• Happy New Years

    Welcome to 2025. This is the time of year when I used to write the wrong year on my checks. I’ve not written a check by hand in over 5 years. That’s what computers are for.

    And we are getting older. It used to be that we would sit around the TV for a few hours waiting for the ball to drop.

    This year we were all doing our thing. Then at 2345 the alarms went off. We stumbled into the living room. Went to YouTube to find a ball drop channel.

    We did the toast to the new year, then stumbled to bed.

    Firewalls

    I am bringing up a server in a new infrastructure. Instead of using the half arse load balancers and firewalls provided by the vendor, I decided to use a micro/nano instance and install pfSense.

    pfSense is based on FreeBSD. Wonderful. The issue is that the vendor does not support FreeBSD nor do they support pfSense. This led to 24 hours of frustration.

    The issue? The installation went smoothly, as expected. Everything is done on the serial device. When booting into the newly installed OS, the screen would lock up right after it said it was loading.

    The issue? The installation media runs the console on the serial port AND the video console. The default for the installed OS is to only use the video console.

    I received a message to my help request shortly before I wrote that I had turned on serial devices and everything just worked.

    Why is this important? For testing, I had the firewall locked way down. Fine. Everything works fine for me. I try and install a LetsEncrypt certificate and it failed.

    It told me it was a firewall issue.

    It took me another day before I figured out that I had locked out web access to the firewall. I was only allowing my server to connect.

    Small Steps

    There have been a couple of cases out of the circuit courts in the last few weeks that are positive wins for the Second Amendment.

    My guess is that we have a few more judges that believe in doing what the Supreme Court told them to do. And I believe that everybody is waiting for the Supreme Court to put the hammer down on another set of Second Amendment cases.

    Everything Is Relative

    I have been so immersed in getting our data center up that I lost sight of client needs. I was just about to write to one of my clients to see if they had noticed the improvement in performance.

    I woke up to a message of frustration. Nope, it wasn’t better. Was it better than it was? Yes. Was it good enough? No.

    Fixing it.

    Of Course It Is Illegal

    I have a friend who is currently living in one of those shit states. One of those states where you can assume it is illegal unless it is specifically made legal. And that could change tomorrow.

    At the homestead, varmint are taken care of with the right caliber. Those squirrels ransacking the birdfeeders? They be varmint needing .22LR, subsonic.

    The possum and raccoons getting into garbage cans or attacking the chickens? .357 Magnum varmints.

    Deer eating the crops? 30-30 varmints.

    Bears getting into the beehives? 45–70 varmints.

    Where he lives, he has bear coming up on to the back porch. He can’t do anything about it because it isn’t legal to shoot them. And the neighbors would complain.

    I offered him an air rifle for the squirrels. He was concerned it would make too much noise and the neighbors would complain.

    I gave him a “Wrist Rocket” slingshot for Christmas.

    He can legally possess it. I can legally give it to him. He cannot legally buy a slingshot nor can he legally make a slingshot in his state.

    I wish he would move to my state, he would enjoy more freedoms.

    Question of The Week (2)

    1) Are the security posts of interest? The explainers about things computer?

    2) Are you excited that the Supreme Court is prepared to hear another Second Amendment case?

            

  • What we are talking about is “authentication.” Authentication is the method of confirming that you are who you say you are.

    There are three methods to determine authentication:

    1. Something only you know
    2. Something only you have
    3. Something unique about you

    In the old days, when people carried checkbooks with them and wrote checks for things, you would be asked to prove your identity before you could use a check. Proving your identity was a process where a person would first authenticate your identification card, and then they would verify that the identification card matched you.

    A state issued identification card will have different aspects about it that should make identifying fakes easier for the trained person. In the those olden days, they would often have your Driver’s License number be a SoundEx of your last name. SoundEx was a simple encoding method that could be generated from a name.

    If the SoundEx didn’t match the DL number, it was a fake.

    For the most part, people trusted DLs. They were relatively difficult to fake, and it was often easy to spot fakes.

    This is an example of something you have, your DL, and something unique about you. Your picture and description.

    Computer Authentication

    Computers authenticate you with the use of two pieces of information, the first is your “name”. The second is your password.

    Your name can be an email address or a username. While the pair, username and password, are required, only the password is a secret. Or should be a secret.

    In a perfect world, this would be good enough. In this imperfect world, see Password Security/Password Managers

    We will assume that your password is strong and will not be cracked in this century.

    What we want to protect against is people stealing your username and password. Be that by phishing or by tricking you, or by lifting your keyboard to read your password on a PostIt note.

    We need to improve our overall security posture by adding something besides “something only you know” to the equation.

    Biometrics

    This is just a fancy word for something unique about you. What you look like. What you sound like. What the patterns of ridges on your fingers look like. What the blood vessels in your eye look like. These are things that are unique about you.

    The super fancy eye scanner in NCIS is a myth. While it might actually work in practice, it will be expensive and is only part of the equation.

    Fingerprint scanners are a joke. Facial recognition has more downsides than positives. And don’t have a sore throat if you are using vocal recognition.

    Most low-cost fingerprint scanners don’t do a good job. They scan something they think is a fingerprint on a finger. That scan is processed and turned into a series of identified markers. That is turned into some sort of “value”. That value is what is actually compared and authenticates.

    To reduce false negatives, these scanners often do a poor job of discriminating. They are also fairly weak at detecting live vs. Memorex.

    Finally, if you have a fingerprint scanner or some other sort of biometric authenticator, bad actors can forcibly use your body to unlock your stuff.

    It is far too common of an occurrence to have customs or law enforcement hold your finger to your phone’s scanner to unlock your phone. Don’t use biometrics to secure your devices. Oh, currently the courts find this to be legal and not a violation of your civil rights.

    This takes use too:

    Security Devices

    A security device is a device that only you have that can communicate with other devices to help authenticate you.

    Notice it is a helper, it is not the be all, end all.

    The most common security device in use today is a mobile or cell phone.

    The assumption is that you are the person holding your phone and that your phone can only be unlocked by you. This means that they can send you a text message, and you will have to unlock your phone to get the code they sent.

    Except… Often the code is visible even when the phone is locked. The phone might be unlocked for other reasons. Or somebody cloned your phone and is getting the same SMS messages that you are.

    In addition to that, some people have their devices configured to read messages to them. Or worse, they have configured their phones to read messages on command.

    My favorite example of this was when I was working on a female friend’s car. She had a new boy and they were texting hot and heavy. Every time she received a new message, her phone would announce “To hear the message say “read message”.

    At one point her phone announced, and I spoke up, “read message”.

    She ran when her phone started to read the message out loud. It was just as spicy as I expected.

    While the phone is very convent, it isn’t very secure.

    Still, phones can be used as an authenticator.

    This is a magic pseudo random number generator. The authenticator reads a seed from the remote device and attaches it to a particular site or device.

    The two can generate the same pseudo random number at any point in time, based on the shared seed.

    The site requests you provide the code from the authenticator. You unlock your phone, run the authenticator, find the correct device, copy the code from your phone to your computer to log in.

    It is a fairly cheap and easy method and requires very little extra.

    A number of my clients use this type of authenticator, and WordPress/WordFence does as well. It is an acceptable option if your phone is kept locked.

    Better still, turn on extra security. The authenticator I use allows me to set a PIN for the application. Without the PIN, something only I know, the authenticator will not run.

    Security Tokens

    These supply a different form of security. They are designed to prove to a remote system, or local, that you have something that is unique.

    A key.

    One type of security token generates is a physical rendition of the phone authenticator. The one that I used required me to enter a PIN. It did not matter what PIN you entered, it generated numbers. If you entered the numbers from a correct PIN, you were logged in. If you entered the numbers from an incorrect PIN, the system would alert administrators or security, depending on how it was configured.

    In other words, the system administrators and security personal could set them up to provide “panic” or “distress” codes.

    Mine didn’t have that feature. If I put the wrong code in I couldn’t log in. Guess I wasn’t that important in the grand scheme of things.

    Which takes me to my favorite authentication key, the YubiKey.

    This is a small device, about the size of a thumb drive, but much thinner.

    They have USB-A or USB-C connectors and some have NFC capabilities. They are small enough and light enough that I carry one of them attached to my key ring, along with a magic USB drive that contains a working version of Linux.

    When properly configured, when a website needs a 2FA action, it will request that you insert the device. A small LED flashes, you touch the LED and the flashing stops. Some magic happens, and the website confirms that you have the right device.

    If you have the NFC version, you can just tap the key to the back of your phone to accomplish the same thing as plugging it into a device.

    In general, you should have two of them. Just in case you lose one.

    Conclusion

    Two-Factor Authentication adds a significant improvement to your security stance. They can almost completely stop phishing attacks.

    Even if you are tricked into providing your credentials to a phishing website, when they attempt to use those credentials, they do not have the second factor to complete the authentication process.

    Using your phone as your security device isn’t as strong as an authenticator. Using an authenticator application on your phone, is.

    Combine these with a good password manager and you have a strong, secure system.

    Until you find that the bad guys just ignore all that authentication stuff and took your computers.

            
  • HAPPY NEW YEAR in letter tiles set against a red textured background with gold stars.
    Photo by Natalie Kinnear on Unsplash

    It has been an interesting year for me. Most of my 2024 was spent figuring out why my politics were so skewed. I’ve become more active in my prepping (again). I lost weight. I gained weight. I finished another cookbook and published it (The Clay Table), and finished writing and partially editing another (Rise Up, a bread cookbook, hopefully due out in the summer).

    In 2025, I am going to be a busy little critter. I have a fantasy anthology I’m putting together (Tales from the Turning Leaf Tavern), which comes along with a Kickstarter, a “real” cover artist, and a bunch of other new (to me) aspects of authoring. I have 10th century Viking, 15th century English, and 18th century American reenactments to participate in. I have my 18th century cookbook to put together, write, and edit. I have a series of YouTube video lessons on how to take an idea from your mind and turn it into a book that’s available on Amazon. I have TikTok to keep up on, provided there’s still a TikTok to use. I have reading to do, and sewing. And then there’s the list of never ending household chores: laundry, dishes, vacuuming, tidying, cooking, etc…

    All in all, though, I’m very happy with where I am. If you’d suggested 20 years ago that I would be sitting here, a published and popular author, I would have laughed at you. I could not have envisioned a time when historical groups vied for who got me for what dates, because I “bring so much.” It was inconceivable to think that I would be teaching food history to people at libraries… and be paid for the privilege. I am in a really good place.

    I’m excited to see what Trump brings to America in his second term. It is my strong hope that his various people do their jobs well, and that the country starts out strong on January 20th. I want to see DOGE get rid of a lot of the useless stuff that’s gathered up into the government over the years. I hope to see improvement in schools, along with cutting away any fat in that arena as well.

    Mostly, I’m hoping to see grocery costs come down. I know it won’t be immediate, but Trump has four years. I’m hoping that by his second year in office, we’ll see a distinct down-trend in the cost of American grown foods.

    Happy New Year, everyone. Thanks for reading Vine of Liberty, and being a part of our virtual family. May the blessings of the Divine go with you into the new year, and fill your lives with health, wealth, and joy.

            

  • Password Security

    There are four ways of cracking a password.

    1. Guess the password
    2. Brute Force the password
    3. Go around the password authentication
    4. Trick the password from the owner

    If your password is easy to guess, then it is a weak password. Examples of weak passwords are: password, 1234, YOUR_NAME, BIRTHDAYS. Many things use a four digit PIN. When guessing them, the best place to start is the set of numbers between 1950 and 2005, followed by 1930-1949, and 2006-2024. Years of importance to you.

    Brute force is when you try all possible passwords. Back in the days of the TRS-80, there was a password on some part of the operating system. I wrote a simple brute force cracker for it.

    Once it was running, my host and I got ready to go to dinner. Before we got out the door, the program stopped.

    I assumed the program failed. Turned out that the password was so weak, three or four characters long, that it only took a few minutes to try all the passwords to that point.

    Going around a password is sometimes easier than it should be. People don’t bother to log out. When I was visiting my father, I sat down at his computer. It was unlocked. I was able to “be” him if I had wished. I didn’t have to bother with a password.

    There is an entire industry devoted to tricking people into handing over their passwords. It is so bad that it has its name, “phishing”.

    And anybody can get caught in the net. I was caught just once. My wife’s school was phished, hard. The entire school got an email that looked legitimate from an administrator for the district. Her account then automatically sent it to me because I was in her address book.

    I opened because it was from my wife. It had a good subject line. It looked legit.

    It didn’t do anything to me because I run Linux, but it caused a great deal of damage to the school district.

    Besides phishing, there is looking for the passwords that people have written down.

    Again, using my father, the password for my mother’s computer was written on a PostIt note stuck to the inside of her laptop.

    There is no need to guess, force or phish when the password is just given to you.

    The Balancing Act

    It is rather oxymoronic that the harder it is to remember a password, the harder it is to crack the password. If your password is “happyfaces” it might be easy to remember, but it is also easy to guess.

    On the other hand, “wynt>Otchib5” is difficult to remember and difficult to guess. The password generator I used gave that to me as “wynt-GREATER_THAN-Otch-ib-FIVE” as how I might pronounce it and remember it. Still, it isn’t going to work

    When passwords get too difficult to remember, people need to write them down. You would be amazed at the number of personal, and business, computers which have a file named “passwords”. People write them down.

    The other thing that happens is that people remember one “good” password, then use it over and over again. If they ever lose that password, they lose access to everything, or the bad hat gets access to everything.

    Many people think they will be tricky and use character substitution. Instead of “password” they write, “p@55w0rd”, and think they are clever. They aren’t.

    There is a scene in Schindler’s List where they have just cleared the ghetto. Now they are searching for hidden Jews. The German’s come in, and they know where to look. They are experts at finding people. They’ve done this before. They know all the hiding places.

    If you think you have found something clever that will make your password “unguessable”, you are mistaken.

    Long Passwords Are Better(?)

    Let’s assume that you are going to use a password that can’t be guessed easily. This leaves the brute force method.

    This is a matter of mathematics. The larger the symbol set, the better. Longer passwords are better.

    Consider a four digit pin, there are 10,000 possible PINs. As a password, that sucks.

    But if we increase the symbol set to digits and letters, we get a slightly better result: 36^4 = 1,679,616. Still not strong.

    But let’s say you go all out and have a symbol set of all ASCII printable tokens. There are 128 ASCII tokens, of which 94 are printable. This gives us 81,450,625 different passwords. Which still sucks, but it is getting better.

    Now, let’s just make the password longer, call it 8 characters, at that point our results would be: 6,634,204,312,890,625. This is a strong password. Unfortunately, it is likely to be nearly impossible to remember.

    My default is 12 characters.

    Creating Strong Passwords You Can Remember

    When we go back to that original statement, “The larger the symbol set, the better.” What if I told you that there is a symbol set of approximately 100,000 symbols, that you already know?

    That symbol set is the set of all common English words.

    What we would like to see is a number near 6 Quadrillion. With a symbol set of 100,000 words, 3 words give you 1 Quadrillion and four words give you 118,495,929,354,657,605,136.

    This doesn’t consider word separators or case. Here is one such random password, “farm particularly wild refer”. If you modify the spaces to be different characters, or capitalize some letters, even if it only the first letter, you get even better results.

    So what’s the problem? The issue is that it doesn’t look like a strong password. Many password checkers will see that long password and reject it because it doesn’t have special characters.

    For me, a programmer, I can put together a simple program, take the string above, feed it into sha256sum to get 256 bits of pseudo noise. Extracting the printable characters, I get “dLuxo8x’H54MBd”

    Now I have a good password I can remember, which can be used to generate a password which the rest of the world will accept as strong.

    Password Managers

    Password managers are supposed to fix much of this. They exist to store your passwords in a “secure” form, which you can then extract when needed. In addition, they will generate strong passwords for you to use.

    I, personally, use four password managers and have used a fifth.

    The first, most people are aware of, is the password manager built into your browser. I use Firefox and Chrome, so those are two password managers. My Linux system has another password manager built in. Finally, I use “Keeper” and have used “Last Pass”.

    I love Keeper, I pay for the version I use, but there might be a free version. For me, it is worth it. One of the reasons it is worth it to me, is that with the paid version I can share access to password folders or individual passwords.

    I never liked “LastPass” but I can’t say why. I do know they were cracked within the last few years. Because of their security model, when they were cracked, the bad guys extracted all the passwords.

    Keeper stores all passwords encrypted. Only you have the decryption key. Thus, if they were to lose everything, they would not expose your passwords.

    The browser managers are there because I was using them before Keeper. I’m slowly phasing them out.

    I’m also looking into a self-hosted version of a password manager. I have not decided on which one, if any, I will try.

    Chicken and Egg

    The problem with all password managers is that there is a single point of failure. That is the password to access your password manager.

    Which takes us back to “Long passwords work better”. Generate a random four – word password, I used xkcd Password Generator but you can just open a physical dictionary and randomly select four words.

    Memorize those four words. Then you can use that as your master password.

    Make the move to a good password manager. Use one that distrusts the government.

    Two Factor Authentication

    I need to look at my articles to see if one already exists, if it doesn’t, I’ll write something up.

            

  • In honor of the Georgia peanut farmer

            

  • May his time in Hell be tempered by the good he did after he was no longer in office.

    In my opinion, this man started the decline of respect for the United States. His policies were so bad that we still have not recovered from them.

    The Middle East is a cesspool of tribes. All of which hate each other, except maybe the Jewish people.

    Middle Eastern tribes respect only one thing, power. If you have power, you are respected. If you do not have power, you are less than the dirt beneath their sandals.

    The Peanut farmer let the US embassy in Iran be taken multiple times by “students”.

    He was so afraid of “offending” the Iranians, that he ordered the Guards at the US Embassy to be disarmed. AFTER they were over run.

    When the “students” took over and took hostages, he sat with his thumb up his arse playing footsy with Mrs. Peanut Farmer for 100s of days.

    I know, personally, that there were troops in the air within hours of the hostages being taken. I know, personally, that there was a plan to retake the embassy within a few hours of it being taken.

    That weakness led to the fall of Iran. Which turned it into the terrorist state of Iran.

    The World Trade Center bombings? Jimmy’s fault.

    The bombing of the U.S.S. Cole? Jimmy’s fault.

    9/11? Jimmy’s fault.

    The slight tinge of regret I have is for his Wife. I don’t think she is in Hell with him.

            

  • I love my bagels. I love everything about them. You could use homemade bagels for this, but if you want to buy them, that makes it SO EASY. This is very much a throw-together meal that could be made the evening before then just heated up in the morning if you’re feeding a crowd. And if you can’t find everything bagels, use plain, and pick up a bottle of “everything bagel” seasoning and just sprinkle it throughout!

    Ingredients:

    • 4 everything bagels, chopped
    • 1-1/2 cups shredded cheese
    • 1-1/2 cups halved cherry tomatoes
    • 8 oz block cream cheese, cut into 1/2″ cubes
    • 1/2 red onion, thinly sliced
    • 10 large eggs
    • 2-1/2 cups milk
    • 2 green onions, sliced, plus more for garnish
    • salt to taste
    • freshly ground black pepper
    • a pinch of cayenne
    • 1 tsp poppy seeds
    • 1 tsp dried minced onion
    • 1 tsp sesame seeds
    • 1 tsp dried garlic
    • 1 tsp coarse salt

    Preheat your oven to 350°F and grease (or no-stick spray) a 9×13″ baking pan. Distribute half of the bagel pieces int he pan, and top them with half of the cheese, tomatoes, cream cheese, and red onion. Repeat to make another layer.

    In a bowl, whisk together your eggs, milk, and green onions. Season with the salt, pepper, and cayenne. Pour the egg mixture over the bagels, making sure to coat each bagel piece. Sprinkle the top of the casserole with the poppy seeds, minced onion, sesame seeds, garlic, and coarse salt. Cover the pan with aluminum foil and bake for 45 minutes.

    Remove the foil, and continue to bake until the bagels are golden and the eggs are cooked through. This may take up to 25 minutes more. Allow it to cool for 15 to 30 minutes.

    Garnish with green onions before serving.

    Notes:

    You can add spinach to this if you like! Sprinkle it through with the tomatoes and onions. Any kind of cheese will work. You should cater to your intended audience. This can be made dairy free by using a dairy free milk substitute like oat milk or Silk, and by using a non-dairy vegan cheese. It can’t really be made vegan, however, because the egg is the binder for the casserole.

    If you want to make this ahead, bake it for the first 45 minutes, then set it somewhere to cool, and refrigerate overnight. In the morning, bake it for the final 15 to 25 minutes, so it’s warm throughout and everything looks delicious.

    Some people prefer more eggs and some prefer less. The casserole should have enough egg incorporated to allow the bagel bits to “stick together.” If you like more egg and want it to be more solid, feel free to add as many eggs as you think you need to get it there. Be aware that it may change the baking time. Be prepared to add an extra 15 or so minutes to make sure the egg is cooked through before taking the foil off.

            
  • An example — from an NYU professor:

    “{DJT’s holding a rally in Waco} sends a clear message…Waco has been a pilgrimage site for White power and militia movements… He is paying homage to this tradition and doubling down on his profile as leader of an extremist cult (MAGA).

    The stagecraft and rituals seen at this rally also continue the Fascist past. In both Italy and Germany, Fascism evolved out of paramilitary environments, with a cult leader who orchestrated violence. Once in power, Fascists used propaganda to change the public’s perception of violence, associating it with patriotism and national defense against internal and external enemies. Rallies were crucial to that end.”

    Another dog whistle that only leftists can hear.

    This was in reply to a moron who claimed that this was just par for the course because “…he tried to have a rally on Juneteenth in Tulsa.”

    The original post:

    So let me get this straight. When liberals go to college, they’re called indoctrination centers and woke campuses. But if you’re from a foreign country and come to school here, Donald Trump wants to automatically hook you up with a green card. Even if it’s a 2 year junior college, so that you stay here.

    But if colleges are making everyone woke marxist communists. Why would Trump keep them here?

    🤔… it’s almost as if republicans been lying to you to keep you stupid and keep themselves in power.

    Cause I’ll tell you what. Republican leaders, they send their kids to school.

    I don’t even want to go looking for what the accusation actually is. They have a clip of Trump saying something, but I don’t trust anything posted until I can examine it in context.

            

  • Resiliency is a goal. I’m not sure if we ever actually reach it.

    In my configuration, I’ve decided that the loss of a single node should be tolerated. This means that any hardware failure that takes a node of line is considered to be within the redundancy tolerance of the data center.

    This means that while every node has at least two network interfaces, I am not going to require separate PSUs with dual NIC’s, each with two 10Gbit interfaces. Instead, each node has two 10Gbit interfaces and a management port at 1 to 2.5 gigabits RJ45 copper.

    Each node is connected to two switches. Each switch has a separate fiber, run via a separate path, back to a primary router. Those primary routers are cross connected with two fibers, via two different paths.

    Each of the primary routers has a fiber link to each of the egress points. I.e., two paths in/out of the DC.

    The NAS is a distributed system where we can lose any room and not lose access to any data. We can lose any fiber, and it will have NO effect on the NAS. We can lose any switch and not have it affect the NAS.

    We can lose any one router and not impact the NAS.

    So far, so good.

    Each compute node (hypervisor and/or swarm member) is connected to the NAS for shared disk storage. Each compute node is part of the “work” OVN network. This means that the compute nodes are isolated from the physical network design.

    Our load balancer runs as a virtual machine with two interfaces, one is an interface on the physical network. The other is on the OVN work network.

    This means that the VM can migrate to any of the hypervisors with no network disruption. Tested and verified. The hypervisor are monitored, if the load balancer becomes unavailable, they automaticity reboot the load balancer on another hypervisor.

    So what’s the issue?

    That damn Load Balancer can’t find the workers if one specific node goes down. The LB is still there. It is still responding. It just stops giving answers.

    I am so frustrated.

    So I’m going to throw some hardware at it.

    We’ll pick up a pair of routers running pfSense. pfSense will be augmented with FRR and HAProxy to provide load balancing.

    Maybe, just maybe, that will stabilize this issue.

    This is a problem I will be able to resolve, once I can spend time running diagnostics without having clients down.

            

  • In upgrading from copper to fiber, I’ve been exploring the different options and learning as I go. Some learning curves have been steep, others have been “relearning” what I already knew.

    One of the biggest things I needed to learn is that there are “switches” that are actually “routers”. That was mind-bending.

    The other is that the network dudes talk about VLAN and Tagged VLAN. They are different things. In the environments I’ve been working in, there are only tagged VLANs which are called “VLAN”. Same name, different meaning.

    The starting place when moving from copper to fiber is to understand what a Small Form-Factor Pluggable is. This is the magic that makes it all happen. This is standardized into SFP and SFP+. The SFP standard only supports 1G and lower speeds.

    The SFP+ supports higher speed modules. 10G, 25G, 40G and 100G are all standards I’ve seen.

    I’m only working with 10G modules, at this time.

    They have modules that are RJ45 copper that will run at slower speeds or up to 10G. The only issue is that they draw more power and run hot. Can’t touch them when running hot.

    The fix for this is to purchase a switch or router that has RJ45 Ethernet ports and at least one SFP+ port.

    I found a small, six port, switch. This comes with 4 RJ45 ports, rated at 2.5G each, and 2 SFP+ ports rated at 10G each. Cool.

    This allows me to daisy-chain them if I wanted.

    In reality, it meant that I had one host connected at 10G while the others were at 2.5G.

    I also found a L2/L3 “switch” that looks much like the switch above.

    Having done the upgrades, I started looking into upgrading the router between the outside world and the DMZ. The routers I’ve been getting to not support any crypto, so they don’t have good VPN capability, something I want.

    So I went looking. Looking for a “motherboard with SFP”. Something interesting popped. A mini ITX motherboard with 4 SFP+ ports and 4 RJ45 ports along with HDMI, VGA and the standard USB ports. It also provided space for two M.2 SSD modules, 2 DDR4 slots and two 6GByte SATA ports.

    It might not be the fastest computer on the block, but it looks like a good starting point.

    This leads me to other motherboards of the same ilk. And what I found was a bunch of these motherboards. And the port layouts all look the same. The specifications all look the same.

    What we have is a “standard” motherboard which is put in a “standard” case along with a wall wart, HDMI cable and a mounting bracket. The branding stays the same.

    I have an L2 switch that I’m going to take apart in a bit. It has a limit of 1550 byte packets, making it useless for my new network. I wonder if I will find an M.2 module in that box or something else that allows me to change the software.

    Meanwhile, that motherboard is on my wish list. I’ll load pfSense on it along with FRR and replace my current router. Giving me a considerable boost in capabilities and letting me dispense with the VyOS configuration language. Which I really don’t like.