亭山樵者

2.1K posts

亭山樵者 banner
亭山樵者

亭山樵者

@TomPoet

AI PM | Indie Hacker | Photographer

Mars Katılım Kasım 2009
701 Takip Edilen48 Takipçiler
亭山樵者 retweetledi
antirez
antirez@antirez·
So let's start from this post to tell you about my journey with the LLMs and the new Redis data structure I'm implementing right now. Vector Sets were hand-coded, this time I decided to use Claude/Codex as a helpers, and guess what? The work I had to do was huge. Thread:
Mario Zechner@badlogicgames

I'm usually not one to write thought pieces without much technical depth. But here we go. Slow the fuck down. mariozechner.at/posts/2026-03-…

English
14
51
463
95.1K
亭山樵者 retweetledi
Andrej Karpathy
Andrej Karpathy@karpathy·
Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.
Daniel Hnyk@hnykda

LiteLLM HAS BEEN COMPROMISED, DO NOT UPDATE. We just discovered that LiteLLM pypi release 1.82.8. It has been compromised, it contains litellm_init.pth with base64 encoded instructions to send all the credentials it can find to remote server + self-replicate. link below

English
1.3K
5.4K
27.9K
65.4M
亭山樵者
亭山樵者@TomPoet·
强烈推荐的,原著小说就很棒!
Andrej Karpathy@karpathy

Had to go see Project Hail Mary right away (it's based on the book of Andy Weir, of also The Martian fame). Both very pleased and relieved to say that 1) the movie sticks very close to the book in both content and tone and 2) is really well executed. The book is one of my favorites when it comes to alien portrayals because a lot of thought was clearly given to the scientific details of an alternate biochemistry, evolutionary history, sensorium, psychology, language, tech tree, etc. It's different enough that it is highly creative and plausible, but also similar enough that you get a compelling story and one of the best bromances in fiction. Not to mention the other (single-cellular) aliens. I can count fictional portrayals of aliens of this depth on one hand. A lot of these aspects are briefly featured - if you read the book you'll spot them but if you haven't, the movie can't spend the time to do them justice. I'll say that the movie inches a little too much into the superhero movie tropes with the pacing, the quips, the Bathos and such for my taste, and we get a little bit less the grand of Interstellar and a little bit less of the science of The Martian, but I think it's ok considering the tone of the original content. And it does really well where it counts - on Rocky and the bromance. Thank you to the film crew for the gem!

中文
0
0
0
34
亭山樵者 retweetledi
OpenAI Newsroom
OpenAI Newsroom@OpenAINewsroom·
We've reached an agreement to acquire Astral. After we close, OpenAI plans for @astral_sh to join our Codex team, with a continued focus on building great tools and advancing the shared mission of making developers more productive. openai.com/index/openai-t…
English
494
831
7.3K
4M
亭山樵者 retweetledi
OpenAI Developers
OpenAI Developers@OpenAIDevs·
We’re introducing GPT-5.4 mini and nano, our most capable small models yet. GPT-5.4 mini is more than 2x faster than GPT-5 mini. Optimized for coding, computer use, multimodal understanding, and subagents. For lighter-weight tasks, GPT-5.4 nano is our smallest and cheapest version of GPT-5.4. openai.com/index/introduc…
OpenAI Developers tweet media
English
317
622
6.5K
763.7K
亭山樵者 retweetledi
StarKnight
StarKnight@StarKnight·
和人聊到在日本企业推进数字化(他们叫“DX”=Digital Transformation)时遇到的困境之一: 引入一个好用工具(解决方案),现场立省30%的时间!而且还不贵。 普通领导:牛逼,快引进! 日企领导:呃,那员工闲下来之后干啥? 普通领导:两个人可以干五个人的活,裁掉三个人啊。 日企领导:哎那怎么行。
中文
22
6
126
39.2K
亭山樵者
亭山樵者@TomPoet·
@thsottiaux Under the current codex app (macOS, version: 26.313.41514 (1043)), when submitting a commit via the `commit button`, the generated message does not follow the `Commit instructions` entered in settings. Please fix.
English
0
0
0
13
Tibo
Tibo@thsottiaux·
What are we consistently getting wrong with codex that you wish we would improve / fix?
English
1.2K
14
876
143.6K
亭山樵者 retweetledi
Jerry Tworek
Jerry Tworek@MillionInt·
Rethink everything. deep leaning 2.0 is approaching
Kimi.ai@Kimi_Moonshot

Introducing 𝑨𝒕𝒕𝒆𝒏𝒕𝒊𝒐𝒏 𝑹𝒆𝒔𝒊𝒅𝒖𝒂𝒍𝒔: Rethinking depth-wise aggregation. Residual connections have long relied on fixed, uniform accumulation. Inspired by the duality of time and depth, we introduce Attention Residuals, replacing standard depth-wise recurrence with learned, input-dependent attention over preceding layers. 🔹 Enables networks to selectively retrieve past representations, naturally mitigating dilution and hidden-state growth. 🔹 Introduces Block AttnRes, partitioning layers into compressed blocks to make cross-layer attention practical at scale. 🔹 Serves as an efficient drop-in replacement, demonstrating a 1.25x compute advantage with negligible (<2%) inference latency overhead. 🔹 Validated on the Kimi Linear architecture (48B total, 3B activated parameters), delivering consistent downstream performance gains. 🔗Full report: github.com/MoonshotAI/Att…

English
29
72
1.4K
188.3K
onevcat
onevcat@onevcat·
感谢奥特曼!猫娘们从此不缺粮了!
onevcat tweet media
中文
7
0
76
7.8K
亭山樵者 retweetledi
OpenAI Developers
OpenAI Developers@OpenAIDevs·
We use skills to maintain our Agents SDK repositories through repeatable workflows for verification, integration tests, release checks, and PR handoff. Here’s how it works: developers.openai.com/blog/skills-ag…
Kazuhiro Sera@seratch

New post on the OpenAI Developer Blog: how we use skills for open-source maintenance, from planning and coding to testing and release-readiness checks with GitHub Actions. Hope it's useful for your projects too 🙌 developers.openai.com/blog/skills-ag…

English
37
63
752
118K
亭山樵者 retweetledi
a16z
a16z@a16z·
Global AI usage is splintering into three distinct camps Full report: a16z.com/100-gen-ai-app…
a16z tweet media
Olivia Moore@omooretweets

🚨 The @a16z consumer AI Top 100 is back! For the sixth time, we ranked consumer AI websites and mobile apps by usage (monthly unique visits and MAUs). This edition, we changed the rules. Here's why - and what the new list says about where consumer AI is heading 👇

English
30
115
670
89.6K
亭山樵者
亭山樵者@TomPoet·
一个避坑技巧:如果使用Cloudflare R2作为图床,CORS策略Allowed Origins也配了localhost,发现本地开发时图片无法加载,可以去域名下Security-Settings 把Hotlink Protection关了,或者配个rule,对R2绑定的域名关闭Hotlink Protection
中文
0
0
0
81
亭山樵者 retweetledi
onevcat
onevcat@onevcat·
这个回复是真的,不专业…对美团评价降低了。“没有开源协议”就是不让用,希望这能成为常识…
Kai@real_kai42

冷知识,开源项目没有开源协议的意思 = 你就只能看看代码,你想要代码做任何事情,从法律上来说都需要申请授权 这个回复看起来像表达,“我们 fork 的时候是没有协议的,是作者后加的,我们被坑了” 更暴露了其对开源认知的浅薄,

中文
4
4
78
19.8K
亭山樵者
亭山樵者@TomPoet·
@Ibebi @Blankwonder 链接就不给了,这家实木桌面的漆面有些容易磕碰留痕,不是很推荐(主要胜在便宜),你可以直接淘宝搜实木电脑桌,有很多这样钢架底座不带抽屉的型号
中文
0
0
0
37
Yachen Liu
Yachen Liu@Blankwonder·
#装修日记 定制桌一个很大的坑点是:桌面下抽屉。抽屉容量正常的桌子,一定坐着是不舒服的。 因为桌面最合适的高度一般是 75cm 左右,这个高度是最舒适的,太高了椅子也要调高,脚无法自然落地。但是这个高度下,桌面下方的腿部空间其实已经很少,如果再加上一个抽屉,超过 5cm 就会卡腿(总高还得加上桌板厚度),再减去轨道开销,抽屉内部高度非常少,没有意义。 所以高度合适、腿部空间、抽屉,这三件事不可兼得。 但为什么很多设计师喜欢这种设计,我发现是因为出于美观或者其他限制考虑,桌面不可以用腿或板直接支撑,而是做成挂墙的悬浮设计。但是一般的挂墙支架,一定要做成三角结构,不然强度不够。但是这样从侧面看着就很丑,为了把这个支架藏起来,于是就只能顺便做个抽屉… 我现在的解决方案是,直接用方钢做桌子骨架,这样不用三角结构,然后用板材全部包起来,最终完成面厚度总计约 8cm。
中文
7
0
31
15.2K

Keşfet

@astral_sh @thsottiaux @onevcat @elonmusk @BarackObama @taylorswift13 @cristiano @BillGates