Factory.ai

Open-Source Wikis

/

Stable Diffusion WebUI

/

Fun facts

AUTOMATIC1111/stable-diffusion-webui

Fun facts

A small collection of trivia surfaced while writing the wiki. None of these change how the program works.

The project started on 4chan

The README still credits the project's seed:

Initial Gradio script — posted on 4chan by an Anonymous user. Thank you Anonymous user.

The very first git commit (71cf18b0 on 2022-08-22) is "Initial commit" with only a license file; the second, 3324f31e titled simply "first" by AUTOMATIC1111, contains a single ~600-line webui.py that already had txt2img, img2img, sampler dropdown and a Generate button. Everything else grew from there.

The two-letter problem

CODEOWNERS lists exactly one owner: @AUTOMATIC1111. Git history records two distinct author identities:

Author Commits
AUTOMATIC1111 2,255
AUTOMATIC 1,331

These are the same person — early commits used the shorter AUTOMATIC name string, switched to AUTOMATIC1111 around the time the GitHub account became prominent. Many off-the-shelf "top contributors" charts double-count this person. The git-blame-ignore-revs file at .git-blame-ignore-revs handles the much more boring problem of formatting-only commits.

"Cross Attention layer optimization" is a citation hall of fame

The README's credits section reads like a Stable Diffusion optimisation timeline:

  • Doggettx — original split-attention optimisation
  • InvokeAI / lstein — alternative split-attention path
  • Birch-san / AminRezaei0x443 — sub-quadratic attention
  • xFormers (FAIR) — memory-efficient attention CUDA kernels
  • PyTorch 2.x — built-in scaled dot-product attention

All five of these still ship as selectable options through the --opt-*-attention flags in modules/cmd_args.py; the dispatcher in modules/sd_hijack_optimizations.py picks the first compatible one if none is forced. Few open-source ML projects accumulate this many alternatives for the same primitive.

The longest source file is the X/Y/Z grid script

File Lines
modules/processing.py 1,792
modules/ui.py 1,235
modules/scripts.py 1,040
modules/sd_models.py 1,034
scripts/xyz_grid.py ~1,200

scripts/xyz_grid.py is technically a "user script" — it lives under scripts/ and could be deleted without breaking the boot flow — yet it's larger than most core modules. It contains its own type system (AxisOption, AxisOptionImg2Img, AxisOptionTxt2Img), a CSV parser, an axis-swap UI, and per-axis cleanup hooks. It is also the script most heavily relied on by tutorials and YouTube guides.

The TODO ratio is unusually low

A grep over modules/*.py for TODO, FIXME and HACK returns only 14 hits across 213 files (~0.07 per file). For comparison, projects of similar size typically have 0.5–2 such markers per file. The hits cluster in two areas:

  • modules/hat_model.py — five TODO: should probably be device_hat comments noting that the HAT upscaler shares device variables with ESRGAN.
  • modules/processing.py — one # HACK: Using introspection as the Depth2Image model doesn't appear to uniquely… next to a particularly load-bearing isinstance check.

There is exactly one # noqa: F401 re-export hack in launch.py — the entire file is just from modules import launch_utils re-exports preserved for backward compatibility with users who had pinned imports to launch.something().

The defunct flags

Several command-line flags are kept around as no-ops, with help strings that say so out loud. From modules/cmd_args.py:

parser.add_argument("--max-batch-count", type=int, default=16, help="does not do anything")
parser.add_argument("--always-batch-cond-uncond", action='store_true', help="does not do anything")
parser.add_argument("--unload-gfpgan", action='store_true', help="does not do anything.")
parser.add_argument("--ngrok-region", type=str, help="does not do anything.", default="")
parser.add_argument("--show-negative-prompt", action='store_true', help="does not do anything", default=False)
parser.add_argument("--deepdanbooru", action='store_true', help="does not do anything")

These exist to avoid breaking user scripts and webui-user.bat files that were pinned to old flags. The trailing periods in two of them ("does not do anything.") are an inadvertent style mismatch.

The CORS removal note

In webui.py right after shared.demo.launch(...) is one of the longer comments in the project:

gradio uses a very open CORS policy via app.user_middleware, which makes it possible for an attacker to trick the user into opening a malicious HTML page, which makes a request to the running web ui and do whatever the attacker wants, including installing an extension and running its code. We disable this here. Suggested by RyotaK.

This is the project's main browser-facing security mitigation. The fix is two lines:

app.user_middleware = [x for x in app.user_middleware if x.cls.__name__ != 'CORSMiddleware']

The credits section preserves "Security advice — RyotaK" in perpetuity.

"(You)"

The very last line in the README's credits:

  • (You)

It has been there since at least early 2023 and is, as far as we can tell, a 4chan greentext joke that became permanent.

Built by Factory AutoWiki from public repository content. It is a generated preview for codebase exploration, not source-maintained documentation.

Fun facts – Stable Diffusion WebUI wiki | Factory