• 47 Posts
  • 1.15K Comments
Joined 2 years ago
cake
Cake day: October 4th, 2023

help-circle



  • I’m not familiar enough with Cloudflare’s error messages — or deployment with Cloudflare — to know what exact behavior that corresponds to, but I’d guess that most likely it can open a TCP connection to port 443 on what it thinks is your server, but it’s not getting HTTPS on that port or your server isn’t configured to serve up the right certificate for that hostname or the web server software running on it is otherwise broken. Might be some sort of intervening firewall.

    I don’t know where your actual server is, may not even be accessible to me. But if you have a Linux machine that can talk to it directly – including, perhaps, the server itself – you should be able to see what certificate it’s handing back via:

    $ openssl s_client -showcerts -servername akaris.space IP-address-of-actual-server:443
    

    That’ll try to establish a TLS connection, will send the specified server name so that if you’re using vhosting on the server, it knows which site to return, and then will tell you what certificate the web server used. Would probably be my first diagnostic step if I thought that there was a problem with the TLS handshake on a machine I was running.

    That might provide enough information to you to let you resolve the issue yourself.

    Beyond that, trying to provide much more information probably isn’t possible without more information about how your server is set up and what actually is working. You can censor IP addresses if you want to keep that private.




  • Also this legitimates the tech. Just like porn and VHS, the drug cartels endorse stardink.

    “Hi there! I’m José Perez. Between 2025 and 2032, I ran over two thousand tons of cocaine into the United States. And when I needed reliable, high speed Internet access to safeguard my very valuable cargo, I knew that I couldn’t settle for the second-best. I used Starlink™. Only Starlink™ gave me the peace of mind that my critical business operations would remain robust in the face of unexpected difficulties, be they hurricanes or US Coast Guard cutters. In today’s fast-paced, competitive business world, whether you need a reliable video stream to a conference room in one of your branch offices or to a night-vision piloting camera on a semi-submersible smuggling platform, you can count on Starlink™!”



  • I’m sorry, you are correct. The syntax and interface mirrors docker, and one can run ollama in Docker, so I’d thought that it was a thin wrapper around Docker, but I just went to check, and you are right — it’s not running in Docker by default. Sorry, folks! Guess now I’ve got one more thing to look into getting inside a container myself.


  • tal@lemmy.todaytoSelfhosted@lemmy.worldI've just created c/Ollama!
    link
    fedilink
    English
    arrow-up
    4
    ·
    edit-2
    12 days ago

    While I don’t think that llama.cpp is specifically a special risk, I think that running generative AI software in a container is probably a good idea. It’s a rapidly-moving field with a lot of people contributing a lot of code that very quickly gets run on a lot of systems by a lot of people. There’s been malware that’s shown up in extensions for (for example) ComfyUI. And the software really doesn’t need to poke around at outside data.

    Also, because the software has to touch the GPU, it needs a certain amount of outside access. Containerizing that takes some extra effort.

    https://old.reddit.com/r/comfyui/comments/1hjnf8s/psa_please_secure_your_comfyui_instance/

    ComfyUI users has been hit time and time again with malware from custom nodes or their dependencies. If you’re just using the vanilla nodes, or nodes you’ve personally developed yourself or vet yourself every update, then you’re fine. But you’re probably using custom nodes. They’re the great thing about ComfyUI, but also its great security weakness.

    Half a year ago the LLMVISION node was found to contain an info stealer. Just this month the ultralytics library, used in custom nodes like the Impact nodes, was compromised, and a cryptominer was shipped to thousands of users.

    Granted, the developers have been doing their best to try to help all involved by spreading awareness of the malware and by setting up an automated scanner to inform users if they’ve been affected, but what’s better than knowing how to get rid of the malware is not getting the malware at all. ’

    Why Containerization is a solution

    So what can you do to secure ComfyUI, which has a main selling point of being able to use nodes with arbitrary code in them? I propose a band-aid solution that, I think, isn’t horribly difficult to implement that significantly reduces your attack surface for malicious nodes or their dependencies: containerization.

    Ollama means sticking llama.cpp in a Docker container, and that is, I think, a positive thing.

    If there were a close analog to ollama, like some software package that could take a given LLM model and run in podman or Docker or something, I think that that’d be great. But I think that putting the software in a container is probably a good move relative to running it uncontainerized.



  • I like self checkout. I struggle with talking to people and it can really drain on me so it’s a godsend to have if I only need to run in for a few things.

    Valid take.

    That being said, I’d probably prefer human checkout unless we can get a more-automated form of self checkout. Self checkouts have gotten a lot better since the early days, but human checkers are still faster than I am at the self-checkout and if a human is doing the checkout, I can dick around on my phone or whatever.

    Cost savings are nice, but cost savings on my groceries just aren’t a massive concern for me. There just isn’t that much human time being expended on checking my back out. I don’t have strong feelings about the human interaction one way or another.

    Maybe one day, we can get some sort of robotic arm setup that can do checkouts as well as a human checker, and then I’d quite happily be in the “machine” camp.


  • US naval vessels themselves will become targets

    They already have been the target of missiles launched by the Houthis provided by Iran. Thus far, missile defenses have stopped them.

    I suppose that Iran probably has some ability to ramp up how many anti-ship missiles they’re throwing, but the US also has the ability to drastically ramp up the number of bombs being dropped on Iran; I doubt that climbing the escalation ladder is going to be advantageous to Iran.





  • kagis

    Ah. Sounds like they have pretty protectionist rice policy.

    https://time.com/7283809/japan-us-trade-talks-rice-agriculture-protectionism-reform-trump-tariffs/

    “Rice has always been highly protected and shielded from trade negotiations. Its liberalization is a political taboo for the LDP,” says Waseda University Professor Yuka Fukunaga.

    “Look at Japan, tariffing rice 700%,” White House Press Secretary Karoline Leavitt said at a press briefing in March. “President Trump believes in reciprocity, and it is about dang time that we have a President who actually looks out for the interest of American business and workers.”

    That 700% figure, which Japan’s farm minister called “incomprehensible,” is not quite true. In 1995, after facing a rice crisis in 1993 and mounting pressure from the world to open up its rice market, Japan entered into a “minimum access” deal with the World Trade Organization. That means that Japan imports 770,000 metric tons of rice each year without any tariffs, around half of which comes from the U.S. most years. Above that quota, Japan imposes a tariff of ¥341 (about $2.30) per kilogram. (In 2005, Japan’s farm ministry showed that was equivalent to a 778% tariff based on international rice prices between 1999 and 2001, but more recent data suggests the tariff is around 227%, according to a calculation by the Japan Times.)

    Yeah, can probably pull it off the world market if they want, then.