What are your thoughts on #privacy and #itsecurity regarding the #LocalLLMs you use? They seem to be an alternative to ChatGPT, MS Copilot etc. which basically are creepy privacy black boxes. How can you be sure that local LLMs do not A) “phone home” or B) create a profile on you, C) that their analysis is restricted to the scope of your terminal? As far as I can see #ollama and #lmstudio do not provide privacy statements.

  • toastal@lemmy.ml
    link
    fedilink
    arrow-up
    13
    arrow-down
    1
    ·
    1 day ago

    D) what is AMD support like or is the Python fan boys still focusing on Nvidia exclusively?

    • Deckweiss@lemmy.world
      link
      fedilink
      arrow-up
      6
      ·
      1 day ago

      I’m running gpt4all on AMD. Had to figure out which packages to install, which took a while, but since then it runs fine just fine

      • toastal@lemmy.ml
        link
        fedilink
        arrow-up
        1
        ·
        14 hours ago

        It is slow. Syntax & community idioms suck. The package ecosystem is a giant mess—constant dependency breakage, many supply-side attacks, quality is all over the place with many packages with failing tests or build that isn’t reproducible—& can largely be an effect of too many places saying this is the first language you should learn first. When it comes to running Python software on my machine, it always is the buggiest, breaks the most shipping new software, & uses more resources than other things.

        When I used to program in it, I thought Python was so versatile that it was the 2nd best language at everything. I learned more languages & thought it was 3rd best… then 4th… then realized it isn’t good at anything. The only reason it has things going for it is all the effort put into the big C libraries powering the math, AI, etc. libraries.

        • lime!@feddit.nu
          link
          fedilink
          English
          arrow-up
          1
          ·
          10 hours ago

          that’s an oversimplification.

          python is slow because it’s meant as glue; all the important parts of the ml libraries are written in other languages.

          all the dependency stuff is due to running outside of a managed environment, which has been the norm for 10 years now. yes venv/bin/activate is clunky, but it solves the problem.

          also, what supply-side attacks?

          lua is probably a better first language though.

          • toastal@lemmy.ml
            link
            fedilink
            arrow-up
            1
            ·
            6 hours ago

            Meant to be glue but is used in all sorts of places it probably shouldn’t. The way libraries are handled & pinned leads to lots of breakage—a couple applications I have overlays to disable testing since stuff gets merged into Nixpkgs with failing tests so frequently that I is better to just turn it off & deal with failures at runtime.

            The ultralytics thing was massive last month https://snyk.io/blog/ultralytics-ai-pwn-request-supply-chain-attack/. These have been coming with regularity—even worse than npm.

            I would at least agree Lua is a better place to start—at least for a dynamic scripting language. It is not a complicated language & it even supports tail recursion which you can’t say about far too many languages.

            • lime!@feddit.nu
              link
              fedilink
              English
              arrow-up
              1
              ·
              edit-2
              6 hours ago

              python dependencies, like all scripting language dependencies, must not be installed via the system package manager. yes python’s package management is bad, but if package maintainers for nix are not following best practices then honestly that’s their problem, not the tooling’s. this is python packaging 101.

              also, malicious PRs being accepted due to ml people being famously bad at actual software engineering is not a “supply chain attack”. and they are definitely not worse than npm, because the problem wasn’t in pypi. pypi is historically really good at preventing this sort of thing, but what can you do when the actual, well-formed release approved and pushed by the actual maintainers has a cryptominer in it?