TMP_NKcYUEoM7kXg4qYe

joined 2 years ago

You can tell Open Interpreter to run commands based on you human-language input. If you want local only LLM, you can pair it with Ollama. It works for "interactive" use where you're asked for confirmation before a command is run.

I set this up in a VM because I wanted a full automatic coding "agent" which can run commands without my intervention and I did not want it to blow up main system. It did not really work though because as far as I know Open Interpreter does not have a way to "pipe" a command's output back into the LLM so that it could create feedback with linters and stuff.

Another issue was that Starcoder2, which is the only LLM trained on permissive licensed code I could find, only has a 15B "human-like" model. The smaller models only speak code so I don't know how that would work for agentic usage and the 15B is really slow running on DDR4 CPU. I think agents are cool though so I would like to try Aider which is a supposedly good open source agent and unlike Open Interpreter is not abandonware.

Thanks for coming to my blabering talk, hope this might be useful for someone.

this puts a hole in your firewall

Indeed, thanks, I realized that shortly after posting it.

dig not supporting mdns

Yep you both are correct. Looking at it now, the result does actually warn me that I'm trying to send a regular DNS request to mDNS multicast address.

It just sort of happens to work correctly if you get a single reply

Yeah I guess it's a hack. To me it does not really matter because I'm just using it for wireguard, so the worst thing that could happen is that I would try to connect to a wrong host and the key exchange would fail.

libnss-mdns

The reason for why I'm doing this whole hack is that nss-mdns package is only available on glibc version of Void but I'm using musl, so it's really just hacks on top of hacks. I found a final solution though so that's nice (see final edit of post). Thanks for all your replies!

It's solved now. Basically what's happening is that I ask a multicast address on UDP port 5353 and get a response from different IP because the original IP was multicast. So my firewall blocks the reply, because it really isn't a reply like downloading a webpage. I solved it by filtering based on the source port. Meaning the reply has source port 5353 but on my machine it arrives at some random UDP port so I cannot really filter based on the destination port.

solution

-A OUTPUT -p udp -m udp --sport 5353 -j ACCEPT

Thanks for your help!

Well the musl C library does not have nss-mdns available. But it does not matter, I solved it now. Thanks anyways!

[–] TMP_NKcYUEoM7kXg4qYe@lemmy.world 2 points 2 months ago* (last edited 2 months ago) (2 children)

Edit 2: Actually dig picks a random port to send the mDNS request from and sends it to 224.0.0.251:5353 (multicast IP). The correct host then replies from port 5353 to the previously picked random port from dig. But I found that you can specify the port with dig -b IP#port so I think that should help. I kinda don't have the time to try it out currently though.

end of edit2.

well I randomly solved it by adding

-A OUTPUT -p udp -m udp --sport 5353 -j ACCEPT

Which basically means you are right. The destination port is just some randomly picked number (checked wireshark), so I have to filter based on source port, which is 5353.

Edit: Also thanks for your help!

[–] TMP_NKcYUEoM7kXg4qYe@lemmy.world 1 points 2 months ago (2 children)

It just times out so my thought was that it just blocks the reply.

[–] TMP_NKcYUEoM7kXg4qYe@lemmy.world 1 points 2 months ago (4 children)

Actually I don't have avahi installed. I only have some avahi-libs. I thought it's only needed on the computer who's IP I'm trying to get.

[–] TMP_NKcYUEoM7kXg4qYe@lemmy.world 1 points 2 months ago* (last edited 2 months ago) (2 children)

Huh weird. For me the first one works but the second one fails and returns an empty string.

I guess I should have specified that I'm on Void-musl. The reason why I'm doing this is because there is no NSS library on musl, so as far as I know you cannot automagically query hostnames on the network.

 

EDIT: The bad solution is to unblock UDP port 5353 but the port has to be source port, not destination port. (--sport flag) See the now modified rules. The issue is that this is very insecure (see this stackexchange question and comments) but obviously better than no firewall at all because at least I'm blocking TCP traffic.

The proper solution (other than using glibc and installing nss-mdns package) is to open a port with netcat (nc) in the background (using &) and then listen with dig on that port using the -b flag.

port="42069"
nc -l -p "$port" > /dev/null || exit 1 &
dig somehostname.local @224.0.0.241 -p 5353 -b "0.0.0.0#${port}"

Then we need to remember to kill the background process. The DNS reply will now be sent to port 42069, so we can just open it with this iptables rule:

-A INPUT -p udp -m udp --dport 42069 -j ACCEPT

---->END OF EDIT.

I want to setup iptables firewall but if I do that, it blocks multicast DNS which I need. I am using command

dig "somehostname.local" @224.0.0.251 -p 5353

to get the IP through mDNS and these are my iptables rules (from superuser.com):

*filter

# drop forwarded traffic. you only need it of you are running a router
:FORWARD DROP [0:0]

# Accept all outgoing traffic
:OUTPUT ACCEPT [623107326:1392470726908]


# Block all incoming traffic, all protocols (tcp, udp, icmp, ...) everything.
# This is the base rule we can define exceptions from.
:INPUT DROP [11486:513044]

# do not block already running connections (important for outgoing)
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# do not block localhost
-A INPUT -i lo -j ACCEPT

# do not block icmp for ping and network diagnostics. Remove if you do not want this
# note that -p icmp has no effect on ipv6, so we need an extra ipv6 rule
-4 -A INPUT -p icmp -j ACCEPT
-6 -A INPUT -p ipv6-icmp -j ACCEPT

# allow some incoming ports for services that should be public available
# -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
# -A INPUT -p udp -m udp --dport 5353 -j ACCEPT # does not help
-A OUTPUT -p udp -m udp --sport 5353 -j ACCEPT # SOLVES THE ISSUE BUT IS INSECURE - not recommended


# commit changes
COMMIT

Any help is welcome :)

It's also likely that most of these signatures aren't even from graphic designers, just some people from Linux related forums.

[–] TMP_NKcYUEoM7kXg4qYe@lemmy.world 0 points 2 months ago (1 children)

Well the dev said that he does not care about the license. He wanted to create a coreutils alternative with better concurency using Rust as a pet project. He had even stated that he was not interested in the MIT vs GPL drama, yet people here were acting like children over it.

People think it's some kind of Canonical evil master plan, yet it's just some random dude slapping a license on his cool new code, without really thinking about it. Also this conspiracy does not make sense at so many levels. For one Canonical would shoot themselves into their foot if they created their own proprietary coreutils, because admins would not want to deal with non-portable scripts. Also there are already the BSD utils, so if they wanted to create their own fork, they would have already done that by now. They won't because they prefer free labor from FOSS devs.

If you link to GPL library, your software has to be GPL. You are confusing it with LGPL. Though you can bypass this by making the library its own standalone app. Like let's say FFmpeg which is just a frontend for libAV libraries. (ignore that these libraries are actually LGPL, so you can link to them.)

 

I'm considering using PostmarketOS on a tablet for a project. I need kernel greater than x.y.z (so far I know >3.0.1 works, <2.6.32 does not). However it's kinda difficult to find it on the wiki. Some devices specify kernel version (android a.b.c, kernel e.f.g), some only the android version (android a.b.c) and some neither.

I found that android version should correspond to a kernel version (https://android.stackexchange.com/questions/51651/which-android-runs-which-linux-kernel). But how do I check (in the least time consuming way) the kernel version of the devices that don't mention anything?

Thanks.

edit: I think I was looking for this answer: https://postmarketos.org/source-code/#linux-kernel

 

Does anyone know how to set a custom mouse acceleration curve on Sway? man sway-input does mention mouse acceleration but unfortunately it's one of those "you won't learn anything new unless you already knew it before" type of manpage.

I also found this project https://github.com/N-R-K/leetmouse which I will probably use in the end but I would also like to hear if anyone of you has any experience with custom acceleration profile, in case there is a better way or whatever.

Edit: I will use leetmouse (different branch tho), because libinput's acceleration is not very good for gaming (see comments for sources)

https://github.com/systemofapwne/leetmouse

 

Edit: Solved according to this: reddit Obviously Void has no systemd service but I just created a script service containing a single line isdv4-serial-inputattach /dev/ttyS0 --baudrate 19200. The serial communication often crashes but runit automatically restarts it so that's fine. Also 6.6 kernel is kinda buggy but 6.10(custom compiled) and 6.1(from void's repo) work fine. Yeah and don't forget to enable the ttySx service otherwise it cannot work.

I cannot get sway to detect my tablet device on Void Linux installed on a Thinkpad X200 Tablet. Anyone knows how to fix it? I have both libwacom and xf86-input-wacom installed. It worked fine on Debian.

Now when I think about it, I don't have libwacom-32bit installed, because I'm using musl library which is 64bit only. That might be the issue considering how old my hardware is. I'm going to try to investigate but I'm going post this here anyways in case anybody knows more than me.

 

Anyone managed to make it work? If I assign a core to the Windows VM, it's constantly at 100% even when idle. Obviously I expected crappy performance but I was hoping that it would at least work. It did pretty well on bare metal.

Is this a skill issue or a hardware problem? I tried both qxl and virtio, both sucked. I think it's the old GPU because today I tried quickemu instead of virt-manager and quick-emu refused to start because the iGPU does not support OpenGL 3.

Bonus paragraph: Windows 10 (and 11) refused to finish the installation in Virt-manager in KVM mode so I had to install it using emulated x64 cpu and then boot the qcow image from regular KVM. (aimed at those having the same issue in the future)

Edit: I think the problem was Windows updates running in the background. I had a similar problem on my x230 but I fixed it by only enabling security updates. (https://github.com/ChrisTitusTech/winutil) The problem is that this tool is broken on the X200T so I'm going to have to transfer the .qcow image from the X230 to the X200T and then see how bad the performance is. In case you want to know how it went, message me in like a month or two. It's likely I will forget to edit this post after I get through this tinkering.

Edit 2: Nope the issue is the old GPU. It only supports OpenGL 2.0, so Windows isn't really doing anything but rendering itself. I made a last effort to solve this here:

https://lemmy.world/post/11367355

view more: next ›