by sdrinf on 7/27/24, 12:57 PM with 0 comments
There is this awesome desktop app called chatbox: https://chatboxai.app/ <- which I've been using for about 3 months now; essentially, it's a desktop front-end for chatgpt API with very good local search across all previous conversations. Two red flags:
* 1, https://github.com/Bin-Huang the author is Chinese, from China, working at Tencent.
* 2, As many other desktop apps, this also auto-updates; however:
* https://github.com/Bin-Huang/chatbox/issues/803 he had, essentially, started distributing binary-only updates, and the source code on github no longer reflects the actual app that is automatically downloaded to my computer
This is sus. How sus is it. Specifically: the attack vector I'm querying for is supply-chain attack via the auto-update mechanism. This thing has 20K stars on github, and around ~250K visits on their website (15% of this from the US = ~36K US visits per month;) probably predominantly devs. This is a very juicy target.
(Alternatively, and instant-upvote: looking for a desktop frontend for chatgpt API which has built-in full-text search for 2mb of plaintext, and integration for the full suite of LLMs currently available on the market, from a reliable source, for windows please.)