It's good to see awareness being raised on this topic.
I've used HF to deliver malicious models to targets for bug bounty and red team exercises,[0] and a key point to convey is it isn't just scanning for malicious models that would help.
The reality is, making a malicious model isn't the goal - it's just the first step. The goal is to mess with your stuff. Since models are just a program, its reasonable to expect that pretty much no matter what places like HuggingFace do, there will be little malicious programs - or where that isn't possible, poisoned backdoors in safe formats running on their platform, probably forever.
You need to do more than have a malicious model running on Huggingface, you have to get it in front of peoples faces and get them to use it.
The things that make this attack feasible and concern me more than random models called out in articles like this include the way Huggingface manages trust and namespaces.
I won't list them all, but just as an example:
- Organization Confusion aka namespace squatting
Any user, from any email domain, can create an organization with any unique name they wish.
That user can then email anyone in that company and they will receive an email _from Huggingface_ inviting them. It's a very effective way to get malicious models in front of people, or to later backdoor one they upload.
I've got repos of companies with lots of engineers and ops folks from that business who are members of organizations they think are trusted, it works really well.
Secondly, really malicious people are probably going to do what was popular on NPM before mandatory 2fa, they're going to steal your account and swap something out of your model, it's far easier than poking about with a malicious model in an fake organization or running a social campaign for the same. HF as a startup is not ready for this kind of abuse IMO.
If you want more examples of the way HF makes these attacks easier, I wrote them here[1]*
I have some trees from this place, as well as trees from 'Century Farms' - another meticulously kept apple and pear orchard archive.
Their tasting and usage notes on heirloom apples is worth a read.
Learning how to take care of these trees has been a rewarding journey so far, their status can be so tenuous as you learn about the impacts of cedar tree rust, fire blight, and dozens of bacteria out to quickly ruin the trees!
I like to read in the morning, as I drink my coffee and before I go up to bed. Some evenings, now that the weather where I am is really nice, I take a book outside and set up so I can read after dinner. Very relaxing.
Insofar as breaking out of the habits you describe, it takes some work, but a bloody good book is a great way to get out of the loop ;).
Keeping the book close to my usual places where I would sit and start watching TV helps. It might sound silly but to begin with, I also began to just ... sit in a different spot, a reading chair in the same room not just on the couch, in-front of the tv where the automatic action was to reach for the remote or my phone. (which I try to keep in a drawer).
My reading drops off in winter, which is odd, since it seems to complement the season better, but I do love to read outside.
I like to keep a couple of books on the go, a blend of fiction and non fiction, and I just go with whatever I feel like. It's rare for me to read something from the same genre back-to-back unless it's part of a series.
I used to be pretty rigid about only reading one book at a time, and being sure to finish it, even if it sucked but that lead me to read far less often when it became like work. But, I read and complete more books now that I don't constrain myself to reading something that isn't the right vibe.
