Natale M. Ferrara 🔱

Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.

Isn't it beautiful to watch? Compounding.

Thoughts on @Uniswap CCA as someone who lived through the 2017 ICO era 🦄 In 2017, ICOs were the wild west. I watched teams raise Billions with just a PDF. The playbook was simple. Write a “whitepaper” and “product roadmap”, get a legal opinion calling the token a “utility”, sell the token, and get listed on a CEX. Listing wasn’t the result of market demand. It was the mechanism that created it. Binance’s growth was tightly coupled with the ICO boom. A loop of more ICOs, more listings, more users, more volumes, more ICOs. DEXs were still too early to matter, and EtherDelta wasn’t where price discovery happened. Distribution and price formation were disconnected, with markets forming after distribution. Uniswap CCA flips this model. It turns token launches into a continuous, programmatic price discovery process. The auction starts at a floor price and moves upward over time. Participants set their max price and budget. Orders fill gradually as long as the clearing price stays within their limit. This fixes the core structural flaws of ICO 1.0. It provides fair access with transparent price formation. It aligns token distribution with actual market demand. Because sustainable ecosystems require credible market formation, not just distribution. Uniswap CCA is crypto growing into its native capital markets. The 2017 ICO era proved the market demand for tokens. The missing piece was the infrastructure to support them. Uniswap CCA provides that missing primitive.

Unisciti a Manus ora e ottieni crediti gratuiti! manus.im/invitation/5CC…

@TechWith_Nova Cash

I built a 5-agent AI content team using OpenClaw that works for me 24/7. Here’s how it works: → Employee #1 scrapes Twitter and YouTube from top creators in my niche → Tracks velocity (views per hour, engagement, virality signals) → Ranks the most viral content automatically → Sends the best ones directly to my Telegram I open Telegram, review what’s trending, learn from it, and implement ideas myself. Once I find a video, tweet, or thread that resonates, I hand it off to Employee #2. Employee #2 brainstorms with me, takes my input, understands the angle, and converts it into a thread in my writing style and tone. Then Employee #3 repurposes that thread into: → YouTube video scripts → Instagram scripts → Tweet variations and wrappers Employee #4 reviews the thread and humanizes it to make sure it doesn’t sound AI-generated and feels authentic. Employee #5 then reviews everything for virality, ensures it matches my exact tone and style, and delivers the final version to my custom dashboard for approval. This is how I’m scaling content moving forward. Will share the results.

Meme Card Log #458: we finally got @batsoupyum right where we want him, like Sisyphus, trapped in his own soup can, irrevocably on the blockchain, until the end of time

@sabir_huss50540 Free

Everyone is super hyped about Clawdbot but 90% don't know how to actually use it to replace real work. I spent 48 hours and created "The Ultimate Clawdbot Guide". 100% FREE for the next 24hrs only Just: * Like * Follow *Repost * Reply "Free" I'll DM you a link.

Worth another post as its such a good tool. OS was always a pain transferring find the right wallets for profiles and signing in and getting messed around there Now as long as signed into 6529 io then can easily identify wallets for profiles and boom

xtdh.com (beta) Beta is live at xtdh.vercel.app (main domain will be xtdh.com). Built on top of 6529 by @punk6529. The thesis: if NFTs proliferate, discovery breaks. You can’t navigate an infinite set of tokens with one centralized front-end. You need decentralized curation + individual “markets” built around taste/reputation. xtdh.com is aiming to be that layer, built on the upcoming xTDH feature from 6529. What’s different (3 parts): 1) You can customize basically every aspect of the interface (make the page look like "you"). 2) It’s about your xTDH grants, not your holdings. Curate any set of NFTs you want, then present them with your own design. 3) If this works and goes to production, we’ll layer on trading: your curated page becomes a marketplace, and you can earn commission when people buy/sell from your page. So: we'll solve curation first, then potentially add trading on top. If you want to play with it, connect your wallet, log in, and customize your page on the beta: xtdh.vercel.app. Note, for those without 6529 profiles, creating an account directly on the app is not quite working yet. However, you can do that on 6529.io until I fix it shortly. Feedback is the whole point of this stage. Please share your thoughts. Thanks!

🚨 BREAKING: CLAWDBOT RENAMED TO MOLTBOT Due to trademark issues with @AnthropicAI

Really love the new card transfer feature on 6529 io ✅ Select target wallets using 6529's profile naming system — just type a username (e.g. "vantekai") and see all wallets within that profile ✅ Pick exactly which wallet you want to send to — no copying and pasting addresses ✅ No more connecting to OpenSea for transfers — one less wallet signature to worry about (Buying and selling still requires the usual connections ofc)

New: Dedicated card pages with full stats breakdown ✅ Holders overview — 6529 ecosystem, full set & szn set holders + availability ✅ Live market — all bids/asks with pptdh + bidder/seller profiles ✅ Sales history — ETH/WETH sales with buyer/seller profiles ✅ Token holders list — every holder's profile + token & profile-level TDH

AI will never make raindrops on glass as well as I do :P

Our @punk6529 Memes collaboration with @_doclove is live for voting. We built a dynamic card featuring a Camogen-inspired Cube that reacts to ETH’s price performance. We appreciate your votes and support!