I for one just don’t trust these Chinese models at all. Not saying there’s anything wrong with this but it’s clear it’s aligned with the Chinese agenda when I try to ask it anything about Taiwan. But for coding it works good and you can run it offline
AFAIK models used to be just plain code, when you load one, for example, it would do so by calling a method pickled inside the model file. Uploader could set up this method to do practically anything they want, and it doesn’t need to be obviously malicious since code runs just like a normal python script. For example, it could simply load/render a webp image that is designed to use the recent libwebp vulnerability.
They changed this a while back, so now you need to pass an argument when loading the model to allow this behavior, and this model requires it.
elaborate
I for one just don’t trust these Chinese models at all. Not saying there’s anything wrong with this but it’s clear it’s aligned with the Chinese agenda when I try to ask it anything about Taiwan. But for coding it works good and you can run it offline
AFAIK models used to be just plain code, when you load one, for example, it would do so by calling a method pickled inside the model file. Uploader could set up this method to do practically anything they want, and it doesn’t need to be obviously malicious since code runs just like a normal python script. For example, it could simply load/render a webp image that is designed to use the recent libwebp vulnerability.
They changed this a while back, so now you need to pass an argument when loading the model to allow this behavior, and this model requires it.