tobwen

Original URL: https://openrouter.ai/apps?url=https%3A%2F%2Fgithub.com%2FUKExpertMedical%2Ffixit-blank-pages

Sadly, the repository has gone private: https://github.com/UKExpertMedical/fixit-blank-pages

There are tons of tutorials on Youtube, how to use Claude to create a skill out of nothing. I bet no human ever reviewed, or optimized those texts. So instead of feeding the AI the real experience and skills of a human coder, we're stuffing it with input based on what the AI thinks a human would do.

Does this actually lead to better code, or is it just a vicious loop of "SISO" (shit in, shit out)?

Is there an "awesome CLI AI agents" repo or site curating them? And maybe some solid reviews or head-to-head comparisons floating around?

I've tested most of them on my own and there are significant differences. I'd love to dump my findings into a post, but I'm not sure if it'd hold a candle to those big, polished code benchmarks out there.

I want to have browser-based UI (like ChatGPT) to upload files, get Markdown-reponses and have price control to avoid unexpected high costs at the end of the month. My current plan is to purchase API keys from different LLM providers and use LiteLLM as a proxy to setup cost limits OR to use OpenRouter.ai (potentially still using LiteLLM).

LibreChat currently doesn't support "passing through" uploads, but this feature is expected to be implemented this week: https://github.com/danny-avila/LibreChat/discussions/3760#discussioncomment-10445600

My Questions:

1. Is my approach using LiteLLM or OpenRouter with a UI a viable solution? I believe this could be more cost-effective than purchasing monthly chat accounts for each of the four users.

2. Are there other UIs similar to ChatGPT and Anthropic's interfaces, for the case that the new LibreChat attachment feature is too instable?

Update: It would be great to run a self-hosted open source stack.

One thing that always frustrates me is that a screen environment doesn't feel like a normal shell session. For example, when I log in via SSH into Bash, I can scroll back almost infinitely, all shortcuts (like CTRL + arrow keys) are available, and there are no visual or audible bells.

Does anyone know a way to configure `screen` or `tmux` to behave exactly like a native shell session? Or is there another alternative that I'm not aware of?

Vacuuming seems to be discouraged by most sources. It's said that the SMD adhesive can age and cause components to be sucked away, and that vacuum cleaners can generate static electricity, which is harmful to electronic components.

A more modern method is using compressed air, either from an electronic compressor with a moisture filter or from a can. However, cans often lack moisture filters, which means you could potentially blow moisture onto your electronics. But wouldn't you blow away the badly glued SMD parts?

Using a soft brush, such as a paintbrush, is also recommended. But some sources caution that the bristles can become charged with static electricity. Some forum users suggest grounding the brush to prevent this.

For heavy dirt, isopropyl alcohol (90% or higher) with cotton swabs is recommended. Of course, stay away from microfiber cloth on the inside, otherwise the static electricity will strike again.

And then there are the more extreme methods, like immersing the computer in oil or using special cleaning sprays designed for servers in data centers.

Heck... How do YOU clean the insides of your PC?

To secure backups without storing backup credentials on the server being backed up, I utilize a separate server to initiate and authenticate the backup process. This prevents potential attackers with access to the production server from also gaining access to the backup storage.

## long story

Some time ago, I read about a situation where a hacker acquired credentials for remote backup storage and proceeded to encrypt or destroy both local and remote data. Many administrators rely on cronjobs to automate backups to external storage using familiar tools like rsync, BorgBackup, Restic, or Rclone. Naturally, authentication data must be accessible for this process. In the case of BorgBackup, for instance, the key is also necessary if the data is encrypted. However, the destination, such as cloud backup, isn't typically a one-way "data tomb" where you can only upload data without any capability to read or alter existing data. The authentication data can potentially be exploited to manipulate or destroy a repository, such as in the case of BorgBackup.

## solution approaches

Of course, a tamper-proof write-only backup storage with snapshot backup would be desirable, but most cloud services do not offer this. Also, no provider that I know of offers the option of "pull" backups. This would mean that hundreds of your own server credentials would end up with the cloud provider - and you don't necessarily want that either.

I implement my data backups following the 3-2-1 rule, utilizing multiple cloud services. However, my approach involves:

1. Absence of credentials for the cloud storage on my server.

2. A user account on the server capable of initiating BorgBackup with restricted rights in a restricted environment.

3. Initiation of a backup via a cronjob on another server, which logs in to the primary server, executes BorgBackup with the necessary credentials, and then logs out upon completion.

If an attacker gains access to the system, they won't actively find access credentials for the backup server. Ultimately, they would need to debug the incoming call for BorgBackup or read the memory. Nevertheless, this setup ensures that backup storage credentials are not stored on the production server.

### pros

- Backup credentials remain separate from the server being backed up.

- Prevents manipulation of backups by attackers with access to the production server.

- Backup process is initiated from a separate, secured server.

### cons

- Additional management overhead of maintaining a separate backup initiation server.

- Risk of missed backups if the backup initiation server experiences downtime.

- Complexity involved in setting up the restricted user account and shell on the production server.

For years, users have bemoaned the seemingly planned obsolescence built into inkjet printers by major manufacturers. They struggle with questionable universal ink formulations (which might destroy the printer header) and resort to illicit maintenance programs to reset (waste) ink tank counters.

Replacing components is either impossible or involves such high labor or part costs (printer head) that it results in a total loss. The European Union has responded indirectly with a repairability mandate. However, simply being repairable doesn't address the potential for spare parts to have built-in expiration dates.

I realize that millions are spent on development and the devices are financed by inks and spare parts - but today you can get even laser and 3D printers with highly complex mechanics for comparatively little money.

Does anyone know of equivalent alternatives to the major providers? I'm not talking about "fine art", but normal home-use stuff.

Debian's decision to use systemd-journald as the sole and default log collector starting with Debian Bookworm has sparked some concerns among system administrators. While systemd has been widely adopted due to its comprehensive approach to modern problems, the use of it may cause unforeseen problems for inexperienced administrators.

remark

In the following, I want to address some possible risks and limitations. I'm aware that this text represets my opinions and concerns. Different system administrators or users may have varying perspectives on systemd-journald and its suitability for their specific needs and I would love to discuss with you.

issues

In my opinion, systemd-journald has three issues:

1) The binary format lacks self-healing features and the provided tools can't deal with corrupted logs.

2) There are currently no public forensic tools to recover corrupted binaries.

3) It is impossible to delete specific units or redact data sets.

Regarding 1)

In case of a journald log corruption due to a crash or a bitflip, the provided tool journalctl can't read or repair the binary log, nor does it even warn of detected corruption by default (even switch `--verify` doesn't do well). I brought this to systemd's attention back in 2021 [1] (the bug dates back to 2014 [2]) and Lennart Poettering responded himself / closed the issue himself. Funny side note: After trying to discuss his reply in the IRC channel "systemd" on Libera, I got permanently banned.

Regarding 2)

I'm unaware of tools that can recover corrupted binaries. Existing parsers likely rely on systemd's API, which has the same limitations. Although systend-journald has been around for 10 years, the binary format has been changed several times, but this seems to have found no takers outside the core project.

Regarding 3)

For me the most serious limitation. It isn't possible to delete specific units or edit entries. You can't selectively delete telemetry of a dev-container, nor redact personal data to comply with GDPR. The options are to delete all logs or to suffer noncompliance. In terms of GDPR, you have to wipe ALL your logs just because one person asked to delete his data. Another example: You also can't remove the access logs after 2 days and keep the error logs for 10 more days. The systemd community suggests converting binary logs to line-delimited text, editing via text tools (sed), then converting back. However, logs continue accumulating, making this infeasible in practice. This procedure isn't documented and lacks safeguards to prevent data loss or new corruption.

conclusion

While systemd has its advantages, it's important to carefully consider the potential risks and limitations. I would recommend sticking with rsyslog, syslogd or another log collector instead of relying solely on default "systemd-journald only".

references

[1] https://github.com/systemd/systemd/issues/19875

[2] https://bugzilla.redhat.com/show_bug.cgi?id=115735