 but I was, you know, we'll also bring up that this is, we're live now too, so welcome to vlog Thursday, 320. I've got stuff in my light. Yeah. That got bright. So, I see already people are talking about it, so who's getting roasted today? Last pass is getting roasted today because they should know better. They certainly can afford better. They're a well-funded company, so that's not the problem. But, ah, this is going to be fun. We have security stuff to talk about. I didn't, I really didn't take the time because I was like, how much more detail did we have about last pass? I wasn't even going to do a video on it, but after I seen it, I'm like, they did what? So, I already made a whole separate video where I dive into it deeper, but we'll at least bring it up here. And me and Steve, we frequently tell clients not to do this, is you don't get to use your personal computer for your important business things. I think you had one of them that they wanted to share it with their kids. No, I had one. She got let go because of it. Oh, okay. She got mad because we loaded all of our MSP software on the laptop. When I went into their office, and it was part of the condition that she wanted to work from home. They said, okay, we'll load all the stuff on the laptop. She got mad. Well, you have this and that, and you could see what I'm doing. I'm like, yeah, it's a work laptop. Me and my mom share that laptop, and she uses it for her banking. And I'm like, but you're logging into work stuff. It's a work laptop. You shouldn't be doing that. Yeah. And she wanted all the stuff removed from it. I went right to the owner's office. Hey, she wants all the stuff removed for the security from her, the laptop she wants to work from home with. And the owner looked at her, then you can come in and do work. You don't get to work from home then. Yeah. It was, it's, it's a really simple thing, but it's a big deal. There's, there's reasons for separation. And when you get all the way to the size of last pass, like they have very few people have as they should unfettered access. So you, you've done the proper thing at last pass and saying, not everybody can have full access to the database, just a few people. But then, oh, that's all right if they load Plex on their laptop or we're not watching that. I don't know. So that was definitely something that sucked. Oh, the, um, yeah, the other thing too. So this is, and I won't go too far into this because I have a whole video on it. I even have a Reddit post on this topic, which why not just in case anyone wants to join in the commentary on Reddit. Where did that one go? I think it's this Reddit post. On the S1. Yeah. On the S1 thing. So I did two things. I did a video, but I did the too long. I know some of the MSP market just wants the details in writing. So I took the time to type it up as well. I'll throw this link in there. It's Reddit RMSP and currently the top post. And that wasn't good. Hold on. There we go. Started zooming on me. But all it is, is that, you know, Huntress found something, something the one missed it. I deep dive into it in a 17 minute video. I wrote it up here. This is just a more bridge version. But yeah, sent in the one missed. Huntress hit and security's hard. So I don't really need to rant about it. I've already done that part. And I don't like to just rant. I like to be very concise on it. And Steve helped me with this particular investigation. So he's familiar with it as well. We both agreed. You're like, yeah, this sucks. Sent in the one's answer sucks. Oh, no, their answer completely sucks. It's all I, you did the deep dive into what happened. I just removed the thing. Yeah. I did all the forensics on the back end of really trying to answer the question. I mean, Steve did the removal part of it. So what, oh, it's something I didn't, let's get, we're getting things out of order because we were just ranting about like, it's just a series of security things lately, but we'll back up a little bit. We're going to talk about Cisco Small Business shortly. I always like to address that yes, and I didn't throw it up on the screen here. We are taking questions still and that's been going well. It's going to be on Thursday at LawrenceSystems.com. So they find out where that button is to make that show up. So I can throw it back on there. I've lost it now. Where's that at? I don't know. I don't have the button because I'm not signed in. And I, because again, separation of things. I am just finding my work account on the, on my nice computer with the webcam and the nice microphone. It's under banners, not under thing. I'm going to make some custom graphics for us. We're going to get fancier soon. Anyways, I know I'm going to start using OBS for some of this because I, there's, I learned from Jeff at Craft Computing, some cool fancy things you can do to bring multiple feeds into OBS and then do cool overlays with graphics. I, yeah, I've learned things, but back to, I'll answer your question here because I like when people throw donations here. And then we got Grayson. If I'm an employer or head of IT department allowing employees to run a computer as workers would be a security nightmare. It is. And people want to do it. And this was, this was unique because this was actually before COVID. So before everybody was going home. This was, I think, 2018, 2019. And she just wanted to do some of the office work because she couldn't get in. She couldn't make it there some days or something. So it wasn't even like a, you, it wasn't like, oh, we have to work from home thing where we saw that complete pivot into, and we went through a lot of that actually at the start of COVID, the complete pivot of employees trying to hunt down laptops and webcams and then everybody having to get firewalls with VPN support so they can get to the stuff at the office. Yeah. Bring your own device does not make a lot of sense. I don't understand the last pass stance on that. It doesn't make a lot of sense to me. And it doesn't make sense to even at smaller companies that we're dealing with. We don't have any clients. I don't think, well, there's some big clients, but we're not managing all their security. If I was managing security for a client the size of the last pass, I would have some strict policies. The little red, I try to get out of the way, but we were four minutes, six minutes in. So we'll jump back to it. I try to answer people's questions and I try to say where I'm going to be. I have officially signed up for MSP GeekCon. So anyone who's going to that event, yes, I'll be there. Because I kept being wishy-washy about it. So that's definitely a thing. The next is two questions I'll answer, which are weird that they came in. They're from different people, but they're almost, they're very similar questions. It's about sync thing. I'm going to do a new video on sync thing. My old videos on sync thing are still pretty relevant. Sync thing is a cool little tool. And they were asking about does it handle file conflict? And the answer is yes. If me and Steve, and we do actually use sync thing, if we're using it and we're both not connected, the computers are offline and we both modify the same file, it will create a conflict version of the file. It will determine who edited one last, but it will create a conflict version because they were both edited at the same time without being synced. That was question A and question B was should I expose sync thing to the internet? Certainly not the management ports, but there's not any known vulnerabilities in sync thing at this time. But if there are in the future, that is something that you will have to concern yourself with. So I think they do a good job on security, but the moment you publicly expose something, there's no known vulnerabilities in plaques. I wouldn't. But I wouldn't. Clearly plaques appears to be in the last fresh breach how they got in. So there's not a vulnerability. There's always a vulnerability we don't know about. We just don't know when someone's going to find it. That's how I feel about everything. So I don't recommend. Those are the two questions we had that came in that I seen on the blog. Think about it like this. Think about the number of vulnerabilities in the last couple of years that we find out have just been part of the way something was designed and been there for the last decade. And then just no one noticed. So there's no known, but that doesn't mean that there's not something there. Right. How do you prevent employees from using the company VPN over VPN from being used on a personal computer? It's not that hard. Generally the employees don't have the installer or have access to it. I wouldn't give it to them. We usually install it for them. I mean, it doesn't mean they couldn't reverse engineer the work computer and pull the certificates out of the work computer and load it on their personal computer. It's not an impossible task. But I'm sure it's a fireable task if they were doing it. My wife is an example of this. She has to do everything over the VPN. She works for a financial firm. If I were to extract the VPN off of her computer, I have a feeling it would lead to some agreement breach that she's had and not to tamper with it. So it's more of a policy thing. This is not where the problem usually comes in. It's not usually the employees loading it. It's almost them asking to get it loaded. There's always going to be some exception. It's hard to do because like OpenVPN doesn't have any security locking to the computer itself. But it does install certificates. So as long as someone doesn't try to lift the certificates off and install it somewhere else, I imagine some VPN tools are out there that probably validate differently with the computer to make it harder to extract them. But OpenVPN doesn't. Not that I know of. You don't have any better idea on that one. Do you, Steve? No. No. Higher trustworthy people. Yeah. It's not. It's the one who skirt the system. Yeah. And I'm going to say that's an edge case. I don't think we've ever had an employee who had a work computer and took the VPN and loaded on a personal computer without telling us. No, they're usually really good about it. And even like, hey, I need the OpenVPN. But while you're at it, I am using this for work. Load all your stuff. Yeah. So that's, like, that I know of OpenVPN doesn't support TPM key stores. I mean, that's a way to, I mentioned some VPNs that do. The generic OpenVPN to my knowledge doesn't support TPM key store. That's a way to do it. You could validate against the TPM key and say, you can't leave this computer. But it's such an edge case. It's, I mean, if I was the size of the last pass, I would be looking for a VPN that maybe did some high level authentication that we know can ever extract the keys as a threat actor extracting it. But a threat actor extracting the keys to do that doesn't, I don't think I've seen too many reports where that was the methodology they got in. No, instead they use Plex. Hey, why would you do that when there's Plex? Every day, like probably every other week we get, yeah, I have a QNAP and I want to run Plex and I want to port forward it to the world. Please don't. No. Yeah. It's just one of those things. You're going to have problems. Just keep everything behind VPNs. Now, even though I have publicly exposed my NVR, but I have a whole video about why it's on a separate VLAN, why that VLAN can't access my other network. So there are circumstances where it is greatly convenient for me outside where I should even say my wife, because I don't leave the house as much as she does, to be able to view the cameras and not have to use that relay because we can use a relay with Synology. It goes slower. So you would like to publicly expose it. There's direct connection. Awesome. It goes faster. But I'm aware there could be a flaw found in the Synology system. That gets attacked. And then that would be the end of my NVR. But my NVR runs constant backups, the configuration's backed up so I would reload it and shrug my shoulders about the incident. And I would go, well, that sucked, but it couldn't go anywhere. It got to the network and that's where it dead ends. So if you install... I was just responding to that. Yeah. I mean, they... Technically you can. By default, no. And it is... Don't do it because it's a bit of a security mess. You can create an autolog in by saving the password and username in a text file, telling the open VPN can big reference that text file and then telling the service to auto start, it will then run open VPN as a service and connect before you even log in. Yep. Don't do that. Tail scale is an option as well. So can these things be done via tail scale? Interestingly, if you were to do this via tail scale, you would end up with a different problem. If someone were to try to copy and install it somewhere else and that computer was online, you would have a conflict and I think it would break tail scale because you'd see two nodes with the same identification. I don't think you would authorize the second node. I've never tested this, but I have a guess that maybe this might be something I play with. Build the tail scale node, clone it, because I can do them in Linux, just do a VM clone real quick, boot it up and see which one wins. The first one, the second one that are cloned of each other. Can you extract a key and reinstall it? Will it accept that key? Because tail scale is like a challenge response. You're like, hey, I would like to authorize and then you go in the dashboard and go, I would like to authorize you to be part of this tail scale network. Tail scale is a cool solution for that. Do you push backups from MBR? Do you pull backups from MBR? How do you keep any backups from accessible via lateral east-west movement if there's a breach? You can pull them. You can do a pull. We have a client, they have some mills that only do SMB1 because mills, like big machining mills. There's a computer on that network that they can use to push files to the mills and laves that has to have SMB1. That network has no internet access and there's a script on the server that does a pull to back those files up. Yeah. There's ways you can do it like that. Because I don't back up the recordings. I don't usually care. I don't have any. I just don't waste the space of duplicating all my recordings. There's those I don't back up. It's really only configuration that I back up. It reaches out and backs it up once a week because I don't change it very often. So it's not a big deal. Someone just mailed us a question. I think this is a good one, Steve. Any chance on how often you do backups to a cloud destination where backup storage is more cost and issue? That one's actually kind of simple. You do incrementals. You do the full backup the first time and sometimes you have to do a seed backup if you're bandwidth limited. But after that, you just do incrementals. This is actually the challenge of finding backup software that does this properly. Yeah. We're currently using MSP360 because we had trouble with different software, but it's all about incremental backups. If not, you're going to kill yourself in bandwidth. Yeah. Yeah. We actually have a... Because we had to change the way the backups worked a bit, we would do a full one every week. Client only has enough bandwidth that it takes a week to do the full backup. Yep. Yeah. It's a pain, but bandwidth limited clients are still a thing. There's some areas that just don't have the extra backup stuff. Let's see. Oh, I actually give a shout out. Someone just emailed us and what's a good software for employee monitoring? Zoros, we have a video on it on this channel. So we use Zoros. Zoros has a employee monitoring tool. So I'll throw that out there. I just did a video on it. You'll find it on my channel. Z-O-R-U-S. Why backup recordings? If you ever capture anything interesting important, you should be... You should get backup. Look, this is at my house, so I'm not... I'm not saying that I'll do it for clients. I'm saying it at my house. Ain't nothing that interesting. It's in a radar, right? So I'm not worried. Yeah. Yeah, even most clients don't back it up. It's too much data is the problem. That's... It's... I mean, I have extra storage. I could wear out more storage by doing it. Sure, why not? I have the storage. I have the bandwidth. Do I want to just burden it backing up all those recordings that I mostly have squirrels running around? That's what I have. I love to get the notification. Oh, there's a rabbit in my backyard. Neat. I'm going to watch that for a bit. Yeah. So it's just not... Yeah, it's not... It's not really worth it. It's one of those things. Hmm. Let's see. Do we think we... We'll do a few more questions and then we'll start talking some of the Cisco stuff. I just got a letter from Frontier and Muskegon. They're going to offer Fiber Friday area. $90 for one gig, one gig. Yeah, there's a few pockets up north. My cousin has this. It's just like weird. They have these weird spots like, you're in the middle of nowhere. Yeah, we have one gig symmetrical. What? What? How do you... You're in the middle of freaking Muskegon. If anyone doesn't know, that's not a... I mean, there's some people in Muskegon. It's not a bad place. I'm not dumping on it. I'm just saying it's not the biggest city in Michigan. 90% of people live within what? About 50 miles of Detroit. That's the most of Michigan is... Lives in the... The Tri-County area. Yeah. Lives within the Tri-County area. The area around Detroit. Grand Rapids is another pocket. Ann Arbor is a good college town. But Muskegon's up north. A little bit in Lansing. Yeah. Lansing. Why don't you go up north? It's a beautiful place. I recommend you visit it. But you'll also like it because there's very few people there. Has Unified Router us improved multi-wan capabilities? I seriously doubt it. Do you know if they've ever fixed the failover to work properly, Steve? No. It still checks against whatever they tell it to check against. To my knowledge, you still can't change it. And you'll just get random... Yeah, I couldn't ping it for a second. It's over even though the internet wasn't out. Yeah. Yeah, weird. And don't add a third one. It'll break. Looks for property. Yeah. You know, the internet does drive where you live. I kind of wanted, before I got this house, I kind of wanted to live in a rural area. But I would check if the internet was even available. I think I mentioned before there was that building we looked at briefly over on River Drive until we found out we couldn't get internet there. We're like, oh. Yeah. The guy wanted to give me a really good deal on the building and I wanted it. But I was like, there's no good providers here. There's only one. It was... What's that other provider that's in Plot Rock? I can't remember their name. Spectrum? Spectrum, yeah. One spectrum connection going down a rural road. I'm like, yeah, that's a disaster waiting to happen. We actually are lucky. We have a lot of connectivity at our office. Yeah. Canada, I'm jealous of. I got a client in Toronto who was just like, yeah, I bought two 2.5 gig connections. They were only like $70 a month each. Cool. It turns out Ben hates people so it works out. So he's in the right place. That's why my family lives up north. One gig, one gig in Alberta, Canada. You've got snow, Canadian geese, polite people, and one gig internet. Did I hear you say you do a full backup and increment after would you be concerned about possible corruption? That depends what software you use. How much do you trust that software? Any backup, any full or incremental, untested backups are wishful thinking. You have to do a DR test once in a while. That's how you validate is some regular pattern of DR testing. That's the only way. If not, you're just even full backups. We've had problems with full backups. There are challenges we've run into with software and debugging it. A lot of this has been fixed, but we had some problems with the early Ninja 1 backups. I'll just be honest about the product. We love the product, but their backups were not favorable when we tried them. They've been a lot of re-engineering to fix them. We had a full backup that it got to restore, but it turns out you had to use it on a single-threaded processor or something stupid. That bug's been fixed, by the way. I know that whatever that bug was. They had a few bugs. They couldn't get the restore to work properly. They never did answer my math problem question in a way that I thought actually answered it. Then it would do the restore, but it would fail to restore the partition because it would do that last. The data was there, but not usable by a operating system. Yeah. It's that DR test that gives you confidence in your product. That's the only real answer to the problem. If you don't do the DR test, whether it's a full backup or incremental, the problem still exists. Of course, Cody going Canada for the win. I want to go to Canada. I want to move to Canada. Go hang out with Cody. He can do wiring jobs. I'm in back. I was going to say, this is brought to you by Liquid Nuth. I like this. This is the green one. They're not a sponsor at all. I just like them. I know I didn't link it. I thought it was a gimmicky marketing, but I actually kind of like their drinks. Let's see. Someone says that you can change what it pings now, assuming they're talking about the UDM. That's cool. That's a good thing. I'm with that. I guess the next question is going to be, make sure I have a message for my cousin. I have a family from out of town in town. I told them they can call me if they need me. They just messaged me, and they don't need me. Anyways, is anyone else nervous about PF Sense being the only reasonably priced multi-gig firewall solution out there? If they go out of business, the next compatible hardware costs thousands? No, I'm not that worried about it. They're open source project. I don't think the project's going away. Dare I say, open sense exists, which can do this stuff as well. There's at least a plan B. And there's actually some other firewalls out there. I can't remember. I haven't tested in a long time, but I know there's some, maybe, I kind of want to play with one of them again because it's been so long, but I don't have the time. Is Indian still a thing? Oh yeah, that's right. Let's look that one up. I think they sold to someone else. Oh no. Let's find out. I'm only looking at the version, but we'll look together here. Yeah, I'm looking it up right now. Yeah, so it's still a thing. It still exists. Free open source UTM for home networks. Indian firewall community. So it looks like this still exists. At least the webpage exists. Yeah. Where's the download? At the top. It says download. Oh. And it takes you to Sourceforge. Okay, so they still have that one still available. Last update. It's been almost a year. Well, 2022-330. Yeah, that's not necessarily bad. No. Because it's the base OS. There's probably package updates after it. So, there we go. It still looks the same as when we used it years and years ago. This is, for a little while, we used this before PF Sense. Recommended projects. IP cop. Yeah. No. IP cop is dead, but I think IP fire is around. There's a couple other firewalls out there. There. I don't know. You can still get the untangle as well, by the way. So untangle, a risk has not done anything bad other than, I'll throw risks out there on this. They removed the free download without registration. You now have to register your home user edition, I think. They don't charge for it, but you have to register it. I think that's, I don't think, or maybe they, I don't know, they did something with the free edition, where you have to go through and like, request the free edition now. But so it's not like there's only an option out there. I didn't know Willie was a user. Willie, how's the user of that as well? Huh. It was a good, it was a great firewall for a while. Now we don't use this and people ask me about doing a video on it. And it's just outside the scope. Vios is a command line German bios is really powerful. There's this guy that made these great videos and how to build a 10 gig switch with bios. It's really weird because the guy doesn't really have much of a YouTube channel. He's got like four amazing videos that are very detailed of how to use bios. And they're well put together. They're well like, uh, animated and all the graphics. And then he didn't make any more videos. I'm just like, he just showed up. I don't know where made these great videos on bios, the best ones on bios with lots of views, but there's not anything else on this channel. Yeah. Mono wall was the, was the before PF sense. We had Mono wall. So yeah, there's that. I want to do one of those like, what is it the old, like the LGR, how do you do some of the old hardware? I want me for April. Uh, we're going to review an old firewall. We're going to have to find old hardware cause it won't run on some of the new stuff. Uh, let's see. Now, do you have that Cisco stuff pulled up Steve? Let's talk about that now. Cisco. Let me log into mine. Like the web panel for the AP. I don't have it plugged in. Oh, okay. What do you think? Describe your testing with it. Um, well, watches use wifi. That was a lesson. Yeah. Um, Steve didn't have a password on his wifi because well, he has his wifi in the basement. So it's kind of like this upward funnel. Yeah. You're on my front lawn. I see you. True. So in order to do the testing, uh, with the issues Tom was having with it with, uh, WPA three, I had to move everything to a network with a password in the process. I'm counting out all the things as I add them and a mystery device shows up. It turns out my phone pushed the updated wifi password to my watch, which then used wifi and sent me into a panic of, what is this device on my network that just got on here? You know, I'm trying to log in. I'm not sure why the switch isn't responding now. It was working. It's not, we're not happy. I can, uh, do, do, do, do. Grab a box. Yeah, we'll play. We were not as prepared as you wanted. I've been testing the switches. We're going to, we're going to do a more concise video review of it. Um, green one. Where did this go? Is it my demo lab? There you go. I found the IP address. I bet that it looks like I have the wrong IP address. I don't know why. Okay. It was still sitting there. I just, I needed the, uh, long thin cable I originally had it on. Yeah. So we'll log into the switch and where's the password for it? Oh, good. Good news. It's in bit organ. It makes me change the password from time to time, which is super annoying. You get to see it, see it all in real time here. Yeah. We only got about five minutes for that AP boots. Yeah. That's actually, uh, this is a little aggravating. Yes. And then the other aggravating thing about it is when you make a change, it knocks the, um, extenders offline. So if you're trying to make a change, like changing names, it applies the change, but doesn't actually send the thing and you refresh the page and find out, Oh, none of that took. Oh, actually it's interesting. What do you have to do to the, uh, extenders at the restart them? Uh, no, if you refresh the page, eventually it realizes it didn't rename them and then you can try again. Now the first thing I'll mention, besides the fact that this is incredibly slow, but these Cisco switches and let's pull them up on Amazon. Actually, we pull up first the Wi-Fi you're using on Amazon. That's the 140 AC, right? Uh, was that the lower one of the two you gave me? Yep. Yes. I didn't start the higher one. Yeah. The 140 AC. Part of the reason I'm reviewing these is I am dumbfounded by this for any of the complaints we have about it. The fact that you can buy a Cisco 140 AC for 85 bucks means it's an interesting and it's in stock, by the way. So it's not just that they're claiming it's $84. It's the fact that you can buy this. It's an available product and, uh, it's a, let me zoom in a bit here. It's an enterprise grade because Cisco 6 had everything. Mimo 2x2 performance delivering a highly secure, reliable wireless. Now the highly secure part, sure the reliable is the part we're testing. I, I did get it working. It's the extenders that they offer that seem to be kind of a pain in a butt. Um, that's where we're doing a little bit of testing because I, and I can't find this. You could find it on the Cisco site, but I don't currently see it on Amazon, but it was on Amazon before. Um, but nonetheless, this is actually a really good price for wifi. I, I'm shocked at how, um, and this is the part, um, no Telnet probably does have Telnet, uh, no licensing subscriptions. Yes. A Cisco device that's affordable without licensing descriptions or subscriptions. You're like, whoa, that's not the Cisco way. Like does the legal department of Cisco, are they aware of this device? Have they heard about it? How did this get passed legal? My concern is how long do they add one? Yeah. Uh, and you do not need a controller and you do not, it has its own web interface. So yeah, no DNA, uh, center tax on this either. I know. Now you're supposed to be able to connect it to the Cisco dashboard. That was a big fail. I did a video on how garbage the Cisco dashboard is. No one should use the Cisco dashboard. They do say you can, can connect it to the Cisco dashboard. If you get support with Cisco and you say the right incantation, I'm, I'm confident you can get it to connect. Um, but then you also find it not particularly useful. And then it's just broken. So this is not a miracle at all. So this is, um, completely a, uh, independent. You can set it up. Now it does have that ability, as I said, to be tied to the Cisco dashboard. But when I do the review, I will just reference and gesture that there's a video that you should watch on the Cisco dashboard. So I still can't log into it. I think it's still booting. Yeah. Oh yeah. The boot time on this thing is like five or six minutes. So there's, there's that. Yeah. Which has a long boot time too. The switch is kind of the same thing. I didn't like that at a clients. I rebooted the switch. I thought it wasn't coming back. It took seven, eight minutes to boot. And I'm standing there in a panic now, like, oh, this is bad. Yeah. But we have a VLAN configuration wizard. So for those of you less familiar with VLANs, it's easier than not having one. I'm not going to say it's good. I'm not going to say it's a unified level good, but it works. So you can configure these interfaces. You can add some VLANs and IDs to it and apply it and figure out what membership each of the ports are. And then it has a summary and you apply it. It's, um, here's your trunk interfaces. So it's still going to use all the Cisco naming schema, but it works. It's, I actually will do it. He even has an ACL wizard on it. In the switch, the let's go search this one too on Amazon. So actually let's send a link first. So I still can't get into this thing. So I'm still waiting on it. The web page will not load. It takes a long time to boot. Yeah, it does. There's a link I threw in there for, um, what do you call it? Uh, the link for the Cisco 140 AC and this is the, uh, Cisco business 350 here, uh, that I'm logged into Steve has the other one, but you haven't plugged it in, right? The 24. Oh, it's still in the box. I haven't made it that far. I was going to start with these just one thing at a time. I can grab it. It's well, I mean, here's the thing. Is it a 24 or 48 part? Again, it's not far. Yeah. The, um, this is a Cisco business. Yeah. PoD managed switch, eight port, um, full PoE, uh, combo. And it does come with Cisco's limited lifetime protection, but 346, it's not off the, it's not crazy high priced. I actually think it's a reasonable. What's is the model you have? Uh, 220 series. CBS 220. 24 P for X. 24 P for X. Yeah. So here's a 24 port 10 gig PoE switch from Cisco or $700. I mean, from that's, I don't know. I mean, are all the ports 10 gig? No, no, not all the parts. Only the, uh, these ports are, so these are not, but it is a PoE switch. So you get four 10 gig SFP pluses, but what's a unified 24 pro? The only difference in between the two would be two, uh, 10 gig SFP ports at that point. That's actually probably, I think similarly priced to the 24 pro. So yeah, let's pull it up and look. So I'm curious as well. So the switch 24 pro is sold out. It always is. Uh, no, there's a big price. Um, actually, no, wait, how many PoE ports does this one have? No, that's the switch pro. That's not the PoE one. Okay. We need the PoE one. Yeah. Yeah. I don't like unify as new standard for naming. Yeah. Cause there's the PoE switch 24 PoE. We need to switch pro. Which pro $700. Yeah. So it's the same. The unified one is really close in price. The only difference is, uh, two 10 gig SFP ports. And what is the power of the Cisco? Yeah, that's a good one. What's the power budget here? So we have 400 watt versus the Cisco. And does it have PoE plus plus support? Let's see. One 95 watt. Yeah. So you get half the power budget and possibly we don't know if it has, and no PoE plus plus. Right. And no PoE plus plus. So the unify has eight ports of plus plus and double the wattage. Yeah. So not bad. I mean, oh, they're pretty similar. That's the trade off. You lose a bit of power and PoE plus plus for two 10, two extra 10 gig ports if you need them. And in Cisco, reliability is not what we complain about with Cisco. It's functionality and licensing and general cost and yeah. So being in the same ballpark is not bad. So that's, I think this is a reasonable sways. Cisco's having into this market. I don't, I think it's a good thing. I'm not sure why Brett called. Make sure it's something important. Doesn't look like it's important. All right. Cool. Aruba is no better. Too many variants. Instant on is the same as IP campus. AP managed controller, but Aruba has far more features than Unify if you pay for it. I mean, if you pay for it because the standard Aruba is not dashboard is way, way less good than the unified dashboard. So I also hated when I tried to add a VLAN for a client, it wouldn't add it to the uplink port. Really? Yeah. I had to, I'm like, add this VLAN and it was actually pretty easy. I, it was able to, because I remember you saying it didn't have some functionality to like just mass add a VLAN when you used it. They did add that, but it didn't, it wouldn't add it to its uplink port. I don't know why it would, you had to go in and then manually do it on the uplink port for some reason. Weird. Yeah. That's, I don't know, interesting thought experiment. Would you prefer unified by Cisco or Cisco by Unify? Neither. Neither. I think those two people can get along. And I just don't want to see either one of that at all. I don't even want to run into it as a thought experiment. You know, I'll address this one head on. Ordering Cisco from Amazon feels dirty and like a full on scam. Not really. And the problem is the vendors have made it so difficult to deal with them. What's that one company we really hate that we only buy because they have something in stock. Because they make me do the wire transfer stupid. Oh, street wave. No, not street wave. They're the other one that Brett likes. Brett. Oh, street wave. You had to do the, you had to ACH stuff as well. But street wave was easier to deal with. Yeah. The other one that has a really hard quoting system too to get. Yes. But there's some of the vendors like the. They're so garbage, like dealing with them is so hard and Amazon is so easy. I'm like, guys, there's a blueprint you could use because they hate when we ask for a price and something because it's not illicit like call in their system when you log in and then the sales guy wants to talk to you. I'm like, I don't want to talk to a sales guy. I want this thing you have. I want to pay you for the thing and I want you to shit me the thing. Right. Um, I've been, you used to be able to get unified stuff on there, but unified wanted to push their own market. And where their problem was is people were going to, and that's actually how the price was actually lower than when you used to buy unified direct. People would go to like streak wave or Ingram Micro or, um, double radius and buy thousands of them and just go resell them on Amazon. But they were getting a lower price for them because they were just both buying them. So they could still put a markup on it and then still sell it cheaper than. Yeah. Oh, there it is. Brett. Brett. Yeah. That company sucks. I'll call them out publicly. They suck. If you're dealing with them, I'm sorry. They just, there's not a company that can make that harder. Oh, see, I need to get the option to like put the stuff up on the screen. Uh, all right, we'll work on that next time. I'll make you unified stuff is harder to buy than sneakers or Taylor Swift tickets. Um, we have a client who has like a dozen different unified accounts. Oh yeah. To get around the limits. Yep. Yeah, we may or may not have gotten in trouble. Um, ourselves when we ordered from different accounts, they finally wouldn't ship them to us because we're ordering on different names and shipping them to our office or something. They realized because they're like, you're paying with the same card. Something like that. And there's other people that have dealt with Sinex. So Jeffrey clearly has dealt with them. Oh, yeah. And there's, I hate the Cisco vendor license incorrect. Tried to pay for software support and older firewall CW. They can never get to work between the two companies. Keep pointing fingers at each other. Yes. You know, and I know he can't. My friend can't talk about it publicly, but um, one of the funny things was we're, I think my friend was telling me how Cisco tried to reword the word perpetual when they sold a perpetual license or something. The legal department came back. Like you can't reword perpetual. You send us a renewal on the perpetual license agreement that you sold us. Well, you know, perpetual, but it's not perpetual forever. And you're like, oh, no, no. I don't know what that word means. Yeah. You can't redefine words in the English language. Sorry, Cisco. Oh, this is fun. I can ping the AP, but I cannot log into said AP. Boy, we're off to a great start testing this. Yeah. Yeah. It was working at my place. It worked here, but the first time I plugged it in, like I said, it wasn't broadcasting anything. It sat for like five minutes. I did some other stuff around the house came back and then started getting curious and realized, oh, there it is now. Yeah. Um, use different cards and shift to different addresses. There's ways around it. I mean, they don't seem to care that all of your email addresses come from the same domain. That at least doesn't seem to flag anything that I can find. So that's like a thing. Um, but, you know, our feelings overall on these, like, I think Cisco's making some headway into this. There's Cisco dashboards garbage, but at least the products all have local web interfaces. So that's the thing. A local web interface that I can't figure out how to get back into your 240. I had to use the phone app. Now the other one I gave you, we haven't tested yet, but I think that one actually, one of them does require a phone app. And then I got to load a phone app. I'm done with it. I don't even need a run. You stop. Have a QR code. The review stops at the, oh yeah, the QR code. Oh yeah. Because so. Me, I'm going to pull these up because so I can show people what I'm talking about here. Let's go 140 AC extenders, vendor kit. Oh, unavailable, but here's what it looks like. So we'll share this. I have one. Well, I have it right here. So we can show them. So there's just this go AP and there's the extender kit. And actually maybe I've got a closer picture if I could look at it from Cisco. But I want to show people is the stupidity of this. I like, hey, there's one on eBay. Let's go. It's the one on eBay. Here. They look like this. A little less blown out maybe. Yeah. So literally just like the little, if you've ever seen the little net gate wall plug. That's what they are. They just have a single plug and plug right in and sit on the wall. Yep. Simple. I have a Kensington lock. You could lock it to something, I guess. Yeah. But the part that's so stupid about these is the way you adapt them in the way you adopt them. Adopt them. Yeah. So the problem is by just putting the MAC address in. That's all you have to do with these is with the MAC address in. The problem is they don't have the MAC address on them. Someone at Cisco is like, hold on. Well, yeah, you got to scan a QR code to get the MAC address. I hate QR codes. Yeah. So you can use a standard QR code extract or extract all the data. There's more data on the QR code than a MAC address. And then grab the MAC address out of that data that you scanned with your phone. So then you can put the MAC address in the Cisco. And I'm like, why didn't they just print the MAC address on there? So I printed the MAC address and stuck it on there. And I'm like, this is my solution to it. So I don't understand like that. Like that's not a friendly way to do it Cisco. No, just print the MAC every unified device. I can find the MAC address right on it. Why is it not on this? That it just doesn't make any sense to me. These don't even go for much. I'm looking on eBay right now. No, that's not the 140 AC. These are all. I'm going to reboot that because it is not. Yeah, it's just not showing up. Well, and the other problem is because I cloned all my Wi-Fi to it. I actually don't know if it's broadcasting because technically I would see the ones from my AP. Yeah, they're currently not available. The the kit, the kit was only like it was under $200 for the kit. So two extenders and a Cisco one, if they work are actually pretty good. Like, I don't think the pricing is actually better than reasonable for a Cisco. So you also have to be able to buy them. Yeah. Yeah. The extended kits are out of stock, but the 140 AC isn't like the 140 AC is currently available. So it's not bad. I mean, I the little bit I played with it so far. The coolest thing I like about it is you can set up a guest network and then set up a guest user with a password that expires and it will redirect them to a captive portal, ask them to log in and after they they can log in, they can get internet, but you can set it. Yeah. This accounts only valid for anywhere. I think they said from one minute to one year is what you can set the time frame. So that's cool when you have like an Airbnb or something. And you know, user books the space. You create the password password dissolves after this time and you don't think about it. Dumb. Isn't the Mac address the same as the B SSID? We haven't had time to really examine what it's pulling for that. It has multiple broadcasts on it. So I don't know which one it is on this system. And it's just weird how you pair them because there's not even I don't even think there's a reset button on those. That's kind of a security problem. Is there a reset button on them? It's really tiny and blends into little ports on the side. But it's there. But you don't touch those to adopt them. They blink one color unadopted and they go solid when adopted. The way you adopt them is you just drop the Mac address and they attach. That's it. Which I thought was just kind of weird. I don't know if that's a security problem where I mean it'll be kind of weird. But I don't know if that's a security problem where you grab the Mac address off them and then pop another Cisco and take over someone's adapters. Yeah. I wonder we don't have another Cisco to try it because you have to have like the matching AP. Right. Yeah. It only works if it's already adopted. Can I adopt it again? Yeah. So it's like well and it's your thing. That's a crap show. But saying that if you know the switch port you can find the Mac address. If your switch can show but these the extenders don't have network ports. They're nothing. They're Wi-Fi extenders with Wi-Fi backhaul. So yeah. That makes them that much. You know. They're weird. I don't know. I don't know how well I trust Unifi's client isolation versus separate VLAN. I would prefer separate VLAN rather than their isolation. Honestly. In case there's a mistake made. I mean I don't know of any problems with it. I don't know. You can still get to the gateway which is a problem. So technically I could still get to a pfSense login. It's good when you don't have VLAN aware switches or the VLAN functionality. That is a very good thing to implement. But whenever you can you should use a VLAN. Yeah. So it's kind of I don't know. We always build a separate VLAN. Even if we check the guest box we're still putting on a separate VLAN for our own sanity. Yeah. The only time we don't do the VLAN is again if the client got an AP because they just needed wireless but they don't have any of the other equipment to do VLANs. Right. Which not not too often. Most times we're going to put in proper infrastructure for them because proper infrastructure has become much more affordable than before. So. And people are becoming they're more accepting of it like it used to get more pushback on well why do I need to buy all this. Now they're like yes please let me buy all this. Yeah. And I see someone said you know stop being cheap to Wi-Fi extenders that are not the way to do. I really don't see this as a small business. I see this as a home user thing. Apartments. Like you can't drill in the walls or anything like that pop a couple extenders in done. That's you know I think there's a good market for it. That's why I want to try to get the review done but these are the aggravations I kept running to it like it's just a quirky product. And so I started testing it. I got angry. I give it to Steve. And I said now getting angry. Yeah. Who was also experiencing some of the same weird problems I found with it too. And I just want to make sure it wasn't me. And by the way I was powering this office Cisco switch just so people are clear it was Cisco switch powering a Cisco wireless because I didn't want a conflict saying oh it's because you plugged it into a unified switch. I had the same problems with the unified switch and the Cisco switch for the it being quirky. And I agree Veronica here as well. It's how with how easy unify makes me lands. I've always preferred that their client isolate to their client isolation. I agree. They make it simple and unified to do. Just do it. Yeah. I have no clue why I can't get into it. It's rebooted and came right up again. And I can't log into it still. Huh. Weird. And it but I didn't even see where I renamed it because it shows up my PF sons with that name. Oh. So the web interface has decided it's it doesn't want to do no more. Pretty much. I didn't make any not make any network changes to it. I just renamed it. It's all I've pretty much done was rename it create the SSIDs not unless it. I will try it later. Maybe it has some kind of rogue shut off mode because it sees my other AP that's. That would be so stupid. That would be stupid but it's a stretch. That's the best I can come up with. It's plugged into my unified switch. It's powered. It's lit up. It's pinging. Yeah. Yeah. We actually can see it. We can ping it Eric. So we know it's something we don't know where it is. Well he's doing it saying find the open port but. I've just moved and if it did well that's a new problem. That's happen. Yeah. I booted today and decided my HTTPS port is eight four four three. Why? Because we we think for security reasons we're going to randomly rotate what port this is on. That would be wild. Cisco does stupid UX very well. Blame Amazon. We didn't buy these on Amazon. Cisco sent me these direct. So my dumping on Cisco is coming at brought to you by Cisco because Cisco actually thanked David Boombull. So first me and David do a video together about PF sense then we do a video about unified and then he says hey Tom I know he's he used to do he used to work for Cisco. So he goes and does a what do you call it he does a connection between me and Cisco and Cisco says hey we'd like Tom to check out our small business lineup and Tom says sure and here we are and that's how Tom did so far this did not go well for Cisco I'm going to go with the light means oh is it blinking a color it's just blinking green oh I tried that too Eric but thank you yeah David David did some really good interviews really good videos on a lot of topics so so David a lot of topics so what model was this the he's got a great Cisco VLAN hopping video because Cisco does things different than Unify people always ask about VLAN happening and it's so specific the way you have to get in between the trust models to do it he's got a video doing you a Python how to how to inject stuff into different VLANs with Cisco but that same Unify and actually someone pointed out in his video on that that the way he set it up is not actually a default setting on Cisco now I don't know Cisco will enough to answer that question so it sounds like it's not usually how you would configure something so you can still lock these Cisco's down properly so successor you giving up I went to the I went to the sheet for it LED stages during startup there are three different green blinks so blinking green slow and even loading drivers and services blinking green fast initial startup booting kernel blinking green slow flash finishing startup ready to receive clients what is slow yeah if you don't have a reference worse than even blink what is considered fast what fun what fun and the worst part is these have a red green amber LED they could create a number of combinations to say hey this is what the AP is doing and they just didn't because why so supposedly it's still either on initial startup or loading drivers I wonder if did it die because I unplugged it that you killed it by unplugging it it's your fault Steve probably I literally all I did I had it working yesterday played with it a bit and then just said you know what let me get the password set up doing my unified because every time I make a change to the Cisco I get sick of waiting so I unplugged it that that's it I think this is still a problem for all the Cisco so let me look again one of the bugs you run into is if you try to SSH into some Cisco equipment they're only supporting the old version of SSH that was the Cisco small business switches that I'm like why do you only have an old version and deprecated a deprecated version of SSH the encryption keys so you had to go into your I'm using Linux you had to go and basically remove them they're blacklisted as in these are so bad and so old you shouldn't use them you have to turn them on and basically allow older ciphers to be used on your Linux machine so you could SSH into your Cisco machine because it didn't support the new cipher I'm like this is a new product this cipher was deprecated in 2016 the product wasn't announced until like 2018 or 2019 so yeah Cisco's just got quirkiness to it yeah I might have to reset it I don't know I don't know I'm gonna just leave it there plugged in for the next like hour and we'll see what it does yeah just why are they so silly you know what though this is the same problem we had with that Aruba AP the one time we unplugged it the client wanted to see if we could reset it we hit the reset button and it bricked the firmware in the process and because it was like one of the HP Arubas that you had to have their business level support for so the firmware's hidden behind some cryptic login we replaced it with the Unify yeah apply where's this where's the save icon I know I have to hit it to make this work there it is you have to wait until save icon starts blinking yeah I noticed that on this one too yeah you can't just save it like after you do a command you have to wait so let's see I turned it on see if I can SSH into this and what version of SSH it uses or did it did turning SSH and reboot it this thing is so painfully slow for anyone that didn't know that already yeah that's actually probably my core complaint with the AP so far is just how the little bit I had at working it actually seemed to work really well I thought it was going to be a good product right out the box and then I'll reboot now I'm like oh this is well yep same error unable to negotiate with no matching key exchange method found so yes they still use the old key methodologies in here so that's still a thing so in case anyone's wondering I can we'll share it real quick present share screen yep this is the this is the message you get when you try to log into a Cisco you have to turn on old key support because they don't support modern keys and modern systems thanks Cisco making my life harder Aruba support portals as painful as HP Firmware I don't know HP Firmware's pain so much pain yeah we gave up we couldn't get the firmware for it we scrapped it I think I think Tom uses a prop a couple times in videos and it's I think it's gone now oh the Aruba one yeah yeah it's it's kicking around the shop somewhere I think we saw one that works but we had the the dead one I think we got rid of oh that's right yeah we had dead one too yeah that was the one it was just bad firmware we couldn't you gotta you know offer your firstborn child to HP to get the firmware because you bought it in this timeframe where we decided this is what we were doing today um I don't know let me look if I can't remember I think there might be a council port on this I feel like there is I know both of us are tired I I started playing the rising and then I stayed up all night yeah I'm I am more tired and I kind of same thing I didn't didn't sleep as well so let's stop present chair screen chrome tab uh yes there's a council port on this so there's another way to administer it um I don't know I haven't tried regenerating the key but it's not the key it's the fact that it's using such an old cipher I don't know if there's a way to change which cipher it's using I don't see it here you'd think this would be an option but maybe I'm wrong maybe eventually the page will open yeah that's the problem I'm having yeah random question I have a Papa West uh 2024 ACPO 16VM in XUG when I RDP my windows 10 PC Papa West actually being installed the mouse deleted everything is slower how to fix this I have no idea I never RDP with Papa West so I have no idea Jay would be a better person to ask from Lorne Linux TV I keep looking up like did it boot no incompatible Cisco port key algorithms yeah yeah Brett's been driving for you Brett's traveling today so well these don't have a console port now the next model up that's still sitting upstairs that I haven't got to yet those actually do have a USB I think USB-C console port yeah that's actually right I think they do have that I think you're right on that yeah I remember I popped a little plastic cover off on it but these ones don't have anything not unless it's hidden back here but as I say not unless it's hidden back here but then this plug comes off and I can't turn it on so how do I cancel into it yeah I no idea just stupid all right Cisco are now in a void are now my avoid list with 48 QNAP and Dell switches like QNAP as a whole or QNAP switches do they make switches QNAP does make some switches I don't know if they're any good we had somebody with the Synology switches before it's they're switches I don't know yeah Synology made switches I think they make some networking equipment they make a firewall or something they make firewall yeah I've never used it and they asked me if I want to review it and I was like no yes I would try it what's it cost I guess is the big question it just looks so basic it let me pull it up for you I don't understand why they got into this market that's basically I don't understand Dell doesn't make a switch Dell is a rebranded whoever sold them the cheapest thing that day yeah pretty much I have a Nintendo switch does it sound like you get rid of these I'm googling Synology firewall and it's not showing up maybe they did are they just continued already I say I don't think they were a high selling product they were never I don't know I googled it and it doesn't actually come up interesting it comes up with a help page of how does configure your Synology firewall what was there so share this tab they're gonna say they still have all the support pages for them I see them from time to time but I've never seen I mean tell me it doesn't look like it's just a fancier like this like it's I like it I want to demo that I don't think that doesn't look half bad like go back to those specs Wi-Fi 6 mesh yeah they don't they're not bad 2.5 gig ports 2.5 gig ETH dual gig a bit 2.5 gig dual WAN what's the cost on something like this that actually doesn't seem too awful 219 wow that's I don't know I don't look at home router as much so I don't know if that's a good price well for having 2.5 gig support and Wi-Fi 6 I mean it seems like there's there's people out there buying Orbeez yeah that 200 bucks a pop for way worse of a product yeah so I mean there's that there enhanced the kit they have the AC model the antennas are on the outside does that make it better 149 I have to admit I feel it does I like it better I've never had a router with antennas on the inside that I've been like man the range is impressive hmm only if they're giving us one for free I'll test it and then give it to someone they have a pretty website 119 for their MR220 so that's really cheap yeah but now you're back in AC 5 gigahertz yeah but still I mean it's yeah you want me to get one for the office no like I said I wouldn't be opposed to testing one yeah and I'm just reading all these comments yeah um I don't see you with your backup schedules Delta every day full backup every week uh yeah pretty much I think that AP's broke it's just broken it is still blinking yep so I'm gonna call it dead and reset it later oh I didn't know Willy Howe had reviewed it out the look uh the show it really went better on the outside when they have independent power yeah I mean ultimately it comes down to the architecture because uh ha ha ha call it Abe Lincoln hmm hmm ha ha I mean it comes out to architecture you look at the unify stuff you're there's no external antennas on looking things but boy they were good so I mean I have Wi-Fi out in my yard and I don't have any antennas yeah but they they actually put good antennas in the yeah we've taken them apart they look really cool yeah most of the most of the router manufacturers especially the home ones when you break them open they're just the little diode antennas you find in a laptop versus the unifies are like they're what that big them on the stadium hmm yeah they have a bunch of the arrays on there I'm going to wind this down I think it's six because I'm yawning why are there $1,500 for three Orbeez what I didn't even know they made them like past $200 they're that I have no idea what they cost they used to be they had some cash and stuff or I think a pair was like $350 or $400 or $450 like yeah I mean neck here or they came down a bit looks like you can get some of the these are these are used ones for $109 okay yeah there you go Wi-Fi 6 $350 a piece yeah I just don't have time people ask me every now and then about like the home equipment I don't have I don't want to years ago it's I did one for a client I wasn't that impressed yep they could have literally thrown the Orbeez system out put in one unified access point and had the same coverage the most secure way to replicate ZFS um over a VPN I that's kind of a I mean when you replicate ZFS it's not really a security thing it's replicating data I mean I don't have internet do it across the VPN if you're dealing with a remote site so I need more context to be able to answer that question better uh Nick you're lost in the first use Windows only uh client on switch config it was years ago but still annoyed um yeah there's a few companies that did things like that they used to Cisco didn't Cisco in the early days making you some stupid Java client to be able to update anything on their I don't know I I don't know I went from command line Cisco wait this is stupid use unify yeah um I have a video on using TrueNAS to prevent ransomware it can extend to the ZFS because it's just a matter of setting up snapshots but I have a video covering that as a topic I cover it both for Synology and for TrueNAS and it's not that it makes you worry about the snapshots being part of what got destroyed those messages were not for me where's the other one here and why were you on it so much I'm not no well that hurt you you on no I was looking over and still being frustrated with that switch or the AP well doing it live has failed us yeah I'm gonna reset it weird that is weird it died it's just so weird though because like I said I actually had things connected to it and used it for a little bit yesterday and I used it for a while without the extenders I used it for like a week I had it working with the extenders I just didn't have the password net to test the WPA two and three fun stuff it's camera shy yeah I think it is I think it might be in a boot loop yeah are you using two smart phones for OTP codes for work or personal related no I don't use my we'll go with that further I don't use my password manager on my phone that is don't do that another step like I don't put it on there because my OTP codes are on my phone I don't honestly I don't even consider my phone for personal use there's not Facebook or things on my phone either because I actually don't like using a phone that much so it's kind of and so there's OTP codes on my phone that are also secured I'm using Aegis for that they're locked you need biometrics or a password unlock the OTP codes but there's no other passwords on my phone so that creates a level of inconvenience but such is life oh man fun stuff did did it boot at all no I gotta find because I'm also I haven't eaten so it's goey I don't know let's just say I might wind this down I'm gonna reset it that I've resigned myself to it's getting reset now yeah because I think it I notice the light kind of fluctuate blinking a couple times I think it's stuck which is concerning yeah Aegis is an open source tool that you can get sorry for people that are using iPhone it's not available I guess the new question is how do you set this thing because that button says mode not reset fun stuff yeah this is back to OTP but if I need to store OTP for personal OTP for work should use two different apps to have separation I mean I don't think having personal OTP OTP I mean would I allow it no I mean for it's kind of fuzzy it's I think of too many things to have personal OTP because some of the personal sites and I guess I just don't have any personal sites I go to that OTP Twitter does is Twitter's personal or business for me I can't tell so what is the potential risk though yeah like I don't think it's a big deal if Steve has his personal Gmail OTP and his business Gmail OTP using Aegis I don't think that's a big deal on his phone like yeah what's the attack factor right what is the best hardware workplace for Google Workspace I don't actually have a problem with both the UB key or either the UB key or the what's the other one I used I did a video if you type in Fido I did a video on another Fido key both of them are fine because they're both part of the Fido Fido organization so there's not really a best they both work fine this is the name of that other one trust key so the trust key works fine too it's trust key is part of the Fido Alliance don't rate the Google auth versus Aegis I don't know use the UB key for OT holds the key and can get with any device that you need yeah UB keys are good I just mentioned one of these because people are asking if there was an alternative I tested it it works fine I tested with it so that one's pretty good yeah trust key I thought using OTBS was bad if the phone dies or if he dies someone could hack the account which is much worse I mean someone needs to be able to grab your phone and have your username and password so they need both things so it depends on what's your threat level are you a CIA operative and there's someone after you so then they're going to use a wrench yeah there's going to beat you with a wrench into you unlock your phone that's the more likely scenario you'll run into whichever we'll just pull up that XKCD for those that don't get the joke eat them with this wrench here is the a crypto nerd's imagination his laptop is encrypted let's build a million dollar cluster to crack it no we can't do it what actually happens his laptop's encrypted drug him and hit him with this five dollar wrench until he tells me what the password is yep yeah we were going to talk about what is the other thing we were going to talk about seems like we did have something else Cisco the Sentinel one and Cisco's fun so far yeah hey it's solid green oh okay after a reset I don't know if the reset took I was supposed to hold it for 20 seconds I didn't mm-hmm well that's fascinating it was solid green right up until I hit enter on the web browser to refresh the page now it's blinking again how can you bypass XKB back up encrypted you can't you don't you can't if you have an encrypted VM you're not going to run those tests automated tests on it because you got to type a password in so if you if you got a boot password on there sorry about your luck you're not going to be able to you cannot shut down this is the trade-off with security mm-hmm if you set a VM so a VM that has a password on each boot then it's going to have a password on each boot you're not going to restore it automatically that's it's not it's not an option it'll restore it just won't boot right now you're going to be stuck at that password screen let's talk about workarounds this is a Linux workaround not a windows one you could in theory and there are I don't maybe there's a way there is ways to do this in Linux you can set up a key server let's say that key server is a raspberry pi it can be anything on your network and what you do is you have the Linux machine reach out to the key server you can find some write-ups on how to do this if it finds said key server the key server issues the unlock command and the VM boots but if someone steals your backup and they load it on their home machine or wherever they're loading it they try to boot it up the key server won't exist on their network so it won't boot up it doesn't have the password the good and bad you have to set all this up and it has to work well and hopefully your key server stays online or your VMs won't go online next the real challenge is making sure they don't steal the key server as well so if someone gets a hold of the key server then they you know they've got it then so you're just kicking the can down the road on there so either you have an encryption and you don't want anyone to unlock it without knowing the password or you create a key server that can be talked to and do this and those are your options another option kind of a side option is you can separate your data and OS and then allow the OS to boot but not the data part to be mounted because it's encrypted at rest for example let's say I boot up a VM that's an iSCSI extent and that iSCSI extent is where the treasure is so the OS if you stole it you wouldn't steal the iSCSI extent where the treasure is the data you're looking for that would allow it to work as well so there's another way to do it same thing with TrueNAS encrypted drives because that's a with the TrueNAS encrypted drives people say I want my TrueNAS to boot without a password but I want it to be absolutely secured I'm like I'm sorry if they want someone to protect the keys I'm like they're going to if you have the keys on the server and someone physically takes the server and it doesn't require a password there's not a way to really make that work hey Tom I just finished watching listening to your S1 Huntress detection video do you think Threat Locker would have prevented this by not allowing all those connections do you guys use Threat Locker we do not and Threat Locker is an entirely different conversation because it becomes a management nightmare if you have time if you have a client that's willing to pay you to manage it and you have and this comes on to the client if you have a client that has a diverse amount of software I talked to an MSP recently and they had to remove Threat Locker from their accounting firms because the accounting software just was too much of a pain to keep up with Threat Locker too many they get an update like every week yeah and every time they updated and for those of you not familiar with it Threat Locker is a whitelisting program that says there's other companies to do it Airlock Digital is another one I've thought about evaluating because I think they've got an interesting product there they've done some reviews over on Patrick Gray from Risky Business he's friends with the people over there I've looked at some of these but they always come down to management I mean can you lock computers down to an entire whitelist of only the software it's allowed to run yes until there's a minor update for that software and it doesn't run then it's going to flag it and then you're going to go okay I got to allow this software to run so you're constantly investigating it it's obvious so it comes down to time it takes to do it and Eric's got the best answer right here if you just want to bypass encryption just use that NSA backdoor yeah so hopefully that makes sense needs a full-time babysitter I've talked to several MSPs it's just all things like whitelisting is the holy grail that we all want to get to but it's just not you've mentioned some of the manufacturing clients that we talked about earlier man they run a bunch of weird software it's stuff that gets flagged by security tools because it's weird software and telling companies that have weird software that they can't run weird software are challenging or even you know the look at the big push we have clients hold on my monitor is like off by like a degree and it upset me we have clients who use QuickBooks and as more things used to move to web apps it becomes more viable but we got clients who can't move to QuickBooks online because the online version doesn't do what the manufacturing version does we have and then you also have the holdouts of well we've used this software for years we can't just change a process yeah so it's not easy I think it's mostly used I think it's a really good fit for newer we have a lot of web apps yeah and it's actually we have clients that you could lock their computers down because everything they use is a series of web apps they have they wouldn't know you locked them down they don't open anything on their computers we have clients who at that point just get them a Chromebook we have a client who actually few clients we did that for like everything you do is online get a Chromebook yep we have that one there's a company that does gutters they don't use any applications so it's weird to think that a company in that space would be able to do it but they can they just bought this cool app that does everything in a web interface so they can just use the only computer that uses a couple of computers is they have a couple of accounting people that use a QuickBooks but most of the staff can use a Chromebook they're using the old Chromebox even hooked up to a big touchscreen TV and that's they just drag appointments around like this truck has to be at this house yep what do you think about setting up TPM to unlock full encryption on drives and laptops instances of taking a password yeah TPM is another option yeah it just depends on where you're threat modeling for if you want to use you want to unlock onto TPM that doesn't solve someone physically stealing your server so if your threat model is not physically stealing the server awesome you can use TPM to unlock it you know just it comes on the thing you really secure is deeply inconvenient of typing in these silly passwords but is your worry that someone will get a hold of your backups and then load them on their system and extract the things they want out of them so yeah QuickBooks could take down the USA and economy ah I think it's dragging it down to some extent because god I hate that software yeah but you know it's an interesting thing if there was ever a supply chain tech it would cripple small businesses across America maybe because how many small business older small businesses yeah but then again how many small businesses are updating to the latest QuickBooks look at our mechanic who's still on like 2004 mm-hmm on the computer without internet yeah web apps are great until the internet goes out yeah the reality is that's fail over internet I just set up a we had a client that happened to um when we had all the power outages their internet was out they were running with cellular hotspots and then he's like wait couldn't I just buy one of these and have the firewall do it and take care of everything and I said yes so he went out and bought one and I just set it up yep and this is not a realistic statement anymore because the way people build the web apps now and everything else it's the reality is we have clients who have local servers with local stuff on there you know what they do they do it with their cellular thumbs because they can't call they can't email they can't send quotes to get things done so it's the internet has become not like I want it it's like I need it to do my job to make the phone calls to send the email to conduct business it almost doesn't matter if the app is in the cloud because if you don't have the internet you can't go anywhere by the way a lot of people because they work from home lots of professional services they go home and use the internet to connect to our app matter of fact when the internet has gone out at branches where my wife works she just is like cool I can just work from home the only people who really can't do it we have some people who do like large CAD designs and the files are just so massive it's not practical to do it out of the office but even then if their internet goes out they just can't make phone calls or send emails they can still work this is what's on and this is what it comes down to you know security I'll say security is a bunch of tradeoffs example being Threat Locker and Theory Threat Locker to prevent many issues with management I mean in theory it's it comes down to budget you could always say sell the client everything and the client has to weigh this out of okay I can get all these things how much is it going to cost and then you're like oh because it takes this many of our staff to manage your system here's your cost and they're like we just don't make that viable they have to work in how to increase the cost of whatever widgets they make or product they sell to justify how much more IT would cost it just becomes very huge and cost is you know cost is one factor but then you also have the workflow disruption factor yep people end users and non-technical people will trade off security all day for convenience and they're going to view hey I have to call the IT guys because there's a quick books update as an inconvenience that's why so many companies so many places have computers with the user having local admin because they don't want to have to make a ticket call someone just to yeah Chrome needed an update or quick books has to load this update yeah it's always figuring out the tradeoffs are using Zora for Pia Blocker and I see Eric for business Pia Blocker is more for personal what's a widget oh what's a widget what's it is my and it could be I'm guessing maybe you're not a native English speaker I don't know widget is the is the generic term for whatever a company makes I don't know what they make or I'm not being specific about what they make so we'll just say they make widgets where does that term first use I wonder that's a good question like I'm that I could and that exactly that question what's a widget what was that movie with Rodney Dangerfield back to school where he's in the business class and you're opening up a business making widgets and he's like what's a widget yeah all right well we will conclude this the Cisco stuff at some point in time when we actually get it working probably I was excited for the longer cable so that I can reset it yeah oh good he was actually quoting that oh okay got it yes back to school Rodney Dangerfield boy that's an old movie 1986 wasn't even born yet if it works yeah we're to the if it works part of this portion Eric I'm not happy about it yeah oh yeah it is just as I was you don't make easy to I need updates it's just a mess I was 10 yeah that's about the age I was and so Marty we're like watch so all right well thanks everyone for joining us sorry we didn't get to show you the Cisco but we kind of did review it we showed it physically I held it up the initial tests with it were going really well and it went well until it didn't so now we're curious what makes this happen like did the firmware get borked from unplugging it that shouldn't be it shouldn't be but I mean this is you see it this that's it that's all it's been doing you saw the Cisco folks move along nothing is here literally it won't boot up my experience is a glaring review the other one might be cut short too if I plug it in and it's hey go get our app and use your phone no thanks yeah we don't need the phone app for that that is just I remember I was hot with Holly and we went to a restaurant and I just lost it because I'm like where's your menu and they just point to the side and I'm like it's a QR code I'm like you're a food truck with five items I'll pull this up this is my back scratcher for any wondering that neck eight sent me by the way swag if you want Tom to have swag that he will fidget with and play with and use it's a back scratcher it just this thing is stupidly fun I don't sorry that probably came through the mic yes this little thing is stupid fun they sent us a few of them this has been my favorite photo log in same thing it says Francisco 240 AC uses phone app only okay and that's the other one isn't it what's the other one 240 it's a 150 AC okay so all right well now it's red so I think it's trying to do something we have a few of these at the shop Eric so you can come get one so the next time you're at the office there come get your neck eight neck eight now he moved his mic and shot at the start yeah I always I always move it it's not the same place ever because I bring it in I bring it in for videos and when I'm done doing the way I record for these I have a shotgun mic I record that you know this is not in my videos that I do for YouTube so this is only here when I do live streams I know I'm trying to get mine so that yeah challenging for sure I'm gonna go eat some pizza neat I'm gonna try to fix an AP and play v rising and talk to Eric what if we buy some random vice meets the swag oh that's the night for on to talk about I'll talk about next vlog there's these maybe I'll have them I made new shirts I get I got a couple more I'm uploading I came up with some new designs so and I'm gonna do a new shirt new shirt order I actually ordered but I'll get some for the staff as well I just want to see how they turn out first because it's new designs but so I'll be mentioning that there are shirts stores linked in all of our videos so if you're looking for any of the shirts that we have like my cult of ZFS shirt I'm wearing right now but we're also gonna make some I have some mugs and stickers let's pull it up before I go here where is my Teespring store link I gotta look at my own videos I think that's how this works I don't remember the link to it I know where it's at though I'll pull up the new shirt we'll leave people with that so they have something to look at I forgot I did the other shirt and I forgot to upload it we have our cat shirts we have this is the one that I think is kinda cool that someone might like my cloud is 12701 so my cloud is at home I figure that resonates with the audience I have here we also made a mug out of it made a mug a sticker but I have a couple more uploads I'm gonna do we do have a cat six mug too so if you need six cats on a mug we got it and I'll leave you with this one this is still a favorite working with strippers all day keeps your crimp hands strong I miss the nasty one oh yeah I'm gonna work on the new one of that so yeah so we have these shirts in our shirt store Corey loves that shirt yeah and bash I think we have one that says bash the like button too so how many stickers for that maybe we did we do bash that like button there we go I gotta do a better job of advertising it we have a swag store and we do have this one here just says keep your crimp hands strong I gotta go and post these again I thought this one was funny but it isn't really sold well I guess someone likes it yeah dense doing the clam routers I don't know why that is so funny to me I'm the only one that's funny too I get it that's alright though I like these shirts too the little running what you call it yeah these are not bad um alright cool yeah Eric likes the hoodie I think we we need to get you a new hoodie as well probably we'll work on all that thanks everyone for joining this was fun and see you next week and maybe if I feel inspired over the weekend I'll try to get this working maybe we'll have more news so the Cisco and it works yeah if we get it working maybe we'll do something over the weekend and talk about it I we gotta get it working I am actually legitimately kind of frustrated because I really I was excited for this and now I'm not I'm disappointed you've disappointed at Cisco we'll leave you guys with that take care