We recently got a cool trend in the Stable Diffusion community where basically everyday we get plenty of super cool models trained with Dreambooth by the community but is this completely safe? Can downloading these models actually get your computer hacked? So in this prevention/tutorial video, I will explain what is a pickle and what is unpickling, how to be safe when downloading these models, and also I will show you how to download and install 2 security pickle scanners so that you can scan every model you download in search for malicious codes. Be safe people!
Have ever downloaded from a shady website? Let me know in the comments!
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
SOCIAL MEDIA LINKS!
✨ Support my work on Patreon: https://www.patreon.com/aitrepreneur
⚔️ Join the Discord server: https://discord.gg/3ErYSdyUPt
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
Runpod: https://bit.ly/runpodAi
%pip install gdown
!gdown https://drive.google.com/uc?id=
Stable Diffusion Pickle Scanner:
https://github.com/zxix/stable-diffusion-pickle-scanner
https://pastebin.com/QuApyZZN
picklescan –huggingface
Python Pickle Malware Scanner:
https://github.com/mmaitre314/picklescan
https://pastebin.com/K46puytB
To read if you want to know more:
https://splint.gitbook.io/cyberblog/security-research/tensorflow-remote-code-execution-with-malicious-model
https://huggingface.co/docs/hub/security-pickle
Special thanks to Royal Emperor:
– DanO..
Thank you so much for your support on Patreon! You are truly a glory to behold! Your generosity is immense, and it means the world to me. Thank you for helping me keep the lights on and the content flowing. Thank you very much!
#stablediffusion #dreambooth #stablediffusiontutorial #cybersecurity
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
WATCH MY MOST POPULAR VIDEOS:
RECOMMENDED WATCHING – My “Stable Diffusion” Playlist:
►► https://bit.ly/stablediffusion
RECOMMENDED WATCHING – My “Tutorial” Playlist:
►► https://bit.ly/TuTPlaylist
Disclosure: Bear in mind that some of the links in this post are affiliate links and if you go through them to make a purchase I will earn a commission. Keep in mind that I link these companies and their products because of their quality and not because of the commission I receive from your purchases. The decision is yours, and whether or not you decide to buy something is completely up to you.
HELLO HUMANS! Thank you for watching & do NOT forget to LIKE and SUBSCRIBE For More Ai Updates. Thx <3
"K" – Your Ai Overlord
Lmfao
AttributeError: module 'pickle' has no attribute 'load' 🙁
lol
Thank you, I was starting to think the same about some extensions. Yikes! 😢
You tell us not to type LOL, then you make a hilarious joke. 🤣 Thank you for letting us know how to protect ourselves.
Unsafe pickles is why I have been too paranoid to actually download any new models
You tell us you'll get mad if we use LOL, and then you joke about pickles…
Hello overlord. When I run the batch file I get this. I double checked that I followed your instructions. Any idea whats wrong?
C:UsersMattstable-diffusion-webui01>cmd /C "C:UsersMattstable-diffusion-webui01venvScriptsPython.exe"
Python 3.10.7 (tags/v3.10.7:6cc6b13, Sep 5 2022, 14:08:36) [MSC v.1933 64 bit (AMD64)] on win32
Type "help", "copyright", "credits" or "license" for more information.
>>>
Great Job man! Thank you.
Does anyone know if we should be concerned about embeddings downloaded from Hugging?
Automatics automatically unpickles them I believe.
Did you forget to link the Google Collab you used at 5:45 min?
I'd be careful using possible unsafe .ckpt on your personal Google account.
Run pod, paperspace, or vast, store a lot less information about you then Google does.
My worry is a model that injects malicious code into the images them selves.
I'd be careful using possible unsafe .ckpt on your personal Google account.
Run pod, paperspace, or vast, store a lot less information about you then Google does.
My worry is a model that injects malicious code into the images them selves.
we need to be making our own models on our own machines, no cloud, headless linux os on USB for those with 6GB cards asap
Thank you K! Finally someone explains the pickle scanner thing to the average consumer coz the github page for all of them are just confusing.
Thanks for all your helpful videos 🥰
Pickling = serialization, unpickling = deserialization.
Trust the source – LOL. People are using a bleeding edge software created by an unknown author, downloading waifu and hentai models from renty and mega…
😧
5:09 another possibility is to use someone else's computer and see if it gets hacked. If the computer is fine after a while then install it on your computer, if it is not fine then congratulations, your computer is safe.
Should I be worried if all I have is the original "model .ckpt" file from your Super SD 2 video, and have "git pull" enabled for updates to the web UI in the "webui-user .bat" file?
what can someone possibly do from colab, corrupt my drive files. gdrive will automatically scan files for 99% of existing malware/corruption.
Why are we talking about pickles!?
Now I'm hungry.
Do you have a tutorial for training with Dreambooth for a curtain dress/hairstyle/etc that can be cloned later onto any face model?
*Me who's just been using websites like playground ai and Novel ai :* Alright I'll be off then
Bill Gates way of doing.
The arsonist fireman, set the fire and find the solution. Use our site…
Ive download arcane waifu disney waypoints is it risky?
I'll stick to online SD version
Thank you for making things easier for everyone ! Awesome job !
thanks for the warning lmfao😁
Been using Windows Defender, malwarebytes, and pickle scanners. This is a really important PSA!
Super helpful super informative. THANKS !!!!
LOL
omg searching like crazy last night about this topic and wished you made a video about it….. And here it is =D !
And the final and most important layer…
1.-Never run untrusted software out of a virtual machine, or…
2.-Never run untrusted software on your personal PC.
If you abide by these rules, you'll be safe.
lol
I hope you protected your SD webUI with a password (GRADIO_AUTH). Otherwise, by default anyone could access your RunPod, which also doesn't seem very secure.
Who would have known? A software based on surveillance capitalism stealing pictures from people's google drive account… That contains viruses stealing even more stuff from you.
Duh.
0:34 what Model is it?
Damn man, I hadn't even thought about that. Thanks for teaching us about this
Tells us no LOLs allowed, moments later @1:35 tells a joke.
Oh boy, the sorry Canadian joke x) 🍁
that's great information, thanks for sharing!
Huggingface should have their repo scanning or inspection 1st before accepting those files been uploaded by repo at the 1st place . They should perform this step intelligently, if it's meaning of A.I.?
Again, many thanks Aitrepreneur !
thanks, mate… it's a brave new world out there. appreciate the heads up for these unexpected problems.
Guys i have a question is yiffe18 a pickle? It's been out for a month or two already so maybe it's safe?
This is why I only tested them on huggingface in a web window. Thought the same thing…
And how about the basic Automatic's local SD? Not gonna lie, I'm worried avery time I launch this thing.
Good looking out!
Thanks again 🙏
Any idea what it means if my scan output stops after scanning 2 ckpt's, before printing "scan passed" on the 2nd?
Thanks!
lol
Hey ! Pickles are not cucumbers ! They're a totally different genus ^^
Great tutorial, as always my man!!
Btw, lately, TheFastBen's Colab has improved a lot, but it uses a lot more resources and it's no longer viable to use it due to colab limits. Do you think you could make a tutorial to use TheFastBen's Colab in Runpod?
The best solution for this (well, not the best in terms of ultimate best – just the most realistic best option for how things currently are) would be to create a site that exists as a centralized repository for models from trusted sources that have all been scanned/analyzed for vulnerabilities or malicious software, and these files would be signed cryptographically. Users can then verify that the file has the same hash as the one that they have downloaded to ensure that it has not been altered. I would also avoid any use of something like google drive and run everything inside of containerized/sandboxed environments.
LOL insert dolphin
thanks so much for the information. I used only hugginface for the models but i've installed the pickle scan thanks to you !!
Known about this for a little over a week now. This is a big deal and I have not seen anyone else make a video about it. Thanks for bringing awareness. Be safe everyone its a jungle out there.
This was good and hopefully a lot of people see this before trying to get all those sweet ckpts
im just staying with v 1.4 and that way it is as of now
Does your video work with the normal stable diffusion install? Not sure what the super stable diffusion thing was about. I just have the automatic1111 and let a git pull keep everything updated after the install. Nothing is labeled "super stable" in my files. Does this matter for the pickle scanner?
This gave me a scare btw. I ignored the advice to only download from hugging face this morning because it looked exciting and it was one of the first things I saw in the morning. That's the danger of catching up on new alerts right after waking up I guess lol. But I downloaded and scanned the model on my computer and everything seems to have passed your video's scan method.
Has anyone heard if the leaked NovelAI Model was infected or not? I have not heard anything. And just for the record I would "not" recommenced using that model because it's morally wrong. And we would never do that. But if someone where to use it. Has anyone heard of any problems so far?
This is valid concerns, but the scanners only catch obvious malicious code. You can write malicious code in many ways that will not get detected. Saying that the scanner will help is alas misleading. It will not. Best advice is to just use reputable stable diffusion models like runway and compvis and just do your own dreambooth.
AUTOMATIC1111's WebUI has a scanner built in, I tried loading a model and it blocked it and printed to the console that it has potential malicious code in it.
Thanks for teaching us about pickles!! 😁 Its really good info that Huggingface has the option to check the models and scans them beforehand…did not know about it before!! Thanks for the info!! 😇
lol lmfao
Thank you – new subscriber here! The thought occurred to me, but you really helped bring to light these security concerns! I hope others will see this video, and become aware of the potential dangers.
Thanks for keeping us safe! I checked your channel again right now and I think you need to show some love to your home page and customize it! Even if you don't want to make a trailer video for your home page, it's not a bad idea to let the last video load up for new people! Anyway, I just noticed that and I thought it was worth mentioning! Have a great day OVERLORD!
Coool Dreambooth story!! – random Photoshop modes for morons! I love where this garbage is heading it's very intriguing how dumb, dumb is in 2022. Keep up the stellar 'work' under the influence of xanax and weed my friends.
Thank you K this was very helpful, I feel much safer now….
Really sad that people will live as scumbag scammers, trying to steal and lie from people.
Thanks for making this video.
Right, but say I have many of these illicit models from god knows where. How can I tell if I have been compromised? I'm not noticing any slowdown or abnormal behavior yet. Any thoughts?
Rofl rofl rofl rofl
Is this also an issue if we only run SD in Collab?
Well, I don't even own a good enough GPU to run SD models on my own computer… jokes on you haaa! 😅
tnx
Very important video. There is a lot of torrents for models on web that do not have a link on huggingface or other trusted sites
Okay, I was managing to take this seriously through most of the video, with all of the references to pickle scanners, but as soon as you brought up pickle inspectors, I could no longer restrain the laughter 😉
I've always hated pickles 😡
You are AI overlord for a reason❤🔥🙏🏽
Impossible to scan (i use google colab)
lol
This is all nice and all but to open pickle those scanner scripts imports needed pickle module which could be theoretically used by some malicious code later on. So by running completely harmless scanner now you are potentially opening the door for the attack later on. Not really sure what to think about this…
LOL
lol
I found out the SD version I found uses Conda instead of Python, any advise for scanning with that? I do not really program and am curious about AI art, and have downloaded some models I was unable to get scanned with either of these tools.
Friends let friends test models first.
4:45 Is there a way to easily determine the "completely fine" types of pickles?
LOL, LMAO, ROFL, 🤣, 😂, 😆,😄,🤪
Lmfao..
The only ckpt I have download are versions 1.4/1.5 and waifu. All the other ckpts I have are my own that I trained, or ones that you suggest.
Hi I try this, but it is not working that scan output is empty not scan, please help me
I am more worried about if it doesn't checks encrypted strings because at the moment it looks like it checks checks imports and blacklisted API calls. The only way to check encrypted strings is to execute the code and let it unravel itself. Best way to check this is inside a VM environment
That seems alot of work does anyone have an idea how to have the same safety with less work?
lolfmao.. rofl.
I am new to all this, but thinking about trying it out.
How about I just get good at creating my own models? The AI does so much of the grunt work, I could at least get good at models.
Thank you!