I fine tuned Gemma 4-31B for Copywriting & Creative Work
▲ 118 r/huggingface+1 crossposts

I fine tuned Gemma 4-31B for Copywriting & Creative Work

Hey everyone,

Wanted to share a project I've been working on: copywriter-gemma4-31b, a fine-tune of Gemma aimed specifically at copywriting tasks — headlines, product descriptions, ad copy, CTAs, and short marketing emails. Link: https://huggingface.co/akwin123/copywriter-gemma4-31b
GGUF:
https://huggingface.co/models?other=base_model:quantized:akwin123/copywriter-gemma4-31b

Why I built this

Most general-purpose LLMs are decent at copywriting but tend to default to generic, safe phrasing ("Elevate your experience," "Unlock the potential of..."). I wanted something smaller and cheaper to run that leans into punchier, more direct commercial writing without needing a huge model or heavy prompting gymnastics every time.

Training approach

  • Base model: Gemma 4 - 31B
  • Method: QLoRA
  • Data size: 93k (high quality)
  • Scored +290 points more than base model as per https://eqbench.com/

What worked

  • Style transfer was strong for short-form copy (headlines, CTAs) — noticeably punchier than base Gemma
  • Held up reasonably well on product categories it wasn't explicitly trained on
  • Inference is fast/cheap enough to run on [hardware], which was the whole point

Example output

Prompt: "Write a headline for a noise-cancelling headphone brand targeting remote workers"

Base Gemma: "Experience premium sound quality with our advanced noise-cancelling technology."

Fine-tuned: "Silence the chaos. Work like you're the only one in the room."

(Your mileage may vary obviously — cherry-picked example, not a guarantee.)

Open questions for the community

  • Anyone else fine-tuned small models for narrow commercial writing tasks? Curious how you handled the "generic tone" problem.
  • Is LoRA generally sufficient for style transfer like this, or does full fine-tuning meaningfully help for domain-specific voice?
  • Any recommended eval methods for copywriting quality beyond just vibes/manual review?

Happy to share more details on the dataset curation process or answer questions about the setup if it's useful to anyone attempting something similar.

u/NinjaAlaska — 4 days ago

My ISP is secretly intercepting my HTTPS!? But only on TLS 1.2. Took me 6 hours to figure out and I almost lost my mind

TL:DR: In short my ISP can see my encrypted information like Passwords, OTPs, card numbers, Cookies etc. easily which they are not supposed to -.-

Just burned 6 hours on this and need to dump it somewhere before I forget half of it.

Started off dumb. Claude Code AI and a couple of my Node.js apps suddenly started throwing SSL/cert errors out of nowhere. But Chrome? Totally fine, every site green padlock, no warnings. So naturally I assumed my PC was cooked. Reinstalled stuff, even ripped out Bitdefender AV thinking it was the culprit. Nothing changed.
Turns out my PC was never the problem. It's my ISP.

Here's the part that made me feel insane: (tech stuff)
Chrome works fine because it uses QUIC and TLS 1.3. My Node apps were breaking because they default to TLS 1.2. The second I forced TLS 1.2, the certs came back signed by some Fortinet CA instead of the real one (issuer literally says CN=redacted, O=Fortinet). Same site, same second — TLS 1.3 gives you the real cert, TLS 1.2 gives you a fake one. That's the whole bug.

So my ISP is running a FortiGate firewall doing SSL deep inspection — it decrypts your HTTPS and re-signs it with its own cert on the fly. But it only seems to bother with TLS 1.2 traffic. TLS 1.3 it just waves through, probably because it can't crack it. That's exactly why browsers look totally clean and only "older" apps blow up.Made sure it wasn't my own gear before going off about it:So basically anything I sent over TLS 1.2 on this line — logins, whatever — XYZ could've read in plaintext. I never installed their cert, never agreed to anything, no heads up, nothing.Couple questions for anyone who's been through this:If you want to check your own line: force a TLS 1.2 connection (openssl or PowerShell works) to any site and look at the cert issuer. If it says Fortinet or your ISP's name instead of the real CA, congrats, you're being inspected.

Note: ran a full deep scan on my Win 11 PC, it's clean. Android devices on the same wifi showed the exact same issue, and none of these devices show any problem on a different ISP or hotspot. So it's 100% on their end, not mine. I also asked AI to deep scan things and confirm.
Worst part , I can't connect to most VPNs right now, paid or free. Never had this issue before either. Privacy is now a bigger joke !?

Should i do a TRAI (GOV) complaint or for your ISP's support ticket? Idk how I will even explain this issue to Non Tech Support of ISP.

My ISP is #1 or #2 ISP in my State. Dont want to name it.

Question To Techy People: is there any thing else that can cause similar behaviour by chance?! I can confirm there is no virus or malware, I am a techy person & a computer engineer.

NOTE: Post formatted & edited by AI help.

reddit.com
u/NinjaAlaska — 6 days ago
▲ 602 r/india

My ISP is secretly intercepting my HTTPS!? But only on TLS 1.2. Took me 6 hours to figure out and I almost lost my mind

FINAL UPDATE:

1. No way to know if it was intentional MITM or an ISP misconfig — either way, on TLS 1.2 their FortiGate could read my traffic due to certain conditions explained below.

2. Some of my data leaked, partly my fault — an old Node.js setup forcing TLS 1.2 with SSL checks off (NODE_TLS_REJECT_UNAUTHORIZED=0) I set last year and forgot.

3. Browser users hit too — if you saw "Not private" and clicked "Proceed anyway," that site's data leaked (banks/Google use HSTS, so those were safe). I was safe from this but if other users would have clicked that, their data was assumed to be leaked I guess.

4. Chrome's SSL error came and went randomly = the interception was flipping on/off a lot, not constant intitally. Then it was always consistant on TLS 1.2 Only.

5. Lasted ~6 PM to till morning, then fixed itself — no complaint from me yet — so probably a config screwup they caught and reverted. (MTIM possiblity seems low, but like i said we will never know). Behaviour was itself like MITIM if a user ignores SSL request even my mistake.

How to stay safe:

  1. Never click "Proceed anyway" on a cert warning — that's the moment you leak. If a site says "Not private," stop right there please.
  2. Don't disable SSL checks and forget, a rookie mistake as a dev lol — audit for NODE_TLS_REJECT_UNAUTHORIZED=0, curl -k, --ignore-certificate-errors. That's what got me.
  3. Keep apps modern — TLS 1.3 (all current browsers/Node) slips past this kind of interception automatically.
  4. Sensitive stuff → mobile data or a VPN. (Standard VPNs may be DPI-blocked on such ISPs; a TLS-camouflaged proxy on 443 gets through.)
  5. Test your own line: force a TLS 1.2 connection and check the cert issuer — if it's not the real CA, you're being inspected or there is a misconfigure thats troublesome. (this is hard and techy part ignore if you are ordinary person, read point 1 only)
  6. If you were exposed (clicked through, or had SSL checks off): rotate those passwords/API keys and turn on app-based 2FA (TOTP, not SMS).

TL;DR: keep TLS 1.3, never bypass cert warnings, VPN/mobile for anything sensitive.

I have enough headache i am taking break now, this ans all of most questions now and what happened too. thansk guys for tips.

OLD STUFF and INCIDENT:

TL:DR: In short my ISP can see my encrypted information like Passwords, OTPs, card numbers, Cookies etc. easily which they are not supposed to -.-

Just burned 6 hours on this and need to dump it somewhere before I forget half of it.

Started off dumb. Claude Code AI and a couple of my Node.js apps suddenly started throwing SSL/cert errors out of nowhere. But Chrome? Totally fine, every site green padlock, no warnings. So naturally I assumed my PC was cooked. Reinstalled stuff, even ripped out Bitdefender AV thinking it was the culprit. Nothing changed.
Turns out my PC was never the problem. It's my ISP.

Here's the part that made me feel insane: (tech stuff)
Chrome works fine because it uses QUIC and TLS 1.3. My Node apps were breaking because they default to TLS 1.2. The second I forced TLS 1.2, the certs came back signed by some Fortinet CA instead of the real one (issuer literally says CN=redacted, O=Fortinet). Same site, same second — TLS 1.3 gives you the real cert, TLS 1.2 gives you a fake one. That's the whole bug.

So my ISP is running a FortiGate firewall doing SSL deep inspection — it decrypts your HTTPS and re-signs it with its own cert on the fly. But it only seems to bother with TLS 1.2 traffic. TLS 1.3 it just waves through, probably because it can't crack it. That's exactly why browsers look totally clean and only "older" apps blow up.Made sure it wasn't my own gear before going off about it:So basically anything I sent over TLS 1.2 on this line — logins, whatever — XYZ could've read in plaintext. I never installed their cert, never agreed to anything, no heads up, nothing.Couple questions for anyone who's been through this:If you want to check your own line: force a TLS 1.2 connection (openssl or PowerShell works) to any site and look at the cert issuer. If it says Fortinet or your ISP's name instead of the real CA, congrats, you're being inspected.

Note: ran a full deep scan on my Win 11 PC, it's clean. Android devices on the same wifi showed the exact same issue, and none of these devices show any problem on a different ISP or hotspot. So it's 100% on their end, not mine. I also asked AI to deep scan things and confirm.
Worst part , I can't connect to most VPNs right now, paid or free. Never had this issue before either. Privacy is now a bigger joke !?

Should i do a TRAI complaint or for your ISP's support ticket? Idk how I will even explain this issue to Non Tech Support of ISP.

My ISP is #1 or #2 ISP in my State. Dont want to name it.

Question To Techy People: is there any thing else that can cause similar behaviour by chance?! I can confirm there is no virus or malware, I am a techy person & a computer engineer.

NOTE: Post formatted & edited by AI help.

reddit.com
u/NinjaAlaska — 6 days ago

I am tired of BitDefender false positives - Better Alternative Please?

i am developer. I use lot of open source AI tools, and other safe tools.
Stupid bitdefender is flagging everything. at this point it thinks all nodejs tools are now unsafe. My system is clean i can tell myself i am not stupid.

please suggest me something better. or should i just use windows defender?! or some other free antivirus that is better?

EDIT: using bitdefender total plan. Paid one. I tried white listing as exceptions too, this is just absurdly stupid now

reddit.com
u/NinjaAlaska — 6 days ago

Use Stealth Playwright on real Android OS, Stop Using Desktop — free & open-source Playwright automation (Redroid + CDP)

Hey r/playwright 👋

I built the Playwright + Android + CDP framework everyone keeps recommending but nobody had free & open-source.

If you've ever run Playwright with a stealth plugin and still got flagged, you know the core problem: it's desktop Chromium faking mobile with viewport tricks and JS patches, and detection suites see through that fast.

What it is: Damru is a free, open-source browser-automation framework that runs Playwright on real Android (via Redroid — Android in Docker), instead of desktop Chromium pretending to be a phone. You drive it with the Playwright API you already know, but it executes on a genuine Android stack.

The key difference — zero JS injection: most stealth tools patch the browser from inside with Object.defineProperty-style JavaScript, which is brittle and detectable. Damru does its spoofing at the OS, binary, and CDP levels — so there's no injected JS fingerprint to catch.

Vs the usual stack (Playwright, puppeteer-stealth, undetected-chromedriver, Camoufox, fingerprint-chromium): those all harden a desktop browser. Damru takes the other road — a real Android environment — for a genuinely mobile fingerprint surface and far less reliance on brittle browser-side patches.

What's in it:

  • Android-in-Docker via Redroid + Playwright support
  • Zero-JS spoofing at the OS / binary / CDP level
  • 100+ built-in Android device profiles; CPU / RAM / touch-point hardware overrides
  • Proxy-aware timezone / locale / language matching
  • Mobile network emulation; WebRTC + IPv6 leak blocking; native iptables network protection
  • TLS spoofing
  • Multi-container pooling for scale + pre-baked images to cut setup time
  • Real HAL Sensors , etc.

Holds up against the suites that flag normal Playwright for mobile device — CreepJS, BrowserScan, Sannysoft, Cloudflare Turnstile, and the major CDN anti-bots — thanks to the real-Android approach. Ideal for stress-testing your own anti-bot stack and for fingerprinting research.

Pros: far harder to detect than desktop stealth setups for Mobile.
Cons: real Android = a bit slower since its a real android OS running in Docker.

Why I built it: I kept seeing posts recommending "just use Playwright + Android + CDP" — but no actual framework existed around it. So I made one.

Quick start:

pip install damru

Strictly for educational and research use — please don't use it for anything abusive or illegal. 100% Free to Use, no backed SaaS.

Repo: https://github.com/akwin1234/damru
Site / docs: https://damru.dev

Would love feedback from anyone doing browser automation, testing, or anti-bot research — what would make this genuinely useful to you?

u/NinjaAlaska — 15 days ago
▲ 40 r/privacy

If i remove Edge Not only Micorsoft Brings it back But also deletes Cookies of my chrome - How this is even fair? isnt this unethical? why would they touch my chrome?

At first I thought it was a system bug. But now I see it happen every time I remove Edge, not only does Microsoft bring it back, they also somehow reset my Chrome (i must not loose my chrome cookies). Another sign is they try to set Edge as the default browser, and the same action deletes my Chrome cookies. I don’t get why they would touch my Chrome. How bad do they have to be?

I switched to Linux, but I still need Windows for development. This is really annoying and I don’t know what to do. All my websites are logged out again, not a huge issue, but it’s painful to deal with. I’m pissed off. They don’t reset my Chrome often, but this is definitely the third time. -.-

I am not seeking tech support. I will deal with it, no biggie.
But this behaviour of edge deleting my chrome cookies while it reinstall itself and then it trying to set it as default, has any one else faced it? or only me?

I feel targetted because it resets only chrome + its main profile lol. Good thing it doesnt touches other chrome profiles

reddit.com
u/NinjaAlaska — 21 days ago
▲ 46 r/freesoftware+5 crossposts

New Free open-source Android automation for web scraping - Damru

Damru is a browser automation framework built around real Android environments in Docker for scraping and automation tasks where mobile behavior matters.

What sets it apart is that it’s not just another desktop browser with stealth patches. The project is built around zero JS injection, with spoofing handled at the OS, binary, and CDP levels instead of the usual JavaScript-heavy tricks used by many stealth tools.

Compared with tools like Playwrightpuppeteer-stealthundetected-chromedriverCamoufox, and Fingerprinting Chromium, Damru is trying to solve the problem differently: by running inside a real Android stack rather than faking mobile behavior on desktop Chrome. The idea is to get a more realistic mobile environment, stronger fingerprint control, and less reliance on brittle browser-side patches.

What makes it different:

  • Zero JS injection: Damru does spoofing at the OS, binary, and CDP levels instead of relying on Object.defineProperty-style JavaScript patches.
  • Real Android OS: It runs inside Redroid, so it’s not just desktop Chrome pretending to be mobile through viewport tricks.
  • Native mobile fingerprinting controls: device profiles, hardware overrides, locale/timezone matching, mobile network emulation, and WebRTC/IPv6 blocking.
  • Multi-instance pooling: built for scaling across multiple containers.
  • Pre-baked image support: reduces setup overhead.

Some of the features include:

  • Android-in-Docker via Redroid.
  • Playwright support.
  • A built-in database of 32+ Android device profiles.
  • Proxy-aware timezone, locale, and language matching.
  • Hardware overrides for CPU, RAM, and touch points.
  • Mobile network emulation.
  • WebRTC and IPv6 leak blocking.
  • Native Android iptables-based network protections.
  • Multi-container pooling for scale.
  • Pre-baked image support to reduce setup time.
  • TLS spoofing and soo many things

Also stronger against systems like CreepJS, BrowserScan, Sannysoft, Cloudflare Turnstile,etc ALL CDN anti-bots dont waana name them than standard Playwright or typical stealth plugins, mainly because of the deeper Android-based approach.

Pros: Highly UnDetectable
Cons: Real Android OS hence little slower. Hard to Use (thats why custom docker image included)

Repo: https://github.com/akwin1234/damru

Would love feedback from anyone who works on scraping, browser automation, or anti-bot research. I made this because i see many reddit post recommending Android Player

u/NinjaAlaska — 1 month ago
▲ 109 r/webscraping+1 crossposts

New Free open-source Android automation for web scraping - Damru

Hey r/webscraping, I’m sharing a free open-source project I’ve been building called Damru: https://github.com/akwin1234/damru

Damru is a browser automation framework built around real Android environments in Docker for scraping and automation tasks where mobile behavior matters.

What sets it apart is that it’s not just another desktop browser with stealth patches. The project is built around zero JS injection, with spoofing handled at the OS, binary, and CDP levels instead of the usual JavaScript-heavy tricks used by many stealth tools.

Compared with tools like Playwrightpuppeteer-stealthundetected-chromedriverCamoufox, and Fingerprinting Chromium, Damru is trying to solve the problem differently: by running inside a real Android stack rather than faking mobile behavior on desktop Chrome. The idea is to get a more realistic mobile environment, stronger fingerprint control, and less reliance on brittle browser-side patches.

What makes it different:

  • Zero JS injection: Damru does spoofing at the OS, binary, and CDP levels instead of relying on Object.defineProperty-style JavaScript patches.
  • Real Android OS: It runs inside Redroid, so it’s not just desktop Chrome pretending to be mobile through viewport tricks.
  • Native mobile fingerprinting controls: device profiles, hardware overrides, locale/timezone matching, mobile network emulation, and WebRTC/IPv6 blocking.
  • Multi-instance pooling: built for scaling across multiple containers.
  • Pre-baked image support: reduces setup overhead.

Some of the features include:

  • Android-in-Docker via Redroid.
  • Playwright support.
  • A built-in database of 32+ Android device profiles.
  • Proxy-aware timezone, locale, and language matching.
  • Hardware overrides for CPU, RAM, and touch points.
  • Mobile network emulation.
  • WebRTC and IPv6 leak blocking.
  • Native Android iptables-based network protections.
  • Multi-container pooling for scale.
  • Pre-baked image support to reduce setup time.
  • TLS spoofing and soo many things

Also stronger against systems like CreepJS, BrowserScan, Sannysoft, Cloudflare Turnstile,etc ALL CDN anti-bots dont waana name them than standard Playwright or typical stealth plugins, mainly because of the deeper Android-based approach.

Pros: Highly UnDetectable
Cons: Real Android OS hence little slower. Hard to Use (thats why custom docker image included)

Repo: https://github.com/akwin1234/damru

Would love feedback from anyone who works on scraping, browser automation, or anti-bot research. I made this because i see many reddit post recommending Android Playwright CDP but there was no framework around it. This is strictly for educational purpose only. Do not do legal abuse.

u/NinjaAlaska — 1 month ago