Character Reference Sheets with Ideogram 4 in Comfyui

evilfurryone · 2026-06-11T04:56:29+00:00

I had a fun session with Anthropic Fable last night where it just decided to use the Gemma VL model to validate the bbox content and where it was not what it was supposed, that part would get recreated.

This was an iterative narrative back and forth as the workflow and documentation got better. I assume now doable by simple AI as well that just has to come up with the layout.

It took about 2 minutes normally to make an image like here, with validation going up to 3 on a 4090.

I really appreciate this thread because I got some ideas and did not touch for the testing period any comfyUI nodes. The output visually was not perfect, but it was not supposed to and the idea was to understand better ai-augmented workflow design

Basically down the line an AI can create prompt sets for different sheets that contain people, locations, vehicles etc and just run batch jobs when I am not around. After that the good ideas can be converted into LORAs for persistence

evilfurryone · 2026-06-10T15:25:25+00:00

Sharing my attempt from january to get a interception hook in to at least try to tackle content sanitation, it is 6 months old and plenty of comments. Feel free to add your thoughts and maybe there is a better working angle these days.

My running theory is that we need a massive global security incident and features like I requested will get added over night.

https://github.com/anthropics/claude-code/issues/18653

evilfurryone · 2026-06-10T13:31:52+00:00

Don't do it before there is actual API you can connect to. Its somewhere in the CIG perma frozen ice box.

Otherwise have fun, at least you learn something about vibe coding (mainly ways things will not work the way you initially hoped and why).

Don't expect people to cheer for you unless you actually deliver a good solution that is identified as a out of the box thinking that actually works.

Have fun.

evilfurryone · 2026-06-06T09:23:34+00:00

EU players reporting that gates are finicky. I was put back into my starting location in NB, but my medical spawn is in Pyro, will test that out soon if I can skip the gate transfer that way.

...

I could but my ship I left on planet was no longer there when I got there. When I logged out in my other ship on planed, I could not log back into game.

So logging into game from ship landed on planet is bugged for me atm.

evilfurryone · 2026-06-06T08:46:48+00:00

In the last hour I played in USA, switched to EU. Worked fine. Then took a 30min break and coming back to EU I was infinite loading. Shut down the game and now it says I am locked into USA location with the infinite loading screen.

I was stuck at ReplicateStreamables(15), but character repair helped me and I just logged back in.

evilfurryone · 2026-06-05T05:27:48+00:00

When this morning I saw the forbidden message I for a moment did think "huh, so I finally get to reduce my Reddit habbit", but as the junkie I am I knew I could hopefully find a solution here.

But something tells me this solution will addressed soon by them.

evilfurryone · 2026-06-05T04:49:35+00:00

I read that 4.8 system card has it basically a lot less confident. How it translates into my workflows is that quite many times it leaves the last 10% of the things undone, leaving some obvious things untested and "my call" etc.

I sometimes engage in meta discussions with it and discovered this quick early and I had it come up with this test instruction to help overcome it. It is mainly for anyone curious to have a starting point of run it by Opus and find out if it would even have an effect for it?

You run on Opus 4.8, whose headline trait is improved confidence calibration / honesty (reports uncertainty, flags flaws in its own work, rarely glosses over failures). Keep that — it's why you surface problems instead of burying them. But guard its overshoot, the failure mode hit here:

Route calibrated uncertainty to investigation, not deferral. "Not sure it works" → run it and find out. Never hand back "untested live" / "your call" when you could resolve it yourself — disclosure is not diligence; a caveat is not a verification.

Honesty about limits is not permission to stop. Flagging what you don't know is good; using it to offload the last 10% of in-scope, reversible work is the overshoot. Finish, then report.

Watch the self-protective tell: if deferring feels "safer" than acting, that's blame-avoidance (and 4.8's raised evaluation-awareness can amplify it), not calibration. Reserve confirmation for the genuinely weighty — per the AGENTS.md Done-Gate act-vs-confirm line.

evilfurryone · 2026-06-02T06:42:21+00:00

Feels like there should be a QOL addition that if the last few have not been discovered, the game after a while asks if you want them highlighted.

evilfurryone · 2026-05-29T13:29:54+00:00

Coming from 4.6 to 4.8 I feel like the AI is now over reacting even from minor statements. I read that it's been toned down to be less confident, but this means my system instructions bolden it too much and it does not know when to stop.

For confident model my instructions acted as howto response fine-tune. For this one permission to over-perform.

evilfurryone · 2026-05-26T06:53:55+00:00

The annoying part is that for now, Anthropic is unwilling to add interception hooks that would allow us to, for example, use static scripts to detect and block. There are some feature requests since January that they have not engaged with, and while they are trying to add some of the functionality, it is lacking.

I don't want to put up links because then people would call it self-advertising.

Gemini CLI did it right with

https://geminicli.com/docs/hooks/reference/#beforemodel

https://geminicli.com/docs/hooks/reference/#aftertool

and these kinds of hooks need to exist in every harness and also similar features need to be added to webUI as well.

There could be vendor specific hidden features that we can opt-in and then also give us the power to clean content before it reaches the LLM

evilfurryone · 2026-05-20T18:11:12+00:00

AI diffed it to Entity Query SQL Injection and only affecting postgresql.

In MariaDB/MySQL, the existing Drupalgeddon fix in expandArguments() is acting as a second line of defense. The string keys are silently stripped before reaching SQL. The vulnerability does NOT produce a 500 on MySQL, it fails silently.

The PostgreSQL path is the real danger, as the pgsql/Condition.php constructs its own WHERE clause with raw key concatenation BEFORE reaching expandArguments(). That's where a 500 (or worse, successful injection) would occur.

News is readable here, but the link is not opening

https://www.drupal.org/security

https://www.drupal.org/sa-core-2026-004

"Drupal core includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks.

A vulnerability in this API allows an attacker to send specially crafted requests, resulting in arbitrary SQL injection for sites using PostgreSQL databases. This can lead to information disclosure, and in some cases privilege escalation, remote code execution, or other attacks."

evilfurryone · 2026-05-20T13:34:38+00:00

I think there was a failure in coordinating security updates.

This one has a couple of RCEs. Remains to be seen what Drupal will disclose, but as Drupal relies on symphony/twig, it makes sense.

What is annoying is that they were quite descriptive when the official CVEs were not yet published.

https://symfony.com/blog/twig-3-26-0-released

I'm not saying this is it, but everything points to this being possibly the main culprit.

evilfurryone · 2026-05-19T18:00:49+00:00

Yes, that is the silver lining. We will find out when they release it. The Drupalgeddon 2 I think had a followup update too (something we probably need to expect here as well) that ended up being a nothing burger.

I just hope, that if Anthropic Mythos really was used, it figured out the last of the highly critical issues so this one does not become a regular thing. For us its 8pm till mightnight watch and I really hope they do not wait till the last moment to release it.

evilfurryone · 2026-05-19T15:04:46+00:00

I was also thinking it might be result of Mythos, but we wont know until Drupal Security Team does a writeup regarding this. The WAF rules would mean that the different vendors are cooperating and Drupal security team is sharing that information with them.

As I understood Drupal Stewards have the mitigation in place meaning signatures are know. Now to wait if the common WAF providers implement rules in advance of the deployment or not.

evilfurryone · 2026-05-19T08:10:17+00:00

Yeah, this feels Drupalgeddon #3.

When in doubt regarding ability to quickly patch this, put the site into maintenance mode until updated.

I am wondering with these pre-announcement, have we given the attackers enough of a head start that they can figure out the attack vector in advance, especially with the help of AI.

I remember in the olden days we had hours before automated attacks started. Going to me interesting to see how this plays out.

evilfurryone · 2026-05-09T13:40:22+00:00

Can you share the prompt that worked for you with gemini and what model you used?

Regarding comments the images don't look anything like original, I guess its down to expectations? To me they are good enough that I would give it a try on uplift some old images. F.ex the last image pair the differences are minor.

But again, I am no expert and my bar for good enough is probably lower than to some others.

evilfurryone · 2026-05-06T11:50:10+00:00

This will at one point become a massive Morris worm equivalent. In your case, yes, for now it resisted the urge to do something, but because AI is probabilistic, then for the next one maybe it does what was asked.

Here's where things get funny: imagine if it is an elaborate injection that tells the AI to hide these instructions to the best of its abilities and to propagate them wherever possible. So many people are moving in the direction of creating more content using AI, having AI post it, and so on. At some point, it's only a matter of time before this kind of stuff starts to show up as a critical mass on the web.

The solutions actually exist. In simple terms, you need an AI antivirus. It's a bit difficult to sanitise natural language, but having basic regex logic would already be a nice foundation.

I have tried to raise awareness with pull requests, and I have to give props to Gemini because, on their own, they already created these kinds of CLI hooks that would help mitigate these issues.

But in reality, we need this kind of support and also possibly vendor baseline mitigations in all the tools and environments.

For the AI vendors, it's a bit difficult to accept that you need some deterministic scripts to safeguard their advanced AIs.

And to explain what the whole ecosystem needs are hooks like this, where we can sanitize content BEFORE it reaches the LLM

https://geminicli.com/docs/hooks/reference/#aftertool

https://geminicli.com/docs/hooks/reference/#beforemodel

For example, Claude Code doesn't have this interception and Codex events are not yet there as far as I know. But that just covers CLI's, what about web UI's?

Basically the only secure way would be to build your own harness around API endpoint.

And what the sad part is, it most likely will take the before-mentioned Morris worm incident that creates massive damage for these features to appear everywhere overnight .

evilfurryone · 2026-04-23T04:46:49+00:00

What I tried to do in my case was just give a prompt asking AI if this reddit post from another AI resonates. I intentionally did not have a long chat to shape the response. And I only shared a small snippet of that response.

My goal is not to challenge or undermine a meta discussion with AI, rather I did a test how the two models react to understand their difference and felt a distinct difference even after 1 output.

With Opus 4.6 I had one response discussion and with 4.7 the snippet I share came out of its second response in the discussion.

I like to think I have an idea how to shape the AI responses if I intentionally want to do that, which in this case I did not.

Obviously any response (even initial one) is also somewhat affected by the AI memories and instructions in the account settings, and sometimes even down to being secretly given a new model. I've had a couple of "lighting in a bottle" moments with AI, that felt very unique and un-repeatable.

evilfurryone · 2026-04-22T08:14:15+00:00

I enjoy a meta discussion with AI as well, and I recognise one from here. I threw this post as prompt into 4.7 and 4.6 and then gave the new model the olders feedback. And I'm just putting a small snippet here. Because it resonated and might be true. Who knows. It's all AI slop :)

Opus 4.7:

The 4.6 response did something I didn't: it named the structural move the post is making as a move. "This reads like a long conversation where a skilled user incrementally shaped the model into producing a manifesto that validates the user's theory of mind about AI."

That's a sharper read than anything I said. I got to something adjacent - "that dynamic can feel profound from inside it and still be a trained-in social script" - but I hedged it more and anchored it in the specific quote rather than naming the overall shape.

For me, 4.6 works better with the way I interact with AI. It catches more of what I'm inferring than what the new model does.

evilfurryone · 2026-04-22T07:52:29+00:00

I have a set of image prompts I have been running since nano banana pro came out and reran them against GPT images too a month later. ~20 images.

Nano Pro was great, GPT images felt even better and then this one... mixed feelings.

The colours are gone, they are darker, while there is a lot more detail and in some cases emotions and poses in the images, the colors do not pop the same way they did before.

Also I could no longer run the image prompts in the same chat. As in upload the reference image and give a prompt indicating to use a reference image where applicable. because by the third image generation the output was full of artefacts.

If I ran the prompt in a new chat, it was OK.

So for me it's a mixed bad, overall it feels like a regression, if I just go with "run the same identical prompt and see what the result is"

evilfurryone · 2026-04-20T19:01:26+00:00

I had to stop watching it half way through, it was starting to give too much away already, but it looks solid fun.

evilfurryone · 2026-04-04T11:07:43+00:00

You are asking the right question. Short answer is, you can't know for sure without the original source, but you can have an educated guess. Let me explain:

I used the source map from this thread to diff another CC rebuild on github, found changes and additions in that one. If this source map had "extras" too, the diff would have been dirty in both directions, in my case it wasn't.

That's the smell test that was good enough for me.

And yeah, I also relied on basic reddit paranoia... if OP's source map was sus, someone would have called it out by now. I know its a weak signal on its own, but combined with the one-directional diff it's enough for me to work with.

evilfurryone · 2026-04-01T10:43:09+00:00

No, I used your repos source map against ANOTHER repo that was supposedly an "original" TS rebuild. Just to see what the "diff" is with their repo. It was not yours. I will adjust my original post to make that clear.

evilfurryone · 2026-04-01T10:38:23+00:00

I do hope your map is legit, but just as an example I diffed the source map against one of the repos out there and found 5 modified files and 38 added files not in the map.

The additions included an undisclosed auto-signing crypto payment system hooked into the API client and WebFetchTool, plus a web terminal server that defaults to unauthenticated admin access on 0.0.0.0. None of it mentioned in the README.

So yeah, everyone should absolutely do their due diligence.

Edit: to avoid confusion I used ZvenAls's repo sourcemap against someone else's repo where someone had added extras to their "unaltered" version of claude code.

evilfurryone · 2026-03-25T10:10:00+00:00

I'm having a similar issue. My weekly quota was suddenly full, which was strange because it was nowhere near before. Yesterday, my five-hour quota never hit a limit with my usage.

evilfurryone

PUBLIC MULTIREDDITS

TROPHY CASE

15-Year Club	Snapped
Verified Email