this post was submitted on 06 Apr 2024
20 points (88.5% liked)
Cybersecurity
5974 readers
505 users here now
c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.
THE RULES
Instance Rules
- Be respectful. Everyone should feel welcome here.
- No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
- No Ads / Spamming.
- No pornography.
Community Rules
- Idk, keep it semi-professional?
- Nothing illegal. We're all ethical here.
- Rules will be added/redefined as necessary.
If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.
Learn about hacking
Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected]
Notable mention to [email protected]
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
it’s not the only problem listed here, and they’re pretty explicit that pickle files are known to be insecure. however, Huggingface isn’t being negligent by allowing them. somewhat ironically, it’s tough to get ML engineers/researchers to try anything they didn’t learn first. Huggingface themselves makes
safetensorswhich is a more secure open weights format, but there are also competing standards in this space and many stubborn and apathetic devs will stick with pickle cuz it’s easy. it’s a tough problem for HF, but i understand why they do it this way.in a previous job i asked that we not use pickle files either in trying new models or internally distributing models, and they didn’t see the point. this a wider cultural problem, and HF is just trying to capitalize on that market of dumb dumb ML researchers