marauding_gibberish142

Edit: it seems like my explanation turned out to be too confusing. In simple terms, my topology would look something like this:

I would have a reverse proxy hosted in front of multiple instances of git servers (let's take 5 for now). When a client performs an action, like pulling a repo/pushing to a repo, it would go through the reverse proxy and to one of the 5 instances. The changes would then be synced from that instance to the rest, achieving a highly available architecture.

Basically, I want a highly available git server. Is this possible?

I have been reading GitHub's blog on Spokes, their distributed system for Git. It's a great idea except I can't find where I can pull and self-host it from.

Any ideas on how I can run a distributed cluster of Git servers? I'd like to run it in 3+ VMs + a VPS in the cloud so if something dies I still have a git server running somewhere to pull from.

Thanks

Is there some sort of comprehensive guide on hardening RHEL clones like Alma and Rocky?

I have read Madaidan's blog, and I plan to go through CIS policies, Alma and Rocky documentation and other general stuff like KSPP, musl, LibreSSL, hardened_malloc etc.

But I feel like this is not enough and I will likely face problems that I cannot solve. Instead of trying to reinvent the wheel by myself, I thought I'd ask if anyone has done this before so I can use their guide as a baseline. Maybe there's a community guide on hardening either of these two? I'd contribute to its maintenance if there is one.

Thanks.

The problem is simple: consumer motherboards don't have that many PCIe slots, and consumer CPUs don't have enough lanes to run 3+ GPUs at full PCIe gen 3 or gen 4 speeds.

My idea was to buy 3-4 computers for cheap, slot a GPU into each of them and use 4 of them in tandem. I imagine this will require some sort of agent running on each node which will be connected through a 10Gbe network. I can get a 10Gbe network running for this project.

Does Ollama or any other local AI project support this? Getting a server motherboard with CPU is going to get expensive very quickly, but this would be a great alternative.

Thanks

Sorry to post here as someone who doesn't live in Europe, but I'm seeing something very dangerous unfold in the EU with their fascination with Orwellian methods of surveillance.

On one hand I'm glad to see that the previous proposals were defeated and some politicians still reject the idea. But this is way too persistent. Who are the faces behind this bill and what is their motivation to keep presenting it, to keep pushing for something they know will harm europeans?

I am starting to think that existing resistance is not going to be enough for the next time the bill is voted on. We need more. We need more people than just the EFF and other non-profits talking about this. This is setting a dangerous precedent that I can see the US following if it gets passed in the EU, and I'm scared because the average person doesn't comprehend the problem (and most of the time, won't care).

I had a hard enough time getting just a few family members off of WhatsApp to Signal, imagine the trouble I and a lot of people will have if Chat control is indeed passed. We need to do more.

Sorry if I missed a lot of nuance in this post - I only really follow the headlines and don't know the reality on the ground.

Thanks

Sorry for being such a noob. My networking is not very strong, thought I'd ask the fine folks here.

Let's say I have a Linux box working as a router and a dumb switch (I.e. L2 only). I have 2 PCs that I would like to keep separated and not let them talk to each other.

Can I plug these two PCs into the switch, configure their interfaces with IPs from different subnets, and configure the relevant sub-interfaces and ACLs (to prevent inter-subnet communication through the router) on the Linux router?

What I'm asking is; do I really need VLANs? I do need to segregate networks but I do not trust the operating systems running on these switches which can do L3 routing.

If you have a better solution than what I described which can scale with the number of computers, please let me know. Unfortunately, networking below L3 is still fuzzy in my head.

Thanks!

It's been a while since I visited this topic, but a few years back, Xen (and by extension XCP-NG) was better known for security whilst KVM (and thus Proxmox) was considered for better performance (yes, I've heard of the rumours of AWS moving to KVM from Xen for some appliances).

I would like to ask the community about the security measures you've taken to harden the default PROXMOX and XCP-NG installations. Have you run the CIS benchmarks and performed hardening that way? Did you enable 2FA?

I'm also interested in people who run either of these in production: what steps did you take? Did you patch the Debian base (for PVE)/Fedora base (I think, for XCP)?

Thank you for responding!

This is coming from a general perspective of wanting more privacy and seeing news of Mozilla creating an email service "which will definitely not train AI on your email". Sure Mozilla, whatever you say.

Rant aside, here's my question: is it possible to store all of your email on your own infrastructure (VPS or even NAS at home) and simply using an encrypted relay to send emails out to the public internet? My idea is that this removes the problems of keeping your IP whitelisted from the consumer, but the email provider doesn't actually hold your emails. This means your emails remain completely in your control, but you don't have to worry about not being able to send emails to other people as long as your storage backend is alive.

I don't know much about email to comment on what this would take. I think something similar is already possible with an SMTP relay from most email providers, but the problem is that my email also resides on their servers. I don't like that. I want my email to live on my servers alone.

Do you think this is possible? Does any company already do this?

Thanks

Not sure if this is the right place, if not please let me know.

GPU prices in the US have been a horrific bloodbath with the scalpers recently. So for this discussion, let's keep it to MSRP and the lucky people who actually managed to afford those insane MSRPs + managed to actually find the GPU they wanted.

Which GPU are you using to run what LLMs? How is the performance of the LLMs you have selected? On an average, what size of LLMs are you able to run smoothly on your GPU (7B, 14B, 20-24B etc).

What GPU do you recommend for decent amount of VRAM vs price (MSRP)? If you're using the TOTL RX 7900XTX/4090/5090 with 24+ GB of RAM, comment below with some performance estimations too.

My use-case: code assistants for Terraform + general shell and YAML, plain chat, some image generation. And to be able to still pay rent after spending all my savings on a GPU with a pathetic amount of VRAM (LOOKING AT BOTH OF YOU, BUT ESPECIALLY YOU NVIDIA YOU JERK). I would prefer to have GPUs for under $600 if possible, but I want to also run models like Mistral small so I suppose I don't have a choice but spend a huge sum of money.

Thanks

You can probably tell that I'm not very happy with the current PC consumer market but I decided to post in case we find any gems in the wild.

I've been thinking about this for a bit but I couldn't come up with anything.

The idea is that you have a VOIP number and some self-hosted VOIP infrastructure connected to a landline phone. WhatsApp, Signal and voice traffic from other apps would be redirected to this landline phone instead of your mobile phone.

Is there a way to do this? How do I get started?

Reasoning: I can now keep my phone isolated, wrapped in a thick towel and inside a solid box to prevent it from eavesdropping on me inside my own house.

Please do not respond with messages like "you're too paranoid", it doesn't help.

Thanks

Hi,

The general consensus amongst the Android community is that rooting is detrimental to privacy. In a sense, I agree with them since privilege escalation because of human error becomes a much bigger threat if the user has root access.

Android has a big privacy problem encapsulated in one word: "baseband". Your modem and other hardware running in your device don't run FOSS firmware and are likely actively malicious towards your privacy.

I am a Linux user, and I understand that concepts do not necessarily transfer well between the two. With that in mind:

1. If I wanted to be absolutely certain that sensistive hardware like Camera, Microphone and Modem were truly off, would shutting them off as root hold any real significance?
   • I do not know what the equivalent of Intel ME is called in the Android space, but I doubt that a highly complex OS is running beneath general Android as we know it. I think it's just the firmware of the individual device that we need to worry about.
2. Is it possible to replace the bootloader on some Android devices/prevent it from loading unwanted firmware?

With Google taking Android behind closed doors, I suspect we will start seeing some suspicious snippets of code here and there with questionable purpose, but which might be missed by FOSS volunteers because of the sheer volume of work that is. I'm thinking of ways we can try to evade this blatant grab of our personal data.

I wrote this comment in response to another post but I thought this merited more discussion.

AI companies should be fined percentages of their total worth by the government(s) whose artists they are taking advantage of. Hypothetical example: Japanese government penalises OpenAI 50% of their net worth for every image which is even marginally similar to any publishing house in Japan. And they should be very lenient about taking on these cases.

I want OpenAI, Microsoft, Google, Facebook and IBM to get f****d so bad they won't even dream of coming back and doing this. I don't know why the EU penalises these companies in monetary amounts. They should be putting rules like a certain percentage of your company for a certain type of wrongdoing.

TBH if Japan or other asian countries bleed these companies dry they will be sitting on an immense sum of money which will propel them to superpowers in their own right. It's a win-win for everyone.

Let me know what you think.

I'm looking at quad port 2.5Gbe Intel PCIe cards. These cards seem to be mostly x4 physically (usually PCIe gen 3) whilst I have a PCIe Gen4 X1 slot, which is more the theoretical bandwidth that the card can support. The card needs at the most PCIE Gen 3 X2 == PCIE Gen 4 X1 in terms of bandwidth.

How do I fit the card into a PCIe x1 slot? Won't it lose performance if all the pins are not connected to the physical PCIe connector? Is there a PCIe x1 riser that the community likes that is somewhat affordable?

Thanks