PeopleDevelopers whodownloadadd PyPi packages to their python projectsdeepseek, packages that are intentionally mislabeled,are getting malwareget malware frequently because PyPi, NPM, crates.io, and any other software library are high-value targets for malware authors.This happens when any technology picks up in the news. Developers, do the bare minimum research before blindly adding someone else’s code to your computer. I searched for Deepseek on pypi and there’s tons of these things. Here are some signs: random user uploaded it and not either the official account or the account of someone working in the project; simple misspellings in the package description, or basic stuff like description is missing; repository link doesn’t work or is absent; links to repository that is a fork of official repo or is hosted on a small non-standard site (like some person’s random forge.io or gitlab site) On the repo site, check the issues. Do people actually use this library? If they do, they report issues and complain about it.
These aren’t foolproof but they’ll save you from so so much of this. The most successful instances of this attack are always either: unsophisticated but banking on hype to override your security practices (this deepseek stuff) or else take-overs or infiltration of already popular libraries (the infamous left-pad incident, for example).
Run it on your local machine if you can… The retirements are pretty modest
Are they, though? You need shit loads of Vram, or at least RAM, to get a usable experience.
Not really. You can run the 8b model with like 6-8gb of vram… It’s literally in the realm where people can run it on their phone
Okay, yeah, I was looking at the full size model.
for the distilled lighter models you can run them easily, the original you need like at least 260 gb of ram it looks like
this video gets a semi usable experience with a $5500 cpu https://www.youtube.com/watch?v=o1sN1lB76EA
you could get the thelio astra to run it for like $6900 total and probably get similar performance, still cheaper than the base model mac pro lol
for better speed you could probably buy a bunch of old tesla gpus on ebay, that might work
you don’t actually need to fit the whole model in RAM at once: the 70b for example “requires” something like 120gb of VRAM, but i’m running it on my 64gb m1 mbp - it just starts to run a bit slower (still very usable; i reckon about a word per 300ms)
True, but who cares about the base models? Usefulness is what matters - the 8gb model is pretty useful, better than the free tier of anything I’ve tried
Maybe the paid models are better… Just like adaptive cruise control, I refuse to rely on it until I can rely on it. I’m driving, I know the top models still need me to drive them, so I’m happy with what I have… Why rely on something that could be taken away?
I was trying the 14b model (q4_k_m quantized) on my 3060 recently, and while it is clearly stupider than ChatGPT (i tried asking it some things from old chatgpt chats) it is much faster (20 tokens per second) and at least doesn’t suddenly become dumber once openai decides you’ve had enough 4o time today on the free plan and the rest of your chat will use whatever earlier model there was
The retirements are pretty modest
Yeah, in Germany as well🫤
source pws
Let me DuckDuckGo that for you:
https://www.bleepingcomputer.com/news/security/deepseek-ai-tools-impersonated-by-infostealer-malware-on-pypi/ https://www.securityweek.com/developers-targeted-with-malware-disguised-as-deepseek-package/ https://www.csoonline.com/article/3816397/hackers-impersonate-deepseek-to-distribute-malware.html https://hackread.com/hackers-hide-malware-fake-deepseek-pypi-packages/
Just the first 4 hits
These fakes are definitely a problem. Don’t let your friends download shady shit.
windows exe file downloads are very often impersonated, I think we should ban the distribution of windows executables
Very fair and reasonable
My phone alerted me that the official Loops apk from the site was malware.
