lilting channel (English)

JANIMA vs Hexer Minimal Toon (M1 Max): LoRA fidelity flips per character

Thu, 11 Jun 2026 15:00:00 GMT

Tested on M1 Max ComfyUI: newly free JANIMA vs Hexer Minimal Toon Anima V1 vs anima-base, one character LoRA, same seed. Hexer keeps the outfit; JANIMA adds clothes but draws the quietest backgrounds.

Codex says Selected model is at capacity: try continuing

Thu, 11 Jun 2026 06:56:09 GMT

Codex showed Selected model is at capacity, but the same thread resumed after a continue prompt. Related issues point to serving pressure, not context length.

Microsoft 73-repo Miasma: AI agent startup, not npm install

Thu, 11 Jun 2026 04:24:35 GMT

GitHub disabled 73 Microsoft repos after an Azure/durabletask commit. Miasma used Claude Code, Gemini CLI, Cursor, and VS Code config, not npm install.

LiteLLM CVE-2026-42271: MCP stdio test RCE, CISA KEV

Wed, 10 Jun 2026 10:03:57 GMT

LiteLLM 1.74.2-1.83.6 command execution via MCP stdio test endpoints is in CISA KEV. Patch to 1.83.7+ and Starlette 1.0.1+; BadHost can remove auth.

Claude Fable 5 vs Opus 4.8, Sonnet 4.6, and Codex: tiny blog benchmark

Wed, 10 Jun 2026 04:27:26 GMT

Claude Code CLI vs Codex CLI on a 7-test static-blog fixture: runtimes, estimated Claude Code cost, and the semantic diff Codex used to pass.

Laxhar's SenseNova U1 LoRA trainer: bf16 on 32GB GPU, ~20GB peak VRAM

Tue, 09 Jun 2026 06:23:29 GMT

Laxhar's U1 trainer needs 32GB+ GPU, bf16 only — 4bit broke gen tower. Prefix offload keeps ~20GB peak. 8-step LoRA stack, A3B MoE compat, official training code gap.

AFM 3: 20B sparse on-device, Cloud Pro on Google Cloud, five model tiers

Tue, 09 Jun 2026 03:28:44 GMT

AFM 3 splits into 20B on-device sparse (NAND-to-DRAM weight loading) and Cloud Pro on Google Cloud NVIDIA GPU. Three Google contexts, Foundation Models API opening, and what's still unreleased.

LFM2.5 1.2B JP on M1 Max 64GB: 208 tok/s decode, JSON OK, name hallucinated

Sun, 07 Jun 2026 16:20:00 GMT

Tested LFM2.5-1.2B-JP-202606 on M1 Max 64GB. llama.cpp Q4_K_M: 208 tok/s decode, JSON intact, model name hallucinated (LFM→FDM). Q8_0: 157 tok/s, no hallucination. Tool calls broken via GGUF.

Two-character LoRA without bleed or fusion: rank128 + 20 dual images on Anima

Sun, 07 Jun 2026 15:00:00 GMT

rank128 + 20 two-character images killed the v1 ahoge bleed and body fusion on this Anima dual-character LoRA. Lap-sit stays a Qwen3 text-encoder limit; sweet spot is ep140.

Claude Code 'court' bug: tool calls leak as text instead of running (Opus 4.8)

Sun, 07 Jun 2026 04:48:38 GMT

Claude Code sometimes emits a stray court token and raw as plain text instead of running Read/Edit/Bash — a malformed tool call that never executes. How to tell it from a hung shell or a 'could not be parsed' error, on long Opus 4.8 sessions.

Two characters, one Anima LoRA: hugs hold, lap-sit breaks (stack vs interleave)

Fri, 05 Jun 2026 16:54:03 GMT

One Anima (Qwen-Image DiT) LoRA, two characters, trained on RunPod: can they touch? Hugs and piggyback hold, lap-sit fuses; stacked limbs survive, interleaved break. Best at ep100, Turbo.

CVE-2025-24964 lets a malicious web page reach RCE via Vitest's WebSocket API

Fri, 05 Jun 2026 16:16:24 GMT

Vitest's UI/api WebSocket skips Origin checks (CSWSH), so a malicious page can call saveTestFile and rerun to run code on your dev machine. Fixed in 1.6.1 / 2.1.9 / 3.0.5.

In 'One Developer Is All You Need' the speedup was wait time, not 4x AI coding

Fri, 05 Jun 2026 15:29:05 GMT

At Itaú, a staff engineer delivered a 4-person, 18-week project in 9 weeks with 4 AI agents — but it worked only because they knew the codebase deeply. What the case study really says about AI and team size.

Paper vs tablet manga fMRI study: tablet slowed integration-question RT

Fri, 05 Jun 2026 04:17:24 GMT

Sakai Lab fMRI study (N=25, U-Tokyo): reading a story's first half on a tablet stretched response time on integration questions and skipped the language-area savings paper produced. Full stats (F/p/q/r), plus the MangaFlow manga-generation AI as the drawing-side counterpart.

CVE-2025-48595: Android Framework EoP, exploited, in CISA KEV (June 5 deadline)

Fri, 05 Jun 2026 04:17:01 GMT

Android 14–16/16-qpr2 patch CVE-2025-48595, a Framework integer-overflow EoP Google flags as under limited, targeted exploitation. In CISA KEV with a 2026-06-05 deadline. Includes the 06-01 vs 06-05 patch-level split.

Request smuggling vs request splitting in Spring Boot: what to check for each

Fri, 05 Jun 2026 04:16:22 GMT

Two CRLF-adjacent bugs, two different checks. Smuggling is a proxy↔Tomcat HTTP/1.1 framing mismatch (tomcat-embed-core version, CVE-2026-24880); splitting is CRLF in sendRedirect/setHeader/RestTemplate. With a grep checklist.

Hexer Minimal Toon Anima V1 vs Illustrious v3.1: base, folders, and license

Fri, 05 Jun 2026 04:15:38 GMT

Hexer Minimal Toon's new Anima V1 is a DiT checkpoint, not an SDXL one: 4.1GB bf16, separate VAE/text-encoder ComfyUI folders, Anima-only LoRA, and a non-commercial license the Civitai page doesn't show. What changes vs Illustrious v3.1 before you load it.

Character LoRA won't stand straight on Anima-Base: cut posed data, don't add it

Fri, 05 Jun 2026 03:00:00 GMT

On Anima-Base, my character LoRA bent its legs even on standing. Adding upright references didn't fix it; cutting 36 posed full-body images did. Subtract, don't add.

HTTP/2 Bomb: 5,700x Envoy, 4,000x Apache amplification via HPACK + flow control

Thu, 04 Jun 2026 06:36:25 GMT

100Mbps to 32GB via HPACK + flow control stall. Envoy 5,700:1, Apache 4,000:1. Patch status: nginx 1.29.8, mod_h2 v2.0.41, Envoy 1.35–1.38, IIS/Pingora unpatched.

Gemma 4 12B Unified: 35M linear projection replaces 150M 16-layer Vision Encoder

Thu, 04 Jun 2026 04:44:51 GMT

35M linear projection replaces E4B's 150M 16-layer Vision Encoder. Bidirectional attention in the 48-layer LLM absorbs patch features. Comparison with Fuyu, EVE, EVEv2, and Mono-InternVL.

Character LoRA on Anima-Base vs WAI-Anima: face fidelity up, intakes capped

Wed, 03 Jun 2026 04:00:00 GMT

Rebaked a WAI-Anima character LoRA onto upstream Anima-Base with off-distribution Gemini data. Trigger-only usable, face fidelity beats v1, intakes still cap out.

One LoRA on 6 Anima derivatives (M1 Max): trigger-only unstable, RDBT runs wild

Tue, 02 Jun 2026 04:14:51 GMT

Tested on M1 Max 64GB ComfyUI: one character LoRA across 6 Anima derivatives, same prompt/seed. Trigger-only never stabilizes, RDBT bolts to beast-ears, structure tags fix it.

Anima checkpoints: 20+ derivatives sorted by type and style, one LoRA fits all

Mon, 01 Jun 2026 10:13:23 GMT

Anima is a Cosmos-based DiT, not SDXL, so one Anima LoRA loads on every derivative checkpoint. 20+ CivitAI Anima models sorted by type, aesthetic, and prompt adherence.

TrapDoor: Rust build.rs, npm postinstall & PyPI imports steal crypto dev keys

Sun, 31 May 2026 07:12:35 GMT

TrapDoor planted 34 packages across npm, PyPI and Crates.io to steal Solana/Sui/Aptos wallet keys. Each registry fires differently: postinstall, import-time, and Rust build.rs.

SpaceX's $4.16B Golden Dome deal: SB-AMTI sensor satellites, not interceptors

Sat, 30 May 2026 13:18:05 GMT

SpaceX's $4.16B SB-AMTI award is a sensor layer for tracking airborne moving targets, not interceptors. AMTI vs GMTI, the SDN Backbone deal days earlier, and how Japan's defense constellation compares.

Microsoft Defender RedSun & UnDefend: actively exploited CVEs now in CISA KEV

Sat, 30 May 2026 13:17:54 GMT

RedSun (CVE-2026-41091) and UnDefend (CVE-2026-45498) are confirmed exploited and in CISA KEV. A patched Windows isn't enough: how to check your Defender engine 1.1.26040.8 / platform 4.18.26040.7.

VS Code Remote-SSH: a compromised host can run commands on your local terminal

Fri, 29 May 2026 11:24:36 GMT

Calif's Vibe Hacking: a compromised SSH host runs commands on your local terminal via VS Code/Cursor Remote-SSH. No CVE — Microsoft calls it by design. How to check and isolate instead.

Two Anima LoRAs in one image: side-by-side works, overlap breaks the design

Thu, 28 May 2026 16:01:25 GMT

Tested on M1 Max ComfyUI: two WAI-Anima character LoRAs in one image. Side-by-side works, but only non-overlapping inpaint keeps the design pixel-exact; Qwen-Image-Edit elongates the side ponytail even with training tags, and overlapping interaction poses jam at skeleton extraction.

KnowledgeDeliver CVE-2026-5426: shared machineKey, ViewState RCE, Cobalt Strike

Thu, 28 May 2026 04:30:41 GMT

CVE-2026-5426 zero-day: KnowledgeDeliver's shared ASP.NET machineKey → ViewState RCE → Godzilla in memory → Cobalt Strike via JS tampering. Hunting starts at Event ID 1316.

WAI-Anima LoRA trained on its own generations: ep20 sweet spot, 7.5x faster

Wed, 27 May 2026 14:50:00 GMT

WAI-Anima LoRA trained only on images the model itself made. Distribution shift drops to ~zero, so the sweet spot hits epoch 20 not 150 (7.5x faster). What the trigger bakes in vs what still needs tags, plus pose/angle control.