 Welcome to vlog Thursday number 302. Did I get the numbering right? Is it 302? I feels that feels correct. I can always change it in post. I can't change what I said in post But I can change the numbers. Let's see. Is that line up? No, it should be 303 Wow, okay 303. I think we can actually edit that So wait, I can edit does it change dynamically if we do this? 303 sweet. I know what number it is save changes. There we go 303. We updated I actually have something pulled up because I want to start with is I've been wanting to start with where can you find Tom and Not just on Thursdays working fine time working fine time other than Thursdays like is there events? He's at yes I'm gonna be at the Acronis cyberfit thing event thing. It's probably had a title They have the date in here. It's I'm flying on Sunday to Miami to go to this and somewhere if you Google this Where's their cyberfit summit I Googled it and apparently I didn't land on the right page Anyways, if you're gonna be at the Acronis cyberfit summit in Miami, that's gonna be Look at the dates. I know it's this Sunday and that is going to be so we have a more accurate date I'll be there the 7th and 8th of November. I fly I fly in early to I don't know be in Miami. I guess so that's where you'll find me Monday and Tuesday Then after that I know where I'll be in I can give that I have the information correct on this one Pace this in I will be at the IT Nation Connect November 9th through 11th in Orlando So I'm gonna be in Florida for a few days. So If you want to see me come say hi Whatever I like saying hi to people and it's fun that I go to these events really to interact with people I don't need more Products I just like hanging out with my friends, but I do a lot of learning there That's the biggest thing is going to these events is to go hang out learn Specifically at the Acronis cyberfit event. I'll actually be interviewing It's part of a sponsorship thing that a chronist is working out with me And I'll be just talking details with people and dive it into the tech and bring in some educational content Brought to you by a chronist. I'll be saying that But you know, hey, whatever they want sponsors some education Why not that's a lot of times what I'm reaching out to and lining up myself with some more sponsors is to bring Some more educational content I think I'm gonna have to hire some more people for my YouTube channel and it kind of starts with sponsors because I got to realize that this is more than just the hobby and I Can't just take people away from The whole You know my business to keep messing with YouTube I kind of probably should make it official and hire people directly to help me test products and everything for YouTube But that actually comes with expenses because I always hear people say get interns And I never liked the idea of just having people work for me for free I always like to pay the people that work for me So, yeah Am I leaving some of the one for a chronist the answer is no Even though it's gonna be sponsored by a chronist. I'm not leaving set in the one I will be talking about some of their DLP products and things like that But I'm gonna be talking about if I'm an engineering perspective, you know, they they're fine with that They completely know what products that use we've had conversations So this isn't a change my mind or whatever as much as it's a hey Let's just talk about the technical things on be interviewing Some other people that are involved in making the products and technical details and how they think about things If you choose to use a chronist, I don't think you got bad products or anything like that but hey, it's one of those things and I see someone else and I agree with this as well like yeah, I never do unpaid interns I always pay them real wage. Yeah, even if they're real wage and sometimes is either a smaller contract, especially when you're talking about like I have One of my son's friends was it I'm no problem hiring him and he only needs something for you know His start in with his college career in tech, but I'm like, I'll pay him something basic While he learns because he's you know, not I don't know where his skill level is He's still learning but he's fascinated by tech. So I'm like, hey, why not? Hmm Yeah Travis one of our office One of the trusted members of my team He knows that we he knows we just signed some new deals I'll let I don't know when I can talk about some of the new stuff coming up. I got a But soon I will be able to but it's still set on one. It's just how things are going. So yes a Lot of people have been using a chronist as a backup product for a long time It's a good backup product in terms like cloning I mean, that's where they got their big start in success, but they've expanded out to other products So we talking about that and I'll be at their event. So The final event that I will be at will be this one here As far as I know, I haven't seen a reason not to go And Jay will probably be joining me will be in Jay will carpool Jay from learn Linux TV And that's gonna be the Ohio Linux Fest. I gotta get that booked because Make sure the hotels still available. I didn't book my hotel for that's a reason. I see it's slightly tentative I will Jay just got back from a conference himself and I will be meeting with Jay from learn Linux TV tomorrow we're gonna hang out with a few of our other friends and We'll be discussing some of our plans because I'll book the hotel and take care of it tomorrow So then it'll be official So there's all my travel plans That's uh Yeah, that's all the announcements. I really have so alright. I know things and I drink beer Yes, I drink and know things. That's the today I should have put the craft computing shirt on I think I had it on last week because I got my Voodoo Ranger not a not a sponsor But if they want to they can just send me free beer and I'd be happy I'd show that I'm drinking it Voodoo Ranger makes some of my favorite beers. I can't stop thereby It's by New Belgium I'm not quite the beer kind of sore is our friend Jeff from craft computing is but I do enjoy Some of these bitter IPAs All of us started somewhere now CTO started off as help desk one taking trash out moving Stuff from pointy to point B clicks when it pops up. Yeah I'm still the janitor. You know, I have to mop it up occasionally so you you kind of go from a curve of Doing things and eventually you're just the janitor. So What's a rat a rat is the part where I go off topic and just talk about all the errata It's just the all the miscellaneous things after I talk about the topics I wanted to cover Speaking of it, let's go ahead and jump into a topic. I wanted to cover I did not do a dedicated video on this and there's a reason why that we'll talk about as well Because I like to test things Yeah BS it's when Tom just BS and talks about things. That's that's the errata part of this entire conversation Zen orchestra and Happy Halloween to from the team over there. That's some pumpkins to look at but They have this Halloween some new updates faster backups and this is pretty cool, too Now I didn't test this because I just haven't had time the network block device stuff. I like that. They're they're really Putting a lot of performance engineering into Zen Orchestra This is among those things and it's basically using MBD to Understand or have the Zen Orchestra talk to the file system in a better more efficient way for backups This is great In the backup performance has been really good since we moved over to these Ryzen's hence see video about us Recent video. I just posted on that for the specs and the servers and everything else, but they're really just Doubling down on tuning all the little features of this to make it more and more Attractive to be a holistic system and this is one of the things that you know, I see people I I seen some weird comments on this and dumb arguments So we'll get into those later But the Zen Orchestra system offering a fully integrated backup along with management all your virtual machines Makes it a pretty awesome system and it also changes your thoughts on how total cost of ownership looks like because when you can do all of your backups without a third party tool you Save money on that third party tool as well as the licensing fees that you are paying to oh A company such as VMware who has made some dramatic increases and which has caused more and more people to go Hey Zen seems really really reasonable at this point because well VMware seems less and less reasonable And the performance is getting better the feature sets are getting deeper the agent list full virtual machine backup is pretty cool because you're managing it via you know talking directly to the Zen server via Zen Orchestra that is just makes for a beautiful Arrangement in my opinion because I don't have to deal anything on my backups in terms of like loading agents or management And that's where some people think there's a problem and I'm like no that's not a problem That's actually a benefit being able to do it because I can just grab restore move virtual machines around with the backups And once again, this is more enhancement for there Now I haven't really done this But they do have a cloud a knit system It's pretty cool. I should probably sit down and play with it at some point in time And if you're not here with what cloud and it is I think Jay from learnings TV has a video on there It's a way to build your VMs and have it basically attached this Cloud and knit config to push different settings into the VM as you build them So as you clone these VMs, it goes. Hey, what are these things in there? Like putting your SSH keys in or certain config files that you may want that's a pretty neat one and They're improving more features around that Improved backup encryption. I haven't really used the backup encryption But I think it's pretty cool if they have it I I It's a kind of a new feature so I'm a little bit nervous about it. I encrypt my virtual machines So because my virtual machines themselves are encrypted I don't worry about the encrypting of the backups themselves, but as this matures and Yeah, I think it's gonna be a pretty cool feature and they're You know pretty cool that they're building all this in so you can also have encrypted backups because something people Really want it for a security policy and it makes sense Evolution of the cash system for VM restore This is something that I'll actually show this and demo this it's pretty it's just really indexed as fast Especially when you're like us and we're have a larger lab Indexes all the backups really fast XO light is coming along XO light is the Light version of Xenarch judges. You don't have to install as a VM this has been a request for a long time that you can just set up a Zen server and Control it through a web interface without having to load something extra as a virtual machine I get there for people that want to run this in the lab. So as this product comes along to that I'm really excited about that now This they also changed the way the licenses work, too I think this is actually kind of cool. You can make it easier sign import a sign an entire pool Support automatically they do offer licensing for support This is a license feature that does not get you anything extra other than support I want to be clear on that because someone last week had made a statement that if you don't buy the license You can't have certain features and I'm like, no, no, they are completely 100% open source and all the features are unlocked. You just don't get support with the if you Compile it yourself and do open source. I mean and that's kind of be expected at one point Would you expect the company to I mean they have forums It's not like there's no support you're hanging in the wind here. They have really solid documentation I have a lot of good videos on it between my videos documentation Which my videos are also part of the documentation if you go to the official docs you can run a Solid hypervisor here fully open source without paying any license fees And it's something I really encourage homeland people to do and someone's gonna say what about proxmox use it I don't hate proxmox at all just because I prefer XC P and G doesn't mean I don't like proxmox I think proxmox is a good choice as well. So throw that out there for people looking for open source things What's a good open source VDI gateway, I don't understand what you're trying to do. What's a VDI gateway? What is your goal? You talked me into transition XC P and G from VMware. What are some of the third-party plugins? I don't really know what third-party plugins there are there might be some well I take that back. I there's net box is a third-party plug-in. I Think there's a Nagios plug-in as well, but I don't use Nagios I've never used it I'm not sure what other plugins there are. I'm not an expert on that part of it But last thing on here and this is where some discussion will occur Well, this was just cool. Just XO a check add and TP time sink cool but over here to do XO logs to external sys log and I think they fixed this Yes, they did the typo has been fixed. I copied and pasted a typo I didn't know there was a typo because it is logged that transport and it's supposed to be logs that transport what does that actually mean though and Let's talk about how you interact with people to get the proper outcome. I've joked about this before about trying to figure out should I do a video on this topic and Basically, the topic would be how do you do the actual Interaction with someone so you can get a problem fixed. I try to provide them a Really extensive. I know what questions are gonna ask and please note in their forums. I'm an ambassador. I think that's cool Let's talk about the process of time troubleshooting this So I really like this feature, but I'm having issues getting it to work And you know, there's my first statement I assume this goes and I would say assume because this is they just said and they're put it in the config file I assume it goes in the config dot to ml file located in opt XO XO server for XO community or user bin node XO server for the XO appliance and you see Tom pasted log dot transport dot sys log target equals TCP I have tested both on XO and XO community neither Worked I don't have any error message and log files Stating the config is incorrect. I have our sys log set up working So I know I'm able to reach the log server and send data. Also, I've assumed I can do this UDP by changing the prefix to UDP instead of the TCP prefix one things I do is I never try to make hard statements when I'm doing it I said these are my assumptions I'm based on your blog post and also letting them know I know how to talk to the log server because well It's also using sys log talk to us. We've kind of sorted out those things so Oliver head of the team pings on Julian Running is someone else comment on running the same issue. He agreed First of all, you can use utp see p. Yes. Do you have an x-way support ticket? We went through that. There's my tunnel support ticket. I have with them So I let them remote into this particular system. I set up in my lab And this is where he says hey, there's a type on our blog post in our sample config It's logs not log so that s missing, you know computers are so picky about these things you got to spell things correctly and Then he also said don't change it in Excel servers directory change it and actually Excel server I fixed it to your restart, but then I said hey still not working Then he linked me to a github post, which is great because he realized there was a split log feature And this is where we can I'll pull it back over here Well, I'll show you down here. I replied that it's working, but he also linked to the github post and for those of you running into this you need to actually Load these extra packages the split log package which is part of their Is it called yarn? Package start extra server patch Jason Yeah, it's in the yarn package registry for this So a couple extra packages they must have had an development environment that we're missing from the primary environment But the important thing is that you give them good data. You don't just attack them This is a weird thing I see people doing is to say your system's garbage. It doesn't work and I'm like no no my goal is to have an outcome That benefits one so they understand my scenario and why it's not working for me Maybe I'm doing something wrong is how I always start, you know Even though I'm pretty well versed in a lot of this stuff I still start with I might be wrong because I think it sends the right message to them Like hey check my configs that I do it right. I also provide them all the information so there's less back and forth You don't want to stress out the people providing support So don't say it doesn't work because boy I've been going through and spending some time in the forums and it's mind-numbing seeing some of the stuff in there because Windows don't work. What doesn't work. It doesn't load. What doesn't load? Is there an error message like there's so much effort put into it and I'm like these should be technical people doing this This is how you interact Well, this is how I interact is is how people who really care about getting it done interact, but yeah, but that's um Hopefully that clarifies that this is why I didn't do a video right away is that this wasn't working now It works by the way You can export everything to your syslog server properly right out of Zen natively without sending our syslog to it That's a long way to saying that I think but I always like to talk about the interactions I try to have with people to try to have a better outcome when it comes to all this because you know The goal is I'm a not a good coder at all There's a reason I don't code is a bad at it and I don't have the interest in being good at it I don't want to put the effort in I'm just gonna be honest But I do like creating documentation and helping the community out when it comes to open source projects That's why I talk so much about how we engage with people online and We make our discourse less course, you know, so we have a better interaction with all teams involved So we can have working products so I Just got a job in IT department looking to do a lot of cleanup on the tech stack the previous guy outright left pros and cons The moving current VMs from VMware XCM sheet if possible First never unless you know the environment well if this is production if Just because Tom says XC PNG is cool. If you don't know the product you're gonna have a bad time so make sure you have Very much familiarize yourself with one the current needs of the client or your customer or the place you work The needs of the systems you're maintaining make sure you understand those needs then make sure you understand XC PNG for example and as long as you have a clear understanding of the needs and a clear understanding of whether or not XC PNG fits those needs then you can look at the alignment of whether or not you move away from VMware Are they using any particular things in VMware? That is VMware unique or tied to it in a special way One of the things you have to make sure I mean from a migration standpoint Yeah, just download the VMware tools and migrate the VMs I've talked about cloning VMs using tools any really any cloning tool even in certain name a Cronus like he said at the beginning here By using any of those cloning tools you can take and clone those over to another instance of a different hypervisor So it's not a big deal to do but it will not look well on you if you are Not well versed in the product and you don't have good support for it Also, if you're using this commercially for a business, I really recommend buying commercial support from the XC PNG team in order to help facilitate and make your life easier Because you want to have someone who can you know backstop you when it comes to if there's a problem or if there's a challenge You face on on those so Proxmox has some things to fix such as when it backs up It's hard to read the entire disk including empty space instead of detecting changes poorly done Even with the new backup server. Yeah, I've never used it. So I'll assume that's what people are doing VDI virtual desktop infrastructure Excuse you go back up in a second Proxmox has to read the entire disk Detect was sparse. Yeah, well, actually let's play with some backups in a second and talk about that I'm looking to connect thin clients of VMs. I'm looking like UDS enterprise. I There's not I if you're in the if you have to use Windows as your base There's not a lot out there for thin clients thin clients are a band-aid on Building web applications like well, we're gonna use QuickBooks through VDI. Why because well QuickBooks online isn't good yet So a lot of applications are like that VDI infrastructure is kind of like this temporary band-aid to get things into the cloud publish applications Native new programs are not built with VDI, you know any startup writing a new application day is building it to be a web application That's just the way things are Windows is the legacy world. It's gonna have a long tail. It's not going away anytime soon Legacy has a really long tail and as long as enterprise companies keep using it Microsoft will keep Shilling it out to them and paying them license fees But reality is most new applications web application So I don't think there's a big push in the market to create an open-source VDI delivery solution that delivers Windows because Windows already has ability to do that. So To do to do Yeah, Citrix public applications and of course Citrix their application publishing system is pretty extensive and It's it's made really Windows centrics If you set up PF sense device as a lab your XP and G I think if you're the LAN party of PF sense VM guests or to use private network We have a bunch of extra VLANs we create that's our solution to it VLANs is my is the magic. I like to do tuning in a bit late from New York City. I'm assuming that you mean hello Tom greetings there Charles So Filter to Tom maybe Tom's projects. I don't know. There's a lot of things in here. Oh, there's one of them What we do for ourselves is I could breathe I should probably names are because I mean they're in the studio still but they're just Studio 100 and studio 200 used to be physically in the studio That's not exactly true anymore, but the concept's still the same So if we look over here, we go to pool and we look at networks and we have a lot of networks What I do is I just keep building more and more networks and there's our studio one We just assigned VLANs to things. So this is VLAN 100 and VLAN 200 We have a VLAN 1200 as well apparently a VLAN 10 and of course a VLAN 69 What we do is we just keep building More and more VLANs. So you pick the interface physical interface that those are going to go to You define a new VLAN. That's how I assign all of them. So if you looked at Switches back over to Tom's projects And yes, I am playing with pfSense 2.7 development um You'll see on the networks. I assign first the main one is WAN. So if you look at the council here, there's our WAN assigned to xn0 and it's assigned to an IP address Then the LAN xn2 and opt is just not set yet Xn xn1 and xn2 those are going to be these they go in order So vif0 vif1 vif2 they're always assigned to different VLANs and then And for example, let's go ahead and show you how this works. So this is assigned here. If we look at the council one more time 192 168 29.1. So let's go over here Let's go over to really anything a network Studio 100 where it changes network dynamically We're going to watch the IP address go from 3.158 Well, I gotta let we'll let it we'll just sit here and chat while this uh updates the network interface Actually should probably zoom it in here Well, this is also assuming that Tom has DHCP setup. I don't know if I do Hmm, we're gonna find out Tom because DHCP configured or not. There's a chance. I don't Oh, we do so it is configured. All right It just hasn't updated yet. I I seen the IP address has changed Here I'll just force. I'll force it to uh change We'll just reboot it. Hey, look, there it is 192 168 29.11. Well, no, I rebooted it. So whatever it changes That's how you assign VLANs though I know uh being aware and X to be pretty well I've used both of the homelab not much of current hypervisor for the company's looking to move Uh to move more onsite. Thanks for the insight. Awesome Yeah, so government BS. Oh, yes, government loves legacy stuff It is Jason Oh, yes, apparently you can allow gifts. Let's just make you an administrator Jason slagle is my uh, well until until a few days show him now. He's gonna be my unbearded friend You do you want to join Jason? I can always send you a link Uh Thank you so much for showing an answer to my question While we wait hit that like button Uh, do you know anyone who uses um A hypervisor xp in proxms within their lanode environment? No, I mean, maybe someone does but I don't know anyone who does Or is it standard practice to use a cloud provider type right manager bm's? Yeah, usually you're going to use a cloud uh cloud providers one But a lot of people do rent colo space and then will you lose something like xdp ng? That's more common My question may not make sense. I'm clearly unfamiliar with the cloud hosting Um, yeah, you generally use the cloud providers hosting, uh for things Actually, if he if he's bored and wants to join our friend jason slagle can certainly talk a lot about that He's been in the enterprise hosting environment for uh, well a long time He also runs a an msp as well. Um, that's You me and him hang out and talk all kinds of fun stuff Uh jason slagle's fun Over provisioning vm memory. That's the next topic. We're going to talk about I I recorded the video, but I didn't edit it yet um, we actually have a set of over provision systems right now and DM you somewhere. All right. I think I can just send you this link. I'm gonna I'll I'll send it over signal Where's jason slagle at? There we go There if a random slagle appears I think that I think that link is how I invite people Let me look Is that the same link? Yeah. All right. If you click the link you'll show jason jason will appear Actually, I'm gonna turn I have a heater on me. I don't know if you guys can even hear I have a little space here Ouch, uh under my desk All right, let's talk about over provisioning memory. That's actually the video I just recorded Was how to deal with this so we have I'm not going to break anything this time. I hope I I showed the uh What happens when you break things? So currently we have this system has 120 gigs ram and it's all allocated. We have this machine has uh 13 gigs this one has about 64 gigs. I don't know. Let's expand these Yeah 64 gigs assigned to windows 16 gigs here But this one lives on rise and two and we want to move it over to wait actually Yeah, this one's on rise and one we have 16 gigs ram assigned to it We want to push it to rise and two and see what happens with the memory allocation because right now if we go over to the uh Post rise and two. There's no free memory. We shouldn't be able to move that over but we can And this is the video that I'll have released tomorrow We're gonna move it over here And while it's moving, we'll see if I can pull it up prior to Uh, that's going oh, I'm gonna join my live stream honey. No, okay We're doing a live migration here Uh What's the rule of what's the rule of thumb for memory? Oh, there's a jason. Hey jason top the um the rule of thumb for memory is have have lots of it because Migrating vm's when you don't have enough memory is takes longer than when you have plenty of memory Because it's resizing them all right now and it's slowly doing this I did my I actually uh me and jason were talking about this earlier. I guess this is a um as you would say a common use case in vmware of over provisioning memory to a system Yeah, memory is the thing that we're typically bound by like I I'm never out of cpu. I'm always out of memory yes, uh When you consider lower and upper limits for a hypervisor, how do you calculate that? This is where um the one thing I haven't a hundred percent understood in zen I did the video, but I just didn't address the part. I didn't understand when Like I have all these vm's right here. I don't know how it decided windows only gets 45 gigs It gave this one 12 gigs It gave this one 13 gigs I can probably actually just duplicate it under vm and see it it slowly takes away from windows But it kind of does it like in a percentage basis I also figured out how to uh crash a migration If you if you run stress ng in linux It won't it won't give up the memory and if you remember that evacuation thing we talked about when you set the minimum when you do a live migration It reduces the memory to whatever you set the dynamic min to And if that dynamic min's below the threshold it just won't migrate the vm It just locks it doesn't lock up it gives an error So it doesn't leave you in a non-running state. It just it sits there and spins for a long time Which I thought was kind of an interesting outcome Uh, but let's clone this real quick. So we'll do a fast clone So my clones. Yeah So let's go ahead and start this on rise in two Then we'll start the other one on rise in two Whoops wrong button Oh, whatever it'll start on rise in one and I'll migrate it making more interesting And we'll watch it shuffle all the memory Oh For shut down you built a you said you built a zen lab. Yeah, we have one now sweet You can break things like I am Oh man So most of my zen experience recently has been dealing with an oracle data appliance and that's like it's like crippled zen It's not fun Now newer oracle data appliances a dish zen and once a kvm, but this is like a little bit older one that uh Still running zen and yeah, some of the like Goat blood sacrifices we had to do to do like backups of the vms Like we're doing things that you're not supposed to do to get snapshots So this is what's fun normally these vms start instantly But they pause now because what it just did was it reduced all the memory in windows It sacrificed windows memory What is windows down to Does uh, so I presume zen supports like swapping. Yeah, like okay Yep, so it's just ballooning it out It seems to be more less than vm or is Yeah, it just ballooned both of those down. So now windows is went from 44 gigs to 35 gigs and A bunch who's down to this one's got 12 gigs this one's got nine gigs And this one's got 14 gigs. I don't know how it comes up with that That's the only product I haven't I don't really have a direct answer for like whoever started first gets to keep their memory and more of it So normally It's up to the guest os to like decide what it can get back, right? So essentially at some point or another it will balloon it down because this is the driver that's doing it, right? so it it has it has rule over User space processes, but at some point you're just going to force all of user space into swap Yeah Someone says instead of technical debt. This is memory debt. Yes, it is Yeah, I I now understand after I ran that stress ng I can reproduce what the client was having a problem with Um, and I think it's really kind of a simple thing They have to look at their workload on each of the VMs. They have like I think they're over 100 VMs. They have so far And uh, they just have to set this dynamic to not below that Because like the dynamic right here 8 16 It will reduce it to 8 when it does the migration for live and then let it balloon up to 16 I don't want any problems, uh dynamically changing it on the same host But that that migration when you migrate this over to another host. That's definitely where um, I notice problems Let's see. Which one of these do they have? I think none of them Yeah, so we'll run LTS Each top on it So this one only has nine gigs ram But if we migrate it To another host So as it's migrating see it just reduced it. It's reducing it down to whatever that minimum is The balloon process and then it's gonna hold on Oh, that's completely different than how vmware works. Is it? Okay. Oh, yeah Yeah, so vmware doesn't actually reduce the amount of like memory available to the os It just the driver forces it to like basically give up file system cache and stuff So oh vmware keeps a map of what memory the os is actually using So it'll force it to eject it via the kernel driver But the actual amount of memory present to the os doesn't actually ever change So the os still thinks it has 32 gigs ram if it's 32 and we balloon it down to 16 It's just that the driver takes up 16 of it See it went all the way down to the minimum of four gigs and now it goes back up to 16 because now it's on the next server Wow What does dmessage look like? What's that? Is this the guest to the host? This is the the host The guest What's dmessage look like? I mean is it just swapped with like oh dynamic ramblin changed? Yeah, let's What does the kernel think just happened? It's like what is going on here? Yeah, that's a good question. I never thought to look at dmessage granting tables, uh freezing freezeable tasks that's there That's kind of neat Okay, so the guest is aware that it's being moved then. Yeah Okay, no, that's actually kind of cool Yeah, this works in windows too. Yeah Uh, does it work for versions of windows that don't support dynamic memory resizing? Uh, probably not Okay, my favorite part is this negative memory thing We have negative five gigs ram available So yeah, definitely it definitely works different it definitely works different Hmm Uh and Oh, uh, how do you wait the part or parties or overpricing? I don't think you can wait them Yeah Not that I found and maybe after I do the video I'll reach out to oliver and his team and ask if there's a way on there. So hyper v calls it mem pressure Yeah, so does it was so vm word us to Now do proxmox no You used to have your proxmox cluster. Did you replace? Yeah, I have a couple of them. Okay Yeah, I have a cluster so I also have vm we're running here. So because I One advantage if you actually end up in the vmware ecosystem if you join The vmware users group advantage program, which is like a hundred bucks a year. Maybe 200. It's not that expensive They give you a free vcenter license Uh, so you can actually run a home vmware in your home lab Oh, that's cool. Yeah, you think they'll increase the license fee for that because Probably they'll probably just get rid of it. Honestly, like you'll have to buy some sort of like dongle to be able to use vmware now You gotta sell that hardware somehow Now here's one thing that's very different. Actually, we'll stop this one too If you go in here and we set it back to like normal behavior. We set the Um, we'll leave that at six. Well, we'll set it eight. So the dynamic And the uh, the memory limits for dynamic are the low limit and high limit are the same We'll go ahead and start this one back up It doesn't do any changes So it's going to boot up Give a second Buntu's got this weird blank screen pause thing. It does Uh, do you use a citric fan tool issue or tools in your vm guests? Uh for linux I use the open source tools for windows Uh, I'm still using open source ones with sometimes I'll load the citrix ones The citrix ones receive more updates than the open source ones They don't the the vates team doesn't have a good developer And I I seemed to people complaining about it. I thought I was kind of stupid because you're like, oh tom I only want to use the open source develop open source management tool on my windows I'm like, why are you running a closed source os? Does it matter whoever has the best drivers like just run those I only want to run the open source graphic driver because I'd like my life to be 30 less good Yeah, they I mean their own admission is they even tell you in the forums They're like, yeah, just run the citrix ones if you want the latest driver citrix has the latest driver Um, they have a win citrix has more windows employees to keep that up to date um They work hand in hand with citrix as they pass things back and forth between each other for who does what like vates They don't work in a vacuum Citrix contribute upstream vates contribute upstream But they actually talk to each other about what they're going to be contributing So they don't like overlap project ideas because why waste the resources when you're trying to improve Because like the tpm stuff is going to come out in 8.3 for both citrix and xcp and g and it's kind of a collaborative project to get the tpm working properly Um, but now that they're both have the same limits Let me zoom it back in so you can see so now if I do a migration It happens in seconds. So it's on rise and two if I move over to rise and one I hit okay literally it It's gonna be it's already four three two one And I think I timed it because these count faster than actual seconds So I don't know I know it takes less than 10 seconds to migrate between the uh, house Yeah, 25 gig is nice. Yeah 25 gig is nice now It's on the other hose, but it never does the reduction thing when it does it So it's the memory usage is steady the whole time Can you over provision cpus too? You can't really take away cp cores on the fly. Can you no you can't do it live? um Yes, you can Was that Linux for sure supports hot ad removing cpus does it? Yeah, let's find out I mean I can do this I know I can dynamically resize the memory live that that works fine It does the I'm going to shrink this down. All right, and it shrinks it relatively fast. I don't think I can do this though Yeah, you have to uh, so I mean the guest ossa and even in vm where it's like a advanced option You have to turn on to be able to do that I don't think there's an advanced option so I can live swap cores Uh, because I can definitely hot ad cores on vm where I've not hot removed them But linux does support hot removing cores. I believe But so to answer that guys direct question you 100 could over provision cpus Because there's a scheduler and you just like stuff gets scheduled less, right? So it's not like you're allocating a cpu or a core to a thing This is like a time-sharing system where you get time slices that your stuff actually executes and if you over provision everyone just gets less Yeah, so if I go here and I say 24 cores on this one Where's it gonna start at started on rise and one actually I'll migrate it over to well whatever I can run it on that one too So if we had 24 cores this one Start on rise and one Then we go to the point we bit 24 cores I just confirmed that I'm not crazy linux for sure report supports hot remove cpu. Okay. Well, that's cool I've never tried to do that So does then that support hot ad cpu? No, it's not a feature. I don't know. I don't know of a way to do it Uh, I had a question yesterday. You forgot it. No, of course. I think you should have videos Well Uh, can you use open source driver citrix manager tools? We need the citrix driver with citrix manager tool Uh, can you use open source drivers? The citrix management Is not open source the one in windows isn't you don't need the citrix tools in linux You can just install the linux versions of the stuff that works fine So Figure out how I'm sending you stuff on slack because signals not on the pc so Oh Too many windows open there slack Oh, so someone actually has a way to do this. Yeah, you it looks like it's supported too You just have to have a max set in the config Okay Yeah So it can be done. That's interesting and both add and remove Huh Well, that's cool But here's what it looks like an over a provision. It does it. There's no yeah, there's no magic to it Now it's actually not a bad thing because if you're thinking about from an architectural design standpoint As long as all of your vms don't need all the cores all at the same time and even when they do it It actually figures it out pretty good I I ran the um, I think it was the queen's test and in pharaonics because it pins all the cpu's really really well and evenly If you run it on an individual machine I got a score of x if you run it on two machines with Duplicated cores provisioned what I thought was weird is I got 51 percent other performance So it actually gave me a 1 percent boost which that's within margin of error So it's not substantial But that shows me the scheduler was actually more even than I thought My assumption is actually I would have gotten below 50 percent on each one because um By flushing the cache on the processor It would just be inefficient I mean modern processors these are assuming it was this box these boxes have so many like so much hardware assisted Virtualization support that it may not unload anything it may just allocate Different chunks of it like you it just may allocate unallocated cache for instance And a lot of the memory maps and stuff these days are just loaded Like they're just kept in the host memory like they it's it's not like it used to be where you're giving up like 10 percent performance like a Mode zero hypervisors like 2 percent at most Hit over bare hardware Yeah, it's It's actually that that's another question that comes up is you know Should I run something on bare metal or put a hypervisor in between and like The hypervisors just don't have the overhead they used to have they uh, it isn't like the early days of this This is like I mean even zen's been around I think since 2004 or five Like it's not that new I mean the the most the most common and supported way of running say open stack is actually running Open stack on a hypervisor with open stack underneath it. So you're actually doing two levels of virtualization And it it's it just works like magic it just works It just works, you know, here's the security question I I I get a lot and I think you are more well versed in this How do you feel about the security of? Docker containers versus virtualization. I feel always feel like virtualization just better isolates things independently from there I worry more about what docker Yeah, so, I mean This is a very My knowledge here is dated. So it's going to be hard uh, it The question becomes how to get to like ring zero, right? Like so a hypervisor escape is really really really difficult. Oh, this is a Uh linux like kernel lci escape. It's like you're in the same kernel, right? So like you you don't have to go up as far to get over The boundary seems very thin like just from this like we're talking about this high level When you talk about dockering something or any can any linux containerization platform You're once you share the kernel. Yeah, it it also feels like resource scheduling. I know there's tools for it It's so much easier in a virtual machine by comparison to when you're sharing a kernel like the resource the networking is also Um, someone posted my forum today asking about uh using as I started playing with portainer And portainer is pretty cool if you haven't played with it Um, but man the networking in it is still got some bugs like go. Yeah, uh go I mean if you go can figure some kubernetes up and tell me how you feel about networking I mean that gets really complicated really quick when you start doing stuff like that Yeah, if if you don't need any of your uh kubernetes things publicly or I should set publicly Um host level exposed With their own MAC address. It's easy. Like if you're going to build a series of orchestrated containers Um that talk to each other and then only one thing is port forwarded through and then you have some Tip of load balancing proxy on there and the front end to sort it all out like ha proxy awesome It works the moment you start saying And and this was the example um someone wanted is like hey And we all know why we run privacy VPNs because we're sailing the seas of piracy and you know, you want to run your Um, whatever's doing downloading your torrents people like oh, I want to run as a docker image I said well the problem is if you want to set privacy VPNs Usually you're going to do your routing in pf sense based on ip address not port numbers So how do you get that? Whatever your torrenting tool transmission deluge, whatever. How do you get it assigned its own ip address? That's not easy in docker. Um It's possible. It's possible though. I think uh somebody youtuber had a really good video on it recently. Uh I forget who it was. Yeah But that's that's where that's where things get um this a lot more complicated Uh can zen orchestra do v motion on two storage even the storage cannot uh see each other directly as long as they can both see um In zen orchestra can talk to them And in the interfaces have to talk to each other like there has to be a level where the the devices have to be able to see See sort of two separate um pools you can actually live migrate between two completely separate storage pools You just have to choose um when you're doing the migration one of the things that when you uh migrate Like this is a different pool all together You have to choose the migration network. So you have to choose a migration network where things can talk to each other So yes, you can do that. Yes, it'll do as vnware calls it v motion to completely Just two different things um as long as the same version by the way If you try to take a zen server like running 8.2 and move a vm to a seven version You're gonna have a bad time. I think it gives an error So but yes, an error is not a bad time It's just an error bad time would be like it starts and then like suddenly cats or dogs leaves you in an unknown state. Yeah That would be something that one of math guys would do. Yeah He's in he's in the chat. So I'm waiting for him to comment now Oh It was network chuck with that video by the way. Oh, was it okay? Yeah mac v tap Um, I think it's called mac v lan importainer As a matter of fact, why don't I pull up my portainer instance and find that out? Probably there those those sound like two different things. So I would expect mac v tap. He's a tap driver I would expect mac v lan to just expose the v lan. There's probably another one Yeah, and I think in portainer. Let me find my login for it and pull it up What was the IP addresses thing? Uh In 443 that's a trait Drop the mac v tap. Okay Yeah, it's bridged mac v tap is bridge Yeah, because you go to networks add network That's new. I'm messing with that that much. I have not played much for portainer I started goofing with it because it's kind of cool Um, and the the question someone had and it's when you have your things running in your stack um Which by the way web top is awesome if you haven't played with it. That was my coolest one I got set up so far It lets you run an entire operating system all browser enabled. Um It was pretty cool Yeah, it's uh, there's a couple good videos on it No, I forgot how to get to it Is it there? Oh That's a pretty that's a pretty big use case there This is a cool use case Oh the guy the guy in chat Uh I want to run like 16 vios routers on a 4 core cp with their new memory order to test ospf in some network traffic monitoring Yeah, that's some learning there I mean you could pretend you're doing the ccie and also run rip and btp on all of them Make sure you redistribute between all of it with no loops That is a lot But uh, the web top lets you run these fully working virtual machines That are pretty cool. Yeah, this is really cool. If you look at it. It's called a web. Yeah, just web top I mean, I presume it's just running it underneath and it's using like some sort of like web-based vnc type thing to actually expose it Yeah, well, this is all being done in my browser. That's what's so cool. This is all a hundred percent in my I'm like if I showed the whole screen all this is is um going to the ip address colon At three thousands the port number I haven't mapped to and it just runs like a I think it's running guacamole Okay, yep. Yep. Yeah Yeah, I think that which it's just fascinating to me that it works so well Like it's just like we're just going to give to you a quick guacamole session and you can run these and It's a full running linux vm that you can you know, it's all done in docker So they're all ephemeral I can just blow it away after I test or detonate something for example Yeah, I was going to say that use case for that is definitely threat research Yeah, threat research. So um, that's what I want to start playing with because once I see in the web top I seen someone do a video on that. I'm like, oh That's neat. I can just instantly build it destroy it when I'm done. Like is this URL good or bad? Um, the problem is like we're what were you testing? I think we're playing with fin one of my one of my staff had did that and fin's like you clicked on a fishing link I'm like, no, we open it up and in a temporary vm. I mean, we just want to know what it did So we didn't really click it. We clicked it outside of our normal purview of things He'll he'll get me one day, but I'm going to be loading it in like links It's like, oh no, I clicked a fishing link from links the text face browser with no javascript support Yeah, agent id I know I didn't actually load it. I just telnet it and did get slash hgtv one slash in it enter a couple times and it It popped out. I don't Know There what is that other tool out there? Uh chasm ksm. You ever looked at that? uh-uh So chasm is kind of cool. They actually reached out to me wanted me to do a Sponsored thing as I dropped my empty beer um Not I I actually replied to them and they didn't reply to me Uh, the container streaming platform They're basically the same thing like I talked about web top But they can create an individual container for something like chrome brave. Uh, they're like application containers But I mean, that's cool back end. Yeah, I mean, I think something like that's cool because uh, then Even if you manage a sandbox escape of like chrome, right? Like what are you gonna infect the container? That's gonna go away when chrome dies. I mean who cares It and that's what's kind of cool. You it has a local, uh, free community edition So you can build this in your own Uh lab, but even with the free community edition you can build it somewhere like linoad or Digital ocean so cool. It's out in their environment. It's it's it's abstracted from me quite far away I log into it. I watch what it does. Cool. That's interesting. That that looks terrible. So I Glad I didn't run on my computer Yeah, I think those are um Some pretty cool use cases coming up for for doing that I I've actually seen someone pitch this. I don't know what ever really went far. I seen companies Running like virtualized windows that way. Um Through it that way they could instantly rewind things so to speak if anything went wrong I don't I just don't think that's Costs a fiction to run like cool idea. It would do all of the security things we dream about but then it's it costs too much money I mean people do vds all the time. I mean we're actually setting that up that Work so that I don't have to run my full stack on all of the employees computers If they're like working from home and want to use their own computers out of their laptop Instead they'll just vdi into the vdi cluster and they'll work from there What are you using for that? Uh wvd. Okay azure azure. Yeah How's the bill? Yes I mean so we're uh silver with uh microsoft and one of the things that gets me 500 dollars a month worth of free azure credit. So we're only exceeding that by a little bit In our testing they keep it reasonable I know there's a popular article floating around about how we save a bunch of money by taking it out of the cloud Is something oh, yeah We're seeing that I mean I see that all over it's people think the cloud is this magic thing that somehow they can just Poof like hardware. There's a dally image for this for sure like hardware appearing from the sky Uh Somebody still has to buy and maintain it and yeah, they they can do it at scale so they can do it cheaper than you can But they still have to do it and they have to make money. So Uh, I am seeing uh companies, especially that lift and shift, right? It's like instead of making a cloud architected app It's like we're just gonna pick up all this data center moved to the cloud And then they get the first bill and they're like, yeah, we're gonna move that back. Yeah I I talked to um, I knew the guys over at uh ltaire engineering And they started telling me some of their cloud prices. I'm like, what? I'm like, you could buy a house every month for that and they're like, yeah Way more than that. Yeah, I The the big enterprisey client, you know that we work with their cloud bill is definitely seven figures a month. So yeah It's uh, it's while patrick from serve the home. I told me he should do it I was talking to him and I told me shoot an updated one. He did a while ago I didn't realize their forums had that much bandwidth being pulled from him He has a breakdown of that though and he has a hapf sent set up with a um, I figure what he's using He might be using xcp and g or vmware Uh for but on the back end side of it though, uh, just hosting the sites he hosts I mean, he was talking about a several thousand dollars a month being spent on uh Well, no, I think he said it went from like 10,000 down to like a thousand dollars a month when he moved to a colo Mm-hmm. So yeah, we were just talking about that. So I We I do stuff at azure. I do stuff at aws, but I also own a hosting environment, right? It's vmware on the back end reason or cloud stuff And you know, we've moved some client stuff to azure and some of it I'm like, you know what? It would be cheaper for us and the client if we just ran this in our instance of vmware rather than it is your Yeah, I I should move some of my stuff over to your hosting environment too Eventually You probably get a deal. Yeah, I think you give me a good price We we've been Migrating some of these things back and forth because Comcast has been less than great We think we may have narrowed it down on our building, but we in The short term we actually just put a wow connection in with static ip's and we got so single screen connect going down We just move screen connect over to our wow connection and it's been better We're like we're using when I begin like the high business one from them. I'm like, this is just aggravating Yeah, we're pulling the last bit of stuff The only stuff left in our building once we finish our move will only be lab stuff in a domain controller so Although maybe not a domain controller because everything is azure ad joined now Yeah, I don't got one of those fancy domain controllers. Actually you uh, you haven't been to the office in a minute. We finally I was going to share this with the people. We finally got all this make look pretty. We finished it um today last night So we've all this stuff that was shit everywhere when you were in my office and seen it We finally like put it together. So we still got the Christmas lights up though I came in I seen Brett sitting there. I'm like, oh, this is actually nice looking now That looks good. I think last time I was there the door was by the other rack. So the rack in the back was gone Yeah, um, there's still pieces left of it. We still got a couple servers to pull out So I'll do an updated office tour. It's just been so hard and then you know, as you know, we had employee drama. So That like that like causes disruptions and actually getting projects done Oh Such as life they don't watch their youtube's they don't know I'm making fun of them I just openly didn't make fun of my guys Yeah, that's always fun too The people demand tube city. What? Tube city sounds Sounds probably not rated PG. Yeah Shiny Well, this important part is that everything's filled with lights. Matter of fact, uh, these lights are dynamic the Is there a picture of the controller? You can barely see it sitting here. Steve bolted to the top of here That's the controller and these led lights that are inside of here. Uh, they're dynamic and can be changed Different colors are actually on like one of those like soft rotating colors Yeah, I was on a huddle with Brett earlier and it was it was only a little bit distracting. Yeah He likes he likes his led lights Oh, there's I well, there's at least one employee who watches the live streams Oh, yeah, he does he does you should see how he speaks about him in person And there's a well, you got your mat with you and then Travis for me Uh fun stuff I'm looking forward me and Jason will be at the uh, he's going to the I you're not going to the Acronis event. Are you I am not I'm going to the Ingram event at the same time. It's like a week of events. It's weird Yeah And now there's a bunch of like it Me and Ray are driving to uh The next one, so that'll be fun. Uh, that that drives not terrible. It's about three and a half hours Yeah, and I like Ray. So yeah, plenty of things to BS about Who's going the only person from my office going spread? I I'm not taking any other people You have to go to gercan to meet his other employees. Yes Eric went to gercan another none of the other employees wanted to go to gercan just Eric um And I don't know if any of them really want to go to it nation. I didn't really ask you or I just took breath Someone's got to actually work MSP geek con would be the one to send into Yeah, we're right a boom. You've got a couple that probably like to go right a boom Yeah, I probably couple right a boom sons understand. I'm trying to decide. I should probably go to that I think you're probably going to that That's in texas, right? Yes, dallas Never been to dallas, so Yeah, right been to austin and san antonio, but never dallas So that's that's gonna be fun. I need to travel more Hasn't been a lot on my list Oh So it's new and exciting right now in security because besides that I like to write up on the um Because I actually thought I'll bring you on for just this because I was going to title it And I'm like, I forgot to chase and The whole huntress and r1 soft There's a couple questions I think you've seen discussing it with with the people who mean you are both Inside with the hunter stuff and one of the questions I had and I directly asked you Is why do so many people have ports open? So, uh, I mean pop open, uh pop showdown open And let me pull the let me find my queries So to answer your question directly, this was targeted essentially at uh Uh at hosting providers, right? And so hosting providers many times. They just don't have another network. Well here run this query first Oh, I gotta find it I had it run this one I'm just coming this is coming on slack again. Yeah Yep So though it In the reason I'm heavy. I do you have an account you may not be able to run if you have an account Oh, yeah, I do hold on. Okay. I don't want to throw my email address out there that use login to this. Yeah Oh, actually uses username not that so cool. Uh, so look at the organizations if you scroll down on the left there It's almost providers Giga host giga host That's k brah band Yeah, so what we figured out is that almost every one of these is a hosting provider like none of them We kind of find a single msp in the list We did find at least one government agency But I mean we spent yeah, we spent a little bit going through this through this list here and and so I like that name. I'm gonna make a new company called 25 shells and I say I have one more than 24 shells uh Man, I'd have to install zsh bat 25 would be hard to get to uh The reason is there's no back network, right? So these are places running giant like c panel or plesk farms, right and those They're aws vms that have one like one interface, right? They don't have like a backup network for this traffic to go over So they could ip restrict them which would probably make sense But that would require like this this isn't gonna do that out of the box, right? So This requires a level of knowledge That I think most people that are running a lot of these things don't have Uh, I mean in given the uh given the pennant we probably shouldn't talk We probably shouldn't show people too much how to find the well, there's no perfect concept The the patch rate is pretty low so far from what I've been told so uh, because hosting providers they turn off auto updates typically and they're not Necessarily to have the greatest uh history for keeping things up to date Yeah, and that's where some of the problems come in with this and you're right up to make me think about it because you talked about the The coordination behind the scenes that had to go on to get this proof of concept out I think so that was your linkedin article you posted like the other day, right? Yeah Yeah, that's there's a lot of that that goes on behind there that I think the public needs to understand of how Um the vulnerability disclosure process goes and it's not that these companies want to ignore things Uh It's More that it's there's so many things thrown at them all the time. They have to figure out which ones are credible and Yeah, or in the case of this this is actually an acquisition of an acquisition And so if you email either of the previous owners of the company the infrastructure is just it probably still exists But it's not out there Right, so emailing security at r1soft.com. It might as well email Devin all I mean There's just no one listening to that email and it's fixed now because they like they The security team didn't even necessarily knew they owned that product It's so far removed from them, right? So it's like, oh, yeah. Oh, man. We bought that We bought that guy that bought that thing. Yeah, we're not using that right so Uh, in that case it was that I don't think they willfully ignored them I think that the message is just never got to the security team because the only resources left from the former company are marketing Right, you know, it's um, it's been a couple years. But me and Xavier talked about this once someone claimed to have a Major flaw they found than a pf sense dashboard that gave them privileges It was funny because they tried to get into science cv. They submitted it I figure where they submitted at and they did a whole write up like it was a big deal But as I went through it It I first is like this sounds really concerning But then after I dig into it, I stared at it and I'm like, this is really stupid You know what the role of the requirements was was you had to have the root password in order to exploit it. I'm like Why would I use an exploit if I have the root password? Like I completely and this person had like a whole blog write up about it Like they were trying to tweet it tag me in the tweets and I'm like What what do you think you have here, buddy? Like you need the root password If I if I have the root password Well, I just use the web interface because you found a way you could do injection in a root in in the web interface By calling a certain function, but you had to send the password with it to do it I'm just like I imagine from like if you're hacker one like there's a big problem They have triaging all the bs that comes in It and you still need that fixed and the reason you still need that fixed is like That's like the type of thing that somebody just doesn't fix and then something gets chained in front of it And now it's relevant, right? So like in this case, maybe you need the root password to bypass some sort of Authentication checks somewhere of something. Well, now you find an authentication bypass and chain it to that thing And suddenly you're in right so like you can't uh, you can't ignore them Yeah, but it's also It's weird how some of the people do some of the things and I imagine it's like triaging is probably I would actually like to hear from some of the people a hacker want to talk about like some of the Crazy things that are thrown at them and how many like what is that? What is that number? What's your signal to noise ratio? I mean you get the people You know if tab is orbity From google's project zero says something's wrong. I believe the guy whatever he's talking about like He finds some really clever hacks out there But you know, if you don't know who this person is Then it becomes a little bit, you know, there's a lot of validation It's got to go in. Is this a real attack? Is it reproducible? Um, I think that's the the back end side of it is it's not as easy as people think because there's so many people involved in this Yeah, it's uh, uh, it's not easy I mean do you have a hacker want to kind of presume? I actually don't So I don't I don't ever I should do that. I usually whenever I find something wrong Um, I like I was discussing earlier. I just reach out and forum So I'm usually not doing security problems. I'm just finding bugs. So like I did with the um They they were missing some packages in Zen Orchestra that didn't allow the logging export to work So like they fixed it now. They have a pull request on github and I feel like I did my part contributing to open source Yeah, it's uh, I mean there's a lot like the big companies on hacker one It's very active and yeah, I mean you you have to have a team to triage that stuff But there's also a bunch of scammers, right? Like I you know, one of the things I've talked quite a bit about is uh, that I believe that Threat researchers deserve to get paid and when they find vulnerabilities and things, right? It's like everyone's like, well, they're just extorting me or blah blah blah. I'm like, dude They they don't work for free, right? Like like they You know throw one percent of your marketing budget that you'll spend on pr when this goes bad throw that It depending those people, but it'll be fine uh But the other side of that is there are a bunch of drive by people that like I had one I've got in the sky. He's been just periodically emailing me He emailed me like three months ago and he's like you don't have a DMark record and an spf record and his result I can spoof blah blah. I'm like, well, that's not true I have both of those things Okay DMark was set to quarantine I set it to reject because he emailed me But the guy's asking for a bounty Like so apparently it's just emailing everyone saying they don't have spf and DMark and that's somehow a vulnerability Like maybe that's an active decision. Uh, it's dumb decision, but maybe I I know I don't have that but that's not a Bountyable vulnerability. Are you kidding me? I I think the weirdest one is I got trolled on. Um I got trolled on someone saying Tom you think you're a cyber security guy, but you don't know you have a problem And he kept commenting on different random videos saying similar Words and then he says I should probably give you a hint because you still haven't fixed your problem And I'm like, yeah, I haven't fixed a problem because you haven't told me what it is I would reply to the guy like go ahead and troll me and it turned out Um, it was an a2 hosting problem, which of where my dns was hosted. You could do a zone transfer Oh zone transfer. Yeah Which and I contacted a2 And I sent them they said it's not a problem and I sent them the you're like, hey this watch I can issue a zone transfer from anywhere to anywhere and you're like, yeah That's how we have our service set up now And I'm like, but they weren't like that before because I tested this and they go. Yeah, but we changed the configuration I said not anyone should be able to do a zone transfer and they finally admitted and they fixed it and said ticket closed I'm just like But someone trolled me over it, which is not what you can learn from a zone transfer for me Um, because it's just it's just my laurence systems.com hosting. There's nothing there's not real special from it Well, it just makes I don't have to use dns dumpster if I can just go get it Yeah, and there wasn't anything in a zone transfer that wasn't in dns dumpster. That's why I also was like Oh look cpanel.laurencesystems.com shocking. Oh, I found some test that Yeah Hopefully that's not important. I was supposed to not say it Um Here's a good question and the only tool I know that does this So I purpose great for just raw bandwidth testing T-rex by sysco is an open source tool that does iMix traffic. I can't name. I can't name another one um That's like what the people at neck heat actually use the t-rex system. It's open source. You can find it on github Uh t-rex sysco. I think we'll find it for you For rex. So is the argument with iperph that it's too high or too low? Um, well, it doesn't really represent necessarily real traffic. I think it's a problem. Um It's it doesn't use a mix of packet types and packet sizes. So it doesn't represent, uh, it doesn't represent typical traffic patterns yeah and I I generally don't bother with setting up t-rex because not It t-rex is going to be iMix. So you get a more generalized idea for vpn speed and that's what the people at, um That get used for but really for any given client you have to ask what is that client doing? What's that client's workload? Will this vpn work for what they want to do? I start with iperph Okay, you can transfer at this speed and this rate and then I start looking at what they're doing Are they actually, you know tunneling all of their traffic? And that's what and it's a real demand for them It's kind of like you got to look at things on a case by case basis But t-rex is the answer. Um, I can't think because this one's so popular I don't think there's another one out there and and because it's free. No one's bothered writing another one There are uh, there are things I think that are compatible with this too. I think it's using like a open source standard on the backside. Yeah So t-rex is the answer for that. There's there's probably forks of it And there's probably I know there's a couple commercial tools out there Because what they do is they they're probably just building in that But they give you some cool measurement tools on the other sides. You don't have to do your own calculations I've always wondered why feronics doesn't get into that just at least a little bit Like I love the feronics tool set. I don't know if you ever really play with it for testing But it works so well Oh, I bought a nimbop by the way That stupid thing is finds over here somewhere on my desk. You can print pictures with it. It's kind of fun Yeah, I ran around labeling the kids and my wife like wife with the picture of her stuck it to her I can't believe how cheap that stupid thing is When when someone else, uh, one of my wiring guys was using it and he showed me that I was just like it's how much That was the only thing I could say it's like No, it can't be that cheap. He's like, yeah, we just keep it in there because he's got the fancy one Uh, like he's got the fancy. What's that company that makes it? Oh, uh, brother. Yeah a p-touch. Yeah, we have p-touch and most of my guys have p-touches This is like the cheap keep it in your backpack Yeah, the p-touch wins in the fact that the labels are not thermal and they're not uh, In they're laminated, right? Or so they're a little bit like probably more durable than the nimbot labels are But a cheap label is better than no label. So I like keeping it with me Yeah There we go. I'm trying to pull it up Oh, did you talk about open ssl somebody's mentioned in your comments there? Oh Relatively nothing burger of it. The big nothing burger. Yeah, I want that one. I want that second one Oh, you got the second one. Oh, yeah, look at that. You can print like that's the one I should have gotten because then I could have printed us new barcodes for our badges Oh That's better than badge stealing just yes, right? So like I don't do I have somebody's badge around here Uh, yeah, you could use it to print different badges and I thought it west is on the desk here, but I don't see it Some of those you that don't know Jason takes Jason goes to events and steals people's badges and just If you don't want me to take your badge, you better your conference better have id check Yes Even if it has id check I might still end up with somebody else's badge It's fun. I don't know where it went Yeah, that's a fun thing. You've also taken the connector. I ceo badge as well, right? I'll I'll have it next week That's that's the part I'm looking forward to so we're going to a connectorized event And jason slagle is going to acquire the connector. I ceo's badge and that's what he'll wear Lash it's secure. I mean you were there. I had his whole family's badges accidentally Like I had his and then I walked up to get they printed passes for my kids to go to uh The go-karts and then I walked up and I'm like, oh, yeah Yeah, I heard you left some like badges for me And I get handed a stack of them and they all have the last name mickey and I'm like giggling to myself Oh, that's a funny joke and then I just ran into him later and I was talking to him I'm like, yeah, they gave me I'm like, dude. Thanks for thanks for getting my kids passes They print them out but the funny thing is the last names mickey and all of them He's like, what are their first names and I tell him he's like, oh, that's my wife and kids So taking badges of conferences I like that we um, the Was a dado con we were at because they have colored Lanyards. Yeah, and the colored lanyards get to your places. So uh, while we were all at the bar use Uh, you swapped the color of lanyards from one of the vendors I mean, I've done that a number of times like because yeah with the vendor one You can get into the vendor hall one that's not open, right? so I want to go talk to people that are in there and They're the only thing stopping me is the color of my badge or my lanyard. Of course, that's gonna happen Uh, but then there are places you can't get with that badge. You have to keep both of them. Yeah Just acquire two badges Uh, yeah, most hacker cons don't care who you are just as long as you have a badge She had the ones like her con aren't labeled. So yeah, there was not even a name Nope, no names on those or anything like that Um, yeah, the open SSL thing was just a big nothing burger though everyone Wanted to get excited about it. It's I mean, it's not again. It's not nothing, right? It's just that like you have to have both the client and the server have to be vulnerable in very particular ways like it's just Very difficult to set up the conditions under which it's exploitable Yeah, um Someone asked this question earlier. Have you guys had to deal with government secure systems with the idea of stig? Uh, we I don't have any but I am aware of stig. So yeah, I don't I had one and um, a mutual friend of ours Was debating because we were talking about phyps compliance and My point was and I don't know feel free to argue with me on this um pf sense Has limited phyps compliance. You can't use squid because the squid is not phyps compliance But if you're not using squids, you're not doing traffic expression You're doing pf sense as a router. It is phyps compliant They use phyps compliance encryption for like the username encryption things like that But it just doesn't do for uh traffic inspection But we we never use pf sense for traffic expression because squids hot garbage So trying to manage it's not like when someone says I want to fully You know look at the ssl traffic or something like that. I'm gonna tell you don't use pf sense I'm gonna tell you not to do it because you just trade one problem for a different problem Yeah, yeah, I I do it at the end point level. That's where we do traffic inspection and management of that. Um Or dns or or dns or read the sni header like these days I don't even I don't need ssl. I can just read the sni header to figure out what Like thing I can't block individual URLs in but I can whack domains every day Yeah, and mostly the the management is at the domain level not the individual url level like you're not going to this website That's not work relevant And the other tools don't like the man in the middle adding that extra certificate And and to make it work you end up having to install a trusted ca or trust a root certificate on every computer that's doing it And if somebody happens to get a hold of that key Now you have yeah, now you're trusted everywhere, right? So there's yeah, it's just trading one set of problems for different set of problems Yeah, you're changing your uh threat surface. Um and not in a good way Uh, well, I'm gonna wind this down or I can probably go forever bs and about stuff But um, may next time I'll schedule it. I decided to do it later at night because I was busy during the day And it was so nice that I went for a walk. So Enjoy these last few days of fall Yeah, so we have fall like warm fall and then Florida and I'm sure it'll be snowing when we get back somehow Yeah, when we get back because Jason was right by me. You're just just south of barely south of michigan. So Ah the cold weather will will be upon us Then I'll hide I make more videos in the winter though. Some people are happy about that because I don't want to go outside Yeah, not not not till spring and then everything falls out Well, and then it's not just spring in michigan. We have mud season I when I when I said that when they're talking with the u-crain or like it's mud season I'm like hey, we have that here too Can't really go anywhere Yeah, well not on your bike not on my bike at least nope just for some walks and you do geocaching It's the same thing you like don't want to swamp through the woods. So Yeah, but it's also nice when there's not poison ivy and leaves and stuff So like there's that fine line you walk there like snow is bad the ground frozen With no snow is great Yes, and no bugs. I'm not a bug All right, well, thank you everyone for joining us. Uh, thanks for jason for Jumping in here and uh, I'll see everyone next time like subscribe all that all that fun stuff. All right later