Make the most out of AI with Fabric
For setting up the Go version of Fabric, visit https://blog.dirgosalga.com/just-dropped-fabric-2-0/
Introduction
What is Fabric?
fabric is an open-source framework for augmenting humans using AI. It provides a modular framework for solving specific problems using a crowdsourced set of AI prompts that can be used anywhere.
https://github.com/danielmiessler/fabric
Fabric is a collection of tools aimed at facilitating clear communication with large language models (LLMs) to achieve optimal results. The project focuses on gathering a set of meticulously crafted prompts that accomplish specific tasks. These collections of prompts are referred to as patterns, which are intended to integrate into your daily life, optimizing the outcomes you achieve when interacting with artificial intelligences (AIs) like ChatGPT. For instance, you could implement a pattern that extracts the most interesting parts of a YouTube video or podcast, or a pattern that rates the content you wish to consume, helping you decide what is worth your time.
Setting up Fabric
Fabric is a Python application and can be run on Windows, Linux, and Mac. I will guide you through the setup process.
As of the writing of this post, the entire project is expected to migrate to Go, which will simplify installation and enhance performance. I will provide another guide once that migration is released.
Install Python
Fabric requires Python version 3.10 or higher. I will guide you through the installation process for Windows and Mac. Most Linux distributions should already have Python 3 pre-installed.
Mac: On Mac, I recommend installing a popular package manager for macOS called Homebrew (https://brew.sh/). To install it, run this line of code in your terminal:
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"Follow the instructions provided by the installer. Once completed, you can install Python by running the following command:
brew install pythonFinally, check the installation by running
python3 --versionWindows: For setting up Fabric on Windows, I recommend using the Windows Subsystem for Linux (WSL). To install WSL, open PowerShell as an Administrator and run the following command:
wsl --installAfter installing the necessary Windows components, you will need to restart your computer. Once restarted, you can find the Linux distribution you would like to run using the Microsoft Store. If you prefer using the terminal, you can run the following command to get a list of all available distributions:
wsl --list --onlineFor this guide, I will use Ubuntu 24.04, so I will install it with this command:
wsl --install Ubuntu-24.04After the initial setup, you should be ready to go! Python should already be pre-installed. Verify by running this command:
python3 --versionClone the Fabric Repository
- Start by opening a terminal window on your system.
Navigate to the Fabric Directory: After cloning, navigate into the newly created fabric directory:
cd fabricUse the following command to clone the Fabric repository from GitHub:
git clone https://github.com/danielmiessler/fabric.gitIf you are on macOS and Git is not installed yet, use the following command to install Git:
brew install gitNavigate to the directory where you want to clone the Fabric repository. For example:
cd /home/dirgosalga/projects/Install Fabric Using pipx
- Install pipx:
- On Linux or WSL, use:
sudo apt install pipx- On macOS, you can install pipx using Homebrew:
brew install pipx- Install Fabric: Once pipx is installed, use it to install Fabric:
pipx install .- On Linux or WSL, use:
sudo apt install pipx- On macOS, you can install pipx using Homebrew:
brew install pipxGetting the API keys
Before proceeding with the configuration of Fabric, you should obtain two crucial components for setting it up.
- OpenAI API key:
- Navigate to https://platform.openai.com/login?launch and log in.
- If you haven't done so already, you will need to set up a billing method to use the OpenAI API. For that, open this link: https://platform.openai.com/settings/organization/billing/overview
- Go to your dashboard and create a new API key (https://platform.openai.com/api-keys). Make a note of the API key, as it will only be displayed once.
- YouTube API key:
- Sign in to Google Developers Console (https://console.cloud.google.com/)
- Create a new project.
- From your new project search for APIs & Services.
- Go to Library.
- Search for YouTube Data API v3 and enable it.
- Once you have enabled the YouTube API, return to APIs & Services and navigate to Credentials.
- Create a new API key by clicking on Create Credentials.
If you want, you can integrate Fabric with other APIs, such as Claude, Google, or Whisper. However, I recommend obtaining at least the OpenAI and YouTube API keys.
Set Up Fabric:
Before running the setup wizard, ensure that ffmpeg is installed.
sudo apt install ffmpegRun the setup command to configure Fabric:
fabric --setupInput the information asked during the setup. If you don’t have an certain API key, you can simply leave it empty. Once completed, you can reload your terminal (for example, by closing everything and starting a new terminal session).
Verify Installation
To ensure that Fabric is installed correctly, run:
fabric --helpThis command should display the available options and confirm that the installation was successful.
Finally, specify which OpenAI model you want to use as the default. I want to use the latest version of the GPT-4o-mini model, so I will run the following command:
fabric --changeDefaultModel gpt-4o-mini-2024-07-18Testing Fabric
To test that everything is working properly, let’s run the extract wisdom pattern on a Youtube video.
- Find a video on YouTube you want to run the pattern on and copy its link. I will use John Savill’s video on Protecting Against Credential and Token Theft.
Running that pattern on that video yields this result in my case:
# SUMMARY
John Savill discusses credential and token theft, exploring protective measures and authentication strategies to safeguard users and organizations.
# IDEAS:
- Credential theft can occur through various attacks, including phishing and malware on devices.
- Multi-factor authentication (MFA) can enhance security but is still vulnerable to phishing attacks.
- Passwordless authentication methods, like passkeys, provide stronger security by requiring proximity.
- Conditional access policies can enforce specific authentication strengths for accessing resources.
- User education is crucial in preventing phishing attacks and understanding security risks.
- Scanning incoming emails for malicious links can help protect users from phishing attempts.
- Network appliances can restrict access to potentially harmful websites and content.
- Continuous access evaluation can revoke tokens based on user risk or network location changes.
- Token binding ensures that tokens are tied to specific devices, enhancing security against theft.
- Microsoft’s token broker manages refresh tokens and access tokens securely for applications.
- The primary refresh token is valid for 14 days and can automatically refresh with usage.
- Asymmetric key pairs are created during device registration to enhance security.
- The Trusted Platform Module (TPM) stores cryptographic keys securely on devices.
- User actions, like registering new MFA methods, can be restricted to compliant devices only.
- Education through phishing simulations can reinforce user awareness of security threats.
- Microsoft Defender for Endpoint helps detect and remove malware from devices effectively.
# INSIGHTS:
- Strong authentication methods significantly reduce the risk of credential theft in organizations.
- User education and awareness are essential components of a comprehensive security strategy.
- Token binding provides an additional layer of security by linking tokens to specific devices.
- Continuous monitoring and evaluation of user risk can help mitigate potential security breaches.
- Implementing conditional access policies enhances overall security by enforcing compliance requirements.
# QUOTES:
- "I want to talk about credential and token theft and some of the things we can do."
- "We often hear about attacker or adversary in the middle."
- "What we really want to be doing is leveraging conditional access."
- "The whole point here is now that bad actor they're very sad."
- "I could say hey to actually perform that MFA registration of a new strong authentication method."
- "We have the internet over here and maybe they got some bad link."
- "The best defense honestly is to not let it get on the machine at all."
- "If I jump over and I go and look at my Global secure access."
- "The primary refresh token is valid for 14 days."
- "Token binding ensures that tokens are tied to specific devices."
- "User education is crucial in preventing phishing attacks."
- "Microsoft Defender for Endpoint helps detect and remove malware from devices effectively."
- "Continuous access evaluation can revoke tokens based on user risk."
- "I want the strong authentication in the first place to stop credential theft."
- "If I'm writing my own app use the msal and it will future proof you."
- "We think layers; I think I want the strong authentication."
# HABITS:
- Regularly educate users about phishing tactics and security best practices.
- Implement strong authentication methods, such as passwordless options or MFA.
- Use conditional access policies to enforce compliance for accessing resources.
- Monitor user risk continuously to detect potential security threats early.
- Utilize Microsoft Defender for Endpoint to protect devices from malware.
# FACTS:
- Phishing attacks often target users through email links or attachments.
- The Trusted Platform Module (TPM) enhances device security by storing cryptographic keys.
- Primary refresh tokens are valid for 14 days and can refresh automatically.
- Continuous access evaluation ties into conditional access policies for enhanced security.
- Token binding links tokens to specific devices, preventing unauthorized use.
# REFERENCES:
- Microsoft Defender for Endpoint
- Microsoft Authentication Library (MSAL)
- Office 365 Defender
- Entra ID
- Azure Firewall
# ONE-SENTENCE TAKEAWAY
Implementing strong authentication methods and user education is essential to prevent credential and token theft.
# RECOMMENDATIONS:
- Educate users regularly about phishing threats and how to recognize them effectively.
- Implement passwordless authentication methods to enhance security against credential theft.
- Use conditional access policies to enforce compliance for accessing sensitive resources.
- Monitor user behavior continuously to detect anomalies that may indicate security breaches.
- Leverage Microsoft Defender tools to protect devices from malware and other threats.On the terminal run the following command:
yt "https://www.youtube.com/watch?v=toytJf1rmV4" | fabric --stream --pattern extract_wisdomWhat happens here is that first, the yt command transcribes the audio of the video using the YouTube API. The generated text is then given to Fabric and used as input for the extract wisdom pattern.
Familiarize yourself with the available patterns; read about their prompts and expected outcomes. If you have a specific task you'd like to execute with an LLM and Fabric, you can design your own patterns (hint: there is a pattern for creating patterns called create_pattern).
Conclusion
You should now have a working instance of Fabric connected to an LLM of your choice (OpenAI if you followed along). I will continue testing and exploring ways to integrate this tool into my life and documenting my journey, so stay tuned.