Tweet épinglé
You know what this is really missing is multiplayer. This would make a great party game!
solst/ICE of Astarte@IceSolst
Adding an in-malware shop to buy upgrades Suggestions for items?
English
Daniel Cluff
4.5K posts
Daniel Cluff
@DanielCluff
Software Engineer, AI enthusiast, Anime enjoyer.
Lehi, UT Inscrit le Haziran 2011
236 Abonnements213 Abonnés
@petersteele They stopped being a software company and transitioned into a data mining one.
I’m not sad at all. It will be amusing to watch them fall apart.
English
@DanielCluff MicroSlop has really lost the ball here. I don't know wtf they are thinking but between windows 11 and github, its been a death spiral from the outside looking in.
English
🚨 Andrej Karpathy just explained the scariest thing happening in software right now..
someone poisoned a Python package that gets 97 million downloads a month.. and a simple pip install was enough to steal everything on your machine..
SSH keys.. AWS credentials.. crypto wallets.. database passwords.. git credentials.. shell history.. SSL private keys.. everything..
and here's the part that should terrify every developer alive..
the attack was only discovered because the attacker wrote sloppy code.. the malware used so much RAM that it crashed someone's computer.. if the attacker had been better at coding.. nobody would have noticed for weeks..
one developer.. using Cursor with an MCP plugin.. had litellm pulled in as a dependency they didn't even know about.. their machine crashed.. and that crash saved thousands of companies from getting their entire infrastructure stolen..
Karpathy's take is the real wake up call.. every time you install any package you're trusting every single dependency in its tree.. and any one of them could be poisoned..
vibe coding saved us this time.. the attacker vibe coded the attack and it was too sloppy to work quietly.. next time they won't make that mistake.
Andrej Karpathy@karpathy
Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.
English
@petersteele @DonShift3 If you shoot to maim was your life really in danger?
English
@DonShift3 If you fear for your life, minimizing potential harm is actually worse off for you, because you truly did not fear for your life. No different in a defensive shooting situation brandishing your gun to deter or to shoot to maim and not kill. Your ass will end up in jail.
English
An infographic reminder thread on avoiding situations like this, but first, some analysis. 🧵
Don't bluff. That forward/backwards thing she does? Ineffective. The crowd is accustomed to not being hit by cars, so they don't think she actually will. Each time she doesn't hit them, they assume she never will.
The high speed take off? Probably unnecessary. It would look better if she traveled at a low speed where the injury potential is lower. High speed can be construed as malicious intent. Going slow you can argue "I was in fear for my life but I did my best to minimize any potential injuries at my own risk." Also it allows people to get the heck out of the way or strengthens your defense if you do have to go fast.
She will need a good lawyer to argue why she thought she was in imminent danger. From THE VIDEO ALONE it just looks like a crowd of rowdy blacks that were kicking her car, not a lethal threat. They dindu nuffin' requiring a potentially lethal threat.
What will likely happen? Her insurance will payout the policy limits to the "victims" and she'll plead guilty to probably felony DUI in a plea bargain, but avoid any attempted murder/manslaughter nonsense. Moral of the story? Don't drink and drive and avoid large groups of black people.
AmericanPapaBear™@AmericaPapaBear
BREAKING: This is the chaotic scene where 20-year-old Kaydence Carpenter allegedly drove her Tesla into a crowd that was surrounding her car in Lexington, Kentucky early Sunday morning. Reports are that she injured 4 people. She faces 4 counts of second-degree assault, DUI and reckless driving. Many responses think what she did was warranted.
English
@VictoriqueM @adelheidx333 I peaked at 13 it has only been downhill since then
English
@adelheidx333 are 13 year olds even intelligent enough and have the attention span to read Umineko?
English
Come take a small trip down Nostalgia lane with me.
Showing off 2 of the most iconic games for me.
What team are you on?
Team Halo or Team Oregon Trail?
English
I promise this relates to RAM
(you'll find out in my next video)
English
It’s so beautiful outside today. The temptation to touch grass is extremely high.
English
@promptprincess No one DMs me so it must be working as intended
English
@MelonTeee Just wait until you see what the government does with your money
English
@jamonholmgren @joshmanders Congratulations Jamon! That is quite the accomplishment!
English
So. Uh.
I did a thing.
This is my game.
MicroProse@micro_prose
🚁 The rotors are spinning… and a new mission begins. Gunship: Origins is officially coming, published by MicroProse! Take the pilot seat in iconic helicopters, plan your approach, and strike across dynamic battlefields - solo or in co-op with up to 8 players. Fly low, hit hard, and lead your flight to victory. 🔥 Dynamic missions 🎖 Career progression 👥 Co-op multiplayer 🌍 Real-world terrain This is your call to the cockpit. 👉 Wishlist now on Steam and don’t miss takeoff: store.steampowered.com/app/4055780/Gu…
English