search

h2oai / h2ogpt

Private chat with local GPT with document, images, video, etc. 100% private, Apache 2.0. Supports oLLaMa, Mixtral, llama.cpp, and more. Demo: https://gpt.h2o.ai/ https://gpt-docs.h2o.ai/
http://h2o.ai
Apache License 2.0
11.24k stars 1.23k forks source link

What does H20GPT talk to? #1472

Closed llmwesee closed 6 months ago

llmwesee commented 6 months ago

Describe the bug While attempting to run a H20GPT app, I observed that the H2OGPT makes requests to a random server IP on initial Internet connection, posing a potential vulnerability and security threat to the application. The server IP observed is something like 13.x.x.x.

This pull request addresses the security vulnerability observed while running a h2ogpt app. I need to close that external request/connection permanently.Please provide Solution urgently ! :') Eg. 13.229.31.209:443 in foreign ip in netstat command command:

python generate.py --base_model=meta-llama/Llama-2-13b-chat-hf --score_model=None --langchain_mode='UserData' --user_path=user_path --use_auth_token=True --max_seq_len=4096 --max_max_new_tokens=2048  --prompt_type=llama2
pseudotensor commented 6 months ago

Please review the offline documentation. Gradio obtains fonts and other things from the internet unless you set off line mode.

https://github.com/h2oai/h2ogpt/blob/cf9d755fd30cc4dba849fb11150f95219f05b4a2/docs/README_offline.md

i.e.

HF_DATASETS_OFFLINE=1 TRANSFORMERS_OFFLINE=1

ensures nothing from HF is obtained like models etc.

--gradio_offline_level=2

prevents all fonts from online

--share=False

prevents any sharable link

sp=`python -c 'import site; print(site.getsitepackages()[0])'`
sed -i 's/posthog\.capture/return\n            posthog.capture/' $sp/chromadb/telemetry/posthog.py

tries to disable posthog telemetry from chroma

--enable-heap-analytics=False

disables h2oGPT telemetry.