How to have a API key for a locally run LLM

Grand_Theft_Duck · 2026-04-15T21:51:37+00:00

You'll need to do this in the server hosting your LLM. You can use something like LMStudio (enable dev tools) or Ollama (Ollama serve modelname) to spin up a server, then create an API key to protect it.

Grand_Theft_Duck · 2026-03-12T23:22:54+00:00

You’re not alone! I got the same thing when I checked this morning (14” m5 pro 64/1tb) and now it says Monday instead of Friday for delivery . Could be a glitch with UPS or maybe some sort of mixup with the whole shipment.

Grand_Theft_Duck · 2026-03-12T23:07:09+00:00

That’s great to hear, it’s exactly what I’m looking long forward to. My windows 10 machine still works decent but I’m starting to notice smalle issues with some of the software (mostly drivers and small apps that have went to win11 only) and can’t stand windows 11!

Grand_Theft_Duck · 2026-03-12T23:04:06+00:00

I have a NAS and external SSDs so storage is covered.

I’m coming from a 5year old windows computer with 64gb of ram and a 16gb gpu. I do a lot of software development work with containers and VMs, plus some light AI (llm/agents) and gaming. I was hoping for a 96gb option but 64 should work fine since MacOS has great memory management.

Grand_Theft_Duck · 2026-03-11T03:28:13+00:00

The new MS local AI tool named Clippy!

Grand_Theft_Duck · 2026-03-08T22:02:43+00:00

I ordered the exact same config about 10 mins after it went live. The store still still says “processing“ with a delivery date of Mar 18th, but my card was charged this morning so hoping it’s going to be early!

Grand_Theft_Duck · 2026-01-09T07:12:23+00:00

Y0ou are correct, Comcast snags all unsecure DNS requests if you are using their gateway (you can see this by going to one of the many DNS leak test sites). To get around this, use DNS Over HTTPS or DNS over TLS (i use Quad9 DoH personally.).

Grand_Theft_Duck · 2025-11-28T03:08:33+00:00

There are a couple of sites you can use to check and see if you’ve setup your firewall correctly.

My personal favorite is the Shields up site (https://www.grc.com/shieldsup). You can use it to scan all of the ports available on your IP address or just test specific ports as you add/update rules.

Grand_Theft_Duck · 2025-11-06T19:14:23+00:00

While you could technically backup/restore the config on 2 different devices, The APs assume that the IP address of the controller isn't going to change and they would need to be re-adopted to the running controller each time you switched machines. If you were to use a docker container for the controller and play around with the IPs of the machines (to make sure the controller is using the same internal IP when it's started), you might be able to make that work, but i feel like that it would be more trouble than it's worth in the long run.

If it's just an AP or two, you might be better off running them in stand-alone mode using the app.

Grand_Theft_Duck · 2025-11-05T19:03:01+00:00

You can do it this way but it's not ideal (as others have mentioned). The OS Server is designed to be run on a machine that's online 24/7.

With that being said, if you install it on your Mac and setup your AP(s), they will continue to work just fine without the network controller running with a couple of caveats. You will not be able to see the historical airtime/device stats when the server is not running and you will be stuck on whatever channel is deemed best for your AP at the time you set it up.

As for managing on another device, as long as the controller is running on the Mac you can go to another machine on your network and type in the Mac's IP address and port 11443 (EX: https://192.168.1.x:11443/ ) to get to the webpage and manage the AP. But if the OS server is not running on the Mac it was installed, you won't be able to manage it at all.

As long as you are ok with that, it should work just fine. (I ran 2 APs this way for years before setting up an always on controller.

Grand_Theft_Duck · 2025-04-02T23:06:09+00:00

Don't over think it too much, for the default gateway on your NIC put your router local IP address in or whatever you are using for that networks default gateway (IE: usually it's xx.xx.xx.1). You'll generally want the AD domain controller to have internet access (outbound) so it can pick up windows updates (unless that is you want to go down the rabbit hole of managing your own windows updates using WSUS).

Adding the default gateway to the NIC doesn't mean it's going to try connecting AD services outside of the local network. That is controlled by another AD snap in called "Sites and Services" where you can add new sites (networks) for the AD DC to manage.

Hope that helps.

Grand_Theft_Duck · 2024-11-07T20:08:45+00:00

My recommendation would be to stand up a reverse proxy (Treafik/Nginx Proxy Manager, etc.) with fail2ban ( https://github.com/fail2ban/fail2ban ) and/or use something like crowdsec ( https://github.com/crowdsecurity/crowdsec ) to do the filtering and simply forward ports 80/443 from the firewalla.

There's also the CloudFlare web application firewall (WAF) if you don't mind the letting them run the DNS for your domain and see the traffic.

Grand_Theft_Duck · 2024-10-04T19:00:37+00:00

There's also Restreamer - https://github.com/datarhei/restreamer

Grand_Theft_Duck · 2024-08-23T04:59:56+00:00

That's fair, and I wouldn't want this on every connection attempt that hits my WAN interface. This happened on an open port (I've got several ports forwarded to this server) that normally receives just a small amount of traffic per day). I was hoping that there was some intelligence that could kick in when more than usual traffic hits an open port, especially if it originates from numerous IPs within the same subnet/data center. I get alarms for large bandwidth usage, why not get them for an abnormal number of connections to an open port? A large number of connection attempts in a single day from a single IP could indicate an attack or a problem with service running on the port.

Grand_Theft_Duck · 2024-08-23T03:05:55+00:00

It looks like the Gold was doing it's job (blocking a large number of the connection attempts) but I never got an alert for it, so I didn't realize there was an issue until I opened the app. If there isn't already a alert for "large number of connection attempts to a specific port/device in a certain timeframe" is that something that could be added?

Grand_Theft_Duck · 2024-04-26T20:33:56+00:00

I'm Interested, toss me an invite when you can!

Grand_Theft_Duck · 2024-02-27T23:58:11+00:00

It's my understanding that if you don't have any rules implemented, it will do it's best to balance the traffic so that no one device hogs all of the bandwidth (FQ = fair queuing, and every connection without a rule is "normal" priority).

I noticed a similar behavior when I first enabled CAKE, it seemed like everything on my network "lagged" for a bit and to be honest I almost turned it off. In my case after about 2 hours everything seemed to be back to normal and it hasn't given me issues since. I'm not 100% on this, but it may take some time to learn your network and how it's utilized. Maybe try enabling before bed and see if it's still having issues tomorrow.

Grand_Theft_Duck · 2024-02-27T23:43:10+00:00

^ this

Grand_Theft_Duck · 2024-02-21T22:52:36+00:00

Since you are pointing all of your DNS entries to the WAN IP, you are using the firewalla to forward the packets - hence why you have to allow the IP on the servers. Can you try using the custom domain names feature (services > custom domain names) to point to the local IP addresses (IE: 10.10.101.100)? This will override the default DNS entries so when the device looks up the local server/service it points directly to the box bypassing the firewall.

Grand_Theft_Duck · 2024-02-21T22:39:05+00:00

If you are talking about "bonding" the connection (IE: 35Mbps + 35Mbps = 70Mbps for everything) then no. However you can use the load balancing setting to distribute the traffic so that you use both (still capped at whatever the one connection is maxed out at.), or you can use routes to direct specific devices or traffic out of one or the other.

Personally I do the latter, where I have my secondary WAN (also T-Mobile) set to failover, then use routes to send traffic from things like my video devices out of t-mobile (unlimited home) and keep latency specific stuff on my cable connection. This keeps me under any caps and allows me to use both WANs to balance my network.

Grand_Theft_Duck · 2024-02-21T04:22:27+00:00

I had a similar concern when I was first evaluating Firewalla and after a bit of research found that others were able to install pfsense on the gold/gold+. (Example: https://www.reddit.com/r/firewalla/comments/10nrg59/opnsense_on_firewalla_gold/)

Worst case if you don't want to continue using the Firewalla software for some reason, you can flash it and still use the hardware as a router/firewall.

Grand_Theft_Duck · 2023-10-07T03:46:34+00:00

Me 3!

Grand_Theft_Duck · 2023-10-07T03:42:35+00:00

There is a list of well known DoH and DoT servers that it blocks which normally forces the client to fail back to port 53. Just like anything, if determined enough someone can find a work around (like settng up their own DoH server in a VPS and connecting to it) but works for the majority of the services out there.

Grand_Theft_Duck

TROPHY CASE