<?xml version="1.0" encoding="UTF-8"?><rss xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:atom="http://www.w3.org/2005/Atom" version="2.0" xmlns:media="http://search.yahoo.com/mrss/"><channel><title><![CDATA[(in)Secure IT]]></title><description><![CDATA[A personal blog on technology, IoT, mobile, and hot topic issues in the cybersecurity field.]]></description><link>https://blog.threatresearcher.com/</link><image><url>https://blog.threatresearcher.com/favicon.png</url><title>(in)Secure IT</title><link>https://blog.threatresearcher.com/</link></image><generator>Ghost 5.82</generator><lastBuildDate>Mon, 13 Jul 2026 20:07:36 GMT</lastBuildDate><atom:link href="https://blog.threatresearcher.com/rss/" rel="self" type="application/rss+xml"/><ttl>60</ttl><item><title><![CDATA[The Enterprise Bridge: Transactional Database Unification and Compliant Outbound-Only Conduits]]></title><description><![CDATA[<p>Type-flopping into the terminal here on the Fold4, 10:42 PM, garage temperature hovering somewhere north of uncomfortable because this North Texas summer heat wave refuses to quit and the PowerEdge rack is screaming at a noisy, full-tilt whine directly behind me. Look, it&apos;s been a minute.</p><p>By</p>]]></description><link>https://blog.threatresearcher.com/migrate-n8n-to-postgresql-and-connect-cortex-xsoar-bridge/</link><guid isPermaLink="false">6a51b4ca938eb802f3bb6343</guid><category><![CDATA[PostgreSQL]]></category><category><![CDATA[Cortex]]></category><category><![CDATA[XSOAR]]></category><category><![CDATA[n8n]]></category><dc:creator><![CDATA[Jamz Yaneza]]></dc:creator><pubDate>Mon, 13 Jul 2026 03:57:27 GMT</pubDate><content:encoded><![CDATA[<p>Type-flopping into the terminal here on the Fold4, 10:42 PM, garage temperature hovering somewhere north of uncomfortable because this North Texas summer heat wave refuses to quit and the PowerEdge rack is screaming at a noisy, full-tilt whine directly behind me. Look, it&apos;s been a minute.</p><p>By March 2026, the sovereign ThreatLabs CTI stack was functionally hardened, but it was still living like an isolated island. It felt wrong. I needed a way to bridge the gap between this garage-tinkerer playground and a professional, enterprise corporate endpoint setup without dropping the lab&apos;s strict isolation boundaries or drowning in static routing debt.</p><p>Then the backend orchestration engine hit a wall under heavy threat-report ingestion loops, and the whole plan shifted from architectural aesthetics to a straight-up data restoration battle.</p><h2 id="pitfall-9-the-outbound-enterprise-compliance-wall-soar-teleport">Pitfall 9: The Outbound Enterprise Compliance Wall (SOAR &amp; Teleport)</h2><p>The challenge: Connecting a sovereign lab infrastructure straight into a corporate Cortex XSOAR tenant.</p><p>The naive approach says you just poke a hole through your network perimeter firewall, throw some dynamic DNS tracking at your residential public IP handle, and pray corporate compliance doesn&apos;t flag the erratic inbound connections. Good luck with that. The moment security compliance detects a random Texas residential node hitting enterprise API gateways, they&apos;re going to block the pipe and yank your network privileges.</p><p>The breakthrough: The Remote Engine (D1) architecture pattern. Instead of letting the corporate tenant call <em>in</em> to the garage lab, we built a dedicated outbound-only compliance conduit using a strict bridge container.</p><p>To make it professionally compliant and totally auditable, we guarded the bridge node behind Teleport running in &quot;Recording Proxy&quot; mode. Every action is logged, every API session is recorded, and the lab maintains complete isolation because the corporate perimeter never gets a look at the actual internal <code>cti-net</code> network topology. It was the exact moment this setup graduated from a simple homelab experiment into a legitimate threat intelligence factory.</p><h2 id="pitfall-10-the-n8n-sqlite-lockout-loop">Pitfall 10: The n8n SQLite Lockout Loop</h2><p>With the outbound enterprise conduit locked down, the ingestion workflows started feeding heavy TLP:AMBER threat data loops back from our crawlers.</p><p>Then came the silent failures.</p><p>A heavy thread of dark web data would hit the webhook ingress, the browser would spin, and n8n would lock up completely before spitting out a generic database timeout or connection error.</p><p>The trap: Default container configurations rely on a flat SQLite file for application persistence. SQLite is beautiful for a lightweight single-user script, but the second your orchestration flows spin up concurrent multi-agent ingestion loops, the file system slams into structural I/O bottlenecks. SQLite locks the entire file table during writes, concurrent webhook threads start colliding, and your automation engine chokes on its own data data backlog.</p><p>The workaround: Forceful migration to a transactional PostgreSQL backend tier. We unified the n8n application schemas onto a high-performance <code>infra-postgres</code> container cluster running on our local NVMe pool to eliminate the thread collisions once and for all.</p><pre><code class="language-yaml"># n8n postgresql persistence layout snippet
services:
  n8n:
    image: docker.n8n.io/n8nio/n8n:latest
    networks:
      - cti-net
    environment:
      - DB_TYPE=postgresdb
      - DB_POSTGRESDB_HOST=infra-postgres
      - DB_POSTGRESDB_PORT=5443
      - DB_POSTGRESDB_DATABASE=n8n_brain
      - DB_POSTGRESDB_USER=n8n_operator</code></pre><p>Re-up the deployment, and database lockouts are instantly eradicated. Voila!</p><h2 id="pitfall-11-the-public-wiki-mirroring-trap">Pitfall 11: The Public Wiki Mirroring Trap</h2><p>The final frustration for the week: code safety. The core repository and documentation wiki sit locally on our self-hosted Forgejo instance, but to ensure reliable offsite redundancy and coordinate updates with external collaborators, I needed a continuous mirror loop straight into a public GitHub repository.</p><p>Using standard continuous integration workflows means spinning up a blind runner that doesn&apos;t understand context, exposing plaintext credentials across systems.</p><p>The fix: A dedicated, lightweight synchronization subagent engine using a secure <code>forgejo-mcp</code> gateway loop. Wrote a strict automated janitor loop that securely handles our Git mirroring pipeline without dropping plaintext secrets onto the physical drive arrays.</p><pre><code class="language-bash">#!/bin/bash
# mirror-repo.sh: Automated sovereign-to-public synchronization engine
echo &quot;Initializing authenticated repository mirror loop...&quot;

# Hard-set local workspace handles
LOCAL_REPO_DIR=&quot;/opt/stacks/forgejo-data/repositories/threatlabs/cti-stack.git&quot;
GITHUB_TARGET=&quot;git@github.com:threatlabs-cti/mirror-stack.git&quot;

cd $LOCAL_REPO_DIR || { echo &quot;Error: Local repository directory missing.&quot;; exit 1; }

echo &quot;Pushing verified master branches to public redundancy target...&quot;
# Force outbound-only synchronization mirror string securely
git push --prune --mirror $GITHUB_TARGET

echo &quot;Synchronization complete. Redundancy array locked.&quot;</code></pre><p>Wrote a cron task to tick this janitor script over every night at 2:00 AM. No manual tracking, no plaintext token exposure, and total external repository consistency. And profit!</p><p>The enterprise bridge is up, the automation engine database tier is unified on Postgres, and our local Forgejo registry is mirroring seamlessly into the public grid. Act II is locked and loaded. Next up in Act III: The Squad Era, we&apos;re tracking what happens when we decouple our single monolithic automation logic into a sprawling workforce of 20 distinct subagents deployed entirely inside bare-metal Proxmox LXC containers to reclaim our system resource footprints.</p><p>See ya later. Happy tinkering!</p>]]></content:encoded></item><item><title><![CDATA[Hardening the Stack: Dynamic Machine Identity Injection Over Brittle Plaintext .env Files]]></title><description><![CDATA[<p>Lessons learned? There&apos;s more where that came from. The problem here is that whatever is git committed is also getting deployed ....</p><p>With the shared network provisioned and the database containers finally agreeing on port numbers, it was time to talk about security debt. The initial lab config was</p>]]></description><link>https://blog.threatresearcher.com/self-hosted-headscale-vpn-oidc-infisical-secrets-setup/</link><guid isPermaLink="false">6a51b47b938eb802f3bb6333</guid><category><![CDATA[Headscale]]></category><category><![CDATA[Infisical]]></category><category><![CDATA[VPN]]></category><dc:creator><![CDATA[Jamz Yaneza]]></dc:creator><pubDate>Sun, 12 Jul 2026 03:51:22 GMT</pubDate><content:encoded><![CDATA[<p>Lessons learned? There&apos;s more where that came from. The problem here is that whatever is git committed is also getting deployed ....</p><p>With the shared network provisioned and the database containers finally agreeing on port numbers, it was time to talk about security debt. The initial lab config was naked. Standard plaintext credentials sitting in stale text files on disk, and static OpenVPN keys that broke the second a client IP shifted. It felt wrong.</p><p>Time to move from simple, vulnerable configs to a zero-trust architecture without drowning the lab in an absolute nightmare of iptables firewall rules.</p><h2 id="pitfall-6-the-blind-cicd-overwrite">Pitfall 6: The Blind CI/CD Overwrite</h2><p>The expectation was standard DevOps laziness: &quot;CI/CD will make our lives easier, every commit automatically deploys&quot;. Wrote some basic GitHub Action runner playbooks to push changes automatically straight to the production root.</p><p>The problem? The runner was blind. It didn&apos;t care about git tracking boundaries. I&apos;d fix a database password locally on an experimental test branch, commit a minor markdown change, and&#x2014;poof&#x2014;the runner would push the experimental branch directly to the production root, overwriting our working infrastructure config with a templated draft. We were fighting ourselves.</p><p>The discovery: Environment Isolation. The runner needed to be context-aware. Wrote a branch-aware staging workaround that splits development into a separate sandbox root (<code>/opt/cti-dev</code>) while production is strictly guarded behind a main branch trigger.</p><h3 id="the-workaround-branch-aware-deployment">The Workaround: Branch-Aware Deployment</h3><pre><code class="language-bash">#!/bin/bash
# deploy-cti.sh: Context-aware pipeline routing logic
TARGET_BRANCH=&quot;${GITHUB_REF##*/}&quot;

if [ &quot;$TARGET_BRANCH&quot; == &quot;main&quot; ]; then
    echo &quot;Routing to production baseline conduit...&quot;
    DEPLOY_ROOT=&quot;/opt/stacks/cti-prod&quot;
else
    echo &quot;Sandbox branch detected ($TARGET_BRANCH). Routing to staging sandbox...&quot;
    DEPLOY_ROOT=&quot;/opt/cti-dev&quot;
fi

mkdir -p $DEPLOY_ROOT
rsync -avz --exclude=&apos;.git&apos; ./config/ $DEPLOY_ROOT/
cd $DEPLOY_ROOT &amp;&amp; docker compose up -d --remove-orphans
echo &quot;Deployment synchronized at $DEPLOY_ROOT.&quot;</code></pre><p>Sandbox problem solved. Staging happens in the sandbox, production is guarded.</p><h2 id="pitfall-7-the-static-vpn-tracking-debt">Pitfall 7: The Static VPN Tracking Debt</h2><p>Remote access was the next brittle debt wall. Running standard OpenVPN with static profiles meant port-forwarding and constant dynamic IP tracking. One IP change on a client device broke the routing tables entirely, locking out the n8n automation ingress while I was away.</p><p>The drama: Teleport vs. Headscale. Teleport is incredibly shiny, but Headscale is lean, open-source, completely self-hosted, and fits the Proxmox DNA flawlessly.</p><p>The insight: The mesh network model. Re-routing our coordinator automation traffic through a dedicated Headscale node on LXC 137 allowed the stack to bridge from VLAN 107 (IoT) to VLAN 101 (CTI) via authenticated identity rules, not brittle network firewall parameters.</p><h3 id="the-blueprint">The Blueprint</h3>
<!--kg-card-begin: html-->
<div class="mermaid">
graph LR
    subgraph Sovereign Mesh
    Client[Remote Client Device] --&gt;|OIDC Identity Auth| HS[Headscale VPN LXC 137]
    HS --&gt;|Secure Tunnel| CTI[CTI Stack Space VLAN 101]
    end
</div>
<!--kg-card-end: html-->
<p>Zero-Trust isn&apos;t just an enterprise buzzword; it&apos;s the only way to scale orchestration access without losing your mind in a tangled mess of static routing tables.</p><h2 id="pitfall-8-stale-text-files-and-plain-text-env-leaks">Pitfall 8: Stale Text Files and plain-text <code>.env</code> Leaks</h2><p>The final frontier for the week: the public repository trap. &quot;The repository is public, my <code>.env</code> files are private&#x2014;how do I bridge them without committing a credential to source control by mistake?&quot;. Worse, managing 10+ identical plaintext configuration files across different Proxmox nodes was a certified recipe for sync failures.</p><p>The breakthrough: Machine Identities. Wrote off text file management entirely, deployed a self-hosted Infisical instance, and moved directly to runtime environment injection.</p><p>The gold standard of server hardening is never writing a password to a physical host disk at all&#x2014;securely authenticating the node instance itself via token-free local identity verification to pull what it needs at initialization.</p><pre><code class="language-bash"># Verify the Infisical machine identity handle token offline
infisical login --method=universal-auth \
  --client-id=$INFISICAL_CLIENT_ID \
  --client-secret=$INFISICAL_CLIENT_SECRET

# Inject secrets straight into the container memory footprint at startup
infisical run --env=production -- docker compose up -d</code></pre><p>And profit! Plaintext configurations completely expunged from the file system.</p><p>The stack is officially hardened, the automatic deployments are context-aware, and the plain text credentials have been wiped from the drive matrix. Act II is locked down. Next up in Post 4, we&apos;re building the enterprise SOAR bridge and migrating our n8n automation cluster database directly onto a PostgreSQL transactional storage tier to stop database lockouts under heavy thread loads.</p><p>See ya later. Happy tinkering!</p>]]></content:encoded></item><item><title><![CDATA[Taming the Ports: Debugging Infinite Redirect Loops and Paranoiac Wazuh Deployments]]></title><description><![CDATA[<p>It&#x2019;s going on 10:23 PM, and it looks like I&apos;m making good time kicking these entries out.</p><p><a href="https://blog.threatresearcher.com/how-to-setup-sovereign-threat-intel-fabric-using-docker/" rel="noreferrer">Act I:Part 1</a> of the sovereign ThreatLabs CTI stack continues, but today we&apos;re talking about what happens right after you build the network roads and</p>]]></description><link>https://blog.threatresearcher.com/fix-nginx-port-loops-and-wazuh-san-ssl-cert-errors/</link><guid isPermaLink="false">6a51b421938eb802f3bb6321</guid><category><![CDATA[Wazuh]]></category><category><![CDATA[nginx]]></category><category><![CDATA[SSL]]></category><category><![CDATA[MISP]]></category><category><![CDATA[OOM]]></category><dc:creator><![CDATA[Jamz Yaneza]]></dc:creator><pubDate>Sat, 11 Jul 2026 03:41:51 GMT</pubDate><content:encoded><![CDATA[<p>It&#x2019;s going on 10:23 PM, and it looks like I&apos;m making good time kicking these entries out.</p><p><a href="https://blog.threatresearcher.com/how-to-setup-sovereign-threat-intel-fabric-using-docker/" rel="noreferrer">Act I:Part 1</a> of the sovereign ThreatLabs CTI stack continues, but today we&apos;re talking about what happens right after you build the network roads and the actual containers start throwing absolute tantrums. You think containerization solves your deployment hurdles, right? Wrong. The second you drop enterprise security platforms behind a prosumer Traefik ingress, reality hits you fast in the form of infinite browser spins and kernel panics.</p><p>Time to pull back the curtain on why raw systems administration tissue always trumps basic theoretical architecture.</p><h2 id="pitfall-3-the-infinite-redirect-loop-of-misp">Pitfall 3: The Infinite Redirect Loop of MISP</h2><p>So, the <code>cti-net</code> shared network was live, Docker was happy, and I fired up the MISP stack. Navigated to the interface page. Typed in the baseline credentials. Hit enter.</p><p>Browser immediately went into a loopy existential crisis before spitting back <code>ERR_TOO_MANY_REDIRECTS</code>.</p><p>Spent three hours furiously ripping apart my Traefik frontend configurations, tracking headers, and cursing under my breath. Here is the trap: Traefik was listening on external port 8443, handling the SSL termination, and passing clean traffic down to the internal proxy on port 80. But MISP&apos;s internal code is hyper-paranoid; it saw an incoming secure request but its internal Nginx webserver assumed it was supposed to be living on standard port 443. They couldn&apos;t agree on basic port reality, so they just kept bouncing the request back and forth forever.</p><p>The fix wasn&apos;t an ingress re-write&#x2014;it was forcing MISP to look at the world through our lens. You have to explicitly inject the <code>CORE_HTTPS_PORT</code> environment variable straight into the container environment so the internal app engine stops guessing.</p><pre><code class="language-yaml"># Snippet from the isolated MISP stack configuration
services:
  misp:
    image: misp-os:latest
    networks:
      - cti-net
    environment:
      - Variable_Port_Mappings=True
      # Tell MISP&apos;s internal engine exactly how the public sees it:
      - CORE_HTTPS_PORT=8443</code></pre><p>Save config. Re-up the stack. Voila! Browser settles down, the login registers instantly, and we are in.</p><h2 id="pitfall-4-the-elasticsearch-memory-hog-dilemma">Pitfall 4: The Elasticsearch Memory Hog Dilemma</h2><p>With MISP behaving, it was time to spin up the logging engine&#x2014;Elasticsearch&#x2014;to drive the indexing for TheHive and our Wazuh SIEM components. Fired it up, watched the initial process strings, and then the entire node ground to a miserable, choking crawl.</p><p>Out of Memory (OOM) killed. Standard container deployment behavior when an enterprise app hits consumer bare-metal limits.</p><p>Everyone forgets that Elasticsearch is a ravenous data hoarder. By default, it wants to allocate massive virtual memory regions and map the entire host structure directly into its heap. If your host OS kernel isn&apos;t tuned to allow massive memory allocation handles, the container drops dead on line one. Running a CTI pipeline isn&apos;t just about lazy containerized isolation&#x2014;it&apos;s deep host-level systems engineering.</p><p>Had to jump directly onto the host terminal and forcefully alter the Linux kernel configurations on the fly to support the database indexing load.</p><pre><code class="language-bash"># Temporarily patch the host kernel boundaries
sudo sysctl -w vm.max_map_count=262144

# Lock it down permanently so a power failure won&apos;t brick the stack
echo &quot;vm.max_map_count=262144&quot; | sudo tee -a /etc/sysctl.conf</code></pre><h3 id="the-ingress-media-hook">The Ingress Media Hook</h3><blockquote><strong>Tinker Note:</strong> Always set your internal ES cluster heap size explicit constraints (<code>ES_JAVA_OPTS=&quot;-Xms2g -Xmx2g&quot;</code>) inside the Compose environment definitions, or it <em>will</em> attempt to swallow every byte of RAM available in your rack space.</blockquote><h2 id="pitfall-5-the-wazuh-certificate-exception-tantrum">Pitfall 5: The Wazuh Certificate Exception Tantrum</h2><p>Then came the grand finale: adding Wazuh for centralized SIEM logging capabilities. Wazuh is rightfully paranoid; it flatly refuses to pass threat data over its internal APIs without mutual TLS (mTLS) verification.</p><p>Ran their automated certificate generation tool. Total failure.</p><p>The automated script generated default credentials bound strictly to <code>localhost</code>. But inside our internal <code>cti-net</code> fabric, the containers talk to each other using explicit hostnames like <code>wazuh.indexer</code>. The Java engine inside the platform took one look at the hostname mismatch and threw a massive <code>CertificateException</code> tantrum.</p><p>Never rely on magical black-box installation scripts when things fail. We yanked the automated tools, threw together a custom OpenSSL bash script&#x2014;<code>generate-certs.sh</code>&#x2014;and hand-crafted our own Subject Alternative Names (SANs) directly into the cryptographic extensions. Controlling the root CA yourself turns a broken deployment into an absolute security fortress.</p><pre><code class="language-bash">#!/bin/bash
# generate-certs.sh: Hand-crafting TLP-compliant mTLS certificates with strict SAN definitions
echo &quot;Generating authenticated certificates for wazuh.indexer...&quot;

# Create custom openssl configuration inline
cat &lt;&lt;EOF &gt; san.cnf
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
[req_distinguished_name]
[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth, clientAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = wazuh.indexer
DNS.2 = localhost
EOF

# Generate private key and sign the certificate with host SAN extensions
openssl req -new -newkey rsa:4096 -nodes -keyout wazuh-indexer.key \
  -out wazuh-indexer.csr -subj &quot;/CN=wazuh.indexer&quot; -config san.cnf

openssl x509 -req -in wazuh-indexer.csr -CA root-ca.crt -CAkey root-ca.key \
  -CAcreateserial -out wazuh-indexer.crt -days 365 -extensions v3_req -extfile san.cnf

echo &quot;Cryptography verified. Host alignment locked down.&quot;</code></pre><p>Injected the signed certificate files into the production volumes, restarted the deployment sequence, and the indexers initialized flawlessly on the first pass. And profit!</p><p>The infrastructure ports are officially tamed, the indexers are stable, and the internal cryptography isn&apos;t lying to itself anymore. Act I is officially wrapped up and behind us. Next month, we&apos;re moving into Act II: Zero-Trust and Secrets, mapping out how we re-routed coordination through self-hosted Headscale VPN infrastructure on LXC 137 and killed off brittle plaintext <code>.env</code> configurations via runtime Infisical dynamic machine identities.</p><p>Until then, see ya later. Happy tinkering!</p>]]></content:encoded></item><item><title><![CDATA[Building the Sovereign Foundation: Why We Had to Build the Infrastructure Roads Before the Houses]]></title><description><![CDATA[<p>It&apos;s a Saturday night but the new season doesn&apos;t start until October! Well, then, time to finally get this set of blog entries out from draft to live, instead. </p><p>The ThreatLabs CTI stack started simple enough: a standard open-source sovereign threat intelligence factory running MISP, OpenCTI,</p>]]></description><link>https://blog.threatresearcher.com/how-to-setup-sovereign-threat-intel-fabric-using-docker/</link><guid isPermaLink="false">6a51a5b7938eb802f3bb62ba</guid><category><![CDATA[Docker]]></category><category><![CDATA[Dockge]]></category><category><![CDATA[Docker Compose]]></category><dc:creator><![CDATA[Jamz Yaneza]]></dc:creator><pubDate>Sat, 11 Jul 2026 03:10:04 GMT</pubDate><content:encoded><![CDATA[<p>It&apos;s a Saturday night but the new season doesn&apos;t start until October! Well, then, time to finally get this set of blog entries out from draft to live, instead. </p><p>The ThreatLabs CTI stack started simple enough: a standard open-source sovereign threat intelligence factory running MISP, OpenCTI, TheHive, and DFIR-IRIS. It was stable, purring along beautifully over a unified layout until we tried to hook it into the cloud.</p><p>The plan was to let an n8n workflow feed unstructured dark web posts and red team scripts to a cloud LLM provider to extract indicators of compromise (IOCs) and draft intelligence briefs automatically. It worked for about a month, right up until the automated pipeline hit a report detailing a cartel&apos;s operational security practices, and the corporate API model threw a safety tantrum and refused to process it. Then it happened again on a standard threat actor TTP analysis.</p><p>Corporate cloud LLMs are trained to act like overly sensitive customer-service reps. We needed a cynical forensic analyst who doesn&apos;t flinch at raw malicious text. The conclusion was obvious but highly annoying: we had to yank the cords, go completely local, and run our own intelligence fabric on bare metal where no hyperscaler could dictate what our threat data is allowed to look like.</p><p>But before we could even load a model, we had to build the roads. And that&#x2019;s where the infrastructure design fallacies kicked down the door.</p><h2 id="pitfall-1-the-simple-network-fallacy-cti-net">Pitfall 1: The &quot;Simple&quot; Network Fallacy (<code>cti-net</code>)</h2><p>The expectation was classic homelab laziness: spin up a few separate Docker Compose stacks for each application, let them map their default bridges, and expect them to magically resolve each other by hostname.</p><p>The messy reality? Independent Compose stacks love creating isolated, siloed networks by default. TheHive couldn&#x2019;t resolve MISP, the web crawlers were blind, data handoffs were dropping webhooks like crazy, and the whole stack was yelling network timeout errors back into the logs.</p><p>We debated the classic architecture fork: a monolithic <code>docker-compose.yml</code> that wraps everything under one giant config versus totally isolated stacks. Monoliths are an absolute nightmare to maintain or update independently; pure isolation breaks the integration entirely.</p><p>The fix required a fundamental mental shift&#x2014;infrastructure has to come first. We had to manually define a shared external system network called <code>cti-net</code> across the host hypervisor space before deploying a single tool. You build the roads before you construct the houses.</p><h3 id="the-blueprint">The Blueprint</h3>
<!--kg-card-begin: html-->
<div class="mermaid">
graph TD
    subgraph Host Network Space
    External[cti-net: Shared External Network]
    end
    MISP[MISP Container] --&gt; External
    TheHive[TheHive Container] --&gt; External
    OpenCTI[OpenCTI Container] --&gt; External
    n8n[n8n Automation Ingress] --&gt; External
</div>
<!--kg-card-end: html-->
<pre><code class="language-yaml"># Manual network provision on the host command line:
# docker network create cti-net

networks:
  cti-net:
    external: true</code></pre><p>Voila! Every service now registers onto the same sovereign highway, resolving each other seamlessly by their internal container handles. Network fallacy solved. Volume permissions? That was a far uglier beast.</p><h2 id="pitfall-2-the-volume-permission-nightmare">Pitfall 2: The Volume Permission Nightmare</h2><p>Docker makes downloading enterprise software incredibly lazy, right up until you try to persist the data onto physical host disks and Linux file permissions turn into absolute hell.</p><p>When you scale a CTI stack, you&apos;re dealing with disparate upstream container standards. PostgreSQL runs natively as UID 70. ElasticSearch wants to run as UID 1000. Redis drops onto another custom UID entirely. The second you map these container directories to persistent host folders on your local NVMe storage array, the ownership structures mismatch, the deployment drops into a <code>CrashLoopBackOff</code>, and the console logs start screaming <code>Permission denied</code>.</p><p>I&apos;ve seen folk try to bypass this by blindly running <code>chmod 777</code> across their entire storage pool. Don&apos;t do that. It&#x2019;s a lazy, shameful quick-fix that completely breaks file system security and leaves your underlying infrastructure naked.</p><p>We needed automation, not manual dirty hacks. The turning point was crafting a dedicated baseline janitor script&#x2014;<code>fix-permissions.sh</code>&#x2014;that executes at the host level right before the stack is brought up. It parses our targeted database and directory layouts, forcefully aligning the host folder ownership parameters to match exactly what the internal container engines require.</p><h3 id="the-workaround-fix-permissionssh">The Workaround: <code>fix-permissions.sh</code></h3><pre><code class="language-bash">#!/bin/bash
# fix-permissions.sh: Host-level janitor script for the CTI storage layout
echo &quot;Automating volume ownership parameters for cti-net stack...&quot;

# Hard-set exact paths relative to your local storage mount
CTI_DATA_DIR=&quot;/opt/stacks/cti-data&quot;

# PostgreSQL volume alignment (UID 70)
sudo chown -R 70:70 ${CTI_DATA_DIR}/postgres

# ElasticSearch volume alignment (UID 1000)
sudo chown -R 1000:1000 ${CTI_DATA_DIR}/elasticsearch

# Redis volume alignment
sudo chown -R 999:999 ${CTI_DATA_DIR}/redis

echo &quot;Volume ownership verified. Keys to the castle distributed safely.&quot;</code></pre><p>Now, we wrap this step directly into our host deployment workflow. No manual directory tracking, no security compromises, and no more silent volume launch failures.</p><p>With the roads laid and the volume maps behaving themselves, Act I is officially on the grid. Next up in Post 2, we&#x2019;re tackling what happens when MISP and Traefik get into an existential fight over port mapping, Nginx falls into an infinite redirection loop, and ElasticSearch tries to eat every byte of system memory on the server array.</p><p>Until then, see ya later. Happy tinkering!</p>]]></content:encoded></item><item><title><![CDATA[Revamping My Homelab Network with AI Assistance: A Year with the UniFi Cloud Gateway Max (Part 1 – The Brainstorming Spark)]]></title><description><![CDATA[<p>Hey everyone, it&apos;s January 10, 2026, and looking back, it&apos;s been almost exactly a year since I unboxed that UniFi Cloud Gateway Max on January 17, 2025. What started as a quick upgrade has turned into a quiet game-changer for my setup&#x2014;mostly because life</p>]]></description><link>https://blog.threatresearcher.com/revamping-my-homelab-network-with-ai-assistance-a-year-with-the-unifi-cloud-gateway-max-part-1-the-brainstorming-spark/</link><guid isPermaLink="false">6962c8a85c00b9028f2327f1</guid><category><![CDATA[ZFS]]></category><category><![CDATA[Proxmox VE]]></category><category><![CDATA[UniFi]]></category><category><![CDATA[Dell]]></category><dc:creator><![CDATA[Jamz Yaneza]]></dc:creator><pubDate>Sat, 10 Jan 2026 22:33:26 GMT</pubDate><media:content url="https://blog.threatresearcher.com/content/images/2026/01/image.jpg" medium="image"/><content:encoded><![CDATA[<img src="https://blog.threatresearcher.com/content/images/2026/01/image.jpg" alt="Revamping My Homelab Network with AI Assistance: A Year with the UniFi Cloud Gateway Max (Part 1 &#x2013; The Brainstorming Spark)"><p>Hey everyone, it&apos;s January 10, 2026, and looking back, it&apos;s been almost exactly a year since I unboxed that UniFi Cloud Gateway Max on January 17, 2025. What started as a quick upgrade has turned into a quiet game-changer for my setup&#x2014;mostly because life got in the way and the homelab sat mostly idle for months. But now that things are calming down, I&apos;ve had time to reflect, optimize, and even lean on AI to guide the rearchitecture. This ties right into my ongoing experiments with local LLMs and AI workflows (Ollama evals, GPT-4o vs. locals, etc.)&#x2014;using chat models not just for quick answers, but to frame real decisions when time is short.<br><br>The unboxing was low-key: excited phablet-typing at low battery, but the real story is the upgrade path. I kept the old Cloud Key Gen2 Plus (UCK-G2-PLUS) since UniFi Protect was already set up perfectly&#x2014;cameras, NVR, all humming. Instead of a full migration (which bombed on my first restore attempt&#x2014;network reconfiguration fail, thumbtack reset drama), I just adopted it into the new Gateway Max as a pseudo-dedicated NVR. Smooth controller integration, offloads video processing, and keeps the main gateway focused on routing/firewall/visibility. Pro tip: Document everything&#x2014;VLANs, firewall rules, port maps. I learned that the hard way.<br><br>No AI for choosing between Cloud Gateway Max and Ultra&#x2014;that was standard research, heavily influenced by <a href="https://evanmccann.net/blog/ubiquiti/unifi-comparison-charts?referrer=grok.com&amp;ref=blog.threatresearcher.com#fnr1" rel="noreferrer">Evan McCann&apos;s excellent comparison charts</a>.  The Max&apos;s compact form, 2.5Gbps ports, and solid IDS/IPS headroom for home/SOHO fiber made it the clear pick for low upkeep.<br><br>But when it came to the deeper homelab rearchitecture&#x2014;storage pools, ZFS tweaks, degrowth from power-hungry enterprise gear&#x2014;I threw the initial prompt at several big chatbots: Perplexity, Grok, Copilot, and Gemini. Gemini Pro (specifically Gemini 3 in that session) stood out with the most comprehensive, context-aware response that built directly on my details without needing much re-prompting. It suggested ditching RAIDZ1 for striped mirrors, provided copy-paste commands, and spotted pitfalls I missed. We can dive deeper into why Gemini won (and how context size played a role) in a follow-up post&#x2014;I&apos;ll link it here once it&apos;s live. For now, the key takeaway: AI framed the whole pivot perfectly, saving me hours during a quick <em>sous vide</em> wait (because why not?). Project done, celebrated with a nice steak and a glass of Argentinian Malbec&#x2014;pure instant gratification.</p><p>Looking back at this past year, the real starting point of my homelab rearchitecture wasn&apos;t the hardware changes or the final ZFS commands&#x2014;it was a single, focused chat session with Gemini Pro (Gemini 3) in November 2025, about half a year past the time I wrapped-up the <a href="https://blog.threatresearcher.com/i-restarted-my-homelab-with-proxmox-ve-helper-scripts-and-a-phablet-part-3/" rel="noreferrer">Proxmox VE three-part series</a> (May 2025). I needed to solve a classic homelab dilemma: my existing ZFS pools (<em>basin</em>, <em>pond</em>, <em>stank</em>) were mismatched RAIDZ1 setups that throttled random-write IOPS for heavy log ingestion in Wazuh and OpenCTI, while the MD1200 DAS was a noisy, power-hungry relic I no longer needed for capacity. The goal was a cleaner, faster <em>flashpool</em> using striped mirrors, zero-downtime migration of all LXCs/VMs, and future-proofing without buying new drives.</p><p>Instead of spinning up <a href="https://blog.threatresearcher.com/n8n-in-turnkey-linux-node-js-and-in-docker/" rel="noreferrer"><em>n8n</em></a> (general workflow automation with 300+ nodes, great for complex pipelines) or <a href="https://blog.threatresearcher.com/measuring-azure-openai-gpt4o-vs-ollama-models/" rel="noreferrer"><em>Flowise</em></a> (LangChain-based low-code builder for RAG chatbots, vector search, chunking, and multi-agent flows), I just pasted my full hardware context into Gemini and let the conversation flow naturally. Modern <a href="https://blog.threatresearcher.com/extending-llama-3-8b-with-1-million-context-by-gradient/" rel="noreferrer">LLMs&apos; context windows</a> (Gemini 3 Pro supports up to 1 million input tokens, though practical chat sessions often operate effectively in the 32K&#x2013;128K range for speed) meant it remembered every detail across turns&#x2014;no re-explaining hardware, no chunking strategies, no vector DB setup. I could discuss concerns (&quot;Striped mirrors will sacrifice some capacity&#x2014;worth it?&quot;), refine aspirations (&quot;Prioritize reliability for self-hosted sec tools over bulk storage&quot;), and get grounded suggestions with built-in reasoning.</p><p>It felt like having a knowledgeable homelab partner at 2 a.m.&#x2014;when no one else in the house cares about RAID trade-offs or <em>ashift</em> values. I argued points, it pushed back with logic, and it architected the end state first (<em>flashpool</em> as the target), then handed tactical steps&#x2014;including the key storage migration I used to move every LXC (from Pi-hole to Immich) to <em>rpool</em> via Proxmox&apos;s &quot;Move Disk&quot; feature (GUI or <em>qm migrate</em> CLI).</p><p>The biggest value here isn&apos;t just code generation (though the copy-paste commands were spot-on)&#x2014;it&apos;s the shift from &quot;<em>build your own RAG pipeline</em>&quot; to instant, conversational architecture. In the past, for a similar deep dive I&apos;d spin up n8n or Flowise, requiring nodes, connectors, chunking strategies, vector DB setup, and testing loops&#x2014;hours of plumbing before you even get useful output. With modern LLMs&apos; massive context windows and native capabilities, I skipped all that. No pipeline setup, no chunking debates&#x2014;just describe the problem, argue concerns, refine aspirations, and get grounded suggestions with search grounding if needed. It feels like a 2 a.m. homelab buddy who remembers your entire setup across turns, no one else in the house needs to care.</p><p>This usability leap has opened doors for more efficient &quot;code vibing&quot; homelab projects&#x2014;iterating fast on configs, scripts, or even full services without heavy orchestration. (That&apos;s fodder for another post: what&apos;s up with Antigravity, Cursor, and Claude Code in the agentic coding space? Early 2026 vibes are wild&#x2014;Google&apos;s Antigravity as an agent-first IDE with autonomous planning/execution via Gemini 3, Cursor as the refined VS Code AI accelerator, Claude Code for terminal-deep reasoning and autonomous refactors. More on that soon.)</p><p>Here&apos;s the key part of that brainstorming flow (<em>lightly edited for readability, but preserving the back-and-forth feel&#x2014;full history attached for reference</em>). I&apos;ve pulled directly from the conversation to ground everything in truth: Gemini&apos;s suggestions were tailored to my described future requirements (high-IOPS for sec tools, single-node simplicity, power/noise reduction), and it emphasized migration to <em>rpool</em> first as a safety net.</p><p><strong>My initial prompt (dumping hardware + goals, as in chat):</strong></p><blockquote>i&apos;m rebuilding my tech stack and plan to host most everything in Proxmox VE via LXD as much as possible. this is currently in my plan: Shuffle aka Shuffler, Wazuh, OpenCTI, MISP, AIL Project</blockquote><p><strong>Gemini&apos;s response (key excerpts&#x2014;framed the strategy, split into native vs. Docker-in-LXC based on my requirements):</strong></p><blockquote>This is a highly feasible plan. You can host nearly 100% of this stack in LXC containers on Proxmox... Prioritizes the Proxmox VE Helper-Scripts... Type A: Native LXC (Best Performance) Tools: Wazuh, MISP, AIL... Type B: Docker-in-LXC (Easiest Maintenance) Tools: Shuffle, OpenCTI...</blockquote><blockquote>Wazuh (SIEM) Recommendation: Use the Community Helper Script... Command: Run the community script command in your Proxmox shell to spawn a dedicated &quot;Wazuh&quot; LXC... Allocate at least 8GB RAM...</blockquote><blockquote>Shuffle (SOAR) Recommendation: Docker-in-LXC... Use the Docker LXC helper script... Caveat: Shuffle uses Opensearch. You must set vm.max_map_count=262144 on the Proxmox Host...</blockquote><p>And so on for each tool, with detailed methods.</p><p><strong>Follow-up prompts/responses (iterating on Dockge, Podman, CasaOS&#x2014;Gemini argued against Podman for my stack, suggested Dockge):</strong></p><blockquote>User: I also previously used Portainer CE but can forego that if there is a simpler solution... I&apos;ve also started to experiment on Podman...</blockquote><blockquote>Gemini: This is a common pivot... Switch to Dockge... Why avoid Podman for Shuffle/OpenCTI? Networking Complexity... Socket Binding... Documentation... Revised Plan: ... bash -c &quot;$(wget -qO - <a href="https://github.com/community-scripts/ProxmoxVE/raw/main/ct/docker.sh?referrer=grok.com&amp;ref=blog.threatresearcher.com" rel="noopener noreferrer nofollow">https://github.com/community-scripts/ProxmoxVE/raw/main/ct/docker.sh</a>)&quot; ... curl <a href="https://raw.githubusercontent.com/louislam/dockge/master/install.sh?referrer=grok.com&amp;ref=blog.threatresearcher.com" rel="noopener noreferrer nofollow">https://raw.githubusercontent.com/louislam/dockge/master/install.sh</a> | sh</blockquote><p><strong>On TrueNAS/CasaOS/MD1200 pivot (Gemini suggested PCI passthrough for TrueNAS VM, warned on MD1200 issues like fan noise):</strong></p><blockquote>User: I&apos;m also interested in Casa OS... re-install TrueNAS Scale as a container but physically tie it to control my Dell MD1200 array...</blockquote><blockquote>Gemini: This part of your plan needs a course correction... CasaOS: Skip it, redundant with Dockge... TrueNAS Scale: Must run as VM, not container... PCI Passthrough for HBA card... Warnings for MD1200 + SSDs: Fan Noise (The &quot;Jet Engine&quot; Problem)... 6Gbps Limit... Interposers...</blockquote><p><strong>Core storage rearchitecture (the big one&#x2014;Gemini suggested migration first, then destroy/wipe/create based on my goals):</strong></p><blockquote>User: ...the script did not seem to detect the previous installation</blockquote><blockquote>Gemini: ...Before doing anything, stop the container and take a manual snapshot... Verify your Current Version: /var/ossec/bin/wazuh-control info... Manual Update Sequence: apt-get update... apt-get install --only-upgrade wazuh-indexer -y... etc.</blockquote><p>Later turns focused on pool states:</p><blockquote>Gemini: pool: basin... config: raidz1-0... (full before states as extracted)</blockquote><blockquote>After user shared zpool status: Suggest striped mirrors for flashpool, with exact create command matching my devices.</blockquote><blockquote>Migration: &quot;Use Proxmox&apos;s Move Disk in the GUI to relocate containers/VMs to rpool first&#x2014;zero downtime&#x2014;before destroying old pools.&quot;</blockquote><p>Full commands from Gemini (as I executed&#x2014;always test/back up first!):</p><blockquote>Bash</blockquote><pre><code># Migration (per container/VM)
qm config &lt;ID&gt;  # Check current disk
qm migrate &lt;ID&gt; --targetstorage rpool  # Or GUI: Hardware &gt; Disk &gt; Move Disk</code></pre><blockquote>Bash</blockquote><pre><code># Destroy (post-migration)
zpool destroy basin
zpool destroy pond
zpool destroy stank</code></pre><blockquote>Bash</blockquote><pre><code># Wipe
for disk in sdc sdd sde sdf sdg sdh sdi sdj sdk sdl sdm; do
  wipefs -af /dev/$disk
  sgdisk --zap-all /dev/$disk
done
partprobe /dev/sd[c-m]</code></pre><blockquote>Bash</blockquote><pre><code># Create flashpool
zpool create -f -o ashift=12 flashpool \
  mirror scsi-36b083fe0dffbfa002d21cca4172514ec scsi-36b083fe0dffbfa002d21ccbb187797e4 \
  mirror scsi-36b083fe0dffbfa002d21cf9227b92ed4 scsi-36b083fe0dffbfa002de694ac1f246e22 \
  mirror scsi-36b083fe0dffbfa002de694ab1f06447c scsi-36b083fe0dffbfa002de694ab1f10ce50 \
  mirror scsi-36b083fe0dffbfa002de694ac1f16b6a1 scsi-36b083fe0dffbfa002de694ac1f1e4a2c \
  mirror scsi-36b083fe0dffbfa002de694ad1f2bbbbf scsi-36b083fe0dffbfa002de694ad1f3282b5</code></pre><blockquote>Bash</blockquote><pre><code># Tuning
zfs set compression=lz4 flashpool
zfs set atime=off flashpool
zfs set xattr=sa flashpool
zfs set recordsize=64k flashpool
# Quotas for sec datasets
zfs create flashpool/sec-stack
zfs set quota=4T flashpool/sec-stack</code></pre><blockquote>Bash</blockquote><pre><code># Register
pvesm add zfs flashpool --pool flashpool --content images,rootdir --sparse 1</code></pre><p>Before/after pool states (direct from chat&#x2014;Gemini echoed my zpool status, then suggested the new config):</p><ul><li><strong>Before (<em>basin</em> example)</strong>: raidz1-0 with three drives, ONLINE.</li><li><strong>After (<em>flashpool</em>)</strong>: Five mirrors, ONLINE&#x2014;matched my SSD count for striped performance.</li></ul><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2026/01/Screenshot-2026-01-10-at-4.18.48-PM.png" class="kg-image" alt="Revamping My Homelab Network with AI Assistance: A Year with the UniFi Cloud Gateway Max (Part 1 &#x2013; The Brainstorming Spark)" loading="lazy" width="1326" height="260" srcset="https://blog.threatresearcher.com/content/images/size/w600/2026/01/Screenshot-2026-01-10-at-4.18.48-PM.png 600w, https://blog.threatresearcher.com/content/images/size/w1000/2026/01/Screenshot-2026-01-10-at-4.18.48-PM.png 1000w, https://blog.threatresearcher.com/content/images/2026/01/Screenshot-2026-01-10-at-4.18.48-PM.png 1326w" sizes="(min-width: 720px) 720px"></figure><p>This collaborative vibe&#x2014;argue, refine, confirm&#x2014;turned a potential headache into a sous-vide-session project (steak + Malbec celebration still the highlight). No RAG pipeline, no chunking debates, just instant, context-aware architecture.</p><p>The payoff? A clean <em>flashpool</em> rebuild, MD1200 shutdown (kept as optional expansion), and a lighter, more reliable homelab&#x2014;all sparked by one chat that felt collaborative, not mechanical. Sous-vide steak + Malbec celebration? Still unbeatable.</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2026/01/Screenshot-2026-01-10-at-4.16.04-PM.png" class="kg-image" alt="Revamping My Homelab Network with AI Assistance: A Year with the UniFi Cloud Gateway Max (Part 1 &#x2013; The Brainstorming Spark)" loading="lazy" width="2000" height="1301" srcset="https://blog.threatresearcher.com/content/images/size/w600/2026/01/Screenshot-2026-01-10-at-4.16.04-PM.png 600w, https://blog.threatresearcher.com/content/images/size/w1000/2026/01/Screenshot-2026-01-10-at-4.16.04-PM.png 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2026/01/Screenshot-2026-01-10-at-4.16.04-PM.png 1600w, https://blog.threatresearcher.com/content/images/2026/01/Screenshot-2026-01-10-at-4.16.04-PM.png 2000w" sizes="(min-width: 720px) 720px"></figure><p>In a follow-up, we&apos;ll compare why Gemini Pro edged out Perplexity/Grok/Copilot here (context retention, native tools), and tease more on emerging coding agents. </p><p>Drop your own 2 a.m. AI partner moment below&#x2014;what&apos;s the wildest late-night homelab win you&apos;ve had with chat alone? &#x1F604;</p>]]></content:encoded></item><item><title><![CDATA[Waiting for the Home Assistant CLI to be ready...]]></title><description><![CDATA[<p>Let me start by saying that I&apos;ve figured out a repeatable way to get around this issue which had stumped me all week! And, here&apos;s the proof:</p><figure class="kg-card kg-gallery-card kg-width-wide"><div class="kg-gallery-container"><div class="kg-gallery-row"><div class="kg-gallery-image"><img src="https://blog.threatresearcher.com/content/images/2025/09/Screenshot_20250907_154944_Gallery.jpg" width="2000" height="781" loading="lazy" alt srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/09/Screenshot_20250907_154944_Gallery.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/09/Screenshot_20250907_154944_Gallery.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/09/Screenshot_20250907_154944_Gallery.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/09/Screenshot_20250907_154944_Gallery.jpg 2316w" sizes="(min-width: 720px) 720px"></div><div class="kg-gallery-image"><img src="https://blog.threatresearcher.com/content/images/2025/09/Screenshot_20250907_155000_Gallery.jpg" width="2000" height="781" loading="lazy" alt srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/09/Screenshot_20250907_155000_Gallery.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/09/Screenshot_20250907_155000_Gallery.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/09/Screenshot_20250907_155000_Gallery.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/09/Screenshot_20250907_155000_Gallery.jpg 2316w" sizes="(min-width: 720px) 720px"></div><div class="kg-gallery-image"><img src="https://blog.threatresearcher.com/content/images/2025/09/Screenshot_20250907_155006_Gallery.jpg" width="2000" height="781" loading="lazy" alt srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/09/Screenshot_20250907_155006_Gallery.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/09/Screenshot_20250907_155006_Gallery.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/09/Screenshot_20250907_155006_Gallery.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/09/Screenshot_20250907_155006_Gallery.jpg 2316w" sizes="(min-width: 720px) 720px"></div></div></div></figure><p>Let&apos;s back up a second and talk about what happened and what got us here. Previously, these</p>]]></description><link>https://blog.threatresearcher.com/waiting-for-the-home-assistant-cli/</link><guid isPermaLink="false">68bde0bf6cf0b20284c71c46</guid><category><![CDATA[home assistant]]></category><category><![CDATA[hassos]]></category><category><![CDATA[IoT]]></category><dc:creator><![CDATA[Jamz Yaneza]]></dc:creator><pubDate>Sun, 07 Sep 2025 21:17:28 GMT</pubDate><media:content url="https://blog.threatresearcher.com/content/images/2025/09/Screenshot-2025-09-07-at-7.59.41-PM.png" medium="image"/><content:encoded><![CDATA[<img src="https://blog.threatresearcher.com/content/images/2025/09/Screenshot-2025-09-07-at-7.59.41-PM.png" alt="Waiting for the Home Assistant CLI to be ready..."><p>Let me start by saying that I&apos;ve figured out a repeatable way to get around this issue which had stumped me all week! And, here&apos;s the proof:</p><figure class="kg-card kg-gallery-card kg-width-wide"><div class="kg-gallery-container"><div class="kg-gallery-row"><div class="kg-gallery-image"><img src="https://blog.threatresearcher.com/content/images/2025/09/Screenshot_20250907_154944_Gallery.jpg" width="2000" height="781" loading="lazy" alt="Waiting for the Home Assistant CLI to be ready..." srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/09/Screenshot_20250907_154944_Gallery.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/09/Screenshot_20250907_154944_Gallery.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/09/Screenshot_20250907_154944_Gallery.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/09/Screenshot_20250907_154944_Gallery.jpg 2316w" sizes="(min-width: 720px) 720px"></div><div class="kg-gallery-image"><img src="https://blog.threatresearcher.com/content/images/2025/09/Screenshot_20250907_155000_Gallery.jpg" width="2000" height="781" loading="lazy" alt="Waiting for the Home Assistant CLI to be ready..." srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/09/Screenshot_20250907_155000_Gallery.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/09/Screenshot_20250907_155000_Gallery.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/09/Screenshot_20250907_155000_Gallery.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/09/Screenshot_20250907_155000_Gallery.jpg 2316w" sizes="(min-width: 720px) 720px"></div><div class="kg-gallery-image"><img src="https://blog.threatresearcher.com/content/images/2025/09/Screenshot_20250907_155006_Gallery.jpg" width="2000" height="781" loading="lazy" alt="Waiting for the Home Assistant CLI to be ready..." srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/09/Screenshot_20250907_155006_Gallery.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/09/Screenshot_20250907_155006_Gallery.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/09/Screenshot_20250907_155006_Gallery.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/09/Screenshot_20250907_155006_Gallery.jpg 2316w" sizes="(min-width: 720px) 720px"></div></div></div></figure><p>Let&apos;s back up a second and talk about what happened and what got us here. Previously, these things happened (not in any specific order):</p><ul><li>An urgent message was received one day from someone at home that the &quot;internet was dead&quot;. That situation was true for about a fully day overnight since it required an ISP technician to come inspect their fiber hardware. I was able to get some very minimal IoT smart devices working but nothing that needed the &quot;cloud&quot; worked.</li><li>At an average of about 11-cents/kWh the servers typically hit at $30~50/month prior to summer on-set and more than likely, due to their garage location in North Texas hea, would register more if I did a new Kill-a-Watt measurement. As it is, they&apos;re running at a noisy full-tilt instead of the normal 20% speed.</li><li> A mix of both ARM64 and AMD64 machines in a  Proxmox VE cluster is not the most optimal way to run things due to inconsistencies of storage media and other dependencies.</li><li>Recently de-clustering my high-availability setup due to the resulting heat and aforementioned cost of running a #homelab and job function change.</li><li>Wanting to find a way to setup Frigate and leverage the Coral Dual Edge TPU and PCIe 1x adapter but finding all current market options too costly or power hungry</li></ul><p>These are our current cast of characters: old laptop hand-me-downs from my now no-longer teenage son in the forms of an Acer Aspire V5-122P (AMD) and an Acer Aspire E5-576 (Intel with QuickSync). These had previously been pre-installed with Windows 7 and I had then flashed with the latest Ubuntu Desktop at the time of being received.</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/09/PXL_20250902_202114316.jpg" class="kg-image" alt="Waiting for the Home Assistant CLI to be ready..." loading="lazy" width="2000" height="1125" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/09/PXL_20250902_202114316.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/09/PXL_20250902_202114316.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/09/PXL_20250902_202114316.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/09/PXL_20250902_202114316.jpg 2000w" sizes="(min-width: 720px) 720px"></figure><p>I then followed the appropriate hardware install instructions for the official <a href="https://www.home-assistant.io/installation/generic-x86-64?ref=blog.threatresearcher.com" rel="noreferrer">Home Assistant Operating System Generic x86-64</a> which called for enabling UEFI Boot and disabling Secure Boot (because HassOS uses Buildroot and a customized version of Linux). </p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/09/Screenshot-2025-09-07-at-5.27.32-PM.png" class="kg-image" alt="Waiting for the Home Assistant CLI to be ready..." loading="lazy" width="1378" height="1616" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/09/Screenshot-2025-09-07-at-5.27.32-PM.png 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/09/Screenshot-2025-09-07-at-5.27.32-PM.png 1000w, https://blog.threatresearcher.com/content/images/2025/09/Screenshot-2025-09-07-at-5.27.32-PM.png 1378w" sizes="(min-width: 720px) 720px"></figure><blockquote>Let me digress here and mention that about two-(2) weeks prior I had been looking into converting at least one of the Nano Pi R5S into Home Assistant hosts but wasn&apos;t getting very far since I had to figure out how to merge separate Buildroot processes, one for HA and the other to incorporate the Rockchip drivers.</blockquote><p>There are some older instructions out there that talks about setting EFI and all that but in my experience those options only came into play when Secure Boot <em>was</em> enabled initially in-order for you to basically reset the options to factory defaults. But if you find yourself in a bind, then feel free to try it out just to remove variables:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/09/Screenshot-2025-09-07-at-5.31.46-PM.png" class="kg-image" alt="Waiting for the Home Assistant CLI to be ready..." loading="lazy" width="1382" height="842" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/09/Screenshot-2025-09-07-at-5.31.46-PM.png 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/09/Screenshot-2025-09-07-at-5.31.46-PM.png 1000w, https://blog.threatresearcher.com/content/images/2025/09/Screenshot-2025-09-07-at-5.31.46-PM.png 1382w" sizes="(min-width: 720px) 720px"></figure><p>I initially decided to go full steam ahead and use the Aspire E5-576 as the main HA unit and,  also, wanted it to be running Frigate, Jellyfin, Plex, and a whole host of different things to make full use of the overpowered hardware and Intel Quick Sync. However, the way HassOS is envisioned right now is that it needs to boot pristine without any other things loaded with it during the back-end Docker boot-up. Anything more than that then the installation will complain and you will get the <em>Unsupported</em> nod from Home Assistant observer and that would not be a happy experience, trust me:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/09/Screenshot-2025-09-07-at-5.36.26-PM.png" class="kg-image" alt="Waiting for the Home Assistant CLI to be ready..." loading="lazy" width="1684" height="554" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/09/Screenshot-2025-09-07-at-5.36.26-PM.png 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/09/Screenshot-2025-09-07-at-5.36.26-PM.png 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/09/Screenshot-2025-09-07-at-5.36.26-PM.png 1600w, https://blog.threatresearcher.com/content/images/2025/09/Screenshot-2025-09-07-at-5.36.26-PM.png 1684w" sizes="(min-width: 720px) 720px"></figure><p>So, I pivoted and decided to use the Acer Aspire V5-122P, which only had 500GB of storage, to instead be a sort of head-end and call the Quick Sync enabled machine remotely as a service. Those of us dabbling with AI automation will recognize this as using <em>Agents</em> that do their own autonomous activities. </p><p>But, that wasn&apos;t before I had already been hitting my head on the wall no matter what I did as a work-around to get past booting into this frustrating message: </p><figure class="kg-card kg-image-card kg-card-hascaption"><img src="https://blog.threatresearcher.com/content/images/2025/09/Screenshot_20250907_154944_Gallery-1.jpg" class="kg-image" alt="Waiting for the Home Assistant CLI to be ready..." loading="lazy" width="2000" height="781" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/09/Screenshot_20250907_154944_Gallery-1.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/09/Screenshot_20250907_154944_Gallery-1.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/09/Screenshot_20250907_154944_Gallery-1.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/09/Screenshot_20250907_154944_Gallery-1.jpg 2000w" sizes="(min-width: 720px) 720px"><figcaption><i><em class="italic" style="white-space: pre-wrap;">Waiting for the Home Assistant CLI to be ready...</em></i></figcaption></figure><p>I&apos;ve been all around the support groups and discussions and even found <a href="https://github.com/home-assistant/operating-system/issues/2272?ref=blog.threatresearcher.com" rel="noreferrer">a bug report</a>, which did give me a clue!</p><p>Within those workarounds someone talked about renaming labels and partitions and that may be true in some situations where the installation has progressed to completion. I&apos;m only repeating the post here because it taught me a little about getting a separate terminal out of HA without breaking it further: <strong>Ctrl-Alt-F2</strong></p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/09/Screenshot-2025-09-07-at-6.18.04-PM.png" class="kg-image" alt="Waiting for the Home Assistant CLI to be ready..." loading="lazy" width="1826" height="1318" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/09/Screenshot-2025-09-07-at-6.18.04-PM.png 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/09/Screenshot-2025-09-07-at-6.18.04-PM.png 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/09/Screenshot-2025-09-07-at-6.18.04-PM.png 1600w, https://blog.threatresearcher.com/content/images/2025/09/Screenshot-2025-09-07-at-6.18.04-PM.png 1826w" sizes="(min-width: 720px) 720px"></figure><p>However, the whole thing about workarounds and renaming labels falls apart because there is <strong><em>nothing to fix</em></strong>, and by that I mean that is what if the partitions and all that underlying stuff may have failed in various ways and there&apos;s nothing to operate those fixes on. The key for me was noticing the <strong><em>Dependency failed</em></strong> part of the boot process:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/09/Screenshot-2025-09-07-at-6.05.13-PM.png" class="kg-image" alt="Waiting for the Home Assistant CLI to be ready..." loading="lazy" width="848" height="402" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/09/Screenshot-2025-09-07-at-6.05.13-PM.png 600w, https://blog.threatresearcher.com/content/images/2025/09/Screenshot-2025-09-07-at-6.05.13-PM.png 848w" sizes="(min-width: 720px) 720px"></figure><p>This, my friends, was my <em>aha! moment</em>, the part where latent pieces of the boot and file structure might not have been correctly expunged from the system. </p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/09/Screenshot-2025-09-07-at-6.13.58-PM.png" class="kg-image" alt="Waiting for the Home Assistant CLI to be ready..." loading="lazy" width="1918" height="806" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/09/Screenshot-2025-09-07-at-6.13.58-PM.png 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/09/Screenshot-2025-09-07-at-6.13.58-PM.png 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/09/Screenshot-2025-09-07-at-6.13.58-PM.png 1600w, https://blog.threatresearcher.com/content/images/2025/09/Screenshot-2025-09-07-at-6.13.58-PM.png 1918w" sizes="(min-width: 720px) 720px"></figure><p>Whether it is a bug or not is debatable. What is important is that removing this part of the information is the key. So, back to the recommended <em>Method 1</em> of the official HA installation, before I restored the HassOS image I decided to wipe the disk with zero&apos;s as well as remove all partitions. </p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/09/Screenshot-2025-09-07-at-6.36.57-PM.png" class="kg-image" alt="Waiting for the Home Assistant CLI to be ready..." loading="lazy" width="1254" height="628" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/09/Screenshot-2025-09-07-at-6.36.57-PM.png 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/09/Screenshot-2025-09-07-at-6.36.57-PM.png 1000w, https://blog.threatresearcher.com/content/images/2025/09/Screenshot-2025-09-07-at-6.36.57-PM.png 1254w" sizes="(min-width: 720px) 720px"></figure><p>However, as you can see that was going to be more than a seven-(7) hour process for a 1TB disk:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/09/PXL_20250906_165733270.jpg" class="kg-image" alt="Waiting for the Home Assistant CLI to be ready..." loading="lazy" width="2000" height="1125" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/09/PXL_20250906_165733270.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/09/PXL_20250906_165733270.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/09/PXL_20250906_165733270.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/09/PXL_20250906_165733270.jpg 2000w" sizes="(min-width: 720px) 720px"></figure><blockquote>I would not fault you, dear readers, if you haven&apos;t had any digital forensic background to understand the <a href="https://en.wikipedia.org/wiki/GUID_Partition_Table?ref=blog.threatresearcher.com" rel="noreferrer">GUID Partition Table (GPT)</a> But, it should suffice to say that overwriting that minimum 1% (one percent) of the disk would be more than enough to clear out the data and disassociate most of the disk information from mapping. Back in the days of boot sector viruses this place of the disk was always under contention because it presented a way for malware to load prior to the operating system and circumvent security protections and many other shenanigans!</blockquote><p>To proof my theory, I decided to do the same data clearing for the 500GB disk on the Acer V5:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/09/Screenshot-2025-09-07-at-6.45.47-PM.png" class="kg-image" alt="Waiting for the Home Assistant CLI to be ready..." loading="lazy" width="1300" height="790" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/09/Screenshot-2025-09-07-at-6.45.47-PM.png 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/09/Screenshot-2025-09-07-at-6.45.47-PM.png 1000w, https://blog.threatresearcher.com/content/images/2025/09/Screenshot-2025-09-07-at-6.45.47-PM.png 1300w" sizes="(min-width: 720px) 720px"></figure><p>Once completing the image restore you should get a layout similar to this:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/09/Screenshot-2025-09-07-at-6.47.04-PM.png" class="kg-image" alt="Waiting for the Home Assistant CLI to be ready..." loading="lazy" width="1354" height="718" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/09/Screenshot-2025-09-07-at-6.47.04-PM.png 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/09/Screenshot-2025-09-07-at-6.47.04-PM.png 1000w, https://blog.threatresearcher.com/content/images/2025/09/Screenshot-2025-09-07-at-6.47.04-PM.png 1354w" sizes="(min-width: 720px) 720px"></figure><p>The only things to do now are to shutdown Live Ubuntu session, disconnect all external drives, connect any special hardware, boot-up, and (optionally) <a href="https://www.home-assistant.io/common-tasks/general/?ref=blog.threatresearcher.com#restoring-a-backup" rel="noreferrer">restoring from backup</a>.</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/09/Screenshot-2025-09-07-at-8.06.26-PM.png" class="kg-image" alt="Waiting for the Home Assistant CLI to be ready..." loading="lazy" width="1968" height="682" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/09/Screenshot-2025-09-07-at-8.06.26-PM.png 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/09/Screenshot-2025-09-07-at-8.06.26-PM.png 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/09/Screenshot-2025-09-07-at-8.06.26-PM.png 1600w, https://blog.threatresearcher.com/content/images/2025/09/Screenshot-2025-09-07-at-8.06.26-PM.png 1968w" sizes="(min-width: 720px) 720px"></figure><p>I&apos;m going to give it about a week of live testing for functionality as well as looking at the power consumption from the wall. If things are stable then I might just shutdown the virtualized version and stick with this laptop version. </p><p>The next step of the puzzle is how to make use of the space beyond what the default HassOS image allocates by default for itself, approximately 30GB. I&apos;m going to try to tackle that in a follow-up:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/09/Screenshot-2025-09-07-at-7.40.53-PM.png" class="kg-image" alt="Waiting for the Home Assistant CLI to be ready..." loading="lazy" width="1226" height="536" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/09/Screenshot-2025-09-07-at-7.40.53-PM.png 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/09/Screenshot-2025-09-07-at-7.40.53-PM.png 1000w, https://blog.threatresearcher.com/content/images/2025/09/Screenshot-2025-09-07-at-7.40.53-PM.png 1226w" sizes="(min-width: 720px) 720px"></figure><p>There is a mismatch somewhere in terms of what HassOS reports compared to how things are actually mapped on-disk. Here&apos;s what GParted reports from a Live Ubuntu session:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/09/Screenshot-from-2025-09-08-03-54-33.png" class="kg-image" alt="Waiting for the Home Assistant CLI to be ready..." loading="lazy" width="803" height="566" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/09/Screenshot-from-2025-09-08-03-54-33.png 600w, https://blog.threatresearcher.com/content/images/2025/09/Screenshot-from-2025-09-08-03-54-33.png 803w" sizes="(min-width: 720px) 720px"></figure><p>As can be seen, and similarly claimed during the installation process, the hassos-data partition did, in fact, expand to the rest of the disk. Why then is the built-in Disk metrics only reporting about 10GB left of free space? If you happen to come by this post and have an explanation, feel free to add it in the comments.</p><p>As for the Aspire E5, I&apos;m currently leaning towards making it into just a full blown Docker or Podman host. The reason being that if I installed Proxmox VE on top of it then I&apos;d have to contend with the extra hypervisor overhead on an already system memory challenged system. A simple Ubuntu or Debian Bookworm bare metal server installation might net me just the right amount of processing utility that I need.</p><p>See you next time.</p>]]></content:encoded></item><item><title><![CDATA[I restarted my homelab with Proxmox VE Helper-scripts and a phablet! - Part 3]]></title><description><![CDATA[<p>Welcome back, it&apos;s literally been a minute since I published <a href="https://blog.threatresearcher.com/i-restarted-my-homelab-with-proxmox-ve-helper-scripts-and-a-phablet-part-2/" rel="noreferrer"><em>Part 2</em> of this series where I found a fix for the Pi-hole NTP sync errors</a>.</p><p>I don&apos;t think there&apos;s going to be a separate need to discuss blogging on <a href="https://blog.threatresearcher.com/the-3rd-return-from-being-offline/" rel="noreferrer">Ghost via mobile</a>. It</p>]]></description><link>https://blog.threatresearcher.com/i-restarted-my-homelab-with-proxmox-ve-helper-scripts-and-a-phablet-part-3/</link><guid isPermaLink="false">682bacd35a4048028cb5b43f</guid><category><![CDATA[Proxmox VE]]></category><category><![CDATA[Homelab]]></category><category><![CDATA[LXC]]></category><dc:creator><![CDATA[Jamz Yaneza]]></dc:creator><pubDate>Mon, 19 May 2025 22:15:40 GMT</pubDate><media:content url="https://blog.threatresearcher.com/content/images/2025/05/1000018738.jpg" medium="image"/><content:encoded><![CDATA[<img src="https://blog.threatresearcher.com/content/images/2025/05/1000018738.jpg" alt="I restarted my homelab with Proxmox VE Helper-scripts and a phablet! - Part 3"><p>Welcome back, it&apos;s literally been a minute since I published <a href="https://blog.threatresearcher.com/i-restarted-my-homelab-with-proxmox-ve-helper-scripts-and-a-phablet-part-2/" rel="noreferrer"><em>Part 2</em> of this series where I found a fix for the Pi-hole NTP sync errors</a>.</p><p>I don&apos;t think there&apos;s going to be a separate need to discuss blogging on <a href="https://blog.threatresearcher.com/the-3rd-return-from-being-offline/" rel="noreferrer">Ghost via mobile</a>. It should suffice to say that copy-pasting images works better on Chrome mobile mode; you can get better native desktop-mode experience when using Firefox. The capability to flip back-and-forth seamlessly is a game changer for speed edits. I&apos;m not sure about the experience using an actual tablet like the Google Pixel Tablet or a Chromebook like the <a href="https://www.costco.com/acer-chromebook-plus-14%22-touchscreen-laptop-with-google-ai---intel-core-i3-n305---1920-x-1080---chrome-os---8gb-ram---512gb-ssd---protective-sleeve-included.product.4000252543.html?ref=blog.threatresearcher.com" rel="noreferrer">Acer Chromebook Plus 14&quot;</a> (CB514-4HT-359X) but that&apos;s going to be one of the next experiments. My final edits have been on the old MacBook Pro, whenever it&apos;s still got a charge.</p><h3 id="part-3-proxmox-ve-helper-scripts-meets-xda-developers">Part 3: Proxmox VE Helper scripts meets XDA Developers </h3><p>Let me start with the elephant in the room, why use LXC instead of using the existing Docker VMs in my current stack? Well, let&apos;s talk about that. </p><p>I&apos;ve been running MISP and OpenCTI for the longest time in a cluster for high-availability. Specifically, ElasticSearch can become unwieldy when you try to give it the best possible scenario when you&apos;ve got limited rack space expansion and a power budget cap. Essentially, because of this I&apos;m considering a re-do and clawing back resources these projects have taken over in resources. Plus, I&apos;ve recently had some bad spells with old Portainer versions that over time has given me a bad taste in the mouth. And then, from the last time I had touched edits on Docker did Podman enter the picture. So far, in the past few months this might be the direction I take if only so I can learn more about it&apos;s pitfalls and the fact it is what you would get to use in a locked-down Red Hat enterprise image. There&apos;s alot to unpack there, but my point is that I don&apos;t take this decision lightly. There&apos;s going to be a learning curve and trade-offs to be made. I&apos;ll have to be OK with that. So, this is why we&apos;re going back to individual containers in the form of LXC instead of full VMs if we don&apos;t have to.</p><p>Now, with that out of the way, a brief note on <a href="https://en.wikipedia.org/wiki/Valnet?ref=blog.threatresearcher.com#XDA" rel="noreferrer">XDA Developers</a>. Hailing from the Philippines, I&apos;ve been on the cutting edge of mobile computing since back in the Nokia days. If I couldn&apos;t get new stuff locally then I could always hop on a plane to Singapore and visit <a href="https://www.simlimsquare.com.sg/?ref=blog.threatresearcher.com" rel="noreferrer"><em>Sim Lim Square</em></a>. And, on one of these trips is where I got hold of my first <a href="https://en.wikipedia.org/wiki/O2_Xda?ref=blog.threatresearcher.com" rel="noreferrer"><strong>O2 XDA</strong></a> (and a bunch of Havaianas). Mind you, at around this time I was sporting the latest <a href="https://en.wikipedia.org/wiki/Nokia_9500_Communicator?ref=blog.threatresearcher.com" rel="noreferrer">Nokia 9500 Communicator.</a> I was ready for another form factor, let those parts sink in. Rooting and hacking bleeding edge mobile devices is how XDA and I crossed paths. Years later after transformation I really enjoy the <a href="https://www.xda-developers.com/search/?q=self-host&amp;ref=blog.threatresearcher.com" rel="noreferrer">self hosted section topics</a> for my use case.</p><p>About <a href="https://community-scripts.github.io/ProxmoxVE/?ref=blog.threatresearcher.com" rel="noreferrer">Proxmox VE Helper scripts</a>, I discovered this group while looking to experiment with lightweight versions of my homelab projects. What I would do was learn from the scripts and incorporate or improve on them for my specific use case. Now, however, I plan to use several of the templates to get things restarted based on availability and if something gets mentioned over at XDA.</p><p>I&apos;ve already showed what a basic phablet install experience and experiment looks like over in <a href="https://blog.threatresearcher.com/i-restarted-my-homelab-with-proxmox-ve-helper-scripts-and-phablet/" rel="noreferrer">Part 1 of this series</a>. Here&apos;s where I&apos;ve landed so far:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250518_193546_Chrome.jpg" class="kg-image" alt="I restarted my homelab with Proxmox VE Helper-scripts and a phablet! - Part 3" loading="lazy" width="1812" height="2176" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/05/Screenshot_20250518_193546_Chrome.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/05/Screenshot_20250518_193546_Chrome.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/05/Screenshot_20250518_193546_Chrome.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250518_193546_Chrome.jpg 1812w" sizes="(min-width: 720px) 720px"></figure><p>There&apos;s a big part of myself that cringes at the auto-numbering since my original schema was to map IP to VMID. If it matters that much later then, in theory, it should just be a matter of a backup and then restore to a specific VMID. Well, in my mind, that&apos;s how I&apos;m coping with the situation.</p><p>In Part 4, we can discuss about the use cases and groupings of what&apos;s been installed. Or, I may just launch a new series based on specific group topic projects linked stemming from here.</p><p>Happy trails.</p>]]></content:encoded></item><item><title><![CDATA[I restarted my homelab with Proxmox VE Helper-scripts and a phablet! - Part 2]]></title><description><![CDATA[<p>Strike while the iron is hot? Well, I&apos;m going to do a version of type on this phablet until it powers down because its now at 11% and hopefully not loose any content. I guess that is part of the curse when you&apos;ve got the ideas</p>]]></description><link>https://blog.threatresearcher.com/i-restarted-my-homelab-with-proxmox-ve-helper-scripts-and-a-phablet-part-2/</link><guid isPermaLink="false">682a7d765a4048028cb5b3ca</guid><category><![CDATA[Proxmox VE]]></category><category><![CDATA[ARM64]]></category><category><![CDATA[Pi-hole]]></category><category><![CDATA[NanoPi]]></category><category><![CDATA[Homelab]]></category><dc:creator><![CDATA[Jamz Yaneza]]></dc:creator><pubDate>Mon, 19 May 2025 13:48:15 GMT</pubDate><media:content url="https://blog.threatresearcher.com/content/images/2025/05/1000018739.jpg" medium="image"/><content:encoded><![CDATA[<img src="https://blog.threatresearcher.com/content/images/2025/05/1000018739.jpg" alt="I restarted my homelab with Proxmox VE Helper-scripts and a phablet! - Part 2"><p>Strike while the iron is hot? Well, I&apos;m going to do a version of type on this phablet until it powers down because its now at 11% and hopefully not loose any content. I guess that is part of the curse when you&apos;ve got the ideas and time is measured in either bars of battery or wifi strength.</p><p>In <a href="https://blog.threatresearcher.com/i-restarted-my-homelab-with-proxmox-ve-helper-scripts-and-phablet/" rel="noreferrer"><em>Part 1</em>, I talked about success in getting <em>Pihole setup on ARM64.</em></a><em> </em> There might be some other lightweight resourced projects to install or migrate later, perhaps <em>Uptime Kuma</em>?</p><h3 id="part-2-pi-hole-ntp-sync-sidequest">Part 2: Pi-hole NTP sync sidequest </h3><p>There was an <strong><em>NTP setting</em></strong> that needed to be addressed related to permissions, which by some reports is a bug or a setting that doesn&apos;t make sense depending on how you have Pihole set-up:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_190225_Firefox.jpg" class="kg-image" alt="I restarted my homelab with Proxmox VE Helper-scripts and a phablet! - Part 2" loading="lazy" width="1812" height="2176" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/05/Screenshot_20250517_190225_Firefox.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/05/Screenshot_20250517_190225_Firefox.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/05/Screenshot_20250517_190225_Firefox.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_190225_Firefox.jpg 1812w" sizes="(min-width: 720px) 720px"></figure><p>Navigate to Settings, and notice the green <strong><em>Basic</em></strong> toggle:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_185916_Firefox.jpg" class="kg-image" alt="I restarted my homelab with Proxmox VE Helper-scripts and a phablet! - Part 2" loading="lazy" width="1812" height="2176" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/05/Screenshot_20250517_185916_Firefox.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/05/Screenshot_20250517_185916_Firefox.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/05/Screenshot_20250517_185916_Firefox.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_185916_Firefox.jpg 1812w" sizes="(min-width: 720px) 720px"></figure><p>Click on this and you&apos;ll enter <strong><em>Expert</em></strong> mode:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_185923_Firefox.jpg" class="kg-image" alt="I restarted my homelab with Proxmox VE Helper-scripts and a phablet! - Part 2" loading="lazy" width="1812" height="2176" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/05/Screenshot_20250517_185923_Firefox.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/05/Screenshot_20250517_185923_Firefox.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/05/Screenshot_20250517_185923_Firefox.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_185923_Firefox.jpg 1812w" sizes="(min-width: 720px) 720px"></figure><p>A new option will then appear called <strong><em>All settings</em></strong>:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_190255_Firefox.jpg" class="kg-image" alt="I restarted my homelab with Proxmox VE Helper-scripts and a phablet! - Part 2" loading="lazy" width="1812" height="2176" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/05/Screenshot_20250517_190255_Firefox.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/05/Screenshot_20250517_190255_Firefox.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/05/Screenshot_20250517_190255_Firefox.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_190255_Firefox.jpg 1812w" sizes="(min-width: 720px) 720px"></figure><p>Within <em>All settings</em> navigate to the <strong><em>Network Time Sync</em></strong> tab and disable most of the settings:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250519_170150_Firefox.jpg" class="kg-image" alt="I restarted my homelab with Proxmox VE Helper-scripts and a phablet! - Part 2" loading="lazy" width="1812" height="2176" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/05/Screenshot_20250519_170150_Firefox.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/05/Screenshot_20250519_170150_Firefox.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/05/Screenshot_20250519_170150_Firefox.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250519_170150_Firefox.jpg 1812w" sizes="(min-width: 720px) 720px"></figure><p>The most important edit is zeroing the setting for ntp.syc.interval:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250519_170234_Firefox.jpg" class="kg-image" alt="I restarted my homelab with Proxmox VE Helper-scripts and a phablet! - Part 2" loading="lazy" width="1812" height="2176" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/05/Screenshot_20250519_170234_Firefox.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/05/Screenshot_20250519_170234_Firefox.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/05/Screenshot_20250519_170234_Firefox.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250519_170234_Firefox.jpg 1812w" sizes="(min-width: 720px) 720px"></figure><p>Save your settings and you will then notice the error alert disappear: </p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_190347_Firefox.jpg" class="kg-image" alt="I restarted my homelab with Proxmox VE Helper-scripts and a phablet! - Part 2" loading="lazy" width="1812" height="2176" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/05/Screenshot_20250517_190347_Firefox.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/05/Screenshot_20250517_190347_Firefox.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/05/Screenshot_20250517_190347_Firefox.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_190347_Firefox.jpg 1812w" sizes="(min-width: 720px) 720px"></figure><p> With that out of the way, <a href="https://blog.threatresearcher.com/i-restarted-my-homelab-with-proxmox-ve-helper-scripts-and-a-phablet-part-3/" rel="noreferrer">onward to Part 3</a>.</p><p>Yes, I&apos;m still doing my edits from the Flip4!</p>]]></content:encoded></item><item><title><![CDATA[I restarted my homelab with Proxmox VE Helper-scripts and a phablet!]]></title><description><![CDATA[<p>It&apos;s been a minute. </p><p>We&apos;ll, several months in fact since getting most of the Lab situated. &#x200B;The Unifi gateway has proven to be a useful addition to complete the end-to-end visibility for my network. I&apos;ve also walked myself back from over-engineering the access</p>]]></description><link>https://blog.threatresearcher.com/i-restarted-my-homelab-with-proxmox-ve-helper-scripts-and-phablet/</link><guid isPermaLink="false">682a62b35a4048028cb5b314</guid><category><![CDATA[Proxmox VE]]></category><category><![CDATA[ARM64]]></category><category><![CDATA[Homelab]]></category><category><![CDATA[NanoPi]]></category><category><![CDATA[Pi-hole]]></category><dc:creator><![CDATA[Jamz Yaneza]]></dc:creator><pubDate>Sun, 18 May 2025 23:49:42 GMT</pubDate><media:content url="https://blog.threatresearcher.com/content/images/2025/05/1000018736-1.jpg" medium="image"/><content:encoded><![CDATA[<img src="https://blog.threatresearcher.com/content/images/2025/05/1000018736-1.jpg" alt="I restarted my homelab with Proxmox VE Helper-scripts and a phablet!"><p>It&apos;s been a minute. </p><p>We&apos;ll, several months in fact since getting most of the Lab situated. &#x200B;The Unifi gateway has proven to be a useful addition to complete the end-to-end visibility for my network. I&apos;ve also walked myself back from over-engineering the access points, meaning to say I&apos;ve held back deploying all of the nanoHD APs and instead forced myself to find the house layout and leverage the Unifi Designer page to map out some better configuration options given the limitations of where I can drill or line some CAT6a.</p><p>Yesterday, I looked at my simple stack of containers and decided it&apos;s about time to put back some of the tools that I&apos;ve been missing given my current job function use cases. I still have MISP and OpenCTI running and they&apos;re due for a version refresh. While Pihole and Adblocker get updated, they&apos;re no longer part of my network&apos;s flow and I&apos;ll rectify that when I transition to using the new firewall zones feature in the latest Unifi firmware. Home Assistant is running but the Frigate integration hasn&apos;t been done until I decide on a spare machine to run the Coral TPU on. Smartthings needs a configuration update since I no longer use or host a Blue Iris integration server and set of IP cameras, I&apos;ve peppered the place with cheap Wyze cameras, instead.</p><p>For today&apos;s topic, the main goals I had were:</p><ol><li>Install something that works on both of the <a href="https://blog.threatresearcher.com/installing-proxmox-ve-8-x-on-arm64-nanopi-r5s/" rel="noreferrer">NanoPi R5 installed with Proxmox VE on ARM64</a></li><li>Comb through the recent <a href="https://www.xda-developers.com/search/?q=self-host&amp;ref=blog.threatresearcher.com" rel="noreferrer">self-hosting posts from the XDA Developers</a> site and select stuff that aligned with my past and future usage goals</li><li>Decide to use individual LXC containers and leverage those that exist in <a href="https://github.com/community-scripts/ProxmoxVE?ref=blog.threatresearcher.com" rel="noreferrer">Proxmox VE Helper scripts</a> <a href="https://community-scripts.github.io/ProxmoxVE/?ref=blog.threatresearcher.com" rel="noreferrer">site</a></li><li>Forego the temptation to use Docker or Podman, but Install fresh containers for future experiments </li><li>Do all of this using my Samsung Galaxy Fold4 phone while testing the new U7 Pro Outdoor with omni-directional antennas I just installed the day before</li></ol><h3 id="part-1-nanopi-r5-with-proxmox-ve-arm64"><strong>Part 1: NanoPi R5 with Proxmox VE ARM64</strong></h3><p>This previous project is sort of a heartache for me. While I did get Proxmox VE installed, my ventures into installing a working VM and a basic OS have been unstable and mainly unusable probably due to system requirements. And, this is probably where the beauty of LXC shines due to it simply using what&apos;s already there.</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_182157_Firefox.jpg" class="kg-image" alt="I restarted my homelab with Proxmox VE Helper-scripts and a phablet!" loading="lazy" width="2000" height="1665" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/05/Screenshot_20250517_182157_Firefox.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/05/Screenshot_20250517_182157_Firefox.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/05/Screenshot_20250517_182157_Firefox.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_182157_Firefox.jpg 2000w" sizes="(min-width: 720px) 720px"></figure><p>The helper script for Pihole will fail and complain to you and suggest you use a different installation script. No need, since ARM64 is a supported architecture:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_183651_Firefox.jpg" class="kg-image" alt="I restarted my homelab with Proxmox VE Helper-scripts and a phablet!" loading="lazy" width="1812" height="2176" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/05/Screenshot_20250517_183651_Firefox.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/05/Screenshot_20250517_183651_Firefox.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/05/Screenshot_20250517_183651_Firefox.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_183651_Firefox.jpg 1812w" sizes="(min-width: 720px) 720px"></figure><p>And so, let&apos;s see if we can get Debain installed copying the basic specs from:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_182308_Firefox.jpg" class="kg-image" alt="I restarted my homelab with Proxmox VE Helper-scripts and a phablet!" loading="lazy" width="2000" height="1665" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/05/Screenshot_20250517_182308_Firefox.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/05/Screenshot_20250517_182308_Firefox.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/05/Screenshot_20250517_182308_Firefox.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_182308_Firefox.jpg 2000w" sizes="(min-width: 720px) 720px"></figure><p>But, we&apos;re going to use the default Proxmox VE container template to create it:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_182516_Firefox.jpg" class="kg-image" alt="I restarted my homelab with Proxmox VE Helper-scripts and a phablet!" loading="lazy" width="2000" height="1665" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/05/Screenshot_20250517_182516_Firefox.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/05/Screenshot_20250517_182516_Firefox.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/05/Screenshot_20250517_182516_Firefox.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_182516_Firefox.jpg 2000w" sizes="(min-width: 720px) 720px"></figure><p>This got created fine: </p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_183113_Firefox.jpg" class="kg-image" alt="I restarted my homelab with Proxmox VE Helper-scripts and a phablet!" loading="lazy" width="2000" height="1665" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/05/Screenshot_20250517_183113_Firefox.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/05/Screenshot_20250517_183113_Firefox.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/05/Screenshot_20250517_183113_Firefox.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_183113_Firefox.jpg 2000w" sizes="(min-width: 720px) 720px"></figure><p>We now have a running Debain LXC to build upon!</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_183506_Firefox.jpg" class="kg-image" alt="I restarted my homelab with Proxmox VE Helper-scripts and a phablet!" loading="lazy" width="2000" height="1665" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/05/Screenshot_20250517_183506_Firefox.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/05/Screenshot_20250517_183506_Firefox.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/05/Screenshot_20250517_183506_Firefox.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_183506_Firefox.jpg 2000w" sizes="(min-width: 720px) 720px"></figure><p>Let&apos;s use the one liner installer:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_183602_Firefox.jpg" class="kg-image" alt="I restarted my homelab with Proxmox VE Helper-scripts and a phablet!" loading="lazy" width="1812" height="2176" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/05/Screenshot_20250517_183602_Firefox.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/05/Screenshot_20250517_183602_Firefox.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/05/Screenshot_20250517_183602_Firefox.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_183602_Firefox.jpg 1812w" sizes="(min-width: 720px) 720px"></figure><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_183541_Firefox.jpg" class="kg-image" alt="I restarted my homelab with Proxmox VE Helper-scripts and a phablet!" loading="lazy" width="2000" height="1665" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/05/Screenshot_20250517_183541_Firefox.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/05/Screenshot_20250517_183541_Firefox.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/05/Screenshot_20250517_183541_Firefox.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_183541_Firefox.jpg 2000w" sizes="(min-width: 720px) 720px"></figure><p>But first, get curl installed and update packages:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_183906_Firefox.jpg" class="kg-image" alt="I restarted my homelab with Proxmox VE Helper-scripts and a phablet!" loading="lazy" width="2000" height="1665" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/05/Screenshot_20250517_183906_Firefox.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/05/Screenshot_20250517_183906_Firefox.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/05/Screenshot_20250517_183906_Firefox.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_183906_Firefox.jpg 2000w" sizes="(min-width: 720px) 720px"></figure><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_183941_Firefox.jpg" class="kg-image" alt="I restarted my homelab with Proxmox VE Helper-scripts and a phablet!" loading="lazy" width="2000" height="1665" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/05/Screenshot_20250517_183941_Firefox.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/05/Screenshot_20250517_183941_Firefox.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/05/Screenshot_20250517_183941_Firefox.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_183941_Firefox.jpg 2000w" sizes="(min-width: 720px) 720px"></figure><p>Configure the easy defaults:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_184027_Firefox.jpg" class="kg-image" alt="I restarted my homelab with Proxmox VE Helper-scripts and a phablet!" loading="lazy" width="2000" height="1665" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/05/Screenshot_20250517_184027_Firefox.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/05/Screenshot_20250517_184027_Firefox.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/05/Screenshot_20250517_184027_Firefox.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_184027_Firefox.jpg 2000w" sizes="(min-width: 720px) 720px"></figure><p>Finalize checks:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_184119_Firefox.jpg" class="kg-image" alt="I restarted my homelab with Proxmox VE Helper-scripts and a phablet!" loading="lazy" width="2000" height="1665" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/05/Screenshot_20250517_184119_Firefox.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/05/Screenshot_20250517_184119_Firefox.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/05/Screenshot_20250517_184119_Firefox.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_184119_Firefox.jpg 2000w" sizes="(min-width: 720px) 720px"></figure><p>Browse to the web address and enter credentials:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_184309_Firefox.jpg" class="kg-image" alt="I restarted my homelab with Proxmox VE Helper-scripts and a phablet!" loading="lazy" width="1812" height="2176" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/05/Screenshot_20250517_184309_Firefox.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/05/Screenshot_20250517_184309_Firefox.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/05/Screenshot_20250517_184309_Firefox.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_184309_Firefox.jpg 1812w" sizes="(min-width: 720px) 720px"></figure><p>Update the rules:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_184433_Firefox.jpg" class="kg-image" alt="I restarted my homelab with Proxmox VE Helper-scripts and a phablet!" loading="lazy" width="1812" height="2176" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/05/Screenshot_20250517_184433_Firefox.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/05/Screenshot_20250517_184433_Firefox.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/05/Screenshot_20250517_184433_Firefox.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_184433_Firefox.jpg 1812w" sizes="(min-width: 720px) 720px"></figure><p>Inspect alerts:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_184733_Firefox.jpg" class="kg-image" alt="I restarted my homelab with Proxmox VE Helper-scripts and a phablet!" loading="lazy" width="2000" height="1665" srcset="https://blog.threatresearcher.com/content/images/size/w600/2025/05/Screenshot_20250517_184733_Firefox.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2025/05/Screenshot_20250517_184733_Firefox.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2025/05/Screenshot_20250517_184733_Firefox.jpg 1600w, https://blog.threatresearcher.com/content/images/2025/05/Screenshot_20250517_184733_Firefox.jpg 2000w" sizes="(min-width: 720px) 720px"></figure><p>This NTP sync error has a fix and sort of controversial in its implementation. So, I&apos;ll post the specific steps I had to do separately.</p><p><a href="https://blog.threatresearcher.com/i-restarted-my-homelab-with-proxmox-ve-helper-scripts-and-a-phablet-part-2/" rel="noreferrer">Stay tuned for Part 2.</a></p>]]></content:encoded></item><item><title><![CDATA[The 3rd Return from Being Offline]]></title><description><![CDATA[<p>... and we&apos;re back !!!</p><p>Today just so happened to be a standard month of setting-up shop in the new digs. Most of the boxes have been unpacked except for the holiday stuff. I don&apos;t think we knew how much decorations we&apos;d amassed over the years</p>]]></description><link>https://blog.threatresearcher.com/the-3rd-return-from-being-offline/</link><guid isPermaLink="false">67957e2cfdf42802b979ea82</guid><category><![CDATA[Ghost]]></category><category><![CDATA[UniFi]]></category><dc:creator><![CDATA[Jamz Yaneza]]></dc:creator><pubDate>Sun, 26 Jan 2025 00:50:07 GMT</pubDate><media:content url="https://blog.threatresearcher.com/content/images/2025/01/1000003368.webp" medium="image"/><content:encoded><![CDATA[<img src="https://blog.threatresearcher.com/content/images/2025/01/1000003368.webp" alt="The 3rd Return from Being Offline"><p>... and we&apos;re back !!!</p><p>Today just so happened to be a standard month of setting-up shop in the new digs. Most of the boxes have been unpacked except for the holiday stuff. I don&apos;t think we knew how much decorations we&apos;d amassed over the years and that already included having gotten rid of all the almost decade old disintegrating stuff (which had actually been great for Halloween, by the way).</p><p>The only ISP offering fiber in my area had already installed their hardware before we moved in by drilling a hole through brick straight into the middle of the living room wall which limited my options unless I wanted to make another one to feed out from the ONT modem onto CAT6A.  As much as I would have loved to forego a separate server room it felt like a blessing of silence when the <a href="https://blog.threatresearcher.com/exploring-a-used-mikrotik-ccr1036-8g-2s/" rel="noreferrer">Mikrotik router</a> was turned off. </p><p>And what did it take for me to do that? </p><p>I was hoping you&apos;d ask. But first, here&apos;s my server rack hastily recreated in the garage just to get this blog back up and running:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2025/02/Screenshot_20250125-183434.png" class="kg-image" alt="The 3rd Return from Being Offline" loading="lazy" width="478" height="836"></figure><p>Yes, I know, all those spaghetti cables! </p><p>What you don&apos;t see is a CAT6A shielded cable snaking 60-feet across open ground from the living room through brick. Instead, there&apos;s a black CAT6 cable coming from the UniFi 60W switch down-linked from the PoE injector of the UniFi NanoHD access point into the Mikrotik CRS328-24P-4S+RM switch. Apparently, this works via the magic of how UniFi configures Wi-Fi meshing on access points at the moment and it results in what would have been just power to instead the AP becoming a network media bridge. </p><p>I&apos;m not going to complain, the alternative is to pre-order the recently announced official UniFi Bridge, which is currently out of stock. I&apos;m probably still going to order one when it becomes available given some network stability due to the signal having to travel through layers of brick to the detached garage. Or ... I might just consider some kind of upgrade to WiFi 6E/7.</p><p>It is pretty interesting starting from scratch. I am now realizing that I had over-engineered (of course!) last time by surrounding all corners of the house with access points, even if I did turn down their transmit signals. This sort of explains why all my IoT devices still preferred to connect to the UniFi 6 Mesh that I&apos;d placed on the roof rather than the nearest access point. So, really, in terms of access point coverage less is more and only add if you really must.</p><p>In my next post I&apos;ll talk about my experience with finally getting a real UniFi Gateway onto the rack and the status of the rest of the gear as a result of that network hardware change. I&apos;ll be posting and update towards progress on hosting this Ghost blog platform on ARM64 as a result of <a href="https://blog.threatresearcher.com/installing-proxmox-ve-8-x-on-arm64-nanopi-r5s/" rel="noreferrer">my previous experiment</a>, too!</p><p>Until then, Happy New Year of the &quot;<em>Dragon</em>&quot;!</p><p></p>]]></content:encoded></item><item><title><![CDATA[Installing Proxmox VE 8.x on ARM64 (NanoPi R5s)]]></title><description><![CDATA[<p>This little journey started the night before Thanksgiving as we were packing for a long-ago planned trip to Japan. </p><p>As is my usual wont, I found myself puttering around restlessly with the <em>HomeLab </em>trying to eek out a little bit more from the little bits of hardware I had accumulated</p>]]></description><link>https://blog.threatresearcher.com/installing-proxmox-ve-8-x-on-arm64-nanopi-r5s/</link><guid isPermaLink="false">67512668bbea4302978c82be</guid><category><![CDATA[Proxmox VE]]></category><category><![CDATA[ARM64]]></category><category><![CDATA[NanoPi]]></category><dc:creator><![CDATA[Jamz Yaneza]]></dc:creator><pubDate>Thu, 05 Dec 2024 08:11:23 GMT</pubDate><media:content url="https://images.unsplash.com/photo-1500171335092-ec6cd7e90044?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wxMTc3M3wwfDF8c2VhcmNofDE1OHx8amFwYW58ZW58MHx8fHwxNzMzMzg1OTQzfDA&amp;ixlib=rb-4.0.3&amp;q=80&amp;w=2000" medium="image"/><content:encoded><![CDATA[<img src="https://images.unsplash.com/photo-1500171335092-ec6cd7e90044?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wxMTc3M3wwfDF8c2VhcmNofDE1OHx8amFwYW58ZW58MHx8fHwxNzMzMzg1OTQzfDA&amp;ixlib=rb-4.0.3&amp;q=80&amp;w=2000" alt="Installing Proxmox VE 8.x on ARM64 (NanoPi R5s)"><p>This little journey started the night before Thanksgiving as we were packing for a long-ago planned trip to Japan. </p><p>As is my usual wont, I found myself puttering around restlessly with the <em>HomeLab </em>trying to eek out a little bit more from the little bits of hardware I had accumulated since my most recent <a href="https://blog.threatresearcher.com/chatgpt-like-performance-comparisons/" rel="noreferrer">personal research project</a>. The PCIe board for the Coral Dual Edge TPU had arrived but my previous attempt at installing it was hijacked when I accidentally ended up shutting down my Proxmox VE node that was hosting several of my Docker projects &#x2013; including about one(1)-TB worth of OpenCTI metadata that hadn&apos;t had time to settle and get written correctly to disk. How was I to know that the hardware backplane on the Dell R720xd it was hosted on was going to bork and make my ZFS cluster disappear into the ether?</p><p>That unfortunate incident wasn&apos;t all too bad. At this point having all that data just happened to be not as critical or immediately usable for work stuff and I&apos;d already rebuilt the setup several ways enough that I&apos;ve got a working project fork of OpenCTI to my own to help ease the recovery and deployment process. Then, too, I&apos;ve been back to having my router, switches, and WiFi on physical machines such that my whole house network and its entertainment side of the equation are not affected. But, now, I did have a pair of <a href="https://blog.threatresearcher.com/comparing-the-ai-capabilities-of-sbcs/" rel="noreferrer">FriendlyELEC NanoPi R5s</a> sitting cold and unused and just begging to be put back into use &#x2013; not as FriendlyWrt travel routers but as Docker hosts. In fact, I mused, could I run an ARM64 version of Proxmox VE on these things?</p><p>The bigger plan, of course, was if it would also be viable to to install Proxmox VE onto a high performance AArch64/ARM64 server and see compute gains on something like Apple Silicon.</p><p>It started well enough. I was mildly surprised to know that on the latest <em>2024-10-16</em> firmware release it literally said &quot;<a href="https://wiki.friendlyelec.com/wiki/index.php/NanoPi_R5S?ref=blog.threatresearcher.com#New_System" rel="noreferrer"><em>Added Proxmox VE system</em></a>&quot;. What luck!</p><p><a href="https://wiki.friendlyelec.com/wiki/index.php/NanoPi_R5S?ref=blog.threatresearcher.com#Official_image" rel="noreferrer">Per the instructions</a>, I downloaded the <a href="http://download.friendlyelec.com/NanoPiR5S?ref=blog.threatresearcher.com" rel="noreferrer">latest Official image</a> from the link and used the <em>Flash Official OS to eMMC</em> option via TF Card.</p><p>Further perusing lead me to the &quot;<a href="https://wiki.friendlyelec.com/wiki/index.php/Getting_Started_with_Proxmox/?ref=blog.threatresearcher.com" rel="noreferrer"><em>Getting Started with Proxmox</em></a>&quot; page. I used <a href="https://etcher.balena.io/?ref=blog.threatresearcher.com" rel="noreferrer">balenaEtcher </a>to write the file onto a 32-GB SDXC card (the multi-OS version takes up about 16GB decompressed), inserted it into the TF card slot and plugged-in the power brick. And then watched from the old spare monitor connected via HDMI as the system kept booting into a loop-cycle for a few hours before I gave up, powered the whole thing down, took a nap, then left for the airport to Japan.</p><p>Returning from Nara then Osaka via Haneda to the Narita airport a few days ago, I suddenly wondered if the power brick that I&apos;d used from the UniFi Flex Mini was the culprit. My assumption was that it provided 5V/2A but to my surprise it was actually only rated for 5V/<em><strong>1000mA</strong> </em>and the boot loop immediately righted itself once I plugged in the power to an Anker Prime Power Bank. Basic TF to eMMC installation took less than a minute for each SBC, after that:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2024/12/image-10.png" class="kg-image" alt="Installing Proxmox VE 8.x on ARM64 (NanoPi R5s)" loading="lazy" width="1920" height="945" srcset="https://blog.threatresearcher.com/content/images/size/w600/2024/12/image-10.png 600w, https://blog.threatresearcher.com/content/images/size/w1000/2024/12/image-10.png 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2024/12/image-10.png 1600w, https://blog.threatresearcher.com/content/images/2024/12/image-10.png 1920w" sizes="(min-width: 720px) 720px"></figure><p>I made sure to add all the <a href="https://github.com/jiangcuo/Proxmox-Port/blob/main/help/repo.md?ref=blog.threatresearcher.com" rel="noreferrer"><em>pve8 repos</em></a> and do an initial update of everything to bring up the Proxmox VE version from 8.2.x to 8.3.0</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2024/12/image-11.png" class="kg-image" alt="Installing Proxmox VE 8.x on ARM64 (NanoPi R5s)" loading="lazy" width="1328" height="781" srcset="https://blog.threatresearcher.com/content/images/size/w600/2024/12/image-11.png 600w, https://blog.threatresearcher.com/content/images/size/w1000/2024/12/image-11.png 1000w, https://blog.threatresearcher.com/content/images/2024/12/image-11.png 1328w" sizes="(min-width: 720px) 720px"></figure><p>But, there&apos;s one other problem, I <strong><em>wanted </em></strong>ZFS. Thankfully, I was able to find the source of the <a href="https://github.com/jiangcuo/Proxmox-Port/wiki/ZFS-Installation?ref=blog.threatresearcher.com" rel="noreferrer"><em>Proxmox-Port</em></a> that FriendlyELEC had used to build their image and it had <strong><em>part </em></strong>of the installation instructions. </p><p>In the case of the NanoPi R5s, I was able to find the <a href="https://wiki.friendlyelec.com/wiki/index.php/NanoPi_R5S?ref=blog.threatresearcher.com#Install_Kernel_Headers" rel="noreferrer"><em>header information</em></a> and <a href="https://wiki.friendlyelec.com/wiki/index.php/NanoPi_R5S?ref=blog.threatresearcher.com#Update_Kernel_to_Latest_Version" rel="noreferrer"><em>kernel</em> </a>that matched it from:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2024/12/image-6.png" class="kg-image" alt="Installing Proxmox VE 8.x on ARM64 (NanoPi R5s)" loading="lazy" width="576" height="391"></figure><p>Here&apos;s that download:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2024/12/image.png" class="kg-image" alt="Installing Proxmox VE 8.x on ARM64 (NanoPi R5s)" loading="lazy" width="1042" height="221" srcset="https://blog.threatresearcher.com/content/images/size/w600/2024/12/image.png 600w, https://blog.threatresearcher.com/content/images/size/w1000/2024/12/image.png 1000w, https://blog.threatresearcher.com/content/images/2024/12/image.png 1042w" sizes="(min-width: 720px) 720px"></figure><p>I gave it a go with just the headers, initially:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2024/12/image-1.png" class="kg-image" alt="Installing Proxmox VE 8.x on ARM64 (NanoPi R5s)" loading="lazy" width="732" height="249" srcset="https://blog.threatresearcher.com/content/images/size/w600/2024/12/image-1.png 600w, https://blog.threatresearcher.com/content/images/2024/12/image-1.png 732w" sizes="(min-width: 720px) 720px"></figure><p>And discovered that ZFS wasn&apos;t loading:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2024/12/image-2.png" class="kg-image" alt="Installing Proxmox VE 8.x on ARM64 (NanoPi R5s)" loading="lazy" width="733" height="425" srcset="https://blog.threatresearcher.com/content/images/size/w600/2024/12/image-2.png 600w, https://blog.threatresearcher.com/content/images/2024/12/image-2.png 733w" sizes="(min-width: 720px) 720px"></figure><p>Checking the available kernels, I noticed that 6.1.57 wasn&apos;t even one of the available options:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2024/12/image-3.png" class="kg-image" alt="Installing Proxmox VE 8.x on ARM64 (NanoPi R5s)" loading="lazy" width="606" height="236" srcset="https://blog.threatresearcher.com/content/images/size/w600/2024/12/image-3.png 600w, https://blog.threatresearcher.com/content/images/2024/12/image-3.png 606w"></figure><p>I&apos;ll save you some tinker time and say make sure to install the Linux kernel headers and images first. Then, <a href="https://github.com/openzfs/zfs/issues/13061?ref=blog.threatresearcher.com#issuecomment-1993687049" rel="noreferrer"><em>reconfigure zfs-dkms</em></a> for good measure, and then reboot:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2024/12/image-4.png" class="kg-image" alt="Installing Proxmox VE 8.x on ARM64 (NanoPi R5s)" loading="lazy" width="610" height="362" srcset="https://blog.threatresearcher.com/content/images/size/w600/2024/12/image-4.png 600w, https://blog.threatresearcher.com/content/images/2024/12/image-4.png 610w"></figure><p>And, now this error which was sort of weird:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2024/12/image-5.png" class="kg-image" alt="Installing Proxmox VE 8.x on ARM64 (NanoPi R5s)" loading="lazy" width="611" height="48" srcset="https://blog.threatresearcher.com/content/images/size/w600/2024/12/image-5.png 600w, https://blog.threatresearcher.com/content/images/2024/12/image-5.png 611w"></figure><p>This didn&apos;t fix things all the way and I found a reference to try and do a<em> </em><a href="https://www.reddit.com/r/debian/comments/xssc9q/comment/iqq9x61/?utm_source=share&amp;utm_medium=web3x&amp;utm_name=web3xcss&amp;utm_term=1&amp;utm_content=share_button" rel="noreferrer"><em>dkms autoinstall </em></a>which would help bake-in the missing ZFS modules into the kernel. I tried two-(2) different approaches to see which sequence works best but in the end they both worked.</p><figure class="kg-card kg-image-card kg-card-hascaption"><img src="https://blog.threatresearcher.com/content/images/2024/12/image-8.png" class="kg-image" alt="Installing Proxmox VE 8.x on ARM64 (NanoPi R5s)" loading="lazy" width="842" height="193" srcset="https://blog.threatresearcher.com/content/images/size/w600/2024/12/image-8.png 600w, https://blog.threatresearcher.com/content/images/2024/12/image-8.png 842w" sizes="(min-width: 720px) 720px"><figcaption><span style="white-space: pre-wrap;">Sequence A</span></figcaption></figure><figure class="kg-card kg-image-card kg-card-hascaption"><img src="https://blog.threatresearcher.com/content/images/2024/12/image-9.png" class="kg-image" alt="Installing Proxmox VE 8.x on ARM64 (NanoPi R5s)" loading="lazy" width="833" height="289" srcset="https://blog.threatresearcher.com/content/images/size/w600/2024/12/image-9.png 600w, https://blog.threatresearcher.com/content/images/2024/12/image-9.png 833w" sizes="(min-width: 720px) 720px"><figcaption><span style="white-space: pre-wrap;">Sequence B</span></figcaption></figure><p>And profit!</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2024/12/image-7.png" class="kg-image" alt="Installing Proxmox VE 8.x on ARM64 (NanoPi R5s)" loading="lazy" width="818" height="443" srcset="https://blog.threatresearcher.com/content/images/size/w600/2024/12/image-7.png 600w, https://blog.threatresearcher.com/content/images/2024/12/image-7.png 818w" sizes="(min-width: 720px) 720px"></figure><p>Once the ZFS pool(s) are created to your liking then you can try some of the<a href="https://pve.proxmox.com/wiki/ZFS:_Tips_and_Tricks?ref=blog.threatresearcher.com" rel="noreferrer"><em> tips and tricks</em></a> to create dataset folders. Because we&apos;re dealing with ZFS, it is these dataset folders that you can map from the Proxmox VE <em>Datacenter -&gt; Storage</em> options to contain whatever image types you prefer.</p><p>My initial impression based on a quick test, from a usability standpoint, its easier to create an ARM64 virtual machine inside a standard x86 host machine than the other way around. That may simply be due to the limitations of the SBC hardware that I have on hand.</p><p>So, in summary, this works thanks to the magic of Linux and hardware cross-compatibility, and all the hard work poured over this Proxmox VE fork. I&apos;d really love to see it officially adopted and it might have even happened if large enough volume installs merited official developer support. As it is, Apple no longer makes servers; while Intel and AMD have finally caught-up to Qualcomm <a href="https://blog.threatresearcher.com/meeting-with-some-copilot-pcs-left-me-unimpressed-why/" rel="noreferrer">since I last wrote about it</a> a few months ago. </p><p>If I do find an Apple Silicon to play around with, you can be sure I&apos;m going to give this build another try and update y&apos;all. Happy tinkering!<br></p>]]></content:encoded></item><item><title><![CDATA[Large Action Models vs the Rabbit R1 (and others)]]></title><description><![CDATA[<p>The Rabbit R1 was introduced during CES 2024 and it was probably one of the promised products that helped make the the term Large Action Models (LAM) more widely known compared to mainstream Large Language Models (LLM) and,  to a degree, the future iteration which is Large <strong><em>Agentic </em></strong>Models (L<strong></strong></p>]]></description><link>https://blog.threatresearcher.com/large-action-models-vs-rabbi-r1-and-others-like-it/</link><guid isPermaLink="false">6679128bf2a71002988d68b1</guid><category><![CDATA[large action model]]></category><category><![CDATA[LLM]]></category><category><![CDATA[IoT]]></category><dc:creator><![CDATA[Jamz Yaneza]]></dc:creator><pubDate>Fri, 05 Jul 2024 23:24:00 GMT</pubDate><media:content url="https://images.unsplash.com/photo-1439436556258-1f7fab1bfd4f?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wxMTc3M3wwfDF8c2VhcmNofDE1OHx8cmFiYml0JTIwY29tcHV0ZXJ8ZW58MHx8fHwxNzIwMjIxNzc3fDA&amp;ixlib=rb-4.0.3&amp;q=80&amp;w=2000" medium="image"/><content:encoded><![CDATA[<img src="https://images.unsplash.com/photo-1439436556258-1f7fab1bfd4f?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wxMTc3M3wwfDF8c2VhcmNofDE1OHx8cmFiYml0JTIwY29tcHV0ZXJ8ZW58MHx8fHwxNzIwMjIxNzc3fDA&amp;ixlib=rb-4.0.3&amp;q=80&amp;w=2000" alt="Large Action Models vs the Rabbit R1 (and others)"><p>The Rabbit R1 was introduced during CES 2024 and it was probably one of the promised products that helped make the the term Large Action Models (LAM) more widely known compared to mainstream Large Language Models (LLM) and,  to a degree, the future iteration which is Large <strong><em>Agentic </em></strong>Models (L<strong><em>A</em></strong>M).</p><blockquote>This got me excited since this would essentially be a physical example of what an LLM stand-alone device could be. Yes, I knew it would be buggy. And, so, I pre-ordered as soon as it became possible to do so. I&apos;ll get to the unboxing later below.</blockquote><p>Rabbit notes what <a href="https://www.rabbit.tech/research?ref=blog.threatresearcher.com" rel="noreferrer">their definition</a> of what a Large Action Model as:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2024/06/image-10.png" class="kg-image" alt="Large Action Models vs the Rabbit R1 (and others)" loading="lazy" width="1352" height="602" srcset="https://blog.threatresearcher.com/content/images/size/w600/2024/06/image-10.png 600w, https://blog.threatresearcher.com/content/images/size/w1000/2024/06/image-10.png 1000w, https://blog.threatresearcher.com/content/images/2024/06/image-10.png 1352w" sizes="(min-width: 720px) 720px"></figure><p>Whereas, the newsletter<a href="https://pub.towardsai.net/whats-emerging-in-ai-autonomous-multi-agents-and-large-action-agentic-models-lams-7e882a659565?ref=blog.threatresearcher.com" rel="noreferrer"> Towards AI</a> published their mapping comparison last March of how these currently map in their estimation:</p><figure class="kg-card kg-image-card kg-card-hascaption"><img src="https://miro.medium.com/v2/resize:fit:700/1*6Iy0izXqfNDALR8Iiq-uzQ.png" class="kg-image" alt="Large Action Models vs the Rabbit R1 (and others)" loading="lazy" width="700" height="627"><figcaption><span style="white-space: pre-wrap;">Towards AI LLM vs LAM vs LAM comparison Q1 2024</span></figcaption></figure><p>However ....</p><p>I think some earlier example of agentic model reasoning</p><p>In a paper published on Arxiv towards the end of January 2024 talked about LLM Situational Awareness. One of the examples was a generated image and an action-flow based on what was seen, including a all to restock whatever was needed for refill. </p><p>The thing is, back in 2013 a similar function was available on some refrigerators as reported on <a href="https://www.cnet.com/videos/the-lg-smart-refrigerator-know-what-you-have-knows-what-you-need/?ref=blog.threatresearcher.com" rel="noreferrer"><em>CNET: The LG Smart Refrigerator know what you have, knows what you need</em></a>. But, maybe that was probably a low hanging fruit choice example. The other examples in the paper were more interesting, such as a potentially to automatically call emergency services during life threatening situations. I doubt my smart fridge, 10-years old technology as it is, would do that. But, perhaps an <a href="https://support.apple.com/en-us/108374?ref=blog.threatresearcher.com" rel="noreferrer">SOS from a smart watch</a>? Or in the case of vehicle accidents then the onboard computer (<a href="https://www.onstar.com/features/emergency-services?ref=blog.threatresearcher.com" rel="noreferrer">the old OnStar emergency services comes to mind</a>). Since everyone has a phone, then Android <a href="https://www.android.com/safety/emergency-help/emergency-location-service/?ref=blog.threatresearcher.com" rel="noreferrer">location services</a>?</p><p>My point here, being that any new use of GenAI should be showing improvements from things that already exist on many consumer devices.</p><p>Once the Rabbit R1 arrived, I let it sit on the table top for a few weeks. I gave everyone the chance to either love or pan it, as well as the developers a chance to fix the pre-release bugs they could. Today, I decided to review it. What are weekends for, right?</p><figure class="kg-card kg-embed-card kg-card-hascaption"><iframe width="200" height="113" src="https://www.youtube.com/embed/pdkP7VIBuHg?feature=oembed" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen title="Rabbit R1 - Unboxing and First Impressions"></iframe><figcaption><p><span style="white-space: pre-wrap;">Rabbit R1 - Unboxing and First Impressions</span></p></figcaption></figure><p>I found it odd that Rabbit&apos;s service link calls out to a link called VPN Proxy. Maybe its to circumvent or hedge against some network filtering? Whatever it is, the result was a wait-time to get to the log-in screen for each service. </p><p>In the case of Door Dash it wouldn&apos;t even let me in because there were &quot;numerous logins from my IP&quot;. Well, uh, oh! Me thinks that its possible that the use of that transitional VPN could be the culprit? I&apos;ll try to give it 24-hours and if it still does the same then that more or less confirms my hunch.</p><figure class="kg-card kg-image-card kg-card-hascaption"><img src="https://blog.threatresearcher.com/content/images/2024/06/image-9.png" class="kg-image" alt="Large Action Models vs the Rabbit R1 (and others)" loading="lazy" width="1034" height="1235" srcset="https://blog.threatresearcher.com/content/images/size/w600/2024/06/image-9.png 600w, https://blog.threatresearcher.com/content/images/size/w1000/2024/06/image-9.png 1000w, https://blog.threatresearcher.com/content/images/2024/06/image-9.png 1034w" sizes="(min-width: 720px) 720px"><figcaption><span style="white-space: pre-wrap;">LAM Agents</span></figcaption></figure><p>(to be continued!)</p>]]></content:encoded></item><item><title><![CDATA[Meeting with some Copilot+ PCs left me unimpressed. Why?]]></title><description><![CDATA[Discover why Copilot+ PCs failed to impress at first blush. Explore performance issues and user experience insights in our latest blog post.”]]></description><link>https://blog.threatresearcher.com/meeting-with-some-copilot-pcs-left-me-unimpressed-why/</link><guid isPermaLink="false">668851baf2a71002988d6aa6</guid><category><![CDATA[AI PC]]></category><category><![CDATA[Copilot+ PC]]></category><category><![CDATA[LLM]]></category><category><![CDATA[Azure OpenAI]]></category><dc:creator><![CDATA[Jamz Yaneza]]></dc:creator><pubDate>Fri, 05 Jul 2024 21:29:41 GMT</pubDate><media:content url="https://images.unsplash.com/photo-1677442136019-21780ecad995?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wxMTc3M3wwfDF8c2VhcmNofDk1fHxnZW5lcmF0aXZlJTIwYWl8ZW58MHx8fHwxNzIwMjE0OTAxfDA&amp;ixlib=rb-4.0.3&amp;q=80&amp;w=2000" medium="image"/><content:encoded><![CDATA[<img src="https://images.unsplash.com/photo-1677442136019-21780ecad995?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wxMTc3M3wwfDF8c2VhcmNofDk1fHxnZW5lcmF0aXZlJTIwYWl8ZW58MHx8fHwxNzIwMjE0OTAxfDA&amp;ixlib=rb-4.0.3&amp;q=80&amp;w=2000" alt="Meeting with some Copilot+ PCs left me unimpressed. Why?"><p>Its literally been a week since I walked into a Costco and took notice of the electronics area. This is the normal store layout: beautiful 8k and 4k OLED displays first followed by some quick-selling items (that day it was golf shirts), turn the slight corner and you have the laptop display right next to the tablets and phones. I normally skip this area quickly since I have a &quot;phablet&quot; (when was the last time you head that term used?!) in the trappings of a Samsung Galaxy Fold4 and a factory replaced Pixel 7 Pro (ever since the Pixel 6 Pro met its photographic hardware demise) and there is nothing in terms of a mobile carrier combo that the service people in that area can offer me better than what I, already, have.</p><p>However, something caught my eye that day. I must have been thinking about the projects I was doing and combination of hardware that are in this blog. Were those actual <a href="https://www.costco.com/CatalogSearch?dept=All&amp;keyword=copilot%2B&amp;ref=blog.threatresearcher.com" rel="noreferrer">Copilot+ PCs on display</a>? Not just one, but two!</p><figure class="kg-card kg-gallery-card kg-width-wide"><div class="kg-gallery-container"><div class="kg-gallery-row"><div class="kg-gallery-image"><img src="https://blog.threatresearcher.com/content/images/2024/07/PXL_20240628_205454059.jpg" width="720" height="405" loading="lazy" alt="Meeting with some Copilot+ PCs left me unimpressed. Why?" srcset="https://blog.threatresearcher.com/content/images/size/w600/2024/07/PXL_20240628_205454059.jpg 600w, https://blog.threatresearcher.com/content/images/2024/07/PXL_20240628_205454059.jpg 720w" sizes="(min-width: 720px) 720px"></div><div class="kg-gallery-image"><img src="https://blog.threatresearcher.com/content/images/2024/07/PXL_20240628_205512679.jpg" width="720" height="405" loading="lazy" alt="Meeting with some Copilot+ PCs left me unimpressed. Why?" srcset="https://blog.threatresearcher.com/content/images/size/w600/2024/07/PXL_20240628_205512679.jpg 600w, https://blog.threatresearcher.com/content/images/2024/07/PXL_20240628_205512679.jpg 720w" sizes="(min-width: 720px) 720px"></div></div></div></figure><h3 id="make-and-finish">Make and finish</h3><p>I stepped closer and lifted each in turn, testing for the weight and sturdiness of how I might use it in day-to-day. </p><p>The keyboard on the <a href="https://www.costco.com/microsoft-surface-pro-copilot%2b-pc-bundle---13%22-pixelsense-flow-2880-x-1920-touchscreen--qualcomm-snapdragon-x-plus--10-core-processor----windows-11---graphite.product.4000274473.html?ref=blog.threatresearcher.com" rel="noreferrer">Microsoft Surface Pro</a> immediately dropped away. Ok! It felt almost exactly like the first time I held an iPad with its keyboard case more than a decade or so ago. Lighter. Plastic-like or flimsy is what came to mind. Somehow, my expectation due to the look was something akin to a Lenovo X1 Carbon &#x2013; but, it wasn&apos;t. This thing will probably break in pieces if dropped on the floor together with that 16-hundred dollars and change.</p><p>The <a href="https://www.costco.com/asus-vivobook-s-copilot%2b-pc--15.6%22-oled-2880-x-1620-laptop---qualcomm-snapdragon-x-elite-12-core-processor---windows-11.product.4000280037.html?ref=blog.threatresearcher.com" rel="noreferrer">Asus Vivobook</a> felt more familiar as a laptop. Well, actually, wouldn&apos;t it be more fair to compare this to a Chromebook? Unfortunately, even if it was plugged with lights underneath the keyboard no amount of fiddling with it could turn the display on. No <em>audio or visual sensory feas</em>t here. It was simply &quot;dead, Jim.&quot;</p><h3 id="out-of-the-box-experience">Out-of-the-box experience</h3><p>When you put something on the floor display make sure it has every chance to impress. The only thing that seemed to have been done to the Surface Pro was make sure it was connected to the official demo Wi-Fi connection. Apart from that there was this rectangular widget-like window that I had to partially configure and accept EULA&apos;s in behalf of the next user after me. In truth, it doesn&apos;t seem like anyone had touched this thing since it rolled onto the floor if I had to do the initial set-up. After all the hype leading to and from the <a href="https://blog.threatresearcher.com/measuring-azure-openai-gpt4o-vs-ollama-models/" rel="noreferrer">Microsoft event</a> I was expecting fireworks, balloons, and cotton candy. If this was a State Fair in Texas then give me something fried and dipped in butter with a beer on the side! But, no. None of that.</p><h3 id="lets-take-it-for-a-spin">Let&apos;s take it for a spin</h3><p>There was no settings that I could configure (nor did I want to sign-in my own account). But, there should have been one set-up. Regardless, I was going to test it the usual way. </p><blockquote>In the succeeding screenshots the fuzzy ones are from the Costco display and the clear ones are from Copilot in Windows (preview) on this desktop that I&apos;m writing on.</blockquote><p>This is a solo shot but if memory serves it was similar on the Surface Pro:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2024/07/image-1.png" class="kg-image" alt="Meeting with some Copilot+ PCs left me unimpressed. Why?" loading="lazy" width="1360" height="1123" srcset="https://blog.threatresearcher.com/content/images/size/w600/2024/07/image-1.png 600w, https://blog.threatresearcher.com/content/images/size/w1000/2024/07/image-1.png 1000w, https://blog.threatresearcher.com/content/images/2024/07/image-1.png 1360w" sizes="(min-width: 720px) 720px"></figure><p>Now, let&apos;s ask the <a href="https://blog.threatresearcher.com/ollama-performance-comparison-chart/" rel="noreferrer">standard question</a>:</p><figure class="kg-card kg-gallery-card kg-width-wide kg-card-hascaption"><div class="kg-gallery-container"><div class="kg-gallery-row"><div class="kg-gallery-image"><img src="https://blog.threatresearcher.com/content/images/2024/07/PXL_20240628_204359732.jpg" width="1080" height="608" loading="lazy" alt="Meeting with some Copilot+ PCs left me unimpressed. Why?" srcset="https://blog.threatresearcher.com/content/images/size/w600/2024/07/PXL_20240628_204359732.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2024/07/PXL_20240628_204359732.jpg 1000w, https://blog.threatresearcher.com/content/images/2024/07/PXL_20240628_204359732.jpg 1080w" sizes="(min-width: 720px) 720px"></div><div class="kg-gallery-image"><img src="https://blog.threatresearcher.com/content/images/2024/07/Screenshot-2024-07-05-154352.png" width="1144" height="835" loading="lazy" alt="Meeting with some Copilot+ PCs left me unimpressed. Why?" srcset="https://blog.threatresearcher.com/content/images/size/w600/2024/07/Screenshot-2024-07-05-154352.png 600w, https://blog.threatresearcher.com/content/images/size/w1000/2024/07/Screenshot-2024-07-05-154352.png 1000w, https://blog.threatresearcher.com/content/images/2024/07/Screenshot-2024-07-05-154352.png 1144w" sizes="(min-width: 720px) 720px"></div></div></div><figcaption><p><span style="white-space: pre-wrap;">Why is the sky blue?</span></p></figcaption></figure><p>How about some web search capabilities? Lets look for a blog on local AI usage from a local (<em>this</em> blog). This tests the <em>location access rights</em> the OS and app asked permissions for, as well:</p><figure class="kg-card kg-gallery-card kg-width-wide kg-card-hascaption"><div class="kg-gallery-container"><div class="kg-gallery-row"><div class="kg-gallery-image"><img src="https://blog.threatresearcher.com/content/images/2024/07/PXL_20240628_205313898.jpg" width="1080" height="608" loading="lazy" alt="Meeting with some Copilot+ PCs left me unimpressed. Why?" srcset="https://blog.threatresearcher.com/content/images/size/w600/2024/07/PXL_20240628_205313898.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2024/07/PXL_20240628_205313898.jpg 1000w, https://blog.threatresearcher.com/content/images/2024/07/PXL_20240628_205313898.jpg 1080w" sizes="(min-width: 720px) 720px"></div><div class="kg-gallery-image"><img src="https://blog.threatresearcher.com/content/images/2024/07/Screenshot-2024-07-05-155508.png" width="1144" height="1027" loading="lazy" alt="Meeting with some Copilot+ PCs left me unimpressed. Why?" srcset="https://blog.threatresearcher.com/content/images/size/w600/2024/07/Screenshot-2024-07-05-155508.png 600w, https://blog.threatresearcher.com/content/images/size/w1000/2024/07/Screenshot-2024-07-05-155508.png 1000w, https://blog.threatresearcher.com/content/images/2024/07/Screenshot-2024-07-05-155508.png 1144w" sizes="(min-width: 720px) 720px"></div></div></div><figcaption><p><span style="white-space: pre-wrap;">Can it web search?</span></p></figcaption></figure><p>As you can see it can&apos;t find the information that a simple Bing web search would:</p><figure class="kg-card kg-image-card kg-card-hascaption"><img src="https://blog.threatresearcher.com/content/images/2024/07/Screenshot-2024-07-05-155405.png" class="kg-image" alt="Meeting with some Copilot+ PCs left me unimpressed. Why?" loading="lazy" width="1409" height="1296" srcset="https://blog.threatresearcher.com/content/images/size/w600/2024/07/Screenshot-2024-07-05-155405.png 600w, https://blog.threatresearcher.com/content/images/size/w1000/2024/07/Screenshot-2024-07-05-155405.png 1000w, https://blog.threatresearcher.com/content/images/2024/07/Screenshot-2024-07-05-155405.png 1409w" sizes="(min-width: 720px) 720px"><figcaption><span style="white-space: pre-wrap;">Web searching trumps non-agentic LLM one-shot questions</span></figcaption></figure><p>And when somehow it tries to later on stay on topic locally for &quot;Texas&quot; it then fails in the overall topic context of <em>technology</em> and goes <em>religion</em>. Granted, such a link does exist if you&apos;ve recently been watching some episodes of the <a href="https://en.wikipedia.org/wiki/3_Body_Problem_(TV_series)?ref=blog.threatresearcher.com" rel="noreferrer"><em>3 Body Problem</em></a>. The standard non-Copilot+ PC has no issues with this question or context.</p><figure class="kg-card kg-gallery-card kg-width-wide"><div class="kg-gallery-container"><div class="kg-gallery-row"><div class="kg-gallery-image"><img src="https://blog.threatresearcher.com/content/images/2024/07/PXL_20240628_205334418.jpg" width="1080" height="608" loading="lazy" alt="Meeting with some Copilot+ PCs left me unimpressed. Why?" srcset="https://blog.threatresearcher.com/content/images/size/w600/2024/07/PXL_20240628_205334418.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2024/07/PXL_20240628_205334418.jpg 1000w, https://blog.threatresearcher.com/content/images/2024/07/PXL_20240628_205334418.jpg 1080w" sizes="(min-width: 720px) 720px"></div><div class="kg-gallery-image"><img src="https://blog.threatresearcher.com/content/images/2024/07/Screenshot-2024-07-05-155853.png" width="1144" height="1392" loading="lazy" alt="Meeting with some Copilot+ PCs left me unimpressed. Why?" srcset="https://blog.threatresearcher.com/content/images/size/w600/2024/07/Screenshot-2024-07-05-155853.png 600w, https://blog.threatresearcher.com/content/images/size/w1000/2024/07/Screenshot-2024-07-05-155853.png 1000w, https://blog.threatresearcher.com/content/images/2024/07/Screenshot-2024-07-05-155853.png 1144w" sizes="(min-width: 720px) 720px"></div></div></div></figure><p>Here are my attempts to steer the Surface Pro Copilot+ PC to the right direction with <em>clues</em> that the LLM should be able to pick-up but, here, it continues to loose focus on the context and just spit out answers to the most recent question. </p><figure class="kg-card kg-gallery-card kg-width-wide"><div class="kg-gallery-container"><div class="kg-gallery-row"><div class="kg-gallery-image"><img src="https://blog.threatresearcher.com/content/images/2024/07/PXL_20240628_205345260.jpg" width="1080" height="608" loading="lazy" alt="Meeting with some Copilot+ PCs left me unimpressed. Why?" srcset="https://blog.threatresearcher.com/content/images/size/w600/2024/07/PXL_20240628_205345260.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2024/07/PXL_20240628_205345260.jpg 1000w, https://blog.threatresearcher.com/content/images/2024/07/PXL_20240628_205345260.jpg 1080w" sizes="(min-width: 720px) 720px"></div><div class="kg-gallery-image"><img src="https://blog.threatresearcher.com/content/images/2024/07/PXL_20240628_205353142.jpg" width="1080" height="608" loading="lazy" alt="Meeting with some Copilot+ PCs left me unimpressed. Why?" srcset="https://blog.threatresearcher.com/content/images/size/w600/2024/07/PXL_20240628_205353142.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2024/07/PXL_20240628_205353142.jpg 1000w, https://blog.threatresearcher.com/content/images/2024/07/PXL_20240628_205353142.jpg 1080w" sizes="(min-width: 720px) 720px"></div><div class="kg-gallery-image"><img src="https://blog.threatresearcher.com/content/images/2024/07/PXL_20240628_205411637.jpg" width="1080" height="608" loading="lazy" alt="Meeting with some Copilot+ PCs left me unimpressed. Why?" srcset="https://blog.threatresearcher.com/content/images/size/w600/2024/07/PXL_20240628_205411637.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2024/07/PXL_20240628_205411637.jpg 1000w, https://blog.threatresearcher.com/content/images/2024/07/PXL_20240628_205411637.jpg 1080w" sizes="(min-width: 720px) 720px"></div></div></div></figure><p>Honestly, my Amazon Alexa and army of Google Chromecast can do this better in spades and those aren&apos;t even upgraded to use Anthropic or Gemini, respectively!</p><h3 id="copilot-with-online-strings-attached">Copilot with online strings attached</h3><p>I mentioned early on that the WiFi was connected to the demo access point. While making sure I was getting the best experience via a normal speed test, I tried a few queries on this so-called Copilot app experience and was greeted with a need to be online for things to work. </p><p><strong><em>What?!</em></strong> I mean, whatever happened to the point of having an NPU chip on this thing? How could a device that is 5-years newer be worse than what my home-built 12-core (24-threaded) AMD Ryzen desktop PC is able to do with the Copilot preview on the task bar?</p><p>I&apos;m going to have to try sometime later, perhaps in Part 2, and install Ollama to force this Surface Pro to work as it should. That being said, it appears that is the same experience that <a href="https://www.pcworld.com/article/2375380/windows-copilot-ai-features-feel-like-early-tech-demos-at-best.html?ref=blog.threatresearcher.com" rel="noreferrer">PCWorld reported</a> about the same time a week or so ago. </p><blockquote>Bottom line: When offline, the current generation of Copilot+ PCs are dead in the water for anything AI related.</blockquote><h3 id="game-on">Game on</h3><p>Let&apos;s not even go there? But, since you&apos;re here I might as well mention one more time that my <a href="https://wccftech.com/review/sapphire-nitro-radeon-rx-5700xt-top-tier-navi/2/?ref=blog.threatresearcher.com" rel="noreferrer">AMD Raden 5700XT</a> from 2019 gives me around 19.51 TFLOPS whereas the Surface Pro barely <em>eeks out</em> 4.6 TFLOPS. That&apos;s simply horrible for any serious gaming in terms of rendering framework and similarly what was, also, <a href="https://www.pcworld.com/article/2378322/qualcomm-adreno-x1-vs-intel-arc-real-world-performance-in-7-games.html?ref=blog.threatresearcher.com" rel="noreferrer">reported elsewhere</a>. The fair but mismatched comparison of the Surface Pro would be against the same Qualcomm Adreno line-up performance of the Samsung Galaxy Fold4, but in a laptop/tablet-ish format.</p><blockquote>Bottom line: No Cyberpunk 2077 for you!</blockquote><h3 id="not-blown-away">Not blown away</h3><p>It&apos;s ok. But, like I just showed, these demo floor units and the way Copilot+ PC (and AI PCs that are coming out from AMD and Intel later this year with more serious APU applications) need to think about the user experience if they&apos;re going to try to show the benefits of what generative AI can do. </p><blockquote>Bottom line: Will the real Copilot+ PC with fireworks blazing please stand up? Please stand up?! Right now, this is meh. </blockquote><h3 id="outtakes">Outtakes</h3><p>This is where my testing ended. I didn&apos;t want to hog the demo units any longer than any casual buyer. However, as I stepped back to give the next person in line a chance to try is when I noticed there was no one wanting to do so.</p><p>Not one kid. Not one teenager. Not one curious geeky adult like me. What?</p><h3 id="the-competition">The Competition</h3><p>In other news, Apple with the<a href="https://www.apple.com/apple-intelligence/?ref=blog.threatresearcher.com" rel="noreferrer"> Apple Intelligence</a> implementation which upgrades Siri on the iPhone 16 (partially backported to iPhone 15 Max) and MacOS Sequoia with OpenAI built-in comes out later this year in the Fall. </p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2024/07/image-2.png" class="kg-image" alt="Meeting with some Copilot+ PCs left me unimpressed. Why?" loading="lazy" width="2000" height="1237" srcset="https://blog.threatresearcher.com/content/images/size/w600/2024/07/image-2.png 600w, https://blog.threatresearcher.com/content/images/size/w1000/2024/07/image-2.png 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2024/07/image-2.png 1600w, https://blog.threatresearcher.com/content/images/2024/07/image-2.png 2024w" sizes="(min-width: 720px) 720px"></figure><p>The way things are going I&apos;m pretty sure Apple is going to go hard on AI functionality in every device they have so it is going to be interesting to see if <a href="https://www.apple.com/newsroom/2024/06/introducing-apple-intelligence-for-iphone-ipad-and-mac/?ref=blog.threatresearcher.com" rel="noreferrer">demo lines </a>are busier come that time.</p><p></p>]]></content:encoded></item><item><title><![CDATA[UniFi Cloud Key Gen2 Plus Protect Hardware Upgrade Tips]]></title><description><![CDATA[We discuss the upgrade options for the Cloud Key Gen2 Plus (UCK-G2-PLUS) and tips on how to replace storage and recover from quirks of the UniFi operating system.]]></description><link>https://blog.threatresearcher.com/unifi-cloudkey-gen2-protect-hardware-upgrade-tips/</link><guid isPermaLink="false">66797d85f2a71002988d693f</guid><category><![CDATA[UniFi]]></category><category><![CDATA[Ubiquiti]]></category><category><![CDATA[UCK-Gen2-Plus]]></category><category><![CDATA[UniFi Protect]]></category><dc:creator><![CDATA[Jamz Yaneza]]></dc:creator><pubDate>Mon, 24 Jun 2024 15:49:24 GMT</pubDate><media:content url="https://images.unsplash.com/photo-1535557597501-0fee0a500c57?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wxMTc3M3wwfDF8c2VhcmNofDU1fHxjbG91ZCUyMGtleXxlbnwwfHx8fDE3MTkyNDIyODd8MA&amp;ixlib=rb-4.0.3&amp;q=80&amp;w=2000" medium="image"/><content:encoded><![CDATA[<img src="https://images.unsplash.com/photo-1535557597501-0fee0a500c57?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wxMTc3M3wwfDF8c2VhcmNofDU1fHxjbG91ZCUyMGtleXxlbnwwfHx8fDE3MTkyNDIyODd8MA&amp;ixlib=rb-4.0.3&amp;q=80&amp;w=2000" alt="UniFi Cloud Key Gen2 Plus Protect Hardware Upgrade Tips"><p>Some two-(2) years ago now, I posted a a video about a bunch of UniFi/Ubiquiti hardware that I&apos;d suggested for purchase to better manage my research team&apos;s various network use remotely with the idea that there was no guarantee I would consistently be able to access it physically due to whatever circumstance. The choice of a more user-friendly GUI was a big plus since I&apos;ve been trying to teach, upgrade, and pass-along some intermediary networking skills as we all move into cloud native architectures.</p><figure class="kg-card kg-embed-card kg-card-hascaption"><iframe width="200" height="113" src="https://www.youtube.com/embed/i5kii6JTmiw?feature=oembed" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen title="Ubiquiti/UniFi Cloud Key Gen2 Plus, Pro 48, Aggregation - Unboxing and First Impressions"></iframe><figcaption><p><span style="white-space: pre-wrap;">Office Lab Overhaul for Ease of Remote Administration and Learning Curve</span></p></figcaption></figure><p>Now, I actually use these prosumer devices myself and I have, in fact, detailed <a href="https://blog.threatresearcher.com/unifi-ap-firmware-latest-vs-stable-part-i/" rel="noreferrer">some </a>of the <a href="https://blog.threatresearcher.com/unifi-ap-firmware-latest-vs-stable-part-ii/" rel="noreferrer">quirks </a>of using UniFi WiFi products in the blog. However, for the office research lab needs and IT policies, it was to be lined all the way. So be it.  </p><p>And then, the pandemic happened and that was immediately a return on investment in terms of time. Good thinking Wonder Dog? Me thinks so!</p><h3 id="upgrade-path">Upgrade Path</h3><p>There have been several different upgrades to the <a href="https://store.ui.com/us/en/collections/unifi-accessory-tech-hosting-and-gateways-small-scale/products/uck-g2-plus?ref=blog.threatresearcher.com" rel="noreferrer">UCK-G2-PLUS</a> line-up in the last three-(3) years. I&apos;m going to to stay with the line-up that still offers UniFi Protect at the ~$500 range and keep this entry geared towards my prosumer/SOHO audience. </p><p>You would think that the similarly priced <a href="https://store.ui.com/us/en/collections/unifi-accessory-tech-hosting-and-gateways-small-scale/products/uxg-max?ref=blog.threatresearcher.com" rel="noreferrer">UXG-Max</a> would be the upgrade, and you would be wrong. This needs a Cloud Key to function as noted in the description. Think of it as a network bridge.</p><p>The most logical upgrade a few months would have been the Dream line-up starting with the, so called, <a href="https://store.ui.com/us/en/pro/category/all-unifi-cloud-gateways/products/udr?ref=blog.threatresearcher.com" rel="noreferrer">Dream Router (UDR).</a> The addition of a WiFi 6 access point at the same price point is the right path if you don&apos;t mind the pill-like form factor.</p><p>The next one to consider would be the <a href="https://store.ui.com/us/en/pro/category/cloud-gateways-large-scale/products/udm-pro?ref=blog.threatresearcher.com" rel="noreferrer">Dream Machine Pro (UDM-Pro)</a> which gives you a taste of 10G networking via SFP+</p><p>If you&apos;re jumping from the original UCK or UDR then it would be worthwhile upgrade to the <a href="https://store.ui.com/us/en/pro/category/all-unifi-cloud-gateways/products/udm-se?ref=blog.threatresearcher.com" rel="noreferrer">Dream Machine Special Edition (UDM-SE)</a> which adds some incremental IPS routing upgrade and POE features.</p><p>No longer in the sub-$500 range? It is sneaky for UniFi to slot-in an upgrade path to 2.5GbE with all the above features for an additional $100. But, that&apos;s what they did in the <a href="https://store.ui.com/us/en/pro/category/cloud-gateways-large-scale/products/udm-pro-max?ref=blog.threatresearcher.com" rel="noreferrer">Dream Machine Pro Max (UDM-Pro-Max)</a> and it answered one of the most requested features during the pandemic as the industry and the world looked to improving network speeds without having to commit to fiber or totally re-line their networks.</p><blockquote>If you&apos;d like me to talk a bit more on the enterprise-grade switches in my initial video, let me know and I might just make a follow-up on that.</blockquote><h3 id="rack-mounting">Rack Mounting</h3><p>If you purchased the <strong>rack mounting</strong> accessory, you may find yourself wondering why it doesn&apos;t slot correctly:</p><figure class="kg-card kg-embed-card kg-card-hascaption"><iframe width="200" height="113" src="https://www.youtube.com/embed/zf18ubEDgjM?feature=oembed" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen title="How to connect UniFi Cloud Key Gen2 Rack Mount (CKG2-RM) correctly?"></iframe><figcaption><p><span style="white-space: pre-wrap;">Correctly rack-mounting the UCK-G2-Plus</span></p></figcaption></figure><p>And, if after doing that the screen doesn&apos;t light-up? It&apos;s the<strong> tape seal</strong>:</p><figure class="kg-card kg-embed-card kg-card-hascaption"><iframe width="200" height="113" src="https://www.youtube.com/embed/MCAhaTu_pOw?feature=oembed" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen title="Prepare UniFi Cloud Key Plus (UCK-G2-PLUS) for rack mounting? Remove the tape!"></iframe><figcaption><p><span style="white-space: pre-wrap;">Remove the seal tape before mounting the UCK-G2-Plus</span></p></figcaption></figure><p>If the LCD goes into <strong>Night Mode</strong> immediately and you can&apos;t see the display this has everything to do with your Console Settings and the time of day you were doing this installation. Check there.</p><h3 id="storage-vs-protect">Storage vs Protect</h3><p>Last week the internal 2.5-inch one-(1) TB Toshiba 5400RPM spinning disk finally gave-up. These are <a href="https://www.digikey.com/short/35zdjqn9?ref=blog.threatresearcher.com" rel="noreferrer">OEM priced</a> at about $67/piece and constitute about 30% of the total hardware price. Based on the specs these run at 5V, which is the expected available power for any disk replacement option. Take note of that.</p><figure class="kg-card kg-image-card kg-card-hascaption"><img src="https://blog.threatresearcher.com/content/images/2024/06/image-11.png" class="kg-image" alt="UniFi Cloud Key Gen2 Plus Protect Hardware Upgrade Tips" loading="lazy" width="711" height="993" srcset="https://blog.threatresearcher.com/content/images/size/w600/2024/06/image-11.png 600w, https://blog.threatresearcher.com/content/images/2024/06/image-11.png 711w"><figcaption><span style="white-space: pre-wrap;">OEM Toshiba MQ01ABD100V 1TB 5400 RPM</span></figcaption></figure><p>Cloud Keys (and some in the line-up) run hot and don&apos;t have a fan by design. Instead, it uses the casing to dissipate the heat. This makes it so the devices are absolutely acceptable right next to your work space, just make sure it is well ventilated.</p><blockquote>Are you dedicating a room  and air-conditioning to a converted server room? I once did that in Northern California. We&apos;re not doing that again. This human comes first, this time. Come talk to me in the weekly Hardware Geeks Anonymous meetings.</blockquote><p>Ubiquiti made the tool-less storage upgrade process painless. All you have to do is slide the switch and the drive tray will pop out. </p><p>When selecting the replacement drive make sure it is a CMR (not SMR disk). There are not CMR disks beyond 4TB, as of today&apos;s search. That&apos;s a clue if you go online-shopping for a spinning disk. <a href="https://support-en.wd.com/app/answers/detailweb/a_id/50697/~/steps-to-determine-if-an-internal-drive-uses-cmr-or-smr-technology?ref=blog.threatresearcher.com" rel="noreferrer">Western Digital</a>, who now owns SanDisk, got a lot of <a href="https://www.pcgamer.com/wd-rebrands-its-red-hard-drives-after-getting-hit-with-a-lawsuit/?ref=blog.threatresearcher.com" rel="noreferrer">flak </a>a few years ago and now have a page about the difference.</p><p>Back to why I mentioned heat. This is a spinning drive disk killer. AKCP has a great <a href="https://www.akcp.com/blog/how-temperature-affects-it-data-storage/?ref=blog.threatresearcher.com" rel="noreferrer">article </a>about this. It is for that reason I decided to repurpose one of the old Samsung SSDs that I had plugged in to the Dell R720xd mounted into a virtual TrueNAS Scale ZFS RAID1.</p><figure class="kg-card kg-gallery-card kg-width-wide"><div class="kg-gallery-container"><div class="kg-gallery-row"><div class="kg-gallery-image"><img src="https://blog.threatresearcher.com/content/images/2024/06/Screenshot_20240623_223935_UniFi-Protect.jpg" width="1812" height="2176" loading="lazy" alt="UniFi Cloud Key Gen2 Plus Protect Hardware Upgrade Tips" srcset="https://blog.threatresearcher.com/content/images/size/w600/2024/06/Screenshot_20240623_223935_UniFi-Protect.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2024/06/Screenshot_20240623_223935_UniFi-Protect.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2024/06/Screenshot_20240623_223935_UniFi-Protect.jpg 1600w, https://blog.threatresearcher.com/content/images/2024/06/Screenshot_20240623_223935_UniFi-Protect.jpg 1812w" sizes="(min-width: 720px) 720px"></div><div class="kg-gallery-image"><img src="https://blog.threatresearcher.com/content/images/2024/06/Screenshot_20240623_223458_UniFi-Protect.jpg" width="1812" height="2176" loading="lazy" alt="UniFi Cloud Key Gen2 Plus Protect Hardware Upgrade Tips" srcset="https://blog.threatresearcher.com/content/images/size/w600/2024/06/Screenshot_20240623_223458_UniFi-Protect.jpg 600w, https://blog.threatresearcher.com/content/images/size/w1000/2024/06/Screenshot_20240623_223458_UniFi-Protect.jpg 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2024/06/Screenshot_20240623_223458_UniFi-Protect.jpg 1600w, https://blog.threatresearcher.com/content/images/2024/06/Screenshot_20240623_223458_UniFi-Protect.jpg 1812w" sizes="(min-width: 720px) 720px"></div></div></div></figure><blockquote>Did I mention this blog just came from the dead about a month ago? Here&apos;s <a href="https://blog.threatresearcher.com/the-2nd-coming/" rel="noreferrer">that story</a>. </blockquote><p>None of the official <a href="https://help.ui.com/hc/en-us/articles/12257010646679-UniFi-Replace-HDD-and-SD-Card-Storage?ref=blog.threatresearcher.com" rel="noreferrer">join</a>, <a href="https://help.ui.com/hc/en-us/articles/360012622613-UniFi-Device-Adoption?ref=blog.threatresearcher.com" rel="noreferrer">adopt</a>, <a href="https://help.ui.com/hc/en-us/articles/19118654419607-Migrating-Cameras?ref=blog.threatresearcher.com" rel="noreferrer">migrate </a>instructions worked. The cameras were connected to their respective access points but not showing up under Protect. How frustrating!</p><p>It was probably around 3am by when I gave-up and decided to go nuclear and<a href="https://help.ui.com/hc/en-us/articles/205143490-UniFi-How-to-Reset-Devices-to-Factory-Defaults?ref=blog.threatresearcher.com" rel="noreferrer"> hard reset</a> each camera in turn. <em>Voila!</em> That worked! </p><p>We&apos;re now back in business and ready for Monday morning!</p>]]></content:encoded></item><item><title><![CDATA[Running Local LLMs on Older Hardware?]]></title><description><![CDATA[Test results if considering running local LLM experiments on older hardware. In this article we compare baseline performance and usability cases. ]]></description><link>https://blog.threatresearcher.com/local-llm-on-old-hardware-possible/</link><guid isPermaLink="false">666c514ff2a71002988d6812</guid><category><![CDATA[Ollama]]></category><category><![CDATA[LLM]]></category><category><![CDATA[Local LLM]]></category><dc:creator><![CDATA[Jamz Yaneza]]></dc:creator><pubDate>Fri, 14 Jun 2024 15:13:02 GMT</pubDate><media:content url="https://images.unsplash.com/photo-1696382447240-d07dff640d8e?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wxMTc3M3wwfDF8c2VhcmNofDE4Nnx8JTIwbGFwdG9wcyUyMHBpbGV8ZW58MHx8fHwxNzE4ODkzODk1fDA&amp;ixlib=rb-4.0.3&amp;q=80&amp;w=2000" medium="image"/><content:encoded><![CDATA[<img src="https://images.unsplash.com/photo-1696382447240-d07dff640d8e?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wxMTc3M3wwfDF8c2VhcmNofDE4Nnx8JTIwbGFwdG9wcyUyMHBpbGV8ZW58MHx8fHwxNzE4ODkzODk1fDA&amp;ixlib=rb-4.0.3&amp;q=80&amp;w=2000" alt="Running Local LLMs on Older Hardware?"><p>As part of this local LLM series, I wanted to know the lower limits of being able to self-host and potentially share demos or development frameworks with my team. Given the acceptable baseline discussion in <a href="https://blog.threatresearcher.com/ollama-performance-comparison-chart/" rel="noreferrer">my previous post</a>, we&apos;ll use that to audition the hardware we come across. For testing we don&apos;t need creature comforts of a GUI and text chat is acceptable. In that case Ollama is probably one of the most straightforward for us to get things going.</p><h3 id="dell-latitude-5400">Dell Latitude 5400</h3><p>Let&apos;s start with the spare laptops that I remembered were lying around in the semi-discard pile. On this system I imagined it would be initially sitting at my cube connected to the network and eventually relocated to the server room when fully deployed.</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2024/06/Screenshot-2024-06-24-161814.png" class="kg-image" alt="Running Local LLMs on Older Hardware?" loading="lazy" width="865" height="568" srcset="https://blog.threatresearcher.com/content/images/size/w600/2024/06/Screenshot-2024-06-24-161814.png 600w, https://blog.threatresearcher.com/content/images/2024/06/Screenshot-2024-06-24-161814.png 865w" sizes="(min-width: 720px) 720px"></figure><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2024/06/Annotation-2024-06-13-093245.png" class="kg-image" alt="Running Local LLMs on Older Hardware?" loading="lazy" width="1920" height="1020" srcset="https://blog.threatresearcher.com/content/images/size/w600/2024/06/Annotation-2024-06-13-093245.png 600w, https://blog.threatresearcher.com/content/images/size/w1000/2024/06/Annotation-2024-06-13-093245.png 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2024/06/Annotation-2024-06-13-093245.png 1600w, https://blog.threatresearcher.com/content/images/2024/06/Annotation-2024-06-13-093245.png 1920w" sizes="(min-width: 720px) 720px"></figure><p>These systems were purchased before the pandemic of 2020 and that kind of makes sense from n Intel Core i5-8365U chip production perspective of <a href="https://www.intel.com/content/www/us/en/products/sku/193555/intel-core-i58365u-processor-6m-cache-up-to-4-10-ghz/specifications.html?ref=blog.threatresearcher.com" rel="noreferrer">Q2 2019</a>.</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2024/06/Annotation-2024-06-13-094043.png" class="kg-image" alt="Running Local LLMs on Older Hardware?" loading="lazy" width="1347" height="766" srcset="https://blog.threatresearcher.com/content/images/size/w600/2024/06/Annotation-2024-06-13-094043.png 600w, https://blog.threatresearcher.com/content/images/size/w1000/2024/06/Annotation-2024-06-13-094043.png 1000w, https://blog.threatresearcher.com/content/images/2024/06/Annotation-2024-06-13-094043.png 1347w" sizes="(min-width: 720px) 720px"></figure><p>From the low eval rate and the slowness at which the simple response stuttered across the screen, I promptly returned it to the pile. </p><blockquote>Hindsight learning, you should consult with an experienced PC builder when purchasing hardware instead of going with default specs. My most recent and oldest system lasted a full decade before decommission due to hardware failure.</blockquote><figure class="kg-card kg-embed-card kg-card-hascaption"><iframe width="200" height="113" src="https://www.youtube.com/embed/U2jJd_5-edU?feature=oembed" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen title="Asus P9X79 WS w/ Core i7-3930K OC (X79 Build)"></iframe><figcaption><p><span style="white-space: pre-wrap;">Asus P9X79 WS worth three-(3) hardware refresh cycles with 200%+ $$ company savings</span></p></figcaption></figure><h3 id="lenovo-x1-carbon-5th-gen">Lenovo X1 Carbon (5th Gen)</h3><p>This is my go-to vacation travel laptop apart from the fact that its technically of no value coming out from 2017 if it sunk under the sea, yet, good enough to let me reach by VPN and allow me to stream my remote watching fix. The X-series is known for the 180-degree opening and water-resistance rating on keyboard splashes.</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2024/06/Screenshot-2024-06-13-193040.png" class="kg-image" alt="Running Local LLMs on Older Hardware?" loading="lazy" width="451" height="227"></figure><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2024/06/Screenshot-2024-06-13-192851.png" class="kg-image" alt="Running Local LLMs on Older Hardware?" loading="lazy" width="931" height="468" srcset="https://blog.threatresearcher.com/content/images/size/w600/2024/06/Screenshot-2024-06-13-192851.png 600w, https://blog.threatresearcher.com/content/images/2024/06/Screenshot-2024-06-13-192851.png 931w" sizes="(min-width: 720px) 720px"></figure><p>The test results are even worse than the initial spare laptop that is still in service. But, that&apos;s to be expected. In reality my Google Pixel 6 Pro or Samsung Galaxy Fold 4 would probably have better stats (and those are mobile phones!). </p><blockquote>I&apos;m, also, looking to see if it&apos;s even possible to get some local LLM mobile testing going as a separate set of experiments given as ARM chip usage started there, and not the other way around for Copilot+PC. We&apos;ll see.</blockquote><h3 id="dell-poweredge-r720xd">Dell PowerEdge R720xd</h3><p>This is what I really thought would be worthy of hosting and showcasing all the development frameworks, builds, and demos. There are a bunch of these in the Lab that had replaced era~2006 PE 2950 (Dell Generation 9). Mind you, these &quot;newer&quot; systems are now two-(2) years well past the decade mark and system production for Dell Generation 12 was ~2012 from this month of June 2024. I randomly picked one of them amongst my Proxmox VE high availability cluster set and ran a test:</p><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2024/06/image-7.png" class="kg-image" alt="Running Local LLMs on Older Hardware?" loading="lazy" width="2000" height="443" srcset="https://blog.threatresearcher.com/content/images/size/w600/2024/06/image-7.png 600w, https://blog.threatresearcher.com/content/images/size/w1000/2024/06/image-7.png 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2024/06/image-7.png 1600w, https://blog.threatresearcher.com/content/images/2024/06/image-7.png 2000w" sizes="(min-width: 720px) 720px"></figure><figure class="kg-card kg-image-card"><img src="https://blog.threatresearcher.com/content/images/2024/06/image-8.png" class="kg-image" alt="Running Local LLMs on Older Hardware?" loading="lazy" width="2000" height="371" srcset="https://blog.threatresearcher.com/content/images/size/w600/2024/06/image-8.png 600w, https://blog.threatresearcher.com/content/images/size/w1000/2024/06/image-8.png 1000w, https://blog.threatresearcher.com/content/images/size/w1600/2024/06/image-8.png 1600w, https://blog.threatresearcher.com/content/images/2024/06/image-8.png 2000w" sizes="(min-width: 720px) 720px"></figure><p>I really had high hopes for this server given that it is technically had a 16-core Intel Xeon E5-2650 v2 running at 2.6GHz (for a total of 32-threads) loaded with 188-GB of on-board RAM. You can run several production-ready Elastic stacks at 16GB maxed heap (32GB total) and the fact that the Proxmox VE cluster that I configured is running the latest version of Ceph for data redundancy. But, at barely five-(5) tokens/second this isn&apos;t going to be a fun multi-user experience.</p><h3 id="hardware-to-capability">Hardware to capability</h3><p>It is important to note that the number of parameters used to train language models and the contents of said parameters are each model developer&apos;s secret sauce, the current normal non-critical standard appears to be 7B (7 billion parameters).  The trick is how to cram all of that into the smallest size possible (~4GB for most modest hardware), and that is where quantization comes in. HuggingFace has a <a href="https://huggingface.co/blog/4bit-transformers-bitsandbytes?ref=blog.threatresearcher.com#Introduction" rel="noreferrer">gentle primer</a> if you want to dig a bit more on 4-bit quantization.</p><p>As I&apos;ve mentioned before, the rate of quantization directly affects the quality of responses. When we say quality, we also mean guardrails against hallucinations (or in common parlance, &quot;<em>making sh*t up</em>&quot;). </p><p>While improvements in the quality of quantization and fine tuning progresses in parallel, one can only hope those improvements continue to be small enough that last or older-gen hardware can still make use of it. </p><h3 id="ergo-the-observations">Ergo, the observations</h3><p>Per the optimal system <a href="https://github.com/open-webui/open-webui/discussions/736?ref=blog.threatresearcher.com" rel="noreferrer">requirements of Ollama</a> the above set of hardware examples gets away with the RAM side of things even if they aren&apos;t necessarily DDR5. </p><p>However, things start to fail on the CPU side because AVX-512 (an extension of <a href="https://en.wikipedia.org/wiki/AVX-512?ref=blog.threatresearcher.com" rel="noreferrer">Single Instruction-Multiple Data</a> on chip) was only introduced in 2013 and only really got to the server chips past ~2016. </p><blockquote>These two-(2) things as hobbled variables are why a ~2012 maxed out server with more cores and RAM appears to trounce a 2017 laptop; but ultimately is as unusable as a 2020 laptop with bare minimum specs. </blockquote><p>For all of these reasons and more, the recommendation is to:</p><ul><li>have more than 16GB of DDR5 RAM, and </li><li>a chip manufactured in 2021 or with a lot of cores, plus </li><li>highly recommended, a GPU in the <a href="https://github.com/ollama/ollama/blob/main/docs/gpu.md?ref=blog.threatresearcher.com" rel="noreferrer">compatibility list</a></li></ul><h3 id="addendum">Addendum</h3><p>There might still be hope! </p><p>In the latter part of my <a href="https://blog.threatresearcher.com/comparing-the-ai-capabilities-of-sbcs/" rel="noreferrer">IoT/SBC experiments</a> there is an overlooked segment of USB/mPCIe/PCIe/M.2 manufacturers that are creating products that specifically provide the requisite NPU hardware as hardware add-ons. These are potentially of optimal end-user value than a full-fledged GPU (unless you&apos;re also planning to do some serious gaming or trying to do some form of digital creation workflow).</p>]]></content:encoded></item></channel></rss>