how the hour should add up but uh it's kind of a science experiment because this is just a another replication of all over data uh it's like one more backup of all over data so it's you know kind of like how long will it last question uh it's certainly lasted a long time yeah 7 7.49 years 7 1.5 years yep yep I see 7 years there yeah yeah it's a lot so oh someone's got one for 10 years yeah absolutely there's a lot um a whole lot there it's in there's a bunch of them in here that are all spinning there's a lot of drives in this system so they're been around for a minute and uh yeah so I'm going to retire this machine but I'm going to walk through like some of the problems I've had how do you solve these how do you check these things how did I keep an eye on it um you know and it's just it's statistics and how ZFS is resilient for it uh about thin client labs I don't do thin client labs um so I don't know anything about thin clients so I can't help you with that question I'm not the thin client guy uh about the last past incident I hear someone say someone source code was stolen uh for them it is not a problem because it's like open source what happens to the codes for proprietary it's not the same um I hope no company relies on the obscurity of their code to remain secure as a product if your code getting out compromises the security of your product your product was never really secure it's really not any more complicated than that if obscurity is your hope for security you're not really secure you're not legitimately secure companies want to keep their code proprietary for licensing reasons for legal reasons um does not change the security of said code I am partial to open source code open source means there is the option for people to go through audit and understand the code and how a product was built but for example people who say things like hey Microsoft should go open source I don't think as many lawyers as they have I don't think it's ever ever going to happen with Microsoft because of so many different cross licenses that they have to built the giant bohemith that is things like the windows in a windows product line and this is true for a lot of companies that they can't just always flip a switch unless they develop the code base by themselves now I think they should all if you're starting out a product today I think it is better to do a product open source but there's still people who have different opinions on that but that shouldn't be the basis for their security is no one can see the source code therefore we have better security so it's my thoughts on the last passes and it's here on there so yeah I am definitely trying to smart someone picked up on I was tabbing too far and going into the partitions that is correct so what's my favorite brand of hard drive I don't have one but I will admit the best reporting on this is always the people over at back plays your favorite drive is a very relative thing just because those drives those drives those Hitachi's in there last a long time that doesn't mean a Hitachi today will last a long time so these hands down I don't think I've ever seen anywhere that test the data quite as well or produces as much data as the people at back plays so I'll throw a link down here for people to read through it they just have a lot of good historical data on drive so out of 15,000 215,000 drives 763 dry failures of 1.46 1.46% but then you can drive into the details for any one of those quarters which are the drives that failed what was right now the thing that is important that I really like that they do here and it's the drive days that is a very important number and I've seen people try oh it's it's not a great number blah blah blah like no it's an incredibly important number because one you have to take everything accordingly based on the sample sets of data so testing 12,000 HGST drives is a great sample set um testing 76 drives maybe not as good of a sample set so it doesn't take much to fail out of 76 drives to get what looks like a high failure rate but you got to remember the sample set and how long and how many hours have they you know the cumulative days of usage and this is one that doesn't look good for Seagate Seagate having this higher percentage obviously of 18,000 hard drives quite a few drives but out of that that's a percentage and a large sample set so I would probably say the Seagate 4TB series not great the 12TB series not great but the 6TB series 186 drives decent sample set the 10TB and 12TB but not this 12TB but this 12TB here so this 12TB 20,000 drives 1.2% but these Seagate drives here so this can help you and guide you along the way but this is obviously not inclusive of every hard drive this only represents the hard drives that they purchased so it's not going to be this sample set of maybe your favorite hard drive or the hard drive you could find on sale it may not be part of their sample data because this is a pretty narrow band of drives they actually address and talk about that and one of the reasons they they talk about is just they have to buy drives well you need 2,000 drives to be able to test 2,700 drives requires you to purchase 2,700 drives so with all that data on there some vendors can't fulfill a drive order of the same type of quantity that they're looking for so if you read through their blog post they talk about their selection process one of the criteria has to be can you supply 1,000 at a time whatever the batches that they're ordering on there so yeah that's the just an important aspect that really has to be thought about for this and these by the way aren't necessarily the most expensive or least expensive drives I kind of found some of them are in the mid range on there so what's my favorite brand I do take this data into assessment if I'm going to buy a quantity of drives you're buying a one-off or one drive it may not matter as much yeah back plays great reporting is there a consumer AV that actually compares to their protection offer to business no I would say well it I would say probably the best one out there for consumers is just the Microsoft Defender I don't see a reason not to use it for consumers I don't know of any consumer AV that compares to like Sentinel-1 so I don't really have any any help on that I also don't spend a lot of time looking at them so I am not well researched in it I spend zero zero time testing consumer AV products so I know based on my little bit of readings things I see in the news but I'm not aware of any that are particularly good the year that the three had three terrified failing yeah a couple of those that are bad I've got a Mac on a bench with a failing 3TB so yeah 8% loads of corruption WDCs yeah WDCs are pretty popular you know we've got the Seagate Drives in our 45 Drive server I've been really happy with them Wendell is just Wendell from Level 1 Tech just released some videos and he's using some of those same Seagates as well there's Seagates Exos Drives they seem really solid or what 45 Drives is part of the recommended list I don't have any problems with them they've been working quite well I just can't complain about them because nothing's broke well I mean something was broke when we first got them because one of them was bad out of a batch of them but it was bad like from the rip it was not like it went bad later it was bad within the first week we used it and it had errors on it within 24 hours I formatted it eject it put it back in and yeah so it back and forth I don't know whatever came of the WD-HED vulnerability I don't know what you're referencing it's actually not just the I guess it depends which one if you're talking about let's see they have those vulnerabilities in their let me find someone who had a good there's been a couple different ones but they were things about their external hard drive vulnerability affecting my book live dual external drives could be attack or remotely delete things on there and this is an old product it's a consumer product there's not there's not a lot I don't know it's a consumer thing they were some flaws found in it and western digital I think chose not to do anything so because it was such an old product I don't think they really saved firmware updates for it I don't know I don't remember following this details on there but I don't hold in high esteem any of those consumer facing external drives that have extra security features or internet features on them I don't recommend them some of our Synologies and I can probably log into my Synology see what drives are in there the commercial Synologies we have let me find it where's it at I think it's the the storage manager that has that tells me the drives we have these Seagate which ones are these iron wolves we get a lot of these iron wolves on there they come with the two year warranties on them this what's running in my system here is these Seagate iron wolves I haven't had any problems with them they seem to be pretty good I haven't really done much with Kyoxia I have a couple Kyoxias and they're working but I haven't deployed them at scale so jbad vs sand what's the use of a Hypervisor and TrueNAS I never used the Hypervisor and TrueNAS so I don't really have any comment on that I'm using XCPNG for your now we updated using Yum update is that correct is the correct way am I downloading so no you can do in place upgrades with Yum update the way XCPNG works is pulling from their repositories so you're fine they're you're not pulling from the normal because it's based on CentOS but they're maintaining it so when you do the updates it reaches out not to the general CentOS repositories but specifically to the XCPNG because it's a customized distribution I'll remember one last year really deleting data yeah what made me dislike WDHE it was they did not disclose certain red drives that they were using CMR they sold red drives out disclosing it yeah that was shady that's for sure the SMR CMR debacle a couple years ago she says we got to go out and think Laurence systems hope you back next week I miss I'm missing context for part of that I think Laurence systems thank you I'll take a thank you I'm context for what the thank yous for but I'll take a thank you yeah don't enable standard repos that would be a good point right there is it possible to use multiple domains in HAProxy not subdomains yes that can be configured because you can have multiple certificates managed in HAProxy and everything else that's really not not that big of a deal to do I only did the demo video with one certificate when I did my HAProxy video but I mean you can have more than one certificate set up inside of TrueNAS and when you're setting up HAProxy you would just choose whichever certificate matches whichever domain not necessarily subdomain so the concept works the same way when you're setting those up hopefully that makes sense for you I don't know what was the other thing someone had asked I've done a troubleshooting video in HAProxy but man people still get DNS wrong it seems like all the support options or support requests in my farm relating to HAProxy you're always someone had DNS wrong someone else had DNS wrong the other day on it like the joke of it's always DNS look with HAProxy it seems like 99% of the time when people have a problem working it's DNS they didn't follow the DNS settings they don't understand how DNS works they don't understand the role DNS plays and how your browser sends the data to HAProxy that's all extremely relevant because the browser has to have a DNS lookup and then say this is the website I'd like it resolves to this IP address so let me request and do a server name request for this website so HAProxy will get that information and send up and serve up the right site, the right certificate so yeah when Squid replaced HAProxy Squid is a reverse proxy yeah Squid different proxy types they're both proxies different different proxy types Squid is generally used as a proxy for filtering websites and things like that I'm not a big fan of it it's kind of a headache to use that's why I did a whole video on web filtering to discuss all of that so that's definitely something to think about there just watch my video on web filtering if you want to dive into the details of that I'm getting to wind down to the end of this I did do my first sponsored video those are going to be coming out soon I'm going to release it the current plan is looking like Wednesday we recorded it today we recorded a whole demo it's a new series so to speak well not my series but I'm going to do instead of peppering my videos with a bunch of pre-roll ads I try to keep those to a minimum I don't think I've had any so far but I may have a couple well we have like Linode on the channel and a little wants to sponsor a couple of our things working with Linode has been great but I'm going to do some dedicated sponsored posts and a reason for those is so I don't have to do as many little sponsors across lots of videos where people go I heard this ad read on seven other channels but I also want them to be more engaging and educational so even though it's a sponsored post we dive deep into how to solve a technology problem we of course are going to talk about the tools that this person has that do solve that problem but it still can get you thinking about the problem thinking about different angles of how you want to deal with it so it's both a technical discussion and educational discussion and so I want to be beneficial for all parties involved and then by the way I said the product hey the product solves that problem if you just want to look at how that problem needs to be solved and invent your own product based on that or look at other things and you know for comparison my goal is to just be bringing that level of education interaction to the channel so that video will be released on Wednesday and then tomorrow I'm doing a video with Fin security I've talked about them as an investor in Fin so I'm very transparent about my relationship with them they did not pay to be on the channel I actually gave them money so but I think it's a cool product they're a I'll pull them up real quick there are a fishing company they just have some neat things so we'll be talking I'm not going to probably do this live stream I'm going to do it recorded and present with the people at Fin talking about what it is how it works and what makes them different than some of the other fishing and security awareness things on there so yeah that's definitely oh who the video I did the sponsorship with today let me do something better let me see if this works I don't know if they have a set up yet they are building a special link that way people if they would like to hit the special link and I will throw this out here and we'll just see how many hits this gets I'm going to throw it in the link here this literally just went live today so the video is not live yet because we only recorded it the company is uh saslio so let me pull up saslio com and show you what they do this is the company and it's just if you want to I put the link in there if you are interested in doing it but sasio did an interview with them I've known john for a while but he we sponsored where we have a full product demo this is a product we're integrating ourselves but it's really interesting of the problem it solves and it gives you a lot of visibility and insights into what your clients are using and man is it slick like it's just it's one of those things you don't know what you're missing until you start playing with it and you're just like wait how does all this work it does what cool basically what you're saying is in a nutshell it gives you a list and a bunch of action items around it the video is going to be fun I can't wait to release it Wednesday because I really this is just a neat product to me but what they do is they go in they have a agent they load on the endpoint and then a browser hooks that go in now the browser hooks are you know fully if you didn't know all browser plugins technically are open source because you can't obfuscate the code that goes into a browser plugin and they're watching all the business sites that people go to and then builds actionable lists and items from this so I think this product is just really neat so one of the things you can track for example and this is a real problem so let's talk about data loss prevention data loss prevention is the Holy Grail we want to know how our data was exfiltrated from the company and frequently let's say Dropbox being a business application I know when people log into Dropbox we can track that we can put our firewall or a proxy watch chat but the firewalls and proxies usually aren't advanced enough to know what login they use this will give you that insight of what logins were used whether it was a personal or business and then trigger and alert based on those things you can also break it down to every individual employee and say here's all the sites and create onboarding lists and off boarding lists and you can go back you can really drill down and say this is all the baseline for what this particular user uses these are all the websites they go to here's all the data they put in there you can build a lot of insight on there and it's got really nice reporting to have actionable conversations with your client so you can have this it actually has a list called the reports are called like onboard lists and off board lists so you can say hey before you get rid of a certain person in certain position at company here's all the sites that they log into on a regular basis here's all the different places on there and I think that's really interesting to have that information have a conversation with your clients about it and we're testing this out with our clients because we've learned quite a bit so it's definitely pretty slick oh is Marcus trying to say the is Marcus saying the pizza's getting cold Tom? Yeah he wants pizza oh yes I don't want to sprinkle it with Nord VPN everywhere no I do not submitting my by month 3 plug for next thoughts your next video yeah maybe it's definitely interesting as a MSP for sure I want pizza too do you plan on doing videos about IPv6 no maybe if IPv6 becomes popular and people always send me stats there's like people have been tagging me on twitter and IPv6 it's the year of IPv6 okay if you say so I'm not worried about it my son wants me to do all the Nord VPN sponsors yeah yeah I don't ever want to do VPN sponsors VPN stuff is just flat out oversold yeah ah what is the next thing we're going to pull up here this will be the I did have a bunch of hot sauces this is my friend Jason and the we had a lot of hot sauces at the office yesterday we just were being simple and we went and just got a bunch of B-dubs plain wings and threw hot sauce on there so but we have a few we have let me try to zoom in here which ones did we go through that day we actually end up getting more out but there's a good variety of hot sauces on here plus my one that was sent to me from Australia I tell you what though the pepper plant ones really good I like to stuff them garlic ghost fusion the ghost hot sauce is great ghost pepper steak sauce man that's just I like the ghost pepper steak sauce that is really a good I mean definitely going to say I enjoy that one there my son is a big fan of the garlic confusion my son is probably less a fan of Raid Shadow Legends as a sponsor hi I'm wondering if you know what I can use OpenVN to connect to a server and port forward and use the VPN server for players to connect so I don't leak my main AP nope I don't have a solution for that I heard today that some ISPs in Sweden have started to charge customers to not be put by CG NAT kind of sucks yep that's common that's happening here in the United States as well you know my dad lives in a rural part of Michigan pretty out there they have a wireless ISP because of the remoteness of the area and you get NAT you get CG NAT you don't get a public IP address mobile game apps do pay very well this is true there's a real I know some of the VPN companies they offer quite a bit of money depending on how many viewers you have for things but I just don't want to do that so I said leave room for chips nothing but sauce yeah yeah the sauces it's all about the sauces and oh someone may point out and we can have a laugh yes we do have some uh Tums right there at the top so definitely an important aspect of things is you have the Tums at the ready right what else is there to discuss there was something else I was going to talk about but I think I've reached the end of it and this is here we'll pull this one up real quick here's my son this is my son look at this his pizza is so plain he just does pepperonis here and Parmesan look at this I make it an art I make artwork out of this my son is so boring when it comes to pizza so I put four things on my pizza that's it you remind me of Elisabeth when you cook your son with nope I need to play the cue the Jeopardy music wait can I get a copyright strike you're upcoming next cloud on trunas well the good and the bad about next cloud on trunas is I the video is going to be really dead simple but kind of boring if you do it on trunas core one of the problems and I mentioned in my video is the fact that you cannot run the is it clobbera clobbera office uh the next cloud office plugins because they don't work in bsd so the yeah but I am building another server that's going to be well I got to rebuild it I'm going to build another box that's going to be for the trunas scale so I want to do some more testing I may if I feel real confident after I build that one convert one of mine to trunas scale so I can dive into it really so yeah that's going to be then because it makes more sense to run it on trunas scale because it should work with all the plugins I don't know I haven't tested it but if it does awesome and I pointed out in my last video that even the people at IX systems have made a note now stating that if you want a better experience with next cloud that you should be running it trunas scale so yeah uh my main problem is I can't designate main pool as uh yes you can you may not you just probably don't know how to map the thing map the data sets in there what's the hot sauce for today dad we didn't have a hot sauce today we just talked about the pizza and my friend who had all the hot sauces I can go grab them so oh you can bring a hot sauce down right after you do that then I'm going to wind down live from my son is going to go grab a hot sauce that we will show on here so go get the hot sauce of the day ha ha ha then we'll um yeah the problem is it's I mean there's a joke that's been going around forever it's there's one of the local computer meetups the uh I think it's called mug michigan users group I I sporadically show up at those uh events and meetups I have friends that go there uh they've been doing a talk for years there called the year of ipv6 the talk is now like 18 years old um so yeah it's just it's one of those things it just hasn't really caught on oh yeah that one's good what is this one called I don't even know I don't know how to say it so I'll let you guys read it I gotta say I gotta there we go focusing this has face focus I gotta cover my face to get it to focus I don't know we got this from um yeah it's just says like SAI medium sauce I have no idea this sauce is really good though it's just called sauce makers sauce makers look we found it at pepper palace it tastes good though I take a look at it sql hot sauce that smells good actually uh someone's gonna laugh at this one I've never tried this and um I'll bring it up here in the stream where you take off and get pizza but I did find this brand called hacker hot sauce with some amusing names um so where's that uh mango bin shh reboot rm-rf insides eternal blue beta beta sauce 12 bit salt buffy overflow uh ghost in the bin but they don't have much like their branding is cool but not incredible I'm gonna say I give them an okay I it's neat that they have this it's neat that this exists uh it's hacker hot sauce dot com I figured that you have even more branding and cleverness so what else do we have in here is there a nose for you larger chance uh is there a nose for you larger chance of data loss to trunascale wondering if it'd be a bad idea to upgrade or switch the scale I don't know and I haven't tested enough I feel like they got the zfs right but they still have all the bugs and docker and kubernetes and the management around it but you know when they'll do the video talking about that all the bugs they have around that but as far as did they do zfs right yes I think they got the zfs part right sauce makers deserve medium in 2018 me and rmsp we co-manager planning a second location I mentioned ipv 16 left uh still no ipv 6 in 2022 yeah it's just not I mean the home users ask about it all the time businesses it's just not it's not I mean it's not that it's not used anywhere there's there are exceptions so I'm not seeing an absolutes here but it's not as widespread as some people seem to think it is so um that's just life that's life life in 2022 but I'm gonna wind this down I'll give you guys uh two more minutes of questions any final questions before we wind all this down throw throw a few rapid rapid fired questions and see if Tom can answer them what's your favorite hot sauce Dan my favorite hot sauce I don't have a favorite I don't know I gotta man I really like those pepper plant ones though the pepper plant chunky garlic chunky garlic pepper plant that was an addiction I had to like stop we bought like a gallon of it because I started eating it so much we bought two gallons we did we went through two gallons of it mostly yeah I'm actually gonna go to Amazon for this hold on Amazon it's so good yeah we ordered like we ordered these big ones here like we went through so much of this it's so good it's like $18 a bottle it's actually a really good deal here I'll for those of you that just want a direct link to it here we go a little drop the link in there for you so uh are you using cef cluster 45 dry storage or are you making a video about it I'm going to work with 45 drives on a video for cef cluster storage so yes there's videos coming on that topic with 45 drives in the meantime watch the 45 drives videos they have great videos on that topic they're the the cef experts what pbx would you recommend we still use free pbx it works we don't really support it for our clients though we went to a fully managed voice solution because I don't have time to support a pbx solution right now um so if I understand this correctly the zfs file system file integrity part should be darn solid but there might be flaky stuff on top of it so risk allows to cylinder to court I think so I have no idea uh being a hot sauce owner you should be required to work for time not necessarily yeah two gallons and I felt shame yeah uh is there there's a place in Portland where she's beer and hot sauce that sounds good sounds great yeah half gallon for $18 man that's a deal I agree I I think it's a great deal for this stuff so I thumbs up for it it's just good and the flavor oh the flavors wonderful on it yeah my he's a big fan of it back here yep but all right thank you everyone for joining where are we getting pizza from people we'll leave him hanging what I got last time yeah you want the panzeroni pepper panzeroni pepper little scissors yeah with the fatality but six little scissors and Italian breadsticks all right so we've answered the question for those people that usually ask what's the pizza of the day we can do pizza day all the time so it's um favorite goosebumps book my favorite goosebumps book you think I read he has a favorite goosebumps shirt and that's where it's stopped yeah I mean what's on the back of this I don't know hey fate favorite uh manga manga hard one I'm reading demon slayer right now that's pretty good all right demon slayer manga that's his favorite not goosebumps book bash the like button yeah do that for everyone leaves here hold on 126 people 51 likes let's go ahead and crank those likes up we can throw that up on the screen that'll be our wind down we'll watch the likes go up then I'll order a pizza I can probably order a pizza while the likes go up too yeah let's do that turns out I don't have to stop the stream to order the pizza hi guest log in we're doing a pickup today start your order cool bancheroni pepperoni yeah it's so good there's so many pepperonis on that so many but it's so good yeah crazy so that's there and we want the pepperoni breadstick or just Italian but I say the pepperoni one I didn't know there were pepperoni all right and pepperoni breadsticks just all the pepperonis all right check out no thanks don't add those to cart payment and place order you ready 521 wow great I don't know not 521 how many likes do we got now 71 likes awesome oh if I'm root he is not root this boy doesn't know root yeah hang out the library yes no I can barely read so yeah he's he can read I can read it's just not very well yeah he's working on that yeah that's why we got him in school still good hardware get a neck gate 6100 has 10 has 10 gigs apart pepperoni with some pepperoni please yes yes let's put the little Caesar's fenceroni pepperoni thing yeah look at that thing it says over 100 pepperonis yes so we'll share this screen next this is what we get the fenceroni pepperoni um it's just tons of pepperoni it's so good by the way little Caesar's not a sponsor but I don't know maybe you could this one words are hard words are hard especially when you read them oh yeah I am I think that I am I am rooting root here too so yeah sorry we're gonna go get a pepperoni pizza thank you all for joining hit me up in the forums say hi on twitter ask silly questions and be talked about on maybe a youtube video thank you everyone for hitting that like button and I will see you next time and uh or at an event if I see some of you in person I'm gonna keep mentioning those in the beginning so you can figure out where I'm at thanks everyone later fashion like button