Podcasts about PfSense

In this week's episode we dive deep into both the psychological and privacy implications of social media apps. I reflect on my observations during recent travels, and explore how social media platforms are distorting human connections while simultaneously collecting vast amounts of personal data.The episode also tackles the technical aspects of email systems to the limitations of encrypted messaging apps, providing practical advice for maintaining privacy.In this week's episode:Listener Questions - Deep dive into pfSense vs OPNsense, mobile VPN usage, and dealing with license plate readersSocial Media Privacy - Analysis of social media's psychological impact and privacy issues with data collection practicesProper Account Deletion - Step-by-step guide for securely deleting social media accountsSock Puppet Accounts - Maintaining anonymous online identitiesEmail Privacy - Historical perspective and current state of email securityWhatsApp Security - A discussion on encryption and device securityShow Links:Support the Show on Patreon - https://patreon.com/TheLockdownGrapheneOS - https://grapheneos.orgThe Neuroscience of Engagement - https://medium.com/design-bootcamp/the-neuroscience-of-engagement-b50531a9313b"The right information at the right time is deadlier than any weapon."- Dolores Abernathy (Westworld)

In this week's show, I take a deeper dive into Apple's iCloud Private Relay, discussing who should and who shouldn't use it. I then discuss my latest article, “The Complete Setup Guide to pfSense for Privacy and Security,” and the benefits of an always-on VPN. Lastly, for those who are parents, I offer a discussion on privacy for kids and some non-invasive techniques for protecting them online. In this week's episode:IntroiCloud Private RelayComplete Guide to pfSensePrivacy for KidsListener questionsShow Links:The Complete Setup Guide to pfSense for Privacy and Security: https://lockdown.media/complete-setup-guide-to-pfsense NextDNS: https://nextdns.io/ Cron package for pfSense: https://docs.netgate.com/pfsense/en/latest/packages/list.html Private Relay Outage: https://www.tomsguide.com/phones/iphones/having-browsing-trouble-on-apple-devices-youre-not-alone-apples-private-relay-system-is-having-problems iCloud Private Relay Overview: https://www.apple.com/privacy/docs/iCloud_Private_Relay_Overview_Dec2021.PDF“You never had a camera in my head.”- Truman BurbankPodcast music: Recluse by Ray Heffer

https://thehomelab.show/https://lawrencesystems.com/https://www.learnlinux.tv/ Today's sponsor: Our merch! lawrence.video/swag https://merch.learnlinux.tv

As most of you have probably heard there was a scary supply chain attack against the open source compression software called "xz". The security weekly hosts will break down all the details and provide valuable insights. https://blog.qualys.com/vulnerabilities-threat-research/2024/03/29/xz-utils-sshd-backdoor https://gynvael.coldwind.pl/?id=782 https://isc.sans.edu/diary/The+xzutils+backdoor+in+security+advisories+by+national+CSIRTs/30800 https://lcamtuf.substack.com/p/technologist-vs-spy-the-xz-backdoor https://github.com/amlweems/xzbot https://unit42.paloaltonetworks.com/threat-brief-xz-utils-cve-2024-3094/ https://unicornriot.ninja/2024/xz-utils-software-backdoor-uncovered-in-years-long-hacking-plot/ https://gist.github.com/smx-smx/a6112d54777845d389bd7126d6e9f504 https://arstechnica.com/security/2024/04/what-we-know-about-the-xz-utils-backdoor-that-almost-infected-the-world/ https://xeiaso.net/notes/2024/xz-vuln/ https://infosec.exchange/@AndresFreundTec@mastodon.social https://github.com/notselwyn/cve-2024-1086?tab=readme-ov-file https://doublepulsar.com/inside-the-failed-attempt-to-backdoor-ssh-globally-that-got-caught-by-chance-bbfe628fafdd pfSense switches to Linux (April Fools?), Flipper panic in Oz, Tales from the Krypt, Funding to secure the Internet, Abusing SSH on Windows, Blinding EDR, more hotel hacking, Quantum Bleed, and more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-823

pfSense switches to Linux (April Fools?), Flipper panic in Oz, Tales from the Krypt, Funding to secure the Internet, Abusing SSH on Windows, Blinding EDR, more hotel hacking, Quantum Bleed, and more! Show Notes: https://securityweekly.com/psw-823

As most of you have probably heard there was a scary supply chain attack against the open source compression software called "xz". The security weekly hosts will break down all the details and provide valuable insights. https://blog.qualys.com/vulnerabilities-threat-research/2024/03/29/xz-utils-sshd-backdoor https://gynvael.coldwind.pl/?id=782 https://isc.sans.edu/diary/The+xzutils+backdoor+in+security+advisories+by+national+CSIRTs/30800 https://lcamtuf.substack.com/p/technologist-vs-spy-the-xz-backdoor https://github.com/amlweems/xzbot https://unit42.paloaltonetworks.com/threat-brief-xz-utils-cve-2024-3094/ https://unicornriot.ninja/2024/xz-utils-software-backdoor-uncovered-in-years-long-hacking-plot/ https://gist.github.com/smx-smx/a6112d54777845d389bd7126d6e9f504 https://arstechnica.com/security/2024/04/what-we-know-about-the-xz-utils-backdoor-that-almost-infected-the-world/ https://xeiaso.net/notes/2024/xz-vuln/ https://infosec.exchange/@AndresFreundTec@mastodon.social https://github.com/notselwyn/cve-2024-1086?tab=readme-ov-file https://doublepulsar.com/inside-the-failed-attempt-to-backdoor-ssh-globally-that-got-caught-by-chance-bbfe628fafdd pfSense switches to Linux (April Fools?), Flipper panic in Oz, Tales from the Krypt, Funding to secure the Internet, Abusing SSH on Windows, Blinding EDR, more hotel hacking, Quantum Bleed, and more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-823

pfSense switches to Linux (April Fools?), Flipper panic in Oz, Tales from the Krypt, Funding to secure the Internet, Abusing SSH on Windows, Blinding EDR, more hotel hacking, Quantum Bleed, and more! Show Notes: https://securityweekly.com/psw-823

Inspired by what's probably the most common subject we see questions about on our Discord, this week we're doing an updated primer on home networking, with a refresher on some basic terms and concepts and our thoughts on a wide array of topics from modern mesh networks to fiber in the home, ISP-provided equipment, whether you should separate your wi-fi from your gateway, rolling your own router, the rapidly decreasing cost of high-end network speeds, and more. Support the Pod! Contribute to the Tech Pod Patreon and get access to our booming Discord, a monthly bonus episode, your name in the credits, and other great benefits! You can support the show at: https://patreon.com/techpod

Wyze breach Microsoft patch Tuesday fixes 15 remote code execution flaws Why are there password restrictions? The Canadian Flipper Zero Ban Security on the old internet Using Old Passwords Passwordless login TOTP as a second factor German ISP using default router passwords Email encryption in transit pfSense Tailscale integration DuckDuckGo's email protection integration with Bitwarden The KeyTrap Vulnerability Show Notes - https://www.grc.com/sn/SN-962-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: panoptica.app kolide.com/securitynow vanta.com/SECURITYNOW GO.ACILEARNING.COM/TWIT

Wyze breach Microsoft patch Tuesday fixes 15 remote code execution flaws Why are there password restrictions? The Canadian Flipper Zero Ban Security on the old internet Using Old Passwords Passwordless login TOTP as a second factor German ISP using default router passwords Email encryption in transit pfSense Tailscale integration DuckDuckGo's email protection integration with Bitwarden The KeyTrap Vulnerability Show Notes - https://www.grc.com/sn/SN-962-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: panoptica.app kolide.com/securitynow vanta.com/SECURITYNOW GO.ACILEARNING.COM/TWIT

Wyze breach Microsoft patch Tuesday fixes 15 remote code execution flaws Why are there password restrictions? The Canadian Flipper Zero Ban Security on the old internet Using Old Passwords Passwordless login TOTP as a second factor German ISP using default router passwords Email encryption in transit pfSense Tailscale integration DuckDuckGo's email protection integration with Bitwarden The KeyTrap Vulnerability Show Notes - https://www.grc.com/sn/SN-962-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: panoptica.app kolide.com/securitynow vanta.com/SECURITYNOW GO.ACILEARNING.COM/TWIT

Wyze breach Microsoft patch Tuesday fixes 15 remote code execution flaws Why are there password restrictions? The Canadian Flipper Zero Ban Security on the old internet Using Old Passwords Passwordless login TOTP as a second factor German ISP using default router passwords Email encryption in transit pfSense Tailscale integration DuckDuckGo's email protection integration with Bitwarden The KeyTrap Vulnerability Show Notes - https://www.grc.com/sn/SN-962-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: panoptica.app kolide.com/securitynow vanta.com/SECURITYNOW GO.ACILEARNING.COM/TWIT

Wyze breach Microsoft patch Tuesday fixes 15 remote code execution flaws Why are there password restrictions? The Canadian Flipper Zero Ban Security on the old internet Using Old Passwords Passwordless login TOTP as a second factor German ISP using default router passwords Email encryption in transit pfSense Tailscale integration DuckDuckGo's email protection integration with Bitwarden The KeyTrap Vulnerability Show Notes - https://www.grc.com/sn/SN-962-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: panoptica.app kolide.com/securitynow vanta.com/SECURITYNOW GO.ACILEARNING.COM/TWIT

Wyze breach Microsoft patch Tuesday fixes 15 remote code execution flaws Why are there password restrictions? The Canadian Flipper Zero Ban Security on the old internet Using Old Passwords Passwordless login TOTP as a second factor German ISP using default router passwords Email encryption in transit pfSense Tailscale integration DuckDuckGo's email protection integration with Bitwarden The KeyTrap Vulnerability Show Notes - https://www.grc.com/sn/SN-962-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: panoptica.app kolide.com/securitynow vanta.com/SECURITYNOW GO.ACILEARNING.COM/TWIT

Wyze breach Microsoft patch Tuesday fixes 15 remote code execution flaws Why are there password restrictions? The Canadian Flipper Zero Ban Security on the old internet Using Old Passwords Passwordless login TOTP as a second factor German ISP using default router passwords Email encryption in transit pfSense Tailscale integration DuckDuckGo's email protection integration with Bitwarden The KeyTrap Vulnerability Show Notes - https://www.grc.com/sn/SN-962-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: panoptica.app kolide.com/securitynow vanta.com/SECURITYNOW GO.ACILEARNING.COM/TWIT

Wyze breach Microsoft patch Tuesday fixes 15 remote code execution flaws Why are there password restrictions? The Canadian Flipper Zero Ban Security on the old internet Using Old Passwords Passwordless login TOTP as a second factor German ISP using default router passwords Email encryption in transit pfSense Tailscale integration DuckDuckGo's email protection integration with Bitwarden The KeyTrap Vulnerability Show Notes - https://www.grc.com/sn/SN-962-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: panoptica.app kolide.com/securitynow vanta.com/SECURITYNOW GO.ACILEARNING.COM/TWIT

Techno Tim is back with Adam to discuss the state of homelab in 2024 and the trends happening within homelab tech. They discuss homelab environments providing a safe place for experimentation and learning, network improvement as a gateway to homelab, trends in network connection speeds, to Unifi or not, storage trends, ZFS configurations, TrueNAS, cameras, home automation, connectivity, routers, pfSense, and more. Umm, should we make these conversations between Adam and Tim more frequent?

Techno Tim is back with Adam to discuss the state of homelab in 2024 and the trends happening within homelab tech. They discuss homelab environments providing a safe place for experimentation and learning, network improvement as a gateway to homelab, trends in network connection speeds, to Unifi or not, storage trends, ZFS configurations, TrueNAS, cameras, home automation, connectivity, routers, pfSense, and more. Umm, should we make these conversations between Adam and Tim more frequent?

Closed Network podcast Episode 30 - Your Data & The Third Party Doctrine * * * * * * Website / Donations / Support - https://closednetwork.io Thank You Patreons! - Michael Bates - Privacy Bad Ass Richard G. - Privacy Bad Ass Support / Patreon / Donations: https://closednetwork.io/support/ TOP LIGHTNING BOOSTERS !!!! THANK YOU !!! - Turquoise Panda -@bon -SircussMedia -@Pixeljones -whitecoat Thank You To Our Moderators: Unintelligentseven MaddestMax Join Our Matrix Channels! Main - https://matrix.to/#/#closedntwrk:matrix.org Off Topic - https://matrix.to/#/#closednetworkofftopic:matrix.org Join Our Mastodon server! (currently under migration) https://closednetwork.social * * * * * * -- TOPICS -- - GrapheneOS adds Android Auto Support - Discussion on the Ethos of Closed Network Podcast and community - Reflecting over 2023 - Why so long since last show, and the Closed Network Open Bar Hangouts - 2024 Plans and goals for sustainability and less reliance on external services: - streaming - cloud services, data, email, communications - communications education, mesh radio, mesh internet etc - Why My Push To Self Host Everything or as much as I possibly Can My Current Setup: - Nextcloud for contacts, and calendars. I sync with my Pixel 7 Pro running GrapheneOS using DavX. Photos are backed up to Nextcloud and I use ente.io as a safety backup. - Bitwarden for my password manager - VPNS: Mullvad (paid wtih Monero and 10% discount), iVPN.net & Proton VPN (though I don't use much they are slow) - Media Server: CasaOS running on Ubuntu Server with JellyFin and Plex Docker images - Bitcoin node running on Umbrel also running Dojo Ronin Server for my Samourai wallet running on older Pixel with no service. We will be moving Mastodon server from VPS to hosted locally to save money and have more storage Massive network upgrade that I will be discussing. I'll be using a combination of PfSense and UniFi equipment from Ubiquity. (I'll explain) ______________________________________________________________ 4th Amendment & Third Party Doctrine - Key issue the court had was the third party doctrine and how it impacts 4th amendment. Unites States v Miller, 1976 - A person has no reasonable expectation of privacy as it relates to banking and bank records. The third-party doctrine says there is no expectation of privacy in information voluntarily provided to others. On June 22, 2018, as the 2017-18 term wound down, the Supreme Court released its long-awaited decision in Carpenter v. U.S.[1] The Court held, 5-4, that when the police obtain cell site location information (CSLI) about a person's cell phone usage, that action constitutes a search under the Fourth Amendment. https://www.radford.edu/content/cj-bulletin/home/august--2018--vol--3--no--2-/carpenter-v--u-s----obtaining-extensive-cell-site-location-data-.html#:~:text=On%20June%2022%2C%202018%2C%20as,search%20under%20the%20Fourth%20Amendment. Where We Go from Here: The Third-Party Doctrine and Location Tracking After Carpenter https://www.youtube.com/watch?v=QhVD9PEiY0o Example of Google using actual data to act on customers Google and Fi account Google refuses to reinstate man's account after he took medical images of son's groin https://www.theguardian.com/technology/2022/aug/22/google-csam-account-blocked Framework discloses data breach after accountant gets phished https://www.bleepingcomputer.com/news/security/framework-discloses-data-breach-after-accountant-gets-phished/ Apple knew AirDrop users could be identified and tracked as early as 2019, researchers say https://edition.cnn.com/2024/01/12/tech/china-apple-airdrop-user-encryption-vulnerability-hnk-intl/index.html How to create strong passwords you'll actually remember https://proton.me/blog/create-remember-strong-passwords The Feds can see your notifications: https://youtu.be/vg9ETJkeaTE?si=HYuU__w8Y6Ljpj8v Wi-Fi hacking like Mr. Robot: https://youtu.be/TZcgvi_KRvY?si=cGY6dVyJDHZrSxXy

DAK and the Golden Age of Gadget Catalogs, FreeBSD 13.2 upgrade to 14.0, Running OpenBSD on Raspberry Pi Zero 2 W, Netgate Releases pfSense CE Software Version 2.7.1, SSH agent forwarding and tmux done right, Some explanations about OpenBSD memory usage, and more NOTES This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/bsdnow) and the BSDNow Patreon (https://www.patreon.com/bsdnow) Headlines DAK and the Golden Age of Gadget Catalogs (https://cabel.com/2023/11/06/dak-and-the-golden-age-of-gadget-catalogs/) FreeBSD 13.2 upgrade to 14.0 – properly detailed and (hopefully) correct way (https://ozgurkazancci.com/freebsd-13-2-upgrade-to-14-0-proper-and-correct-way/) News Roundup Running OpenBSD on Raspberry Pi Zero 2 W (https://www.tumfatig.net/2023/running-openbsd-on-raspberry-pi-zero-2-w/) Netgate Releases pfSense CE Software Version 2.7.1 (https://www.netgate.com/blog/netgate-releases-pfsense-ce-software-version-2.7.1) SSH agent forwarding and tmux done right (https://jmmv.dev/2023/11/ssh-agent-forwarding-and-tmux-done.html) Some explanations about OpenBSD memory usage (https://dataswamp.org/~solene/2023-08-11-openbsd-understand-memory-usage.html) Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv) Join us and other BSD Fans in our BSD Now Telegram channel (https://t.me/bsdnow)

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Sonar Source are reporting on a few vulnerabilities they have found in pfSense.eSentire's Threat Response Unit launched a multi-pronged offensive against the Gootloader Initial Access-as-a-Service Operation. ESET researchers documented a series of new OilRig downloaders, all relying on legitimate cloud service providers for command and control communications.The Black Lotus Labs team at Lumen Technologies is tracking a small or home office router botnet that forms a covert data transfer network for advanced threat actors. You can make a donation in support of ending domestic violence through Cybersecurity Cares.

Maya Kaczorowski, Chief Product Officer at Tailscale, joins Corey on Screaming in the Cloud to discuss what sets the Tailscale product approach apart, for users of their free tier all the way to enterprise. Maya shares insight on how she evaluates feature requests, and how Tailscale's unique architecture sets them apart from competitors. Maya and Corey discuss the importance of transparency when building trust in security, as well as Tailscale's approach to new feature roll-outs and change management.About MayaMaya is the Chief Product Officer at Tailscale, providing secure networking for the long tail. She was mostly recently at GitHub in software supply chain security, and previously at Google working on container security, encryption at rest and encryption key management. Prior to Google, she was an Engagement Manager at McKinsey & Company, working in IT security for large enterprises.Maya completed her Master's in mathematics focusing on cryptography and game theory. She is bilingual in English and French.Outside of work, Maya is passionate about ice cream, puzzling, running, and reading nonfiction.Links Referenced: Tailscale: https://tailscale.com/ Tailscale features: VS Code extension: https://marketplace.visualstudio.com/items?itemName=tailscale.vscode-tailscale  Tailscale SSH: https://tailscale.com/kb/1193/tailscale-ssh  Tailnet lock: https://tailscale.com/kb/1226/tailnet-lock  Auto updates: https://tailscale.com/kb/1067/update#auto-updates  ACL tests: https://tailscale.com/kb/1018/acls#tests  Kubernetes operator: https://tailscale.com/kb/1236/kubernetes-operator  Log streaming: https://tailscale.com/kb/1255/log-streaming  Tailscale Security Bulletins: https://tailscale.com/security-bulletins  Blog post “How Our Free Plan Stays Free:” https://tailscale.com/blog/free-plan  Tailscale on AWS Marketplace: https://aws.amazon.com/marketplace/pp/prodview-nd5zazsgvu6e6  TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn, and I am joined today on this promoted guest episode by my friends over at Tailscale. They have long been one of my favorite products just because it has dramatically changed the way that I interact with computers, which really should be enough to terrify anyone. My guest today is Maya Kaczorowski, Chief Product Officer at Tailscale. Maya, thanks for joining me.Maya: Thank you so much for having me.Corey: I have to say originally, I was a little surprised to—“Really? You're the CPO? I really thought I would have remembered that from the last time we hung out in person.” So, congratulations on the promotion.Maya: Thank you so much. Yeah, it's exciting.Corey: Being a product person is probably a great place to start with this because we've had a number of conversations, here and otherwise, around what Tailscale is and why it's awesome. I don't necessarily know that beating the drum of why it's so awesome is going to be covering new ground, but I'm sure we're going to come up for that during the conversation. Instead, I'd like to start by talking to you about just what a product person does in the context of building something that is incredibly central not just to critical path, but also has massive security ramifications as well, when positioning something that you're building for the enterprise. It's a very hard confluence of problems, and there are days I am astonished that enterprises can get things done based purely upon so much of the mitigation of what has to happen. Tell me about that. How do you even function given the tremendous vulnerability of the attack surface you're protecting?Maya: Yeah, I don't know if you—I feel like you're talking about the product, but also the sales cycle of talking [laugh] and working with enterprise customers.Corey: The product, the sales cycle, the marketing aspects of it, and—Maya: All of it.Corey: —it all ties together. It's different facets of frankly, the same problem.Maya: Yeah. I think that ultimately, this is about really understanding who the customer that is buying the product is. And I really mean that, like, buying the product, right? Because, like, look at something like Tailscale. We're typically used by engineers, or infrastructure teams in an organization, but the buyer might be the VP of Engineering, but it might be the CISO, or the CTO, or whatever, and they're going to have a set of requirements that's going to be very different from what the end-user has as a set of requirements, so even if you have something like bottom-up adoption, in our case, like, understanding and making sure we're checking all the boxes that somebody needs to actually bring us to work.Enterprises are incredibly demanding, and to your point, have long checklists of what they need as part of an RFP or that kind of thing. I find that some of the strictest requirements tend to be in security. So like, how—to your point—if we're such a critical part of your network, how are you sure that we're always available, or how are you sure that if we're compromised, you're not compromised, and providing a lot of, like, assurances and controls around making sure that that's not the case.Corey: I think that there's a challenge in that what enterprise means to different people can be wildly divergent. I originally came from the school of obnoxious engineering where oh, as an engineer, whenever I say something is enterprise grade, that's not a compliment. That means it's going to be slow and moribund. But that is a natural consequence of a company's growth after achieving success, where okay, now we have actual obligations to customers and risk mitigation that needs to be addressed. And how do you wind up doing that without completely hobbling yourself when it comes to accelerating feature velocity? It's a very delicate balancing act.Maya: Yeah, for sure. And I think you need to balance, to your point, kind of creating demand for the product—like, it's actually solving the problem that the customer has—versus checking boxes. Like, I think about them as features, or you know, feature requests versus feature blockers or deal blockers or adoption blockers. So, somebody wants to, say, connect to an AWS VPC, but then the person who has to make sure that that's actually rolled out properly also wants audit logs and SSH session recording and RBAC-based controls and lots of other things before they're comfortable deploying that in their environment. And I'm not even talking about the list of, you know, legal, kind of, TOS requirements that they would have for that kind of situation.I think there's a couple of things that you need to do to even signal that you're in that space. One of the things that I was—I was talking to a friend of mine the other day how it feels like five years ago, like, nobody had SOC 2 reports, or very few startups had SOC 2 reports. And it's probably because of the advent of some of these other companies in this space, but like, now you can kind of throw a dart, and you'll hit five startups that have SOC 2 reports, and the amount that you need to show that you're ready to sell to these companies has changed.Corey: I think that there's a definite broadening of the use case. And I've been trying to avoid it, but let's go diving right into it. I used to view Tailscale as, oh it's a VPN. The end. Then it became something more where it effectively became the mesh overlay where all of the various things that I have that speak Tailscale—which is frankly, a disturbing number of things that I'd previously considered to be appliances—all talk to one another over a dedicated network, and as a result, can do really neat things where I don't have to spend hours on end configuring weird firewall rules.It's more secure, it's a lot simpler, and it seems like every time I get that understanding down, you folks do something that causes me to yet again reevaluate where you stand. Most recently, I was doing something horrifying in front-end work, and in VS Code the Tailscale extension popped up. “Oh, it looks like you're running a local development server. Would you like to use Tailscale Funnel to make it available to the internet?” And my response to that is, “Good lord, no, I'm ashamed of it, but thanks for asking.” Every time I think I get it, I have to reevaluate where it stands in the ecosystem. What is Tailscale now? I feel like I should get the official description of what you are.Maya: Well, I sure hope I'm not the official description. I think the closest is a little bit of what you're saying: a mesh overlay network for your infrastructure, or a programmable network that lets you mesh together your users and services and services and services, no matter where they are, including across different infrastructure providers and, to your point, on a long list of devices you might have running. People are running Tailscale on self-driving cars, on robots, on satellites, on elevators, but they're also running Tailscale on Linux running in AWS or a MacBook they have sitting under their desk or whatever it happens to be. The phrase that I like to use for that is, like, infrastructure agnostic. We're just a building block.Your infrastructure can be whatever infrastructure you want. You can have the cheapest GPUs from this cloud, or you can use the Android phone to train the model that you have sitting on your desk. We just help you connect all that stuff together so you can build your own cloud whatever way you want. To your point, that's not really a VPN [laugh]. The word VPN doesn't quite do it justice. For the remote access to prod use case, so like a user, specifically, like, a developer infra team to a production network, that probably looks the most like a zero-trust solution, but we kind of blur a lot of the lines there for what we can do.Corey: Yeah, just looking at it, at the moment, I have a bunch of Raspberries Pi, perhaps, hanging out on my tailnet. I have currently 14 machines on there, I have my NAS downstairs, I have a couple of EC2 instances, a Google Cloud instance, somewhere, I finally shut down my old Oracle Cloud instance, my pfSense box speaks it natively. I have a Thinkst Canary hanging out on there to detect if anything starts going ridiculously weird, my phone, my iPad, and a few other things here and there. And they all just talk seamlessly over the same network. I can identify them via either IP address, if I'm old, or via DNS if I want to introduce problems that will surprise me at one point or another down the road.I mean, I even have an exit node I share with my brother's Tailscale account for reasons that most people would not expect, namely that he is an American who lives abroad. So, many weird services like banks or whatnot, “Oh, you can't log in to check your bank unless you're coming from US IP space.” He clicks a button, boom, now he doesn't get yelled at to check his own accounts. Which is probably not the primary use case you'd slap on your website, but it's one of those solving everyday things in somewhat weird ways.Maya: Oh, yeah. I worked at a bank maybe ten years ago, and they would block—this little bank on the east coast of the US—they would block connections from Hawaii because why would any of your customers ever be in Hawaii? And it was like, people travel and maybe you're—Corey: How can you be in Hawaii? You don't have a passport.Maya: [laugh]. People travel. They still need to do banking. Like, it doesn't change, yeah. The internet, we've built a lot of weird controls that are IP-based, that don't really make any sense, that aren't reflective. And like, that's true for individuals—like you're describing, people who travel and need to bank or whatever they need to do when they travel—and for corporations, right? Like the old concept—this is all back to the zero trust stuff—but like, the old concept that you were trusted just because you had an IP address that was in the corp IP range is just not true anymore, right? Somebody can walk into your office and connect to the Wi-Fi and a legitimate employee can be doing their job from home or from Starbucks, right? Those are acceptable ways to work nowadays.Corey: One other thing that I wanted to talk about is, I know that in previous discussions with you folks—sometimes on the podcast sometimes when I more or less corner someone a Tailscale at your developer conference—one of the things that you folks talk about is Tailscale SSH, which is effectively a drop-in replacement for the SSH binary on systems. Full disclosure, I don't use it, mostly because I'm grumpy and I'm old. I also like having some form of separation of duties where you're the network that ties it all together, but something else winds up acting as that authentication step. That said, if I were that interesting that someone wanted to come after me, there are easier ways to get in, so I'm mostly just doing this because I'm persnickety. Are you seeing significant adoption of Tailscale SSH?Maya: I think there's a couple of features that are missing in Tailscale SSH for it to be as adopted by people like you. The main one that I would say is—so right now if you use Tailscale SSH, it runs a binary on the host, you can use your Tailscale credentials, and your Tailscale private key, effectively, to SSH something else. So, you don't have to manage a separate set of SSH keys or certs or whatever it is you want to do to manage that in your network. Your identity provider identity is tied to Tailscale, and then when you connect to that device, we still need to have an identity on the host itself, like in Unix. Right now, that's not tied to Tailscale. You can adopt an identity of something else that's already on the host, but it's not, like, corey@machine.And I think that's the number one request that we're getting for Tailscale SSH, to be able to actually generate or tie to the individual users on the host for an identity that comes from, like, Google, or GitHub, or Okta, or something like that. I'm not hearing a lot of feedback on the security concerns that you're expressing. I think part of that is that we've done a lot of work around security in general so that you feel like if Tailscale were to be compromised, your network wouldn't need to be compromised. So, Tailscale itself is end-to-end encrypted using WireGuard. We only see your public keys; the private keys remain on the device.So, in some sense the, like, quote-unquote, “Worst” that we could do would be to add a node to your network and then start to generate traffic from that or, like, mess with the configuration of your network. These are questions that have come up. In terms of adding nodes to your network, we have a feature called tailnet lock that effectively lets you sign and verify that all the nodes on your network are supposed to be there. One of the other concerns that I've heard come up is, like, what if the binary was compromised. We develop in open-source so you can see that that's the case, but like, you know, there's certainly more stuff we could be doing there to prevent, for example, like a software supply chain security attack. Yeah.Corey: Yeah, but you also have taken significant architectural steps to ensure that you are not placed in a position of undue trust around a lot of these things. Most recently, you raised a Series B, that was $100 million, and the fact that you have not gone bankrupt in the year since that happened tells me that you are very clearly not routing all customer traffic through you folks, at least on one of the major cloud providers. And in fact, a little bit of playing a-slap-and-tickle with Wireshark affirm this, that the nodes talk to each other; they do not route their traffic through you folks, by design. So one, great for the budget, I have respect for that data transfer pattern, but also it means that you are in the position of being a global observer in a way that can be, in many cases, exploited.Maya: I think that's absolutely correct. So, it was 18 months ago or so that we raised our Series B. When you use Tailscale, your traffic connects peer-to-peer directly between nodes on your network. And that has a couple of nice properties, some of what you just described, which is that we don't see your traffic. I mean, one, because it's end-to-end encrypted, but even if we could capture it, and then—we're not in the way of capturing it, let alone decrypting it.Another nice property it has is just, like, latency, right? If your user is in the UK, and they're trying to access something in Scotland, it's not, you know, hair-pinning, bouncing all the way to the West Coast or something like that. It doesn't have to go through one of our servers to get there. Another nice property that comes with that is availability. So, if our network goes down, if our control plane goes down, you're temporarily not able to add nodes or change your configuration, but everything in your network can still connect to each other, so you're not dependent on us being online in order for your network to work.And this is actually coming up more and more in customer conversations where that's a differentiator for us versus a competitor. Different competitors, also. There's a customer case study on our website about somebody who was POC'ing us with a different option, and literally during the POC, the competitor had an outage, unfortunately for them, and we didn't, and they sort of looked at our model, our deployment model and went, “Huh, this really matters to us.” And not having an outage on our network with this solution seems like a better option.Corey: Yeah, when the network is down, the computers all turn into basically space heaters.Maya: [laugh]. Yeah, as long as they're not down because, I guess, unplugged or something. But yeah, [laugh] I completely agree. Yeah. But I think there's a couple of these kinds of, like, enterprise things that people are—we're starting to do a better job of explaining and meeting customers where they are, but it's also people are realizing actually does matter when you're deploying something at this scale that's such a key part of your network.So, we talked a bit about availability, we talked a bit about things like latency. On the security side, there's a lot that we've done around, like I said, tailnet lock or that type of thing, but it's like some of the basic security features. Like, when I joined Tailscale, probably the first thing I shipped in some sense as a PM was a change log. Here's the change log of everything that we're shipping as part of these releases so that you can have confidence that we're telling you what's going on in your network, when new features are coming out, and you can trust us to be part of your network, to be part of your infrastructure.Corey: I do want to further call out that you have a—how should I frame this—a typically active security notification page.Maya: [laugh].Corey: And I think it is easy to misconstrue that as look at how terrifyingly insecure this is? Having read through it, I would argue that it is not that you are surprisingly insecure, but rather that you are extraordinarily transparent about things that are relatively minor issues. And yes, they should get fixed, but, “Oh, that could be a problem if six other things happen to fall into place just the right way.” These are not security issues of the type, “Yeah, so it turns out that what we thought was encrypting actually wasn't and we're just expensive telnet.” No, there's none of that going on.It's all been relatively esoteric stuff, but you also address it very quickly. And that is odd, as someone who has watched too many enterprise-facing companies respond to third-party vulnerability reports with rather than fixing the problem, more or less trying to get them not to talk about it, or if they do, to talk about it only using approved language. I don't see any signs of that with what you've done there. Was that a challenging internal struggle for you to pull off?Maya: I think internally, it was recognizing that security was such an important part of our value proposition that we had to be transparent. But once we kind of got past that initial hump, we've been extremely transparent, as you say. We think we can build trust through transparency, and that's the most important thing in how we respond to security incidents. But code is going to have bugs. It's going to have security bugs. There's nothing you can do to prevent that from happening.What matters is how you—and like, you should. Like, you should try to catch them early in the development process and, you know, shift left and all that kind of stuff, but some things are always going to happen [laugh] and what matters in that case is how you respond to them. And having another, you know, an app update that just says “Bug fixes” doesn't help you figure out whether or not you should actually update, it doesn't actually help you trust us. And so, being as public and as transparent as possible about what's actually happening, and when we respond to security issues and how we respond to security issues is really, really important to us. We have a policy that talks about when we will publish a bulletin.You can subscribe to our bulletins. We'll proactively email anyone who has a security contact on file, or alternatively, another contact that we have if you haven't provided us a security contact when you're subject to an issue. I think by far and large, like, Tailscale has more security bulletins just because we're transparent about them. It's like, we probably have as many bugs as anybody else does. We're just lucky that people report them to us because they see us react to them so quickly, and then we're able to fix them, right? It's a net positive for everyone involved.Corey: It's one of those hard problems to solve for across the board, just because I've seen companies in the past get more or less brutalized by the tech press when they have been overly transparent. I remember that there was a Reuters article years ago about Slack, for example, because they would pull up their status history and say, “Oh, look at all of these issues here. You folks can't keep your website up.” But no, a lot of it was like, “Oh, file uploads for a small subset of our users is causing a problem,” and so on and so forth. These relatively minor issues that, in aggregate, are very hard to represent when you're using traffic light signaling.So, then you see people effectively going full-on AWS status page where there's a significant outage lasting over a day, last month, and what you see on this is if you go really looking for it is this yellow thing buried in his absolute sea of green lights, even though that was one of the more disruptive things to have happened this year. So, it's a consistent and constant balance, and I really have a lot of empathy no matter where you wind up landing on that?Maya: Yeah, I think that's—you're saying it's sort of about transparency or being able to find the right information. I completely agree. And it's also about building trust, right? If we set expectations as to how we will respond to these things then we consistently respond to them, people believe that we're going to keep doing that. And that is almost more important than, like, committing to doing that, if that makes any sense.I remember having a conversation many years ago with an eng manager I worked with, and we were debating what the SLO for a particular service should be. And he sort of made an interesting point. He's like, “It doesn't really matter what the SLO is. It matters what you actually do because then people are going to start expecting [laugh] what you actually do.” So, being able to point at this and say, “Yes, here's what we say and here's what we actually do in practice,” I think builds so much more trust in how we respond to these kinds of things and how seriously we take security.I think one of the other things that came out of the security work is we realized—and I think you talked to Avery, the CEO of Tailscale on a prior podcast about some of this stuff—but we realized that platforms are broken, and we don't have a great way of pushing automatic updates on a lot of platforms, right? You know, if you're using the macOS store, or the Android Play Store, or iOS or whatever, you can automatically update your client when there is a security issue. On other platforms, you're kind of stuck. And so, as a result of us wanting to make sure that the fleet is as updated as possible, we've actually built an auto-update feature that's available on all of our major clients now, so people can opt in to getting those updates as quickly as needed when there is a security issue. We want to expose people to as little risk as possible.Corey: I am not a Tailscale customer. And that bugs me because until I cross that chasm into transferring $1 every month from my bank account to yours, I'm just a whiny freeloader in many respects, which is not at all how you folks who never made me feel I want to be very clear on that. But I believe in paying for the services that empower me to do my job more effectively, and Tailscale absolutely qualifies.Maya: Yeah, understood, I think that you still provide value to us in ways that aren't your data, but then in ways that help our business. One of them is that people like you tend to bring Tailscale to work. They tend to have a good experience at home connecting to their Synology, helping their brother connect to his bank account, whatever it happens to be, and they go, “Oh.” Something kind of clicks, and then they see a problem at work that looks very similar, and then they bring it to work. That is our primary path of adoption.We are a bottom-up adoption, you know, product-led growth product [laugh]. So, we have a blog post called “How Our Free Plan Stays Free” that covers some of that. I think the second thing that I don't want to undersell that a user like you also does is, you have a problem, you hit an issue, and you write into support, and you find something that nobody else has found yet [laugh].Corey: I am very good at doing that entirely by accident.Maya: [laugh]. But that helps us because that means that we see a problem that needs to get fixed, and we can catch it way sooner than before it's deployed, you know, at scale, at a large bank, and you know, it's a critical, kind of, somebody's getting paged kind of issue, right? We have a couple of bugs like that where we need, you know, we need a couple of repros from a couple different people in a couple different situations before we can really figure out what's going on. And having a wide user base who is happy to talk to us really helps us.Corey: I would say it goes beyond that, too. I have—I see things in the world of Tailscale that started off as features that I requested. One of the more recent ones is, it is annoying to me to see on the Tailscale machines list everything I have joined to the tailnet with that silly little up arrow next to it of, “Oh, time to go back and update Tailscale to the latest,” because that usually comes with decent benefits. Great, I have to go through iteratively, or use Ansible, or something like that. Well, now there's a Tailscale update option where it will keep itself current on supported operating systems.For some unknown reason, you apparently can't self-update the application on iOS or macOS. Can't imagine why. But those things tend to self-update based upon how the OS works due to all the sandboxing challenges. The only challenge I've got now is a few things that are, more or less, embedded devices that are packaged by the maintainer of that embedded system, where I'm beholden to them. Only until I get annoyed enough to start building a CI/CD system to replace their package.Maya: I can't wait till you build that CI/CD system. That'll be fun.Corey: “We wrote this code last night. Straight to the bank with it.” Yeah, that sounds awesome.Maya: [laugh] You'd get a couple of term sheets for that, I'm sure.Corey: There are. I am curious, looping back to the start of our conversation, we talked about enterprise security requirements, but how do you address enterprise change management? I find that that's something an awful lot of companies get dreadfully wrong. Most recently and most noisily on my part is Slack, a service for which I paid thousands of dollars a year, decided to roll out a UI redesign that, more or less, got in the way of a tremendous number of customers and there was no way to stop it or revert it. And that made me a lot less likely to build critical-flow business processes that depended upon Slack behaving a certain way.Just, “Oh, we decided to change everything in the user interface today just for funsies.” If Microsoft pulled that with Excel, by lunchtime they'd have reverted it because an entire universe of business users would have marched on Redmond to burn them out otherwise. That carries significant cost for businesses. Yet I still see Tailscale shipping features just as fast as you ever have. How do you square that circle?Maya: Yeah. I think there's two different kinds of change management really, which is, like—because if you think about it, it's like, an enterprise needs a way to roll out a product or a feature internally and then separately, we need a way to roll out new things to customers, right? And so, I think on the Tailscale side, we have a change log that tells you about everything that's changing, including new features, and including changes to the client. We update that religiously. Like, it's a big deal, if something doesn't make it the day that it's supposed to make it. We get very kind of concerned internally about that.A couple of things that were—that are in that space, right, we just talked about auto-updates to make it really easy for you to maintain what's actually rolled out in your infrastructure, but more importantly, for us to push changes with a new client release. Like, for example, in the case of a security incident, we want to be able to publish a version and get it rolled out to the fleet as quickly as possible. Some of the things that we don't have here, but although I hear requests for is the ability to, like, gradually roll out features to a customer. So like, “Can we change the configuration for 10% of our network and see if anything breaks before rolling back, right before rolling forward.” That's a very traditional kind of infra change management thing, but not something I've ever seen in, sort of, the networking security space to this degree, and something that I'm hearing a lot of customers ask for.In terms of other, like, internal controls that a customer might have, we have a feature called ACL Tests. So, if you're going to change the configuration of who can access what in your network, you can actually write tests. Like, your permission file is written in HuJSON and you can write a set of things like, Corey should be able to access prod. Corey should not be able to access test, or whatever it happens to be—actually, let's flip those around—and when you have a policy change that doesn't pass those tests, you actually get told right away so you're not rolling that out and accidentally breaking a large part of your network. So, we built several things into the product to do it. In terms of how we notify customers, like I said, that the primary method that we have right now is something like a change log, as well as, like, security bulletins for security updates.Corey: Yeah, it's one of the challenges, on some level, of the problem of oh, I'm going to set up a service, and then I'm going to go sail around the world, and when I come back in a year or two—depending on how long I spent stranded on an island somewhere—now I get to figure out what has changed. And to your credit, you have to affirmatively enable all of the features that you have shipped, but you've gone from, “Oh, it's a mesh network where everything can talk to each other,” to, “I can use an exit node from that thing. Oh, now I can seamlessly transfer files from one node to another with tail drop,” to, “Oh, Tailscale Funnel. Now, I can expose my horrifying developer environment to the internet.” I used that one year to give a talk at a conference, just because why not?Maya: [crosstalk 00:27:35].Corey: Everything evolves to become [unintelligible 00:27:37] email on Microsoft Outlook, or tries to be Microsoft Excel? Oh, no, no. I want you to be building Microsoft PowerPoint for me. And we eventually get there, but that is incredibly powerful functionality, but also terrifying when you think you have a handle on what's going on in a large-scale environment, and suddenly, oh, there's a whole new vector we need to think about. Which is why your—the thought and consideration you put into that is so apparent and so, frankly, welcome.Maya: Yeah, you actually kind of made a statement there that I completely missed, which is correct, which is, we don't turn features on by default. They are opt-in features. We will roll out features by default after they've kind of baked for an incredibly long period of time and with, like, a lot of fanfare and warning. So, the example that I'll give is, we have a DNS feature that was probably available for maybe 18 months before we turned it on by default for new tailnets. So didn't even turn it on for existing folks. It's called Magic DNS.We don't want to touch your configuration or your network. We know people will freak out when that happens. Knowing, to your point, that you can leave something for a year and come back, and it's going to be the same is really important. For everyone, but for an enterprise customer as well. Actually, one other thing to mention there. We have a bunch of really old versions of clients that are running in production, and we want them to keep working, so we try to be as backward compatible as possible.I think the… I think we still have clients from 2019 that are running and connecting to corp that nobody's updated. And like, it'd be great if they would update them, but like, who knows what situation they're in and if they can connect to them, and all that kind of stuff, but they still work. And the point is that you can have set it up four years ago, and it should still work, and you should still be able to connect to it, and leave it alone and come back to it in a year from now, and it should still work and [laugh] still connect without anything changing. That's a very hard guarantee to be able to make.Corey: And yet, somehow you've been able to do that, just from the perspective of not—I've never yet seen you folks make a security-oriented decision that I'm looking at and rolling my eyes and amazed that you didn't make the decision the other way. There are a lot of companies that while intending very well have done, frankly, very dumb things. I've been keeping an eye on you folks for a long time, and I would have caught that in public. I just haven't seen anything like that. It's kind of amazing.Last year, I finally took the extraordinary step of disabling SSH access anywhere except the tailnet to a number of my things. It lets my logs fill up a lot less, and you've built to that level of utility-like reliability over the series of longtime experimentation. I have yet to regret having Tailscale in the mix, which is, frankly, not something I can say about almost any product.Maya: Yeah. I'm very proud to hear that. And like, maintaining that trust—back to a lot of the conversation about security and reliability and stuff—is incredibly important to us, and we put a lot of effort into it.Corey: I really appreciate your taking the time to talk to me about how things continue to evolve over there. Anything that's new and exciting that might have gotten missed? Like, what has come out in, I guess, the last six months or so that are relevant to the business and might be useful for people looking to use it themselves?Maya: I was hoping you're going to ask me what came out in the last, you know, 20 minutes while we were talking, and the answer is probably nothing, but you never know. But [laugh]—Corey: With you folks, I wouldn't doubt it. Like, “Oh, yeah, by the way, we had to do a brand treatment redo refresh,” or something on the website? Why not? It now uses telepathy just because.Maya: It could, that'd be pretty cool. No, I mean, lots has gone on in the last six months. I think some of the things that might be more interesting to your listeners, we're now in the AWS Marketplace, so if you want to purchase Tailscale through AWS Marketplace, you can. We have a Kubernetes operator that we've released, which lets you both ingress and egress from a Kubernetes cluster to things that are elsewhere in the world on other infrastructure, and also access the Kubernetes control plane and the API server via Tailscale. I mentioned auto-updates. You mentioned the VS Code extension. That's amazing, the fact that you can kind of connect directly from within VS Code to things on your tailnet. That's a lot of the exciting stuff that we've been doing. And there's boring stuff, you know, like audit log streaming, and that kind of stuff. But it's good.Corey: Yeah, that stuff is super boring until suddenly, it's very, very exciting. And those are not generally good days.Maya: [laugh]. Yeah, agreed. It's important, but boring. But important.Corey: [laugh]. Well, thank you so much for taking the time to talk through all the stuff that you folks are up to. If people want to learn more, where's the best place for them to go to get started?Maya: tailscale.com is the best place to go. You can download Tailscale from there, get access to our documentation, all that kind of stuff.Corey: Yeah, I also just want to highlight that you can buy my attention but never my opinion on things and my opinion on Tailscale remains stratospherically high, so thank you for not making me look like a fool, by like, “Yes. And now we're pivoting to something horrifying is a business model and your data.” Thank you for not doing exactly that.Maya: Yeah, we'll keep doing that. No, no, blockchains in our future.Corey: [laugh]. Maya Kaczorowski, Chief Product Officer at Tailscale. I'm Cloud Economist Corey Quinn, and this is Screaming in the Cloud. This episode has been brought to us by our friends at Tailscale. If you enjoyed this episode, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice along with an angry, insulting comment that will never actually make it back to us because someone screwed up a firewall rule somewhere on their legacy connection.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.

This week Noah and Steve discuss picking out a vHost and considerations for deploying it into production. -- During The Show -- 02:00 Types of AI Amount of compute required is astronomical Foundational model vs tweaking 05:55 Kid Friendly distro? - Chris Endless OS (https://www.endlessos.org/) What age to give kids a computer Why give a kid a computer Why Endless OS OpenDNS Filtering 14:13 Serial Connection To Proxmox VMs - Michael Client Setting Host Setting Enable the serial console Proxmox Wiki (https://pve.proxmox.com/wiki/Serial_Terminal) 17:15 pfSense blocking active connections - Bradly Stateful firewalls don't break active connections/sessions 21:00 News Wire EXT4 Corruption Bug - LWN (https://lwn.net/Articles/954285/) Gnome 45.2 - Gnome (https://discourse.gnome.org/t/gnome-45-2-released/18358) Libreoffice 7.6.4 - Libreoffice (https://www.libreoffice.org/download/release-notes/) Jellyfin Android TV App - Jellyfin (https://jellyfin.org/posts/androidtv-v0.16.0/) Jellyfin Roku App - Jellyfin (https://jellyfin.org/posts/roku-200) Debian 12.4 - Debian (https://www.debian.org/News/2023/20231210) Alpine Linux 3.19 - Alpine Linux (https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.19.0) Linux 6.8 Dropping Old Graphics Drivers - Phoronix (https://www.phoronix.com/news/Linux-6.8-No-More-UMS-ioctls) NSA & ESF Recommended Practices - NSA (https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3613105/nsa-and-esf-partners-release-recommended-practices-for-managing-open-source-sof/) OpenZeppelin Vulnerability - Bleeping Computer (https://www.bleepingcomputer.com/news/security/multiple-nft-collections-at-risk-by-flaw-in-open-source-library/) Bluetooth Authentication Bypass - Silicon Angle (https://siliconangle.com/2023/12/07/critical-bluetooth-security-flaw-discovered-google-apple-linux-devices/) Krasue RAT - The Hacker News (https://thehackernews.com/2023/12/new-stealthy-krasue-linux-trojan.html) Automatic LLM AI Jail Break - Robust Intelligence (https://www.robustintelligence.com/blog-posts/using-ai-to-automatically-jailbreak-gpt-4-and-other-llms-in-under-a-minute) EU AI Act - Reuters (https://www.reuters.com/technology/eus-ai-act-could-exclude-open-source-models-regulation-2023-12-07/) Purple Llama - Info World (https://www.infoworld.com/article/3711284/meta-releases-open-source-tools-for-ai-safety.html) Apple Open Sources AI Tools - The Stack (https://www.thestack.technology/apple-quietly-open-sources-key-ai-tools/) Systemd 255 - The Verge (https://www.theverge.com/2023/12/7/23992512/linux-blue-screen-of-death-bsod-systemd-update) - Phoronix (https://www.phoronix.com/news/systemd-255) 24:00 Beeper Mini First impression, really cool but will only work till Apple notices Android users clearly want modern features 3 days after release, it all came to a halt Apple's FUD statement Beeper mini enabled security for non Apple users Apple's response reduces security and privacy Apple's response protects the iMessage lock-in effect Issue with other "encrypted apps" Focus of Beeper Beeper cloud uses its own cloud server Give beeper mini a review Beeper blog post (https://blog.beeper.com/p/beeper-mini-is-back) 37:45 vHost Hardware What is a vHost What does Steve consider network drives RAM CPU Lots of compute nodes vs a few large nodes Stage 1 - is it viable $1k-50k quotes Started with 2 vdevs with 3 drives Stay under 85% Stage 2 Scale up DELL EMC POWEREDGE R7425 8 BAY LFF SERVER 2x AMD EPYC 7451 H330 3 PCI RISER RPS DELL PowerEdge R6525 1U Server 2 x AMD EPYC 7542 2.9Ghz CPU 256 GB No HDD Can save a lot buying used Local vs Central storage Data centralized qcow2 on vHost 2 vdevs 2 disks per vdev Dell EMC KTN-STL3 drive shelf 15 disks in 2U Requires LSI SAS9200-8e NetApp DS4246 24 disks in 4U Requires LSI SAS9200-8e QSFP SFF-8436 Mini SAS SFF-8088 Cable Don't store Nextcloud data on OS qcow2 disk There will always be a single point of failure Change ZFS settings based on data being stored Easiest way to get a vHost up and running KVM vs "appliance OS" Bridging vs MAC vTap RAM is likely your biggest constraint Ubuntu libvirt doc (https://ubuntu.com/server/docs/virtualization-libvirt) -- The Extra Credit Section -- For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard! This Episode's Podcast Dashboard (http://podcast.asknoahshow.com/367) Phone Systems for Ask Noah provided by Voxtelesys (http://www.voxtelesys.com/asknoah) Join us in our dedicated chatroom #GeekLab:linuxdelta.com on Matrix (https://element.linuxdelta.com/#/room/#geeklab:linuxdelta.com) -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard (http://www.asknoahshow.com) Need more help than a radio show can offer? Altispeed provides commercial IT services and they're excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies (http://www.altispeed.com/) Contact Noah live [at] asknoahshow.com -- Twitter -- Noah - Kernellinux (https://twitter.com/kernellinux) Ask Noah Show (https://twitter.com/asknoahshow) Altispeed Technologies (https://twitter.com/altispeed)

We break down the state of the pfSense changes and the red flags we see. Plus, we're joined by Wolfgang from Wolfgang's channel to dig into his homelab and much more. Special Guest: Wolfgang.

We break down the state of the pfSense changes and the red flags we see. Plus, we're joined by Wolfgang from Wolfgang's channel to dig into his homelab and much more. Special Guest: Wolfgang.

Jeff Geerling, Owner of Midwestern Mac, joins Corey on Screaming in the Cloud to discuss the importance of storytelling, problem-solving, and community in the world of cloud. Jeff shares how and why he creates content that can appeal to anybody, rather than focusing solely on the technical qualifications of his audience, and how that strategy has paid off for him. Corey and Jeff also discuss the impact of leading with storytelling as opposed to features in product launches, and what's been going on in the Raspberry Pi space recently. Jeff also expresses the impact that community has on open-source companies, and reveals his take on the latest moves from Red Hat and Hashicorp. About JeffJeff is a father, author, developer, and maker. He is sometimes called "an inflammatory enigma".Links Referenced:Personal webpage: https://jeffgeerling.com/ TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. A bit off the beaten path of the usual cloud-focused content on this show, today I'm speaking with Jeff Geerling, YouTuber, author, content creator, enigma, and oh, so much more. Jeff, thanks for joining me.Jeff: Thanks for having me, Corey.Corey: So, it's hard to figure out where you start versus where you stop, but I do know that as I've been exploring a lot of building up my own home lab stuff, suddenly you are right at the top of every Google search that I wind up conducting. I was building my own Kubernete on top of a Turing Pi 2, and sure enough, your teardown was the first thing that I found that, to be direct, was well-documented, and made it understandable. And that's not the first time this year that that's happened to me. What do you do exactly?Jeff: I mean, I do everything. And I started off doing web design and then I figured that design is very, I don't know, once it started transitioning to everything being JavaScript, that was not my cup of tea. So, I got into back-end work, databases, and then I realized to make that stuff work well, you got to know the infrastructure. So, I got into that stuff. And then I realized, like, my home lab is a great place to experiment on this, so I got into Raspberry Pis, low-power computing efficiency, building your own home lab, all that kind of stuff.So, all along the way, with everything I do, I always, like, document everything like crazy. That's something my dad taught me. He's an engineer in radio. And he actually hired me for my first job, he had me write an IT operations manual for the Radio Group in St. Louis. And from that point forward, that's—I always start with documentation. So, I think that was probably what really triggered that whole series. It happens to me too; I search for something, I find my old articles or my own old projects on GitHub or blog posts because I just put everything out there.Corey: I was about to ask, years ago, I was advised by Scott Hanselman to—the third time I find myself explaining something, write a blog post about it because it's easier to refer people back to that thing than it is for me to try and reconstruct it on the fly, and I'll drop things here and there. And the trick is, of course, making sure it doesn't sound dismissive and like, “Oh, I wrote a thing. Go read.” Instead of having a conversation with people. But as a result, I'll be Googling how to do things from time to time and come up with my own content as a result.It's at least a half-step up from looking at forums and the rest, where I realized halfway through that I was the one asking the question. Like, “Oh, well, at least this is useful for someone.” And I, for better or worse, at least have a pattern of going back and answering how I solved a thing after I get there, just because otherwise, it's someone asked the question ten years ago and never returns, like, how did you solve it? What did you do? It's good to close that loop.Jeff: Yeah, and I think over 50% of what I do, I've done before. When you're setting up a Kubernetes cluster, there's certain parts of it that you're going to do every time. So, whatever's not automated or the tricky bits, I always document those things. Anything that is not in the readme, is not in the first few steps, because that will help me and will help others. I think that sometimes that's the best success I've found on YouTube is also just sharing an experience.And I think that's what separates some of the content that really drives growth on a YouTube channel or whatever, or for an organization doing it because you bring the experience, like, I'm a new person to this Home Assistant, for instance, which I use to automate things at my house. I had problems with it and I just shared those problems in my video, and that video has, you know, hundreds of thousands of views. Whereas these other people who know way more than I could ever know about Home Assistant, they're pulling in fewer views because they just get into a tutorial and don't have that perspective of a beginner or somebody that runs into an issue and how do you solve that issue.So, like I said, I mean, I just always share that stuff. Every time that I have an issue with anything technological, I put it on GitHub somewhere. And then eventually, if it's something that I can really formulate into an outline of what I did, I put a blog post up on my blog. I still, even though I write I don't know how many words per week that goes into my YouTube videos or into my books or anything, I still write two or three blog posts a week that are often pretty heavy into technical detail.Corey: One of the challenges I've always had is figuring out who exactly I'm storytelling for when I'm putting something out there. Because there's a plethora, at least in cloud, of beginner content of, here's how to think about cloud, here's what the service does, here's why you should use it et cetera, et cetera. And that's all well and good, but often the things that I'm focusing on presuppose a certain baseline level of knowledge that you should have going into this. If you're trying to figure out the best way to get some service configured, I probably shouldn't have to spend the first half of the article talking about what AWS is, as a for instance. And I think that inherently limits the size of the potential audience that would be interested in the content, but it's also the kind of stuff that I wish was out there.Jeff: Yeah. There's two sides to that, too. One is, you can make content that appeals to anybody, even if they have no clue what you're talking about, or you can make content that appeals to the narrow audience that knows the base level of understanding you need. So, a lot of times with—especially on my YouTube channel, I'll put things in that is just irrelevant to 99% of the population, but I get so many comments, like, “I have no clue what you said or what you're doing, but this looks really cool.” Like, “This is fun or interesting.” Just because, again, it's bringing that story into it.Because really, I think on a base level, a lot of programmers especially don't understand—and infrastructure engineers are off the deep end on this—they don't understand the interpersonal nature of what makes something good or not, what makes something relatable. And trying to bring that into technical documentation a lot of times is what differentiates a project. So, one of the products I love and use and recommend everywhere and have a book on—a best-selling book—is Ansible. And one of the things that brought me into it and has brought so many people is the documentation started—it's gotten a little bit more complex over the years—but it started out as, “Here's some problems. Here's how you solve them.”Here's, you know, things that we all run into, like how do you connect to 12 servers at the same time? How do you have groups of servers? Like, it showed you all these little examples. And then if you wanted to go deeper, there was more documentation linked out of that. But it was giving you real-world scenarios and doing it in a simple way. And it used some little easter eggs and fun things that made it more interesting, but I think that that's missing from a lot of technical discussion and a lot of technical documentation out there is that playfulness, that human side, the get from Point A to Point B and here's why and here's how, but here's a little interesting way to do it instead of just here's how it's done.Corey: In that same era, I was one of the very early developers behind SaltStack, and I think one of the reasons that Ansible won in the market was that when you started looking into SaltStack, it got wrapped around its own axle talking about how it uses ZeroMQ for a full mesh between all of the systems there, as long—sorry [unintelligible 00:07:39] mesh network that all routes—not really a mesh network at all—it talks through a single controller that then talks to all of its subordinate nodes. Great. That's awesome. How do I use this to install a web server, is the question that people had. And it was so in love with its own cleverness in some ways. Ansible was always much more approachable in that respect and I can't understate just how valuable that was for someone who just wants to get the problem solved.Jeff: Yeah. I also looked at something like NixOS. It's kind of like the arch of distributions of—Corey: You must be at least this smart to use it in some respects—Jeff: Yeah, it's—Corey: —has been the every documentation I've had with that.Jeff: [laugh]. There's, like, this level of pride in what it does, that doesn't get to ‘and it solves this problem.' You can get there, but you have to work through the barrier of, like, we're so much better, or—I don't know what—it's not that. Like, it's just it doesn't feel like, “You're new to this and here's how you can solve a problem today, right now.” It's more like, “We have this golden architecture and we want you to come up to it.” And it's like, well, but I'm not ready for that. I'm just this random developer trying to solve the problem.Corey: Right. Like, they should have someone hanging out in their IRC channel and just watch for a week of who comes in and what questions do they have when they're just getting started and address those. Oh, you want to wind up just building a Nix box EC2 for development? Great, here's how you do that, and here's how to think about your workflow as you go. Instead, I found that I had to piece it together from a bunch of different blog posts and the rest and each one supposed that I had different knowledge coming into it than the others. And I felt like I was getting tangled up very easily.Jeff: Yeah, and I think it's telling that a lot of people pick up new technology through blog posts and Substack and Medium and whatever [Tedium 00:09:19], all these different platforms because it's somebody that's solving a problem and relating that problem, and then you have the same problem. A lot of times in the documentation, they don't take that approach. They're more like, here's all our features and here's how to use each feature, but they don't take a problem-based approach. And again, I'm harping on Ansible here with how good the documentation was, but it took that approach is you have a bunch of servers, you want to manage them, you want to install stuff on them, and all the examples flowed from that. And then you could get deeper into the direct documentation of how things worked.As a polar opposite of that, in a community that I'm very much involved in still—well, not as much as I used to be—is Drupal. Their documentation was great for developers but not so great for beginners and that was always—it still is a difficulty in that community. And I think it's a difficulty in many, especially open-source communities where you're trying to build the community, get more people interested because that's where the great stuff comes from. It doesn't come from one corporation that controls it, it comes from the community of users who are passionate about it. And it's also tough because for something like Drupal, it gets more complex over time and the complexity kind of kills off the initial ability to think, like, wow, this is a great little thing and I can get into it and start using it.And a similar thing is happening with Ansible, I think. We were at when I got started, there were a couple hundred modules. Now there's, like, 4000 modules, or I don't know how many modules, and there's all these collections, and there's namespaces now, all these things that feel like Java overhead type things leaking into it. And that diminishes that ability for me to see, like, oh, this is my simple tool that solving these problems.Corey: I think that that is a lost art in the storytelling side of even cloud marketing, where they're so wrapped around how they do what they do that they forget, customers don't care. Customers care very much about their problem that they're trying to solve. If you have an answer for solving that problem, they're very interested. Otherwise, they do not care. That seems to be a missing gap.Jeff: I think, like, especially for AWS, Google, Azure cloud platforms, when they build their new services, sometimes you're, like, “And that's for who?” For some things, it's so specialized, like, Snowmobile from Amazon, like, there's only a couple customers on the planet in a given year that needs something like that. But it's a cool story, so it's great to put that into your presentation. But some other things, like, especially nowadays with AI, seems like everybody's throwing tons of AI stuff—spaghetti—at the wall, seeing what will stick and then that's how they're doing it. But that really muddies up everything.If you have a clear vision, like with Apple, they just had their presentation on the new iPhone and the new neural engine and stuff, they talk about, “We see your heart patterns and we tell you when your heart is having problems.” They don't talk about their AI features or anything. I think that leading with that story and saying, like, here's how we use this, here's how customers can build off of it, those stories are the ones that are impactful and make people remember, like, oh Apple is the company that saves people's lives by making watches that track their heart. People don't think that about Google, even though they might have the same feature. Google says we have all these 75 sensors in our thing and we have this great platform and Android and all that. But they don't lead with the story.And that's something where I think corporate Apple is better than some of the other organizations, no matter what the technology is. But I get that feeling a lot when I'm watching launches from Amazon and Google and all their big presentations. It seems like they're tech-heavy and they're driven by, like, “What could we do with this? What could you do with this new platform that we're building,” but not, “And this is what we did with this other platform,” kind of building up through that route.Corey: Something I've been meaning to ask someone who knows for a while, and you are very clearly one of those people, I spend a lot of time focusing on controlling cloud costs and I used to think that Managed NAT Gateways were very expensive. And then I saw the current going rates for Raspberries Pi. And that has been a whole new level of wild. I mean, you mentioned a few minutes ago that you use Home Assistant. I do too.But I was contrasting the price between a late model, Raspberry Pi 4—late model; it's three years old if this point of memory serves, maybe four—versus a used small form factor PC from HP, and the second was less expensive and far more capable. Yeah it drags a bit more power and it's a little bit larger on the shelf, but it was basically no contest. What has been going on in that space?Jeff: I think one of the big things is we're at a generational improvement with those small form-factor little, like, tiny-size almost [nook-sized 00:13:59] PCs that were used all over the place in corporate environments. I still—like every doctor's office you go to, every hospital, they have, like, a thousand of these things. So, every two or three or four years, however long it is on their contract, they just pop all those out the door and then you get an E-waste company that picks up a thousand of these boxes and they got to offload them. So, the nice thing is that it seems like a year or two ago, that really started accelerating to the point where the price was driven down below 100 bucks for a fully built-out little x86 Mini PC. Sure, it's, you know, like you said, a few generations old and it pulls a little bit more power, usually six to eight watts at least, versus a Raspberry Pi at two to three watts, but especially for those of us in the US, electricity is not that expensive so adding two or three watts to your budget for a home lab computer is not that bad.The other part of that is, for the past two-and-a-half years because of the global chip shortages and because of the decisions that Raspberry Pi made, there were so few Raspberry Pis available that their prices shot up through the roof if you wanted to get one in any timely fashion. So, that finally is clearing up, although I went to the Micro Center near me yesterday, and they said that they have not had stock of Raspberry Pi 4s for, like, two months now. So, they're coming, but they're not distributed evenly everywhere. And still, the best answer, especially if you're going to run a lot of things on it, is probably to buy one of those little mini PCs if you're starting out a home lab.Or there's some other content creators who build little Kubernetes clusters with multiple mini PCs. Three of those stack up pretty nicely and they're still super quiet. I think they're great for home labs. I have two of them over on my shelf that I'm using for testing and one of them is actually in my rack. And I have another one on my desk here that I'm trying to set up for a five gigabit home router since I finally got fiber internet after years with cable and I'm still stuck on my old gigabit router.Corey: Yeah, I wound up switching to a Protectli, I think is what it's called for—it's one of those things I've installed pfSense on. Which, I'm an old FreeBSD hand and I haven't kept up with it, but that's okay. It feels like going back in time ten years, in some respects—Jeff: [laugh].Corey: —so all right. And I have a few others here and there for various things that I want locally. But invariably, I've had the WiFi controller; I've migrated that off. That lives on an EC2 box in Ohio now. And I do wind up embracing cloud services when I don't want it to go down and be consistently available, but for small stuff locally, I mean, I have an antenna on the roof doing an ADS-B receiver dance that's plugged into a Pi Zero.I have some backlogged stuff on this, but they've gotten expensive as alternatives have dropped in price significantly. But what I'm finding as I'm getting more into 3D printing and a lot of hobbyist maker tools out there, everything is built with the Raspberry Pi in mind; it has the mindshare. And yeah, I can get something with similar specs that are equivalent, but then I've got to do a whole bunch of other stuff as soon as it gets into controlling hardware via GPIO pins or whatnot. And I have to think about it very differently.Jeff: Yeah, and that's the tough thing. And that's the reason why Raspberry Pis, even though they're three years old, even though they're hard to get, they still are fetching—on the used market—way more than the original MSRP. It's just crazy. But the reason for that is the Raspberry Pi organization. And there's two: there's the Raspberry Pi Foundation that's goals are to increase educational computing and accessibility for computers for kids and learning and all that, then there's the Raspberry Pi trading company that makes the Raspberry Pis.The Trading Company has engineers who sit there 24/7 working on the software, working on the kernel drivers, working on hardware bugs, listening to people on the forums and in GitHub and everywhere, and they're all English-speaking people there—they're over in the UK—and they manufacture their own boards. So, there's a lot of things on top of that, even though they're using some silicons of Broadcom chips that are a little bit locked down and not completely open-source like some other chips might be, they're a phone number you could call if you need the support or there's a forum that has activity that you can get help in and their software that's supported. And there's a newer Linux kernel and the kernel is updated all the time. So, all those advantages mean you get a little package that will work, it'll sip two watts of power, sitting 24/7. It's reliable hardware.There's so many people that use it that it's so well tested that almost any problem you could ever run into, someone else has and there's a blog post or a forum post talking about it. And even though the hardware is not super powerful—it's three years old—you can add on a Coral TPU and do face recognition and object recognition. And throw in Frigate for Home Assistant to get notifications on your phone when your mom walks up to the door. There's so many things you can do with them and they're so flexible that they're still so valuable. I think that they really knocked it out of the park with that model, the Raspberry Pi 4, and the compute module 4, which is still impossible to get. I have not been able to buy one for two years now. Luckily, I bought 12 two-and-a-half years ago [laugh] otherwise I would be running out for all my projects that I do.Corey: Yeah. I got two at the moment and two empty slots in the Turing Pi 2, which I'll care more about if I can actually get the thing up and booted. But it presupposes you have a Windows computer or otherwise, ehh, watch this space; more coming. Great. Like, do I build a virtual machine on top of something else? It leads down the path super quickly of places I thought I'd escaped from.Jeff: Yeah, you know, outside of the Pi realm, that's the state of the communities. It's a lot of, like, figuring out your own things. I did a project—I don't know if you've heard of Mr. Beast—but we did a project for him that involves a hundred single-board computers. We couldn't find Raspberry Pi's so we had to use a different single-board computer that was available.And so, I bought an older one thinking, oh, this is, like, three or four years old—it's older than the Pi 4—and there must be enough support now. But still, there's, like, little rough edges everywhere I went and we ended up making them work, but it took us probably an extra 30 to 40 hours of development work to get those things running the same way as a Raspberry Pi. And that's just the way of things. There's so much opportunity.If one of these Chinese manufacturers that makes most of these things, if one of them decided, you know what? We're going to throw tons of money into building support for these things, get some English-speaking members of these forums to build up the community, all that stuff, I think that they could have a shot at Raspberry Pi's giant portion of the market. But so far, I haven't really seen that happen. So far, they're spamming hardware. And it's like, the hardware is awesome. These chips are great if you know how to deal with them and how to get the software running and how to deal with Linux issues, but if you don't, then they're not great because you might not even get the thing to boot.Corey: I want to harken back to something you said a minute ago, where there's value in having a community around something, where you can see everyone else has already encountered a problem like this. I think that folks who weren't around for the rise of cloud have no real insight into how difficult it used to be just getting servers into racks and everything up, and okay, they're identical, and seven of them are working, but that eighth one isn't for some strange reason. And you spend four hours troubleshooting what turns out to be a bad cable or something not seated properly and it's awful. Cloud got away from a lot of that nonsense. But it's important—at least to me—to not be Captain Edgecase, where if you pick some new cloud provider and Google for how to set up a load balancer and no one's done it before you, that's not great. Whereas if I'm googling now in the AWS realm and no one has done, the thing I'm trying to do, that should be something of a cautionary flag of maybe this isn't how most people go about approaching production. Really think twice about this.Jeff: Yep. Yeah, we ran into that on a project I was working on was using Magento—which I don't know if anybody listening uses Magento, but it's not fun—and we ran into some things where it's like, “We're doing this, and it says that they do this on their official supported platform, but I don't know how they are because the code just doesn't exist here.” So, we ran into some weird edge cases on AWS with some massive infrastructure for the databases, and I ran into scaling issues. But even there, there were forum posts in AWS here and there that had little nuggets that helped us to figure out a way to get around it. And like you say, that is a massive advantage for AWS.And we ran into an issue with, we were one of the first customers trying out the new Lambda functions for RDS—or I don't remember exactly what it was called initially—but we ended up not using that. But we ran into some of these issues and figured out we were the first customer running into this weird scaling thing when we had a certain size of database trying to use it with these Lambda calls. And eventually, they got those things solved, but with AWS, they've seen so many things and some other cloud providers haven't seen these things. So, when you have certain types of applications that need to scale in certain ways, that is so valuable and the community of users, the ability to pull from that community when you need to hire somebody in an emergency, like, we need somebody to help us get this project done and we're having this issue, you can find somebody that is, like, okay, I know how to get you from Point A to Point B and get this project out the door. You can't do that on certain platforms.And open-source projects, too. We've always had that problem in Drupal. The amount of developers who are deep into Drupal to help with the hard problems is not vast, so the ones who can do that stuff, they're all hired off and paid a handsome sum. And if you have those kinds of problems you realize, I either going to need to pay a ton of money or we're just going to have to not do that thing that we wanted to do. And that's tough.Corey: What I've found, sort of across the board, has been that there's a lot of, I guess, open-source community ethos that has bled into a lot of this space and I wanted to make sure that we have time to talk about this because I was incensed a while back when Red Hat decided, “Oh, you know that whole ten-year commitment on CentOS? That project that we acquired and are now basically stabbing in the face?”—disclosure. I used to be part of the CentOS project years ago when I was on network staff for the Freenode IRC network—then it was, “Oh yeah, we're just going to basically undermine our commitments to you and now you can pay us if you want to get that support there.” And that really set me off. Was nice to see you were right there as well in almost lockstep with me, pointing out that this is terrible, just as far as breaking promises you've made to customers. Has your anger cooled any? Because mine hasn't.Jeff: It has not. My temper has cooled. My anger has not. I don't think that they get it. After all the backlash that they got after that, I don't think that the VP-level folks at Red Hat understand that this is already impacting them and will impact them much more in the future because people like me and you, people who help other people build infrastructure and people who recommend operating systems and people who recommend patterns and things, we're just going to drop off using CentOS because it doesn't exist. It does exist and some other people are saying, “Oh, it's actually better to use this new CentOS, you know, Stream. Stream is amazing.” It's not. It's not the same thing. It's different. And—Corey: I used to work at a bank. That was not an option. I mean, granted at the bank for the production systems it was always [REL 00:25:18], but being able to spin up a pre-production environment without having to pay license fees on every VM. Yeah.Jeff: Yeah. And not only that, they did this announcement and framed it a certain way, and the community immediately saw. You know, I think that they're just angry about something, and whether it was a NASA contract with Rocky Linux, or whether it was something Oracle did, who knows, but it seems petty in retrospect, especially in comparison to the amount of backlash that came out of it. And I really don't think that they understand the thing that they had with that Red Hat Enterprise Linux is not a massive growth opportunity for Red Hat. It's, in some ways, a dying product in terms of compared to using cloud stuff, it doesn't matter.You could use CoreOS, you could use NixOS, and you could use anything, it doesn't really matter. For people like you and me, we just want to deploy our software. And if it's containers, it really doesn't matter. It's just the people in government or in certain organizations that have these roles that you have to use whatever FIPS and all that kind of stuff. So, it's not like it's a hyper-growth opportunity for them.CentOS was, like, the only reason why all the software, especially on the open-source side, was compatible with Red Hat because we could use CentOS and it was easy and simple. They took that—well, they tried to take that away and everybody's like, “That's—what are you doing?” Like, I posted my blog post and I think that sparked off quite a bit of consternation, to the point where there was a lot of personal stuff going on. I basically said, “I'm not supporting Red Hat Enterprise Linux for any of my work anymore.” Like, “From this point forward, it's not supported.”I'll support OpenELA, I'll support Rocky Linux or Oracle Linux or whatever because I can get free versions that I don't have to sign into a portal and get a license and download the license and integrate it with my CI work. I'm an open-source developer. I'm not going to pay for stuff or use 16 free licenses. Or I was reached out to and they said, “We'll give you more licenses. We'll give you extra.” And it's like, that's not how this works. Like, I don't have to call Debian and Ubuntu and [laugh] I don't even have to call Oracle to get licenses. I can just download their software and run it.So, you know, I don't think they understood the fact that they had that. And the bigger problem for me was the two-layer approach to destroying all the trust that the community had. First was in, I think it was 2019 when they said—we're in the middle of CentOS 8's release cycle—they said, “We're dropping CentOS 8. It's going to be Stream now.” And everybody was up in arms.And then Rocky Linux and [unintelligible 00:27:52] climbed in and gave us what we wanted: basically, CentOS. So, we're all happy and we had a status quo, and Rocky Linux 9 and [unintelligible 00:28:00] Linux nine came out after Red Hat 9, and the world was a happy place. And then they just dumped this thing on us and it's like, two major release cycles in a row, they did it again. Like, I don't know what this guy's thinking, but in one of the interviews, one of the Red Hat representatives said, “Well, we wanted to do this early in Red Hat 9's release cycle because people haven't started migrating.” It's like, well, I already did all my automation upgrades for CI to get all my stuff working in Rocky Linux 9 which was compatible with Red Hat Enterprise Linux 9. Am I not one of the people that's important to you?Like, who's important to you? Is it only the people who pay you money or is it also the people that empower your operating system to be a premier Enterprise Linux operating system? So, I don't know. You can tell. My anger has not died down. The amount of temper that I have about it has definitely diminished because I realize I'm talking at a wall a lot of times, when I'm having conversations on Twitter, private conversations and email, things like that.Corey: People come to argue; they don't come to actually have a discussion.Jeff: Yeah. I think that they just, they don't see the community aspect of it. They just see the business aspect. And the business aspect, if they want to figure out ways that they can get more people to pay them for their software, then maybe they should provide more value and not just cut off value streams. It doesn't make sense to me from a long-term business perspective.From a short term, maybe there were some clients who said, “Oh, shoot. We need this thing stable. We're going to pay for some more licenses.” But the engineers that those places are going to start making plans of, like, how do we make this not happen again. And the way to not make that happen, again is to use, maybe Ubuntu or maybe [unintelligible 00:29:38] or something. Who knows? But it's not going to be increasing our spend with Red Hat.Corey: That's what I think a lot of companies are missing when it comes to community as well, where it's not just a place to go to get support for whatever it is you're doing and it's not a place [where 00:29:57] these companies view prospective customers. There's more to it than that. There has to be a social undercurrent on this. I look at the communities I spend time in and in some of them dating back long enough, I've made lifelong significant friendships out of those places, just through talking about our lives, in addition to whatever the community is built around. You have to make space for that, and companies don't seem to fully understand that.Jeff: Yeah, I think that there's this thing that a community has to provide value and monetizable value, but I don't think that you get open-source if you think that that's what it is. I think some people in corporate open-source think that corporate open-source is a value stream opportunity. It's a funnel, it's something that is going to bring you more customers—like you say—but they don't realize that it's a community. It's like a group of people. It's friends, it's people who want to make the world a better place, it's people who want to support your company by wearing your t-shirt to conferences, people want to put on your red fedora because it's cool. Like, it's all of that. And when you lose some of that, you lose what makes your product differentiated from all the other ones on the market.Corey: That's what gets missed. I think that there's a goodwill aspect of it. People who have used the technology and understand its pitfalls are likelier to adopt it. I mean, if you tell me to get a website up and running, I am going to build an architecture that resembles what I've run before on providers that I've run on before because I know what the failure modes look like; I know how to get things up and running. If I'm in a hurry, trying to get something out the door, I'm going to choose the devil that I know, on some level.Don't piss me off as a community member and incentivize me to change that estimation the next time I've got something to build. Well, that doesn't show up on this quarter's numbers. Well, we have so little visibility into how decisions get made many companies that you'll never know that you have a detractor who's still salty about something you did five years ago and that's the reason the bank decided not to because that person called in their political favors to torpedo that deal and have a sweetheart offer from your competitor, et cetera and so on and so forth. It's hard to calculate the actual cost of alienating goodwill. But—Jeff: Yeah.Corey: I wish companies had a longer memory for these things.Jeff: Yeah. I mean, and thinking about that, like, there was also the HashiCorp incident where they kind of torpedoed all developer goodwill with their Terraform and other—Terraform especially, but also other products. Like, I probably, through my book and through my blog posts and my GitHub examples have brought in a lot of people into the HashiCorp ecosystem through Vagrant use, and through Packer and things like that. At this point, because of the way that they treated the open-source community with the license change, a guy like me is not going to be enthusiastic about it anymore and I'm going to—I already had started looking at alternatives for Vagrant because it doesn't mesh with modern infrastructure practices for local development as much, but now it's like that enthusiasm is completely gone. Like I had that goodwill, like you said earlier, and now I don't have that goodwill and I'm not going to spread that, I'm not going to advocate for them, I'm not going to wear their t-shirt [laugh], you know when I go out and about because it just doesn't feel as clean and cool and awesome to me as it did a month ago.And I don't know what the deal is. It's partly the economy, money's drying up, things like that, but I don't understand how the people at the top can't see these things. Maybe it's just their organization isn't set up to show the benefits from the engineers underneath, who I know some of these engineers are, like, “Yeah, I'm sorry. This was dumb. I still work here because I get a paycheck, but you know, I can't say anything on social media, but thank you for saying what you did on Twitter.” Or X.Corey: Yeah. It's nice being independent where you don't really have to fear the, well if I say this thing online, people might get mad at me and stop doing business with me or fire me. It's well, yeah, I mean, I would have to say something pretty controversial to drive away every client and every sponsor I've got at this point. And I don't generally have that type of failure mode when I get it wrong. I really want to thank you for taking the time to talk with me. If people want to learn more, where's the best place for them to find you?Jeff: Old school, my personal website, jeffgeerling.com. I link to everything from there, I have an About page with a link to every profile I've ever had, so check that out. It links to my books, my YouTube, all that kind of stuff.Corey: There's something to be said for picking a place to contact you that will last the rest of your career as opposed to, back in the olden days, my first email address was the one that my ISP gave me 25 years ago. I don't use that one anymore.Jeff: Yep.Corey: And having to tell everyone I corresponded with that it was changing was a pain in the butt. We'll definitely put a link to that one in the [show notes 00:34:44]. Thank you so much for taking the time to speak with me. I appreciate it.Jeff: Yeah, thanks. Thanks so much for having me.Corey: Jeff Geerling, YouTuber, author, content creator, and oh so very much more. I'm Cloud Economist Corey Quinn and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice along with an angry comment that we will, of course, read [in action 00:35:13], just as soon as your payment of compute modules for Raspberries Pi show up in a small unmarked bag.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.

This week CIQ, Oracle, and SUSE have formed OpenELA, we dig into the Libera chat / Matrix bridge issues, and we discuss choosing the problems you want to solve. -- During The Show -- 00:58 Pre-Show Steve's dead hardware Noah's type-C charger upgrade Noah's portable rack 06:40 Home Assistant - Curt Run on a re-purposed thin client Parkytowers (Parkytowers.me.uk) Parkytowers Wyse D10D (https://www.parkytowers.me.uk/thin/wyse/d/d10d/) 10:38 HASSIO Feedback on Dimmers - Chris F. ESP32 dev is employed by Home Assistant Steve's experiances Z-Wave ESP32 Shelly 13:58 LXD Forked by Suse - Charlie Github (https://github.com/lxc/incus) FossForce (https://fossforce.com/2023/08/fork-of-lxd-lands-almost-immediately-as-a-linux-containers-project/) Canonical took over LXC 16:30 Normie friendly wiki with good searchability - Tiny WikiJS HackMD to WikiJS Steve and Noah don't use tags Git Backend 20:55 News Wire Open ELA - Open ELA (https://openela.org/news/hello_world/) Tails 5.16 - Tails (https://tails.net/news/version_5.16/) GCC Haiku Support - Phoronix (https://www.phoronix.com/news/GCC-14-Haiku-OS-Support) HashiCorp Abandons Open Source - The News Stack (https://thenewstack.io/hashicorp-abandons-open-source-for-business-source-license/) Sentry Changes to BSL - Codecov (https://about.codecov.io/blog/codecov-is-now-open-source/) OSI against Meta - Geeky Gadgets (https://www.geeky-gadgets.com/llama-2-is-not-open-source-open-source-initiative-14-08-2023/) StableLM - Fagenwasanni (https://fagenwasanni.com/news/stability-ai-unveils-stablelm-a-groundbreaking-open-source-language-model/177119/) French Plan for Native AI Industry - Politico 1 (https://www.politico.com/newsletters/digital-future-daily/2023/08/08/france-makes-a-big-push-on-open-source-ai-00110341) Politico 2 (https://www.politico.eu/article/open-source-artificial-intelligence-france-bets-big/) Teen makes ESP32 Phone - Hack a Day (https://hackaday.com/2023/08/03/open-source-cell-phone-based-on-esp32/) Paxo (https://www.paxo.fr) Intel and AMD Security Patches - ZDnet (https://www.zdnet.com/article/amd-and-intel-cpu-security-bugs-bring-linux-patches/) Sandwich Cryptographic Framework - Venture Beat (https://venturebeat.com/security/sandboxaq-unveils-sandwich-an-open-source-meta-library-of-cryptographic-algorithms/) Monti Ransomware Collective - Trend Micro (https://www.trendmicro.com/en_us/research/23/h/monti-ransomware-unleashes-a-new-encryptor-for-linux.html) Wave of Attacks using Merlin - Bleeping Computer (https://www.bleepingcomputer.com/news/security/hackers-use-open-source-merlin-post-exploitation-toolkit-in-attacks/) OpenSSh 9.4 - OpenSSH (https://www.openssh.com/releasenotes.html#9.4p1) Gov Asks for help securing open source - Info Security (https://www.infosecurity-magazine.com/news/white-house-darpa-cisa-open-source/) White Hosue Cyper Security Competition - Fed Scoop (https://fedscoop.com/white-house-ai-cyber-challenge-def-con/) 23:11 Code Academy and Python vs Rust - walking penguin Python vs Rust? Sleuth joins from mumble! What is an analyst Python is more established Python has more data libraries Large commercial sites use python Python allows fast iteration Rust is better for large applications Python has a larger "community" Where to learn python YouTube Python Programming Net (https://pythonprogramming.net) YouTube Programmingwithmosh (https://www.youtube.com/@programmingwithmosh) Courses can remove guess work Learn Python in a Day (https://www.amazon.com/Python-Day-Learn-basics-coding-ebook/dp/B00C2STEIC) 30:50 Data Center Update Self hosted cloud Installed Grafana Hardware 2 Dell Servers ZFS Pool of mirrored SSDs 2 Mirrored pairs for boot drive Script re-configures UEFI in event of failure libvirt for VMs BLIKVM for out of band access Sophos Rack Mount Gateway running PFSense (will be OPNSense) 2 techs 2 days Migrated steps non-critical services Altispeed critical services Client services LinuxDelta Matrix Instance migration Faster than ever Able to self-host more bridges Hope to re-enable account registration Ability to host conferences 38:58 Open Enterprise Linux Association (OpenELA) Still tracking RHEL Founding members CIQ Oracle Suse Red Hat is the gorilla Right approach OpenELA Post (https://openela.org/news/hello_world/) 43:30 IRC/EMS Bridge Update EMS offered to bridge Libera Chat Spun up a Libera Matrix server Great experience Difference in goals There were some "misunderstandings" EMS rolled out patches that caused issues Bridge ultimately shut down Bridge was a charity EMS team took ownership of their side of things Libera Chat Post (https://libera.chat/news/temporarily-disabling-the-matrix-bridge) Ycombinator Post 1 (https://news.ycombinator.com/item?id=36923504) Matrix Deportalling Post (https://matrix.org/blog/2023/07/deportalling-libera-chat/) Matrix Postponing Deportalling Post (https://matrix.org/blog/2023/07/postponing-libera-chat-deportalling/) Ycombinator Post 2 (https://news.ycombinator.com/item?id=36918655) Matrix What Happened Post (https://matrix.org/blog/2023/07/what-happened-with-the-archive/) Ycombinator Post 3 (https://news.ycombinator.com/item?id=36919305) Picking Your Battles You choose the problems you want to solve Windows LTSB How much down, How much per month Order of Operations Self Hosted Free and Open Source Easy and Compatible FOSS Music Laptop (Container Story) Is it serving me, or am I serving it? -- The Extra Credit Section -- For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard! This Episode's Podcast Dashboard (http://podcast.asknoahshow.com/350) Phone Systems for Ask Noah provided by Voxtelesys (http://www.voxtelesys.com/asknoah) Join us in our dedicated chatroom #GeekLab:linuxdelta.com on Matrix (https://element.linuxdelta.com/#/room/#geeklab:linuxdelta.com) -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard (http://www.asknoahshow.com) Need more help than a radio show can offer? Altispeed provides commercial IT services and they're excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies (http://www.altispeed.com/) Contact Noah live [at] asknoahshow.com -- Twitter -- Noah - Kernellinux (https://twitter.com/kernellinux) Ask Noah Show (https://twitter.com/asknoahshow) Altispeed Technologies (https://twitter.com/altispeed)

https://youtu.be/c-bDpZoG--whttps://open.lbry.com/@NaomiBrockwell:4/pfsense-deep-dive:5Consumer grade routers are like leaky boats. But you can beef up your setup using things like the pfSense open source router and firewall software. In previous videos we've looks specifically at DNS settings, and programs like "Unbound" within pfSense. While these grant you granular control over your home network, they can also be confusing.This video dives deeper into "Unbound", the DNS resolver on pfSense, and explains what each of its many settings means so that you can get a better understanding of just what it's capable of.00:00 Intro01:09 DNS/pfSense Recap02:22 Unbound Settings Explained11:00 DNS Forwarder Explained11:38 ConclusionpfSense is a great tool that gives your router a power-up, enabling greater control, enhancing security, and the ability to set up more privacy for your internet activities. Special Thanks to John Todd for guiding us through the tutorial process!More information on Quad9:https://quad9.net/Brought to you by NBTV team members: Lee Rennie, Sam Ettaro, Cube Boy, Reuben Yap, Will Sandoval and Naomi BrockwellTo support NBTV, visit https://www.nbtv.media/support(tax-deductible in the US)NBTV's new eBook out now!Beginner's Introduction To Privacy - https://amzn.to/3WDSfkuBeware of scammers, I will never give you a phone number or reach out to you with investment advice. I do not give investment advice.Visit the NBTV website:https://nbtv.mediaSupport the show

https://youtu.be/pURzvhYQ2FQhttps://open.lbry.com/@NaomiBrockwell:4/DNS-Blocklists:3These days, trackers infiltrate nearly every webpage. Advertisements demand your attention and monitor your online movements. Your own devices and software send telemetry back to manufacturers and developers, leaking all kinds of information about your activities. DNS blocklists can help you regain control over your network traffic. They can stop your devices from ever connecting to certain data tracking sites, malicious content, or servers that collect telemetry.In this video, we explain exactly how they work, and how to set them up on your home network using the open source router and firewall software, pfSense.00:00 Intro00:53 Understanding DNS Blocklists02:32 Setting Up DNS Blocklists13:36 Note for Quad9 Users14:17 The Looming Threat15:12 ConclusionDNS blocklists and the reports they generate are a great way to become more aware of how our data is being collected and our privacy invaded without us realizing.Special Thanks to John Todd for guiding us through the tutorial process!More information about Quad9:https://quad9.net/Brought to you by NBTV team members: Lee Rennie, Sam Ettaro, Cube Boy, Will Sandoval and Naomi BrockwellTo support NBTV, visit https://www.nbtv.media/support(tax-deductible in the US)NBTV's new eBook out now!Beginner's Introduction To Privacy - https://amzn.to/3WDSfkuBeware of scammers, I will never give you a phone number or reach out to you with investment advice. I do not give investment advice.Visit the NBTV website:https://nbtv.mediaSupport the show

Coming up in this episode 1. The History of ~~Raspbian~~ Raspberry Pi OS 2. What we've been doing with Pi's 3. And we run something over the break Watch the video for this episode on Youtube (https://youtu.be/nLPuojqJbK4) https://youtu.be/nLPuojqJbK4 0:00 Cold Open 1:36 SBC, One, Two, Three 17:24 Raspberry Pi History: The Early Days 19:55 2006 - 2012 22:22 2012 - 2014 26:26 2014 - 2017 33:28 2017 - 2020 37:05 2020 - 2023 43:12 Hot Pis and Hot Takes 1:07:41 Next Season: A Twofer 1:16:36 Stinger Banter ZimaBoard (https://www.zimaboard.com) NanoPi R4S (https://wiki.friendlyelec.com/wiki/index.php/NanoPi_R4S) NanoPi R2S (https://wiki.friendlyelec.com/wiki/index.php/NanoPi_R2S) IPFire (https://www.ipfire.org) OPNsense (https://opnsense.org) OpenWrt (https://openwrt.org) Announcements

Today we offer you some first impressions of OVHcloud and how we're seriously considering moving our Light Pentest LITE training class to it! TLDR: It runs on vCenter, my first and only virtualization love! Unlimited VM "powered on" time and unlimited bandwidth Intergration with PowerShell so you can run a single script to "heal" your environment to a gold image Easy integration with pfSense to be able to manage the firewall and internal/external IPs Price comparable to what we're paying now in Azure land

Episode #1 Welcome to the 11th Annual Hacker Public Radio show. It is December the 31st 2022 and the time is 10 hundred hours UTC. We start the show by sending Greetings to Christmas Island/Kiribati and Samoa Kiritimati, Apia. Chatting with Honkey, Mordancy, Joe, Ken, and others Discussed: pi hole, podman, RPIs, Pfsense, and netminers new micro pc Introduction by Ken and Honkey. History: The New Years Celebrations. Civilizations around the world have been celebrating the start of each new year for at least four millennia. Today, most New Year’s festivities begin on December 31 (New Year’s Eve), the last day of the Gregorian calendar, and continue into the early hours of January 1 (New Year’s Day). HPR: So you want to do a podcast? Wikihow: How to make a good podcast. Death Wish Coffee We lead with an alternative point of view, providing bold, smooth cups of coffee to our people. We find fresh ways to enjoy coffee, and we foster community along the way. Disrupting the status quo interests us, so we create edgy, sarcastic content. We live to rebel against blah beans—and a boring, lackluster life. Thailand Elephant Sanctuary VLC commandline: List of commands and arguments. VLC commandline: Documentation. VLC commandline: Audio streaming from the commandline. pavucontrol: PulseAudio Volume Control. Hearse Club youtube: MotorWeek Over the Edge: Hearse Convention. xiph: The Ogg container format. Ogg is a multimedia container format, and the native file and stream format for the Xiph.org multimedia codecs. As with all Xiph.org technology is it an open format free for anyone to use. Library of Congress: .ogg file format. Wikipedia: .mp3 file format. xiph: .flac file format. FLAC stands for Free Lossless Audio Codec, an audio format similar to MP3, but lossless, meaning that audio is compressed in FLAC without any loss in quality. This is similar to how Zip works, except with FLAC you will get much better compression because it is designed specifically for audio, and you can play back compressed FLAC files in your favorite player (or your car or home stereo, see supported devices) just like you would an MP3 file. Wikipedia: .flac file format. elephantguide: How Much Can An Elephant Lift? Royal Thai Embassy: Thailand’s wild tiger population shows impressive growth. bangkokpost: Thailand has highest number of wild tigers in Southeast Asia. mumble: Mumble is a free, open source, low latency, high quality voice chat application. atpinc: What is M.2? Keys and Sockets Explained. armbian: Linux for ARM development boards. pine64: ROCK64 is a credit card sized Single Board Computer. docker: realies/nicotine. kubuntu: Kubuntu is a free, complete, and open-source alternative to Microsoft Windows and Mac OS X which contains everything you need to work, play, or share. Check out the Feature Tour if you would like to learn more! podman: Podman is a daemonless container engine for developing, managing, and running OCI Containers on your Linux System. docker: A container is a standard unit of software that packages up code and all its dependencies so the application runs quickly and reliably from one computing environment to another. A Docker container image is a lightweight, standalone, executable package of software that includes everything needed to run an application: code, runtime, system tools, system libraries and settings. Containers and VMs Together? cockpit: Cockpit is a web-based graphical interface for servers, intended for everyone. manage virtual machines in Cockpit. etherpad: big boy show notes. redhat: Transitioning from Docker to Podman. lugcast: We are an open Podcast/LUG that meets every first and third Friday of every month using mumble. [logitech:](https://www.logitech G435 Ultra-light Wireless Bluetooth Gaming Headset. fit philosophy: Junk volume. "Junk volume" refers to exercise that doesn't improve strength or build muscle, wasting your time and energy. Leg day workout jitsi: Jitsi Free & Open Source Video Conferencing Projects. mintCast The podcast by the Linux Mint community for all users of Linux. The Linux link tech show The Linux Link Tech Show is one of the longest running Linux podcasts in the world. PETG 3D Printing Filament. MIM-104 Patriot military-today The Patriot is a long-range air defense missile system. samsclub: rancher: suse rancher: raspberrypi single board computers. pfsense: pfSense is a firewall/router computer software distribution based on FreeBSD. snort: Snort is the foremost Open Source Intrusion Prevention System (IPS) in the world. Snort IPS uses a series of rules that help define malicious network activity and uses those rules to find packets that match against them and generates alerts for users. Snort can be deployed inline to stop these packets, as well. Snort has three primary uses: As a packet sniffer like tcpdump, as a packet logger — which is useful for network traffic debugging, or it can be used as a full-blown network intrusion prevention system. Snort can be downloaded and configured for personal and business use alike. pi-hole: In addition to blocking advertisements, Pi-hole has an informative Web interface that shows stats on all the domains being queried on your network. nlnetlabs: Unbound Unbound is a validating, recursive, caching DNS resolver. It is designed to be fast and lean and incorporates modern features based on open standards. DHCP server dietpi: DietPi is an extremely lightweight Debian OS, highly optimised for minimal CPU and RAM resource usage, ensuring your SBC always runs at its maximum potential. servethehome: Project Tiny Mini Micro, cool 1 liter pc builds. filezilla: The FileZilla Client supports FTP, FTP over TLS (FTPS), and SFTP. redhat: Configure a Network Team Using the Text User Interface, nmtui. howtogeek: Manage Linux Wi-Fi Networks With Nmtui. travelcodex: The Southwest Airlines Meltdown. gpd kickstarter: Arduboy, the game system the size of a credit card. pine64: Pinetab 2. orangepi: Orange Pi 800, Mini PC in a keyboard. southeastlinuxfest: The SouthEast LinuxFest is a community event for anyone who wants to learn more about Linux and Open Source Software. fosdem: FOSDEM is a free event for software developers to meet, share ideas and collaborate. stallman: Richard Stallman's Personal Site. freedos: FreeDOS is a complete, free, DOS-compatible operating system. While we provide some utilities, you should be able to run any program intended for MS-DOS. reactos: Imagine running your favorite Windows applications and drivers in an open-source environment you can trust. wikipedia: Windows 3.0. winehq: a compatibility layer capable of running Windows applications on several POSIX-compliant operating systems, such as Linux, macOS, & BSD. codeweavers: playonlinux: PlayOnLinux is a piece of software which allows you to easily install and use numerous games and apps designed to run with Microsoft® Windows®. protondb: Proton is a new tool released by Valve Software that has been integrated with Steam Play to make playing Windows games on Linux as simple as hitting the Play button within Steam. libreoffice: LibreOffice is a free and powerful office suite. linuxmint: Linux Mint is a community-driven Linux distribution based on Ubuntu, bundled with a variety of free and open-source applications. xfce: Xfce or XFCE is a free and open-source desktop environment for Linux and other Unix-like operating systems. crunchbang: CrunchBang was a Debian GNU/Linux based distribution offering a great blend of speed, style and substance. openbox: gnome: mozilla: firefox google chrome AMD autism toastmasters Toastmasters International is a nonprofit educational organization that teaches public speaking and leadership skills through a worldwide network of clubs. openssl Asperger syndrome STEM BASIC BASIC (Beginners' All-purpose Symbolic Instruction Code) is a family of general-purpose, high-level programming languages designed for ease of use. The original version was created by John G. Kemeny and Thomas E. Kurtz at Dartmouth College in 1963. IRC IRC is short for Internet Relay Chat. It is a popular chat service still in use today. second life walmart aldi morrisons boots walgreens zulu clock Thanks To: Mumble Server: Delwin HPR Site/VPS: Joshua Knapp - AnHonestHost.com Streams: Honkeymagoo EtherPad: HonkeyMagoo Shownotes by: Sgoti and hplovecraft

Rotating Packet Captures with pfSense https://isc.sans.edu/diary/Rotating%20Packet%20Captures%20with%20pfSense/29500 BEC Group Incorporates Secondary Impersonated Personas https://intelligence.abnormalsecurity.com/blog/firebrick-ostrich-third-party-reconnaissance-attacks MalVirt .Net Virtualization Thrives in Malvertising Attacks https://www.sentinelone.com/labs/malvirt-net-virtualization-thrives-in-malvertising-attacks/ Cisco Remote Code Execution with Persistence https://www.trellix.com/en-us/about/newsroom/stories/research/when-pwning-cisco-persistence-is-key-when-pwning-supply-chain-cisco-is-key.html

Rotating Packet Captures with pfSense https://isc.sans.edu/diary/Rotating%20Packet%20Captures%20with%20pfSense/29500 BEC Group Incorporates Secondary Impersonated Personas https://intelligence.abnormalsecurity.com/blog/firebrick-ostrich-third-party-reconnaissance-attacks MalVirt .Net Virtualization Thrives in Malvertising Attacks https://www.sentinelone.com/labs/malvirt-net-virtualization-thrives-in-malvertising-attacks/ Cisco Remote Code Execution with Persistence https://www.trellix.com/en-us/about/newsroom/stories/research/when-pwning-cisco-persistence-is-key-when-pwning-supply-chain-cisco-is-key.html

For this Weeks TechtalkRadio Show Andy, Shawn and Justin talk about Justin's purchase of Audio Technica Turntable and how much fun he has had getting the Vinyl out and playing it on the system which has many nice features. The guys share stories of their first Vinyl LP's and how the experience of owning a Vinyl Album has been different versus those that have only bought Digital Albums. This past year Vinyl Record Sale were the highest they have been for over 30 years. The guys talk about protecting your data and networks considering a recent attack on the Tucson Unified School District. Justin and Shawn share how a Hardware Firewall can add a layer of Protection. Justin recommends Fortinet Hardware Firewalls but also shares a Raspberry Pi Solution, known as PFSense. News this past week that Microsoft, Sony and Nintendo may not be attending this Junes E3 Conference. Shawn believes its smart for these companies due to the cost involved and how a Virtual Show or Digital presentation from these companies makes more sense financially. Justin asks is this could be something we could see with CES however the guys concede, the idea for in person works for CES and is important for investments in new technology. The recent Cyber Attack on Tucson Unified School District systems has been confusing for some, Andy talks with Mike Lettman, CISA Region 9 Cybersecurity advisor about what it means and how this and other Ransomware attacks occur. Mike explains how this may have happen and how anybody could be a target when it comes to data. Mike tells us about the formation of CISA, the Cybersecurity and Infrastructure Security Agency in 2018 and how cybercriminals target and why they target K-12 Schools. Mike shares info on the recovery process after ransomware attacks and what it may take to get the systems operational again. Mike also shares security tips within systems to be protected, "Patch Patch Patch." Multifactor Authentication and education and awareness for users. CISA has put together an informational package for K-12 available at https://www.CISA.gov/partnering-safeguard-K-12-toolkit Shawn shares info on the Google Fi T-Mobile issue that was recently discovered. The guys talk about your personal info which may be on the Dark Web and if company with services like LifeLock and others can be a solution for protecting your identity data. Justin shares a website for creating sounds for the background while working or relaxing, https://www.asoftmurmur.com Shawn tells us about checking out Goldeneye 007 on the Nintendo Online service. Connect with Us on social media! Facebook @techtalkers YouTube - https://www.youtube.com/techtalkradio Twitter @TechtalkRadio Instagram techtalkradio Web: TechtalkRadio.Com Subscribe and Like on Spreaker! Spotify, YouTube, Audacy, iHeart and Apple Podcast

DShield Honeypot Setup with pfSense https://isc.sans.edu/diary/DShield%20Honeypot%20Setup%20with%20pfSense/29490 Threat Actors Abusing Microsoft's "Verified Publisher" Status https://www.proofpoint.com/us/blog/cloud-security/dangerous-consequences-threat-actors-abusing-microsofts-verified-publisher PoS Malware Can Block Contactless Payments https://securelist.com/prilex-modification-now-targeting-contactless-credit-card-transactions/108569/ Detecting Files Exempt from Anti Malware Scans https://github.com/bananabr/TimeException

DShield Honeypot Setup with pfSense https://isc.sans.edu/diary/DShield%20Honeypot%20Setup%20with%20pfSense/29490 Threat Actors Abusing Microsoft's "Verified Publisher" Status https://www.proofpoint.com/us/blog/cloud-security/dangerous-consequences-threat-actors-abusing-microsofts-verified-publisher PoS Malware Can Block Contactless Payments https://securelist.com/prilex-modification-now-targeting-contactless-credit-card-transactions/108569/ Detecting Files Exempt from Anti Malware Scans https://github.com/bananabr/TimeException

Twitter's 3rd party API disconnected. Supreme Court hearing a case regarding Section 230. Massive tech layoffs at multiple companies this past week. Amazon Smile has been discontinued. With all of the tech layoffs occurring in tech companies, how could this affect research and development at these companies? Using BitWarden Command Line Interface in the Linux operating system. Affordable devices to control aspects of your livestream. Discord troubleshooting. What are some tablets for young kids, and how can you restrict what apps they can use on the devices? Securing your router using pfSense, and do you need to do much with it when setting it up? Why is Facebook Live not livestreaming when using OBS to do so? Hosts: Leo Laporte and Mikah Sargent Guest: Dick DeBartolo Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Show notes and links for this episode are available at: https://twit.tv/shows/ask-the-tech-guys/episodes/1958 Download or subscribe to this show at: https://twit.tv/shows/ask-the-tech-guys Sponsors: fortra.com acilearning.com

Twitter's 3rd party API disconnected. Supreme Court hearing a case regarding Section 230. Massive tech layoffs at multiple companies this past week. Amazon Smile has been discontinued. With all of the tech layoffs occurring in tech companies, how could this affect research and development at these companies? Using BitWarden Command Line Interface in the Linux operating system. Affordable devices to control aspects of your livestream. Discord troubleshooting. What are some tablets for young kids, and how can you restrict what apps they can use on the devices? Securing your router using pfSense, and do you need to do much with it when setting it up? Why is Facebook Live not livestreaming when using OBS to do so? Hosts: Leo Laporte and Mikah Sargent Guest: Dick DeBartolo Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Show notes and links for this episode are available at: https://twit.tv/shows/ask-the-tech-guys/episodes/1958 Download or subscribe to this show at: https://twit.tv/shows/ask-the-tech-guys Sponsors: fortra.com acilearning.com

Twitter's 3rd party API disconnected. Supreme Court hearing a case regarding Section 230. Massive tech layoffs at multiple companies this past week. Amazon Smile has been discontinued. With all of the tech layoffs occurring in tech companies, how could this affect research and development at these companies? Using BitWarden Command Line Interface in the Linux operating system. Affordable devices to control aspects of your livestream. Discord troubleshooting. What are some tablets for young kids, and how can you restrict what apps they can use on the devices? Securing your router using pfSense, and do you need to do much with it when setting it up? Why is Facebook Live not livestreaming when using OBS to do so? Hosts: Leo Laporte and Mikah Sargent Guest: Dick DeBartolo Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Show notes and links for this episode are available at: https://twit.tv/shows/ask-the-tech-guys/episodes/1958 Download or subscribe to this show at: https://twit.tv/shows/all-twittv-shows Sponsors: fortra.com acilearning.com

Twitter's 3rd party API disconnected. Supreme Court hearing a case regarding Section 230. Massive tech layoffs at multiple companies this past week. Amazon Smile has been discontinued. With all of the tech layoffs occurring in tech companies, how could this affect research and development at these companies? Using BitWarden Command Line Interface in the Linux operating system. Affordable devices to control aspects of your livestream. Discord troubleshooting. What are some tablets for young kids, and how can you restrict what apps they can use on the devices? Securing your router using pfSense, and do you need to do much with it when setting it up? Why is Facebook Live not livestreaming when using OBS to do so? Hosts: Leo Laporte and Mikah Sargent Guest: Dick DeBartolo Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Show notes and links for this episode are available at: https://twit.tv/shows/ask-the-tech-guys/episodes/1958 Download or subscribe to this show at: https://twit.tv/shows/total-leo Sponsors: fortra.com acilearning.com

Twitter's 3rd party API disconnected. Supreme Court hearing a case regarding Section 230. Massive tech layoffs at multiple companies this past week. Amazon Smile has been discontinued. With all of the tech layoffs occurring in tech companies, how could this affect research and development at these companies? Using BitWarden Command Line Interface in the Linux operating system. Affordable devices to control aspects of your livestream. Discord troubleshooting. What are some tablets for young kids, and how can you restrict what apps they can use on the devices? Securing your router using pfSense, and do you need to do much with it when setting it up? Why is Facebook Live not livestreaming when using OBS to do so? Hosts: Leo Laporte and Mikah Sargent Guest: Dick DeBartolo Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Show notes and links for this episode are available at: https://twit.tv/shows/ask-the-tech-guys/episodes/1958 Download or subscribe to this show at: https://twit.tv/shows/all-twittv-shows Sponsors: fortra.com acilearning.com

https://youtu.be/QPCbri1EJ8Uhttps://open.lbry.com/@NaomiBrockwell:4/pfsense-protectli-tutorial:7Your router is the gateway between your devices and the internet at large. If it's compromised, it's like leaving the front door to your home network wide open, allowing malicious actors to enter. Unfortunately the routers most of us use are VERY insecure, with all kinds of known vulnerabilities.In this video we go over how to give your hardware and software a major overhaul, including a step-by-step tutorial for how to use pfSense on a Protectli firewall vault.00:00 Intro01:07 What's in a “Router”?03:30 Security Dangers06:06 Upgrading with Protectli06:43 Protectli Components Explained07:50 Installation Tutorial09:39 Configuring pfSense Settings13:45 Power Cycling Tip14:12 How Protectli Fits into Your Network Setup15:57 Add WiFi Capabilities16:36 How to Enable AP Mode18:34 Setup Diagram20:07 ConclusionWith pfSense and the Protectli vault, you can tweak your settings to incredibly granular levels. That's what we'll cover in future videos: how to configuring firewalls to block malicious traffic coming in AND telemetry going out, and how to set up a whole network VPN. Brought to you by NBTV members: Lee Rennie, Reuben Yap, Sam Ettaro, Will Sandoval, and Naomi Brockwell.This video was not sponsored by anyone, but products can be purchases here:https://protectli.com/To support NBTV, visit https://www.nbtv.media/support(tax-deductible in the US)Sign up for the free CryptoBeat newsletter here:https://cryptobeat.substack.com/Beware of scammers, I will never give you a phone number or reach out to you with investment advice. I do not give investment advice.Visit the NBTV website:https://nbtv.mediaSupport the show

Coming up in this episode 1. Network failures 2. Gaming wins 3. We get Emacs Pinky 4. A little browser watch 5. And we get a little manipulative 0:00 Cold Open 1:40 The Little Outage 7:45 Splitgate 10:25 The History of Emacs 23:51 Emacs, Emacs, Emacs 38:39 Browser Watch! 45:32 Kdenlive Fundraiser 47:58 Feedback 56:30 Community Focus: System Crafters 59:40 App Focus: GIMP 1:05:29 Next Time: Alpine Linux 1:09:17 Stinger Support us on Patreon! (https://www.patreon.com/linuxuserspace) Banter Dan re-installs his pfSense (https://www.pfsense.org) Splitgate on Steam (https://store.steampowered.com/app/677620/Splitgate/) Announcements Give us a sub on YouTube (https://linuxuserspace.show/youtube) You can watch us live on Twitch (https://linuxuserspace.show/twitch) the day after an episode drops. History Series on Text Editors - Emacs GNU Emacs (https://www.gnu.org/software/emacs/) TECO editor (https://dbpedia.org/page/TECO_(text_editor)) TECO-6, compatible with the PDP-6 (https://web.archive.org/web/20021001151829/http://www.transbay.net/~enf/lore/teco/teco-64.html) Gosling Emacs (https://youtu.be/TJ6XHroNewc?t=9896) Initially Gosling permitted unrestricted redistribution (https://youtu.be/TJ6XHroNewc?t=10519) Free software movement (https://en.wikipedia.org/wiki/Free_software_movement) UniPress began to redistribute and sell Gosling's Emacs on UNIX and VMS (https://archive.org/details/byte-magazine-1983-12/page/n335/mode/2up?view=theater&q=unipress+emacs) Interview in 2013 via Slashdot, Richard Stallman said: (https://features.slashdot.org/story/13/01/06/163248/richard-stallman-answers-your-questions) The Free Software Foundation is born (https://web.archive.org/web/20130525155859/http://corp.sec.state.ma.us/corp/corpsearch/CorpSearchSummary.asp?ReadFromDB=True&UpdateAllowed=&FEIN=042888848) Richard Gabriel's Lucid Inc needed version 19 to support their IDE, Energize C++. (https://www.jwz.org/doc/lemacs.html) Emacs 21.1 brought (http://mail.gnu.org/archive/html/info-gnu-emacs/2001-10/msg00009.html) Emacs 22.1 brought (http://lists.gnu.org/archive/html/info-gnu-emacs/2007-06/msg00000.html) The last official release (http://www.xemacs.org/Releases/21.4.22.html) of XEmacs Emacs 23.1 brought (http://lists.gnu.org/archive/html/info-gnu-emacs/2009-07/msg00000.html) Emacs 24.1 brought (http://lists.gnu.org/archive/html/info-gnu-emacs/2012-06/msg00000.html) Emacs 25.1 brought (https://lists.gnu.org/archive/html/emacs-devel/2016-09/msg00451.html) Emacs 26.1 brought (https://lists.gnu.org/archive/html/emacs-devel/2018-05/msg00765.html) Emacs 27.1 brought (https://lists.gnu.org/archive/html/emacs-devel/2020-08/msg00237.html) Emacs 28.1 brought (https://lists.gnu.org/archive/html/emacs-devel/2022-04/msg00093.html) September 12, 2022 Emacs 28.2, the latest maintenance release is out (https://lists.gnu.org/archive/html/emacs-devel/2022-09/msg00730.html) Further Reading The Beginnings of TECO (https://opost.com/tenex/anhc-31-4-anec.pdf) Real Programmers Don't Use PASCAL (https://web.archive.org/web/19991103221236/http://www.ee.ryerson.ca/~elf/hack/realmen.html) https://www.jwz.org/doc/emacs-timeline.html https://web.archive.org/web/20000819071104/http%3A//www.multicians.org/mepap.html https://www.gnu.org/software/emacs/history.html https://web.archive.org/web/20131024150047/http://www.codeartnow.com/hacker-art-1/macsimizing-teco https://web.archive.org/web/20101122021051/http://commandline.org.uk/2007/history-of-emacs-and-xemacs/ More Announcements Want to have a topic covered or have some feedback? - send us an email, contact@linuxuserspace.show Browser Watch Firefox 105 (https://9to5linux.com/firefox-105-is-now-available-for-download-brings-better-performance-on-linux-systems) Firefox release notes. (https://www.mozilla.org/en-US/firefox/105.0/releasenotes/) Microsoft Teams is going away (https://news.itsfoss.com/microsoft-linux-app-retire/) and being replaced by a PWA. Malware infested ads in Edge. (https://www.bleepingcomputer.com/news/security/microsoft-edge-s-news-feed-ads-abused-for-tech-support-scams/) This might be the push to move to a PWA? (https://www.bleepingcomputer.com/news/security/microsoft-teams-stores-auth-tokens-as-cleartext-in-windows-linux-macs/) Housekeeping Catch these and other great topics as they unfold on our Subreddit or our News channel on Discord. * Linux User Space subreddit (https://linuxuserspace.show/reddit) * Linux User Space Discord Server (https://linuxuserspace.show/discord) * Linux User Space Telegram (https://linuxuserspace.show/telegram) * Linux User Space Matrix (https://linuxuserspace.show/matrix) Kdenlive fundraiser is now live! Kdenlive fundraiser that is now live (https://dot.kde.org/2022/09/20/kdenlive-fundraiser-live) If you want to help too you can head over to their donation page (https://kdenlive.org/en/fund/?mtm_campaign=fund_dot) Feedback Mark (Youtube) Nice Green day shirt, and actually nice Nintendo shirt too, nice shirt all round. Larry (Email) How do you handle sharing things in multiple distros installed on the same machine? Bhiku (Email) Mozilla Neural Machine Translation Engine (https://hacks.mozilla.org/2022/06/neural-machine-translation-engine-for-firefox-translations-add-on/) Unleashing the power of GNU Nano (https://github.com/hakerdefo/GIGA-beest) Community Focus System Crafters (https://www.youtube.com/c/SystemCrafters) Check out the Absolute Beginners Guide to EMACS (https://youtu.be/48JlgiBpw_I) App Focus Gnu Image Manipulation Program (https://www.gimp.org) aka GIMP Next Time We will discuss Alpine Linux (https://www.alpinelinux.org) and the history. Come back in two weeks for more Linux User Space Stay tuned and interact with us on Twitter, Mastodon, Telegram, Matrix, Discord whatever. Give us your suggestions on our subreddit r/LinuxUserSpace Join the conversation. Talk to us, and give us more ideas. All the links in the show notes and on linuxuserspace.show. We would like to acknowledge our top patrons. Thank you for your support! Producer Bruno John Dave Co-Producer Johnny Sravan Tim Contributor Advait CubicleNate Eduardo S. Jill and Steve LiNuXsys666 Nicholas Paul sleepyeyesvince

[0:58] Intro ft. "slow news day" [1:56] Topic #1: EVGA leaves the GPU market. > 4:20 EVGA's sales revenue, > 5:52 No plans to work with AMD or Intel. > 7:11 NVIDIA controlling prices & projects. > 9:12 CEO claims no employees to be laid off. > 10:44 NVIDIA's shady history, Linus's notes. > 18:24 Advantages of NVIDIA having many AIBs. > 21:08 Discussing EVGA's move & products > 22:40 Linus called it 12 years ago. > 24:05 Reading EVGA's quote, NVIDIA the bully. > 28:02 Recalling NVIDIA blocking Hardware Unboxed. > 34:42 More of NVIDIA's shady history. > 42:22 NVIDIA is hard to work with, RIP EVGA. > 46:22 With EVGA GPUs gone, which AIB to buy from? [47:18] Topic #2: Etherium merger was a success. > 49:02 ETH & BTC price drop, ETH's CEO quote. > 49:52 White House's framework on regulating crypto. [51:18] Topic #3: NVIDIA leaks, tightening stock. > 53:21 Leaked specifications of RTX 4xxx. > 54:10 Excitement towards the GPUs, modded Cyperpunk. [55:32] LTTStore myshopify test, 64oz bottles. > 1:02:32 New waffle long-sleeve colors. [1:03:36] Sponsors. > 1:03:55 KIOXIA's CM7 series NVME SSD. > 1:05:12 Squarespace site builder. > 1:06:40 Secretlab chairs. [1:07:24] Discussing LTX2023 floorplan. [1:08:20] Topic #4: Result of Linus-Dennis fight. > 1:09:22 Dennis spent a month training, Linus's leg injury. [1:13:30] Topic #5: Stray cats update. [1:17:53] Topic #6: Google experiments with ads. > 1:18:52 Up to 10 ads, discussing midrolls. > 1:21:08 Ads impact on Google. [1:25:08] Merch Messages #1. > 1:25:43 UniFiDream Machine V.S. PfSense. > 1:26:30 Steam Deck & streaming as a setup. > 1:27:40 Quadro works on Linux, not Windows. > 1:28:36 SC pants for hoodie idea. > 1:28:55 LTT's apocalypse PC, mesh filter. > 1:34:52 Best water blocks for watercooling. > 1:38:01 Would EVGA move to Intel or AMD? > 1:39:38 Linus's pet goat story. [1:42:25] Topic #7: Amazon sells dangerous cords. > 1:46:02 Difference between defects & dangerous. > 1:47:04 "Water-proof", misleading specs. > 1:50:07 Power cords, discussing Labs size. [1:52:23] Topic #8: Sponsoring a "part" of a video. [1:57:11] Topic #9: Intel "rebrands" low-end laptop CPUs. [1:59:36] Merch Messages #2. > 1:59:58 Linus's plans for the PVC pipes. > 2:00:39 Internet to a detached garage. > 2:01:58 Getting your SO tech-savvy. > 2:03:01 3D printers & other round-ups. > 2:04:32 Second monitor effects on a PC. > 2:05:58 Worst tech purchasing experience? > 2:08:31 Updates on the WAG hoodie. > 2:09:36 Shameless fanboying for companies. > 2:12:42 Proudest gamer dad moment. > 2:14:28 Camera-focus for backpack. > 2:15:42 Measuring performance for benchmarks. > 2:17:35 Linus's favorite pony. > 2:18:18 What to look for in a riser cable. > 2:19:10 Recommendations for rackets below 50. > 2:20:09 Sequential invoice numbers for FP. > 2:20:45 Stealth desk pad, exciting data science. > 2:22:07 Favorite musicians. > 2:23:33 Rackmount PC with Sliger. > 2:24:14 Balancing life & hobbies as a dad. > 2:25:32 Plans for LTT screwdriver colors. > 2:27:15 Raising tech-savvy kid without being tech dependent. > 2:27:50 Using LTT screwdriver underwater. > 2:29:18 RTX 4000 V.S. AMD's 7000 series. > 2:30:17 Wire management product, Luke's favorite LTT product. > 2:30:48 Prediction on the 4000 series stock. > 2:31:15 Why don't PSUs have standard cables? > 2:32:00 Hobbies Linus & Luke want to get into. > 2:33:54 Star Wars, Star Trek or Stargate? > 2:35:18 GPU market, 1080Ti upgrade. > 2:35:48 PSU brand recommendations. > 2:36:10 Best cable for next-room PC. > 2:36:32 Vancouver's real estate prices. > 2:39:12 Why Apple dropped NVIDIA. > 2:40:14 Userbase model for ad partners. > 2:41:26 Breakdown of screwdriver shafts. [2:42:38] Outro. [Cont.] Merch Messages #2. > 2:43:02 Any other collabs?

This week I explain some vital pfSense firewall modifications and offer a tip to prevent website chat apps from launching. Direct support for this podcast comes from our privacy services, online training, and new books for 2022: Extreme Privacy (4th Edition) and  Open Source Intelligence Techniques (9th Edition). More details can be found at IntelTechniques.com. Thank you for keeping this show ad-free and sponsor-free. Listen to PAST episodes at https://inteltechniques.com/podcast.html SHOW NOTES: INTRO: None NEWS & UPDATES: uBlock Origin Filters FIREWALL STABILITY MODIFICATIONS: https://inteltechniques.com/firewall/ Free Guides: https://inteltechniques.com/links.html Affiliate Links: Extreme Privacy (4th): https://amzn.to/3D6aiXp ProtonMail: https://go.getproton.me/aff_c?offer_id=7&aff_id=1519 ProtonVPN: https://go.getproton.me/aff_c?offer_id=26&aff_id=1519&url_id=277 PIA Dedicated IP VPN: https://www.privateinternetaccess.com/ThePSOSHOW SimpleLogin Masked Email: https://simplelogin.io?slref=osint Silent Pocket Bags & Wallets: https://slnt.com/discount/IntelTechniques

Picture of the Week. Patch Tuesday Redux Redux. Windows 11 Start button failure. The continuing saga of Windows VBA macros. Windows 11 now blocks RDP brute-force attacks by default. Black Hat and DefCon coming soon. SpinRite. pfSense and TailScale. Closing The Loop. The MV720. We invite you to read our show notes at https://www.grc.com/sn/SN-881-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: Melissa.com/twit bitwarden.com/twit barracuda.com/securitynow

Picture of the Week. Patch Tuesday Redux Redux. Windows 11 Start button failure. The continuing saga of Windows VBA macros. Windows 11 now blocks RDP brute-force attacks by default. Black Hat and DefCon coming soon. SpinRite. pfSense and TailScale. Closing The Loop. The MV720. We invite you to read our show notes at https://www.grc.com/sn/SN-881-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: Melissa.com/twit bitwarden.com/twit barracuda.com/securitynow

https://thehomelab.show/ The sponsor for today’s episode https://www.linode.com/homelabshow https://lawrencesystems.com/https://www.learnlinux.tv/

Fitbit announced their FDA approval to detect atrial fibrillation in their wearable. What privacy and security concerns does this pose and what can you do about it? We tackle your questions, plus the news! It's a packed week! -- During The Show -- 03:40 Response to weaponization of OSS - Jose Steve and Noah's response 14:20 Bhikhu feed back Open Snitch (https://github.com/evilsocket/opensnitch) 16:00 PFSense not getting DHCP - Jaren Untangle (https://www.untangle.com/shop/firewall/) Smooth Wall (https://smoothwall.org/) Shorewall (https://shorewall.org/) OpenWRT (https://openwrt.org/docs/guide-user/installation/openwrt_x86) VyOS (https://vyos.io/) 23:10 Transcribe Audio from Video? - HJ Simon (https://simon.kde.org/) 25:18 Backup drive question - Ishaan Luks ENCFS KDE Vaults LUX Makeuseof (https://www.makeuseof.com/tag/encrypt-files-folders-ubuntu/) VeraCrypt (https://www.veracrypt.fr/code/VeraCrypt/) Fedora Doc on encrypting drives (https://docs.fedoraproject.org/en-US/quick-docs/encrypting-drives-using-LUKS/) Zipped Folder encrypted with GPG Key Write back in, maybe we can help more! 31:30 Feedback on Noah's Charging Station - Dave GFCI style duplex outlets with Arc Fault Protection Smoke Detector to cut AC power (Kiddie sm120x module) GFCI USB C 45+ Watt PD Outlet? 36:30 Tiny Asked I loved the discussion about freeipa and sso for a homelab and I'm curious if either of you have had experience with setting up an oauth provider like keycloak or goauthentik.io setting up ldap with nextcloud and gitlab is easy enough but I would like to use some of the mfa options available with oauth and would like to know what your experience is Keycloak used frequently at Red Hat Authentication vs Authorization 38:55 Pick of the Week - Unlock Distro With Your Face Deepin 20.5 face unlock feature (https://news.itsfoss.com/deepin-os-20-5-release/) Howdy (https://itsfoss.com/face-unlock-ubuntu/) 40:33 Gadget of the Week Home Accent Lighting Extruded Aluminum Mount (https://www.aliexpress.com/item/4000011656157.html) Addressable LED Guide (https://www.thesmarthomehookup.com/the-complete-guide-to-selecting-individually-addressable-led-strips/) 42:25 NewsWire Chinese RISC-V Processor (https://technode.com/2022/04/11/china-opens-new-research-institute-to-develop-risc-v-processor-project/) OpenMower Hackaday (https://hackaday.com/2022/04/07/openmower-open-source-robotic-lawn-mower-with-rtk-gps/) Github (https://github.com/ClemensElflein/OpenMower) 5-20X Nebuly-AI Training Increase Hackernoon (https://hackernoon.com/this-open-source-library-accelerates-ai-inference-by-5-20x-in-a-few-lines-of-code) Github (https://github.com/nebuly-ai/nebullvm) EleutherAI GPT-NeoX-20B (https://www.infoq.com/news/2022/04/eleutherai-gpt-neox/) Grafana Labs Series D Funding CRN (https://www.crn.com/news/applications-os/open-source-software-developer-grafana-labs-scores-240-million-in-funding-round) Venture Beat (https://venturebeat.com/2022/04/06/grafana-labs-reaches-a-fork-in-the-open-source-road/) Cocos Technology Raised $50 Million (https://venturebeat.com/2022/04/11/cocos-raises-50m-to-fuel-open-source-game-engine-growth/) ASPIRE Open Robotics (https://www.wam.ae/en/details/1395303038413) Mayhem Heroes Program (https://technical.ly/software-development/forallsecure-open-source/) NVIDIA RTX 30 Code Drop and Firmware (https://www.phoronix.com/scan.php?page=news_item&px=NVIDIA-Ampere-Firmware-Blobs) Rocky Linux in Google's Cloud (https://www.zdnet.com/article/rocky-linux-arrives-on-google-cloud/) Alan Pope's Unsnap Tech Republic (https://www.techrepublic.com/article/how-to-convert-snap-packages-flatpak-ubuntu-unsnap/) Its Foss (https://news.itsfoss.com/unsnap-migrate-snap-to-flatpak/) GitHub (https://github.com/popey/unsnap) Gentoo Live Image Gentoo (https://www.gentoo.org/news/2022/04/03/livegui-artwork-contest.html) Make Use Of (https://www.makeuseof.com/gentoo-reintroduces-livegui-distro/) Endeavor OS Apollo Released (https://9to5linux.com/endeavouros-apollo-lands-with-worm-wm-improved-installation-experience-and-more) MX Linux 21.1 Released (https://betanews.com/2022/04/10/mx-linux-211-wildflower-debian/) Tails 5.0 Enters Beta (https://9to5linux.com/tails-5-0-enters-beta-testing-as-first-release-based-on-debian-gnu-linux-11-bullseye) OpenSSH 9.0 (https://www.openssh.com/txt/release-9.0) OpenWall 1.2.3 (https://www.openwall.com/lists/musl/2022/04/07/1) 45:39 Medical Tech & Privacy ArsTechnica Article (https://arstechnica.com/gadgets/2022/04/fitbit-gains-fda-approval-for-new-atrial-fibrillation-detection-feature/) Fitbit (Google) gets FDA approval for atrial fibrillation detection feature Regulation Outdated medical equipment -- The Extra Credit Section -- For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard! This Episode's Podcast Dashboard (http://podcast.asknoahshow.com/281) Phone Systems for Ask Noah provided by Voxtelesys (http://www.voxtelesys.com/asknoah) Join us in our dedicated chatroom #GeekLab:linuxdelta.com on Matrix (https://element.linuxdelta.com/#/room/#geeklab:linuxdelta.com) -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard (http://www.asknoahshow.com) Need more help than a radio show can offer? Altispeed provides commercial IT services and they're excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies (http://www.altispeed.com/) Contact Noah live [at] asknoahshow.com -- Twitter -- Noah - Kernellinux (https://twitter.com/kernellinux) Ask Noah Show (https://twitter.com/asknoahshow) Altispeed Technologies (https://twitter.com/altispeed) Special Guest: Steve Ovens.