I don’t think that that’s a counter to the specific attack described in the article:

The malicious packages have names that are similar to legitimate ones for the Puppeteer and Bignum.js code libraries and for various libraries for working with cryptocurrency.

That’d be a counter if you have some known-good version of a package and are worried about updates containing malicious software.

But in the described attack, they’re not trying to push malicious software into legitimate packages. They’re hoping that a dev will accidentally use the wrong package (which presumably is malicious from the get-go).

I mean, this kind of stuff was going to happen.

The more-important and more-widely-used open source software is, the more appealing supply-chain attacks against it are.

The world where it doesn’t happen is one where open source doesn’t become successful.

I expect that we’ll find ways to mitigate stuff like this. Run a lot more software in isolation, have automated checking stuff, make more use of developer reputation, have automated code analysis, have better ways to monitor system changes, have some kind of “trust metric” on packages.

Go back to the 1990s, and most everything I sent online was unencrypted. In 2024, most traffic I send is encrypted. I imagine that changes can be made here too.

Not really a language-specific problem. Like, there are numerous languages that have distribution mechanisms for libraries that might potentially be malicious.

Only way I can think that the language might be a factor would be if a language were designed to only run in a restricted mode.

Well, someone’s gotta pay for all the bandwidth somehow.

considers

Honestly, maybe that’d be a way for instances to provide some kind of “premium” service. Like, provide larger upload limits for people who donate. I assume that the instance admins don’t have any ideological objections to larger images, just don’t want to personally pay out-of-pocket for huge bandwidth and storage bills.

goes looking

I believe that this is the backend used by Lemmy, pict-rs:

https://github.com/distruss/pictrs

https://join-lemmy.org/docs/administration/from_scratch.html

Lemmy supports image hosting using pict-rs. We need to install a couple of dependencies for this.

It looks like it only has one global size setting, so probably can’t do that today.

Could also host one’s images on an off-site image hosting thing, but then you don’t benefit from integration with the uploading UI. I guess another option would be for Lemmy to provide some sort of integration with an off-site image-hosting service, so that a user could optionally use all the Lemmy features seamlessly, but just have your client or browser make use of your off-site account.

Also, I tried to upload pictures but kept getting an error.

If lemm.ee supports image uploads – which they don’t have to – they may have size restrictions; my understanding is that the size restriction can be customized on a per-instance basis.

EDIT: They say in their sidebar:

https://lemm.ee/

• Image uploads are enabled 4 weeks after account creation
• Image upload limit is 500kb per image

Your account was created in 2023, so it’s not the 4 week limit, but you’re probably exceeding their (relatively low, as Lemmy instances go) image size limit.

Be kind of interesting to expose that data and let lemmy.fediverse.observer display limits per-instance.

EDIT2: I think that the largest image I’ve uploaded on lemmy.today is this high-resolution scan, which is 8 MB.

Sequinned-dress singer inspired by Magnolia in Fallout 4 and Jennifer Connelly in Dark City.

No problem. I don’t mind trying to help if you get stuck – ComfyUI is more complicated to get going with than Automatic1111, especially if you’re not familiar with how the generation works internally, as ComfyUI kind of exposes you to the inner workings more – but I just don’t want to try rewriting the zillion YouTube and webpages that cover the “here is how to get ComfyUI installed” process out there. I don’t even know what OS you’re using, and some of that setup is OS-specific.

So, I’m not going to write up a “this is how to install and start ComfyUI and view it in a Web browser” tutorial – like, lots of people have done that a number of times over online, and better than I could, and it’d just be duplicating effort, probably badly. You’ll want to look at them to get ComfyUI up and running, if you have not yet.

My understanding is that if you install ComfyUI and load a workflow – which I’ve provided – and you’re missing any nodes or models used in that workflow, ComfyUI will tell you. That’s why I attach the workflow JSON file, so that people can use that to reproduce the environment (and should be able to reproduce this image exactly).

The workflow is compressed with xz and then converted to text for posting here, since the Threadiverse doesn’t do file attachments on posts, with Base64. On a Linux system, you can reconstitute the workflow file by pasting the text in the spoiler section into a file (say, “workflow.json.xz.base64”) and running:

$ base64 -d <workflow.json.xz.base64 | xz -d > workflow.json

There’s an extension that I use that makes it convenient to download nodes in ComfyUI: ComfyUI Manager

https://github.com/ltdrdata/ComfyUI-Manager

It works kind of like Automatic1111’s built-in extension downloader, if you’ve used that.

I think – from memory, as I’m on my phone at the moment – that I’m only using one node that doesn’t come with the base package, SD Ultimate Upscaler, which is a port from Automatic1111 to ComfyUI of an upscaler that breaks the image up into tiles and upscales it using an upscaling model; it lets me render the image at 1260x720 and then just upscale it to the resolution in which it was posted. If you install ComfyUI Manager, you can use that to download and install SD Ultimate Upscaler and whatever else you might want in terms of nodes. Also provides an option to one-click update them when they get new releases.

I don’t think that it can automatically download models, though it’ll prompt you if you don’t have them. I believe – again going from memory – that there are two models used here, the NewReality model derived from Flux, and the SwinIR 4x – I probably should have used the 2x model as I’m scaling by a factor of 2, changed that in my most recent submitted images – upscaler model.

You can google for either of them using their name, but NewReality is on civitai.com, which you’ll need an account on:

https://civitai.com/models/161068/stoiqo-newreality-flux-sd35-sdxl-sd15

There are several versions of the NewReality model, based on various base models. You want to click on the right version, the one based on Flux 1D.Alpha; the default when you go to the page has the SD3.5Alpha version checked. Then click “Download”.

That gets dropped into the models/checkpoint directory in the ComfyUI installation.

…I don’t remember exactly where I got my copy of the SwinIR upscaler model, think it was from HuggingFace:

https://huggingface.co/mirroring/civitai_mirror/blob/ee44205453f9a8f125b0acf496e2ed13ad074498/models/SwinIR/SwinIR_4x.pth

This is the homepage of the SwinIR upscaler, should also work, though looks like they use different filenames:

https://github.com/JingyunLiang/SwinIR/releases

The SwinIR_4x upscaler gets dropped into the models/upscaler directory in the ComfyUI installation.

You need to restart ComfyUI after adding new models for it to detect them.

If you haven’t used a Flux-based model before, it can be slow, as a warning, compared to SD models that I’ve used.

If you’ve never done any local image generation before at all, then you’re going to need a GPU with a fair bit of VRAM – I don’t know what the minimum requirements are to run this model, might say on the NewReality model page Civitai site. I use a 24GB card, but I know that it’s got some headroom, because I’ve generated at higher resolution than I am here. Hypothetically, I think one can run ComfyUI on a CPU alone, but it’d be unusably slow.

I don’t know where this sort of “silhouette of a line of children” image originated, but I’ve seen many such created via traditional means.

https://www.google.com/search?q=silhouette+children+field&sclient=img&udm=2

Might be that art schools assign it as a standard assignment. Maybe it’s just useful clip art or something.

But I thought that it’d be fun to give it an [email protected] take.

One other visual element that people find scary: glowing eyes.

I’m guessing that this is because it’s a characteristic of nocturnal predators.

https://en.wikipedia.org/wiki/Tapetum_lucidum

The tapetum lucidum (Latin for ‘bright tapestry, coverlet’; /təˈpiːtəm ˈluːsɪdəm/ tə-PEE-təm LOO-sih-dəm; pl.: tapeta lucida)[1] is a layer of tissue in the eye of many vertebrates and some other animals. Lying immediately behind the retina, it is a retroreflector. It reflects visible light back through the retina, increasing the light available to the photoreceptors (although slightly blurring the image).

The tapetum lucidum contributes to the superior night vision of some animals. Many of these animals are nocturnal, especially carnivores, while others are deep-sea animals. Similar adaptations occur in some species of spiders.[2] Haplorhine primates, including humans, are diurnal and lack a tapetum lucidum.

UI: ComfyUI

Model: STOIQNewrealityFLUXSD_F1DAlpha

The image is a vector illustration.

The image is very high contrast. The image contains only pure black and pure white.

The image contains hard light, directional light, backlighting, silhouetting, and negative space. The image contains no fill light.

The image is at night.

There is a nude woman standing in an open doorframe looking at the viewer. The woman is barefoot. The woman is a pure black silhouette. The woman’s eyes are illuminated in white.

/Td6WFoAAATm1rRGBMDXDclbIQEWAAAAAAAAADWezaHgLcgGz10APYKAFxwti8poPaQKsgzf7gNj
HOV2cM7dN97GoIvoTF/iSMYEQoJZBJzI3UDxBXrl3MvcMb5e6h3lATBYjawf1klb5xXG0y783VSu
rsL7JTqCcpc7ml6EBcQysA/lczXi4/z4NEU2MzJ6gMxLs5qhHCWRzV2fkgD1H3KHbl2of4CNliwR
JNef6hoZP4HFMLybTP66HNwa0oszmGtepDwWHXSrlYVAso8imkQU11LM4qXGRXQKKo6EvjyTeYPG
eZvQb4FxhvQIkQHLQWfLOyENpBMbl2mOgW0siOFXT72aS9mBHSeYP8AzU1giF+yk4IQh8W8UCh+k
wncXTpG2M2mdiF0t0fMlAoOmMD0dDDSlpTIhgkEUgqjuFzi7YRnIgI9xJ4RbMQqrVgcEj4C8LWsP
q8Pt9DnxVUmUQXwS04QFJpghbh6a73UsV1kjFiQZ9yo4RhR5ouTehVLXwyXn9E0/MW3nIZGdW6cW
BqD/FwjDedfDigE0VsQAWD9OfH1I4pjkNePpmoHErOG2KQ9vec7Rd5iPWUIgxnBiNdg8Hczv3Ggy
e02Chw1yzKXcTaIVW6tMxm5H62cyRRwy5a0Rn3KVLVQTyaZt2f+GplozjiLe3T1X8E7sKPoVWNsX
cVGRPGouZdNO00VQlpmaKnpf9BXG+ujVGn0WCzsTBZZLqJNfGE5CwOMGqqib2L3pNFfDThiFFYLs
Bfs4RXa44G+ecsWZig3N8by/vlm8WQFqFXytkdrd0gE8MYxhJY9tLYQ7wlUSZl1e249UHfijs1jT
YsZBWDQtD6cUVDfesKtrnvoWh9PWnHG85pBT5MSechav895DCwK93d7kbSb1/JciGOFAKmr3aovm
8LkMp6kx4c1dfOaMbpKVzCVVjCadSxwWwQCTY07CnSirPHcs9tosTbhxKMol83kFKDpvpGVMR3PA
RegYcxz8h9zXFyYFJSu6kkoCytJP1R5TTsiwd41qXBXGNHbMoZqW/6RNGjEKUFUennerbbOHh5qF
BCEeBwq8LG/Whzm8tNXkZmTZoXwrIc/QHTlb30YhOvJMxkHCQcIdlDslguBo7y0PtMgFcw31VBdE
5U1XWCQBRp42X2/3SP1XZ1ZFRQO28wmBKNjtVNGbygg2egVH4++ZtSR66YzkASCCd8lVfPFh6chN
y4HHcI4q8mBwSaSXPTMTI92ry6V72ZJXvsecN03ISiWftX9HmWuJz5HnkzNzrrBbBwX8P8fJoeOu
71L9gz++NgrvjX9scKfHP7FZ6TFrbtor/ynP2NrkpvBlaP8FHpILQgKmmbwP00IsO0bBiKMzV970
XJfgsv6Dd+s8Isjb2VpZrqf/aXmCrZrjsqqZ4+ayN30xMp8XaLageOOizHpfYJmDxJhE7qb31AS1
aV8TMmt++i6Uk/IpBsFrTjJL/NOAKt9N6cdRCHtmGoMqbK5EuEQbA0MP0FRoPiPoGXqvZZ4duGkH
WRKnGBj/Mdjqy7kMCeeHmVzibbahgZOFhkivu3I51xH8xPIh0a6JJ9MNDZi8Mj+1WYVoEgQqyRo0
AkLvJkmewRTARxhQtCWwerjXttTlr1Dmg/SA8dMIj6dRs7C3fnyeXkLS7yGyutO9Z+Y2mJWiq2FZ
se8LQUAD/tnPhcR6wpGdUvRYWXc4n5SK2W5Rpre65VdVwBu8bxNF2tDgsIu1yterr7j+DLazJccn
3yrNCn09hgtbbVSGa0xIq4azhLwYL220NPdPklFiVUPvPVonaKKjgBxAMZZswF/ftnYmp8h574j2
virS2BRTQfeVB14cb+grCE2OeV1k/2BMlX4IjATebO5LpS01pvQkckjmN6xxSZJvv/MgXxpORCLX
x+SuK/BiJ+DawhMFt8QyvgEKiuTKmXw1zv0WmhJErceq9ontQx67y2BNSxcVUIGZU+xuR10vHKCr
8XGSNaOE3Gp34GmqNhAgTvR7GIVM4KLXmWvvSgDecMwLylz443fFxp/FFGrWQpFani2vPiHUrbvg
Ses11u2W8KdrkIg2+gYznKewun6QJBWouGitewsZZQjwFiGHfTRh790gNSVG1DwS0jbCFlhpBOs9
qInyJkpx1gOgNYCfSR5HSJ7NCxD9sLn9qBvNMuBJbT3hVoyea8LzZadtqyplYcqv78JYwtemCXBu
tp/6TJ8OAeScC4FNKLEbBMow7FkyQIj5ljp+YeMsc94p1s1XYzo7XHpoKlKjwBItwA9MQ3wxTyQf
oO+2NIXf5yiPKFD9RIRdGGeYc61rgV1ZKek5k/RymxoGtkCzLZt2gWzkAllUyn+lEL+A922iq76b
DB+E0IL1a7NNOsDA0xJgAABKQtIVuRYZIQAB8w3JWwAABhtvw7HEZ/sCAAAAAARZWg==

I’ve done a few of these sorts of “single image with seasonal transitions spanning the image” before with Stable Diffusion models in Automatic1111 and I think I may have submitted at least one before. In Automatic1111, the way to do this sort of thing is to use the Regional Prompter extension and break the image up into strips; you can then set different prompts for different regions and the degree to which blending should span regions.

As best I can tell from poking around, using a prompt directing a “blended composite” progression in Flux-derived models gets the same effect with a lot less effort. ComfyUI also has ways to combine different prompts for regions in one image via nodes, but if I can do it from the prompt and it gives enough control, that’s preferable from my standpoint; less work.

Kagi has an AI search option which IIRC is on by default – or at least was at one point – where it’ll try to also synthesize an answer and stick it in a box with the results, but you can just turn it off in your preferences. I have it off.

There may be a day when we have AI assistants that are so good that their summaries are better than looking at the original source, but I’d put a high bar on that, and think that we’ve got a way to go.

This is a remake of an image that I submitted about a year ago here, this time higher-resolution, in 16:9 aspect ratio, photographic and done with the Flux-derived Newreality model.

To repeat my comment then:

Some years back, I gathered up all the scary images I could find, and looked for commonalities, tried to figure out what was “frightening” to people. One pretty consistent element was a wide, toothed smile.

While I think that the earlier image is tough competition for this one in terms of visual impact, when I created the earlier image, I was much more lax in terms of what I was willing to accept from the generator – I just wanted it to look scary, and to have a wide, toothed mouth. That is, a lot of getting the image was a dice roll; I had to generate a bunch of images, take the best.

But this time around, I have enough control from the model’s ability to take natural-language description to be able to intentionally try to specifically target something like the original image, which is a stupendous improvement. Was just like an arrow to a very specific image that I wanted, just took a few minutes and iterations. Fantastic.

I hadn’t gotten SD Ultimate Upscaler (using SwinIR_4x) set up with a Flux-based model until this image, so I’d been just putting out images at a quarter this resolution – my monitor is 2560x1440, so this is a fullscreen image for me – until now.

ComfyUI lets you “disable” a node in a workflow – it’s an option available in the right-click context menu when clicking on a node – so if you use the posted workflow, you can just “disable” the upscaler part of the workflow until you actually care about its output, then re-enable it, as it’s time-consuming.

I hopefully now have my general vanilla workflow to use for most images back up and running, which I haven’t really fully since moving off Automatic1111. :-)

Thanks, though only “Cats” was really just put up for the looks; the other three were to show off some functionality to other folks who might be doing local generation themselves, to let them know about functionality that I’d run into that I wanted and give 'em a heads-up as to it being possible (a way to get decent food photography, a way to emulate artist styles again under Flux, and that the ability to generate progressive transformations in Flux exists).

Or for another example:

UI: ComfyUI

Model: STOIQNewrealityFLUXSD_F1DAlpha

An image divided into four sections showing a progression from left to right.

The image shows a full-body image of a girl.

The image is a drawing.

The first section shows a good, innocent character.

Each section moving rightwards shows an increasingly-evil, increasingly-dangerous and increasingly-corrupted character.

/Td6WFoAAATm1rRGBMC9Crw7IQEWAAAAAAAAAAOtaW7gHbsFNV0APYKAFxwti8poPaQKsgzf7gNj
HOV2cLF9DeDmoIvoTF/cVPw0agdxNfru2YvPSKLvRDPlN2F1d8yba+YwJMN/u3et9crpZQe0xf0X
e4TlGW5cYDH+Fmnw78HMia8eHxjr11hvN1CjKJECZj6cxWQr5ky0YKVzeOErkrOUDMifScNF8ar7
0lZixjiV/oEgLa3gDczZdHFJzhbm4xDBx5gI5tJIx8m8EkEDHNaoSmTjv4TSsua4bQicgw6/mTPy
NkufHUtCNV1ywEVaVQHw5oeUatKneTLYzgAlPF3bDx4oG8TMyis8lSQ2elf9IezyP88Yfsmk5bw+
46cSJz2rH2m7hR8gsPEoIB1foZnaUp25ES9dAc60QtWD3o89wmLVDW1sdHDu+FwFfL5mSg15TjPN
EowKss1+cvVmWJQGxEl9Mcy2SZ5/mkns2GnEQaa9fV2bGcs9H4YOoA2YusbSoGDFnFsWqbbjTTXe
8b+iXBG93rklvtPwq0bb3ARsYFvU/ir0eLaPu+EHrENW8BwYwf9VZU/DpvT1dbkaT1Xj0HYo7Yf6
go4T5+8gMD5BLYyXHL/ZMXJc1a2UdXca/xjZsexOWPO93SHnGkfdrWIF3lrISg31htvST2b/Rwpf
BxlZWUoDsirV3KcPqRQNAZqfIEaiqr7tdbklorUVD809JClc7BF4GzePHeus7gir5WvvDFOVuPpr
fJ1pn4U+FFtlml5gm2WpNycSWitGL48CgEx35jF3MFhYSwC3OE6/qMiSCXzQ6M851M8dU6ANsK9g
32uD6AktHnFfJxazyKoRpblc1EX3yk1tvYK6fX3KJHwmvYJombtyyAbhn1HWWVgbRBcBlmiQLOa4
FhP6eU6IewP0p48vbVQizW52fV+dRNm3fsDMf6QLxAwZcKNzmEVrUJvxxggDo5sdATYgO9Osb/FB
aZQQANyN1MUrRZzNFePhRHxTeZmFhCeAjTLcj/3hmjMJy5UFVyX1KiCU/EhBUCDvV/GCHm2p/yXZ
xLE1HoMYS/pesD9BwvB/NbWTzcTagw8ivNYT1rRmCQdzwggGcxZsaNpJihWLAOayPaMnRfzOyPwH
UnVFUupghRDcsHAR9iY+91FzKGy7HMsexigiWEPbjSUyzDiiBoEsImOVlqVAYVTmDfvjf+026deU
zfWPsvIWq33j1/GwFPcqGzMCwXgekP+CzXrYsQjybye0ybhMrSpPlMwTu5Euiq0FIX5c5D+eJiwS
MrXK6muBn+lPl4PbJqb8IgSH8Uimrk0wpEi0pyuGaU/cyTyJTf5AkotLgYQXqTxGIvYaKyQl94qe
w9I86IE/NKfUdiUA5ulv431WgVBdbfzoDyr/dXloeKXsTux5ikJ9682ls3wAEYMwdfKI54Gi9IVL
T1PTIsCXsQQhbM5udaOwNea4MW1C79b7dx/oT8BK2wmiLpBpwaf0fv//0TJv1xHK6jS0tfFagNfF
ttjZyZey8bVgfkY4PGyN4x57chwKiMRg/fWVVkd9R/294uLxa+CMGhCpvfSFyhzUgxz3I/GSI6jF
KjgVuwx+TeVDSaqFZQ55hLl8nbZ0QmvOTvd+KskZeIdULG4bpqPptZl8hGq5u9Nb9XwERs64C9Le
RwvpLL2H+LwxqlD1la7xD0Bafxe6HYnnVTAC9b6rWGmzEvz/IjsJ1jW2/yrML5FQO8ALzkuUo26u
Ahw8SZu17doVEOH5e1FfymfVu8fe8dfYNM4jEIcbEhzyWVyVe++F3ieX5AbC7b3VRZwzci93hjGB
w+n6AAAAAAB57YGyfd1eEwAB2Qq8OwAAyHpOw7HEZ/sCAAAAAARZWg==

Flux is capable of generating progressions between one image and another. I’m not entirely sure how this is internally implemented, though I’d assume that it does something like have some prompt parsing capable of recognizing syntax sufficiently to detect a progression and then do the equivalent of shifting prompt term weights.

I’d seen plugins that can sort of accomplish similar effects in Stable Diffusion, but the fact that Flux – and derived models, like this one – permits for simply taking natural-language directions and doing pretty well on them quite impressed me.

One thing that I like about some Stable Diffusion-derived models is that they have been trained on the works of many artists, can replicate styles.

Flux, while rather more-sophisticated in many ways, including the ability to use natural-language image descriptions, has – probably intentionally – not been. And while I really like Flux’s functionality, I’ve been kind of unhappy about losing that.

However, there are models derived from Flux – as the one used here – that have had that trained back in.

EDIT: Note that this model still can’t do some of the things that I’ve done in the past with Stable Diffusion-derived models trained on a lot of artworks, like these landscape paintings in the style of Casilear, but the fact that it can do something at all is a considerable improvement over the dev version of vanilla Flux. I did read one comment that the stable version of Flux supports artist names, but then you’re stuck using their service to do your generation; the stable model of Flux isn’t distributed.

Need to try one of those AI music generators for theme music.

I’ve found that “delicious” seems to work pretty well with a variety of food photography.