There has been some excitement over the last week or two around the new model in the Qwen series by Alibaba. Qwen Image is a 20B parameter — that’s 3 billion more than HiDream — MMDiT (Multimodal Diffusion Transformer) model, open-sourced under the Apache 2.0 license.
As well as the features of the core model it also uses the Qwen2.5-VL LLM for text encoding and has a specialised VAE (Variational Autoencoder). It supposedly can render readable, multilingual text in much longer forms than previous models and the VAE is trained to preserve small fonts, text edges and layout. Using Qwen2.5-VL as the text encoder should mean better language, vision and context understanding.
… These improvements come at a cost: size. The full BF16 model is 40GB in size, with the FP16 version of the text encoder coming in at an additional 16GB. FP8 versions are more reasonable at 20GB for the model and 9GB for the text encoder. If those sizes are still too large for your set up, then there are distilled versions available from links on the ComfyUI guide. City96 has also created various GGUF versions available for download from Hugging Face. — Read More
Daily Archives: October 28, 2025
Why IP address truncation fails at anonymization
You’ve probably seen it in analytics dashboards, server logs, or privacy documentation: IP addresses with their last octet zeroed out. 192.168.1.42 becomes 192.168.1.0. For IPv6, maybe the last 64 or 80 bits are stripped. This practice is widespread, often promoted as “GDPR-compliant pseudonymization,” and implemented by major analytics platforms, log aggregation services, and web servers worldwide.
There’s just one problem: truncated IP addresses are still personal data under GDPR.
If you’re using IP address truncation thinking it makes data “anonymous” or “non-personal,” you’re creating a false sense of security. European data protection authorities, including the French CNIL, Italian Garante, and Austrian DPA, have repeatedly ruled that truncated IPs remain personal data, especially when combined with other information.
This is a fundamental misunderstanding of what constitutes effective anonymization. — Read More
Introducing vibe coding in Google AI Studio
We’ve been building a better foundation for AI Studio, and this week we introduced a totally new AI powered vibe coding experience in Google AI Studio. This redesigned experience is meant to take you from prompt to working AI app in minutes without you having to juggle with API keys, or figuring out how to tie models together. — Read More
Stress-testing model specs reveals character differences among language models
We generate over 300,000 user queries that trade-off value-based principles in model specifications. Under these scenarios, we observe distinct value prioritization and behavior patterns in frontier models from Anthropic, OpenAI, Google DeepMind and xAI. Our experiments also uncovered thousands of cases of direct contradictions or interpretive ambiguities within the model spec. — Read More
Paper
Maximizing the Value of Indicators of Compromise and Reimagining Their Role in Modern Detection
Have we become so focused on TTPs that we’ve dismissed the value at the bottom of the pyramid? This post explores what role IOC’s have in a modern detection program if any, and what the future may look like for them.
You’d be hard-pressed to find a detection engineer who doesn’t know the Pyramid of Pain[1]. It, along with MITRE ATT&CK[2], really solidified the argument for prioritizing behavioral detections. I know I’ve used it to make that exact point many times.
Lately, though, I’ve wondered if we’ve pushed its lesson too far. Have we become so focused on TTPs that we’ve dismissed the value at the bottom of the pyramid? The firehose of indicators is a daily reality, and it’s time our detection strategies caught up by exploring a more pragmatic approach to their effectiveness, their nuances, and how to get the most value out of the time we are required to spend on them. — Read More
Rick's Cafe AI 