LES Exclusive: Ryzen 9 5950X Vermeer Zen 3 Unlimited!

Not_Oles

LES Exclusive: Ryzen 9 5950X Vermeer Zen 3 Unlimited!

Fast-as-metal server share from MetalVPS.com!

Hetzner AX101 Ryzen 9 5950X Vermeer Zen 3!

CPU: AMD Ryzen™ 9 5950X 16-Core

RAM: 128 GB DDR4 ECC

Hard drive: 2 x 3.84 TB NVMe SSD Datacenter Edition (software RAID 0, 7 TB space available, very fast)

IP Addresses: IPv4/28, IPv6/64

Connection: 1 GBit/s port

Bandwidth: 1 GBit/s

Traffic: Unlimited and free of charge

Datacenter: Hetzner FSN1

OS: Recently moved from Proxmox to Debian sid

Current Offer

Shell account. Shared unlimited access to all resources. At least processor cores could be dedicated if a neighbor uses taskset or a similar tool.

This current setup means, for example, that a single neighbor could run more than one VPS using qemu, could use more than one IPv4, or could store terabytes of data files, etc. Currently there are two terrific neighbors, 🤩 or three if we include me, @Not_Oles. 🤔 Nobody is using significant resources -- thus, much remains available.

No GUI on the node yet. No web control panel yet. Just command line on the node for now. Of course, you can put whatever you want inside your VPS, and we also can add to the node.

The node has git, gcc, and many of their friends.

IPv4 Additional IP Connectivity Status

Neighbors currently using qemu have forwarded ports on the node IPv4 and qemu slirp user mode networking. You can see from the yabs that the slirp speed seems okay.

Both IPv4 and IPv6 additional IPs worked fine on the node and inside VMs when the server was running Proxmox, so I imagine the current issue with the additional IPv4s not working in qemu has to do with my clueless configuration. 😵

I have been reading documentation on qemu.org, on linux-kvm.org, and elsewhere. If I don't succeed in getting IPv4 additional IP connectivity working soon, I will post about it so you guys can pass me a clue. Meanwhile I am enjoying what I wanted, slowly 🐢 learning a little of how the configuration works instead of having Proxmox do it for me.

Nobody has tried LXC yet. But I am sure we will get around to LXC before too long. 🔜

YABS

The links below are to yabs test results. Each result includes the single core Geekbench 5 performance scores listed here:

• Effect on bare metal of upgrade to sid: 1723 to 1745

• Qemu with and without -cpu host and -enable-kvm: 1524 vs 110

Pricing

• Per neighbor: $20.21 per month

• When you think about the pricing, please consider that there are very few neighbors and Hetzner receives from me approximately $132.77 per month for the server and its IP addresses. The original pricing calculation is here. Please note that the currently offered unlimited unit size is not the originally calculated unit size.

How to Order

• Accounts may be requested by active members of the LES community and by others whose web presence or references are deemed by MetalVPS as sufficient.

• To request an account, please post here, PM me, @Not_Oles, or use the email on my @Not_Oles LES profile.

When and How to Pay

• No payment is due until after your account is set up and you are 100% satisfied.

• Payments available via Paypal or Stripe.

Warnings!

• RAID 0! Fast 409.2K IOPS but when one disk dies the data on both disks is lost! 🤩

• Node OS might suddenly change anytime soon! 👍

• Hey! It's Debian unstable! 🤩

• Grumpy, ignorant, clueless, greedy administrator! 😀

• Delivery might take awhile! 😴

• @Not_Oles frequently messes up new installs! 😱

• No warranty, to the extent permitted by applicable law. No service level agreement. Not for business use. Intended especially for computer learning and fun!

• @Not_Oles tries to keep the system updated. Frequent maintenance reboots are guaranteed, but uptime is pretty okay. Node load averages usually are pretty low.

• Please make your own redundant, offsite backups! It's easy to download your backup to a safe place. Please also make sure that you actually can restore from your backups! Please think of your MetalVPS account as ephemeral!

• @Not_Oles rents servers from Hetzner. MetalVPS.com is an indie project of Tom Miller, not an official Hetzner project, and not an official lowendspirit.com project.

• Neighbors can see your account name, the processes you are running, and much other information. So, please do not put confidential information on the server.

What People are Saying

• About MetalVPS

"Nice trial and results! Very interesting "

Metalvps recommended on OGF 🙈

"It just crossed my mind that I've been using your server for over half a year! It's been an amazing experience! . . . Your services deserve much more attention. "

"Wow pretty nice ! Congrats excellent options thanks for being a part of the community"

"the terms seemed exceptionally fair"

"Kernel Linux 5.11 is now in much better shape for AMD "

"Yes, please. I’ll take that."

"it's really quite dedicated. not all dedicated are the same."

"MetalVPS-AX101 has a reasonable price"

"really need a testing ground badly now especially with dedicated core"

"the fastest VPS I ever used"

"I've been using this one from him. Highly recommend! His support is really amazing!"

"10/10 metalvps recommended"

"very powerful"

"premium stuff"

"Grab it while the hotel still has vacant rooms."

". . . very passionate and enthusiastic about everything. Not all businesses are made this way and it's very easy to see when you interact with them. You are giving the right impression with this industry and it's wonderful to see."

"I think MetalVPS is designed in between a dedicated and a regular VPS. Some use case cannot fill the capacity of a dedicated but need more CPU than a regular VPS, and it makes sense to use MetalVPS in such situation."

---

• About Not_Oles

"Possibly the most polite and enthusiastic personality in the entire LE* world with a genuine interest that runs so deep he even set up a business exclusively catering for LES. as a regular content writer for LES his articles frequently top the charts in terms of most viewed (according to google)"

"Really, you're the best person I've known on the internet."

"we've found that good, in-depth technical articles tend to drive user interaction and new sign-ups on the forum. @Not_Oles's Proxmox articles are evidence of this."

"I always love how you come up with new ideas Good luck, mate!

"he is a great guy!"

"he is the sweetest guy in LES .."

"Everybody loves @Not_Oles! "

"resplendent as the Sonoran Sun"

"god bless not_oles ^^"

"every time I visit les and see that profile picture, it brightens up my day."

"As for the new administrator, I nominate @Not_Oles."

"I would love to see @Not_Oles as a moderator or a bigger role."

"I would also support @Not_Oles as admin "

Thanks and best wishes! 🇺🇸🗽🇲🇽🏜️🇩🇪👨‍💻​

johnk

Neighbors can see your account name, the processes you are running, and much other information. So, please do not put confidential information on the server.

Have you considered mounting /proc with hidepid?

Not_Oles

@johnk said: Have you considered mounting /proc with hidepid?

Since I had not heard of hidepid, I had to look around. . . .

Wow! Interesting! Thanks!

not-oles@fsn1:~$ which hidepid
not-oles@fsn1:~$ apt search hidepid
Sorting... Done
Full Text Search... Done
not-oles@fsn1:~$ man mount | grep hidepid
not-oles@fsn1:~$ g hidepid

←←←                                                                     hidepid - Google Search (p1 of 3)
    Google                                                                                               
   hidepid_____________ Search                                                                           
   ALL VIDEOS NEWS IMAGES                                                                                

   Linux system hardening: adding hidepid to /proc mount point linux-audit.com ›                         
   linux-system-hardening-adding-hidepid-to-proc                                                         
   Aug 30, 2016 · By default, the hidepid option has the value zero (0). This means that every user      
   can see all data. When setting it to 1, the directories ...                                           
   proc: Bad value for 'hidepid' · Issue #16896 · systemd ... - GitHub github.com › systemd ›            
   systemd › issues                                                                                      
   Aug 28, 2020 · With latest git master, I see root@debian:~# journalctl -b | grep hidepid Aug 28       
   20:47:16 debian kernel: proc: Bad value for 'hidepid' Aug ...                                         
   Process hiding: hidepid capabilities of procfs | Iezzi.ch www.iezzi.ch ›                              
   process-hiding-hidepid-capabilities-of-procfs                                                         
   Great! hidepid=0 (default) means the current behaviour – anybody may read all world-readable          
   /proc/PID ...                                                                                         
   Chapter 5. The proc File System - Red Hat Customer Portal access.redhat.com › en-us › html ›          
   deployment_guide › ch-proc                                                                            
   With hidepid = 2 enabled, process directories are made invisible to non-root users: ... mount -o      
   remount , hidepid =value, gid =gid /proc.                                                             
   Set hidepid=1 persistently at boot - Unix & Linux Stack Exchange unix.stackexchange.com ›             
   questions › set-hidepid-1-persistently-at-boot                                                        
   You should create a custom initrd image. That's where /proc/ is usually mounted. For example, in   
←←←                                                                     hidepid - Google Search (p2 of 3)
   the ./init file from my /initrd.img :. How to deny other people to see my running details after       
   “top” - Unix ... Mounting proc with hidepid option doesn't hide procs as expected ... hidepid=2       
   stopped working after an update. Kernel don't suppport How to hidepid on Arch Linux manually? -       
   Unix StackExchange More results from unix.stackexchange.com                                           
   hidepid.c - Network Security Tools [Book] - O'Reilly www.oreilly.com › library › view ›               
   network-security-tools                                                                                
   hidepid.c Following is the full source code of our hidepid LKM: /*Thanks to adore-ng from             
   Stealth for the ideas used in this code*/ #include #include ...                                       
   Howto set hidepid=2 - Ubuntu Forums ubuntuforums.org › showthread                                     
   Jul 3, 2019 · For security reasons I would like to set the option for proc to hidepid=2 in order      
   to hide unnecessary information to a user.                                                            
   Configuring 'hidepid' for Linux systems · CubeCoders/AMP Wiki github-wiki-see.page › CubeCoders       
   › Configuring-'hidepid'-for-Linux-syst...                                                             
   What is hidepid? "hidepid" is a setting applied to the /proc filesystem - it prevents users from      
   being able to see information about processes that do not ...                                         
   hidepid: hide a process from other users - Tuxdiary tuxdiary.com › 2014/08/23 › hidepid               
   Aug 23, 2014 · hidepid: hide a process from other users. tux_comp The Linux kernel 3.2+ has           
   added an option to hide processes from other users as a part of ...                                   
   Search: hidepid - Sudo null sudonull.com › q=hidepid                                                  
   Hardening /proc with hidepid. Hiding processes for other users. Since Linux kernel 3.3 there are      
   two new mount options for the Proc pseudo-filesystem.                                                 
   Related searches                                                                                      
   hidepid=invisible 
←←←                                                                     hidepid - Google Search (p3 of 3)
   >                                                                                                     
   bad value for 'hidepid                                                                                
   >                                                                                                     
   secure proc                                                                                           
   >                                                                                                     
   linux hide process from ps                                                                            
   >                                                                                                     
   proc/stat                                                                                             
   >                                                                                                     
   proc/pid/smaps                                                                                        
   >                                                                                                     
   proc/vmstat documentation                                                                             
   >                                                                                                     
   man proc                                                                                              
   >                                                                                                     

   Next >              

Below is from a link in the above google search, https://www.oreilly.com/library/view/network-security-tools/0596007949/ch07s03s01.html#maincontent

The O'Reilly book Network Security Tools seems to have come out in 2005.

←←←                                                                                youtube-logo (p2 of 4)
hidepid.c                                                                                                

   Following is the full source code of our hidepid LKM:                                                 
/*Thanks to adore-ng from Stealth for the ideas used in this code*/ #include <linux/kernel.h> #include <l
inux/module.h> #include <linux/init.h> #include <net/sock.h> #define HIDEPID 4781 typedef int (*readdir_t
)(struct file *, void *, filldir_t); readdir_t orig_proc_readdir=NULL; filldir_t proc_filldir = NULL; /*C
onvert string to integer. Strip non-integer characters. Courtesy adore-ng*/ int adore_atoi(const char *st
r) { int ret = 0, mul = 1; const char *ptr; for (ptr = str; *ptr >= '0' && *ptr <= '9'; ptr++) ; ptr--; w
hile (ptr >= str) { if (*ptr < '0' || *ptr > '9') break; ret += (*ptr - '0') * mul; mul *= 10; ptr--; } r
eturn ret; } int my_proc_filldir (void *buf, const char *name, int nlen, loff_t off, ino_t ino, unsigned 
x) { /*If name is equal to our pid, then we return 0. This way, our pid isn't visible*/ if(adore_atoi(nam
e)==HIDEPID) { return 0; } /*Otherwise, call original filldir*/ return proc_filldir(buf, name, nlen, off,
 ino, x); } int my_proc_readdir(struct file *fp, void *buf, filldir_t filldir) { int r=0; proc_filldir = 
filldir; /*invoke orig_proc_readdir with my_proc_filldir*/ r=orig_proc_readdir(fp,buf,my_proc_filldir); r
eturn r; } int hide_pid(readdir_t *orig_readdir, readdir_t new_readdir) { struct file *filep; /*open /pro
c */ if((filep = filp_open("/proc",O_RDONLY,0))==NULL) { return -1; } /*store proc's readdir*/ if(orig_re
addir) *orig_readdir = filep->f_op->readdir; /*set proc's readdir to new_readdir*/ ...                   

   Get Network Security Tools now with O’Reilly online learning.                                         

   O’Reilly members experience live online training, plus books, videos, and digital content from        
   200+ publishers.                                                                                      
   Start your free trial 

From 2020

https://lwn.net/Articles/817137/

https://lore.kernel.org/lkml/[email protected]/

from man 5 proc:

not-oles@fsn1:~$ man proc
[ . . . ]
       hidepid=n (since Linux 3.3)
              This option controls who can access the information in /proc/[pid] directories.  The ar‐
              gument, n, is one of the following values:

              0   Everybody may access all /proc/[pid] directories.  This is the traditional behavior,
                  and the default if this mount option is not specified.

              1   Users may not access files and subdirectories inside any /proc/[pid] directories but
                  their  own (the /proc/[pid] directories themselves remain visible).  Sensitive files
                  such as /proc/[pid]/cmdline and /proc/[pid]/status are now protected  against  other
                  users.   This  makes  it  impossible to learn whether any user is running a specific
                  program (so long as the program doesn't otherwise reveal itself by its behavior).

              2   As for mode 1, but in addition the /proc/[pid] directories belonging to other  users
                  become invisible.  This means that /proc/[pid] entries can no longer be used to dis‐
                  cover the PIDs on the system.  This doesn't hide the fact that a process with a spe‐
                  cific  PID  value exists (it can be learned by other means, for example, by "kill -0
                  $PID"), but it hides a process's UID and GID, which could otherwise  be  learned  by
                  employing  stat(2)  on  a  /proc/[pid]  directory.   This greatly complicates an at‐
                  tacker's task of gathering information about running  processes  (e.g.,  discovering
                  whether  some  daemon  is  running with elevated privileges, whether another user is
                  running some sensitive program, whether other users are running any program at  all,
                  and so on).

       gid=gid (since Linux 3.3)
              Specifies  the  ID  of a group whose members are authorized to learn process information
              otherwise prohibited by hidepid (i.e., users in this group behave as  though  /proc  was
              mounted  with  hidepid=0).   This  group  should  be  used instead of approaches such as
              putting nonroot users into the sudoers(5) file.

Last for now, but not least:

https://unix.stackexchange.com/questions/454807/how-to-deny-other-people-to-see-my-running-details-after-top-command-and-press

cpsd

You have a great project, very interesting

Not_Oles

Hi @cpsd! Thanks for your kind words! Welcome to LES! Want to share something about what you are working on? Best wishes and kindest regards! Tom

Not_Oles

Another reference for hidepid: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0499680a42141d86417a8fbaa8c8db806bea1201

Thanks again to @johnk!

johnk

@Not_Oles said:
Another reference for hidepid: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0499680a42141d86417a8fbaa8c8db806bea1201

Thanks again to @johnk!

Yeah. It's built in the kernel and pretty frequently used I'd imagine. Just need to be aware that some things need an exclusion (ie, polkitd/nagios/zabbix)

cpsd

@Not_Oles said:
Hi @cpsd! Thanks for your kind words! Welcome to LES! Want to share something about what you are working on? Best wishes and kindest regards! Tom

I will be a pleasure. I manage a couple dedis running a java production app that I developed for my company (just internal use) (too many lines of code), plus a few vps where I backup these data and the daily files that my co-wokers use. I enjoy my days improving some database tables or testing some backup scripts what tell me that everything is working fine (at least for the moment).
Anyway I am more a reading guy. I have been in the other green forum for 5 years with three hundred something posts.

Not_Oles

@cpsd said:

@Not_Oles said:
Hi @cpsd! Thanks for your kind words! Welcome to LES! Want to share something about what you are working on? Best wishes and kindest regards! Tom

I will be a pleasure. I manage a couple dedis running a java production app that I developed for my company (just internal use) (too many lines of code), plus a few vps where I backup these data and the daily files that my co-wokers use. I enjoy my days improving some database tables or testing some backup scripts what tell me that everything is working fine (at least for the moment).
Anyway I am more a reading guy. I have been in the other green forum for 5 years with three hundred something posts.

Cool! Delighted to meet you! 🌟

Not_Oles

@Not_Oles said:

IPv4 Additional IP Connectivity Status

Neighbors currently using qemu have forwarded ports on the node IPv4 and qemu slirp user mode networking. You can see from the yabs that the slirp speed seems okay.

Both IPv4 and IPv6 additional IPs worked fine on the node and inside VMs when the server was running Proxmox, so I imagine the current issue with the additional IPv4s not working in qemu has to do with my clueless configuration. 😵

I have been reading documentation on qemu.org, on linux-kvm.org, and elsewhere. If I don't succeed in getting IPv4 additional IP connectivity working soon, I will post about it so you guys can pass me a clue. Meanwhile I am enjoying what I wanted, slowly 🐢 learning a little of how the configuration works instead of having Proxmox do it for me.

Possibly a bit of progress to report!

I've been running around trying all kinds of qemu command line foo ("qemufoo"). I've been wondering about warnings I was getting from qemu via /etc/qemu-ifup, and why vmbr0 wasn't showing up in ip link show. After a few more than a few days, I finally looked at systemctl status networking, where I saw "Cannot find device 'vmbr0.'" A little googling suggested that bridge-utils might need to be installed. 🤦‍♂️

• Before installing bridge-utils:

root@fsn1 /home/not-oles # cat systemctl-status-networking
root@fsn1 ~ # systemctl status networking
● networking.service - Raise network interfaces
     Loaded: loaded (/lib/systemd/system/networking.service; enabled; vendor pre>
     Active: failed (Result: exit-code) since Tue 2021-08-10 18:37:46 UTC; 7h ago
       Docs: man:interfaces(5)
    Process: 874 ExecStart=/sbin/ifup -a --read-environment (code=exited, status>
   Main PID: 874 (code=exited, status=1/FAILURE)
        CPU: 160ms

Aug 10 18:37:41 fsn1 systemd[1]: Starting Raise network interfaces...
Aug 10 18:37:46 fsn1 ifup[946]: Waiting for DAD... Done
Aug 10 18:37:46 fsn1 ifup[1143]: Cannot find device "vmbr0"
Aug 10 18:37:46 fsn1 ifup[874]: ifup: failed to bring up vmbr0
Aug 10 18:37:46 fsn1 systemd[1]: networking.service: Main process exited, code=e>
Aug 10 18:37:46 fsn1 systemd[1]: networking.service: Failed with result 'exit-co>
Aug 10 18:37:46 fsn1 systemd[1]: Failed to start Raise network interfaces.
lines 1-15/15 (END)

root@fsn1 /home/not-oles # 

• After installing bridge-utils:

root@fsn1 ~ # systemctl restart networking
root@fsn1 /home/not-oles # systemctl status networking
● networking.service - Raise network interfaces
     Loaded: loaded (/lib/systemd/system/networking.service; enabled; vendor preset: enabled)
     Active: active (exited) since Wed 2021-08-11 01:45:33 UTC; 7min ago
       Docs: man:interfaces(5)
    Process: 1655 ExecStart=/sbin/ifup -a --read-environment (code=exited, status=0/SUCCESS)
   Main PID: 1655 (code=exited, status=0/SUCCESS)
        CPU: 39ms

Aug 11 01:45:33 fsn1 systemd[1]: Starting Raise network interfaces...
Aug 11 01:45:33 fsn1 ifup[1726]: Waiting for DAD... Done
Aug 11 01:45:33 fsn1 systemd[1]: Finished Raise network interfaces.
root@fsn1 /home/not-oles # 

Maybe tomorrow I will try some more qemufoo and see if I have better success now that the bridge might be working.

I will add bridge-utils to my post-install script.

Happy greetings from Sonora, MX! 🎉🥳