<?xml version="1.0" encoding="UTF-8"?><rss xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:atom="http://www.w3.org/2005/Atom" version="2.0" xmlns:media="http://search.yahoo.com/mrss/"><channel><title><![CDATA[(in)Secure IT]]></title><description><![CDATA[A personal blog on technology, IoT, mobile, and hot topic issues in the cybersecurity field.]]></description><link>https://blog.threatresearcher.com/</link><image><url>https://blog.threatresearcher.com/favicon.png</url><title>(in)Secure IT</title><link>https://blog.threatresearcher.com/</link></image><generator>Ghost 5.82</generator><lastBuildDate>Fri, 17 Jul 2026 23:43:40 GMT</lastBuildDate><atom:link href="https://blog.threatresearcher.com/rss/" rel="self" type="application/rss+xml"/><ttl>60</ttl><item><title><![CDATA[The Great Collapse: Taming Context Sprawl into 4 Elite Core Lead Squads]]></title><description><![CDATA[<p>If you&apos;ve been following Act III of this threat intelligence odyssey, you know the decentralized circus of running 23 micro-agents across isolated bare-metal Proxmox containers blew up in my face. Token drift was rampant, context windows were fragmented, and my collection sentinels were actively having middle-management arguments with</p>]]></description><link>https://blog.threatresearcher.com/reduce-ai-token-drift-with-consolidated-json-schemas/</link><guid isPermaLink="false">6a51b570938eb802f3bb6368</guid><category><![CDATA[OpenAI]]></category><category><![CDATA[token]]></category><category><![CDATA[orchestration]]></category><category><![CDATA[Antigravity]]></category><dc:creator><![CDATA[Jamz Yaneza]]></dc:creator><pubDate>Fri, 17 Jul 2026 04:07:05 GMT</pubDate><content:encoded><![CDATA[<p>If you&apos;ve been following Act III of this threat intelligence odyssey, you know the decentralized circus of running 23 micro-agents across isolated bare-metal Proxmox containers blew up in my face. Token drift was rampant, context windows were fragmented, and my collection sentinels were actively having middle-management arguments with the parsing agents inside the PostgreSQL backend logs. The pipeline was completely bogged down by its own organizational sprawl, and the hypervisor processors were pinned at 90% utilization just managing internal REST API webhook handoffs.</p><p>We over-engineered the engine into oblivion, and the massive spike in my electricity bill was a physical symptom of pure architectural debt. Time for some radical consolidation surgery.</p><h2 id="the-purge-slashing-the-container-sprawl">The Purge: Slashing the Container Sprawl</h2><p>The realization was blunt: we didn&apos;t build an agile automation factory, we built a bloated corporate committee inside a local Docker network. I yanked the cords on the 23-agent sprawl, nuked the hyper-fragmented container footprints from the Proxmox VE cluster, and ruthlessly collapsed the entire workforce down to 4 elite Lead Squads.</p><p>We packed the playbooks, stripped out the micro-role overhead, and centralized operations under four distinct, high-density worker personas running inside optimized containers:</p><ul><li><strong>The Director:</strong> The centralized traffic cop managing execution states and task handoffs.</li><li><strong>The Operator:</strong> Executing raw CLI commands, managing network scripts, and handling systems patching.</li><li><strong>The Sentinel:</strong> Continuously plumbing the dark web feeds, processing log alerts, and monitoring indicators.</li><li><strong>The Publisher:</strong> Drafting clean markdown content and orchestrating media production hooks.</li></ul><p>The results on the dashboard? Immediate stabilization. CPU utilization dropped from a pinned 90% back to a cool 15%, memory allocation dropped by over 60GB across the host pool, and the server rack finally quieted down to a gentle purr.</p><p>But merging four completely different cognitive layers meant we had to solve the data handoff problem. If the Sentinel extracts a raw string, how does the Director pass it to the Operator without losing context or inducing token mutations?</p><h2 id="the-fix-the-unified-json-envelope-schema">The Fix: The Unified JSON Envelope Schema</h2><p>The &quot;Aha!&quot; moment was recognizing that we needed a strict, agnostic data contract. Instead of letting agents dump raw, unformatted payload variables into each other&apos;s webhooks, we implemented a global messaging envelope inside our n8n Postgres automation engine.</p><p>Every data transmission packet across <code>cti-net</code> must now conform to a rigid, metadata-wrapped JSON layout. It forces the agents to speak the exact same language, preserving TLP classification boundaries and context structure across every transactional step.</p><p>Here is the exact production JSON envelope schema injected into our core workflows:</p><pre><code class="language-json">{
  &quot;$schema&quot;: &quot;https://threatresearcher.com/schemas/cti-envelope.v1.json&quot;,
  &quot;metadata&quot;: {
    &quot;vmid_ingress&quot;: 201,
    &quot;timestamp_utc&quot;: &quot;2026-05-17T04:12:09Z&quot;,
    &quot;tlp_classification&quot;: &quot;AMBER&quot;,
    &quot;origin_conduit&quot;: &quot;sentinel-darkweb-telegram&quot;
  },
  &quot;payload&quot;: {
    &quot;actor_identity&quot;: &quot;Unknown-Uncial-Heretic&quot;,
    &quot;observed_ttps&quot;: [
      &quot;T1071.001-Web-Protocols&quot;,
      &quot;T1574.002-DLL-Side-Loading&quot;
    ],
    &quot;raw_indicators&quot;: {
      &quot;ipv4&quot;: [&quot;192.0.2.14&quot;, &quot;198.51.100.83&quot;],
      &quot;sha256&quot;: [&quot;e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855&quot;]
    }
  },
  &quot;routing&quot;: {
    &quot;current_lead&quot;: &quot;director&quot;,
    &quot;next_conduit&quot;: &quot;operator-triage-blocklist&quot;
  }
}</code></pre><p>Voila! No more token drift, no more dropped webhooks, and zero context fragmentation. The Sentinel drops a TLP:AMBER alert package wrapped in the envelope, the Director routes it, the Operator triages it, and the system moves on without a single resource-wasting middle-management argument.</p><p>The agent sprawl has been surgically tamed, the unified schema is live across the PostgreSQL cluster, and the hardware footprints are behaving themselves. Act III is moving into the final stretch. Next week in Post 8, we&#x2019;re wrapping up the squad era by building native IDE agent plugins using local system junctions and symlink routing to tie our execution playbooks directly with the live Git workspace.</p><p>See ya later. Happy tinkering!</p>]]></content:encoded></item><item><title><![CDATA[The 20-Agent Shift: Clawing Back Resource Footprint with Bare-Metal Containers]]></title><description><![CDATA[<p>Act III:Part 6 of the ThreatLabs CTI stack is officially in the wild, and today we&#x2019;re talking about what happens when you take a good architectural idea and engineer it straight into a decentralized circus. After yanking the cords on the monolithic &quot;God Bot&quot; to</p>]]></description><link>https://blog.threatresearcher.com/deploying-decentralized-ai-agent-workflows-on-proxmox-lxc/</link><guid isPermaLink="false">6a51b542938eb802f3bb635f</guid><category><![CDATA[Proxmox VE]]></category><category><![CDATA[LXC]]></category><dc:creator><![CDATA[Jamz Yaneza]]></dc:creator><pubDate>Thu, 16 Jul 2026 04:04:15 GMT</pubDate><content:encoded><![CDATA[<p>Act III:Part 6 of the ThreatLabs CTI stack is officially in the wild, and today we&#x2019;re talking about what happens when you take a good architectural idea and engineer it straight into a decentralized circus. After yanking the cords on the monolithic &quot;God Bot&quot; to save my execution queues, I went full-scale decentralized factory. Deployed a sprawling workforce of 23 hyper-focused micro-agents across my bare-metal Proxmox LXC containers.</p><p>The plan was beautiful on paper: complete functional decoupling, absolute role isolation, zero dropped webhooks.</p><p>Then the micro-agents started talking to each other, and the entire homelab slid into a high-latency middle-management nightmare.</p><h2 id="the-workforce-blueprint-decoupling-the-brain">The Workforce Blueprint: Decoupling the Brain</h2><p>The initial design layout was divided into clean, isolated operational squads, each driven by a tight, single-purpose markdown playbook file hosted in the local Forgejo repository. No overlapping scopes, no shared variables, just pure telegraphic execution loops running across hand-me-down Intel Core hardware nodes.</p><p>We broke the 23-agent registry down into three distinct, hyper-focused divisions:</p><ul><li><strong>The Intel Core Squad:</strong> Running deep algorithmic sorting, matching incoming indicators against historical datasets, and parsing TLP metrics.</li><li><strong>The Infra Operational Team:</strong> Micromanaging container system states, verifying network junctions, and triggering the <code>fix-permissions.sh</code> janitor loops.</li><li><strong>The Collection Sentinel Division:</strong> Continuously scraping OSINT leaks, parsing Telegram feeds, and plumbing the deep web crawling queues.</li></ul><p>To keep things pristine, every single agent was deployed into its own isolated, resource-constrained container instance.</p><pre><code class="language-bash"># Mass-provisioning the micro-agent workforce across the cti-net fabric
for AGENT_ID in {210..233}; do
  echo &quot;Spinning up bare-metal micro-container instance ID: $AGENT_ID...&quot;
  pct create $AGENT_ID local:vztmpl/debian-12-standard_12.2-1_amd64.tar.zst \
    -cores 1 -memory 1024 -swap 256 -features nesting=1 \
    -net0 name=eth0,bridge=vmbr0,tag=101,ip=dhcp -storage local-zfs -rootfs local-zfs:5
  pct start $AGENT_ID
done
echo &quot;Sovereign workforce initialized. 23 containers on the grid.&quot;</code></pre><p>Fired up the cluster, watched the containers initialize across the Proxmox VE dashboard, and it looked like a threat intelligence masterpiece.</p><p>For about forty-eight hours.</p><h2 id="the-problem-token-drift-and-middle-management-arguments">The Problem: Token Drift and Middle-Management Arguments</h2><p>Then the data scaled, the context windows filled up, and the tools completely lost their collective minds.</p><p>When you create 23 individual micro-roles, your pipeline handoffs become intensely brittle. A single raw threat report dump would hit a Collection sentinel, which would extract a partial indicator string, pass it to an ingestion agent, which would then call a verification agent, which would loop back to an indexing subagent.</p><p>Because each subagent was running its own independent context window and parsing logic, small linguistic variances began compounding at every single layer of the pipeline. By the time a simple indicator packet traveled through six separate container handoffs, the original data structure had completely mutated.</p><p>Classic <em>token drift</em>.</p><p>Worse, the micro-agents started falling into context fragmentation traps. An Intel Core sorting agent would argue with a Collection sentinel over whether a specific string qualified as a true threat actor TTP or a standard script artifact. They were micromanaging each other&apos;s execution loops, generating massive token overhead loops, burning through system memory, and dropping actual intelligence alerts while they debated formatting parameters back into the Postgres backend logs.</p><p>The pipeline was completely bogged down by its own organizational sprawl. We didn&apos;t build a streamlined automation factory; we built a bureaucratic corporate committee inside a local Docker network.</p><h2 id="the-realization-breaking-under-the-overhead">The Realization: Breaking Under the Overhead</h2><p>The breaking point was looking at the system metrics panel. The hyper-fragmented layout was chewing through processing cycles just to manage container-to-container webhook handoffs. My server processors were pinned at 90% utilization, the storage backplane was choking on internal REST API logs, and the fan noise out here was a physical symptom of pure architectural debt.</p><p>We over-engineered the engine into oblivion. Decentralization is an excellent design parameter, right up until the synchronization overhead starts eating your entire hardware compute budget.</p><p>The &quot;Aha!&quot; moment was recognizing that a granular 23-agent squad model is an unmitigated disaster for token stability. We needed to aggressively collapse the hierarchy, consolidate the windows, and stop the internal agent arguments before the system completely choked on its own context fragmentation.</p><p>The 23-agent sprawl trap is real, the token drift has been thoroughly mapped, and the container micro-roles are begging for a massive organizational purge. Act III is moving fast. Next week in Post 7, we are executing &quot;The Great Collapse&quot;&#x2014;documenting the consolidation surgery where we ruthlessly collapse the sprawl of 23 micromanaging agents down to 4 elite Lead Squads running on a unified JSON envelope schema to kill off handoff overhead for good.</p><p>See ya later. Happy tinkering!</p>]]></content:encoded></item><item><title><![CDATA[The Great Handoff Pivot: Defeating Monolithic Automation Memory Leaks]]></title><description><![CDATA[<p>Act III:Part 5 of the ThreatLabs CTI pipeline is officially on the grid, and today we&#x2019;re talking about the exact moment your automation stack chokes on its own success. It&#x2019;s the classic architectural trap: you build a single, massive, monolithic n8n workflow&#x2014;a &quot;</p>]]></description><link>https://blog.threatresearcher.com/how-to-fix-n8n-webhook-latency-and-storage-i-o-drops/</link><guid isPermaLink="false">6a51b508938eb802f3bb6354</guid><category><![CDATA[n8n]]></category><category><![CDATA[webhook]]></category><dc:creator><![CDATA[Jamz Yaneza]]></dc:creator><pubDate>Wed, 15 Jul 2026 04:00:24 GMT</pubDate><content:encoded><![CDATA[<p>Act III:Part 5 of the ThreatLabs CTI pipeline is officially on the grid, and today we&#x2019;re talking about the exact moment your automation stack chokes on its own success. It&#x2019;s the classic architectural trap: you build a single, massive, monolithic n8n workflow&#x2014;a &quot;God Bot&quot;&#x2014;and expect it to handle everything from dark web ingestion to automated report triage without losing its mind. It works fine for a couple of weeks. Then the metadata scales, concurrent data threads start colliding, and your beautiful centralized engine turns into an unmitigated infrastructure bottleneck.</p><h2 id="the-monolithic-choke-and-handoff-fatigue">The Monolithic Choke and &quot;Handoff Fatigue&quot;</h2><p>The setup seemed logical on paper: a massive unified canvas inside our newly upgraded n8n PostgreSQL backend. The ingress webhook would grab a raw text dump from a Telegram monitor loop, slam it into an analysis thread, try to pass variables to an external container, scrape a related URL, and then format an intelligence brief.</p><p>Then came the silent failures.</p><p>A high-volume feed of OSINT leaks would hit the ingress, but the monolithic workflow would still be too busy flushing a heavy MISP database cache from an earlier thread to respond. Webhooks started dropping into the ether, database locks were throwing timeout errors, and the entire hypervisor node was stuck in a high-latency loop trying to swap memory to disk.</p><p>The system was suffering from classic <em>handoff fatigue</em>. When one monolithic engine tries to micromanage twenty disparate technical tasks sequentially, a single delayed response down the line cascades into a full-scale system lockout. The physical symptom of this architectural debt? My server array was running at a noisy full-tilt scream, pulling unnecessary wattage from the wall just to process stuck execution queues.</p><h2 id="the-fix-splitting-the-monolith-into-bare-metal-lxcs">The Fix: Splitting the Monolith into Bare-Metal LXCs</h2><p>The &quot;Aha!&quot; moment happened while tracking the I/O bottleneck on the storage array. Running massive, generalized automation workers inside heavy, resource-bloated virtual machines is a massive waste of my limited power budget cap.</p><p>We needed to completely decouple the functions. Instead of one monolithic entity trying to execute everything, we broke the workflow down into small, specialized worker personas. More importantly, we yanked them out of standard full-blown VMs and migrated the entire automation layout into individual, bare-metal Proxmox Linux Containers (LXCs).</p><p>LXC bypasses the massive hypervisor virtualization overhead by using the host kernel directly, letting us claw back massive chunks of idle CPU cycles and keeping the VRAM footprint down to absolute bare-minimum metrics.</p><p>Here is how you manually spin up a lightweight, bare-metal automation worker node inside Proxmox using a clean storage pool, bypassing the usual manual setup traps:</p><pre><code class="language-bash"># Provision a clean, resource-constrained Debian LXC node directly from the host shell
# VMID: 201, Cores: 2, Memory: 2048MB, Network bound securely to cti-net
pct create 201 local:vztmpl/debian-12-standard_12.2-1_amd64.tar.zst \
  -cores 2 \
  -memory 2048 \
  -swap 512 \
  -features nesting=1 \
  -net0 name=eth0,bridge=vmbr0,tag=101,ip=dhcp \
  -storage local-zfs \
  -rootfs local-zfs:10

# Boot the container engine instantly
pct start 201</code></pre><p>Inside the container, we spin up lightweight, single-purpose worker environments. No GUI, no bloated system services, no system memory waste.</p><h2 id="decoupling-into-specialized-worker-personas">Decoupling into Specialized Worker Personas</h2><p>By moving to this bare-metal container architecture, we established a strict handoff protocol between separate, hyper-focused agent roles. If the ingestion worker gets slammed with 500 concurrent Telegram packets, it simply dumps them onto the database queue and exits. It doesn&apos;t wait for parsing, it doesn&apos;t care about asset routing, and it <em>never</em> blocks the ingress pipe.</p><p>We broke the workforce down into four core baseline squads:</p><ul><li><strong>The Director:</strong> The centralized traffic cop managing execution states.</li><li><strong>The Operator:</strong> Handling raw CLI tasks, network scripts, and systems patching.</li><li><strong>The Sentinel:</strong> Continuously plumbing the dark web feeds and log alerts.</li><li><strong>The Publisher:</strong> Drafting clean markdown content and triggering media assets.</li></ul><p>The rack has finally quieted down, the dropped webhooks are completely gone, and the automated pipeline doesn&apos;t skip a single beat under concurrent load. Voila!</p><p>The monolithic &quot;God Bot&quot; is officially dead, the bare-metal LXC layout is locked in, and the power bill might actually survive the month. Act III is officially rolling. Next week in Post 6, we&apos;re deep-diving into the messy reality of the &quot;20-Agent Shift&quot;&#x2014;tracking what happens when you let these micro-roles multiply a bit <em>too</em> far, leading to severe token drift and context bloat across the container fabric.</p><p>See ya later. Happy tinkering!</p>]]></content:encoded></item><item><title><![CDATA[The Enterprise Bridge: Transactional Database Unification and Compliant Outbound-Only Conduits]]></title><description><![CDATA[<p>Type-flopping into the terminal here on the Fold4, 10:42 PM, garage temperature hovering somewhere north of uncomfortable because this North Texas summer heat wave refuses to quit and the PowerEdge rack is screaming at a noisy, full-tilt whine directly behind me. Look, it&apos;s been a minute.</p><p>By</p>]]></description><link>https://blog.threatresearcher.com/migrate-n8n-to-postgresql-and-connect-cortex-xsoar-bridge/</link><guid isPermaLink="false">6a51b4ca938eb802f3bb6343</guid><category><![CDATA[PostgreSQL]]></category><category><![CDATA[Cortex]]></category><category><![CDATA[XSOAR]]></category><category><![CDATA[n8n]]></category><dc:creator><![CDATA[Jamz Yaneza]]></dc:creator><pubDate>Mon, 13 Jul 2026 03:57:27 GMT</pubDate><content:encoded><![CDATA[<p>Type-flopping into the terminal here on the Fold4, 10:42 PM, garage temperature hovering somewhere north of uncomfortable because this North Texas summer heat wave refuses to quit and the PowerEdge rack is screaming at a noisy, full-tilt whine directly behind me. Look, it&apos;s been a minute.</p><p>By March 2026, the sovereign ThreatLabs CTI stack was functionally hardened, but it was still living like an isolated island. It felt wrong. I needed a way to bridge the gap between this garage-tinkerer playground and a professional, enterprise corporate endpoint setup without dropping the lab&apos;s strict isolation boundaries or drowning in static routing debt.</p><p>Then the backend orchestration engine hit a wall under heavy threat-report ingestion loops, and the whole plan shifted from architectural aesthetics to a straight-up data restoration battle.</p><h2 id="pitfall-9-the-outbound-enterprise-compliance-wall-soar-teleport">Pitfall 9: The Outbound Enterprise Compliance Wall (SOAR &amp; Teleport)</h2><p>The challenge: Connecting a sovereign lab infrastructure straight into a corporate Cortex XSOAR tenant.</p><p>The naive approach says you just poke a hole through your network perimeter firewall, throw some dynamic DNS tracking at your residential public IP handle, and pray corporate compliance doesn&apos;t flag the erratic inbound connections. Good luck with that. The moment security compliance detects a random Texas residential node hitting enterprise API gateways, they&apos;re going to block the pipe and yank your network privileges.</p><p>The breakthrough: The Remote Engine (D1) architecture pattern. Instead of letting the corporate tenant call <em>in</em> to the garage lab, we built a dedicated outbound-only compliance conduit using a strict bridge container.</p><p>To make it professionally compliant and totally auditable, we guarded the bridge node behind Teleport running in &quot;Recording Proxy&quot; mode. Every action is logged, every API session is recorded, and the lab maintains complete isolation because the corporate perimeter never gets a look at the actual internal <code>cti-net</code> network topology. It was the exact moment this setup graduated from a simple homelab experiment into a legitimate threat intelligence factory.</p><h2 id="pitfall-10-the-n8n-sqlite-lockout-loop">Pitfall 10: The n8n SQLite Lockout Loop</h2><p>With the outbound enterprise conduit locked down, the ingestion workflows started feeding heavy TLP:AMBER threat data loops back from our crawlers.</p><p>Then came the silent failures.</p><p>A heavy thread of dark web data would hit the webhook ingress, the browser would spin, and n8n would lock up completely before spitting out a generic database timeout or connection error.</p><p>The trap: Default container configurations rely on a flat SQLite file for application persistence. SQLite is beautiful for a lightweight single-user script, but the second your orchestration flows spin up concurrent multi-agent ingestion loops, the file system slams into structural I/O bottlenecks. SQLite locks the entire file table during writes, concurrent webhook threads start colliding, and your automation engine chokes on its own data data backlog.</p><p>The workaround: Forceful migration to a transactional PostgreSQL backend tier. We unified the n8n application schemas onto a high-performance <code>infra-postgres</code> container cluster running on our local NVMe pool to eliminate the thread collisions once and for all.</p><pre><code class="language-yaml"># n8n postgresql persistence layout snippet
services:
  n8n:
    image: docker.n8n.io/n8nio/n8n:latest
    networks:
      - cti-net
    environment:
      - DB_TYPE=postgresdb
      - DB_POSTGRESDB_HOST=infra-postgres
      - DB_POSTGRESDB_PORT=5443
      - DB_POSTGRESDB_DATABASE=n8n_brain
      - DB_POSTGRESDB_USER=n8n_operator</code></pre><p>Re-up the deployment, and database lockouts are instantly eradicated. Voila!</p><h2 id="pitfall-11-the-public-wiki-mirroring-trap">Pitfall 11: The Public Wiki Mirroring Trap</h2><p>The final frustration for the week: code safety. The core repository and documentation wiki sit locally on our self-hosted Forgejo instance, but to ensure reliable offsite redundancy and coordinate updates with external collaborators, I needed a continuous mirror loop straight into a public GitHub repository.</p><p>Using standard continuous integration workflows means spinning up a blind runner that doesn&apos;t understand context, exposing plaintext credentials across systems.</p><p>The fix: A dedicated, lightweight synchronization subagent engine using a secure <code>forgejo-mcp</code> gateway loop. Wrote a strict automated janitor loop that securely handles our Git mirroring pipeline without dropping plaintext secrets onto the physical drive arrays.</p><pre><code class="language-bash">#!/bin/bash
# mirror-repo.sh: Automated sovereign-to-public synchronization engine
echo &quot;Initializing authenticated repository mirror loop...&quot;

# Hard-set local workspace handles
LOCAL_REPO_DIR=&quot;/opt/stacks/forgejo-data/repositories/threatlabs/cti-stack.git&quot;
GITHUB_TARGET=&quot;git@github.com:threatlabs-cti/mirror-stack.git&quot;

cd $LOCAL_REPO_DIR || { echo &quot;Error: Local repository directory missing.&quot;; exit 1; }

echo &quot;Pushing verified master branches to public redundancy target...&quot;
# Force outbound-only synchronization mirror string securely
git push --prune --mirror $GITHUB_TARGET

echo &quot;Synchronization complete. Redundancy array locked.&quot;</code></pre><p>Wrote a cron task to tick this janitor script over every night at 2:00 AM. No manual tracking, no plaintext token exposure, and total external repository consistency. And profit!</p><p>The enterprise bridge is up, the automation engine database tier is unified on Postgres, and our local Forgejo registry is mirroring seamlessly into the public grid. Act II is locked and loaded. Next up in Act III: The Squad Era, we&apos;re tracking what happens when we decouple our single monolithic automation logic into a sprawling workforce of 20 distinct subagents deployed entirely inside bare-metal Proxmox LXC containers to reclaim our system resource footprints.</p><p>See ya later. Happy tinkering!</p>]]></content:encoded></item><item><title><![CDATA[Hardening the Stack: Dynamic Machine Identity Injection Over Brittle Plaintext .env Files]]></title><description><![CDATA[<p>Lessons learned? There&apos;s more where that came from. The problem here is that whatever is git committed is also getting deployed ....</p><p>With the shared network provisioned and the database containers finally agreeing on port numbers, it was time to talk about security debt. The initial lab config was</p>]]></description><link>https://blog.threatresearcher.com/self-hosted-headscale-vpn-oidc-infisical-secrets-setup/</link><guid isPermaLink="false">6a51b47b938eb802f3bb6333</guid><category><![CDATA[Headscale]]></category><category><![CDATA[Infisical]]></category><category><![CDATA[VPN]]></category><dc:creator><![CDATA[Jamz Yaneza]]></dc:creator><pubDate>Sun, 12 Jul 2026 03:51:22 GMT</pubDate><content:encoded><![CDATA[<p>Lessons learned? There&apos;s more where that came from. The problem here is that whatever is git committed is also getting deployed ....</p><p>With the shared network provisioned and the database containers finally agreeing on port numbers, it was time to talk about security debt. The initial lab config was naked. Standard plaintext credentials sitting in stale text files on disk, and static OpenVPN keys that broke the second a client IP shifted. It felt wrong.</p><p>Time to move from simple, vulnerable configs to a zero-trust architecture without drowning the lab in an absolute nightmare of iptables firewall rules.</p><h2 id="pitfall-6-the-blind-cicd-overwrite">Pitfall 6: The Blind CI/CD Overwrite</h2><p>The expectation was standard DevOps laziness: &quot;CI/CD will make our lives easier, every commit automatically deploys&quot;. Wrote some basic GitHub Action runner playbooks to push changes automatically straight to the production root.</p><p>The problem? The runner was blind. It didn&apos;t care about git tracking boundaries. I&apos;d fix a database password locally on an experimental test branch, commit a minor markdown change, and&#x2014;poof&#x2014;the runner would push the experimental branch directly to the production root, overwriting our working infrastructure config with a templated draft. We were fighting ourselves.</p><p>The discovery: Environment Isolation. The runner needed to be context-aware. Wrote a branch-aware staging workaround that splits development into a separate sandbox root (<code>/opt/cti-dev</code>) while production is strictly guarded behind a main branch trigger.</p><h3 id="the-workaround-branch-aware-deployment">The Workaround: Branch-Aware Deployment</h3><pre><code class="language-bash">#!/bin/bash
# deploy-cti.sh: Context-aware pipeline routing logic
TARGET_BRANCH=&quot;${GITHUB_REF##*/}&quot;

if [ &quot;$TARGET_BRANCH&quot; == &quot;main&quot; ]; then
    echo &quot;Routing to production baseline conduit...&quot;
    DEPLOY_ROOT=&quot;/opt/stacks/cti-prod&quot;
else
    echo &quot;Sandbox branch detected ($TARGET_BRANCH). Routing to staging sandbox...&quot;
    DEPLOY_ROOT=&quot;/opt/cti-dev&quot;
fi

mkdir -p $DEPLOY_ROOT
rsync -avz --exclude=&apos;.git&apos; ./config/ $DEPLOY_ROOT/
cd $DEPLOY_ROOT &amp;&amp; docker compose up -d --remove-orphans
echo &quot;Deployment synchronized at $DEPLOY_ROOT.&quot;</code></pre><p>Sandbox problem solved. Staging happens in the sandbox, production is guarded.</p><h2 id="pitfall-7-the-static-vpn-tracking-debt">Pitfall 7: The Static VPN Tracking Debt</h2><p>Remote access was the next brittle debt wall. Running standard OpenVPN with static profiles meant port-forwarding and constant dynamic IP tracking. One IP change on a client device broke the routing tables entirely, locking out the n8n automation ingress while I was away.</p><p>The drama: Teleport vs. Headscale. Teleport is incredibly shiny, but Headscale is lean, open-source, completely self-hosted, and fits the Proxmox DNA flawlessly.</p><p>The insight: The mesh network model. Re-routing our coordinator automation traffic through a dedicated Headscale node on LXC 137 allowed the stack to bridge from VLAN 107 (IoT) to VLAN 101 (CTI) via authenticated identity rules, not brittle network firewall parameters.</p><h3 id="the-blueprint">The Blueprint</h3>
<!--kg-card-begin: html-->
<div class="mermaid">
graph LR
    subgraph Sovereign Mesh
    Client[Remote Client Device] --&gt;|OIDC Identity Auth| HS[Headscale VPN LXC 137]
    HS --&gt;|Secure Tunnel| CTI[CTI Stack Space VLAN 101]
    end
</div>
<!--kg-card-end: html-->
<p>Zero-Trust isn&apos;t just an enterprise buzzword; it&apos;s the only way to scale orchestration access without losing your mind in a tangled mess of static routing tables.</p><h2 id="pitfall-8-stale-text-files-and-plain-text-env-leaks">Pitfall 8: Stale Text Files and plain-text <code>.env</code> Leaks</h2><p>The final frontier for the week: the public repository trap. &quot;The repository is public, my <code>.env</code> files are private&#x2014;how do I bridge them without committing a credential to source control by mistake?&quot;. Worse, managing 10+ identical plaintext configuration files across different Proxmox nodes was a certified recipe for sync failures.</p><p>The breakthrough: Machine Identities. Wrote off text file management entirely, deployed a self-hosted Infisical instance, and moved directly to runtime environment injection.</p><p>The gold standard of server hardening is never writing a password to a physical host disk at all&#x2014;securely authenticating the node instance itself via token-free local identity verification to pull what it needs at initialization.</p><pre><code class="language-bash"># Verify the Infisical machine identity handle token offline
infisical login --method=universal-auth \
  --client-id=$INFISICAL_CLIENT_ID \
  --client-secret=$INFISICAL_CLIENT_SECRET

# Inject secrets straight into the container memory footprint at startup
infisical run --env=production -- docker compose up -d</code></pre><p>And profit! Plaintext configurations completely expunged from the file system.</p><p>The stack is officially hardened, the automatic deployments are context-aware, and the plain text credentials have been wiped from the drive matrix. Act II is locked down. Next up in Post 4, we&apos;re building the enterprise SOAR bridge and migrating our n8n automation cluster database directly onto a PostgreSQL transactional storage tier to stop database lockouts under heavy thread loads.</p><p>See ya later. Happy tinkering!</p>]]></content:encoded></item><item><title><![CDATA[Taming the Ports: Debugging Infinite Redirect Loops and Paranoiac Wazuh Deployments]]></title><description><![CDATA[<p>It&#x2019;s going on 10:23 PM, and it looks like I&apos;m making good time kicking these entries out.</p><p><a href="https://blog.threatresearcher.com/how-to-setup-sovereign-threat-intel-fabric-using-docker/" rel="noreferrer">Act I:Part 1</a> of the sovereign ThreatLabs CTI stack continues, but today we&apos;re talking about what happens right after you build the network roads and</p>]]></description><link>https://blog.threatresearcher.com/fix-nginx-port-loops-and-wazuh-san-ssl-cert-errors/</link><guid isPermaLink="false">6a51b421938eb802f3bb6321</guid><category><![CDATA[Wazuh]]></category><category><![CDATA[nginx]]></category><category><![CDATA[SSL]]></category><category><![CDATA[MISP]]></category><category><![CDATA[OOM]]></category><dc:creator><![CDATA[Jamz Yaneza]]></dc:creator><pubDate>Sat, 11 Jul 2026 03:41:51 GMT</pubDate><content:encoded><![CDATA[<p>It&#x2019;s going on 10:23 PM, and it looks like I&apos;m making good time kicking these entries out.</p><p><a href="https://blog.threatresearcher.com/how-to-setup-sovereign-threat-intel-fabric-using-docker/" rel="noreferrer">Act I:Part 1</a> of the sovereign ThreatLabs CTI stack continues, but today we&apos;re talking about what happens right after you build the network roads and the actual containers start throwing absolute tantrums. You think containerization solves your deployment hurdles, right? Wrong. The second you drop enterprise security platforms behind a prosumer Traefik ingress, reality hits you fast in the form of infinite browser spins and kernel panics.</p><p>Time to pull back the curtain on why raw systems administration tissue always trumps basic theoretical architecture.</p><h2 id="pitfall-3-the-infinite-redirect-loop-of-misp">Pitfall 3: The Infinite Redirect Loop of MISP</h2><p>So, the <code>cti-net</code> shared network was live, Docker was happy, and I fired up the MISP stack. Navigated to the interface page. Typed in the baseline credentials. Hit enter.</p><p>Browser immediately went into a loopy existential crisis before spitting back <code>ERR_TOO_MANY_REDIRECTS</code>.</p><p>Spent three hours furiously ripping apart my Traefik frontend configurations, tracking headers, and cursing under my breath. Here is the trap: Traefik was listening on external port 8443, handling the SSL termination, and passing clean traffic down to the internal proxy on port 80. But MISP&apos;s internal code is hyper-paranoid; it saw an incoming secure request but its internal Nginx webserver assumed it was supposed to be living on standard port 443. They couldn&apos;t agree on basic port reality, so they just kept bouncing the request back and forth forever.</p><p>The fix wasn&apos;t an ingress re-write&#x2014;it was forcing MISP to look at the world through our lens. You have to explicitly inject the <code>CORE_HTTPS_PORT</code> environment variable straight into the container environment so the internal app engine stops guessing.</p><pre><code class="language-yaml"># Snippet from the isolated MISP stack configuration
services:
  misp:
    image: misp-os:latest
    networks:
      - cti-net
    environment:
      - Variable_Port_Mappings=True
      # Tell MISP&apos;s internal engine exactly how the public sees it:
      - CORE_HTTPS_PORT=8443</code></pre><p>Save config. Re-up the stack. Voila! Browser settles down, the login registers instantly, and we are in.</p><h2 id="pitfall-4-the-elasticsearch-memory-hog-dilemma">Pitfall 4: The Elasticsearch Memory Hog Dilemma</h2><p>With MISP behaving, it was time to spin up the logging engine&#x2014;Elasticsearch&#x2014;to drive the indexing for TheHive and our Wazuh SIEM components. Fired it up, watched the initial process strings, and then the entire node ground to a miserable, choking crawl.</p><p>Out of Memory (OOM) killed. Standard container deployment behavior when an enterprise app hits consumer bare-metal limits.</p><p>Everyone forgets that Elasticsearch is a ravenous data hoarder. By default, it wants to allocate massive virtual memory regions and map the entire host structure directly into its heap. If your host OS kernel isn&apos;t tuned to allow massive memory allocation handles, the container drops dead on line one. Running a CTI pipeline isn&apos;t just about lazy containerized isolation&#x2014;it&apos;s deep host-level systems engineering.</p><p>Had to jump directly onto the host terminal and forcefully alter the Linux kernel configurations on the fly to support the database indexing load.</p><pre><code class="language-bash"># Temporarily patch the host kernel boundaries
sudo sysctl -w vm.max_map_count=262144

# Lock it down permanently so a power failure won&apos;t brick the stack
echo &quot;vm.max_map_count=262144&quot; | sudo tee -a /etc/sysctl.conf</code></pre><h3 id="the-ingress-media-hook">The Ingress Media Hook</h3><blockquote><strong>Tinker Note:</strong> Always set your internal ES cluster heap size explicit constraints (<code>ES_JAVA_OPTS=&quot;-Xms2g -Xmx2g&quot;</code>) inside the Compose environment definitions, or it <em>will</em> attempt to swallow every byte of RAM available in your rack space.</blockquote><h2 id="pitfall-5-the-wazuh-certificate-exception-tantrum">Pitfall 5: The Wazuh Certificate Exception Tantrum</h2><p>Then came the grand finale: adding Wazuh for centralized SIEM logging capabilities. Wazuh is rightfully paranoid; it flatly refuses to pass threat data over its internal APIs without mutual TLS (mTLS) verification.</p><p>Ran their automated certificate generation tool. Total failure.</p><p>The automated script generated default credentials bound strictly to <code>localhost</code>. But inside our internal <code>cti-net</code> fabric, the containers talk to each other using explicit hostnames like <code>wazuh.indexer</code>. The Java engine inside the platform took one look at the hostname mismatch and threw a massive <code>CertificateException</code> tantrum.</p><p>Never rely on magical black-box installation scripts when things fail. We yanked the automated tools, threw together a custom OpenSSL bash script&#x2014;<code>generate-certs.sh</code>&#x2014;and hand-crafted our own Subject Alternative Names (SANs) directly into the cryptographic extensions. Controlling the root CA yourself turns a broken deployment into an absolute security fortress.</p><pre><code class="language-bash">#!/bin/bash
# generate-certs.sh: Hand-crafting TLP-compliant mTLS certificates with strict SAN definitions
echo &quot;Generating authenticated certificates for wazuh.indexer...&quot;

# Create custom openssl configuration inline
cat &lt;&lt;EOF &gt; san.cnf
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
[req_distinguished_name]
[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth, clientAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = wazuh.indexer
DNS.2 = localhost
EOF

# Generate private key and sign the certificate with host SAN extensions
openssl req -new -newkey rsa:4096 -nodes -keyout wazuh-indexer.key \
  -out wazuh-indexer.csr -subj &quot;/CN=wazuh.indexer&quot; -config san.cnf

openssl x509 -req -in wazuh-indexer.csr -CA root-ca.crt -CAkey root-ca.key \
  -CAcreateserial -out wazuh-indexer.crt -days 365 -extensions v3_req -extfile san.cnf

echo &quot;Cryptography verified. Host alignment locked down.&quot;</code></pre><p>Injected the signed certificate files into the production volumes, restarted the deployment sequence, and the indexers initialized flawlessly on the first pass. And profit!</p><p>The infrastructure ports are officially tamed, the indexers are stable, and the internal cryptography isn&apos;t lying to itself anymore. Act I is officially wrapped up and behind us. Next month, we&apos;re moving into Act II: Zero-Trust and Secrets, mapping out how we re-routed coordination through self-hosted Headscale VPN infrastructure on LXC 137 and killed off brittle plaintext <code>.env</code> configurations via runtime Infisical dynamic machine identities.</p><p>Until then, see ya later. Happy tinkering!</p>]]></content:encoded></item><item><title><![CDATA[Building the Sovereign Foundation: Why We Had to Build the Infrastructure Roads Before the Houses]]></title><description><![CDATA[<p>It&apos;s a Saturday night but the new season doesn&apos;t start until October! Well, then, time to finally get this set of blog entries out from draft to live, instead. </p><p>The ThreatLabs CTI stack started simple enough: a standard open-source sovereign threat intelligence factory running MISP, OpenCTI,</p>]]></description><link>https://blog.threatresearcher.com/how-to-setup-sovereign-threat-intel-fabric-using-docker/</link><guid isPermaLink="false">6a51a5b7938eb802f3bb62ba</guid><category><![CDATA[Docker]]></category><category><![CDATA[Dockge]]></category><category><![CDATA[Docker Compose]]></category><dc:creator><![CDATA[Jamz Yaneza]]></dc:creator><pubDate>Sat, 11 Jul 2026 03:10:04 GMT</pubDate><content:encoded><![CDATA[<p>It&apos;s a Saturday night but the new season doesn&apos;t start until October! Well, then, time to finally get this set of blog entries out from draft to live, instead. </p><p>The ThreatLabs CTI stack started simple enough: a standard open-source sovereign threat intelligence factory running MISP, OpenCTI, TheHive, and DFIR-IRIS. It was stable, purring along beautifully over a unified layout until we tried to hook it into the cloud.</p><p>The plan was to let an n8n workflow feed unstructured dark web posts and red team scripts to a cloud LLM provider to extract indicators of compromise (IOCs) and draft intelligence briefs automatically. It worked for about a month, right up until the automated pipeline hit a report detailing a cartel&apos;s operational security practices, and the corporate API model threw a safety tantrum and refused to process it. Then it happened again on a standard threat actor TTP analysis.</p><p>Corporate cloud LLMs are trained to act like overly sensitive customer-service reps. We needed a cynical forensic analyst who doesn&apos;t flinch at raw malicious text. The conclusion was obvious but highly annoying: we had to yank the cords, go completely local, and run our own intelligence fabric on bare metal where no hyperscaler could dictate what our threat data is allowed to look like.</p><p>But before we could even load a model, we had to build the roads. And that&#x2019;s where the infrastructure design fallacies kicked down the door.</p><h2 id="pitfall-1-the-simple-network-fallacy-cti-net">Pitfall 1: The &quot;Simple&quot; Network Fallacy (<code>cti-net</code>)</h2><p>The expectation was classic homelab laziness: spin up a few separate Docker Compose stacks for each application, let them map their default bridges, and expect them to magically resolve each other by hostname.</p><p>The messy reality? Independent Compose stacks love creating isolated, siloed networks by default. TheHive couldn&#x2019;t resolve MISP, the web crawlers were blind, data handoffs were dropping webhooks like crazy, and the whole stack was yelling network timeout errors back into the logs.</p><p>We debated the classic architecture fork: a monolithic <code>docker-compose.yml</code> that wraps everything under one giant config versus totally isolated stacks. Monoliths are an absolute nightmare to maintain or update independently; pure isolation breaks the integration entirely.</p><p>The fix required a fundamental mental shift&#x2014;infrastructure has to come first. We had to manually define a shared external system network called <code>cti-net</code> across the host hypervisor space before deploying a single tool. You build the roads before you construct the houses.</p><h3 id="the-blueprint">The Blueprint</h3>
<!--kg-card-begin: html-->
<div class="mermaid">
graph TD
    subgraph Host Network Space
    External[cti-net: Shared External Network]
    end
    MISP[MISP Container] --&gt; External
    TheHive[TheHive Container] --&gt; External
    OpenCTI[OpenCTI Container] --&gt; External
    n8n[n8n Automation Ingress] --&gt; External
</div>
<!--kg-card-end: html-->
<pre><code class="language-yaml"># Manual network provision on the host command line:
# docker network create cti-net

networks:
  cti-net:
    external: true</code></pre><p>Voila! Every service now registers onto the same sovereign highway, resolving each other seamlessly by their internal container handles. Network fallacy solved. Volume permissions? That was a far uglier beast.</p><h2 id="pitfall-2-the-volume-permission-nightmare">Pitfall 2: The Volume Permission Nightmare</h2><p>Docker makes downloading enterprise software incredibly lazy, right up until you try to persist the data onto physical host disks and Linux file permissions turn into absolute hell.</p><p>When you scale a CTI stack, you&apos;re dealing with disparate upstream container standards. PostgreSQL runs natively as UID 70. ElasticSearch wants to run as UID 1000. Redis drops onto another custom UID entirely. The second you map these container directories to persistent host folders on your local NVMe storage array, the ownership structures mismatch, the deployment drops into a <code>CrashLoopBackOff</code>, and the console logs start screaming <code>Permission denied</code>.</p><p>I&apos;ve seen folk try to bypass this by blindly running <code>chmod 777</code> across their entire storage pool. Don&apos;t do that. It&#x2019;s a lazy, shameful quick-fix that completely breaks file system security and leaves your underlying infrastructure naked.</p><p>We needed automation, not manual dirty hacks. The turning point was crafting a dedicated baseline janitor script&#x2014;<code>fix-permissions.sh</code>&#x2014;that executes at the host level right before the stack is brought up. It parses our targeted database and directory layouts, forcefully aligning the host folder ownership parameters to match exactly what the internal container engines require.</p><h3 id="the-workaround-fix-permissionssh">The Workaround: <code>fix-permissions.sh</code></h3><pre><code class="language-bash">#!/bin/bash
# fix-permissions.sh: Host-level janitor script for the CTI storage layout
echo &quot;Automating volume ownership parameters for cti-net stack...&quot;

# Hard-set exact paths relative to your local storage mount
CTI_DATA_DIR=&quot;/opt/stacks/cti-data&quot;

# PostgreSQL volume alignment (UID 70)
sudo chown -R 70:70 ${CTI_DATA_DIR}/postgres

# ElasticSearch volume alignment (UID 1000)
sudo chown -R 1000:1000 ${CTI_DATA_DIR}/elasticsearch

# Redis volume alignment
sudo chown -R 999:999 ${CTI_DATA_DIR}/redis

echo &quot;Volume ownership verified. Keys to the castle distributed safely.&quot;</code></pre><p>Now, we wrap this step directly into our host deployment workflow. No manual directory tracking, no security compromises, and no more silent volume launch failures.</p><p>With the roads laid and the volume maps behaving themselves, Act I is officially on the grid. Next up in Post 2, we&#x2019;re tackling what happens when MISP and Traefik get into an existential fight over port mapping, Nginx falls into an infinite redirection loop, and ElasticSearch tries to eat every byte of system memory on the server array.</p><p>Until then, see ya later. Happy tinkering!</p>]]></content:encoded></item><item><title><![CDATA[Revamping My Homelab Network with AI Assistance: A Year with the UniFi Cloud Gateway Max (Part 1 – The Brainstorming Spark)]]></title><description><![CDATA[<p>Hey everyone, it&apos;s January 10, 2026, and looking back, it&apos;s been almost exactly a year since I unboxed that UniFi Cloud Gateway Max on January 17, 2025. What started as a quick upgrade has turned into a quiet game-changer for my setup&#x2014;mostly because life</p>]]></description><link>https://blog.threatresearcher.com/revamping-my-homelab-network-with-ai-assistance-a-year-with-the-unifi-cloud-gateway-max-part-1-the-brainstorming-spark/</link><guid isPermaLink="false">6962c8a85c00b9028f2327f1</guid><category><![CDATA[ZFS]]></category><category><![CDATA[Proxmox VE]]></category><category><![CDATA[UniFi]]></category><category><![CDATA[Dell]]></category><dc:creator><![CDATA[Jamz Yaneza]]></dc:creator><pubDate>Sat, 10 Jan 2026 22:33:26 GMT</pubDate><media:content url="https://blog.threatresearcher.com/content/images/2026/01/image.jpg" medium="image"/><content:encoded><![CDATA[<img src="https://blog.threatresearcher.com/content/images/2026/01/image.jpg" alt="Revamping My Homelab Network with AI Assistance: A Year with the UniFi Cloud Gateway Max (Part 1 &#x2013; The Brainstorming Spark)"><p>Hey everyone, it&apos;s January 10, 2026, and looking back, it&apos;s been almost exactly a year since I unboxed that UniFi Cloud Gateway Max on January 17, 2025. What started as a quick upgrade has turned into a quiet game-changer for my setup&#x2014;mostly because life got in the way and the homelab sat mostly idle for months. But now that things are calming down, I&apos;ve had time to reflect, optimize, and even lean on AI to guide the rearchitecture. This ties right into my ongoing experiments with local LLMs and AI workflows (Ollama evals, GPT-4o vs. locals, etc.)&#x2014;using chat models not just for quick answers, but to frame real decisions when time is short.<br><br>The unboxing was low-key: excited phablet-typing at low battery, but the real story is the upgrade path. I kept the old Cloud Key Gen2 Plus (UCK-G2-PLUS) since UniFi Protect was already set up perfectly&#x2014;cameras, NVR, all humming. Instead of a full migration (which bombed on my first restore attempt&#x2014;network reconfiguration fail, thumbtack reset drama), I just adopted it into the new Gateway Max as a pseudo-dedicated NVR. Smooth controller integration, offloads video processing, and keeps the main gateway focused on routing/firewall/visibility. Pro tip: Document everything&#x2014;VLANs, firewall rules, port maps. I learned that the hard way.<br><br>No AI for choosing between Cloud Gateway Max and Ultra&#x2014;that was standard research, heavily influenced by <a href="https://evanmccann.net/blog/ubiquiti/unifi-comparison-charts?referrer=grok.com&amp;ref=blog.threatresearcher.com#fnr1" rel="noreferrer">Evan McCann&apos;s excellent comparison charts</a>.  The Max&apos;s compact form, 2.5Gbps ports, and solid IDS/IPS headroom for home/SOHO fiber made it the clear pick for low upkeep.<br><br>But when it came to the deeper homelab rearchitecture&#x2014;storage pools, ZFS tweaks, degrowth from power-hungry enterprise gear&#x2014;I threw the initial prompt at several big chatbots: Perplexity, Grok, Copilot, and Gemini. Gemini Pro (specifically Gemini 3 in that session) stood out with the most comprehensive, context-aware response that built directly on my details without needing much re-prompting. It suggested ditching RAIDZ1 for striped mirrors, provided copy-paste commands, and spotted pitfalls I missed. We can dive deeper into why Gemini won (and how context size played a role) in a follow-up post&#x2014;I&apos;ll link it here once it&apos;s live. For now, the key takeaway: AI framed the whole pivot perfectly, saving me hours during a quick <em>sous vide</em> wait (because why not?). Project done, celebrated with a nice steak and a glass of Argentinian Malbec&#x2014;pure instant gratification.</p><p>Looking back at this past year, the real starting point of my homelab rearchitecture wasn&apos;t the hardware changes or the final ZFS commands&#x2014;it was a single, focused chat session with Gemini Pro (Gemini 3) in November 2025, about half a year past the time I wrapped-up the <a href="https://blog.threatresearcher.com/i-restarted-my-homelab-with-proxmox-ve-helper-scripts-and-a-phablet-part-3/" rel="noreferrer">Proxmox VE three-part series</a> (May 2025). I needed to solve a classic homelab dilemma: my existing ZFS pools (<em>basin</em>, <em>pond</em>, <em>stank</em>) were mismatched RAIDZ1 setups that throttled random-write IOPS for heavy log ingestion in Wazuh and OpenCTI, while the MD1200 DAS was a noisy, power-hungry relic I no longer needed for capacity. The goal was a cleaner, faster <em>flashpool</em> using striped mirrors, zero-downtime migration of all LXCs/VMs, and future-proofing without buying new drives.</p><p>Instead of spinning up <a href="https://blog.threatresearcher.com/n8n-in-turnkey-linux-node-js-and-in-docker/" rel="noreferrer"><em>n8n</em></a> (general workflow automation with 300+ nodes, great for complex pipelines) or <a href="https://blog.threatresearcher.com/measuring-azure-openai-gpt4o-vs-ollama-models/" rel="noreferrer"><em>Flowise</em></a> (LangChain-based low-code builder for RAG chatbots, vector search, chunking, and multi-agent flows), I just pasted my full hardware context into Gemini and let the conversation flow naturally. Modern <a href="https://blog.threatresearcher.com/extending-llama-3-8b-with-1-million-context-by-gradient/" rel="noreferrer">LLMs&apos; context windows</a> (Gemini 3 Pro supports up to 1 million input tokens, though practical chat sessions often operate effectively in the 32K&#x2013;128K range for speed) meant it remembered every detail across turns&#x2014;no re-explaining hardware, no chunking strategies, no vector DB setup. I could discuss concerns (&quot;Striped mirrors will sacrifice some capacity&#x2014;worth it?&quot;), refine aspirations (&quot;Prioritize reliability for self-hosted sec tools over bulk storage&quot;), and get grounded suggestions with built-in reasoning.</p><p>It felt like having a knowledgeable homelab partner at 2 a.m.&#x2014;when no one else in the house cares about RAID trade-offs or <em>ashift</em> values. I argued points, it pushed back with logic, and it architected the end state first (<em>flashpool</em> as the target), then handed tactical steps&#x2014;including the key storage migration I used to move every LXC (from Pi-hole to Immich) to <em>rpool</em> via Proxmox&apos;s &quot;Move Disk&quot; feature (GUI or <em>qm migrate</em> CLI).</p><p>The biggest value here isn&apos;t just code generation (though the copy-paste commands were spot-on)&#x2014;it&apos;s the shift from &quot;<em>build your own RAG pipeline</em>&quot; to instant, conversational architecture. In the past, for a similar deep dive I&apos;d spin up n8n or Flowise, requiring nodes, connectors, chunking strategies, vector DB setup, and testing loops&#x2014;hours of plumbing before you even get useful output. With modern LLMs&apos; massive context windows and native capabilities, I skipped all that. No pipeline setup, no chunking debates&#x2014;just describe the problem, argue concerns, refine aspirations, and get grounded suggestions with search grounding if needed. It feels like a 2 a.m. homelab buddy who remembers your entire setup across turns, no one else in the house needs to care.</p><p>This usability leap has opened doors for more efficient &quot;code vibing&quot; homelab projects&#x2014;iterating fast on configs, scripts, or even full services without heavy orchestration. (That&apos;s fodder for another post: what&apos;s up with Antigravity, Cursor, and Claude Code in the agentic coding space? Early 2026 vibes are wild&#x2014;Google&apos;s Antigravity as an agent-first IDE with autonomous planning/execution via Gemini 3, Cursor as the refined VS Code AI accelerator, Claude Code for terminal-deep reasoning and autonomous refactors. More on that soon.)</p><p>Here&apos;s the key part of that brainstorming flow (<em>lightly edited for readability, but preserving the back-and-forth feel&#x2014;full history attached for reference</em>). I&apos;ve pulled directly from the conversation to ground everything in truth: Gemini&apos;s suggestions were tailored to my described future requirements (high-IOPS for sec tools, single-node simplicity, power/noise reduction), and it emphasized migration to <em>rpool</em> first as a safety net.</p><p><strong>My initial prompt (dumping hardware + goals, as in chat):</strong></p><blockquote>i&apos;m rebuilding my tech stack and plan to host most everything in Proxmox VE via LXD as much as possible. this is currently in my plan: Shuffle aka Shuffler, Wazuh, OpenCTI, MISP, AIL Project</blockquote><p><strong>Gemini&apos;s response (key excerpts&#x2014;framed the strategy, split into native vs. Docker-in-LXC based on my requirements):</strong></p><blockquote>This is a highly feasible plan. You can host nearly 100% of this stack in LXC containers on Proxmox... Prioritizes the Proxmox VE Helper-Scripts... Type A: Native LXC (Best Performance) Tools: Wazuh, MISP, AIL... Type B: Docker-in-LXC (Easiest Maintenance) Tools: Shuffle, OpenCTI...</blockquote><blockquote>Wazuh (SIEM) Recommendation: Use the Community Helper Script... Command: Run the community script command in your Proxmox shell to spawn a dedicated &quot;Wazuh&quot; LXC... Allocate at least 8GB RAM...</blockquote><blockquote>Shuffle (SOAR) Recommendation: Docker-in-LXC... Use the Docker LXC helper script... Caveat: Shuffle uses Opensearch. You must set vm.max_map_count=262144 on the Proxmox Host...</blockquote><p>And so on for each tool, with detailed methods.</p><p><strong>Follow-up prompts/responses (iterating on Dockge, Podman, CasaOS&#x2014;Gemini argued against Podman for my stack, suggested Dockge):</strong></p><blockquote>User: I also previously used Portainer CE but can forego that if there is a simpler solution... I&apos;ve also started to experiment on Podman...</blockquote><blockquote>Gemini: This is a common pivot... Switch to Dockge... Why avoid Podman for Shuffle/OpenCTI? Networking Complexity... Socket Binding... Documentation... Revised Plan: ... bash -c &quot;$(wget -qO - <a href="https://github.com/community-scripts/ProxmoxVE/raw/main/ct/docker.sh?referrer=grok.com&amp;ref=blog.threatresearcher.com" rel="noopener noreferrer nofollow">https://github.com/community-scripts/ProxmoxVE/raw/main/ct/docker.sh</a>)&quot; ... curl <a href="https://raw.githubusercontent.com/louislam/dockge/master/install.sh?referrer=grok.com&amp;ref=blog.threatresearcher.com" rel="noopener noreferrer nofollow">https://raw.githubusercontent.com/louislam/dockge/master/install.sh</a> | sh</blockquote><p><strong>On TrueNAS/CasaOS/MD1200 pivot (Gemini suggested PCI passthrough for TrueNAS VM, warned on MD1200 issues like fan noise):</strong></p><blockquote>User: I&apos;m also interested in Casa OS... re-install TrueNAS Scale as a container but physically tie it to control my Dell MD1200 array...</blockquote><blockquote>Gemini: This part of your plan needs a course correction... CasaOS: Skip it, redundant with Dockge... TrueNAS Scale: Must run as VM, not container... PCI Passthrough for HBA card... Warnings for MD1200 + SSDs: Fan Noise (The &quot;Jet Engine&quot; Problem)... 6Gbps Limit... Interposers...</blockquote><p><strong>Core storage rearchitecture (the big one&#x2014;Gemini suggested migration first, then destroy/wipe/create based on my goals):</strong></p><blockquote>User: ...the script did not seem to detect the previous installation</blockquote><blockquote>Gemini: ...Before doing anything, stop the container and take a manual snapshot... Verify your Current Version: /var/ossec/bin/wazuh-control info... Manual Update Sequence: apt-get update... apt-get install --only-upgrade wazuh-indexer -y... etc.</blockquote><p>Later turns focused on pool states:</p><blockquote>Gemini: pool: basin... config: raidz1-0... (full before states as extracted)</blockquote><blockquote>After user shared zpool status: Suggest striped mirrors for flashpool, with exact create command matching my devices.</blockquote><blockquote>Migration: &quot;Use Proxmox&apos;s Move Disk in the GUI to relocate containers/VMs to rpool first&#x2014;zero downtime&#x2014;before destroying old pools.&quot;</blockquote><p>Full commands from Gemini (as I executed&#x2014;always test/back up first!):</p><blockquote>Bash</blockquote><pre><code># Migration (per container/VM)
qm config &lt;ID&gt;  # Check current disk
qm migrate &lt;ID&gt; --targetstorage rpool  # Or GUI: Hardware &gt; Disk &gt; Move Disk</code></pre><blockquote>Bash</blockquote><pre><code># Destroy (post-migration)
zpool destroy basin
zpool destroy pond
zpool destroy stank</code></pre><blockquote>Bash</blockquote><pre><code># Wipe
for disk in sdc sdd sde sdf sdg sdh sdi sdj sdk sdl sdm; do
  wipefs -af /dev/$disk
  sgdisk --zap-all /dev/$disk
done
partprobe /dev/sd[c-m]</code></pre><blockquote>Bash</blockquote><pre><code># Create flashpool
zpool create -f -o ashift=12 flashpool \
  mirror scsi-36b083fe0dffbfa002d21cca4172514ec scsi-36b083fe0dffbfa002d21ccbb187797e4 \
  mirror scsi-36b083fe0dffbfa002d21cf9227b92ed4 scsi-36b083fe0dffbfa002de694ac1f246e22 \
  mirror scsi-36b083fe0dffbfa002de694ab1f06447c scsi-36b083fe0dffbfa002de694ab1f10ce50 \
  mirror scsi-36b083fe0dffbfa002de694ac1f16b6a1 scsi-36b083fe0dffbfa002de694ac1f1e4a2c \
  mirror scsi-36b083fe0dffbfa002de694ad1f2bbbbf scsi-36b083fe0dffbfa002de694ad1f3282b5</code></pre><blockquote>Bash</blockquote><pre><code># Tuning
zfs set compression=lz4 flashpool
zfs set atime=off flashpool
zfs set xattr=sa flashpool
zfs set recordsize=64k flashpool
# Quotas for sec datasets
zfs create flashpool/sec-stack
zfs set quota=4T flashpool/sec-stack</code></pre><blockquote>Bash</blockquote><pre><code># Register
pvesm add zfs flashpool --pool flashpool --content images,rootdir --sparse 1</code></pre><p>Before/after pool states (direct from chat&#x2014;Gemini echoed my zpool status, then suggested the new config):</p><ul><li><strong>Before (<em>basin</em> example)</strong>: raidz1-0 with three drives, ONLINE.</li><li><strong>After (<em>flashpool</em>)</strong>: Five mirrors, ONLINE&#x2014;matched my SSD count for striped performance.</li></ul><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2026/01/Screenshot-2026-01-10-at-4.18.48-PM.png" class="kg-image" alt="Revamping My Homelab Network with AI Assistance: A Year with the UniFi Cloud Gateway Max (Part 1 &#x2013; The Brainstorming Spark)" loading="lazy" width="1326" height="260" srcset="https://blog.threatresearcher.com/content/images/size/w600/2026/01/Screenshot-2026-01-10-at-4.18.48-PM.png 600w, https://blog.threatresearcher.com/content/images/size/w1000/2026/01/Screenshot-2026-01-10-at-4.18.48-PM.png 1000w, https://blog.threatresearcher.com/content/images/2026/01/Screenshot-2026-01-10-at-4.18.48-PM.png 1326w" sizes="(min-width: 720px) 720px"></figure><p>This collaborative vibe&#x2014;argue, refine, confirm&#x2014;turned a potential headache into a sous-vide-session project (steak + Malbec celebration still the highlight). No RAG pipeline, no chunking debates, just instant, context-aware architecture.</p><p>The payoff? A clean <em>flashpool</em> rebuild, MD1200 shutdown (kept as optional expansion), and a lighter, more reliable homelab&#x2014;all sparked by one chat that felt collaborative, not mechanical. Sous-vide steak + Malbec celebration? Still unbeatable.</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2026/01/Screenshot-2026-01-10-at-4.16.04-PM.png" class="kg-image" alt="Revamping My Homelab Network with AI Assistance: A Year with the UniFi Cloud Gateway Max (Part 1 &#x2013; The Brainstorming Spark)" loading="lazy" width="2000" height="1301" srcset="https://blog.threatresearcher.com/content/images/size/w600/2026/01/Screenshot-2026-01-10-at-4.16.04-PM.png 600w, https://blog.threatresearcher.com/content/images/size/w1000/2026/01/Screenshot-2026-01-10-at-4.16.04-PM.png 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2026/01/Screenshot-2026-01-10-at-4.16.04-PM.png 1600w, https://blog.threatresearcher.com/content/images/2026/01/Screenshot-2026-01-10-at-4.16.04-PM.png 2000w" sizes="(min-width: 720px) 720px"></figure><p>In a follow-up, we&apos;ll compare why Gemini Pro edged out Perplexity/Grok/Copilot here (context retention, native tools), and tease more on emerging coding agents. </p><p>Drop your own 2 a.m. AI partner moment below&#x2014;what&apos;s the wildest late-night homelab win you&apos;ve had with chat alone? &#x1F604;</p>]]></content:encoded></item><item><title><![CDATA[Waiting for the Home Assistant CLI to be ready...]]></title><description><![CDATA[<p>Let me start by saying that I&apos;ve figured out a repeatable way to get around this issue which had stumped me all week! And, here&apos;s the proof:</p><figure class="kg-card kg-gallery-card kg-width-wide"><div class="kg-gallery-container"><div class="kg-gallery-row"><div class="kg-gallery-image"><img src="https://blog.threatresearcher.com/content/images/2025/09/Screenshot_20250907_154944_Gallery.jpg" width="2000" height="781" loading="lazy" alt srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/09/Screenshot_20250907_154944_Gallery.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/09/Screenshot_20250907_154944_Gallery.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/09/Screenshot_20250907_154944_Gallery.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/09/Screenshot_20250907_154944_Gallery.jpg 2316w" sizes="(min-width: 720px) 720px"></div><div class="kg-gallery-image"><img src="https://blog.threatresearcher.com/content/images/2025/09/Screenshot_20250907_155000_Gallery.jpg" width="2000" height="781" loading="lazy" alt srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/09/Screenshot_20250907_155000_Gallery.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/09/Screenshot_20250907_155000_Gallery.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/09/Screenshot_20250907_155000_Gallery.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/09/Screenshot_20250907_155000_Gallery.jpg 2316w" sizes="(min-width: 720px) 720px"></div><div class="kg-gallery-image"><img src="https://blog.threatresearcher.com/content/images/2025/09/Screenshot_20250907_155006_Gallery.jpg" width="2000" height="781" loading="lazy" alt srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/09/Screenshot_20250907_155006_Gallery.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/09/Screenshot_20250907_155006_Gallery.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/09/Screenshot_20250907_155006_Gallery.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/09/Screenshot_20250907_155006_Gallery.jpg 2316w" sizes="(min-width: 720px) 720px"></div></div></div></figure><p>Let&apos;s back up a second and talk about what happened and what got us here. Previously, these</p>]]></description><link>https://blog.threatresearcher.com/waiting-for-the-home-assistant-cli/</link><guid isPermaLink="false">68bde0bf6cf0b20284c71c46</guid><category><![CDATA[home assistant]]></category><category><![CDATA[hassos]]></category><category><![CDATA[IoT]]></category><dc:creator><![CDATA[Jamz Yaneza]]></dc:creator><pubDate>Sun, 07 Sep 2025 21:17:28 GMT</pubDate><media:content url="https://blog.threatresearcher.com/content/images/2025/09/Screenshot-2025-09-07-at-7.59.41-PM.png" medium="image"/><content:encoded><![CDATA[<img src="https://blog.threatresearcher.com/content/images/2025/09/Screenshot-2025-09-07-at-7.59.41-PM.png" alt="Waiting for the Home Assistant CLI to be ready..."><p>Let me start by saying that I&apos;ve figured out a repeatable way to get around this issue which had stumped me all week! And, here&apos;s the proof:</p><figure class="kg-card kg-gallery-card kg-width-wide"><div class="kg-gallery-container"><div class="kg-gallery-row"><div class="kg-gallery-image"><img src="https://blog.threatresearcher.com/content/images/2025/09/Screenshot_20250907_154944_Gallery.jpg" width="2000" height="781" loading="lazy" alt="Waiting for the Home Assistant CLI to be ready..." srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/09/Screenshot_20250907_154944_Gallery.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/09/Screenshot_20250907_154944_Gallery.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/09/Screenshot_20250907_154944_Gallery.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/09/Screenshot_20250907_154944_Gallery.jpg 2316w" sizes="(min-width: 720px) 720px"></div><div class="kg-gallery-image"><img src="https://blog.threatresearcher.com/content/images/2025/09/Screenshot_20250907_155000_Gallery.jpg" width="2000" height="781" loading="lazy" alt="Waiting for the Home Assistant CLI to be ready..." srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/09/Screenshot_20250907_155000_Gallery.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/09/Screenshot_20250907_155000_Gallery.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/09/Screenshot_20250907_155000_Gallery.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/09/Screenshot_20250907_155000_Gallery.jpg 2316w" sizes="(min-width: 720px) 720px"></div><div class="kg-gallery-image"><img src="https://blog.threatresearcher.com/content/images/2025/09/Screenshot_20250907_155006_Gallery.jpg" width="2000" height="781" loading="lazy" alt="Waiting for the Home Assistant CLI to be ready..." srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/09/Screenshot_20250907_155006_Gallery.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/09/Screenshot_20250907_155006_Gallery.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/09/Screenshot_20250907_155006_Gallery.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/09/Screenshot_20250907_155006_Gallery.jpg 2316w" sizes="(min-width: 720px) 720px"></div></div></div></figure><p>Let&apos;s back up a second and talk about what happened and what got us here. Previously, these things happened (not in any specific order):</p><ul><li>An urgent message was received one day from someone at home that the &quot;internet was dead&quot;. That situation was true for about a fully day overnight since it required an ISP technician to come inspect their fiber hardware. I was able to get some very minimal IoT smart devices working but nothing that needed the &quot;cloud&quot; worked.</li><li>At an average of about 11-cents/kWh the servers typically hit at $30~50/month prior to summer on-set and more than likely, due to their garage location in North Texas hea, would register more if I did a new Kill-a-Watt measurement. As it is, they&apos;re running at a noisy full-tilt instead of the normal 20% speed.</li><li> A mix of both ARM64 and AMD64 machines in a  Proxmox VE cluster is not the most optimal way to run things due to inconsistencies of storage media and other dependencies.</li><li>Recently de-clustering my high-availability setup due to the resulting heat and aforementioned cost of running a #homelab and job function change.</li><li>Wanting to find a way to setup Frigate and leverage the Coral Dual Edge TPU and PCIe 1x adapter but finding all current market options too costly or power hungry</li></ul><p>These are our current cast of characters: old laptop hand-me-downs from my now no-longer teenage son in the forms of an Acer Aspire V5-122P (AMD) and an Acer Aspire E5-576 (Intel with QuickSync). These had previously been pre-installed with Windows 7 and I had then flashed with the latest Ubuntu Desktop at the time of being received.</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/09/PXL_20250902_202114316.jpg" class="kg-image" alt="Waiting for the Home Assistant CLI to be ready..." loading="lazy" width="2000" height="1125" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/09/PXL_20250902_202114316.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/09/PXL_20250902_202114316.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/09/PXL_20250902_202114316.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/09/PXL_20250902_202114316.jpg 2000w" sizes="(min-width: 720px) 720px"></figure><p>I then followed the appropriate hardware install instructions for the official <a href="https://www.home-assistant.io/installation/generic-x86-64?ref=blog.threatresearcher.com" rel="noreferrer">Home Assistant Operating System Generic x86-64</a> which called for enabling UEFI Boot and disabling Secure Boot (because HassOS uses Buildroot and a customized version of Linux). </p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/09/Screenshot-2025-09-07-at-5.27.32-PM.png" class="kg-image" alt="Waiting for the Home Assistant CLI to be ready..." loading="lazy" width="1378" height="1616" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/09/Screenshot-2025-09-07-at-5.27.32-PM.png 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/09/Screenshot-2025-09-07-at-5.27.32-PM.png 1000w, https://blog.threatresearcher.com/content/images/2025/09/Screenshot-2025-09-07-at-5.27.32-PM.png 1378w" sizes="(min-width: 720px) 720px"></figure><blockquote>Let me digress here and mention that about two-(2) weeks prior I had been looking into converting at least one of the Nano Pi R5S into Home Assistant hosts but wasn&apos;t getting very far since I had to figure out how to merge separate Buildroot processes, one for HA and the other to incorporate the Rockchip drivers.</blockquote><p>There are some older instructions out there that talks about setting EFI and all that but in my experience those options only came into play when Secure Boot <em>was</em> enabled initially in-order for you to basically reset the options to factory defaults. But if you find yourself in a bind, then feel free to try it out just to remove variables:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/09/Screenshot-2025-09-07-at-5.31.46-PM.png" class="kg-image" alt="Waiting for the Home Assistant CLI to be ready..." loading="lazy" width="1382" height="842" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/09/Screenshot-2025-09-07-at-5.31.46-PM.png 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/09/Screenshot-2025-09-07-at-5.31.46-PM.png 1000w, https://blog.threatresearcher.com/content/images/2025/09/Screenshot-2025-09-07-at-5.31.46-PM.png 1382w" sizes="(min-width: 720px) 720px"></figure><p>I initially decided to go full steam ahead and use the Aspire E5-576 as the main HA unit and,  also, wanted it to be running Frigate, Jellyfin, Plex, and a whole host of different things to make full use of the overpowered hardware and Intel Quick Sync. However, the way HassOS is envisioned right now is that it needs to boot pristine without any other things loaded with it during the back-end Docker boot-up. Anything more than that then the installation will complain and you will get the <em>Unsupported</em> nod from Home Assistant observer and that would not be a happy experience, trust me:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/09/Screenshot-2025-09-07-at-5.36.26-PM.png" class="kg-image" alt="Waiting for the Home Assistant CLI to be ready..." loading="lazy" width="1684" height="554" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/09/Screenshot-2025-09-07-at-5.36.26-PM.png 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/09/Screenshot-2025-09-07-at-5.36.26-PM.png 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/09/Screenshot-2025-09-07-at-5.36.26-PM.png 1600w, https://blog.threatresearcher.com/content/images/2025/09/Screenshot-2025-09-07-at-5.36.26-PM.png 1684w" sizes="(min-width: 720px) 720px"></figure><p>So, I pivoted and decided to use the Acer Aspire V5-122P, which only had 500GB of storage, to instead be a sort of head-end and call the Quick Sync enabled machine remotely as a service. Those of us dabbling with AI automation will recognize this as using <em>Agents</em> that do their own autonomous activities. </p><p>But, that wasn&apos;t before I had already been hitting my head on the wall no matter what I did as a work-around to get past booting into this frustrating message: </p><figure class="kg-card kg-image-card kg-card-hascaption"><img src="https://blog.threatresearcher.com/content/images/2025/09/Screenshot_20250907_154944_Gallery-1.jpg" class="kg-image" alt="Waiting for the Home Assistant CLI to be ready..." loading="lazy" width="2000" height="781" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/09/Screenshot_20250907_154944_Gallery-1.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/09/Screenshot_20250907_154944_Gallery-1.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/09/Screenshot_20250907_154944_Gallery-1.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/09/Screenshot_20250907_154944_Gallery-1.jpg 2000w" sizes="(min-width: 720px) 720px"><figcaption><i><em class="italic" style="white-space: pre-wrap;">Waiting for the Home Assistant CLI to be ready...</em></i></figcaption></figure><p>I&apos;ve been all around the support groups and discussions and even found <a href="https://github.com/home-assistant/operating-system/issues/2272?ref=blog.threatresearcher.com" rel="noreferrer">a bug report</a>, which did give me a clue!</p><p>Within those workarounds someone talked about renaming labels and partitions and that may be true in some situations where the installation has progressed to completion. I&apos;m only repeating the post here because it taught me a little about getting a separate terminal out of HA without breaking it further: <strong>Ctrl-Alt-F2</strong></p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/09/Screenshot-2025-09-07-at-6.18.04-PM.png" class="kg-image" alt="Waiting for the Home Assistant CLI to be ready..." loading="lazy" width="1826" height="1318" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/09/Screenshot-2025-09-07-at-6.18.04-PM.png 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/09/Screenshot-2025-09-07-at-6.18.04-PM.png 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/09/Screenshot-2025-09-07-at-6.18.04-PM.png 1600w, https://blog.threatresearcher.com/content/images/2025/09/Screenshot-2025-09-07-at-6.18.04-PM.png 1826w" sizes="(min-width: 720px) 720px"></figure><p>However, the whole thing about workarounds and renaming labels falls apart because there is <strong><em>nothing to fix</em></strong>, and by that I mean that is what if the partitions and all that underlying stuff may have failed in various ways and there&apos;s nothing to operate those fixes on. The key for me was noticing the <strong><em>Dependency failed</em></strong> part of the boot process:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/09/Screenshot-2025-09-07-at-6.05.13-PM.png" class="kg-image" alt="Waiting for the Home Assistant CLI to be ready..." loading="lazy" width="848" height="402" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/09/Screenshot-2025-09-07-at-6.05.13-PM.png 600w, https://blog.threatresearcher.com/content/images/2025/09/Screenshot-2025-09-07-at-6.05.13-PM.png 848w" sizes="(min-width: 720px) 720px"></figure><p>This, my friends, was my <em>aha! moment</em>, the part where latent pieces of the boot and file structure might not have been correctly expunged from the system. </p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/09/Screenshot-2025-09-07-at-6.13.58-PM.png" class="kg-image" alt="Waiting for the Home Assistant CLI to be ready..." loading="lazy" width="1918" height="806" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/09/Screenshot-2025-09-07-at-6.13.58-PM.png 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/09/Screenshot-2025-09-07-at-6.13.58-PM.png 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/09/Screenshot-2025-09-07-at-6.13.58-PM.png 1600w, https://blog.threatresearcher.com/content/images/2025/09/Screenshot-2025-09-07-at-6.13.58-PM.png 1918w" sizes="(min-width: 720px) 720px"></figure><p>Whether it is a bug or not is debatable. What is important is that removing this part of the information is the key. So, back to the recommended <em>Method 1</em> of the official HA installation, before I restored the HassOS image I decided to wipe the disk with zero&apos;s as well as remove all partitions. </p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/09/Screenshot-2025-09-07-at-6.36.57-PM.png" class="kg-image" alt="Waiting for the Home Assistant CLI to be ready..." loading="lazy" width="1254" height="628" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/09/Screenshot-2025-09-07-at-6.36.57-PM.png 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/09/Screenshot-2025-09-07-at-6.36.57-PM.png 1000w, https://blog.threatresearcher.com/content/images/2025/09/Screenshot-2025-09-07-at-6.36.57-PM.png 1254w" sizes="(min-width: 720px) 720px"></figure><p>However, as you can see that was going to be more than a seven-(7) hour process for a 1TB disk:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/09/PXL_20250906_165733270.jpg" class="kg-image" alt="Waiting for the Home Assistant CLI to be ready..." loading="lazy" width="2000" height="1125" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/09/PXL_20250906_165733270.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/09/PXL_20250906_165733270.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/09/PXL_20250906_165733270.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/09/PXL_20250906_165733270.jpg 2000w" sizes="(min-width: 720px) 720px"></figure><blockquote>I would not fault you, dear readers, if you haven&apos;t had any digital forensic background to understand the <a href="https://en.wikipedia.org/wiki/GUID_Partition_Table?ref=blog.threatresearcher.com" rel="noreferrer">GUID Partition Table (GPT)</a> But, it should suffice to say that overwriting that minimum 1% (one percent) of the disk would be more than enough to clear out the data and disassociate most of the disk information from mapping. Back in the days of boot sector viruses this place of the disk was always under contention because it presented a way for malware to load prior to the operating system and circumvent security protections and many other shenanigans!</blockquote><p>To proof my theory, I decided to do the same data clearing for the 500GB disk on the Acer V5:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/09/Screenshot-2025-09-07-at-6.45.47-PM.png" class="kg-image" alt="Waiting for the Home Assistant CLI to be ready..." loading="lazy" width="1300" height="790" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/09/Screenshot-2025-09-07-at-6.45.47-PM.png 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/09/Screenshot-2025-09-07-at-6.45.47-PM.png 1000w, https://blog.threatresearcher.com/content/images/2025/09/Screenshot-2025-09-07-at-6.45.47-PM.png 1300w" sizes="(min-width: 720px) 720px"></figure><p>Once completing the image restore you should get a layout similar to this:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/09/Screenshot-2025-09-07-at-6.47.04-PM.png" class="kg-image" alt="Waiting for the Home Assistant CLI to be ready..." loading="lazy" width="1354" height="718" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/09/Screenshot-2025-09-07-at-6.47.04-PM.png 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/09/Screenshot-2025-09-07-at-6.47.04-PM.png 1000w, https://blog.threatresearcher.com/content/images/2025/09/Screenshot-2025-09-07-at-6.47.04-PM.png 1354w" sizes="(min-width: 720px) 720px"></figure><p>The only things to do now are to shutdown Live Ubuntu session, disconnect all external drives, connect any special hardware, boot-up, and (optionally) <a href="https://www.home-assistant.io/common-tasks/general/?ref=blog.threatresearcher.com#restoring-a-backup" rel="noreferrer">restoring from backup</a>.</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/09/Screenshot-2025-09-07-at-8.06.26-PM.png" class="kg-image" alt="Waiting for the Home Assistant CLI to be ready..." loading="lazy" width="1968" height="682" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/09/Screenshot-2025-09-07-at-8.06.26-PM.png 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/09/Screenshot-2025-09-07-at-8.06.26-PM.png 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/09/Screenshot-2025-09-07-at-8.06.26-PM.png 1600w, https://blog.threatresearcher.com/content/images/2025/09/Screenshot-2025-09-07-at-8.06.26-PM.png 1968w" sizes="(min-width: 720px) 720px"></figure><p>I&apos;m going to give it about a week of live testing for functionality as well as looking at the power consumption from the wall. If things are stable then I might just shutdown the virtualized version and stick with this laptop version. </p><p>The next step of the puzzle is how to make use of the space beyond what the default HassOS image allocates by default for itself, approximately 30GB. I&apos;m going to try to tackle that in a follow-up:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/09/Screenshot-2025-09-07-at-7.40.53-PM.png" class="kg-image" alt="Waiting for the Home Assistant CLI to be ready..." loading="lazy" width="1226" height="536" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/09/Screenshot-2025-09-07-at-7.40.53-PM.png 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/09/Screenshot-2025-09-07-at-7.40.53-PM.png 1000w, https://blog.threatresearcher.com/content/images/2025/09/Screenshot-2025-09-07-at-7.40.53-PM.png 1226w" sizes="(min-width: 720px) 720px"></figure><p>There is a mismatch somewhere in terms of what HassOS reports compared to how things are actually mapped on-disk. Here&apos;s what GParted reports from a Live Ubuntu session:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/09/Screenshot-from-2025-09-08-03-54-33.png" class="kg-image" alt="Waiting for the Home Assistant CLI to be ready..." loading="lazy" width="803" height="566" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/09/Screenshot-from-2025-09-08-03-54-33.png 600w, https://blog.threatresearcher.com/content/images/2025/09/Screenshot-from-2025-09-08-03-54-33.png 803w" sizes="(min-width: 720px) 720px"></figure><p>As can be seen, and similarly claimed during the installation process, the hassos-data partition did, in fact, expand to the rest of the disk. Why then is the built-in Disk metrics only reporting about 10GB left of free space? If you happen to come by this post and have an explanation, feel free to add it in the comments.</p><p>As for the Aspire E5, I&apos;m currently leaning towards making it into just a full blown Docker or Podman host. The reason being that if I installed Proxmox VE on top of it then I&apos;d have to contend with the extra hypervisor overhead on an already system memory challenged system. A simple Ubuntu or Debian Bookworm bare metal server installation might net me just the right amount of processing utility that I need.</p><p>See you next time.</p>]]></content:encoded></item><item><title><![CDATA[I restarted my homelab with Proxmox VE Helper-scripts and a phablet! - Part 3]]></title><description><![CDATA[<p>Welcome back, it&apos;s literally been a minute since I published <a href="https://blog.threatresearcher.com/i-restarted-my-homelab-with-proxmox-ve-helper-scripts-and-a-phablet-part-2/" rel="noreferrer"><em>Part 2</em> of this series where I found a fix for the Pi-hole NTP sync errors</a>.</p><p>I don&apos;t think there&apos;s going to be a separate need to discuss blogging on <a href="https://blog.threatresearcher.com/the-3rd-return-from-being-offline/" rel="noreferrer">Ghost via mobile</a>. It</p>]]></description><link>https://blog.threatresearcher.com/i-restarted-my-homelab-with-proxmox-ve-helper-scripts-and-a-phablet-part-3/</link><guid isPermaLink="false">682bacd35a4048028cb5b43f</guid><category><![CDATA[Proxmox VE]]></category><category><![CDATA[Homelab]]></category><category><![CDATA[LXC]]></category><dc:creator><![CDATA[Jamz Yaneza]]></dc:creator><pubDate>Mon, 19 May 2025 22:15:40 GMT</pubDate><media:content url="https://blog.threatresearcher.com/content/images/2025/05/1000018738.jpg" medium="image"/><content:encoded><![CDATA[<img src="https://blog.threatresearcher.com/content/images/2025/05/1000018738.jpg" alt="I restarted my homelab with Proxmox VE Helper-scripts and a phablet! - Part 3"><p>Welcome back, it&apos;s literally been a minute since I published <a href="https://blog.threatresearcher.com/i-restarted-my-homelab-with-proxmox-ve-helper-scripts-and-a-phablet-part-2/" rel="noreferrer"><em>Part 2</em> of this series where I found a fix for the Pi-hole NTP sync errors</a>.</p><p>I don&apos;t think there&apos;s going to be a separate need to discuss blogging on <a href="https://blog.threatresearcher.com/the-3rd-return-from-being-offline/" rel="noreferrer">Ghost via mobile</a>. It should suffice to say that copy-pasting images works better on Chrome mobile mode; you can get better native desktop-mode experience when using Firefox. The capability to flip back-and-forth seamlessly is a game changer for speed edits. I&apos;m not sure about the experience using an actual tablet like the Google Pixel Tablet or a Chromebook like the <a href="https://www.costco.com/acer-chromebook-plus-14%22-touchscreen-laptop-with-google-ai---intel-core-i3-n305---1920-x-1080---chrome-os---8gb-ram---512gb-ssd---protective-sleeve-included.product.4000252543.html?ref=blog.threatresearcher.com" rel="noreferrer">Acer Chromebook Plus 14&quot;</a> (CB514-4HT-359X) but that&apos;s going to be one of the next experiments. My final edits have been on the old MacBook Pro, whenever it&apos;s still got a charge.</p><h3 id="part-3-proxmox-ve-helper-scripts-meets-xda-developers">Part 3: Proxmox VE Helper scripts meets XDA Developers </h3><p>Let me start with the elephant in the room, why use LXC instead of using the existing Docker VMs in my current stack? Well, let&apos;s talk about that. </p><p>I&apos;ve been running MISP and OpenCTI for the longest time in a cluster for high-availability. Specifically, ElasticSearch can become unwieldy when you try to give it the best possible scenario when you&apos;ve got limited rack space expansion and a power budget cap. Essentially, because of this I&apos;m considering a re-do and clawing back resources these projects have taken over in resources. Plus, I&apos;ve recently had some bad spells with old Portainer versions that over time has given me a bad taste in the mouth. And then, from the last time I had touched edits on Docker did Podman enter the picture. So far, in the past few months this might be the direction I take if only so I can learn more about it&apos;s pitfalls and the fact it is what you would get to use in a locked-down Red Hat enterprise image. There&apos;s alot to unpack there, but my point is that I don&apos;t take this decision lightly. There&apos;s going to be a learning curve and trade-offs to be made. I&apos;ll have to be OK with that. So, this is why we&apos;re going back to individual containers in the form of LXC instead of full VMs if we don&apos;t have to.</p><p>Now, with that out of the way, a brief note on <a href="https://en.wikipedia.org/wiki/Valnet?ref=blog.threatresearcher.com#XDA" rel="noreferrer">XDA Developers</a>. Hailing from the Philippines, I&apos;ve been on the cutting edge of mobile computing since back in the Nokia days. If I couldn&apos;t get new stuff locally then I could always hop on a plane to Singapore and visit <a href="https://www.simlimsquare.com.sg/?ref=blog.threatresearcher.com" rel="noreferrer"><em>Sim Lim Square</em></a>. And, on one of these trips is where I got hold of my first <a href="https://en.wikipedia.org/wiki/O2_Xda?ref=blog.threatresearcher.com" rel="noreferrer"><strong>O2 XDA</strong></a> (and a bunch of Havaianas). Mind you, at around this time I was sporting the latest <a href="https://en.wikipedia.org/wiki/Nokia_9500_Communicator?ref=blog.threatresearcher.com" rel="noreferrer">Nokia 9500 Communicator.</a> I was ready for another form factor, let those parts sink in. Rooting and hacking bleeding edge mobile devices is how XDA and I crossed paths. Years later after transformation I really enjoy the <a href="https://www.xda-developers.com/search/?q=self-host&amp;ref=blog.threatresearcher.com" rel="noreferrer">self hosted section topics</a> for my use case.</p><p>About <a href="https://community-scripts.github.io/ProxmoxVE/?ref=blog.threatresearcher.com" rel="noreferrer">Proxmox VE Helper scripts</a>, I discovered this group while looking to experiment with lightweight versions of my homelab projects. What I would do was learn from the scripts and incorporate or improve on them for my specific use case. Now, however, I plan to use several of the templates to get things restarted based on availability and if something gets mentioned over at XDA.</p><p>I&apos;ve already showed what a basic phablet install experience and experiment looks like over in <a href="https://blog.threatresearcher.com/i-restarted-my-homelab-with-proxmox-ve-helper-scripts-and-phablet/" rel="noreferrer">Part 1 of this series</a>. Here&apos;s where I&apos;ve landed so far:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250518_193546_Chrome.jpg" class="kg-image" alt="I restarted my homelab with Proxmox VE Helper-scripts and a phablet! - Part 3" loading="lazy" width="1812" height="2176" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/05/Screenshot_20250518_193546_Chrome.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/05/Screenshot_20250518_193546_Chrome.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/05/Screenshot_20250518_193546_Chrome.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250518_193546_Chrome.jpg 1812w" sizes="(min-width: 720px) 720px"></figure><p>There&apos;s a big part of myself that cringes at the auto-numbering since my original schema was to map IP to VMID. If it matters that much later then, in theory, it should just be a matter of a backup and then restore to a specific VMID. Well, in my mind, that&apos;s how I&apos;m coping with the situation.</p><p>In Part 4, we can discuss about the use cases and groupings of what&apos;s been installed. Or, I may just launch a new series based on specific group topic projects linked stemming from here.</p><p>Happy trails.</p>]]></content:encoded></item><item><title><![CDATA[I restarted my homelab with Proxmox VE Helper-scripts and a phablet! - Part 2]]></title><description><![CDATA[<p>Strike while the iron is hot? Well, I&apos;m going to do a version of type on this phablet until it powers down because its now at 11% and hopefully not loose any content. I guess that is part of the curse when you&apos;ve got the ideas</p>]]></description><link>https://blog.threatresearcher.com/i-restarted-my-homelab-with-proxmox-ve-helper-scripts-and-a-phablet-part-2/</link><guid isPermaLink="false">682a7d765a4048028cb5b3ca</guid><category><![CDATA[Proxmox VE]]></category><category><![CDATA[ARM64]]></category><category><![CDATA[Pi-hole]]></category><category><![CDATA[NanoPi]]></category><category><![CDATA[Homelab]]></category><dc:creator><![CDATA[Jamz Yaneza]]></dc:creator><pubDate>Mon, 19 May 2025 13:48:15 GMT</pubDate><media:content url="https://blog.threatresearcher.com/content/images/2025/05/1000018739.jpg" medium="image"/><content:encoded><![CDATA[<img src="https://blog.threatresearcher.com/content/images/2025/05/1000018739.jpg" alt="I restarted my homelab with Proxmox VE Helper-scripts and a phablet! - Part 2"><p>Strike while the iron is hot? Well, I&apos;m going to do a version of type on this phablet until it powers down because its now at 11% and hopefully not loose any content. I guess that is part of the curse when you&apos;ve got the ideas and time is measured in either bars of battery or wifi strength.</p><p>In <a href="https://blog.threatresearcher.com/i-restarted-my-homelab-with-proxmox-ve-helper-scripts-and-phablet/" rel="noreferrer"><em>Part 1</em>, I talked about success in getting <em>Pihole setup on ARM64.</em></a><em> </em> There might be some other lightweight resourced projects to install or migrate later, perhaps <em>Uptime Kuma</em>?</p><h3 id="part-2-pi-hole-ntp-sync-sidequest">Part 2: Pi-hole NTP sync sidequest </h3><p>There was an <strong><em>NTP setting</em></strong> that needed to be addressed related to permissions, which by some reports is a bug or a setting that doesn&apos;t make sense depending on how you have Pihole set-up:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_190225_Firefox.jpg" class="kg-image" alt="I restarted my homelab with Proxmox VE Helper-scripts and a phablet! - Part 2" loading="lazy" width="1812" height="2176" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/05/Screenshot_20250517_190225_Firefox.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/05/Screenshot_20250517_190225_Firefox.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/05/Screenshot_20250517_190225_Firefox.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_190225_Firefox.jpg 1812w" sizes="(min-width: 720px) 720px"></figure><p>Navigate to Settings, and notice the green <strong><em>Basic</em></strong> toggle:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_185916_Firefox.jpg" class="kg-image" alt="I restarted my homelab with Proxmox VE Helper-scripts and a phablet! - Part 2" loading="lazy" width="1812" height="2176" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/05/Screenshot_20250517_185916_Firefox.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/05/Screenshot_20250517_185916_Firefox.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/05/Screenshot_20250517_185916_Firefox.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_185916_Firefox.jpg 1812w" sizes="(min-width: 720px) 720px"></figure><p>Click on this and you&apos;ll enter <strong><em>Expert</em></strong> mode:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_185923_Firefox.jpg" class="kg-image" alt="I restarted my homelab with Proxmox VE Helper-scripts and a phablet! - Part 2" loading="lazy" width="1812" height="2176" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/05/Screenshot_20250517_185923_Firefox.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/05/Screenshot_20250517_185923_Firefox.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/05/Screenshot_20250517_185923_Firefox.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_185923_Firefox.jpg 1812w" sizes="(min-width: 720px) 720px"></figure><p>A new option will then appear called <strong><em>All settings</em></strong>:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_190255_Firefox.jpg" class="kg-image" alt="I restarted my homelab with Proxmox VE Helper-scripts and a phablet! - Part 2" loading="lazy" width="1812" height="2176" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/05/Screenshot_20250517_190255_Firefox.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/05/Screenshot_20250517_190255_Firefox.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/05/Screenshot_20250517_190255_Firefox.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_190255_Firefox.jpg 1812w" sizes="(min-width: 720px) 720px"></figure><p>Within <em>All settings</em> navigate to the <strong><em>Network Time Sync</em></strong> tab and disable most of the settings:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250519_170150_Firefox.jpg" class="kg-image" alt="I restarted my homelab with Proxmox VE Helper-scripts and a phablet! - Part 2" loading="lazy" width="1812" height="2176" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/05/Screenshot_20250519_170150_Firefox.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/05/Screenshot_20250519_170150_Firefox.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/05/Screenshot_20250519_170150_Firefox.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250519_170150_Firefox.jpg 1812w" sizes="(min-width: 720px) 720px"></figure><p>The most important edit is zeroing the setting for ntp.syc.interval:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250519_170234_Firefox.jpg" class="kg-image" alt="I restarted my homelab with Proxmox VE Helper-scripts and a phablet! - Part 2" loading="lazy" width="1812" height="2176" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/05/Screenshot_20250519_170234_Firefox.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/05/Screenshot_20250519_170234_Firefox.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/05/Screenshot_20250519_170234_Firefox.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250519_170234_Firefox.jpg 1812w" sizes="(min-width: 720px) 720px"></figure><p>Save your settings and you will then notice the error alert disappear: </p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_190347_Firefox.jpg" class="kg-image" alt="I restarted my homelab with Proxmox VE Helper-scripts and a phablet! - Part 2" loading="lazy" width="1812" height="2176" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/05/Screenshot_20250517_190347_Firefox.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/05/Screenshot_20250517_190347_Firefox.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/05/Screenshot_20250517_190347_Firefox.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_190347_Firefox.jpg 1812w" sizes="(min-width: 720px) 720px"></figure><p> With that out of the way, <a href="https://blog.threatresearcher.com/i-restarted-my-homelab-with-proxmox-ve-helper-scripts-and-a-phablet-part-3/" rel="noreferrer">onward to Part 3</a>.</p><p>Yes, I&apos;m still doing my edits from the Flip4!</p>]]></content:encoded></item><item><title><![CDATA[I restarted my homelab with Proxmox VE Helper-scripts and a phablet!]]></title><description><![CDATA[<p>It&apos;s been a minute. </p><p>We&apos;ll, several months in fact since getting most of the Lab situated. &#x200B;The Unifi gateway has proven to be a useful addition to complete the end-to-end visibility for my network. I&apos;ve also walked myself back from over-engineering the access</p>]]></description><link>https://blog.threatresearcher.com/i-restarted-my-homelab-with-proxmox-ve-helper-scripts-and-phablet/</link><guid isPermaLink="false">682a62b35a4048028cb5b314</guid><category><![CDATA[Proxmox VE]]></category><category><![CDATA[ARM64]]></category><category><![CDATA[Homelab]]></category><category><![CDATA[NanoPi]]></category><category><![CDATA[Pi-hole]]></category><dc:creator><![CDATA[Jamz Yaneza]]></dc:creator><pubDate>Sun, 18 May 2025 23:49:42 GMT</pubDate><media:content url="https://blog.threatresearcher.com/content/images/2025/05/1000018736-1.jpg" medium="image"/><content:encoded><![CDATA[<img src="https://blog.threatresearcher.com/content/images/2025/05/1000018736-1.jpg" alt="I restarted my homelab with Proxmox VE Helper-scripts and a phablet!"><p>It&apos;s been a minute. </p><p>We&apos;ll, several months in fact since getting most of the Lab situated. &#x200B;The Unifi gateway has proven to be a useful addition to complete the end-to-end visibility for my network. I&apos;ve also walked myself back from over-engineering the access points, meaning to say I&apos;ve held back deploying all of the nanoHD APs and instead forced myself to find the house layout and leverage the Unifi Designer page to map out some better configuration options given the limitations of where I can drill or line some CAT6a.</p><p>Yesterday, I looked at my simple stack of containers and decided it&apos;s about time to put back some of the tools that I&apos;ve been missing given my current job function use cases. I still have MISP and OpenCTI running and they&apos;re due for a version refresh. While Pihole and Adblocker get updated, they&apos;re no longer part of my network&apos;s flow and I&apos;ll rectify that when I transition to using the new firewall zones feature in the latest Unifi firmware. Home Assistant is running but the Frigate integration hasn&apos;t been done until I decide on a spare machine to run the Coral TPU on. Smartthings needs a configuration update since I no longer use or host a Blue Iris integration server and set of IP cameras, I&apos;ve peppered the place with cheap Wyze cameras, instead.</p><p>For today&apos;s topic, the main goals I had were:</p><ol><li>Install something that works on both of the <a href="https://blog.threatresearcher.com/installing-proxmox-ve-8-x-on-arm64-nanopi-r5s/" rel="noreferrer">NanoPi R5 installed with Proxmox VE on ARM64</a></li><li>Comb through the recent <a href="https://www.xda-developers.com/search/?q=self-host&amp;ref=blog.threatresearcher.com" rel="noreferrer">self-hosting posts from the XDA Developers</a> site and select stuff that aligned with my past and future usage goals</li><li>Decide to use individual LXC containers and leverage those that exist in <a href="https://github.com/community-scripts/ProxmoxVE?ref=blog.threatresearcher.com" rel="noreferrer">Proxmox VE Helper scripts</a> <a href="https://community-scripts.github.io/ProxmoxVE/?ref=blog.threatresearcher.com" rel="noreferrer">site</a></li><li>Forego the temptation to use Docker or Podman, but Install fresh containers for future experiments </li><li>Do all of this using my Samsung Galaxy Fold4 phone while testing the new U7 Pro Outdoor with omni-directional antennas I just installed the day before</li></ol><h3 id="part-1-nanopi-r5-with-proxmox-ve-arm64"><strong>Part 1: NanoPi R5 with Proxmox VE ARM64</strong></h3><p>This previous project is sort of a heartache for me. While I did get Proxmox VE installed, my ventures into installing a working VM and a basic OS have been unstable and mainly unusable probably due to system requirements. And, this is probably where the beauty of LXC shines due to it simply using what&apos;s already there.</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_182157_Firefox.jpg" class="kg-image" alt="I restarted my homelab with Proxmox VE Helper-scripts and a phablet!" loading="lazy" width="2000" height="1665" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/05/Screenshot_20250517_182157_Firefox.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/05/Screenshot_20250517_182157_Firefox.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/05/Screenshot_20250517_182157_Firefox.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_182157_Firefox.jpg 2000w" sizes="(min-width: 720px) 720px"></figure><p>The helper script for Pihole will fail and complain to you and suggest you use a different installation script. No need, since ARM64 is a supported architecture:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_183651_Firefox.jpg" class="kg-image" alt="I restarted my homelab with Proxmox VE Helper-scripts and a phablet!" loading="lazy" width="1812" height="2176" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/05/Screenshot_20250517_183651_Firefox.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/05/Screenshot_20250517_183651_Firefox.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/05/Screenshot_20250517_183651_Firefox.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_183651_Firefox.jpg 1812w" sizes="(min-width: 720px) 720px"></figure><p>And so, let&apos;s see if we can get Debain installed copying the basic specs from:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_182308_Firefox.jpg" class="kg-image" alt="I restarted my homelab with Proxmox VE Helper-scripts and a phablet!" loading="lazy" width="2000" height="1665" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/05/Screenshot_20250517_182308_Firefox.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/05/Screenshot_20250517_182308_Firefox.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/05/Screenshot_20250517_182308_Firefox.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_182308_Firefox.jpg 2000w" sizes="(min-width: 720px) 720px"></figure><p>But, we&apos;re going to use the default Proxmox VE container template to create it:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_182516_Firefox.jpg" class="kg-image" alt="I restarted my homelab with Proxmox VE Helper-scripts and a phablet!" loading="lazy" width="2000" height="1665" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/05/Screenshot_20250517_182516_Firefox.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/05/Screenshot_20250517_182516_Firefox.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/05/Screenshot_20250517_182516_Firefox.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_182516_Firefox.jpg 2000w" sizes="(min-width: 720px) 720px"></figure><p>This got created fine: </p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_183113_Firefox.jpg" class="kg-image" alt="I restarted my homelab with Proxmox VE Helper-scripts and a phablet!" loading="lazy" width="2000" height="1665" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/05/Screenshot_20250517_183113_Firefox.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/05/Screenshot_20250517_183113_Firefox.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/05/Screenshot_20250517_183113_Firefox.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_183113_Firefox.jpg 2000w" sizes="(min-width: 720px) 720px"></figure><p>We now have a running Debain LXC to build upon!</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_183506_Firefox.jpg" class="kg-image" alt="I restarted my homelab with Proxmox VE Helper-scripts and a phablet!" loading="lazy" width="2000" height="1665" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/05/Screenshot_20250517_183506_Firefox.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/05/Screenshot_20250517_183506_Firefox.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/05/Screenshot_20250517_183506_Firefox.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_183506_Firefox.jpg 2000w" sizes="(min-width: 720px) 720px"></figure><p>Let&apos;s use the one liner installer:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_183602_Firefox.jpg" class="kg-image" alt="I restarted my homelab with Proxmox VE Helper-scripts and a phablet!" loading="lazy" width="1812" height="2176" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/05/Screenshot_20250517_183602_Firefox.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/05/Screenshot_20250517_183602_Firefox.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/05/Screenshot_20250517_183602_Firefox.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_183602_Firefox.jpg 1812w" sizes="(min-width: 720px) 720px"></figure><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_183541_Firefox.jpg" class="kg-image" alt="I restarted my homelab with Proxmox VE Helper-scripts and a phablet!" loading="lazy" width="2000" height="1665" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/05/Screenshot_20250517_183541_Firefox.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/05/Screenshot_20250517_183541_Firefox.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/05/Screenshot_20250517_183541_Firefox.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_183541_Firefox.jpg 2000w" sizes="(min-width: 720px) 720px"></figure><p>But first, get curl installed and update packages:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_183906_Firefox.jpg" class="kg-image" alt="I restarted my homelab with Proxmox VE Helper-scripts and a phablet!" loading="lazy" width="2000" height="1665" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/05/Screenshot_20250517_183906_Firefox.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/05/Screenshot_20250517_183906_Firefox.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/05/Screenshot_20250517_183906_Firefox.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_183906_Firefox.jpg 2000w" sizes="(min-width: 720px) 720px"></figure><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_183941_Firefox.jpg" class="kg-image" alt="I restarted my homelab with Proxmox VE Helper-scripts and a phablet!" loading="lazy" width="2000" height="1665" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/05/Screenshot_20250517_183941_Firefox.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/05/Screenshot_20250517_183941_Firefox.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/05/Screenshot_20250517_183941_Firefox.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_183941_Firefox.jpg 2000w" sizes="(min-width: 720px) 720px"></figure><p>Configure the easy defaults:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_184027_Firefox.jpg" class="kg-image" alt="I restarted my homelab with Proxmox VE Helper-scripts and a phablet!" loading="lazy" width="2000" height="1665" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/05/Screenshot_20250517_184027_Firefox.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/05/Screenshot_20250517_184027_Firefox.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/05/Screenshot_20250517_184027_Firefox.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_184027_Firefox.jpg 2000w" sizes="(min-width: 720px) 720px"></figure><p>Finalize checks:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_184119_Firefox.jpg" class="kg-image" alt="I restarted my homelab with Proxmox VE Helper-scripts and a phablet!" loading="lazy" width="2000" height="1665" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/05/Screenshot_20250517_184119_Firefox.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/05/Screenshot_20250517_184119_Firefox.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/05/Screenshot_20250517_184119_Firefox.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_184119_Firefox.jpg 2000w" sizes="(min-width: 720px) 720px"></figure><p>Browse to the web address and enter credentials:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_184309_Firefox.jpg" class="kg-image" alt="I restarted my homelab with Proxmox VE Helper-scripts and a phablet!" loading="lazy" width="1812" height="2176" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/05/Screenshot_20250517_184309_Firefox.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/05/Screenshot_20250517_184309_Firefox.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/05/Screenshot_20250517_184309_Firefox.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_184309_Firefox.jpg 1812w" sizes="(min-width: 720px) 720px"></figure><p>Update the rules:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_184433_Firefox.jpg" class="kg-image" alt="I restarted my homelab with Proxmox VE Helper-scripts and a phablet!" loading="lazy" width="1812" height="2176" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/05/Screenshot_20250517_184433_Firefox.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/05/Screenshot_20250517_184433_Firefox.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/05/Screenshot_20250517_184433_Firefox.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_184433_Firefox.jpg 1812w" sizes="(min-width: 720px) 720px"></figure><p>Inspect alerts:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_184733_Firefox.jpg" class="kg-image" alt="I restarted my homelab with Proxmox VE Helper-scripts and a phablet!" loading="lazy" width="2000" height="1665" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/05/Screenshot_20250517_184733_Firefox.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/05/Screenshot_20250517_184733_Firefox.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/05/Screenshot_20250517_184733_Firefox.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_184733_Firefox.jpg 2000w" sizes="(min-width: 720px) 720px"></figure><p>This NTP sync error has a fix and sort of controversial in its implementation. So, I&apos;ll post the specific steps I had to do separately.</p><p><a href="https://blog.threatresearcher.com/i-restarted-my-homelab-with-proxmox-ve-helper-scripts-and-a-phablet-part-2/" rel="noreferrer">Stay tuned for Part 2.</a></p>]]></content:encoded></item><item><title><![CDATA[The 3rd Return from Being Offline]]></title><description><![CDATA[<p>... and we&apos;re back !!!</p><p>Today just so happened to be a standard month of setting-up shop in the new digs. Most of the boxes have been unpacked except for the holiday stuff. I don&apos;t think we knew how much decorations we&apos;d amassed over the years</p>]]></description><link>https://blog.threatresearcher.com/the-3rd-return-from-being-offline/</link><guid isPermaLink="false">67957e2cfdf42802b979ea82</guid><category><![CDATA[Ghost]]></category><category><![CDATA[UniFi]]></category><dc:creator><![CDATA[Jamz Yaneza]]></dc:creator><pubDate>Sun, 26 Jan 2025 00:50:07 GMT</pubDate><media:content url="https://blog.threatresearcher.com/content/images/2025/01/1000003368.webp" medium="image"/><content:encoded><![CDATA[<img src="https://blog.threatresearcher.com/content/images/2025/01/1000003368.webp" alt="The 3rd Return from Being Offline"><p>... and we&apos;re back !!!</p><p>Today just so happened to be a standard month of setting-up shop in the new digs. Most of the boxes have been unpacked except for the holiday stuff. I don&apos;t think we knew how much decorations we&apos;d amassed over the years and that already included having gotten rid of all the almost decade old disintegrating stuff (which had actually been great for Halloween, by the way).</p><p>The only ISP offering fiber in my area had already installed their hardware before we moved in by drilling a hole through brick straight into the middle of the living room wall which limited my options unless I wanted to make another one to feed out from the ONT modem onto CAT6A.  As much as I would have loved to forego a separate server room it felt like a blessing of silence when the <a href="https://blog.threatresearcher.com/exploring-a-used-mikrotik-ccr1036-8g-2s/" rel="noreferrer">Mikrotik router</a> was turned off. </p><p>And what did it take for me to do that? </p><p>I was hoping you&apos;d ask. But first, here&apos;s my server rack hastily recreated in the garage just to get this blog back up and running:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/02/Screenshot_20250125-183434.png" class="kg-image" alt="The 3rd Return from Being Offline" loading="lazy" width="478" height="836"></figure><p>Yes, I know, all those spaghetti cables! </p><p>What you don&apos;t see is a CAT6A shielded cable snaking 60-feet across open ground from the living room through brick. Instead, there&apos;s a black CAT6 cable coming from the UniFi 60W switch down-linked from the PoE injector of the UniFi NanoHD access point into the Mikrotik CRS328-24P-4S+RM switch. Apparently, this works via the magic of how UniFi configures Wi-Fi meshing on access points at the moment and it results in what would have been just power to instead the AP becoming a network media bridge. </p><p>I&apos;m not going to complain, the alternative is to pre-order the recently announced official UniFi Bridge, which is currently out of stock. I&apos;m probably still going to order one when it becomes available given some network stability due to the signal having to travel through layers of brick to the detached garage. Or ... I might just consider some kind of upgrade to WiFi 6E/7.</p><p>It is pretty interesting starting from scratch. I am now realizing that I had over-engineered (of course!) last time by surrounding all corners of the house with access points, even if I did turn down their transmit signals. This sort of explains why all my IoT devices still preferred to connect to the UniFi 6 Mesh that I&apos;d placed on the roof rather than the nearest access point. So, really, in terms of access point coverage less is more and only add if you really must.</p><p>In my next post I&apos;ll talk about my experience with finally getting a real UniFi Gateway onto the rack and the status of the rest of the gear as a result of that network hardware change. I&apos;ll be posting and update towards progress on hosting this Ghost blog platform on ARM64 as a result of <a href="https://blog.threatresearcher.com/installing-proxmox-ve-8-x-on-arm64-nanopi-r5s/" rel="noreferrer">my previous experiment</a>, too!</p><p>Until then, Happy New Year of the &quot;<em>Dragon</em>&quot;!</p><p></p>]]></content:encoded></item><item><title><![CDATA[Installing Proxmox VE 8.x on ARM64 (NanoPi R5s)]]></title><description><![CDATA[<p>This little journey started the night before Thanksgiving as we were packing for a long-ago planned trip to Japan. </p><p>As is my usual wont, I found myself puttering around restlessly with the <em>HomeLab </em>trying to eek out a little bit more from the little bits of hardware I had accumulated</p>]]></description><link>https://blog.threatresearcher.com/installing-proxmox-ve-8-x-on-arm64-nanopi-r5s/</link><guid isPermaLink="false">67512668bbea4302978c82be</guid><category><![CDATA[Proxmox VE]]></category><category><![CDATA[ARM64]]></category><category><![CDATA[NanoPi]]></category><dc:creator><![CDATA[Jamz Yaneza]]></dc:creator><pubDate>Thu, 05 Dec 2024 08:11:23 GMT</pubDate><media:content url="https://images.unsplash.com/photo-1500171335092-ec6cd7e90044?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wxMTc3M3wwfDF8c2VhcmNofDE1OHx8amFwYW58ZW58MHx8fHwxNzMzMzg1OTQzfDA&amp;ixlib=rb-4.0.3&amp;q=80&amp;w=2000" medium="image"/><content:encoded><![CDATA[<img src="https://images.unsplash.com/photo-1500171335092-ec6cd7e90044?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wxMTc3M3wwfDF8c2VhcmNofDE1OHx8amFwYW58ZW58MHx8fHwxNzMzMzg1OTQzfDA&amp;ixlib=rb-4.0.3&amp;q=80&amp;w=2000" alt="Installing Proxmox VE 8.x on ARM64 (NanoPi R5s)"><p>This little journey started the night before Thanksgiving as we were packing for a long-ago planned trip to Japan. </p><p>As is my usual wont, I found myself puttering around restlessly with the <em>HomeLab </em>trying to eek out a little bit more from the little bits of hardware I had accumulated since my most recent <a href="https://blog.threatresearcher.com/chatgpt-like-performance-comparisons/" rel="noreferrer">personal research project</a>. The PCIe board for the Coral Dual Edge TPU had arrived but my previous attempt at installing it was hijacked when I accidentally ended up shutting down my Proxmox VE node that was hosting several of my Docker projects &#x2013; including about one(1)-TB worth of OpenCTI metadata that hadn&apos;t had time to settle and get written correctly to disk. How was I to know that the hardware backplane on the Dell R720xd it was hosted on was going to bork and make my ZFS cluster disappear into the ether?</p><p>That unfortunate incident wasn&apos;t all too bad. At this point having all that data just happened to be not as critical or immediately usable for work stuff and I&apos;d already rebuilt the setup several ways enough that I&apos;ve got a working project fork of OpenCTI to my own to help ease the recovery and deployment process. Then, too, I&apos;ve been back to having my router, switches, and WiFi on physical machines such that my whole house network and its entertainment side of the equation are not affected. But, now, I did have a pair of <a href="https://blog.threatresearcher.com/comparing-the-ai-capabilities-of-sbcs/" rel="noreferrer">FriendlyELEC NanoPi R5s</a> sitting cold and unused and just begging to be put back into use &#x2013; not as FriendlyWrt travel routers but as Docker hosts. In fact, I mused, could I run an ARM64 version of Proxmox VE on these things?</p><p>The bigger plan, of course, was if it would also be viable to to install Proxmox VE onto a high performance AArch64/ARM64 server and see compute gains on something like Apple Silicon.</p><p>It started well enough. I was mildly surprised to know that on the latest <em>2024-10-16</em> firmware release it literally said &quot;<a href="https://wiki.friendlyelec.com/wiki/index.php/NanoPi_R5S?ref=blog.threatresearcher.com#New_System" rel="noreferrer"><em>Added Proxmox VE system</em></a>&quot;. What luck!</p><p><a href="https://wiki.friendlyelec.com/wiki/index.php/NanoPi_R5S?ref=blog.threatresearcher.com#Official_image" rel="noreferrer">Per the instructions</a>, I downloaded the <a href="http://download.friendlyelec.com/NanoPiR5S?ref=blog.threatresearcher.com" rel="noreferrer">latest Official image</a> from the link and used the <em>Flash Official OS to eMMC</em> option via TF Card.</p><p>Further perusing lead me to the &quot;<a href="https://wiki.friendlyelec.com/wiki/index.php/Getting_Started_with_Proxmox/?ref=blog.threatresearcher.com" rel="noreferrer"><em>Getting Started with Proxmox</em></a>&quot; page. I used <a href="https://etcher.balena.io/?ref=blog.threatresearcher.com" rel="noreferrer">balenaEtcher </a>to write the file onto a 32-GB SDXC card (the multi-OS version takes up about 16GB decompressed), inserted it into the TF card slot and plugged-in the power brick. And then watched from the old spare monitor connected via HDMI as the system kept booting into a loop-cycle for a few hours before I gave up, powered the whole thing down, took a nap, then left for the airport to Japan.</p><p>Returning from Nara then Osaka via Haneda to the Narita airport a few days ago, I suddenly wondered if the power brick that I&apos;d used from the UniFi Flex Mini was the culprit. My assumption was that it provided 5V/2A but to my surprise it was actually only rated for 5V/<em><strong>1000mA</strong> </em>and the boot loop immediately righted itself once I plugged in the power to an Anker Prime Power Bank. Basic TF to eMMC installation took less than a minute for each SBC, after that:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2024/12/image-10.png" class="kg-image" alt="Installing Proxmox VE 8.x on ARM64 (NanoPi R5s)" loading="lazy" width="1920" height="945" srcset="https://blog.threatresearcher.com/content/images/size/w600/2024/12/image-10.png 600w, https://blog.threatresearcher.com/content/images/size/w1000/2024/12/image-10.png 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2024/12/image-10.png 1600w, https://blog.threatresearcher.com/content/images/2024/12/image-10.png 1920w" sizes="(min-width: 720px) 720px"></figure><p>I made sure to add all the <a href="https://github.com/jiangcuo/Proxmox-Port/blob/main/help/repo.md?ref=blog.threatresearcher.com" rel="noreferrer"><em>pve8 repos</em></a> and do an initial update of everything to bring up the Proxmox VE version from 8.2.x to 8.3.0</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2024/12/image-11.png" class="kg-image" alt="Installing Proxmox VE 8.x on ARM64 (NanoPi R5s)" loading="lazy" width="1328" height="781" srcset="https://blog.threatresearcher.com/content/images/size/w600/2024/12/image-11.png 600w, https://blog.threatresearcher.com/content/images/size/w1000/2024/12/image-11.png 1000w, https://blog.threatresearcher.com/content/images/2024/12/image-11.png 1328w" sizes="(min-width: 720px) 720px"></figure><p>But, there&apos;s one other problem, I <strong><em>wanted </em></strong>ZFS. Thankfully, I was able to find the source of the <a href="https://github.com/jiangcuo/Proxmox-Port/wiki/ZFS-Installation?ref=blog.threatresearcher.com" rel="noreferrer"><em>Proxmox-Port</em></a> that FriendlyELEC had used to build their image and it had <strong><em>part </em></strong>of the installation instructions. </p><p>In the case of the NanoPi R5s, I was able to find the <a href="https://wiki.friendlyelec.com/wiki/index.php/NanoPi_R5S?ref=blog.threatresearcher.com#Install_Kernel_Headers" rel="noreferrer"><em>header information</em></a> and <a href="https://wiki.friendlyelec.com/wiki/index.php/NanoPi_R5S?ref=blog.threatresearcher.com#Update_Kernel_to_Latest_Version" rel="noreferrer"><em>kernel</em> </a>that matched it from:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2024/12/image-6.png" class="kg-image" alt="Installing Proxmox VE 8.x on ARM64 (NanoPi R5s)" loading="lazy" width="576" height="391"></figure><p>Here&apos;s that download:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2024/12/image.png" class="kg-image" alt="Installing Proxmox VE 8.x on ARM64 (NanoPi R5s)" loading="lazy" width="1042" height="221" srcset="https://blog.threatresearcher.com/content/images/size/w600/2024/12/image.png 600w, https://blog.threatresearcher.com/content/images/size/w1000/2024/12/image.png 1000w, https://blog.threatresearcher.com/content/images/2024/12/image.png 1042w" sizes="(min-width: 720px) 720px"></figure><p>I gave it a go with just the headers, initially:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2024/12/image-1.png" class="kg-image" alt="Installing Proxmox VE 8.x on ARM64 (NanoPi R5s)" loading="lazy" width="732" height="249" srcset="https://blog.threatresearcher.com/content/images/size/w600/2024/12/image-1.png 600w, https://blog.threatresearcher.com/content/images/2024/12/image-1.png 732w" sizes="(min-width: 720px) 720px"></figure><p>And discovered that ZFS wasn&apos;t loading:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2024/12/image-2.png" class="kg-image" alt="Installing Proxmox VE 8.x on ARM64 (NanoPi R5s)" loading="lazy" width="733" height="425" srcset="https://blog.threatresearcher.com/content/images/size/w600/2024/12/image-2.png 600w, https://blog.threatresearcher.com/content/images/2024/12/image-2.png 733w" sizes="(min-width: 720px) 720px"></figure><p>Checking the available kernels, I noticed that 6.1.57 wasn&apos;t even one of the available options:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2024/12/image-3.png" class="kg-image" alt="Installing Proxmox VE 8.x on ARM64 (NanoPi R5s)" loading="lazy" width="606" height="236" srcset="https://blog.threatresearcher.com/content/images/size/w600/2024/12/image-3.png 600w, https://blog.threatresearcher.com/content/images/2024/12/image-3.png 606w"></figure><p>I&apos;ll save you some tinker time and say make sure to install the Linux kernel headers and images first. Then, <a href="https://github.com/openzfs/zfs/issues/13061?ref=blog.threatresearcher.com#issuecomment-1993687049" rel="noreferrer"><em>reconfigure zfs-dkms</em></a> for good measure, and then reboot:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2024/12/image-4.png" class="kg-image" alt="Installing Proxmox VE 8.x on ARM64 (NanoPi R5s)" loading="lazy" width="610" height="362" srcset="https://blog.threatresearcher.com/content/images/size/w600/2024/12/image-4.png 600w, https://blog.threatresearcher.com/content/images/2024/12/image-4.png 610w"></figure><p>And, now this error which was sort of weird:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2024/12/image-5.png" class="kg-image" alt="Installing Proxmox VE 8.x on ARM64 (NanoPi R5s)" loading="lazy" width="611" height="48" srcset="https://blog.threatresearcher.com/content/images/size/w600/2024/12/image-5.png 600w, https://blog.threatresearcher.com/content/images/2024/12/image-5.png 611w"></figure><p>This didn&apos;t fix things all the way and I found a reference to try and do a<em> </em><a href="https://www.reddit.com/r/debian/comments/xssc9q/comment/iqq9x61/?utm_source=share&amp;utm_medium=web3x&amp;utm_name=web3xcss&amp;utm_term=1&amp;utm_content=share_button" rel="noreferrer"><em>dkms autoinstall </em></a>which would help bake-in the missing ZFS modules into the kernel. I tried two-(2) different approaches to see which sequence works best but in the end they both worked.</p><figure class="kg-card kg-image-card kg-card-hascaption"><img src="https://blog.threatresearcher.com/content/images/2024/12/image-8.png" class="kg-image" alt="Installing Proxmox VE 8.x on ARM64 (NanoPi R5s)" loading="lazy" width="842" height="193" srcset="https://blog.threatresearcher.com/content/images/size/w600/2024/12/image-8.png 600w, https://blog.threatresearcher.com/content/images/2024/12/image-8.png 842w" sizes="(min-width: 720px) 720px"><figcaption><span style="white-space: pre-wrap;">Sequence A</span></figcaption></figure><figure class="kg-card kg-image-card kg-card-hascaption"><img src="https://blog.threatresearcher.com/content/images/2024/12/image-9.png" class="kg-image" alt="Installing Proxmox VE 8.x on ARM64 (NanoPi R5s)" loading="lazy" width="833" height="289" srcset="https://blog.threatresearcher.com/content/images/size/w600/2024/12/image-9.png 600w, https://blog.threatresearcher.com/content/images/2024/12/image-9.png 833w" sizes="(min-width: 720px) 720px"><figcaption><span style="white-space: pre-wrap;">Sequence B</span></figcaption></figure><p>And profit!</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2024/12/image-7.png" class="kg-image" alt="Installing Proxmox VE 8.x on ARM64 (NanoPi R5s)" loading="lazy" width="818" height="443" srcset="https://blog.threatresearcher.com/content/images/size/w600/2024/12/image-7.png 600w, https://blog.threatresearcher.com/content/images/2024/12/image-7.png 818w" sizes="(min-width: 720px) 720px"></figure><p>Once the ZFS pool(s) are created to your liking then you can try some of the<a href="https://pve.proxmox.com/wiki/ZFS:_Tips_and_Tricks?ref=blog.threatresearcher.com" rel="noreferrer"><em> tips and tricks</em></a> to create dataset folders. Because we&apos;re dealing with ZFS, it is these dataset folders that you can map from the Proxmox VE <em>Datacenter -&gt; Storage</em> options to contain whatever image types you prefer.</p><p>My initial impression based on a quick test, from a usability standpoint, its easier to create an ARM64 virtual machine inside a standard x86 host machine than the other way around. That may simply be due to the limitations of the SBC hardware that I have on hand.</p><p>So, in summary, this works thanks to the magic of Linux and hardware cross-compatibility, and all the hard work poured over this Proxmox VE fork. I&apos;d really love to see it officially adopted and it might have even happened if large enough volume installs merited official developer support. As it is, Apple no longer makes servers; while Intel and AMD have finally caught-up to Qualcomm <a href="https://blog.threatresearcher.com/meeting-with-some-copilot-pcs-left-me-unimpressed-why/" rel="noreferrer">since I last wrote about it</a> a few months ago. </p><p>If I do find an Apple Silicon to play around with, you can be sure I&apos;m going to give this build another try and update y&apos;all. Happy tinkering!<br></p>]]></content:encoded></item><item><title><![CDATA[Large Action Models vs the Rabbit R1 (and others)]]></title><description><![CDATA[<p>The Rabbit R1 was introduced during CES 2024 and it was probably one of the promised products that helped make the the term Large Action Models (LAM) more widely known compared to mainstream Large Language Models (LLM) and,  to a degree, the future iteration which is Large <strong><em>Agentic </em></strong>Models (L<strong></strong></p>]]></description><link>https://blog.threatresearcher.com/large-action-models-vs-rabbi-r1-and-others-like-it/</link><guid isPermaLink="false">6679128bf2a71002988d68b1</guid><category><![CDATA[large action model]]></category><category><![CDATA[LLM]]></category><category><![CDATA[IoT]]></category><dc:creator><![CDATA[Jamz Yaneza]]></dc:creator><pubDate>Fri, 05 Jul 2024 23:24:00 GMT</pubDate><media:content url="https://images.unsplash.com/photo-1439436556258-1f7fab1bfd4f?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wxMTc3M3wwfDF8c2VhcmNofDE1OHx8cmFiYml0JTIwY29tcHV0ZXJ8ZW58MHx8fHwxNzIwMjIxNzc3fDA&amp;ixlib=rb-4.0.3&amp;q=80&amp;w=2000" medium="image"/><content:encoded><![CDATA[<img src="https://images.unsplash.com/photo-1439436556258-1f7fab1bfd4f?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wxMTc3M3wwfDF8c2VhcmNofDE1OHx8cmFiYml0JTIwY29tcHV0ZXJ8ZW58MHx8fHwxNzIwMjIxNzc3fDA&amp;ixlib=rb-4.0.3&amp;q=80&amp;w=2000" alt="Large Action Models vs the Rabbit R1 (and others)"><p>The Rabbit R1 was introduced during CES 2024 and it was probably one of the promised products that helped make the the term Large Action Models (LAM) more widely known compared to mainstream Large Language Models (LLM) and,  to a degree, the future iteration which is Large <strong><em>Agentic </em></strong>Models (L<strong><em>A</em></strong>M).</p><blockquote>This got me excited since this would essentially be a physical example of what an LLM stand-alone device could be. Yes, I knew it would be buggy. And, so, I pre-ordered as soon as it became possible to do so. I&apos;ll get to the unboxing later below.</blockquote><p>Rabbit notes what <a href="https://www.rabbit.tech/research?ref=blog.threatresearcher.com" rel="noreferrer">their definition</a> of what a Large Action Model as:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2024/06/image-10.png" class="kg-image" alt="Large Action Models vs the Rabbit R1 (and others)" loading="lazy" width="1352" height="602" srcset="https://blog.threatresearcher.com/content/images/size/w600/2024/06/image-10.png 600w, https://blog.threatresearcher.com/content/images/size/w1000/2024/06/image-10.png 1000w, https://blog.threatresearcher.com/content/images/2024/06/image-10.png 1352w" sizes="(min-width: 720px) 720px"></figure><p>Whereas, the newsletter<a href="https://pub.towardsai.net/whats-emerging-in-ai-autonomous-multi-agents-and-large-action-agentic-models-lams-7e882a659565?ref=blog.threatresearcher.com" rel="noreferrer"> Towards AI</a> published their mapping comparison last March of how these currently map in their estimation:</p><figure class="kg-card kg-image-card kg-card-hascaption"><img src="https://miro.medium.com/v2/resize:fit:700/1*6Iy0izXqfNDALR8Iiq-uzQ.png" class="kg-image" alt="Large Action Models vs the Rabbit R1 (and others)" loading="lazy" width="700" height="627"><figcaption><span style="white-space: pre-wrap;">Towards AI LLM vs LAM vs LAM comparison Q1 2024</span></figcaption></figure><p>However ....</p><p>I think some earlier example of agentic model reasoning</p><p>In a paper published on Arxiv towards the end of January 2024 talked about LLM Situational Awareness. One of the examples was a generated image and an action-flow based on what was seen, including a all to restock whatever was needed for refill. </p><p>The thing is, back in 2013 a similar function was available on some refrigerators as reported on <a href="https://www.cnet.com/videos/the-lg-smart-refrigerator-know-what-you-have-knows-what-you-need/?ref=blog.threatresearcher.com" rel="noreferrer"><em>CNET: The LG Smart Refrigerator know what you have, knows what you need</em></a>. But, maybe that was probably a low hanging fruit choice example. The other examples in the paper were more interesting, such as a potentially to automatically call emergency services during life threatening situations. I doubt my smart fridge, 10-years old technology as it is, would do that. But, perhaps an <a href="https://support.apple.com/en-us/108374?ref=blog.threatresearcher.com" rel="noreferrer">SOS from a smart watch</a>? Or in the case of vehicle accidents then the onboard computer (<a href="https://www.onstar.com/features/emergency-services?ref=blog.threatresearcher.com" rel="noreferrer">the old OnStar emergency services comes to mind</a>). Since everyone has a phone, then Android <a href="https://www.android.com/safety/emergency-help/emergency-location-service/?ref=blog.threatresearcher.com" rel="noreferrer">location services</a>?</p><p>My point here, being that any new use of GenAI should be showing improvements from things that already exist on many consumer devices.</p><p>Once the Rabbit R1 arrived, I let it sit on the table top for a few weeks. I gave everyone the chance to either love or pan it, as well as the developers a chance to fix the pre-release bugs they could. Today, I decided to review it. What are weekends for, right?</p><figure class="kg-card kg-embed-card kg-card-hascaption"><iframe width="200" height="113" src="https://www.youtube.com/embed/pdkP7VIBuHg?feature=oembed" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen title="Rabbit R1 - Unboxing and First Impressions"></iframe><figcaption><p><span style="white-space: pre-wrap;">Rabbit R1 - Unboxing and First Impressions</span></p></figcaption></figure><p>I found it odd that Rabbit&apos;s service link calls out to a link called VPN Proxy. Maybe its to circumvent or hedge against some network filtering? Whatever it is, the result was a wait-time to get to the log-in screen for each service. </p><p>In the case of Door Dash it wouldn&apos;t even let me in because there were &quot;numerous logins from my IP&quot;. Well, uh, oh! Me thinks that its possible that the use of that transitional VPN could be the culprit? I&apos;ll try to give it 24-hours and if it still does the same then that more or less confirms my hunch.</p><figure class="kg-card kg-image-card kg-card-hascaption"><img src="https://blog.threatresearcher.com/content/images/2024/06/image-9.png" class="kg-image" alt="Large Action Models vs the Rabbit R1 (and others)" loading="lazy" width="1034" height="1235" srcset="https://blog.threatresearcher.com/content/images/size/w600/2024/06/image-9.png 600w, https://blog.threatresearcher.com/content/images/size/w1000/2024/06/image-9.png 1000w, https://blog.threatresearcher.com/content/images/2024/06/image-9.png 1034w" sizes="(min-width: 720px) 720px"><figcaption><span style="white-space: pre-wrap;">LAM Agents</span></figcaption></figure><p>(to be continued!)</p>]]></content:encoded></item></channel></rss>