Grive

Grive

2/5/2025, 4:05:42 PM

I've noticed a trend of people using DeepSeek R1, but keep in mind that it's biased, and all chats are transferred to China. If you're planning to use R1, be aware of this. Many YouTubers recommend installing Ollama or LM Studio to run models locally without internet access, which does help protect your data. While this is true, there are some important things to consider: 1. Bias remains – Running the model locally doesn’t remove its built-in biases. If the model itself is flawed or manipulated, using it offline won’t change that. 2. Heavy hardware requirements – If you want a DeepSeek model that surpasses GPT, you'd need to run DeepSeek R1-671B, which is 404GB in size. No consumer laptop can handle this, and only high-end AI servers or powerful workstations can run it efficiently. Running smaller versions may be possible, but they won’t match the performance of leading AI models. 3. Privacy risks still exist – While Ollama and LM Studio are great for running models locally, they are still third-party applications. Their policies could change anytime, potentially allowing data collection or cloud-based processing. Relying solely on them for privacy isn’t foolproof. In short, open-source and private models are great alternatives, but they require proper knowledge and resources to use effectively. Don't just follow trends—stay informed and cautious.

Grive

2/27/2025, 5:01:25 PM

*VSCode Extensions Pulled Over Security Risks* Microsoft has removed two widely used Visual Studio Code extensions, 'Material Theme – Free' and 'Material Theme Icons – Free,' from the Visual Studio Marketplace due to security concerns. These extensions, developed by Mattia Astorino (known as 'equinusocio'), had amassed nearly 9 million downloads before their removal. Users of these extensions have been notified within VSCode that the extensions have been automatically disabled. The action was prompted by cybersecurity researchers Amit Assaraf and Itay Kruk, who identified suspicious code within the extensions and reported their findings to Microsoft. Following an internal investigation, Microsoft confirmed the presence of malicious code, leading to the removal of all extensions published by Astorino from the marketplace. This incident highlights ongoing concerns about the security of VSCode extensions. Previous research has uncovered numerous extensions with potential security risks, including known malicious code, hardcoded IP addresses, execution of unknown executables, and instances of copycat behavior. Developers and users are advised to exercise caution when installing extensions and to regularly review and update their tools to maintain a secure development environment. *Source:* https://www.bleepingcomputer.com/news/security/vscode-extensions-with-9-million-installs-pulled-over-security-risks/