@D321068957 @EYakoby This is a single aram... Covering a large area since Iran fires cluster bombs
English
Max Brin
431 posts
Iranian Ballistic Missile launches:
Day 1 — 350
Day 2 — 175
Day 3 — 120
Day 4 — 50
Day 5 — 40
Day 6 — 32
Day 7 — 28
Day 8 — 15
Day 31 — 3
They’re running out of missiles and launchers.
English
@Grainsburger @EYakoby All of these are alarm areas, and this is a screenshot of a single alarm. The initial polygon (estimated coverage area) is wide, especially when Iran shoots cluster missiles. So this maps shows where the alarm went off for a single missile. That's it. It's very common nowadays.
English
Max Brin retweetledi
Max Brin retweetledi
Max Brin retweetledi
Max Brin retweetledi
אוקי אפשר להכנס לפאניקה.
התפרסם היום מאמר של חברת מחשוב קוונטי חדשה: הם מראים שאפשר לפרוק עקומים אליפטים עם 10 אלף אטומים קרים.
זה משוגע. כבר יש מערכות בעולם עם 3000 אטומים.
וזה לא סתם חבר׳ה מהרחוב, זה קבוצה של אולסטרים, כולל פרסקיל.
אני ממש משתדל לא להפיץ סתם פאניקה, אבל>>
עברית
Max Brin retweetledi
🚨 397 billion parameters. On a MacBook. No cloud. No GPU cluster. No data center. A laptop.
Someone ran one of the largest AI models on Earth on a machine you can buy at the Apple Store.
It's called flash-moe.
A pure C and Metal inference engine that runs Qwen3.5-397B on a MacBook Pro with 48GB RAM. At 4.4 tokens per second. With tool calling.
No Python. No PyTorch. No frameworks. Just raw C and hand-tuned Metal shaders.
Here's why this should not be possible:
→ The model is 209GB. The laptop has 48GB of RAM.
→ It streams the entire model from the SSD in real time
→ Only loads the 4 experts needed per token out of 512
→ Uses just 5.5GB of actual memory during inference
→ Production-quality output with full tool calling
→ 58 experiments. Hand-optimized Metal compute kernels.
→ The entire engine is ~7,000 lines of C and ~1,200 lines of Metal shaders
Here's the wildest part:
One person built this. A VP of AI at CVS Health. Not Google. Not OpenAI. A healthcare company executive. Side project. Used Claude Code as his coding partner. Built the entire engine in 24 hours.
Running a 397B model on cloud GPUs costs hundreds of dollars per hour. Companies spend millions per year on inference infrastructure for models this size.
This runs on a $3,499 laptop. Offline. Private. No API key. No monthly bill. Forever.
Trending on GitHub. 332 points on Hacker News.
100% Open Source.
English
Max Brin retweetledi
Designing App Store screenshots takes too long
So I made a Claude Skill that does it for me
Instead of spending hours in Figma… now it's done in 15 minutes on autopilot
Just add your app screenshots and it does the rest
The final product can even be copied straight into App Store Connect
It's the ASO App Store Screenshots skill and it's available on github here:
github.com/adamlyttleapps…
Adam Lyttle@adamlyttleapps
I'm creating Claude Skill that does it all in 15 mins...
English
Max Brin retweetledi
Max Brin retweetledi
🚨 Microsoft just open sourced a voice AI that was too dangerous to keep live.
They took it down. Added watermarks and safety controls. Then re-released it. For free.
It's called VibeVoice.
Microsoft's frontier open source voice AI.
Clone any voice from 10 seconds of audio. Generate 90 minutes of multi-speaker conversation. Real-time streaming. All running locally on your machine.
No ElevenLabs. No $99/month subscription. No per-minute pricing.
Here's what this thing does:
→ Text-to-speech that sounds indistinguishable from a real human
→ Generate up to 90 minutes of audio in a single pass
→ 4 distinct speakers in one conversation with natural turn-taking
→ Clone any voice from just 10 seconds of audio
→ Real-time streaming TTS. First audio in ~200 milliseconds.
→ Speech-to-text that processes 60 minutes of audio in one pass
→ Identifies who said what and when. Speaker labels + timestamps.
→ Supports 50+ languages for transcription
→ Custom hotwords for names, technical terms, domain-specific accuracy
Here's the wildest part:
Give it a podcast script. It generates a full multi-speaker conversation that sounds like two real humans talking. Natural pauses. Emotional nuance. Turn-taking. 90 minutes. One command.
Microsoft had to take this repo down once because people were misusing it for deepfakes and disinformation. They brought it back with embedded watermarks, audio disclaimers, and safety controls.
That's how powerful this is. A $3 trillion company built it. Released it. Pulled it. Fixed it. And gave it back to the world.
ElevenLabs: $99/month.
Play.ht: $39/month.
Amazon Polly: pay per character.
This: Free. Local. MIT License.
23.5K GitHub stars. 2.6K forks. Backed by Microsoft Research.
100% Open Source.
English
Max Brin retweetledi
Max Brin retweetledi
by popular demand, lil agents is now open source!
fork it, remix it, and help us make something awesome…
github.com/ryanstephen/li…
English
Max Brin retweetledi
I’ve been working on something… and it’s now on the App Store! 👀
Introducing brrr 🚀
Push notifications to your own devices. Instantly.
No signup. No dashboard. No nonsense.
Link in 🧵
English
Max Brin retweetledi
Technion researchers Dr. Gil Shamai, Prof. Ron Kimmel (Computer Science), and Prof. Dvir Aran (Biology) have developed an AI model that predicts who will benefit from chemotherapy—using routine pathology images, in minutes. A step toward faster, more accessible personalized cancer care.
#Technion #AIinHealthcare #BreastCancer #PrecisionMedicine
technion.ac.il/en/blog/articl…
thelancet.com/journals/lanon…
English
Max Brin retweetledi
Someone just poisoned the Python package that manages AI API keys for NASA, Netflix, Stripe, and NVIDIA.. 97 million downloads a month.. and a simple pip install was enough to steal everything on your machine.
The attacker picked the one package whose entire job is holding every AI credential in the organization in one place. OpenAI keys, Anthropic keys, Google keys, Amazon keys… all routed through one proxy. All compromised at once.
The poisoned version was published straight to PyPI.. no code on GitHub.. no release tag.. no review. Just a file that Python runs automatically on startup. You didn’t need to import it. You didn’t need to call it. The malware fired the second the package existed on your machine.
The attacker vibe coded it… the malware was so sloppy it crashed computers.. used so much RAM a developer noticed their machine dying and investigated. They found LiteLLM had been pulled in through a Cursor MCP plugin they didn’t even know they had.
That crash is the only reason thousands of companies aren’t fully exfiltrated right now. If the code had been cleaner nobody notices for weeks. Maybe months.
The attack chain is the part that gets worse every sentence.
TeamPCP compromised Trivy first. A security scanning tool. On March 19. LiteLLM used Trivy in its own CI pipeline… so the credentials stolen from the SECURITY product were used to hijack the AI product that holds all your other credentials.
Then they hit GitHub Actions. Then Docker Hub. Then npm. Then Open VSX. Five package ecosystems in two weeks. Each breach giving them the credentials to unlock the next one.
The payload was three stages.. harvest every SSH key, cloud token, Kubernetes secret, crypto wallet, and .env file on the machine.. deploy privileged containers across every node in the cluster.. install a persistent backdoor waiting for new instructions.
TeamPCP posted on Telegram after: “Many of your favourite security tools and open-source projects will be targeted in the months to come.. stay tuned.”
Every AI agent, copilot, and internal tool your company shipped this year runs on hundreds of packages exactly like this one… nobody chose to install LiteLLM on that developer’s machine. It came in as a dependency of a dependency of a plugin. One compromised maintainer account turned the entire trust chain into a credential harvesting operation across thousands of production environments in hours.
The companies deploying AI the fastest right now have the least visibility into what’s underneath it.
Andrej Karpathy@karpathy
Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.
English
Max Brin retweetledi
My Mac Mini M4 was boring, so I knew I had to do something about it...
English
Max Brin retweetledi
My first test of MiniMax M2.7
this made 3d fibre physics with all the specs of m2.7 is written
MiniMax (official)@MiniMax_AI
Early testers are saying that M2.7 has big improvements in emotional intelligence and character consistency 👀
English
