Yep, that's the idea! This post basically boils down to "does this exist for HASS already, or do I need to implement it?" and the answer, unfortunately, seems to be the latter.
smiletolerantly
joined 2 years ago
Thanks, had not heard of this before! From skimming the link, it seems that the integration with HASS mostly focuses on providing wyoming endpoints (STT, TTS, wakeword), right? (Un)fortunately, that's the part that's already working really well ๐
However, the idea of just writing a stand-alone application with Ollama-compatible endpoints, but not actually putting an LLM behind it is genius, I had not thought about that. That could really simplify stuff if I decide to write a custom intent handler. So, yeah, thanks for the link!!
Thanks for your input! The problem with the LLM approach for me is mostly that I have so many entities, HASS exposing them all (or even the subset of those I really, really want) is already big enough to slow everything to a crawl, and to get bad results from all models I've tried. I'll give the model you mentioned another shot though.
However, I really don't want to use an LLM for this. It seems brittle and like overkill at the same time. As you said, intent classification is a wee bit older than LLMs.
Unfortunately, the sentence template matching approach alone isn't sufficient, because quite frequently, the STT is imperfect. With HomeAssistant, currently the intent "turn off all lights" is, for example, not understood if STT produces "turn off all light". And sure, you can extend the template for that. But what about
- turn of all lights
- turn off wall lights
- turnip off all lights
- off all lights
- off all fights
- ...
A human would go "huh? oh, sure, I'll turn off all lights". An LLM might as well. But a fuzzy matching / closest Levensthein distance approach should be more than sufficient for this, too.
Basically, I generally like the sentence template approach used by HASS, but it just needs that little bit of additional robustness against imperfections.
Yeah but why would I make myself dependent on Cloudflare.
To be fair, you can simply selfhost MinIO.
Lmao I kept thinking you forgot to put quotes and was waiting for the inevitable "...this is what too many idiots think, even though it is obvious bullshit", and yet it just...never came. Amazing. This might be the single most stupid comment I've ever read, and I've been on the internet for a while.
TBH, it sounds like you have nothing to worry about then! Open ports aren't really an issue in-and-on itself, they are problematic because the software listening on them might be vulnerable, and the (standard-) ports can provide knowledge about the nature pf the application, making it easier to target specific software with an exploit.
Since a bot has no way of finding out what services you are running, they could only attack caddy - which I'd put down as a negligible danger.
My ISP blocks incoming data to common ports unless you get a business account.
Oof, sorry, that sucks. I think you could still go the route I described though: For your domain example.com and example service myservice, listen on port :12345 and drop everything that isn't requesting myservice.example.com:12345. Then forward the matching requests to your service's actual port, e.g. 23456, which is closed to the internet.
Edit: and just to clarify, for service otherservice, you do not need to open a second port; stick with the one, but in addition to myservice.example.com:12345, also accept requests for otherservice.example.com:12345, but proxy that to the (again, closed-to-the-internet) port :34567.
The advantage here is that bots cannot guess from your ports what software you are running, and since caddy (or any of the mature reverse proxies) can be expected to be reasonably secure, I would not worry about bots being able to exploit the reverse proxy's port. Bots also no longer have a direct line of communication to your services. In short, the routine of "let's scan ports; ah, port x is open indicating use of service y; try automated exploit z" gets prevented.
I am scratching my head here: why open up ports at all? It it just to avoid having to pay for a domain? The usual way to go about this is to only proxy 443 traffic to the intended host/vm/port based on the (sub) domain, and just drop everything else, including requests on 443 that do not match your subdomains.
Granted, there are some services actually requiring open ports, but the majority don't (and you mention a webserver, where we're definitely back to: why open anything beyond 443?).
Yeah those are good points. Also noticed the CDN thing, it's a bit annoying for a privacy-first project... But should be an easy fix ๐
Stirling's backend is Java. So, yeah, heavy and slow sounds about right.