Stochy

If you can reply to this post you’re in North America

ELON MUSK: SpaceX will build a mass driver on the moon. "If you want to go beyond a mere terawatt per year, you have to go to the moon. So by having factories on the moon, building AI satellites and having a mass driver, which is the kind of thing you really need to learn about in read about in science fiction, but we're going to make it real. We're actually going to have a mass driver on the moon. And if you do that, you can go several orders of magnitude greater. You can go to 1000 gigawatts or more per year, and ultimately get to maybe a millionth, and then a 1,000th and maybe even a few percent of the sun's energy. I really want to see the mass driver on the moon that is shooting AI satellites into deep space just go like just one after the other. I can't imagine anything more epic than a mass driver on the moon and a self sustaining city on the moon, and then going beyond the moon to Mars, going throughout our solar system, and ultimately, being out there among the stars and visiting all these star systems, maybe we'll meet aliens. Maybe we'll meet see some civilizations that lasted for millions of years, and we'll find the remnants of ancient alien civilizations. But the only way we're going to do that, do that, do that is if we go out there and we explore, and this is the path to making it happen."

Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.

New in Claude Code: auto mode. Instead of approving every file write and bash command, or skipping permissions entirely, auto mode lets Claude make permission decisions on your behalf. Safeguards check each action before it runs.

glm-5-turbo is my new favourite model of the season. I’ve been using glm-4.7 primarily for customer facing conversation. glm-5 was completely non-conformant for my use case, massive hallucination rate, extremely poor tool usage. glm-5-turbo is so much more stable for me. It’s a little more expensive, but where I use it amounts to a rounding error, it’s not a major cost driver. I’m now experimenting with it as the main personality and orchestrator model in my neuron project (in place of opus and gpt-5.4), where it coordinates other models to get work done. So far it’s been excellent for research, excellent for first pass spec generation (but I always pass these to opus-4.6, Gemini-3.1 and gpt-5.4 for edition), and I haven’t tried it for implementation because codex already just works well when you give it a detailed spec. This has reduced the cost of running neuron by about 80% as I was using opus via the api in a lot of these places. It is much more personable than most models. Almost as personable as opus. It’s a shame they aren’t releasing the weights.

oh fuck i think i made something cool