André

8.4K posts

André

@atmcarmo

I talk about football, Formula 1, tech. I’m a principal engineer / tech lead / platform engineer.

Porto, Portugal Katılım Haziran 2009

1.3K Takip Edilen1.5K Takipçiler

André retweetledi

rahat@Rahatcodes·2d

Claude Code has a regex that detects "wtf", "ffs", "piece of shit", "fuck you", "this sucks" etc. It doesn't change behavior...it just silently logs is_negative: true to analytics. Anthropic is tracking how often you rage at your AI Do with this information what you will

English

547

767

14.5K

1.3M

André@atmcarmo·3d

This is a very serious supply chain attack. Please read and avoid this version of axios.

Feross@feross

🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages. The latest axios @1.14.1 now pulls in plain-crypto-js@4.2.1, a package that did not exist before today. This is a live compromise. This is textbook supply chain installer malware. axios has 100M+ weekly downloads. Every npm install pulling the latest version is potentially compromised right now. Socket AI analysis confirms this is malware. plain-crypto-js is an obfuscated dropper/loader that: • Deobfuscates embedded payloads and operational strings at runtime • Dynamically loads fs, os, and execSync to evade static analysis • Executes decoded shell commands • Stages and copies payload files into OS temp and Windows ProgramData directories • Deletes and renames artifacts post-execution to destroy forensic evidence If you use axios, pin your version immediately and audit your lockfiles. Do not upgrade.

English

303

André retweetledi

Feross@feross·3d

🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages. The latest axios@1.14.1 now pulls in plain-crypto-js@4.2.1, a package that did not exist before today. This is a live compromise. This is textbook supply chain installer malware. axios has 100M+ weekly downloads. Every npm install pulling the latest version is potentially compromised right now. Socket AI analysis confirms this is malware. plain-crypto-js is an obfuscated dropper/loader that: • Deobfuscates embedded payloads and operational strings at runtime • Dynamically loads fs, os, and execSync to evade static analysis • Executes decoded shell commands • Stages and copies payload files into OS temp and Windows ProgramData directories • Deletes and renames artifacts post-execution to destroy forensic evidence If you use axios, pin your version immediately and audit your lockfiles. Do not upgrade.

English

533

4.1K

16.3K

11.9M

André retweetledi

Wes Bos@wesbos·3d

‼️Do not npm install or deploy anything right now Supply chain attack on axios 1.14.1 - even if you don’t use axios it may be a nested dep. Pin versions or wait until this is resolved

Maxwell@mvxvvll

@npmjs @GHSecurityLab there is an active supply chain attack on axios@1.14.1 which pulls in a malicious package published today - plain-crypto-js@4.2.1 - someone took over a maintainer account for Axios

English

168

1.8K

1.6M

André retweetledi

Autosport@autosport·5d

Fernando Alonso said this before today's race and Ollie Bearman's 50G accident... #JapaneseGP

English

2.4K

21.5K

459.5K

André@atmcarmo·4d

Perhaps you should listen to this young guy @F1 @fia

Formula 1@F1

Here’s the moment Bearman went into the barriers at Spoon #F1 #JapaneseGP

English

André@atmcarmo·4d

@fia You are going to get a driver killed. Stop this now.

English

127

FIA@fia·5d

Following the accident involving Oliver Bearman at the Japanese Grand Prix and the contribution of high closing speeds in the accident, the FIA would like to provide the following clarifications. #FIA #F1 #JapaneseGP

English

3.7K

2.5K

16K

3.4M

André@atmcarmo·4d

What a shit show. These new rules are dangerous and this is a good example. Someone is going to die soon if they don’t change the energy deployment rules.

Formula 1@F1

Here’s the moment Bearman went into the barriers at Spoon #F1 #JapaneseGP

English

142

André@atmcarmo·6d

Here we go again. Furar o mesmo pneu duas vezes.

Português

178

André retweetledi

Gergely Orosz@GergelyOrosz·6d

If you use GitHub (especially if you pay for it!!) consider doing this *immediately* Settings -> Privacy -> Disallow GitHub to train their models on your code. GitHub opted *everyone* into training. No matter if you pay for the service (like I do). WTH github.com/settings/copil…

English

394

929

5.2K

564.2K

André@atmcarmo·6d

Pinnacle of motor sports in 2026. There are people that actually like this

James@GREEKMASTER99

Going from 324 to 270kph while at full throttle just isn’t f1. Something needs to be done asap to fix this because it’ll do more harm than good

English

289

André@atmcarmo·6d

Claude Code with Max plan be like

ℏεsam@Hesamation

btw this is the app that has generated $5000 in just 3 days, organically. it uses your Mac’s accelerometer sensor to moan when you slap it. we’re in the peak era of software.

English

285

André@atmcarmo·27 Mar

It’s bad when F1 cars loose 50kph on a straight. It’s ridiculous when they loose 50kph on the 130R in Japan. F1 is going downhill and this new regulation is just embarrassing

English

205

André retweetledi

Daniel Hnyk@hnykda·24 Mar

LiteLLM HAS BEEN COMPROMISED, DO NOT UPDATE. We just discovered that LiteLLM pypi release 1.82.8. It has been compromised, it contains litellm_init.pth with base64 encoded instructions to send all the credentials it can find to remote server + self-replicate. link below

English

309

2.3K

9.4K

5.6M

André@atmcarmo·24 Mar

This looks nice 👀 at least in theory

Claude@claudeai

New in Claude Code: auto mode. Instead of approving every file write and bash command, or skipping permissions entirely, auto mode lets Claude make permission decisions on your behalf. Safeguards check each action before it runs.

English

161

André retweetledi