←back to thread

Bypass DeepSeek censorship by speaking in hex

(substack.com)
755 points MedadNewman | 1 comments | 31 Jan 25 19:41 UTC | HN request time: 0s | source
Show context
lxe ◴[31 Jan 25 20:13 UTC] No.42891381[source]
You can also intercept the xhr response which would still stop generation, but the UI won't update, revelaing the thoughts that lead to the content filter:

    const filter = t => t?.split('\n').filter(l => !l.includes('content_filter')).join('\n');

    ['response', 'responseText'].forEach(prop => {
      const orig = Object.getOwnPropertyDescriptor(XMLHttpRequest.prototype, prop);
      Object.defineProperty(XMLHttpRequest.prototype, prop, {
        get: function() { return filter(orig.get.call(this)); }
      });
    });
Paste the above in the browser console ^
replies(2): >>42891427 #>>42891516 #
noman-land ◴[31 Jan 25 20:17 UTC] No.42891427[source]
This is why javascript is so fun.
replies(1): >>42891685 #
dylan604 ◴[31 Jan 25 20:39 UTC] No.42891685[source]
It's precisely why I'm a such an advocate of server side everything. JS is fun to update the DOM (which is what it was designed for), but manipulating data client side in JS is absolutely bat shit crazy.
replies(3): >>42892008 #>>42892324 #>>42893011 #
atomicnumber3 ◴[31 Jan 25 21:07 UTC] No.42892008[source]
I wish js (and, really, "html/css/js/browser as a desktop application engine) wasn't so bad. I was born into a clan writing desktop apps in Swing, and while I know why the browser won, Swing (and all the other non-browser desktop app frameworks/toolkits) are just such a fundamentally better paradigm for handling data. It lets you pick what happens client-side and server-side based more on what intrinsically makes sense (let clients handle "view"-layer processing, let servers own distributed application state coordination).

In JS-land, you're right. You should basically do as little as is humanly possible in the view layer, which imo leads to a proliferation of extra network calls and weirdly-shaped backend responses.

replies(2): >>42892065 #>>42896679 #
teeth-gnasher ◴[31 Jan 25 21:11 UTC] No.42892065[source]
The need to manage data access on the server does not go away when you stop using javascript. Is there something specifically about Swing that somehow provides proper access control, or is it simply the case that it is slightly more work to circumvent the front end when it doesn’t ship with built in dev tools?
replies(2): >>42892120 #>>42912330 #
dylan604 ◴[31 Jan 25 21:16 UTC] No.42892120[source]
The built-in dev tools is the key thing. If there was no way for the client to manipulate things, it wouldn't be too far off from other local apps. Reversing is always going to be a threat vector, but the low bar to entry of using the dev tools makes it a non-starter for me.

If using Ghirdra was as simple as using the dev tools, the software industry would collapse.

replies(2): >>42892455 #>>42896690 #
1. wiseowise ◴[01 Feb 25 07:54 UTC] No.42896690{4}[source]
Oh, wow. So you’re one of those. Disregard what I said in previous comment.