It's a great idea but it's not portable in other simple vim modes that generally lack the possibility of such a configuration, and if they do provide it, now you have another configuration to take care of.
Why I like my solution :
It takes three seconds to activate in any OS and it's available system-wide
I've seen a lot of people recommend jj, but that's part of something I type a lot, so I had to choose another. jk works okay too, because I don't use that acronym.
It’s eliminated a mental barrier to building products where I was worried before I had limited time to work and needed to focus on things that drew from existing familiarity.
Now I’m able to focus on the product/outcome even if what’s involved is outside what I’m familiar with and at least get started building.
The net effect has been I can build a wider variety of things in a wider variety of tooling with more enjoyment and less drudgery.
- text summaries
- sysadmin stuff
- debugging stuff
- boilerplate stuff
- unblocking writers block
- integrating disparate stacks
- data transformation and algorithm stuff
- most marketingy stuff: copy, images, campaign/activations
Genuine q. The main thing stopping me from self hosting is security. Having a box in the cloud get hacked as long as data is properly encrypted and secured - not good but also can easily destroy and spin up anew.
But having your home server hacked and then presumably your entire home network and everything in it - seems way too fraught to even attempt it.
Thoughts on that? Am I just too unfamiliar with network security and this actually solved now — and there is already a well-defined trusted approach to this?
A webserver like nginx hosting a static (files in folders) website is incomparably more secure and less of a risk than say, opening your web browser and going to a website without disabling javascript execution. The number of nginx remote exploits in the last decade could be counted on one hand, probably without using all the fingers.
The mistake many make at the start is trying to run a complex web application backend with php or databases or whatever. Or using some "easy" container all-in-one containing these complexities. Maintaining the security of that is a neverending diffcult task. Whereas maintaining nginx installed from your OS repos literally requires no work at all. KISS and you'll be perfectly safe.
For all its faults, the term "zero trust" applies here - treat your local network as untrusted.
Historically the security of Ethernet, IEEE802.11 and other such protocols has been full of half measures, laughably weak crypto and whatever WPS is supposed to be. Look at the history of wireless security if you want to have a good laugh.
In the application layer, on the other hand, we have rock solid solutions like SSH which remain the gold standard for security.
That sounds like an ideal more than a reality. Windows has separate "Home network" firewall settings that it automatically detects, and I assume lots of other consumer devices make similar assumptions.
Yeah you can lock everything down, _if_ you're careful, _if_ you don't mess up, _if_ some consumer hardware doesn't have a vulnerability
Untrusted devices behind one router, trusted devices behind another router, both routers behind a third. The routers should be dumb, rock hard, and nat. If the untrusted devices were behind just the outer router they could potentially intercept trusted traffic traversing that network. If the trusted devices were behind just the outer router, I guess the untrusted devices might somehow use IP tricks to enumerate devices or something.
They mention vlans, and say it's basically a homemade vlan. Why not use vlans then? No mention of DMZs. Or if you have a single router with configurable firewall, couldn't you just firewall traffic between untrusted and trusted ports? I'm not sure of the context of this idea. Do they make cheap routers with enterprise-level hardening that don't support firwalls?
You have to cheat and compromise your morality somewhere to make it work with decentralizing, I've found. Here, the answer is a Cloudflare tunnel. Hail corporate.
Same concern here. Also not just hacking the box, but if they figure out your service's ip it's the same as all your other stuff. Would ipv6 help this? Each device gets a different ip so there shouldn't be correlation, but could people make assumptions about ipv6 prefixes to discover other hosts on your network?
Is separate physical hosts a real improvement in security? It seems like a real air gap vs relying on linux hardening. Lots of raspberry pis (something cheaper now?) vs one larger home server hosting multiple services.
My consumer router has a dmz mode, but I'm not sure how far I can trust it. I guess it's a good thing nobody uses any of the stuff I host.
That's just the reality of it. You're self hosted box will never be as secure as something hosted by Google where they have teams of people working full time on securing every single layer of the stack right down to finding bugs in the CPUs that their servers run on.
Is it though? The more complex a setup, the more of an attack surface. Even stuff like social engineering, tricking their support into giving access to your server is a possibility.
YouTube channels get hacked so often, even from technical people like Linus Tech Tips.
Please do! Besides being a fun exercise it’s also a neat idea. Comments from the HN community make the content posted almost always more interesting imho
Any tips or guides you followed on training your custom model? I've done a few LoRAs and TI but haven't gotten to my own models yet. Your results look great and I'd love a little insight into how you arrived there and what methods/tools you used.
I'm not an expert at this and there are probably better ways to do this/might not work for you/your mileage may vary, so please take this with a huge grain of salt, but roughly this worked for me:
1. Start with a good base model(s) from which to train from.
2. Have a lot of diverse images.
3. Ideally train for only one epoch. (Having a lot of images helps here.)
4. If you get bad results lower the learning rate and try again.
5. After training try to mix your finetuned model with the original one, in steps of 10%, generate X/Y plot of it, pick the best result.
6. Repeat this process as long as you're getting an improvement.
The main problem here is that essentially during inference you're using a bag of tricks to make the output better (e.g. good negative embeddings), but when training you don't. (And I'm not entirely sure how you'd actually integrate those into the training process; might be possible, but I didn't want to spend too much time on it.) So your fine tuning as-is might improve the output of the model when no tricks are used, but it can also regress it when the tricks are used. Which I why I did the "mix and pick the best one" step.
But, again, I'm not an expert at this and just did this for fun. Ultimately there might be better ways to do it.
Great tips, thank you! It feels like I'm right behind you in terms of where I'm at so your input is very much appreciated.
3. Train for only 1 epoch - interesting, any known rationale here?
5. I just read somewhere else that someone got good results from mixing their custom model with the original (60/40 in their case) - good to hear some more anecdotes that this is pretty effective. Especially the further training after merging, sounds promising!
I've also been using kohya_ss for training LoRAs so great to hear it works for you for models as well. On your point about the inference tricks, definitely noted but I did notice that you can feed some params (# of samples, negative embeddings, etc) to the sample images generated during training (check the textarea placeholder text). Still not going to have all usual the tricks but it'll get you a little closer.
