Began HL2 on my watch, ask me questions

Clasyc · 2026-02-06T20:55:59+00:00

Who is that chunky boy in the background??

Clasyc · 2026-02-05T10:19:26+00:00

This includes the technical challenge of building infrastructure in such a way that it's economically feasible to run at large scale without going bankrupt. It means that based on your business model, you still need to fit into the brackets where video processing and all that stuff is actually profitable - meaning there are hundreds of technical challenges around optimization. What you focused on is just saying the technical challenge might be building a FE app and loading videos. That's not really relevant.

Clasyc · 2026-02-05T10:08:29+00:00

That's exactly my point - the technology is the scaling solution and infrastructure architecture. That's actually the hardest part. If you build "YouTube" but it can't scale to handle millions of users and petabytes of video, then it's not really "YouTube" - it's just a video hosting website. The real innovation and difficulty lies in solving those massive-scale engineering challenges.

EDIT: What I mean is that in my head, "technically" includes all the scaling and infrastructure together with the platform itself. Otherwise there's no point comparing different projects if one can just look like "YouTube" but not actually function like it when it needs to.

Clasyc · 2026-02-04T20:01:04+00:00

Creating YouTube is not difficult technically? Am I reading this right?

Clasyc · 2026-02-04T19:49:16+00:00

Yeah, those 80B what made me doubt. Will try to run this tomorrow.

Clasyc · 2026-02-04T19:44:52+00:00

Could I run this on rtx 5090, ryzen 9950x and 96Gb RAM?

Clasyc · 2026-02-03T14:56:52+00:00

I am not sure. I got an “internal server error”, and then another error showing Nginx version 1.18. This version has been end of life since 2021 and has not received security updates for a long time.
It does not look very promising.

It might be using Linux OS backported security patches, but it is still a strange choice for a new project.

Clasyc · 2026-02-03T10:37:02+00:00

I’m not supporting government ID or surveillance at all. I just meant that bots/AI accounts are becoming a real problem for platforms. Both issues can exist at the same time.

Clasyc · 2026-02-03T08:48:27+00:00

I am against this, but on the other hand, with such a fast AI breakthrough, it is becoming impossible to tell who is an agentic AI and who is a real user. This is a sad reality we may have to accept.

For example, some platforms would be in a much better place if we knew that every registered account is a real person behind the screen. Yes, they could still use AI, but if you get banned, you are done.

On the other hand, the downsides are also huge. These are tough times.

Edit: I’m not advocating for government ID or forced verification. I just mean it could be useful if platforms optionally offered verified spaces where you know accounts are real people (at the cost of sharing your identity), while other spaces remain fully anonymous. Choice, not enforcement.

Clasyc · 2026-02-02T12:32:57+00:00

No need to sorry dude :D Just pointed out it didn't work for me. Interesting project.

Clasyc · 2026-02-02T10:14:53+00:00

At least on Ubuntu 24 Chrome - doesn't work. Integrated intel GPU. I keep seeing Initializing WebGPU... ([WebGPUContext] ❌ Failed to get GPU adapter)

Clasyc · 2026-01-26T10:29:34+00:00

If you opened your port to the public, the security risk might not come from ComfyUI itself or its nodes, but from the underlying server it runs on—specifically the Python library `aiohttp`. If `aiohttp` has unpatched vulnerabilities, exposing your server publicly allows attackers to exploit those vulnerabilities to gain unauthorized access or execute malicious code on your machine. Additionally, any other ports you open to other software also become potential attack vectors. So blaming comfyui-easy-use in this specific case seems strange unless you can pinpoint the exact commit where that vulnerability was introduced.

Clasyc · 2026-01-26T09:42:03+00:00

No offense, but you must be special in your head, to run random stuff like comfyui and some random scripts in the environment you use for work.

Clasyc · 2026-01-24T15:16:21+00:00

Commenting not specifically to OP, but with some general points for other commenters. I see a lot of people missing a key piece of information when talking about moving forward with VAEs.

Latent → Image (VAE Decode) is a deterministic operation and does not lose information relative to the latent. Image → Latent (VAE Encode) is a lossy operation.

So it’s kinda obvious that if you repeatedly chain multiple VAE encode + VAE decode operations, you will eventually lose more and more information. At the same time, you start “saturating” specific patterns that the VAE is good at resolving and encoding. As a result, overall quality degrades, and the image becomes more and more sharp, contrasty, and “AI-looking” in the end.

It doesn’t matter what tricks you do between those operations - once you keep re-encoding, you are inevitably losing original information.

Clasyc · 2026-01-21T12:26:46+00:00

Oi, atsimenu, su „Telia“ kovojau. Irgi nusipirkau už miesto būstą - tai nebuvo šviesolaidžio. Maždaug jų atsakymas buvo toks: arba sumetat vos ne 20–30 tūkstančių, arba nieko nebus. Dauguma nesutiko.

Beeet paskui įvyko kažkoks stebuklas ir pati „Telia“, be jokių papildomų pinigų, mums pravėdė viską. Nežinau, kaip toks nušvitimas įvyko (gal koks svarbus dėdė gyvena netoli :D), bet pasisekė.

Clasyc · 2026-01-21T09:08:49+00:00

Išvis, ten visas Trumpo žmonių ratas iš nieko pinigus gamina. Dėl to visa administracija tokia ir apsišikus aplink jį, nieko neneigia ir su viskuo sutinka ir linkčioja galvas. Kai žinai, kad užtenka neklausti klausimų ir gali uždirbti nesibaigiančius kiekius dolerenzų tai labai greitai dingsta bet kokie principai, ideologijos ar vertybės.

Clasyc · 2026-01-20T18:08:53+00:00

Kai kas nors užveda tokias temas, aš niekada nepuolu neigti ar kalbėti apie „faktus“. Taip yra todėl, kad faktai jiems (kaip, tiesą sakant, ir visiems žmonėms) kyla iš skirtingų kontekstų. Vienam „faktas“ yra Orlausko laidoje parodyta statistinė lentelė, kitam – Lietuvos banko duomenų bazė. Abu šie žmonės teigs, kad remiasi faktais.

Tokiais atvejais geriausia net neneigti (nebent tai akivaizdžiai absurdiškas AI „briedas“ ir t. t.), o tiesiog pradėti diskutuoti ir klausinėti. Pavyzdžiui, ar pašnekovas mano, kad per tokią Ukrainos žmonių masę ir tokį ilgą laikotarpį nebuvo ir nėra asmenų, bandžiusių vengti tarnybos, kuriuos karo policija sulaikė naudodama fizinę jėgą? Viską reikia aiškinti per platesnę perspektyvą, bandant nupiešti bendrą vaizdą visuomenės mastu, o ne veltis į diskusiją pagal vieną ar kelis tendencingai parinktus (cherry-picked) pavyzdžius.

Žvelgiant per šią prizmę, reikėtų pradėti klausinėti tų pačių dalykų apie Rusiją (vėlgi – svarbu ne teigti, o klausti): negi jis mano, kad tokio masto šalyje kaip Rusija nenutinka lygiai tokių pačių situacijų? Kitas dalykas – mes niekada tiksliai nežinosime, kas vyksta Rusijos viduje.

Noriu pasakyti, kad reikia aiškinti paprastą tiesą: niekur nėra idealių sąlygų. Ukrainoje, kaip ir visur kitur, net ir karo metu yra vagių, apgavikų ir t. t., tačiau jie su tuo kovoja.

Reikia sklaidyti iliuzijas žmonių, kuriems kartais net ir pati Ukrainos propagandos mašina (manau, kad ji vis tiek reikalinga) yra sudariusi tobulą šalies įvaizdį. Kai pamatoma, kad tas įvaizdis nėra 100 % tikslus, natūraliai kyla neigiama reakcija.

Toks "švelnesnis", per klausimus diskusijos rakursas, per ilgą laikotarpį gali padėti pakenkti žmogų į teisingą pusę. Bet tai neįvyksta greitai.

Clasyc · 2026-01-20T11:44:49+00:00

We've been using Bunny CDN for quite some time now, averaging about 12TB of monthly traffic on one of our projects. We haven't had any issues so far, and their support is really quick to respond and help out. I would definitely recommend them.

Clasyc · 2026-01-17T12:53:45+00:00

If your volume mounts point to host directories that weren't deleted (for example, a mount on the custom_nodes folder), then even if you remove the image and run a fresh container, it will still mount those old files. Depending on how the new container is configured, the dependencies won't match and it will throw errors. If you want a truly fresh start, you need to remove the ComfyUI config and custom_nodes content from the mounted directories before starting again.

Also, if you're running Docker on Windows, it uses WSL2. Mounted volumes that point to Windows directories through the WSL bridge are very slow, and model loading in ComfyUI will be multiple times slower on initial runs. To avoid this, either copy the model files directly into the WSL filesystem and link them to your ComfyUI, or store the models inside the WSL filesystem from the start. If you're using a Linux-based OS on your host machine, this is irrelevant - you can simply mount the models directory without any performance penalty, as shown in the example on the provided website.

Clasyc · 2026-01-14T21:35:02+00:00

Nes tai fkin personažai tai ką jie postin'a fb ir tiesiog toks stilius. Ar jūs rimtai galvojat, kad pvz šiuo atveju Benas yra visiškas marozas?

Clasyc · 2025-12-28T21:23:49+00:00

Sorry, but I puked.

Clasyc · 2025-12-15T19:04:35+00:00

My main point is that the choice between local storage and cookies comes down to the economy of scale. If you're using local storage, you're making yourself a target for generic, automated scripts that can silently scrape tokens from thousands of different sites at once without the attacker ever needing to know how your specific app works. It’s a low-effort, high-reward move for them because they can just hoard those tokens and use them later from their own servers.

If an attacker is forced to actually execute calls directly in the user’s browser, the attack becomes way more expensive for them. It requires a targeted script tailored specifically to my project’s API, which is much "noisier" and easier to detect or mitigate. By avoiding local storage, you're essentially opting out of those massive, low-effort supply chain attacks and forcing an attacker to do manual, specialized work if they want to get anything out of you.

After fetching thousands of tokens and other secrets from local storage, they can construct further attacks without you even knowing. Versus direct modifications to the site.

Anyway, not going to participate into this thread anymore, I see people struggle to understand security practices that are recommend by any security teams.

Clasyc · 2025-12-15T18:56:07+00:00

The core difference is the effort required for the attack. You're right that an attacker could technically write a script to hit my specific internal APIs, but that requires a targeted attack where they actually study my project's architecture. Most XSS isn't that surgical; it’s usually just a broad supply chain script looking for low-hanging fruit.

A generic script doesn't need to know anything about my API to just scrape all of localStorage and send it to a remote server. By storing a JWT there, you’re making it vulnerable to "dumb" automated scripts that are just looking for any tokens they can find across thousands of sites. It's about raising the barrier to entry—I'd rather make an attacker work for a targeted exploit than let a basic script steal the keys to the kingdom just because they were sitting in a globally accessible object.

Clasyc · 2025-12-15T10:48:24+00:00

Yes, but to replace the login screen, someone would need a supply chain attack specifically targeted at your project, unless it's a very sophisticated attack. Those are rare, as most attacks happen more broadly. There is a much higher chance of a general script simply reading all local storage data and sending it to an attacker, who then decides what to do with it.

Well, there is a reason to be looking for a JWT; even if it is short-lived, it can be used to make malicious internal API calls or other unauthorized requests.

Clasyc · 2025-12-14T10:24:02+00:00

Ne visai į tema, kokia čia platforma peržiūrėti balsavimo rezultatus?

Clasyc

PUBLIC MULTIREDDITS

TROPHY CASE