admin 发布的文章

WEB端是限制设备数量(浏览器指纹判断)的,需要<=3。
也就是说同一台电脑Chrome+Chrome(隐私模式)+Edge,就够了3个了,再多开就不行了。

API里面,有几个很有用的选项,
"id":"635fcb52cc57190bd8826d09","name":"排除蜜罐",
"id":"635fcbaacc57190bd8826d0b","name":"排除CDN",
"id":"63734bfa9c27d4249ca7261c","name":"过滤无效请求",
加上这几个能过滤掉很多垃圾数据。

还有过滤掉黑洞数据。即,开放过多端口的垃圾IP。按360开发人员说法是300个端口以上,就定义为黑洞。
排除方法是:

AND NOT app:"扫描黑洞"

还有就是加上“最新数据”,写法是:

"latest":true,

基本上加上这几条。能过滤一大半的数据。

响应页面包含XXX,写法:

response:"xxxx" 

https://owasp.org/www-project-top-10-for-large-language-model-applications/
最新都出到1.1版本了。

OWASP Top 10 for Large Language Model Applications version 1.1
LLM01: Prompt Injection
Manipulating LLMs via crafted inputs can lead to unauthorized access, data breaches, and compromised decision-making.

LLM02: Insecure Output Handling
Neglecting to validate LLM outputs may lead to downstream security exploits, including code execution that compromises systems and exposes data.

LLM03: Training Data Poisoning
Tampered training data can impair LLM models leading to responses that may compromise security, accuracy, or ethical behavior.

LLM04: Model Denial of Service
Overloading LLMs with resource-heavy operations can cause service disruptions and increased costs.

LLM05: Supply Chain Vulnerabilities
Depending upon compromised components, services or datasets undermine system integrity, causing data breaches and system failures.

LLM06: Sensitive Information Disclosure
Failure to protect against disclosure of sensitive information in LLM outputs can result in legal consequences or a loss of competitive advantage.

LLM07: Insecure Plugin Design
LLM plugins processing untrusted inputs and having insufficient access control risk severe exploits like remote code execution.

LLM08: Excessive Agency
Granting LLMs unchecked autonomy to take action can lead to unintended consequences, jeopardizing reliability, privacy, and trust.

LLM09: Overreliance
Failing to critically assess LLM outputs can lead to compromised decision making, security vulnerabilities, and legal liabilities.

LLM10: Model Theft
Unauthorized access to proprietary large language models risks theft, competitive advantage, and dissemination of sensitive information.

装docker 的时候报错:

debconf: unable to initialize frontend: Dialog
debconf: (No usable dialog-like program is installed, so the dialog based frontend cannot be used. at /usr/share/perl5/Debconf/FrontEnd/Dialog.pm line 78.)
debconf: falling back to frontend: Readline

需要安装dialog。提示中提到的Dialog其实是一个可视化工具的名称。Dialog工具提供了在Shell中使用对话框的方式展示各类问题、信息的方式,这些问题包括Yes/No选项、菜单、文本框、单选框、复选框等等。换句话说,安装MySQL时提示设定的管理员密码;安装Postfix时要求输入的Hostname;选定时区的时区选择框等等都是由Dialog工具实现的。

解决方法:

apt-get install dialog

FROM:
https://www.kaijia.me/2015/09/unable-to-initialize-frontend-dialog-issue-solved/

这个应用需要进去先执行

./occ maps:scan-photos

以扫描已经存在的照片,主要是读取EXIF中的位置信息。
但是需要以config/config.php的属主用户身份来执行。
su www-data的时候,无法切换到www-data用户。
执行:

su -l www-data -s /bin/bash

即可