Javier Tobal

Mark Zuckerberg just described the death of human connection on the internet and no one flinched. One sentence. Fifteen years of erosion in twelve words. Mark Zuckerberg: “Social media started out as people primarily interacting with their friends. And now… at least half of the content is basically people interacting with creators.” You used to open your phone to see what your friends were doing. Now you open it to watch strangers. You did not choose this. The algorithm chose it for you. It tested your friends against optimized strangers. Your friends lost. Every time. A stranger with better lighting, better timing, and a better hook held your attention three seconds longer than someone who loves you. So the algorithm buried your best friend’s wedding photos under a cooking video from someone in Dubai you have never met. And you watched the cooking video. That was the first replacement. Friends for strangers. You barely noticed. The second one is already underway. If the algorithm already proved strangers outperform your real relationships, and AI can now build a stranger more engaging than any human alive, the math finishes itself. The AI does not have a bad week. It does not post something careless and lose the algorithm’s favor. It does not burn out. Every word calibrated. Every frame tuned. Every pause placed at the exact interval that keeps your thumb from moving. A human creator competing against that is carving stone tablets in a world that just built the printing press. The economics are not even close. A person needs rent, sleep, and motivation. The machine needs electricity. When the cost of generating perfect content hits zero, the feed fills with faces that do not exist. Voices that feel familiar. Opinions that mirror yours just enough to feel like trust. Personalities built from scratch to feel like someone you have known for years. You will not know when the switch happens. That is the point. The feed does not care whether the thing holding your attention has a pulse. It cares whether you stay. And a machine that knows your patterns better than you know yourself will always keep you longer than a person ever could. This is not a warning. Half of it already happened. You lost your friends to strangers and did not notice. You will lose the strangers to machines and call them friends. Somewhere in a different app, in a different tab, in a room you are sitting in right now, someone who actually knows you is living a moment you will never see. Not because they stopped sharing it. Because you stopped being where it was.

Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.

POKÉMON GO PLAYERS TRAINED 30 BILLION IMAGE AI MAP Niantic says photos and scans collected through Pokémon Go and its AR apps have produced a massive dataset of more than 30 billion real-world images. The company is now using that data to power visual navigation for delivery robots, letting them identify exact locations on city streets without relying on GPS. Source: NewsForce

stereotypical programmers by language, according to AI