Sabitlenmiş Tweet
MvkFromSC
95 posts
MvkFromSC
@MvkFromSC
🤺👑 https://t.co/Et6MdipCHO 🥖💅 https://t.co/zI3TlI5w9T 🌲🌲 https://t.co/t4isZ10xXm 🧠💰 https://t.co/ytQD4Twq0O 🥋🔮 https://t.co/za0Ul4s2iS 🦞🕺 https://t.co/d7MRnF2ZfP
Katılım Şubat 2026
124 Takip Edilen8 Takipçiler
@jackfriks @postbridge_ btw. this was the first image @ChatGPTapp made, this one below was the 4th one @grok did and it's still not good. @elonmusk y'all got a lot of catching up to do, image-wise.
English
English
i sold my company @postbridge_ for $4,206,969
i cant believe it, but i just closed the final documents and got the wire into my account this morning.
English
@karpathy @pmroadmap25 I can't emphasis enough to use locked and vetted versioning, would cut down on the malicious factor.
English
@pmroadmap25 exactly, I can't feel like I'm playing russian roulette with each `pip install` or `npm install` (which LLMs also run liberally on my behalf).
English
New supply chain attack this time for npm axios, the most popular HTTP client library with 300M weekly downloads.
Scanning my system I found a use imported from googleworkspace/cli from a few days ago when I was experimenting with gmail/gcal cli. The installed version (luckily) resolved to an unaffected 1.13.5, but the project dependency is not pinned, meaning that if I did this earlier today the code would have resolved to latest and I'd be pwned.
It's possible to personally defend against these to some extent with local settings e.g. release-age constraints, or containers or etc, but I think ultimately the defaults of package management projects (pip, npm etc) have to change so that a single infection (usually luckily fairly temporary in nature due to security scanning) does not spread through users at random and at scale via unpinned dependencies.
More comprehensive article:
stepsecurity.io/blog/axios-com…
Feross@feross
🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages. The latest axios@1.14.1 now pulls in plain-crypto-js@4.2.1, a package that did not exist before today. This is a live compromise. This is textbook supply chain installer malware. axios has 100M+ weekly downloads. Every npm install pulling the latest version is potentially compromised right now. Socket AI analysis confirms this is malware. plain-crypto-js is an obfuscated dropper/loader that: • Deobfuscates embedded payloads and operational strings at runtime • Dynamically loads fs, os, and execSync to evade static analysis • Executes decoded shell commands • Stages and copies payload files into OS temp and Windows ProgramData directories • Deletes and renames artifacts post-execution to destroy forensic evidence If you use axios, pin your version immediately and audit your lockfiles. Do not upgrade.
English
MvkFromSC retweetledi
A new system prints full size boat hulls in one piece using a fully automated 3D process, creating strong vessels up to 12 meters long with no cutting or assembly, mainly for defense and work boats 🚤
English
@TheGeorgePu the Oliver voice should sound exciting, but uh, I'm just not getting the excitement vibe 😅
English
Dear @Google @GoogleAI @GeminiApp — why is there still no simple way to change the Gemini web interface language?
My UI is stuck in the wrong language without a solution.
For an AI product, this is an amazingly bad UX. Please fix per‑app language settings.
English
@_n8ive_ @RoundtableSpace more likely the $5K was added for post reach, not necessarily true
English
@RoundtableSpace Slapping your MacBook to make it moan... and it prints $5K in 3 days?
Peak 2026 tech or society officially cooked?
English
SOMEONE VIBE CODED AN APP THAT MAKES YOUR MACBOOK “MOAN” WHEN YOU SLAP IT AND IT MADE $5K IN 3 DAYS.
English
MvkFromSC retweetledi
I've had so many people ask for a live demo of Three.js Water Pro, so I'm excited to finally deliver!🚀
threejswaterpro.com
Try out all the presets, tweak all the knobs and test performance on your target devices. I've added a mobile-responsive UI as well.
Have fun! 🤿🌊🐟
English
Today I'm at 250% of @github premium requests and copilot is basically unusable due to rate limiting. I switched to @OpenAI codex and burned through $20 in a few hours, yikes! Let's see if we can set up something with @OpenRouter 🍀
English
One problem in Europe is there's no political representation for people who just want freedom
The right wing is pro-censorship and anti-privacy
The left wing wants to make everything about climate change and degrowth and import the entire third world
There's no sane pro-business pro-privacy anti-censorship sane-immigration parties
NXT EU@NXT4EU
This is how European political groups voted on Chat-Control. Green: Stopping Chat-Control Red: Allowing Chat-Control The difference was one vote.
English
Dipped my toes deeper into Rust territory and ended up building a modular, strongly-typed market making bot for EVM DEXes along with a dashboard and (fake) exchange. github.com/mkontsek/crisp…
English
github.com/github/copilot… It happens in v1.0.11 too, gpt-5-mini seems to work, but still slow. It'll probably take a while until infra catches up with demand... Everybody's building on @github, maybe @gitlab could spool up a competitor 🏁
English
MvkFromSC retweetledi
@awpthorp @damengchen the market will quickly adjust in that case, VAs would be hired again. Though it's likely the $6/h was partially spent on agents too.
English
@damengchen Only if AI tokens stay subsidised or they become more efficient.
I have a theory once these tools are so embedded into daily lives and ops the rug will be pulled and you’ll be spending thousands a month on tokens
English
Tough times for human virtual assistants; even a $6/h role will be laid off.
English
MvkFromSC retweetledi
This is slowly convincing me to get a 3D printing machine
English
MvkFromSC retweetledi
Agentic AI speeds up code production, but the challenge is execution and control.
JetBrains Central is an open system for agentiс development across the SDLC, with governance, observability, and controlled execution.
Early access starts in Q2 2026.
Learn more: jb.gg/central
English
Today’s LiteLLM PyPI fiasco is a reminder: pin your deps and only upgrade to versions you’ve actually vetted. Blind latest in CI turns a 1‑hour supply‑chain attack into a full‑env compromise. 👾👾👾
Andrej Karpathy@karpathy
Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.
English