Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Forge Extension by GPT #2

Open
rauldlnx10 opened this issue Aug 17, 2024 · 6 comments
Open

Forge Extension by GPT #2

rauldlnx10 opened this issue Aug 17, 2024 · 6 comments

Comments

@rauldlnx10
Copy link

rauldlnx10 commented Aug 17, 2024
edited
Loading

If you want to add it as Forge Extension...

sd-webui-forge-extract-unet
@lokitsar
Copy link

Worked like a charm and I was also able to see what I was doing wrong originally when I wasn't getting the application to work. Thank you for this!

@wbclark
Copy link

wbclark commented Aug 20, 2024

If you want to release it as a Forge extension, the proper way to do so is to release the source code on GitHub so that people can know what they are getting before they download and extract a .zip file with completely unknown and potentially insecure contents.

Worked like a charm and I was also able to see what I was doing wrong originally when I wasn't getting the application to work. Thank you for this!

The quoted user has very little if any visible activity on this platform, and could quite possibly be a sock-puppet account operated for the purpose of making potential attack vectors like the above .zip file seem seem legit, which is a social engineering tactic that was recently made popular by the famous attack that inserted malicious code into the XZ library.

The fact that interest in diffusion models and other local generative AI tooling has recently attracted a lot of new people to this platform, unfortunately means that it is also attractive for those looking to prey on people who are not following security best practices.

I strongly advise anyone reading this against downloading and extracting these files; instead, wait for a proper release of the extension code from the author, which if they have good intentions they will surely provide in order to avoid the possible perception of doing something nefarious.

Please use your brains, remain vigilant, and think twice before downloading anything of unknown origin and contents, most of all a zip file purporting to be an otherwise unreleased extension for a project that is very popular right now with people who are very new to this technology.

@captainzero93
Copy link
Owner

captainzero93 commented Aug 20, 2024
edited
Loading

If you want to release it as a Forge extension, the proper way to do so is to release the source code on GitHub so that people can know what they are getting before they download and extract a .zip file with completely unknown and potentially insecure contents.

Worked like a charm and I was also able to see what I was doing wrong originally when I wasn't getting the application to work. Thank you for this!

The quoted user has very little if any visible activity on this platform, and could quite possibly be a sock-puppet account operated for the purpose of making potential attack vectors like the above .zip file seem seem legit, which is a social engineering tactic that was recently made popular by the famous attack that inserted malicious code into the XZ library.

The fact that interest in diffusion models and other local generative AI tooling has recently attracted a lot of new people to this platform, unfortunately means that it is also attractive for those looking to prey on people who are not following security best practices.

I strongly advise anyone reading this against downloading and extracting these files; instead, wait for a proper release of the extension code from the author, which if they have good intentions they will surely provide in order to avoid the possible perception of doing something nefarious.

Please use your brains, remain vigilant, and think twice before downloading anything of unknown origin and contents, most of all a zip file purporting to be an otherwise unreleased extension for a project that is very popular right now with people who are very new to this technology.

this is correct , please create a repo rauldlnx10

my licence just asks for attribution , double check it yourself before uploading your rebuilt extension

@rauldlnx10
Copy link
Author

If you want to release it as a Forge extension, the proper way to do so is to release the source code on GitHub so that people can know what they are getting before they download and extract a .zip file with completely unknown and potentially insecure contents.

Worked like a charm and I was also able to see what I was doing wrong originally when I wasn't getting the application to work. Thank you for this!

The quoted user has very little if any visible activity on this platform, and could quite possibly be a sock-puppet account operated for the purpose of making potential attack vectors like the above .zip file seem seem legit, which is a social engineering tactic that was recently made popular by the famous attack that inserted malicious code into the XZ library.

The fact that interest in diffusion models and other local generative AI tooling has recently attracted a lot of new people to this platform, unfortunately means that it is also attractive for those looking to prey on people who are not following security best practices.

I strongly advise anyone reading this against downloading and extracting these files; instead, wait for a proper release of the extension code from the author, which if they have good intentions they will surely provide in order to avoid the possible perception of doing something nefarious.

Please use your brains, remain vigilant, and think twice before downloading anything of unknown origin and contents, most of all a zip file purporting to be an otherwise unreleased extension for a project that is very popular right now with people who are very new to this technology.

I apologize if I caused any concern by uploading the .zip file, I understand some users concerns due to possible attacks. I created the extension with very little programming knowledge and with the help of ChatGPT. I do this out of curiosity and as a hobby. I use github for my little projects.

As captainzero93 suggested I have created a repository. Thanks for everything :)

sd-webui-forge-extract-unet

@rauldlnx10
Copy link
Author

If you want to release it as a Forge extension, the proper way to do so is to release the source code on GitHub so that people can know what they are getting before they download and extract a .zip file with completely unknown and potentially insecure contents.

Worked like a charm and I was also able to see what I was doing wrong originally when I wasn't getting the application to work. Thank you for this!

The quoted user has very little if any visible activity on this platform, and could quite possibly be a sock-puppet account operated for the purpose of making potential attack vectors like the above .zip file seem seem legit, which is a social engineering tactic that was recently made popular by the famous attack that inserted malicious code into the XZ library.
The fact that interest in diffusion models and other local generative AI tooling has recently attracted a lot of new people to this platform, unfortunately means that it is also attractive for those looking to prey on people who are not following security best practices.
I strongly advise anyone reading this against downloading and extracting these files; instead, wait for a proper release of the extension code from the author, which if they have good intentions they will surely provide in order to avoid the possible perception of doing something nefarious.
Please use your brains, remain vigilant, and think twice before downloading anything of unknown origin and contents, most of all a zip file purporting to be an otherwise unreleased extension for a project that is very popular right now with people who are very new to this technology.

this is correct , please create a repo rauldlnx10

my licence just asks for attribution , double check it yourself before uploading your rebuilt extension

Done, :) thanks for the advice

@wbclark
Copy link

wbclark commented Sep 25, 2024

Well done, that's a much better way to distribute it.

Thanks for listening and taking the concern seriously.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@rauldlnx10 @wbclark @lokitsar @captainzero93