🏳️‍🌈 That Pup Crash! 🐾

yeah And i don't just go and `echo "eval $(random-brew-package init)" >> .zshrc` fucking everywhere i go so i guess im Old now.

@Safeway The only way someone could've thought this was the answer is if they have only ever used a car or a delivery option to buy their groceries. Like, if that would've solved the problem… doncha think people would've just started carrying the bags by their undersides?

I cannot describe how completely regressive and stupid @Safeway's decision was. Last night I bought a couple of glass water bottles, two boxes of cereal, potato chips, ice cream, and a gallon of milk. Three bags. I needed to call an Uber. it added 20% to the overall cost.

Apparently @Safeway has gone all-paper bags... And apparently they were getting a lot of complaints about the handles breaking since they made that change... Their fix is quite possibly the most sociopathic move they could've made. No more handles! Good luck carrying 3 home!

@feross @karpathy @rmhrisk As well as within the adage "Don't fix what's not broken." Supply chain attacks now represent a far larger share of in-wild exploits than doscovered vulnerabilities. You're much more likely to be hacked during `npm update` than at any other point in your workflow

@feross @karpathy @rmhrisk I, personally, find much value in (CHANGELOG|RELEASE_NOTES).md

Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.

Vendor. Your. CI/CD pipeline.

If you're holding a gala and giving it the theme "18 and Thriving" then it had better be either *deeply* ironic or ****deeply**** rooted in some doctor giving you a life expectancy of 8.

These fucking readmes 😒

yeah And i don't just go and `echo "eval $(random-brew-package init)" >> .zshrc` fucking everywhere i go so i guess im Old now.

@feross @karpathy @rmhrisk Pinning & Vendoring your deps is cheaper

@karpathy @rmhrisk We've been warning about this problem since 2020. Socket Firewall is one good solution. socket.dev/blog/introduci…

Every day, I get more and more excited for the moment when @karpathy accidentally makes that same discovery OpenAI made all the way back in Oh-We-Didn't-Know-How-Good-We-Had-It 2016 openai.com/index/faulty-r…

@ripblackmamba I'm sorry about your crumpled playboy woes, but you don't know a damn thing about what you're panicking over. "Chemical brain-rape on tap" is the epitome of overstatement

@ripblackmamba Listen, roid rage, millions of midwestern American guys my age had the internet when we were in middle school, and if they were anything like me, they became functional adults with respectable jobs despite jacking off, almost nightly, to all the smut that was fit to torrent.

Young men don’t need that much help to catch up to women in America, they just need a ban on porn and you’ll see the identity of men return from the pitfalls of nihilistic hell

@TukiFromKL Like, really take a step back and think of the bigger the ramifications are, of the bright shining Oh the Places AI'll Go future you're describing. Try to imagine what the economy where 15 out of every 20 people have no job, & no chance of finding one, looks like.

@TukiFromKL 😐. Hey. …so that 26% of all people, who are in a position of being able to ask "how to cut costs"… …(or really, the 5% who are in that position & the 21% who think they are)… After they've cut the costs… what's the job landscape look like? What % of people … can eat?

🚨Do you understand how irrelevant your opinion is? AI has 26% favorability. Lower than ICE. And it's already taking your job. Imagine how much it won't care about your opinion when it hits 100% capability. It doesn't need you to like it. It just needs your boss to Google "how to cut costs." That's it. That's the whole poll that matters. You know what else had low favorability? > The internet in 1995. > Smartphones in 2007. > Social media in 2010. Every technology that changed the world was hated before it was normalized. The 74% who don't like AI aren't going to stop it.. They're just going to be the last ones to adapt. And by then the early adopters will be the ones hiring. And the haters will be the ones applying. Poll this in 3 years. It'll be 80% favorable, because the economy doesn't run on feelings... It runs on margins. And you just became one. 💀

@CyberdyneC You appear to be looking at it from the point of view that they actually believe they're MA Great A when you should honestly stop and briefly entertain the notion that they might be fully aware their actions hamstring the country & are setting it up to be brutally knocked down.

I've been wondering recently: is this the first postrat government? Certainly it is not guided by reason and metrics, as modernist rationalist governments used to be, and there's little pretense at moral authority, as with postmodern relativist governments that dominate the west

@politicalmath Do you not love the plan 😶

so is the plan to just kind of casually watch as a company grows human brains in a lab and forces them to perform tasks with no ethical or legal guardrails on the project?

Well Twitter says I can't be horny on here anymore so i guess im back to writing tweets that nobody ever reads but end up being pure 🔥 when it turns out I Was Right All Along But Now It's Too Late To Do Anything About It

@TukiFromKL Dude's just trying to short the Kalshi markets, come on

🚨 This man owns the brain chips, the robots, the rockets, and the AI company. And he just said AGI, an AI smarter than every human on earth arrives this year. Not "in a decade." This year. 2026 > AI favorability is 26% and CEOs are buying it anyway That's with the DUMB AI. AGI is the one that doesn't need your prompt. It thinks for itself. It reasons. It learns. It doesn't sleep and it costs less than your lunch. And the guy building it also owns a company that puts chips in people's brains. Connect the dots. Or don't. They'll connect themselves. 💀