This is a log of experiences and experimentation in moving from more traditional home computing –ATX cases, components, water cooling, and continual upgrades– to something a bit more modular in terms or GPU computing power. This guide probably isn’t for most people. It’s a collection of notes I took during the process, strung together in case they might help someone also looking to pack multiple power-use-cases into as small a format as possible.

[Note:] A later evolution should involve a similar down-sizing of a home storage appliance.

Objectives

An external GPU requires more setup, and -let’s face it- fiddling than getting a gaming laptop or a full PC case that can handle multi-PCIe slot GPUs. So why do it? A couple objectives had been bouncing around in my head that led me to this: – I need a system that can run compute-intensive and GPU-intensive tasks for long periods of time, e.g. machine learning, and training large language models – I need a light laptop for travel (i.e. I don’t want to carry around a 5+lb./2.5 kilo gaming laptop) – I want to be able to play recent games, but don’t need to be on the cutting edge of gaming – I want to reduce the overall space footprint for my computing devices.

In summary, I want my systems to be able to handle the more intensive tasks I plan to throw at them: Windows laptop for gaming and also travel, the stay–at-home system can perform long-running tasks such as AI model training, password cracking, and daily cron jobs.

Things I don’t care about: – being able to play games while traveling – document data diverging due to on multiple systems: I use a personal #NextCloud instance to keep my documents in sync.

Current State

I have a number of personal computing devices in my home lab for testing things and running different tasks, but they’re all aging a bit, so it is time to upgrade: – my Razer Blade 13 laptop is from 2016 – my main tower/gaming PC is from 2015 with an Nvidia GTX 1060 – an i5 NUC from 2020 (unused) – an i3 NUC from 2013 (unused) – A 6TB NAS with 4 aging 2TB drives from 2014 – Raspberry Pis and some other non-relevant computing devices

Configurations

With the objectives in mind, and realizing that my workload system would almost certainly run Linux, the two configurations for experimentation were: – Intel NUC with an eGPU – Lightweight laptopi (e.g. Dell XPS 13) with an eGPU

[Note:] The computing systems must support at least Thunderbolt3, though version 4 would be best for future-proofing.

Image: Original GTX 1060 GPU slotted in the Razer Core X Chroma enclosure

Background Research

Before starting on this endeavor, I did a lot of research to see how likely I’d be able to succeed. The two best sources I found was the eGPU.io site with many reviews and descriptions of how well specific configurations worked (or didn’t). They also have nice “best laptop for eGPU” and Best eGPU Enclosures matrices.

Nvidia drivers and Ubuntu

Installing Nvidia drivers under #Ubuntu is pretty straightforward these days, with a one-click install option built-in to the operating system itself. The user can choose between versions, and my research showed that most applications required either version 525 or 530. I installed 530.

Nvidia and Ubuntu reference links

• Nvidia drivers on ubuntu (for gaming)
• how to install drivers on Ubuntu 20.04
• Install NVIDIA Driver & Switch Between Intel and NVIDIA in Ubuntu 22.04
• Nvidia driver download page

eGPU information

The best two sources I found for information on configuring and using eGPUs were: – r/eGPU on reddit – their “so you’re thinking about an eGPU” guide – egpu.io

Proof-of-concept

Having read a fair amount about the flakiness of certain #eGPU setups, I approached this project with a bit of caution. My older tower had a respectable, if aging, GTX 1060 6GB in it. Since I already had a recent Core i5 Intel NUC running Ubuntu and some test machine learning applications, so all I needed to fully test this was the enclosure. Researching the various enclosure options, I chose this one because: – the Razer Core X series appears to have some of the best out-of-the-box compatibility – I’ve been impressed with my aging Razer laptop, so I know they build quality components – The Chroma version has what is basically an USB hub in the back with 4 USB 3.x ports and an ethernet jack added to the plain Core X version My thinking was that this system could not only provide GPU, but also act as an easy dock-hub for my primary computers. This didn’t work out quite as I planned (more in the next post).

The included thunderbolt cable is connected from the NUC to the eGPU. Theoretically, the standard peripherals (keyboard, mouse, etc.) should be connected to the eGPU hub and everything will “just work”. However, in my testing, things worked best with the peripheral hub I use plugged into the NUC and only the #Thunderbolt cable plugged into the enclosure. In the spirit of IT troubleshooters everywhere: start by making the least amount of change and iterate from there.

Image: Just the enclosure with a NUC on top.

Experience

The NUC was on Ubuntu 20.04. The drivers installed just fine, but the system just wouldn’t see the GPU. Doing some research, it looked like people were having better results with more recent versions of Ubuntu, so I did a quick sudo apt dist-upgrade and upgraded the system to 22.XX. The GPU worked! However, the advice I’d been given was to upgrade to 23.04, so I did that and still the system worked fine.

“Yes, hello everyone,” I say, surveying the crowd. Heights, weights, skin color, genders, clothing, constantly shift among the attendees. Here was a fat clown in face paint, now a slender woman dressed like an attorney, now a boy in Bermuda shorts. Meetings in the Dreamlands were so complicated. I clap a few times. “Look at me, please.” I say. “Object dissonance, context hopping, and perspective shifts are a real danger if you don't pay attention.” Heads swivel, bodies stabilize, but faces are still indistinct. They're barely paying attention, but it'll have to do. “Welcome to Advanced Dreamer Orientation, where you will learn how to Assert your Will against the Chaos of the Unconscious Mind.” That's the tagline, anyway. “You are all here because you felt the pull to be here. “Whether you know it or not, you are ready for the next phase of your Dreaming.” I smile even though I'm not sure they can see it. “Take a brief moment to look at your surroundings, but not too long.” I give them maybe a second. “Okay, back to me. “What you need to understand is that each of you is seeing something different. “Similar, probably, but different. “That's the nature of this place. “Also,” I pause, smiling again, “you can hear me but I cannot, in all likelihood hear you.” “We'll be able to converse when you've learned to better manifest persistence in the Dreamlands.” I sweep my hands around. “What I see is a very nice conference area in a hotel lobby.” It's not a lie. There's even refreshments. I start walking. “It's open in the back and leads to a small lake with a wooden dock that lets you go out over the water.” I'm outside now, blue sky above, I can smell the musk of mud and water, the pollen of exotic plants. “Obviously, a lake inside a hotel is impossible. “The sizes don't work, but this is the Dreamlands so it's no problem.” I'm trying to see the next trigger or clue. “Does anyone know what the dream wants us to do?” An eight foot tall man in a red suit waves his hand. “Remember, I cannot hear you, but you can point.” He points to the edge of the wooden dock, under an overhanging tree. I follow his gaze and see a bear lying on its back in the water. I close my eyes for a moment, vibing, sensing. I see The Three Stooges in my mind for some reason. “Okay,” I say out loud. “Slapstick.” I nod. “For those who cannot see it, there is a bear lying down in the lake just out of sight at the end of the dock.” “I imagine we are supposed to upset it somehow and get it chasing us. “Nobody would get hurt for real, but there would be falling and running into things and general tomfoolery. “This was to be a silly dream.” I see people nodding and a few straining to see the bear. “What I am here to show you is the key to everything: You do not have to follow the narrative.” I pause again before adding, “That's right. You can choose to do something else.” “Now, the Dreamlands might push back, but you can hold your ground and push harder.” I shake my fists. “You are the Dreamer. “Never forget that.” I sneak up on the bear and see a boat motor attached to the side of the dock, sitting in the water. “I think we were supposed to not see the bear, start the motor, and startle the bear so it's starts running,” I tell everyone. “I'm going to do something else.” I kneel down on the edge of the dock. “Hey, bear?” It doesn't move. I can see its eyes are closed. “Bear? You awake?” I ask. I reach down and nudge him with my hand. “What the—dang!” the bear says. “Why did you wake me up?” it asks. I look over my shoulder at the rest of the Dreamers. “That's right everybody. “You can talk to bears.” “Well, yeah,” the bear says. “Why wouldn't you be able to talk to me?” I turn back to the bear. “In the real world, animals do not speak the same language as the Dreamers. So we can talk, but they won't understand.” The bear rolls over and sits up in the water, “That must be inconvenient.” I shrug, “It doesn't come up as often as you'd think.” I continue, “Hey, bear. I think we were supposed to startle you and you would chase us around.” The bear scrunches its face, “Why would I chase you?” “Well, what would you do,” I ask. “Like I did just now, sit up and ask you what's going on.” I point to the motor. “I think we were supposed to start that up and startle you.” “Wait,” he said, looking over my shoulder, pointing a massive claw. “What's that?” I turn my head and see a tremendous beehive, hidden under the awning of building we just left. It may not have been there before. “Bees,” I say out loud, shaking my head. “Oh dang,” he said. “That propeller is right next to where I was sleeping. That's dangerous!” “Sorry,” I say. “We weren't supposed to notice you. “Well, you should really check the water before you start a motor like that,” he says. “I know,” I offer. “What would you have done?” “I don't know, probably run up on the shore and try to get away, but since the hotel is on this side, I'd be kind of stuck running circles. I assume the bees would swarm everybody and none of us would rightly understand what was happening.” “There it is!” I exclaim. “Misunderstanding. He wouldn't even be chasing us.” The bear grunts, “I'd probably get shot by someone though, so that'd suck for me.” “That is the world we live in,” I say. “We'll leave you to your nap.” The bear waves its huge claw and lies back down in the water. I walk down the dock until I'm back on solid ground. I motion for everyone to head back inside. One of our Dreamers has turned themself into a garbage can. I see her face reflected in the metal on the side, anxious, afraid. She didn't do it on purpose. I don't have time to deal with that right now. The garbage can slides closer to me. I can feel it. “No,” I think to myself. “I am the Dreamer and I am not handling this.” It fades from view. The front doors burst open and a grizzled, buff Christmas elf walks in. It's like Dwayne “The Rock” Johnson in an SNL skit. “Come with me,” he says, gritting his teeth. “The Koala Uprising has begun,” he adds with grim certainty that we will both understand what this is and care enough to act. I address the group, “When you try to push, as I said, sometimes, the Dreamlands push back.” I can see through the glass doors that we are on a hill overlooking a snowy village of gingerbread houses. Explosions rock some of them, sending edible debris into the sky. I say to the group, “See? Trying to reassert control.” I turn to the elf. “No, thank you,” I say and walk past him. I motion for the group to come along. “They play on your emotions, your guilt or honor, maybe curiosity or shame or fear. “But, remember,” I hold up my finger, “it is your Dream, not theirs.” Outside, the battle is clearly raging up toward our cozy hotel. “When this happens,” I say, “I recommend flying away.” I push myself into the air with my toes until I'm about 6 or 7 feet off of the ground, just tall enough to clear the fence. I lean into the air and rocket forward a couple of blocks in a blink. Still levitating, I look back and see one woman jump up and stay in the air only a moment before falling. She tries again and stays up and in place. I see another fly too low and trip over the fence spinning themself over and over in the air. Others are confused and have no idea how to get off the ground at all. I throw up my hands, shaking my head. How can they not know how to fly? That's like Dreaming 101. Not my problem. I yell so they can hear, “The trick is to go so far, so fast that the Dreamlands cannot keep up.” “You'll either hit the edge and wake up, or your find yourself in a different scenario.” Away from them. I push against the air, leaning into it. The landscape slips by like a fast-forwarding slideshow. Something hits me hard in the shins. I stop. I was flying standing up instead of lying down. Common error for me in dreams. I look around and see a battle between super heroes and villains. I recognize them. Sinestro, Batman, Bizarro, Aquaman. The outfits are old-school cartoons. “Aren't you from Superfriends? The Legion of Doom?” Sinestro looks up at me, purple skin a uniform color. “Another one, eh?” I roll my eyes. “No, thank you,” I say. I push against the air again, this time, straight up. I'm rushing above power lines, above trees, through clouds. I know I'm risking hitting a bird or a plane, maybe even an invisible one. I can see stars, I look toward the moon. I keep pushing. “Huh?” I'm awake. The Dreamlands never let me fly to the moon.

---

#WhenIDream #Dreams #Dreaming #Dreamlands #Writer #Writing #Writers #AmWriting #WritingCommunity #FlashFiction #Fiction #Paranormal

---

This work is licensed under the Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-nd/2.5/ or send a letter to Creative Commons,543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

Wow! This is nice!

(0002 – P)

Well, this quest started due to my weird obsession with hidden messages. Yes, I do use invisible ink, and I also use coded messages in my notes. I also accidentally code my messages, though. I sometimes write like I read, dropping words and letting context clues fill the blanks.

While I love the idea of encryption, I also love the idea of hiding in plain sight. Similar to number stations. We all know their radio bands, but what they are sending.. is still being determined. My current drive to create something is from the idea of number stations, and I am making something hidden but also open to the public. It's a fantastic idea in my mind, and this is akin to an art project.

So where am I now with this? Well, I'm creating words per se, and I'm basing it on Chinese or Japanese in the way the symbols can both be read and mean something. Well, about that being “read,” my goal is not being able to be read. A, their arere's no sounds. But how can it be read then? While I am no music major, I considered attributing words to notes or chords in sequence. This way, an innocuous music or song in a YouTube video can be a secret message to worship Satan and make blood sacrifices suddenly.

But, for now, this is more of a shower thought as I need to play with a test run of these. Which I already am in secret. As it's still a dumb idea.

I'm not fully sure on the direction of this blog but supposed a few things I might try would be longer format posts. With specific topics such as: tech or just my personal life. I might even cross link stuff to the other “blog” I got which is a WordPress as it's free there too. Also it gives me some leeway to post stuff that can be frowned upon elsewhere.

Also a major thing to note. Unless it's an important post, there won't be a spell check. I will go over them a later date but a spell check won't be used unless it's an important one.

For my posts I'll probs have a selected nunbering order and tags.

The tags are...

G which is for General topics P which is for Personal topics T which is for Tech topics D which is for Doodles G which is for Gaming A which is for Investigation topics Y which is for Spooky topics N which is for NSFW topics K which is for (short)Stories F which is for Old posts

G

Well it's like these. Something that lacks a real topic.

P

Something related to my personal life. Yes I know bad idea for opsec.

T

Tech topics which be anything from me reviewing something or me posting stupid code. Also tryhackme and hack the box stuff are included

D

These are doodles or drawings.

G

Well surprise surprise I'm a gamer. So you might see some clips.

A

Investigation topics are going to be light. Solely because these stuff will normally take time but these are light skimming.

Y

While I ain't schizo I do see shit on occasion so I thought of posting them here. These are converted from my journals though.

N

I doubt I'll post a nsfw topic. But it might be short story that is nsfw.

K

These will rarely be new but often just retyped up short stories I did from highschool or younger.

F

These are just old posts from elsewhere.

How the tags?

The system just might be the 2nd line will have the (number) – (tag) so for example (0687 – YNDF)

(0001 – G)

just checking out the possibilities here. also got a mastodon account on the same server.

seems promising.

guess we'll see!

It just about two weeks before RSA Conference 2023, and the hype train accelerates even beyond its usual fever pitch. Learn what the latest threats are you should definitely buy a new tool for. Find out what version of Zero Trust we're at and what generation the latest NextGen Firewall. See which cybersecurity startup has the biggest booth.

Blockchain! Zero Trust! Ransomware! Software Supply Chain! DSPM! ChatGPT!

Is XDR still hip? In cloud security, nobody even wants to say “CSPM” anymore, and CNAPP's oxygen is increasingly stolen by DSPM, the newest kid on the block. It could have been CIEM, but that is such a poorly named category that it didn't make it. CIEM probably is an IAM subcategory anyway, but that sounds so old-fashioned, boring and unsexy.

But none of that matters, anyway, because since ChatGPT was released, the entire cybersecurity industry has an opinion on the dangers and risks, as well as possible benefits of Large Language Models.

“ChatGPT-enabled” will be all over the show floor.

It's the Basics, Stupid!

Reports by the vendors of our shiny tools, such as this recent one by Qualys, show that we may have shiny tools, but they just record poor security postures. Visibility is better than having nothing at all, but deployment of tooling is just the beginning. Next comes the engineering of contextualizing alerts and findings, enrichment with metadata, and the ability to attribute them to the right team in the organization that can do something about them. Then comes the reporting, SLA tracking and organizational accountability, the developer and workforce enablement and security awareness, and compliance processes.

Everybody wants to evaluate tools, run PoCs, define security architecture, requirements and policies for others to follow. But we shy away from doing the hard work of making our environments more secure. That, we say, is someone else's problem. If only the developers and ops people would just do what we say...

It is still about the “basics” – the unsexy, really hard things you need to do:

• Asset Inventory Management
• IAM and Access Control
• Network Controls
• Encryption in-transit and at-rest
• Keys and Secrets Management
• Logging and Monitoring
• Compliance and Vulnerability Management

Zero Trust requires that you do all these things to be effective. The same is true for ransomware or data extortion attacks. We debate esoteric, academic risks and conceptual frameworks instead of how to practically run effective security programs. We talk about post-quantum cryptography when NIST hasn't established standards yet, and we still can't get our organizations to rotate keys periodically.

The Real Innovation is in Sec(Dev)Ops

I have been in Silicon Valley over 20 years. When all the hype was about the gig economy, social media and the startups in the city, the real innovation took place in the Valley (and Seattle/Bellevue, to be fair) – where big tech companies were figuring out how to run large data center and cloud services.

I have the feeling we're going through the same thing in cybersecurity at the moment. The industry is off doing their own thing that gets a lot of attention and is unquestionably overfunded, while SecOps teams within organizations are adopting cloud-native and DevOps practices to innovate and engineer new processes to drive effective security outcomes. Often based on open source solutions.

That is not sustainable. Budgets are flat or tightening. And the industry can't reprice itself because it is too leveraged.

Have a fun RSA, everyone. It may be the last exuberant one before the crash.

no, really, is it?

What is this? Test?

I wanted to share some notes on how my job search went this year. I was looking for a security engineering role here in Stuttgart, Germany, or remtely, ideally for a company with an established security team or culture, where I could learn from established processes and mentors.

Tools I used:

• LinkedIn Jobs
• Infosec Jobs
• I posted a thread on Infosec Dot Exchange about my job search

Applying for jobs

On LinkedIn Finding jobs to apply to was not as easy as I had expected. LinkedIn Job's search query is pretty bad. Searching for “security engineer” returned many unrelated roles. By the end of my 2nd week of applying, my search input was “security engineer -fullstack -backend -cloud -junior -software -informationssicherheit”. That last word may be surprising since it means Information Security in German.

I don't speak German well, and that closed 75% of job postings for my local area. This and the fact that I don't have a degree in a technical domain are probably the reason I got rejection emails in less than 24 hours from a certain number of consulting companies.

The jobs I could apply for were mostly with start-ups that were remote-friendly, were looking to start a security program and were looking for their first hire. That was not really what I was looking for, but I could not afford to be picky.

I applied to every job where I matched 50% of the requirements layed out in the job description. This is a tip I got from the Women in CyberSecurity (WiCyS) mentorship program. Research has shown that women tend to apply for jobs only when they match 80% to 100% of the criteria, but men tend to apply a lot more freely, where they match ~50% or more. So I decided to be bold and that paid off.

Cover Letters and Resume For cover letters, I usually copied the job description into a new word doc and used the wording of the job description to describe the work I have done and how my experiences fit with the job opening. I did not do this for all the jobs I applied to, but it was very helpful. There is nothing more daunting than starting with a blank page.

I've met someone recently who has attended CactusCon this January. One of the talks there was about using this technique too, but for creating job-specific resumes rather than cover letters. That seems like a lot of work, but I'm sure that's a good way to write a solid resume. Here is the resume I used for all my job applications.

Stats

• Applied to 34 Jobs over the course of 3 weeks
• 12 automated rejection emails
• 9 companies wanted to interview
• 2 I declined before talking to anyone
• 7 interview processes
• 2 Offers
• 5 interview processes I stopped because I already got good offers from companies I liked better

The Interview Process

For the companies that did find my resume interesting and started the interview process with me, none rejected me throughout the different rounds. The type of interviews I had were a little different everywhere. Some companies had technical rounds, with sample penetration testing exercises, but most where simply chats through my experience and discussion scenarios, strategies and tools. Nothing too challenging. The key for me was to remember that: – How I do on this interview does not define me. – Whether the people I talk to like me or not is not a reflection of who I am as a person. – It's okay if I am not a match for what they are looking for. It's okay if they are not a match for what I'm looking for. – Be honest and transparent. Be open about what I don't know. – If I fail this interview, I will learn something and be better prepared for the next one.

I usually took a few minutes before the interviews to scribble some version of that at the very top of my notepad, to let it sync in and be a reminder during the interview. This helped me go into all interviews quite relaxed.

Negociations and accepting an offer

I wrapped up the first two interview processes within 3 weeks of first applying. Both were with large, stable companies, with established security teams, and the jobs were fully remote. Both also happen to have women team leads. They were exactly what I was looking for, so I started turning down some of the other companies (all start ups with no security team) I was in process with. I sent everyone polite messages letting them know I was moving forward with another company, and added the hiring managers on LinkedIn to build my network and keep in touch.

Every single company I talked to either asked about salary expectations when submitting a resume or in the very first interview with the recruiter. I am glad that was handled early so that there were no surprises when the offers did come through.

I used offer A to negociate offer B. A had a higher total comp. Company B matched it. Then I went to company A, told them I had another offer with a higher montlhy gross salary. So they (almost) matched it. In the end, the offer I accepted was almost 15% higher than where it started.

Negociating was very uncomfortable but it was worth it.

A few other notes

Networking In December, I attended BlackHat Europe in London, with the main goal of networking in preparation for my job search. I made some connections, but none that led to opportunities this time around. I also attended OWASP's Global AppSec Conference in Dublin in mid-February. I met a lot more interesting people there, but by that time, I had already accepted a job offer, so I got to fully enjoy the conference. None of these trips were wasted efforts, since I get to build and strenghen those connections now. I hope to meet some of the same people at future conferences, and to be able to help them find their next job too.

On job searching in Stuttgart I have a friend here in Stuttgart who also works in the cyber security industry. He has about 2 years of experience in cyber but in a non-technical area. He is also German and has a masters degree in physics. He told us he got a job offer after a single one hour phone interview with a major consulting firm. Like I mentioned earlier, I was turned down very fast by similar companies, despite having more experience than him, but I attribute that to the language and degree requirements a lot of those companies have here. This is Europe and this part of Germany can be considered especially conservative and slow to change.

All that to say the job market is very hot.