Ollama I have recently started to use Ollama and I was unimpressed by some models as they did not follow instructions, especially in their output format. I knew about model system prompt but I thought it was fixed in the model. Then I found out you could change the system prompt at run time with the /set system command and immediately, most models responded as expected. That was so much better! ...
I have just bought a mini PC based on Intel N100 CPU. Initially, I was going to buy another Raspberry PI or a used “TinyMiniMicro” PC, but I decided to have a look at the current mini PC offering. I am glad I did. On a major Chinese reseller website, I saw a lot of similar products with the Intel N100 CPU so I had a look at reviews (here here) and boy, this thing is powerful (for its size). I’ll talk about the mini PC in an other post. ...
By default, resources available to containers are not limited. However, sometimes, you want to make sure a container is not going to use too much processing power or memory. To achieve such a thing, in the docker-compose.yml file, add the following sections to the service you want to restrict: deploy: resources: limits: cpus: "1.0" memory: 100M memswap_limit: 100M This will effectively limit the container to use at most one CPU and 100 megabytes of memory. ...
If you cannot upgrade your OpenSSH client and/or server to fix CVE-2023-48795, also known as the Terrapin attack, the way to mitigate it is to disable the vulnerable ciphers as Red Hat explains very well. If you have a recent OpenSSH version, you can disable the the ciphers by adding “-” before them in the Ciphers and MACs options. This works for both the ssh client config (/etc/ssh/ssh_config by default) and the ssh server config (/etc/ssh/sshd_config). ...
I’m a personal user of Contabo’s cloud services, and I’ve been delighted with them. They offer a wide range of services to choose from, including VPS, dedicated servers, and cloud storage. I’m currently using a VPS to host my personal website and email, and I have also used their Storage VPS and object storage in the past. I have had no issue with my VPS over the years. I’ve also been impressed with Contabo’s customer support. They’ve always been quick to respond to my questions. ...
When you generate a file using ComfyUI, metadata are added to the image automatically. Amongst the metadata, there is the full workflow including the prompt. If you want to remove those data, you can use ImageMagick convert with the --strip option. convert image.png --strip image_strip.png If you want to alter the original file, use mogrify: mogrify --strip image.png
I have managed a Gitlab instance for a couple of years, but for some organizations, Gitlab is overkill. For some people, Gitea is enough. However, Gitea does not have production-ready CI/CD yet. Fortunately, it’s possible to link Jenkins to Gitea. Here’s how to do it. In this post, we will first configure Jenkins to use agents in Docker. It is not recommended to run pipelines on the Jenkins host. You can run a static container or let Jenkins spin up containers on the fly. We will do both. We will connect to the containers using an SSH key. ...
In case you want to ban IP addresses based on Suricata fast.log, here is the filter you need: [INCLUDES] before = common.conf [DEFAULT] _daemon = suricata [Definition] datepattern = ^%%m/%%d/%%Y-%%H:%%M:%%S failregex = <HOST>:[0-9]* -> ignoreregex = In the jail configuration, I suggest you change the default blocktype from REJECT to DROP. Edit 2023-03-24: you may want to use the action iptables-ipset-proto6-allports which leverages ipset. It will make your iptables rules much more readable and according to some sources, faster. Just edit your jail.conf and replace the default banaction_allports entry with iptables-ipset-proto6-allports , or explicitly mention iptables-ipset-proto6-allports in the jail configuration of suricata, like so: ...
If you want to automatically (or force a specific) login requests to Grafana coming from a given source IP with Traefik, you can do it with a separate router and a middleware. This requires basic authentication to be enabled on grafana (it is by default). Suppose you start with a default Traefik configuration exposing your grafana to anyone on https://grafana.example.org: labels: - "traefik.enable=true" - "traefik.http.routers.grafana.rule=Host(`grafana.example.org`)" - "traefik.http.routers.grafana.service=grafana" - "traefik.http.routers.grafana.tls=true" - "traefik.http.routers.grafana.tls.certresolver=myresolver" - "traefik.http.routers.grafana.entrypoints=websecure" - "traefik.http.services.grafana.loadbalancer.server.port=3000" To force requests coming from the IP 1.1.1.1 to be authenticated as the foobar user, add the following labels after enabling traefik and before the router grafana: ...
CentOS 8 End of Life has been effective since January 31 2021, official mirrors do not provide any packages anymore. Here is how to upgrade to latest release of CentOS 8 and switch to Stream. As always, prior to any system change, you should ensure you have a working recent backup. Upgrade to latest CentOS 8 sed -i -e 's/mirrorlist/#mirrorlist/g' -e 's|#baseurl=http://mirror.centos.org|baseurl=https://vault.centos.org|g' /etc/yum.repos.d/*.repo yum update reboot cat /etc/centos-release CentOS Linux release 8.5.2111 Make sure everything is working as expected. ...