2.5 Admins

Jim is concerned that we might not see another next-gen filesystem that can compete with ZFS, no matter how much we all want one. Plus whether you should switch to third-party firmware on your router.   Plugs Support us on patreon and get an ad-free RSS feed with early episodes sometimes ZFS Performance Tuning – Optimizing for your Workload   Discussion Bcachefs Lands More Improvements For Linux 6.16 After Data Loss Bug Hit v6.15 I’m starting to wonder if modern next-gen filesystems are approaching an inherent limit of human ability to mentally model and manage complexity   Free consulting We were asked whether you should switch to third-party firmware on your router.           See our contact page for ways to get in touch.  

Nintendo cuts off Switches that dare to play backed up games, more Microsoft AI exploits, why you shouldn’t regularly spin down hard drives, and securing applications on a home server.   Plugs Support us on patreon and get an ad-free RSS feed with early episodes sometimes Reliable ZFS Storage on Commodity Hardware – A Cost-Efficient, Data-Sure Storage Solution Klara co-hosted a webinar with TrueNAS about ZFS Fast Dedup   News Switch 2 users report online console bans after running personal game “backups” Intellectual Property & Piracy FAQ | Nintendo Support archived version Breaking down ‘EchoLeak’, the First Zero-Click AI Vulnerability Enabling Data Exfiltration from Microsoft 365 Copilot I learned the hard way to never spin down your NAS hard drives   Free consulting We were asked about securing applications on a home server.           See our contact page for ways to get in touch.  

SharePoint is exploitable by Microsoft’s AI, NIST proposes a new metric for exploited vulnerabilities, SBCs that look cool for a mini NAS and a router, and setting up a first NAS with 4 disks.   Plugs Support us on patreon and get an ad-free RSS feed with early episodes sometimes The Maintainer’s Dilemma: Strategies for Supporting Legacy Drivers Across Decades of Hardware Evolution   News/discussion Exploiting Copilot AI for SharePoint NIST proposes new metric to gauge exploited vulnerabilities ODROID-H4 PLUS ODROID-H4 ULTRA H4 Mini-ITX Kit Banana Pi BPI-R4 Pro is a versatile router board with WiFi 7, 10 Gb and 2.5 Gb LAN, and multiple M.2 connectors   Free consulting We were asked about setting up a first NAS with 4 disks.           See our contact page for ways to get in touch.  

Google bypasses the usual channels to distrust two certificate authorities, Meta’s new escalation in the privacy arms race, Allan gives us the inside details of a new mixed-disk-size ZFS RAID feature, and moving from UniFi gear to TP-Link.   Plugs Support us on patreon and get an ad-free RSS feed with early episodes sometimes The Overlooked Complexity of Firmware Security in the IoT Era   News/discussion Google Chrome to Distrust Two Certificate Authorities Over Compliance and Conduct Issues Meta pauses mobile port tracking tech on Android after researchers cry foul Introducing ZFS AnyRaid, Sponsored by Eshtek   Free consulting We were asked about moving from UniFi gear to TP-Link.           See our contact page for ways to get in touch.  

Locating people with just a phone call, Google forces a change to Let’s Encrypt certificates, yet another example of a “lifetime” subscription being cut short, connecting drives to a small form factor machine, and managing ssh keys with LDAP.   Plugs Support us on patreon and get an ad-free RSS feed with early episodes sometimes What We’ve Learned Supporting FreeBSD in Production (So You Don’t Have To)   News O2 VoLTE: locating any customer with a phone call Ending TLS Client Authentication Certificate Support in 2026 – Let’s Encrypt VPN firm says it didn’t know customers had lifetime subscriptions, cancels them   Free consulting We were asked about connecting drives to a small form factor machine, and managing ssh keys with LDAP. SAS Expanders, Build Your Own JBOD DAS Enclosure and Save – Iteration 1           See our contact page for ways to get in touch.  

TrueNAS drops FreeBSD but there’s a community fork, the elusive ZFS send bug that affected encrypted datasets is finally identified and fixed, why the Raspberry Pi doesn’t make a great NAS, and when to use the zpool checkpoint feature.   Plugs Support us on patreon and get an ad-free RSS feed with early episodes sometimes Maintaining FreeBSD in a Commercial Product – Why Upstream Contributions Matter   News/discussion TrueNAS 25.04 drops FreeBSD: “Fangtooth” only with GNU/Linux base FreeBSD fans rally round zVault upstart ZFS raw-send corruption bug fixed 5 things I regret about using my Raspberry Pi as a NAS   Free consulting We were asked about the zpool checkpoint feature.             See our contact page for ways to get in touch.  

The basic computer science problems that still remain unsolvable, why you shouldn’t trust AI to tune ZFS (or answer any admin questions), and setting up a check-in system for a group of friends.   Plug Support us on patreon and get an ad-free RSS feed with some early episodes   Discussion Why You Can’t Trust AI to Tune ZFS   Free consulting We were asked about setting up a check-in system for a group of friends.             See our contact page for ways to get in touch.  

Old passwords work for Windows RDP, Broadcom shows why perpetual software licenses aren’t really forever, Windows Server is getting hotpatching, and preventing changes to archived files.   Plugs Support us on patreon and get an ad-free RSS feed with some early episodes Owning the Stack: Infrastructure Independence with FreeBSD and ZFS   News/discussion Windows RDP lets you log in using revoked passwords. Microsoft is OK with that Broadcom sends cease-and-desist letters to subscription-less VMware users Microsoft pitches pay-to-patch reboot reduction subscription for Windows Server 2025   Free consulting We were asked about preventing changes to archived files.             See our contact page for ways to get in touch.  

Crosswalks were comically vulnerable to being hacked, even Google struggles with tiered SSD and HDD storage, some insight into how AI scrapers are using domestic IPs, and creating a ZFS mirror one disk at a time.   Plugs Support us on patreon and get an ad-free RSS feed with early episodes sometimes Inside FreeBSD Netgraph: Behind the Curtain of Advanced Networking   News/discussion Hacking US crosswalks to talk like Zuck is as easy as 1234 Even Google struggles to balance fast-but-pricey flash and cheap-but-slow hard disks How Colossus optimizes data placement for performance The web is broken, IMHO   Free consulting We were asked about creating a ZFS mirror one disk at a time.             See our contact page for ways to get in touch.  

Some Synology NAS products will require drives they sold you, doubt is cast on the CVE program, why some FreeBSD packages didn’t appear when they should have, and backing up the keys for encrypted backups.   Plugs Support us on patreon and get an ad-free RSS feed with early episodes sometimes Robust & Reliable Backup Solutions with OpenZFS   News Synology confirms that higher-end NAS products will require its branded drives CVE program gets last-minute funding from CISA – and maybe a new home CVE fallout: The splintering of the standard vulnerability tracking system has begun   Free consulting We were asked about backing up the keys for encrypted backups.             See our contact page for ways to get in touch.  

IPv4 addresses are worth an awful lot of money, the serious dangers of a seemingly sensible deepfake law, Microsoft is 50 years old, and our thoughts on antivirus on Linux and Windows.   Plugs Support us on patreon and get an ad-free RSS feed with early episodes sometimes Accurate and Effective Storage Benchmarking   News Your IPv4 stash can now be collateral for $100M loans Congress close to passing deepfake law—Trump said he wants to use it himself Microsoft is now 50 years old   Free consulting We were asked about antivirus on Linux and Windows.             See our contact page for ways to get in touch.  

Jim’s server is getting hammered by AI scrapers and he’s big mad about it, why RCS doesn’t work on Android without Google apps, a complex Google account issue, and how Jim and Allan handle their WireGuard configs.   Plugs Support us on patreon and get an ad-free RSS feed with early episodes sometimes Network Offload and Socket Splicing (SO_SPLICE) in FreeBSD   News Jim hit by AI scrapers Open source devs say AI crawlers dominate traffic, forcing blocks on entire countries AI bots strain Wikimedia as bandwidth surges 50% 80% of Web Traffic Is Bots — The Hidden Cost of AI Scraping Threat Spotlight: The good, the bad, and the ‘gray bots’ – the Gen AI scraper bots targeting your web apps An AI Scraping Tool Is Overwhelming Websites With Traffic   Free consulting We were asked about RCS on AOSP, a complex Google account issue, and how Jim and Allan handle their WireGuard configs. wg-admin               See our contact page for ways to get in touch.  

Whether tech debt is inevitable and where the blame lies, how to properly organise ZFS datasets, and selectively managing updates.   Plugs Support us on patreon and get an ad-free RSS feed with early episodes sometimes ZFS Orchestration Tools – Part 2: Replication                 SysCloud Over 2,000 IT admins already trust SysCloud to protect their SaaS data. Head to SysCloud.com for a 30-day free trial—and for a limited time, use code 25ADMINS to get 50% off your first purchase.                 See our contact page for ways to get in touch.  

The key differences between throughput and latency – and when they matter, the tech that we’d keep if we stopped working in IT, and avoiding bitrot with rsync backups.   Plugs Support us on patreon and get an ad-free RSS feed with early episodes sometimes Core Infrastructure: Why You Need to Control Your NTP   Free consulting We were asked about avoiding bitrot with rsync backups. Parchive           SysCloud Over 2,000 IT admins already trust SysCloud to protect their SaaS data. Head to SysCloud.com for a 30-day free trial—and for a limited time, use code 25ADMINS to get 50% off your first purchase.                 See our contact page for ways to get in touch.  

RISC-V is on the rise in China, why Power CPUs aren’t as promising, the dystopian nightmare of surveillance tech at work, and decrypting ZFS at boot.   Plugs Support us on patreon and get an ad-free RSS feed with early episodes sometimes Understanding ZFS in the Real World: Mistakes Made, Lessons Learned & Future Plans   News/discussion Alibaba launches server-grade RISC-V CPU design Raptor Computing Systems Y Combinator deletes posts after a startup’s demo goes viral Your Boss Wants You Back in the Office. This Surveillance Tech Could Be Waiting for You     Free consulting We were asked about automatically decrypting ZFS at boot.             SysCloud Over 2,000 IT admins already trust SysCloud to protect their SaaS data. Head to SysCloud.com for a 30-day free trial—and for a limited time, use code 25ADMINS to get 50% off your first purchase.                 See our contact page for ways to get in touch.    

Ten-year-old Chromecasts stop working, movie DVDs start rotting, Skype is finally dying, using ZFS on VM guests and hosts.   Plugs Support us on patreon and get an ad-free RSS feed with early episodes sometimes ZFS Space Accounting Explained   News Google apologizes for Chromecast outage in email to users “They curdle like milk”: WB DVDs from 2006–2008 are rotting away in their cases Microsoft is shutting down Skype in favor of Teams     Free consulting We were asked about using ZFS on VM guests and hosts.                 See our contact page for ways to get in touch.  

HP was forcing people to wait on hold for 15 minutes to get support, the DOGE site was embarrassingly insecure, setting up encrypted offsite backups, and mixing SATA and NVMe in a server.   Plugs Support us on patreon and get an ad-free RSS feed with early episodes sometimes Why FreeBSD is the Right Choice for Embedded Devices   News/discusison HP ditches 15-minute wait time policy due to ‘feedback’ Anyone Can Push Updates to the DOGE.gov Website (archive.is)   Free consulting We were asked about mixing SATA and NVMe in a server.         Factor Eat smart with Factor. Get started at factormeals.com/factorpodcast and use code FACTORPODCAST to get 50% off your first box plus free shipping.     SysCloud Over 2,000 IT admins already trust SysCloud to protect their SaaS data. Head to SysCloud.com for a 30-day free trial—and for a limited time, use code 25ADMINS to get 50% off your first purchase.                 See our contact page for ways to get in touch.  

Arm is going to make its own server chips, WordPress is selling “100 year” domain registrations, geo-redundancy for VPSs, and backing up Windows to Backblaze B2.   Plugs Support us on patreon and get an ad-free RSS feed with early episodes sometimes Isolating Containers with ZFS and Linux Namespaces   News Arm to launch its own chip in move that could upend semiconductor industry The WordPress.com 100-Year Domain   Free Consulting We were asked about geo-redundancy for VPSs, and backing up Windows to Backblaze B2.   Hybrid Cloud Show – Episode 24 gdnsd DNSMadeEasy – Failover Service [Allan’s Affiliate Link] Kopia snapshot verify | Kopia RAID is NOT a Backup and Other Hard Truths About Disaster Recovery             SysCloud Over 2,000 IT admins already trust SysCloud to protect their SaaS data. Head to SysCloud.com for a 30-day free trial—and for a limited time, use code 25ADMINS to get 50% off your first purchase.                 See our contact page for ways to get in touch.  

Google found a way to run unofficial microcode on AMD CPUs, whether software should get a CVE when it goes end of life, LLMs changing Redditors’ minds and self-replicating, and managing SSH keys at scale.   Plugs Support us on patreon and get an ad-free RSS feed with early episodes sometimes ZFS Orchestration Tools – Part 1: Snapshots   News/discussion How to make any AMD Zen CPU always generate 4 from RDRAND CVEs for End of Life? OpenAI says its models are more persuasive than 82 percent of Reddit users AI can now replicate itself — a milestone that has experts terrified   Free Consulting We were asked about managing SSH keys at scale.               See our contact page for ways to get in touch.  

Used Seagate drives are being sold as “new”, another reminder not to hack Windows 11 onto unsupported hardware, about using ZFS on VPS block storage, picking hardware to run VMs, and delegating datasets to containers.   Plugs Support us on patreon and get an ad-free RSS feed with early episodes sometimes Controlling Your Core Infrastructure: DNS   News Fraud with Seagate hard disks: Dealers swap, Seagate investigates Fraud with Seagate hard disks: Dozens of readers report suspected cases openSeaChest Windows 11 on devices that don’t meet minimum system requirements   Free Consulting We were asked about using ZFS on VPS block storage, picking hardware to run VMs, and delegating datasets to containers. Klara: Isolating Containers with ZFS and Linux Namespaces         SysCloud Over 2,000 IT admins already trust SysCloud to protect their SaaS data. Head to SysCloud.com for a 30-day free trial—and for a limited time, use code 25ADMINS to get 50% off your first purchase.                 See our contact page for ways to get in touch.  

We appreciate the elegance of subnets as well as the power of custom benchmarking, Xboxes will support large amounts of external storage, why it’s not looking great for bcachefs, malware and remote desktops, and our thoughts on Fortigate network gear.   Plugs Support us on patreon and get an ad-free RSS feed with early episodes sometimes Key Considerations for Benchmarking Network Storage Performance   News/discussion Xbox beta tests support for massive amounts of external storage Migrating away from bcachefs   Free Consulting We were asked about malware and remote desktops, and our thoughts on Fortigate network gear.           SysCloud Over 2,000 IT admins already trust SysCloud to protect their SaaS data. Head to SysCloud.com for a 30-day free trial—and for a limited time, use code 25ADMINS to get 50% off your first purchase.   Factor Eat smart with Factor. Get started at factormeals.com/25a50off and use code 25a50off to get 50% off your first box plus free shipping.               See our contact page for ways to get in touch.  

An embarrassing typo suggests that MasterCard’s monitoring isn’t as good as it should be, tricky offsite backups, why two-factor authentication over SMS is a bad idea, and keeping two Mac laptops in sync.   Plugs Support us on patreon and get an ad-free RSS feed with early episodes sometimes Klara Webinar, Feb 13th: RAID is NOT a Backup and Other Hard Truths About Disaster Recovery   News MasterCard DNS Error Went Unnoticed for Years   Free Consulting We were asked about tricky offsite backups, why Two-factor authentication over SMS is a bad idea, and keeping two Mac laptops in sync.           ServerMania Get 15% Off dedicated servers – recurring for Life at servermania.com/25a with code 25ADMINS   Automox Check out the brand new Autonomous IT podcast. Listen in as a variety of experts in the IT Operations space discuss the latest Patch Tuesday releases, mitigation tips, and custom automations to help with CVE remediations. Listen now on Spotify, Apple, or wherever you get your podcasts.             See our contact page for ways to get in touch.  

Microsoft didn’t control an important domain that it was using and end up red-faced, the dangers of using free VPN apps, a proof of concept exploit is out for last year’s SSH vulnerability, USB is getting slightly less confusing labels, and swapping the motherboard in a TrueNAS SCALE system.   News Edgio bankruptcy results in endpoint change for Microsoft VPN used for VR game cheat sells access to your home network PoC Exploit Released For OpenSSH Arbitrary Code Execution Vulnerability An updated USB logo will now mark the fastest docking stations   Free Consulting We were asked about swapping the motherboard in a TrueNAS SCALE system.           Entroware This episode is sponsored by Entroware. They are a UK-based company who sells computers with Ubuntu and Ubuntu MATE preinstalled. They have configurable laptops, desktops and servers to suit a wide range of Linux users. Check them out and don’t forget to mention us at checkout if you buy one of their great machines.             See our contact page for ways to get in touch.  

A new version of ZFS is out and we go over the great new features. Plus recovering data after accidentally writing part of an ISO onto a USB drive, how to deal with abuse of your domain, and replacing all the drives in a ZFS pool while keeping the birth date.   Plugs Support us on patreon and get an ad-free RSS feed with early episodes sometimes Managing and Tracking Storage Performance   News Zfs-2.3.0 Introducing OpenZFS Fast Dedup   Free Consulting We were asked about recovering data after accidentally writing part of an ISO onto a USB drive, how to deal with abuse of your domain, and replacing all the drives in a ZFS pool while keeping the birth date.           ServerMania Get 15% Off dedicated servers – recurring for Life at servermania.com/25a with code 25ADMINS           See our contact page for ways to get in touch.  

Jim and Allan explain the benefits of a lithium iron phosphate “UPS”, whether it’s possible to delete every single copy of a file, and using Bluetooth in a Windows 11 VM.   Plug Support us on patreon and get an ad-free RSS feed with early episodes sometimes   Discussion Anker SOLIX C300 Anker SOLIX F3800   Free Consulting We were asked about using Bluetooth in a Windows 11 VM.         See our contact page for ways to get in touch.  

What it would take to reliably store data for a hundred years including Institutional funding and organization, decade-proof redundancy, multiple hot and cold copies,hedging your bets against multiple media, and more. Plus backing up ZFS without normal snapshots.   Plug Support us on patreon and get an ad-free RSS feed with early episodes sometimes   Discussion Century-Scale Storage     Free Consulting We were asked about backing up ZFS without normal snapshots.           ServerMania Get 15% Off dedicated servers – recurring for Life at servermania.com/25a with code 25ADMINS           See our contact page for ways to get in touch.  

Windows ssh is sending more telemetry than you might think, Let’s Encrypt will offer 6 days certificates, a PSA about domains that don’t send emails, and performance issues in a Synology NAS.   Plugs Support us on patreon and get an ad-free RSS feed with early episodes sometimes Winter 2024 Roundup: Storage and Network Diagnostics   News/discussion ssh on Windows sends telemetry sshTelemetry.c Let’s Encrypt to offer 6 day certs Important reminder, if you own a domain name and don’t use it for sending email   Free Consulting We were asked about performance issues in a Synology NAS.           ServerMania Get 15% Off dedicated servers – recurring for Life at servermania.com/25a with code 25ADMINS           See our contact page for ways to get in touch.  

Chinese researchers are making progress with quantum computing but they haven’t broken modern RSA or AES encryption, Russian attackers compromised a business via a nearby building’s WiFi, a startup runs out of money and bricks a robot for kids, and hardening Linux systems.   Plugs Support us on patreon and get an ad-free RSS feed with early episodes sometimes ZFS Storage Fault Management on Linux   News/discussion No, Chinese quantum computers haven’t hacked military-grade encryption The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access Startup will brick $800 emotional support robot for kids without refunds The confusing reality of AI friends   Free consulting We were asked about hardening Linux systems.             ServerMania Get 15% Off dedicated servers – recurring for Life at servermania.com/25a with code 25ADMINS   1Password Extended Access Management: Secure every sign-in for every app on every device. Support the show and check it out at 1password.com/25a         See our contact page for ways to get in touch.  

The US government tells people to use encrypted messaging, mandated MFA in healthcare raises a scary geopolitical question, QNAP bungles a firmware update, and securing access to self hosted applications with mTLS.   Plugs Support us on patreon and get an ad-free RSS feed with early episodes sometimes Deploying pNFS file sharing with FreeBSD   News/discussion FBI Warns iPhone And Android Users—Stop Sending Texts US senators propose mandated MFA, encryption in healthcare QNAP firmware update leaves NAS owners locked out of their boxes   Free consulting We were asked about securing access to self hosted applications with mTLS.             Automox Check out the brand new Autonomous IT podcast. Listen in as a variety of experts in the IT Operations space discuss the latest Patch Tuesday releases, mitigation tips, and custom automations to help with CVE remediations. Listen now on Spotify, Apple, or wherever you get your podcasts.   1Password Extended Access Management: Secure every sign-in for every app on every device. Support the show and check it out at 1password.com/25a           See our contact page for ways to get in touch.  

Intel’s CEO departs but replacing him won’t magically solve its serious problems, Zipcar wasn’t prepared for an outage and handled it really badly, moving to an email provider that supports DMARC, and picking a NAS distribution.   Plugs Support us on patreon and get an ad-free RSS feed with early episodes sometimes ZFS Ask Me Anything – December 12th Applying the ARC Algorithm to the ARC   News Intel CEO takes his leave as ambition meets reality What happened to Intel? Zipcar Outage Strands Customers in Random Places   Free consulting We were asked about moving to an email provider that supports DMARC, and picking a NAS distribution.             ServerMania Get 15% Off dedicated servers – recurring for Life at servermania.com/25a with code 25ADMINS             See our contact page for ways to get in touch.  

Equinix is shutting down its bare metal service, D-Link advises people to dump old vulnerable routers, Google makes changes to how it ranks some affiliate-driven “reviews”, and data caps seem to be sticking around. Plus mixing different brands and types of disks, using other partitions on a ZFS drive, and scaling a fleet of FreeBSD hosts with jails.   Plug Support us on patreon and get an ad-free RSS feed with early episodes sometimes Introducing OpenZFS Fast Dedup   News/discussion Equinix to shutter bare metal IaaS service in 2026 D-Link says replace vulnerable routers or risk pwnage Google cracks down on “Parasite SEO,” punishing established publishers Cable companies and Trump’s FCC chair agree: Data caps are good for you   Free consulting We were asked about mixing different brands and types of disks, using other partitions on a ZFS drive, and scaling a fleet of FreeBSD hosts with jails.   nomad-pot-driver Cluster provisioning with Nomad and Pot on FreeBSD             ServerMania Find this year’s Black Friday & Cyber Week deals at servermania.com/blackfriday   1Password Extended Access Management: Secure every sign-in for every app on every device. Support the show and check it out at 1password.com/25a           See our contact page for ways to get in touch.  

Windows server unexpectedly upgrades major versions, Microsoft reinvents the idea of a thin client, restricting a friend’s access to just their backups, and the importance of warranties when buying hardware.   Plugs Support us on patreon and get an ad-free RSS feed with early episodes sometimes DKMS vs kmod: The Essential Guide for ZFS on Linux   News Windows Server 2025 takes admins by surprise No word from Microsoft on shock Windows Server 2025 installs Windows Server 2025 known issues and notifications Windows 11 update bug falsely warns of end of support, confusing users Windows 365 Link—the first Cloud PC device   Free consulting We were asked about restricting a friend’s access to just their backups, and the importance of warranties when buying hardware. 2.5 Admins 218: TLS TTL                   See our contact page for ways to get in touch.  

Jim and Allan discover modern charging tech and marvel at what’s possible in the USB-C era, more on IPv6 firewalls, using ZFS like Git, and running your own authoritative DNS server.           Automox Check out the brand new Autonomous IT podcast. Listen in as a variety of experts in the IT Operations space discuss the latest Patch Tuesday releases, mitigation tips, and custom automations to help with CVE remediations. Listen now on Spotify, Apple, or wherever you get your podcasts.   1Password Extended Access Management: Secure every sign-in for every app on every device. Support the show and check it out at 1password.com/25a           See our contact page for ways to get in touch.  

How using a copy-on-write filesystem like ZFS can get systems back online within seconds after ransomeware encrypts all your data, and even warn you more quickly that it’s happening. Plus Jim and Allan’s advice on getting a job as a sysadmin.   Plugs Support us on patreon and get an ad-free RSS feed with early episodes sometimes Klara: 5 Reasons Why Your ZFS Storage Benchmarks Are Wrong   Free consulting We were asked about getting a job as a sysadmin.                   See our contact page for ways to get in touch.  

It’s Halloween so Jim and Allan share horrific and spooky stories from their sysadmin careers. Plus picking a UPS for a homelab.   Plugs Support us on patreon and get an ad-free RSS feed with early episodes sometimes Klara: NAS: Maintenance Best Practices                   See our contact page for ways to get in touch.  

SSL certificates are likely going to last less time, the latest Windows 11 update leaves a huge chunk of data behind and doesn’t play nicely with some SSDs, picking a modern dhcp server on a homebrew router, and storing encrypted backups on a friend’s NAS with ZFS.   Plugs Support us on patreon and get an ad-free RSS feed with early episodes sometimes Klara Halloween Webinar: ZFS Horror Stories. Oct 31st 13:00 EDT, 17:00 UTC   News Sysadmins slam Apple’s SSL/TLS cert lifespan cuts Windows 11 24H2 hoards 8.63 GB of junk you can’t delete As Microsoft rolls out its Windows 11 24H2 update, owners of certain Western Digital SSDs have been greeted with constant Blue Screens of Death WD releases new firmware to fix Windows 11 24H2 blue screens of death on some SSD Not just Western Digital – Windows 24H2 BSODs Asus kit   Free consulting We were asked about picking a modern dhcp server on a homebrew router, and storing encrypted backups on a friend’s NAS with ZFS. The Ars guide to building a Linux router from scratch Linux Router Part 1: Routing, NAT, and NFTables                     See our contact page for ways to get in touch.  

The difference between monitoring and metrics analysis, the security pros and cons of cloud vs on-prem, why Jim and Allan don’t use Unraid, and cloud storage and email for a small company.   Feedback Netdata Nagios ZFS and Unraid   Free consulting We were asked about cloud storage and email for a small company.           Automox Check out the brand new Autonomous IT podcast. Listen in as a variety of experts in the IT Operations space discuss the latest Patch Tuesday releases, mitigation tips, and custom automations to help with CVE remediations. Listen now on Spotify, Apple, or wherever you get your podcasts.     1Password Extended Access Management: Secure every sign-in for every app on every device. Support the show and check it out at 1password.com/25a           See our contact page for ways to get in touch.  

NIST has finally proposed some sensible password standards, why server CPUs with high core counts make sense in a lot of deployments, the .io TLD is probably sticking around, and the best options for a Linux-based router.   Plugs Support us on patreon and get an ad-free RSS feed with early episodes sometimes Klara Halloween Webinar: ZFS Horror Stories. Oct 31st 13:00 EDT, 17:00 UTC ZBM 101: Introduction to ZFSBootMenu   News NIST proposes barring some of the most nonsensical password rules You’re right not to rush into running AMD, Intel’s new manycore monster CPUs The Disappearance of an Internet Domain   Free consulting We were asked about setting up a Linux-based router. OpenWrt on TP-Link devices                 See our contact page for ways to get in touch.  

Why cold storage is never as good as keeping your data warm and regularly tested, how the American air traffic control system became so outdated, and isolating your devices from a roommate’s shenanigans.   Plug Support us on patreon and get an ad-free RSS feed with early episodes sometimes   News/discussion Music industry’s 1990s hard drives, like all HDDs, are dying FAA air traffic control modernization efforts are a mess   Free consulting We were asked about isolating your devices from a roommate’s shenanigans.           1Password Extended Access Management: Secure every sign-in for every app on every device. Support the show and check it out at 1password.com/25a           See our contact page for ways to get in touch.  

A proposed solution to the WHOIS TLS verification problem gets a surprising amount of pushback. Plus isolating IoT devices, our thoughts on Ubiquiti gear, setting up WiFi in a new house, remote access with WireGuard, and our mini PC recommendations.   Plug Support us on patreon and get an ad-free RSS feed with early episodes sometimes   News Google calls for halting use of WHOIS for TLS domain verifications   Free consulting We were asked about isolating IoT devices, our thoughts on Ubiquiti gear, setting up WiFi in a new house, remote access with WireGuard, and our mini PC recommendations.           1Password Extended Access Management: Secure every sign-in for every app on every device. Support the show and check it out at 1password.com/25a           See our contact page for ways to get in touch.  

The Malaysian government’s misguided plan to control its citizens’ DNS, the wrong way to deploy underwater servers, a philosophical question about how long a person’s photos will exist, and how we manage our SSH keys.   Plug Support us on patreon and get an ad-free RSS feed with early episodes sometimes   News/discussion Malaysia’s plan to block overseas DNS dies after a day Proposed underwater data center surprises regulators who hadn’t heard about it   Free consulting We were asked about how we manage our SSH keys.           1Password Extended Access Management: Secure every sign-in for every app on every device. Support the show and check it out at 1password.com/25a   Automox Check out the brand new Autonomous IT podcast. Listen in as a variety of experts in the IT Operations space discuss the latest Patch Tuesday releases, mitigation tips, and custom automations to help with CVE remediations. Listen now on Spotify, Apple, or wherever you get your podcasts.         See our contact page for ways to get in touch.  

A surprising way to exploit the WHOIS system, Microsoft will force old versions of Windows 11 to update, and the simple way to set up TP-Link Omada gear.   Plug Support us on patreon and get an ad-free RSS feed with early episodes sometimes   News Rogue WHOIS server gives researcher superpowers no one should ever have Windows 11 users still living in the past face forced update, like it or not   Free consulting We were asked about setting up TP-Link Omada gear.                 See our contact page for ways to get in touch.  

Another example of the downsides of abstraction, whether AI can ever be truly “open source”, and the security benefits and drawbacks of different types of VPN.   Plug Support us on patreon and get an ad-free RSS feed with early episodes sometimes   News/discussion Hackers infect ISPs with malware that steals customers’ credentials Debate over “open source AI” term brings new push to formalize definition   Free consulting We were asked about whether VPNs are a security measure.                 See our contact page for ways to get in touch.  

AMD will patch some old Ryzens against SinkClose now, but their benchmarking methods for newer CPUs didn’t live up to everyday reality. Plus Bcachefs devs annoy Linus Torvalds, the US government sues a college over compliance issues, and Jim disappoints a patron.   Plug Support us on patreon and get an ad-free RSS feed with early episodes sometimes   News AMD’s Ryzen 3000 CPUs to get SinkClose patch after all AMD explains, promises partial fixes for Ryzen 9000 performance problems Linus Torvalds Begins Expressing Regrets Merging Bcachefs After cybersecurity lab wouldn’t use AV software, US accuses Georgia Tech of fraud   Free consulting We were asked about monitoring your network for new device connections.                   See our contact page for ways to get in touch.    

Insecure SSH implementations and a weak key that let a researcher control 200 MW of electrical capacity reignites the debate about versioned protocols vs pluggable protocols, follow-up on sharing files from your LAN with people on the Internet, and the pros and cons of encrypted backups.   Plug Support us on patreon and get an ad-free RSS feed with early episodes sometimes   News/discussion Researchers find insecure SSH implementations everywhere 512-bit RSA key in home energy system gives control of “virtual power plant”   Feedback Syncthing Resilio Send OnionShare Warp Immich   Free consulting We were asked about the pros and cons of encrypted backups.             1Password Extended Access Management: Secure every sign-in for every app on every device. Support the show and check it out at 1password.com/25a           See our contact page for ways to get in touch.  

Forcing Windows to undo updates and a separate IPv6 vulnerability, hardware bugs in AMD and Intel CPUs, and using Samba on Linux with Active Directory.   Plug Support us on patreon and get an ad-free RSS feed with early episodes sometimes   News Your victim’s Windows PC fully patched? Just force undo its updates and exploit away CVE-2024-38063 – Security Update Guide – Microsoft – Windows TCP/IP Remote Code Execution Vulnerability Almost unfixable “Sinkclose” bug affects hundreds of millions of AMD chips SMM LOCK BYPASS Intel’s crashing 13th and 14th Gen Raptor Lake CPUs: all the news and updates   Free Consulting We were asked about using Samba on Linux with Active Directory.   map acl inherit = yes acl_xattr:ignore system acls = yes acl_xattr:default acl style = windows Setting up a Share Using Windows ACLs           Automox Check out the brand new Autonomous IT podcast. Listen in as a variety of experts in the IT Operations space discuss the latest Patch Tuesday releases, mitigation tips, and custom automations to help with CVE remediations. Listen now on Spotify, Apple, or wherever you get your podcasts.             See our contact page for ways to get in touch.  

Secure boot is compromised on hundreds of devices, Amazon’s desperate attempt to make money from Alexa, and how to decide which open source software on GitHub to trust.   Plug Support us on patreon and get an ad-free RSS feed with early episodes sometimes   News/discussion Secure Boot is completely broken on 200+ models from 5 big device makers old and related Amazon’s paid Alexa is coming to fill a $25 billion hole dug by Echo devices Alexa had “no profit timeline,” cost Amazon $25 billion in 4 years   Free consulting We were asked about how to decide which open source software on GitHub to trust.           1Password Extended Access Management: Secure every sign-in for every app on every device. Support the show and check it out at 1password.com/25a           See our contact page for ways to get in touch.  

How and why the recent huge Windows outage was caused by a bad CrowdStrike update and how it could have been avoided, a hilariously dumb ESXi vulnerability, and using SAS drives with a PCIe card.   Plug Support us on patreon and get an ad-free RSS feed with early episodes sometimes   News A closer look at what caused the CrowdStrike Windows crashes Ransomware gangs are loving this dumb but deadly ESXi flaw Jake Williams on Twitter   Free Consulting We were asked about using SAS drives with a PCIe card.                     See our contact page for ways to get in touch.  

How a Bitcoin mine made life in a Texas town absolutely miserable, why paying for extended support for end of life Windows versions is just doubling down on technical debt, and the best way to manage router redundancy.   Plug Support us on patreon and get an ad-free RSS feed with early episodes sometimes   News/discussion Inside the ‘Nightmare’ Health Crisis of a Texas Bitcoin Town Enterprises urged to think carefully about Windows 10 extended support options   Free Consulting We were asked about managing router redundancy.           1Password Extended Access Management: Secure every sign-in for every app on every device. Support the show and check it out at 1password.com/25a           See our contact page for ways to get in touch.  

A widely-used login system is still using MD5 which is bad news, miscreants took over some domains when they moved from Google to Squarespace, Linksys’ sloppy app isn’t a huge problem but is a bad sign, and why backing up an Android phone in one go is pretty much impossible without root.   Plug Support us on patreon and get an ad-free RSS feed with early episodes sometimes   News New Blast-RADIUS attack breaks 30-year-old protocol used in networks everywhere Squarespace migration linked to DNS hijacking, claims report Linksys Velop routers send Wi-Fi passwords in plaintext to US servers   Free Consulting We were asked about backing up Android phones.       Automox Check out the brand new Autonomous IT podcast. Listen in as a variety of experts in the IT Operations space discuss the latest Patch Tuesday releases, mitigation tips, and custom automations to help with CVE remediations. Listen now on Spotify, Apple, or wherever you get your podcasts.             See our contact page for ways to get in touch.