Well deserved rule

~~People~~ Developers who ~~download~~ add PyPi packages to their python projects ~~deepseek~~, packages that are intentionally mislabeled, ~~are getting malware~~ get malware frequently because PyPi, NPM, crates.io, and any other software library are high-value targets for malware authors.

This happens when any technology picks up in the news. Developers, do the bare minimum research before blindly adding someone else's code to your computer. I searched for Deepseek on pypi and there's tons of these things. Here are some signs: random user uploaded it and not either the official account or the account of someone working in the project; simple misspellings in the package description, or basic stuff like description is missing; repository link doesn't work or is absent; links to repository that is a fork of official repo or is hosted on a small non-standard site (like some person's random forge.io or gitlab site) On the repo site, check the issues. Do people actually use this library? If they do, they report issues and complain about it.

These aren't foolproof but they'll save you from so so much of this. The most successful instances of this attack are always either: unsophisticated but banking on hype to override your security practices (this deepseek stuff) or else take-overs or infiltration of already popular libraries (the infamous left-pad incident, for example).

source pws

Let me DuckDuckGo that for you:
https://www.bleepingcomputer.com/news/security/deepseek-ai-tools-impersonated-by-infostealer-malware-on-pypi/ https://www.securityweek.com/developers-targeted-with-malware-disguised-as-deepseek-package/ https://www.csoonline.com/article/3816397/hackers-impersonate-deepseek-to-distribute-malware.html https://hackread.com/hackers-hide-malware-fake-deepseek-pypi-packages/
Just the first 4 hits
- These fakes are definitely a problem. Don't let your friends download shady shit.
- windows exe file downloads are very often impersonated, I think we should ban the distribution of windows executables

Run it on your local machine if you can... The retirements are pretty modest

The retirements are pretty modest
Yeah, in Germany as well🫤
for the distilled lighter models you can run them easily, the original you need like at least 260 gb of ram it looks like
this video gets a semi usable experience with a $5500 cpu https://www.youtube.com/watch?v=o1sN1lB76EA
you could get the thelio astra to run it for like $6900 total and probably get similar performance, still cheaper than the base model mac pro lol
for better speed you could probably buy a bunch of old tesla gpus on ebay, that might work
- True, but who cares about the base models? Usefulness is what matters - the 8gb model is pretty useful, better than the free tier of anything I've tried
  Maybe the paid models are better... Just like adaptive cruise control, I refuse to rely on it until I can rely on it. I'm driving, I know the top models still need me to drive them, so I'm happy with what I have... Why rely on something that could be taken away?
- you don’t actually need to fit the whole model in RAM at once: the 70b for example “requires” something like 120gb of VRAM, but i’m running it on my 64gb m1 mbp - it just starts to run a bit slower (still very usable; i reckon about a word per 300ms)
Are they, though? You need shit loads of Vram, or at least RAM, to get a usable experience.
- Not really. You can run the 8b model with like 6-8gb of vram.... It's literally in the realm where people can run it on their phone

My phone alerted me that the official Loops apk from the site was malware.