Author: steve

Posted on

Ai for work and home

As AI is starting to become something many of us are using, it’s interesting to think about the possibility’s of getting an AI to look at our own data.  I’ve set up privateGPT on an older computer and given it data to “ingest”!

It does take some time and it needs a decent amount of ram and cpu grunt, but it does work surprisingly well even on under-powered machines. It also gives you links to source documents you may have got the device to ingest (unlike some products I might mention… cough!).

There is a part of me that thinks that this sort of product could be very useful for insite for a private company (or even an individual). Think about the possibilities of giving it access to all emails sent. What could it learn? All files on the server, who created the most files? Who was involved in which projects and what were the  skill sets of the people involved (past and present).

Lets also think about the possibility of an AI having access to production data and financials!? What could be gleaned from all that information. It’s been said that we will soon have personal versions of AI that can run on phones. I’m sort of looking forward to this … but having recently re watched the most excellent Ridley Scott movie movie Alien Covenant, I’m recommending that we proceed with caution!

 

Posted on

Feed your firewalls

So as a few of you know I’m this crusty old Sys Admin dude. I have a number of machines that I look after, and they are nearly all Linux machines. They are on pretty much twenty four seven, this site is an example of such an endeavor.

But the internet has a problem – it’s the continual attack on any machine (Mac, Windows Linux, Unix or something else) and any service that said machine might be running.

It’s not uncommon for someone to attempt to attack this machine every day. Probably the worst I’ve seen is about 30 thousand attempts in one day. Typically it’s about 1- 3 K,  and I have been whittling this number down …  there is a way to manage this.

1 Record what the offensive ip address are (auth log is your friend in this instance)
2 Add these offensive address to the firewall “or better” so that they will not ever have any access, even if it to just rattle the locks on the doors of your computers.

Typically the command, to block an ip address is something like this, it’s not a complex thing .

sudo iptables -A INPUT -s 10.1.1.1/32 -j DROP

People are concerned that one may block out legitimate traffic (and admittedly this is important, especially if you do accidentally add your own ip address!…. do you have physical access to the machine? a plan B?).  But don’t let me scare you, what I’m talking about is not complex (just take care!).

When you think about it there are 4,294,967,296 usable version 4 ip address. My current block list on this small machine is about 880 of these…. that is about 0.0000204891% of all available ip v4 address. It’s not much and my machine is rather low tech.

But the problem is routers. My own network is based on a router that is controlled by my isp. I don’t really have total control over this machine, but it would be good if I could manage that process a bit. But the isp says no – you can have 3 settings!

The up shot is, if I’m serious about security and running may own server from home … I have to manage the abuse from a machine level or add an additional router! ?

It would be better to manage it from a router level because then every machine behind that router / firewall would be protected. But we haven’t really made this jump. I also understand that segmenting the internet is not a good thing but I’m happy with my 0.0000204891 % reduction. I don’t feel bad about this.

 

 

Posted on

Trouble with the Muskovite

Rafiki expressing his dislike of MuskI’m in this quandary with regards social media, much of it is being turned off. I used to have a twitter account (under my own name) and I’ve deleted it since Musk brought the thing, and it descended into the Vile, festering quagmire of sewage that it now is.

I do how ever have a troll account – and even that is nauseating. But there are 2 or 3 people on that platform who I do like to keep tabs on. I might note that one of those people is valiantly trying to find a positive alternative… (Bluesky wheres my invite?).

I also for a while thought that it would be amazing to start to colonise Mars… but they would have have to have good bacon and whisky available at reasonable prices before I seriously consider making the jump. But then the whole thing of Musk running the place…. again nauseating.  Also what would they call the capital of Mars? Muskville? Musk-o-gee? You would then become a Muskovite..?

I also thought a tesla car would be very nice. To be honest if someone gave me one I would probably say thank you very much (and then sell the thing). But I have heard that it may be possible to hack the international comms that run Tesla cars (and apparently the security may have some bumps in it). Think about the insanity an evil genius could unleash?

Could you imagine it, you get in the car one morning and it locks you in and rick rolls you blasting the sound up to 11. Or just orders all Tesla cars to stop until you pay 1 trillion dollars in bitcoin, to some nefarious individuals account.

I think a hand built electric for about 15 K is looking a lot better alternative, that and I like old cars. It’s a shame, I used to like Musk in the old days, even though he destroyed a Gordon Murry art work (the F1) … before he became an ………..(insert you favourite insult ).

 

Related ….
I found this today, thought people may find it an interesting asside
https://www.theguardian.com/commentisfree/2023/oct/23/why-is-elon-musk-attacking-wikipedia-because-its-very-existence-offends-him

Posted on

Battling Digital Onslaught

A couple of times on this site I’ve mentioned some of the garbage that some ip address spit at my wee server. It’s interesting and frustrating especially when you think about how much people do or do not care.

Admittedly the people at AWS on occasion have constructively addressed the odd concern (but they do require lots of information inducing your time zone preferred type of porridge etc) But on the whole if you make a complaint to an ISP about the scanning or bs coming from an IP address you often never get a response.

So one approach is to just set up firewall rules and hope that the Aholes don’t come back via another address, but this does become a vexatious game of Whac-A-Mole.

I made this project public in 2018
https://github.com/nevetsanderson/sshfail

It is useful in that it on a day to day level can bring awareness to how much junk is rattling at your front doors. I remember telling a manager once about the number daily number attacks and he went rather pale in the face.

I hope that someone can find sshfail as a useful tool, even if it does turn managers pale.