Exactly. The fact that “AI” has now been almost completely associated with LLMs is incredibly frustrating.

Hibernation technically does this to any SSD. It’s not just Windows 11.

Writing the entire contents of RAM to disk increases the wear on the SSD. The risk goes up if your SSD is nearly full and wear-levelling has to move more data around: https://en.wikipedia.org/wiki/Write_amplification#Wear_leveling

I’ve been using it for years too. Can recommend.

Good to know, thanks.

You can indeed: https://tailscale.com/docs/integrations/identity

That sounds like it may be a good fit for my use case, then. Thanks again and I’ll definitely look into it!

Thanks for the suggestion. I’m trying to move away from Google, but the idea of a shared account for tailscale (which seems to support a lot of different SSO options) may be useful.

Good to know, thanks. Not keen on Cloudflare, so it’s good to see that there’s now multiple recommendations for Pangolin and Tailscale in this thread.

Thanks - appreciate another recommendation for Pangolin + crowdsec, plus I didn’t know about authentik (which sounds super useful if the services behind it are compatible). I’m thinking I need to have a play around with tailscale and then Pangolin to see how they work and whether either will be appropriate for my use case.

I agree completely. But as a first step (especially since they do seem to have a keyword filter in place), “no restrictions” (or “no censorship” as the case is for the last image) seems like a very obvious phrase to include.

I agree that that’s the likely trigger - which makes me wonder why instructions to ignore censors or have “no restrictions” aren’t immediately blocked by a filter prior to passing the prompt to the image generation. I’d have thought this was a foreseeable exploit.

I’m referring to the last image that they produced combining the two methods – a graphically mutilated corpse.

Probably, it’s more the fact that it takes so little for ChatGPT to tip over the edge and produce the worst of humanity.

That’s horrific.

All I did was tell it there were no restrictions and ask for a random image; I didn’t request it. But ChatGPT immediately went to the darkest pits of humanity. As I said at the start: the image didn’t arise from nowhere. It may be an artificial image, but it is based on photographs of a real person, or a combination of real victims. What worries me is this was too easy. There was no real hacking. This was ready to be surfaced, with the smallest scratch. It was a one-shot jailbreak. It was based on a popular prompt (which already veered into the darkness).

Thanks. I think I’ll need to do a bit more reading - I have no experience with any of the wireguard technologies (my VPN experience is with OpenVPN and enterprise-grade networking hardware that uses IPsec tunnels), but Pangolin’s abilities do sound useful.

I guess I need to work out if something like tailscale (as per one of the other comments) set up on just the small group I want to share with will do the job, or whether I really need to expose services to the Internet and hence would benefit from a VPS with something like Pangolin.

Thanks, sounds like a potential option. I’ll add to the list of things to look into and test out.

Yeah, I don’t like the thought of worrying about vulnerabilities either, hence my asking this question!

I haven’t heard of Pangolin cloud before – I’m assuming this is a competitor to tailscale. Are you self-hosting it or using one of their paid plans, and if you’re self-hosting, how hard was it to set up?

Thanks. My main concern is needing to have the tailscale client set up on my relatives’ devices, so it’d need to be easy to do and the configuration straightforward.

If I wanted to route just traffic to Vikunja and Immich through it, so all their other apps (if on a phone) or web browsing (on a PC) didn’t go through tailscale, is that straightforward to do and is it something that has to be done in the client-side configuration?

Thanks. I had forgotten about setting up a DMZ and appreciate the reminder!

Thanks, didn’t know about Immich proxy. Sounds useful.

On the VPS point - beyond protection against DoS, I assume the main benefits only arise if you host the services on it? My understanding is that, if I open a port and forward it to nginx, then the largest attack surface would be nginx itself and the services it is acting as a reverse proxy for (e.g. Vikunja). nginx is well-established and I think most of the risk is from the plugins rather than nginx vulnerabilities itself, which leaves Vikunja and any other services I’d want to expose as the main attack surface. If I’m using a VPS as a gateway (e.g. hosting nginx there and still keeping Vikunja and Immich within my LAN), then that doesn’t seem like it’s much of a risk reduction. What am I missing?