ShortN0te

Simple put, no. In order to be save with a LLM that can execute stuff on its own it needs to be completely sandboxed.

A very nice talk about flaws in agentic AI can be found here: https://media.ccc.de/v/39c3-agentic-probllms-exploiting-ai-computer-use-and-coding-agents

I can also recommend the object storage from hetzner for backups. Quite price competitive.

It actually does both. Not really tested the multimonitor features but its there and it works, not sure if to the same degree as in rdp.

There is a box for manually added monthly savings. But yes, hard to classify what you would actually subscribe to if you would not have a server already.

But same for video. I would never buy 3 streaking service at a time.

The other answer is already good but I answer more general.

Rate limiting. Do not allow as many requests as your CPU can handle but limit authentication requests. Like a couple requests per second already goes a long way.

The 'immediate attacks' ppl mention is just static background noise. Server / scripts that run trying to find misconfigured, highly out to date or exploitable endpoints/servers/software.

Once you update your software, set up basic brute force protection and maybe regional blocking, you do not have to worry about this kind of attack.

Much more scary are so called 0-Day attacks.

1. No one will waste an expensive exploit on you
2. It sometimes can happen that 0-Days that get public get widly exploited and take long time to get closed like for example log4shell was. Here is work necessary to inform yourself and disable things accorsing to what is patched and what not.

As i already said, no one will waste time on you, there are so much easier targets out there that do not follow those basic rules or actually valuable targets.

There is obviously more that you can do, like hiding everything behind a VPN or advanced thread detections. Also choosing the kind of software you want to run is relevant.

Yeah I'm not saying its perfect and LLMs are non-deterministic so it could give you some crap. You're not wrong and it's good to be aware of that. How do you verify some random stranger from the internet wasn't an asshole and gave you malicious config? 🤷

There is no guarantee either, but on a public forum at least a couple of eyes look at it too. Not saying that this makes it trust worthy. But a LLM usually words it output very direct and saying "this is the absolut truth" which can lead to a much higher trust relation then a stranger on a forum that writes "maybe try this".

I generelly would not recommend using the llm for potential security related questions (or important or professionally questions) were your own knowledge is not big enough to quickly vet the output.

You are still talking about someone that is not able to create the config themself, but that someone should be able to test everything?

But still, how would verify if the config is good or not? For example if it exposes root?

The discussion is about low effort Link only Video and or others Posts. If you are not reffering to them then you missed the point.

It seems, the majority does not want it.

If ppl do not like it they can use another selfhosted from another instance. Thats what lemmy or the fediverse is build for.

Most ppl seem to agree with me.