this post was submitted on 24 Jun 2025
105 points (87.2% liked)

Selfhosted

46653 readers
315 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
105
I've just created c/Ollama! (lemmy.world)
submitted 1 day ago* (last edited 1 day ago) by catty@lemmy.world to c/selfhosted@lemmy.world
30 comments fedilink hide all child comments
 

I've just re-discovered ollama and it's come on a long way and has reduced the very difficult task of locally hosting your own LLM (and getting it running on a GPU) to simply installing a deb! It also works for Windows and Mac, so can help everyone.

I'd like to see Lemmy become useful for specific technical sub branches instead of trying to find the best existing community which can be subjective making information difficult to find, so I created !Ollama@lemmy.world for everyone to discuss, ask questions, and help each other out with ollama!

So, please, join, subscribe and feel free to post, ask questions, post tips / projects, and help out where you can!

Thanks!

you are viewing a single comment's thread
view the rest of the comments
[–] tal@lemmy.today 4 points 1 day ago* (last edited 1 day ago) (1 children)

While I don't think that llama.cpp is specifically a special risk, I think that running generative AI software in a container is probably a good idea. It's a rapidly-moving field with a lot of people contributing a lot of code that very quickly gets run on a lot of systems by a lot of people. There's been malware that's shown up in extensions for (for example) ComfyUI. And the software really doesn't need to poke around at outside data.

Also, because the software has to touch the GPU, it needs a certain amount of outside access. Containerizing that takes some extra effort.

https://old.reddit.com/r/comfyui/comments/1hjnf8s/psa_please_secure_your_comfyui_instance/

ComfyUI users has been hit time and time again with malware from custom nodes or their dependencies. If you're just using the vanilla nodes, or nodes you've personally developed yourself or vet yourself every update, then you're fine. But you're probably using custom nodes. They're the great thing about ComfyUI, but also its great security weakness.

Half a year ago the LLMVISION node was found to contain an info stealer. Just this month the ultralytics library, used in custom nodes like the Impact nodes, was compromised, and a cryptominer was shipped to thousands of users.

Granted, the developers have been doing their best to try to help all involved by spreading awareness of the malware and by setting up an automated scanner to inform users if they've been affected, but what's better than knowing how to get rid of the malware is not getting the malware at all. '

Why Containerization is a solution

So what can you do to secure ComfyUI, which has a main selling point of being able to use nodes with arbitrary code in them? I propose a band-aid solution that, I think, isn't horribly difficult to implement that significantly reduces your attack surface for malicious nodes or their dependencies: containerization.

Ollama means sticking llama.cpp in a Docker container, and that is, I think, a positive thing.

If there were a close analog to ollama, like some software package that could take a given LLM model and run in podman or Docker or something, I think that that'd be great. But I think that putting the software in a container is probably a good move relative to running it uncontainerized.

[–] brucethemoose@lemmy.world 8 points 1 day ago* (last edited 1 day ago) (1 children)

I don’t understand.

Ollama is not actually docker, right? It’s running the same llama.cpp engine, it’s just embedded inside the wrapper app, not containerized. It has a docker preset you can use, yeah.

And basically every LLM project ships a docker container. I know for a fact llama.cpp, TabbyAPI, Aphrodite, Lemonade, vllm and sglang do. It’s basically standard. There’s all sorts of wrappers around them too.

You are 100% right about security though, in fact there’s a huge concern with compromised Python packages. This one almost got me: https://pytorch.org/blog/compromised-nightly-dependency/

This is actually a huge advantage for llama.cpp, as it’s free of python and external dependencies by design. This is very unlike ComfyUI which pulls in a gazillian external repos. Theoretically the main llama.cpp git could be compromised, but it’s a single, very well monitored point of failure there, and literally every “outside” architecture and feature is implemented from scratch, making it harder to sneak stuff in.

[–] tal@lemmy.today 9 points 1 day ago (1 children)

I'm sorry, you are correct. The syntax and interface mirrors docker, and one can run ollama in Docker, so I'd thought that it was a thin wrapper around Docker, but I just went to check, and you are right

it's not running in Docker by default. Sorry, folks! Guess now I've got one more thing to look into getting inside a container myself.

[–] hasnep@lemmy.ml 2 points 20 hours ago

Try ramalama, it's designed to run models override oci containers