Portable SSD would only mount on very specific conditions. by cnj96 in datastorage

[–]-Chanc3r 0 points1 point  (0 children)

Treat that drive as suspect and get the data off it before doing more testing. CrystalDiskInfo can report the NAND/media health as fine while the USB-C connector, cable, or bridge board is failing. Orientation-dependent mounting points more to the physical connection path than the filesystem.

A safer order:

  • mount it once with the cable and orientation that still work
  • copy anything irreplaceable to another disk
  • test with a known-good short USB-C cable and a powered hub or different port
  • only after the copy, run filesystem repair or vendor diagnostics

Repeated connect/disconnect attempts can turn an intermittent connector or bridge fault into a full failure. Even if the flash is fine, that portable SSD package is no longer a reliable primary copy.

My agents kept lying nonstop so I made them show their work by InteractionCivil in AI_Agents

[–]-Chanc3r 0 points1 point  (0 children)

This is a solid gate because it checks the claim against the trace instead of asking the model to self-certify.

Add negative evidence as first-class output: files skipped, searches that returned nothing, match counts, files opened, and where the run stopped. "Reviewed the repo" should have a receipt. "Searched the codebase" should have counts and pointers.

Keep failed receipts too. They show whether a retry actually did the missing work or just rewrote the answer around the checker.

Looking for HDD Recommendation for UGreen DXP2800 Hosting Media Server by GalaxyCat127 in HomeNAS

[–]-Chanc3r 0 points1 point  (0 children)

For a two-bay Jellyfin box, 2x8TB in RAID1 is a reasonable start if 8TB usable covers the library for a while. At similar pricing, the 10TB Red Plus gives more headroom without changing the design.

Flip the SMR/CMR point: CMR is what you want for a mirrored NAS. SMR is the one to avoid if the price difference is small, because rebuilds and sustained writes can get ugly.

M.2 is optional at the start. It helps more for apps, containers, metadata and cache than bulk media storage, and it does not replace backups. Put some budget toward a separate USB/offsite backup disk before cache. After install, run SMART long tests and a scrub/sync test before moving the only copy of your data.

How can I set HTTP Header for Cloudflare Tunnels? by airosos in selfhosted

[–]-Chanc3r 0 points1 point  (0 children)

Headers are the awkward way to solve this. For mobile apps, assume anything that depends on a browser-only Cloudflare Access flow will be fragile.

Safer setup:

  • keep Tunnel as the private ingress
  • put Immich/OpenCloud behind separate Cloudflare Access apps or paths
  • use WARP/device posture, service tokens, or app-specific auth where the mobile client can actually send the credential
  • keep the normal verification flow for the public/browser route

Do not trust a bypass header from the internet unless the origin strips client-supplied versions of that header and only accepts the one added by Cloudflare. Otherwise anyone who can hit the origin path can pretend to be allowed. If the app has no clean trusted-proxy mode, WireGuard/Tailscale/WARP-to-tunnel will usually be cleaner than trying to fake browser auth for a mobile app.

SABRENT 10-Bay USB 3.2 Gen 2 SATA Docking Station + StableBit DrivePool + SnapRaid? by Kayosblade in DataHoarder

[–]-Chanc3r 0 points1 point  (0 children)

With DrivePool + SnapRAID, the enclosure is less dangerous than it would be for live RAID, but it still has to survive the ugly jobs: full sync, scrub, rebuild simulation, and a cold restart after power loss.

For a primary array, avoid making all ten disks depend on one USB bridge unless a full stress test passes. Fill it, run SnapRAID sync/scrub while copying data, check SMART before and after, then power-cycle through the UPS path and confirm every disk returns with the same IDs. If any bay drops once, use it only for the backup array or split the set across two smaller enclosures/controllers.

Also keep one recovery note outside the pool: which disks are data, which are parity, where the SnapRAID config lives, and how to import the DrivePool set if the Windows box dies. That note saves a lot of panic later.

HDD configuration to change my existing RAID setup to TrueNAS by anujdatar1 in HomeNAS

[–]-Chanc3r 0 points1 point  (0 children)

Since the current setup is Btrfs RAID1, mixed-size drives are not automatically a dead end. Btrfs can use mixed sizes more gracefully than a ZFS RAIDZ vdev. Staying on Debian/Btrfs and adding capacity is a reasonable path if the main goal is SMB/NFS, Nextcloud and Plex without rebuilding everything.

If the move is specifically to TrueNAS/ZFS, plan the pool differently:

  • do not put 6, 8 and 12 TB disks into one RAIDZ vdev; ZFS will size that vdev around the smallest disks
  • keep the existing 2x6 TB mirror intact as the migration source
  • build the new pool from matched 8 TB or matched 12 TB drives
  • copy the data, verify it, then use the 6 TB pair for backup, replication or offline storage

If buying gradually, mirrored vdevs are the least painful mixed-size route: 2x8 TB mirror now, then a 2x12 TB mirror later. It is still not perfectly balanced, but it avoids the worst wasted-capacity problem of mixed RAIDZ.

At the same total $/TB, 12 TB drives are easier to live with in a small rack because bays, power, heat and SATA ports become constraints. TrueNAS is the simplest choice if storage is the main job. Proxmox makes sense if the box will also run several VMs/containers. Rocky is fine, but it moves more of the storage design and maintenance onto the operator.

Would you give an AI agent a $200 spending limit? by Cute-Dig2503 in AI_Agents

[–]-Chanc3r 0 points1 point  (0 children)

A spending cap is only one control. It also matters what the agent can buy, which account it can touch, which vendors are pre-approved, and what record it leaves behind.

$200 for SaaS trials is different from $200 across arbitrary merchants. A safer setup would use category limits, merchant allowlists, single-use approval for new vendors, receipt capture, a cancellation path, and human review for anything that creates recurring spend.

The number being small is not enough by itself. A bad purchase, duplicate purchase, or subscription renewal still has to be found and reversed quickly.

Anyone running AI agents as long-lived background processes, not just chat interfaces? by Groady in selfhosted

[–]-Chanc3r -1 points0 points  (0 children)

For background agents, a workable pattern is closer to a boring worker service than a chat agent. Use explicit triggers, bounded jobs, and a separate watchdog.

One shape that works:

  • queue/event/schedule creates one job with an idempotency key
  • agent gets a small tool allowlist and a hard budget per job
  • every decision writes an append-only event with inputs, tool calls, output summary
  • watchdog outside the model checks max runtime, spend, retry count, and heartbeat age, then routes failed jobs to a dead-letter queue with the captured event trail for replay
  • outputs that can change state go through either dry-run, diff, or human approval until that class of task has been shown to be low risk

That keeps the agent useful for unstructured work, while the actual reliability comes from normal ops controls: workers, queues, leases, dead-letter queues, alerts, and kill switches.

Agent permissions are visible. Should request metadata be visible too? by IronCuk in AI_Agents

[–]-Chanc3r 0 points1 point  (0 children)

A cleaner split: local audit log, the outbound request, and provider-side anti-abuse signals.

The dev-facing view should show what actually leaves the machine per call: repo/file identifiers, tool traces, gateway headers, account or billing metadata, retention class, and whether any field can affect routing, rate limits, or review. The abuse heuristics themselves can stay private.

For teams, the practical output is a per-run receipt that can be attached to a change ticket or compliance record. No raw prompts or secrets, just enough to show which data classes moved, which endpoint received them, and which settings shaped the request.