For those using Stable Diffusion locally, how do you filter fishy repos?

I simply don't use the closed source ones? Easy to filter (can I see the source?), and helps if I want to contribute as well.

Currently using https://github.com/hlky/stable-diffusion + https://github.com/hlky/stable-diffusion-webui which are both FOSS and works well.

Please go full Richard Stallman.

Control of computing is an all-or-nothing business - even a single compromised component can lead to compromise of the complete system.

Don't trust opaque binaries.

> How do you deal with this situation, do you use a virtual machine, or is there any other ideas I am missing here?

If you really want to run that opaque binary, a virtual machine will give you a decent amount of security. With GPU passthrough, you can even get near-native speed, too.

I've used [0], [1] and [2] so far. I only use open-source ones and quickly skim the source code for anything suspicious. I also only use ones with some degree of popularity, meaning that others have probably taken a look at the code as well.

[0]: https://github.com/lstein/stable-diffusion

[1]: https://github.com/hlky/stable-diffusion

[2]: https://github.com/basujindal/stable-diffusion

You could use the Windows Sandbox to prevent them from accessing anything sensitive on your computer. https://docs.microsoft.com/en-us/windows/security/threat-pro...

Currently there is so much activity that for every closed source tool chances are there is an open source one that does the same. I simply use those instead, after skimming over the code for any obviously malicious activity.

VM is a good idea. I barely even trust a lot of the open source stuff, there's deep stacks of magic (and not so magic) shit in modern machine learning, and too much "we depend on pip installing this particular git repo, sometimes a particular commit that you'll need to figure out lol". Some of the stuff people are building has looked interesting, but I'm going to let the dust settle for a while before I look into them more, and I'm particularly trying not to gum up my new machine with npm BS. For now, I've had enough fun with just the original repo (regrettably finally mostly figuring out how to use conda) which I setup a bit before the weights were released and haven't updated. (So I didn't need to bother removing the last-minute added watermark/filtering stuff.) I also sometimes test things with the network down to see if there's blatant surprising network connections, interestingly the default repo will ping a site for a resource it needs to download, but continues to do so even after you have it. Add the "local_files_only=True" param to the from_pretrained() method calls in ldm/modules/encoders/modules.py to stop it. (Oh thank the gods that I can just edit the py files to make local changes and they haven't tried to do some weird hybrid binary thing like other projects (ActivityWatch).) I also setup Real-ESRGAN to upscale some favorites, its results are pretty interesting.

The executable binary blobs I've a natural inclination to distrust, but I can also see where they're coming from, culturally, and Most Of The Time it's not a problem, like random indie games you might download to try. (Besides, there are other binary blobs I depend on, like the nvidia driver...) Culturally it seems somewhat comparable to the gaming world or even demo scene or modding scene, where traditionally you don't often find much open source.

The official repos work fine.

https://github.com/huggingface/diffusers

https://github.com/CompVis/stable-diffusion

I use the Docker one, fully insulates it from my actual machine; it's OSS, but there's a lot of code and downloading a bunch of models, packages and tools at build / run time so better safe than sorry.

> ...sometimes even simply offering an executable that you are supposed to blindly trust.

Then don't trust them. It's easy. If you don't have access to the source code, then assume the worst. If you absolutely MUST run executables of which you don't know what the hell is going on inside, then maybe run them in a secured container or something similar.

One big problem are also model weights serialized with (the likes of) pickle - which allows arbitrary code execution

A lot of trust just to get some numbers

I tried to run locally but all I got is a black square for output.

I used the scripts from this Repo

https://github.com/basujindal/stable-diffusion

which didn't give me a GPU memory error which the original link does.

How easy / hard is it to run those repos in Google Colab?

That would be my preferred way to shield myself from the repo.

Why would I be bothered about what exactly? People should be free on what and how they release their stuff.