LES Exclusive: Ryzen 9 5950X Vermeer Zen 3 Unlimited!
LES Exclusive: Ryzen 9 5950X Vermeer Zen 3 Unlimited!
Fast-as-metal server share from MetalVPS.com!
Hetzner AX101 Ryzen 9 5950X Vermeer Zen 3!
CPU: AMD Ryzen™ 9 5950X 16-Core
RAM: 128 GB DDR4 ECC
Hard drive: 2 x 3.84 TB NVMe SSD Datacenter Edition (software RAID 0, 7 TB space available, very fast)
IP Addresses: IPv4/28, IPv6/64
Connection: 1 GBit/s port
Bandwidth: 1 GBit/s
Traffic: Unlimited and free of charge
Datacenter: Hetzner FSN1
OS: Recently moved from Proxmox to Debian sid
Current Offer
Shell account. Shared unlimited access to all resources. At least processor cores could be dedicated if a neighbor uses taskset or a similar tool.
This current setup means, for example, that a single neighbor could run more than one VPS using qemu, could use more than one IPv4, or could store terabytes of data files, etc. Currently there are two terrific neighbors, 🤩 or three if we include me, @Not_Oles. 🤔 Nobody is using significant resources -- thus, much remains available.
No GUI on the node yet. No web control panel yet. Just command line on the node for now. Of course, you can put whatever you want inside your VPS, and we also can add to the node.
The node has git, gcc, and many of their friends.
IPv4 Additional IP Connectivity Status
Neighbors currently using qemu have forwarded ports on the node IPv4 and qemu slirp user mode networking. You can see from the yabs that the slirp speed seems okay.
Both IPv4 and IPv6 additional IPs worked fine on the node and inside VMs when the server was running Proxmox, so I imagine the current issue with the additional IPv4s not working in qemu has to do with my clueless configuration. 😵
I have been reading documentation on qemu.org, on linux-kvm.org, and elsewhere. If I don't succeed in getting IPv4 additional IP connectivity working soon, I will post about it so you guys can pass me a clue. Meanwhile I am enjoying what I wanted, slowly 🐢 learning a little of how the configuration works instead of having Proxmox do it for me.
Nobody has tried LXC yet. But I am sure we will get around to LXC before too long. 🔜
YABS
The links below are to yabs test results. Each result includes the single core Geekbench 5 performance scores listed here:
Effect on bare metal of upgrade to sid: 1723 to 1745
Qemu with and without -cpu host and -enable-kvm: 1524 vs 110
Pricing
Per neighbor: $20.21 per month
When you think about the pricing, please consider that there are very few neighbors and Hetzner receives from me approximately $132.77 per month for the server and its IP addresses. The original pricing calculation is here. Please note that the currently offered unlimited unit size is not the originally calculated unit size.
How to Order
Accounts may be requested by active members of the LES community and by others whose web presence or references are deemed by MetalVPS as sufficient.
To request an account, please post here, PM me, @Not_Oles, or use the email on my @Not_Oles LES profile.
When and How to Pay
No payment is due until after your account is set up and you are 100% satisfied.
Payments available via Paypal or Stripe.
Warnings!
RAID 0! Fast 409.2K IOPS but when one disk dies the data on both disks is lost! 🤩
Node OS might suddenly change anytime soon! 👍
Hey! It's Debian unstable! 🤩
Grumpy, ignorant, clueless, greedy administrator! 😀
Delivery might take awhile! 😴
@Not_Oles frequently messes up new installs! 😱
No warranty, to the extent permitted by applicable law. No service level agreement. Not for business use. Intended especially for computer learning and fun!
@Not_Oles tries to keep the system updated. Frequent maintenance reboots are guaranteed, but uptime is pretty okay. Node load averages usually are pretty low.
Please make your own redundant, offsite backups! It's easy to download your backup to a safe place. Please also make sure that you actually can restore from your backups! Please think of your MetalVPS account as ephemeral!
@Not_Oles rents servers from Hetzner. MetalVPS.com is an indie project of Tom Miller, not an official Hetzner project, and not an official lowendspirit.com project.
Neighbors can see your account name, the processes you are running, and much other information. So, please do not put confidential information on the server.
What People are Saying
- About MetalVPS
"Nice trial and results! Very interesting 
"
"Wow pretty nice ! Congrats excellent options thanks for being a part of the community"
"the terms seemed exceptionally fair"
"Kernel Linux 5.11 is now in much better shape for AMD 
"
"Yes, please. I’ll take that."
"it's really quite dedicated. not all dedicated are the same."
"MetalVPS-AX101 has a reasonable price"
"really need a testing ground badly now especially with dedicated core"
"I've been using this one from him. Highly recommend! His support is really amazing!"
"Grab it while the hotel still has vacant rooms."
- About Not_Oles
"Really, you're the best person I've known on the internet."
"I always love how you come up with new ideas 
Good luck, mate!
"he is the sweetest guy in LES .."
"resplendent as the Sonoran Sun"
"every time I visit les and see that profile picture, it brightens up my day."
"As for the new administrator, I nominate @Not_Oles."
"I would love to see @Not_Oles as a moderator or a bigger role."
"I would also support @Not_Oles as admin "
Thanks and best wishes! 🇺🇸🗽🇲🇽🏜️🇩🇪👨💻
Tom. 穆坦然. Not Oles. Happy New York City guy visiting Mexico! How is your 文言文?
The MetalVPS.com website runs very speedily on MicroLXC.net! Thanks to @Neoon!
Comments
Have you considered mounting /proc with hidepid?
Since I had not heard of hidepid, I had to look around. . . .
Wow! Interesting! Thanks!
not-oles@fsn1:~$ which hidepid not-oles@fsn1:~$ apt search hidepid Sorting... Done Full Text Search... Done not-oles@fsn1:~$ man mount | grep hidepid not-oles@fsn1:~$ g hidepid ←←← hidepid - Google Search (p1 of 3) Google hidepid_____________ Search ALL VIDEOS NEWS IMAGES Linux system hardening: adding hidepid to /proc mount point linux-audit.com › linux-system-hardening-adding-hidepid-to-proc Aug 30, 2016 · By default, the hidepid option has the value zero (0). This means that every user can see all data. When setting it to 1, the directories ... proc: Bad value for 'hidepid' · Issue #16896 · systemd ... - GitHub github.com › systemd › systemd › issues Aug 28, 2020 · With latest git master, I see root@debian:~# journalctl -b | grep hidepid Aug 28 20:47:16 debian kernel: proc: Bad value for 'hidepid' Aug ... Process hiding: hidepid capabilities of procfs | Iezzi.ch www.iezzi.ch › process-hiding-hidepid-capabilities-of-procfs Great! hidepid=0 (default) means the current behaviour – anybody may read all world-readable /proc/PID ... Chapter 5. The proc File System - Red Hat Customer Portal access.redhat.com › en-us › html › deployment_guide › ch-proc With hidepid = 2 enabled, process directories are made invisible to non-root users: ... mount -o remount , hidepid =value, gid =gid /proc. Set hidepid=1 persistently at boot - Unix & Linux Stack Exchange unix.stackexchange.com › questions › set-hidepid-1-persistently-at-boot You should create a custom initrd image. That's where /proc/ is usually mounted. For example, in ←←← hidepid - Google Search (p2 of 3) the ./init file from my /initrd.img :. How to deny other people to see my running details after “top” - Unix ... Mounting proc with hidepid option doesn't hide procs as expected ... hidepid=2 stopped working after an update. Kernel don't suppport How to hidepid on Arch Linux manually? - Unix StackExchange More results from unix.stackexchange.com hidepid.c - Network Security Tools [Book] - O'Reilly www.oreilly.com › library › view › network-security-tools hidepid.c Following is the full source code of our hidepid LKM: /*Thanks to adore-ng from Stealth for the ideas used in this code*/ #include #include ... Howto set hidepid=2 - Ubuntu Forums ubuntuforums.org › showthread Jul 3, 2019 · For security reasons I would like to set the option for proc to hidepid=2 in order to hide unnecessary information to a user. Configuring 'hidepid' for Linux systems · CubeCoders/AMP Wiki github-wiki-see.page › CubeCoders › Configuring-'hidepid'-for-Linux-syst... What is hidepid? "hidepid" is a setting applied to the /proc filesystem - it prevents users from being able to see information about processes that do not ... hidepid: hide a process from other users - Tuxdiary tuxdiary.com › 2014/08/23 › hidepid Aug 23, 2014 · hidepid: hide a process from other users. tux_comp The Linux kernel 3.2+ has added an option to hide processes from other users as a part of ... Search: hidepid - Sudo null sudonull.com › q=hidepid Hardening /proc with hidepid. Hiding processes for other users. Since Linux kernel 3.3 there are two new mount options for the Proc pseudo-filesystem. Related searches hidepid=invisible ←←← hidepid - Google Search (p3 of 3)bad value for 'hidepid secure proc linux hide process from ps proc/stat proc/pid/smaps proc/vmstat documentation man proc Next >Below is from a link in the above google search, https://www.oreilly.com/library/view/network-security-tools/0596007949/ch07s03s01.html#maincontent
The O'Reilly book Network Security Tools seems to have come out in 2005.
←←← youtube-logo (p2 of 4) hidepid.c Following is the full source code of our hidepid LKM: /*Thanks to adore-ng from Stealth for the ideas used in this code*/ #include <linux/kernel.h> #include <l inux/module.h> #include <linux/init.h> #include <net/sock.h> #define HIDEPID 4781 typedef int (*readdir_t )(struct file *, void *, filldir_t); readdir_t orig_proc_readdir=NULL; filldir_t proc_filldir = NULL; /*C onvert string to integer. Strip non-integer characters. Courtesy adore-ng*/ int adore_atoi(const char *st r) { int ret = 0, mul = 1; const char *ptr; for (ptr = str; *ptr >= '0' && *ptr <= '9'; ptr++) ; ptr--; w hile (ptr >= str) { if (*ptr < '0' || *ptr > '9') break; ret += (*ptr - '0') * mul; mul *= 10; ptr--; } r eturn ret; } int my_proc_filldir (void *buf, const char *name, int nlen, loff_t off, ino_t ino, unsigned x) { /*If name is equal to our pid, then we return 0. This way, our pid isn't visible*/ if(adore_atoi(nam e)==HIDEPID) { return 0; } /*Otherwise, call original filldir*/ return proc_filldir(buf, name, nlen, off, ino, x); } int my_proc_readdir(struct file *fp, void *buf, filldir_t filldir) { int r=0; proc_filldir = filldir; /*invoke orig_proc_readdir with my_proc_filldir*/ r=orig_proc_readdir(fp,buf,my_proc_filldir); r eturn r; } int hide_pid(readdir_t *orig_readdir, readdir_t new_readdir) { struct file *filep; /*open /pro c */ if((filep = filp_open("/proc",O_RDONLY,0))==NULL) { return -1; } /*store proc's readdir*/ if(orig_re addir) *orig_readdir = filep->f_op->readdir; /*set proc's readdir to new_readdir*/ ... Get Network Security Tools now with O’Reilly online learning. O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers. Start your free trialFrom 2020
https://lwn.net/Articles/817137/
https://lore.kernel.org/lkml/[email protected]/
from man 5 proc:
not-oles@fsn1:~$ man proc [ . . . ] hidepid=n (since Linux 3.3) This option controls who can access the information in /proc/[pid] directories. The ar‐ gument, n, is one of the following values: 0 Everybody may access all /proc/[pid] directories. This is the traditional behavior, and the default if this mount option is not specified. 1 Users may not access files and subdirectories inside any /proc/[pid] directories but their own (the /proc/[pid] directories themselves remain visible). Sensitive files such as /proc/[pid]/cmdline and /proc/[pid]/status are now protected against other users. This makes it impossible to learn whether any user is running a specific program (so long as the program doesn't otherwise reveal itself by its behavior). 2 As for mode 1, but in addition the /proc/[pid] directories belonging to other users become invisible. This means that /proc/[pid] entries can no longer be used to dis‐ cover the PIDs on the system. This doesn't hide the fact that a process with a spe‐ cific PID value exists (it can be learned by other means, for example, by "kill -0 $PID"), but it hides a process's UID and GID, which could otherwise be learned by employing stat(2) on a /proc/[pid] directory. This greatly complicates an at‐ tacker's task of gathering information about running processes (e.g., discovering whether some daemon is running with elevated privileges, whether another user is running some sensitive program, whether other users are running any program at all, and so on). gid=gid (since Linux 3.3) Specifies the ID of a group whose members are authorized to learn process information otherwise prohibited by hidepid (i.e., users in this group behave as though /proc was mounted with hidepid=0). This group should be used instead of approaches such as putting nonroot users into the sudoers(5) file.Last for now, but not least:
https://unix.stackexchange.com/questions/454807/how-to-deny-other-people-to-see-my-running-details-after-top-command-and-press
Tom. 穆坦然. Not Oles. Happy New York City guy visiting Mexico! How is your 文言文?
The MetalVPS.com website runs very speedily on MicroLXC.net! Thanks to @Neoon!
You have a great project, very interesting
Hi @cpsd! Thanks for your kind words! Welcome to LES! Want to share something about what you are working on? Best wishes and kindest regards! Tom
Tom. 穆坦然. Not Oles. Happy New York City guy visiting Mexico! How is your 文言文?
The MetalVPS.com website runs very speedily on MicroLXC.net! Thanks to @Neoon!
Another reference for hidepid: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0499680a42141d86417a8fbaa8c8db806bea1201
Thanks again to @johnk!
Tom. 穆坦然. Not Oles. Happy New York City guy visiting Mexico! How is your 文言文?
The MetalVPS.com website runs very speedily on MicroLXC.net! Thanks to @Neoon!
Yeah. It's built in the kernel and pretty frequently used I'd imagine. Just need to be aware that some things need an exclusion (ie, polkitd/nagios/zabbix)
I will be a pleasure. I manage a couple dedis running a java production app that I developed for my company (just internal use) (too many lines of code), plus a few vps where I backup these data and the daily files that my co-wokers use. I enjoy my days improving some database tables or testing some backup scripts what tell me that everything is working fine (at least for the moment).
Anyway I am more a reading guy. I have been in the other green forum for 5 years with three hundred something posts.
Cool! Delighted to meet you! 🌟
Tom. 穆坦然. Not Oles. Happy New York City guy visiting Mexico! How is your 文言文?
The MetalVPS.com website runs very speedily on MicroLXC.net! Thanks to @Neoon!
Possibly a bit of progress to report!
I've been running around trying all kinds of qemu command line foo ("qemufoo"). I've been wondering about warnings I was getting from qemu via /etc/qemu-ifup, and why vmbr0 wasn't showing up in
ip link show. After a few more than a few days, I finally looked atsystemctl status networking, where I saw "Cannot find device 'vmbr0.'" A little googling suggested thatbridge-utilsmight need to be installed. 🤦♂️root@fsn1 /home/not-oles # cat systemctl-status-networking root@fsn1 ~ # systemctl status networking ● networking.service - Raise network interfaces Loaded: loaded (/lib/systemd/system/networking.service; enabled; vendor pre> Active: failed (Result: exit-code) since Tue 2021-08-10 18:37:46 UTC; 7h ago Docs: man:interfaces(5) Process: 874 ExecStart=/sbin/ifup -a --read-environment (code=exited, status> Main PID: 874 (code=exited, status=1/FAILURE) CPU: 160ms Aug 10 18:37:41 fsn1 systemd[1]: Starting Raise network interfaces... Aug 10 18:37:46 fsn1 ifup[946]: Waiting for DAD... Done Aug 10 18:37:46 fsn1 ifup[1143]: Cannot find device "vmbr0" Aug 10 18:37:46 fsn1 ifup[874]: ifup: failed to bring up vmbr0 Aug 10 18:37:46 fsn1 systemd[1]: networking.service: Main process exited, code=e> Aug 10 18:37:46 fsn1 systemd[1]: networking.service: Failed with result 'exit-co> Aug 10 18:37:46 fsn1 systemd[1]: Failed to start Raise network interfaces. lines 1-15/15 (END) root@fsn1 /home/not-oles #root@fsn1 ~ # systemctl restart networking root@fsn1 /home/not-oles # systemctl status networking ● networking.service - Raise network interfaces Loaded: loaded (/lib/systemd/system/networking.service; enabled; vendor preset: enabled) Active: active (exited) since Wed 2021-08-11 01:45:33 UTC; 7min ago Docs: man:interfaces(5) Process: 1655 ExecStart=/sbin/ifup -a --read-environment (code=exited, status=0/SUCCESS) Main PID: 1655 (code=exited, status=0/SUCCESS) CPU: 39ms Aug 11 01:45:33 fsn1 systemd[1]: Starting Raise network interfaces... Aug 11 01:45:33 fsn1 ifup[1726]: Waiting for DAD... Done Aug 11 01:45:33 fsn1 systemd[1]: Finished Raise network interfaces. root@fsn1 /home/not-oles #Maybe tomorrow I will try some more qemufoo and see if I have better success now that the bridge might be working.
I will add bridge-utils to my post-install script.
Happy greetings from Sonora, MX! 🎉🥳
Tom. 穆坦然. Not Oles. Happy New York City guy visiting Mexico! How is your 文言文?
The MetalVPS.com website runs very speedily on MicroLXC.net! Thanks to @Neoon!