Edit: it seems like my explanation turned out to be too confusing. In simple terms, my topology would look something like this:

I would have a reverse proxy hosted in front of multiple instances of git servers (let's take 5 for now). When a client performs an action, like pulling a repo/pushing to a repo, it would go through the reverse proxy and to one of the 5 instances. The changes would then be synced from that instance to the rest, achieving a highly available architecture.

Basically, I want a highly available git server. Is this possible?

I have been reading GitHub's blog on Spokes, their distributed system for Git. It's a great idea except I can't find where I can pull and self-host it from.

Any ideas on how I can run a distributed cluster of Git servers? I'd like to run it in 3+ VMs + a VPS in the cloud so if something dies I still have a git server running somewhere to pull from.

Thanks

Is there some sort of comprehensive guide on hardening RHEL clones like Alma and Rocky?

I have read Madaidan's blog, and I plan to go through CIS policies, Alma and Rocky documentation and other general stuff like KSPP, musl, LibreSSL, hardened_malloc etc.

But I feel like this is not enough and I will likely face problems that I cannot solve. Instead of trying to reinvent the wheel by myself, I thought I'd ask if anyone has done this before so I can use their guide as a baseline. Maybe there's a community guide on hardening either of these two? I'd contribute to its maintenance if there is one.

Thanks.

The problem is simple: consumer motherboards don't have that many PCIe slots, and consumer CPUs don't have enough lanes to run 3+ GPUs at full PCIe gen 3 or gen 4 speeds.

My idea was to buy 3-4 computers for cheap, slot a GPU into each of them and use 4 of them in tandem. I imagine this will require some sort of agent running on each node which will be connected through a 10Gbe network. I can get a 10Gbe network running for this project.

Does Ollama or any other local AI project support this? Getting a server motherboard with CPU is going to get expensive very quickly, but this would be a great alternative.

Thanks

Sorry to post here as someone who doesn't live in Europe, but I'm seeing something very dangerous unfold in the EU with their fascination with Orwellian methods of surveillance.

On one hand I'm glad to see that the previous proposals were defeated and some politicians still reject the idea. But this is way too persistent. Who are the faces behind this bill and what is their motivation to keep presenting it, to keep pushing for something they know will harm europeans?

I am starting to think that existing resistance is not going to be enough for the next time the bill is voted on. We need more. We need more people than just the EFF and other non-profits talking about this. This is setting a dangerous precedent that I can see the US following if it gets passed in the EU, and I'm scared because the average person doesn't comprehend the problem (and most of the time, won't care).

I had a hard enough time getting just a few family members off of WhatsApp to Signal, imagine the trouble I a

Sorry for being such a noob. My networking is not very strong, thought I'd ask the fine folks here.

Let's say I have a Linux box working as a router and a dumb switch (I.e. L2 only). I have 2 PCs that I would like to keep separated and not let them talk to each other.

Can I plug these two PCs into the switch, configure their interfaces with IPs from different subnets, and configure the relevant sub-interfaces and ACLs (to prevent inter-subnet communication through the router) on the Linux router?

What I'm asking is; do I really need VLANs? I do need to segregate networks but I do not trust the operating systems running on these switches which can do L3 routing.

If you have a better solution than what I described which can scale with the number of computers, please let me know. Unfortunately, networking below L3 is still fuzzy in my head.

Thanks!

It's been a while since I visited this topic, but a few years back, Xen (and by extension XCP-NG) was better known for security whilst KVM (and thus Proxmox) was considered for better performance (yes, I've heard of the rumours of AWS moving to KVM from Xen for some appliances).

I would like to ask the community about the security measures you've taken to harden the default PROXMOX and XCP-NG installations. Have you run the CIS benchmarks and performed hardening that way? Did you enable 2FA?

I'm also interested in people who run either of these in production: what steps did you take? Did you patch the Debian base (for PVE)/Fedora base (I think, for XCP)?

Thank you for responding!

This is coming from a general perspective of wanting more privacy and seeing news of Mozilla creating an email service "which will definitely not train AI on your email". Sure Mozilla, whatever you say.

Rant aside, here's my question: is it possible to store all of your email on your own infrastructure (VPS or even NAS at home) and simply using an encrypted relay to send emails out to the public internet? My idea is that this removes the problems of keeping your IP whitelisted from the consumer, but the email provider doesn't actually hold your emails. This means your emails remain completely in your control, but you don't have to worry about not being able to send emails to other people as long as your storage backend is alive.

I don't know much about email to comment on what this would take. I think something similar is already possible with an SMTP relay from most email providers, but the problem is that my email also resides on their servers. I don't like that. I want my email t

Not sure if this is the right place, if not please let me know.

GPU prices in the US have been a horrific bloodbath with the scalpers recently. So for this discussion, let's keep it to MSRP and the lucky people who actually managed to afford those insane MSRPs + managed to actually find the GPU they wanted.

Which GPU are you using to run what LLMs? How is the performance of the LLMs you have selected? On an average, what size of LLMs are you able to run smoothly on your GPU (7B, 14B, 20-24B etc).

What GPU do you recommend for decent amount of VRAM vs price (MSRP)? If you're using the TOTL RX 7900XTX/4090/5090 with 24+ GB of RAM, comment below with some performance estimations too.

My use-case: code assistants for Terraform + general shell and YAML, plain chat, some image generation. And to be able to still pay rent after spending all my savings on a GPU with a pathetic amount of VRAM (LOOKING AT BOTH OF YOU, BUT ESPECIALLY YOU NVIDIA YOU JERK). I would prefer to have GPUs for under

I've been thinking about this for a bit but I couldn't come up with anything.

The idea is that you have a VOIP number and some self-hosted VOIP infrastructure connected to a landline phone. WhatsApp, Signal and voice traffic from other apps would be redirected to this landline phone instead of your mobile phone.

Is there a way to do this? How do I get started?

Reasoning: I can now keep my phone isolated, wrapped in a thick towel and inside a solid box to prevent it from eavesdropping on me inside my own house.

Please do not respond with messages like "you're too paranoid", it doesn't help.

Thanks

Hi,

The general consensus amongst the Android community is that rooting is detrimental to privacy. In a sense, I agree with them since privilege escalation because of human error becomes a much bigger threat if the user has root access.

Android has a big privacy problem encapsulated in one word: "baseband". Your modem and other hardware running in your device don't run FOSS firmware and are likely actively malicious towards your privacy.

I am a Linux user, and I understand that concepts do not necessarily transfer well between the two. With that in mind:

1. If I wanted to be absolutely certain that sensistive hardware like Camera, Microphone and Modem were truly off, would shutting them off as root hold any real significance?
   • I do not know what the equivalent of Intel ME is called in the Android space, but I doubt that a highly complex OS is running beneath general Android as we know it. I think it's just the firmware of the individual device that we need to worry about.
2. I

I wrote this comment in response to another post but I thought this merited more discussion.

AI companies should be fined percentages of their total worth by the government(s) whose artists they are taking advantage of. Hypothetical example: Japanese government penalises OpenAI 50% of their net worth for every image which is even marginally similar to any publishing house in Japan. And they should be very lenient about taking on these cases.

I want OpenAI, Microsoft, Google, Facebook and IBM to get fd so bad they won't even dream of coming back and doing this. I don't know why the EU penalises these companies in monetary amounts. They should be putting rules like a certain percentage of your company for a certain type of wrongdoing.

TBH if Japan or other asian countries bleed these companies dry they will be sitting on an immense sum of money which will propel them to superpowers in their own right. It's a win-win for everyone.

Let me know what you think.

I'm looking at quad port 2.5Gbe Intel PCIe cards. These cards seem to be mostly x4 physically (usually PCIe gen 3) whilst I have a PCIe Gen4 X1 slot, which is more the theoretical bandwidth that the card can support. The card needs at the most PCIE Gen 3 X2 == PCIE Gen 4 X1 in terms of bandwidth.

How do I fit the card into a PCIe x1 slot? Won't it lose performance if all the pins are not connected to the physical PCIe connector? Is there a PCIe x1 riser that the community likes that is somewhat affordable?

Thanks

This is not a troll post. I'm genuinely confused as to why SELinux gets so much of hate. I have to say, I feel that it's a fairly robust system. The times when I had issues with it, I created a custom policy in the relevant directory and things were fixed. Maybe a couple of modules here and there at the most. It took me about 15 minutes max to figure out what permissions were being blocked and copy the commands from. Red Hat's guide.

So yeah, why do we hate SELinux?

I would understand if Canonical want a new cow to milk, but why are developers even agreeing to this? Are they out of their minds?? Do they actually want companies to steal their code? Or is this some reverse-uno move I don't see yet? I cannot fathom any FOSS project not using the AGPL anymore. It's like they're painting their faces with "here, take my stuff and don't contribute anything back, that's totally fine"

I have been looking for an email client on Linux after being tired of Gmail and Outlook web clients.

I had Thunderbird installed on my system and thought I'd give it a spin. I set up POP for my email accounts and it worked fantastic... For a total of 2 hours, after which I realised that searching in Thunderbird is simply not going to work for me. I need to search by attachment name and sometimes even by text inside attachment and unfortunately Thunderbird can't do that (I think I tried an extension too but it made the UI super clunky to the point that I couldn't even understand how to navigate it anymore).

Does Betterbird or any other email client fix this problem? I'm willing to try other options if they are FOSS.

Thanks

Hi, I'm running Debian with XFCE. I can't seem to bind the Windows key to the "Whisker Menu". I think I'm getting the name of the applet wrong, can someone tell me what the correct name is so I can create a new binding? Thanks

Hi,

I have realised that my understanding of DNS isn't very good, and that there are many new technologies being adopted by mainstream FOSS applications which augment DNS from how we traditionally know it (DNSCrypt, DANE etc).

I'm looking for a resource (blog, RSS feed) which talks about a lot about DNS and innovations happening in this space. If you have any recommendations, please let me know.

My interest lies mostly in DNS tech which is being adopted by FOSS server and client applications.