Sabitlenmiş Tweet
harsh
4K posts
harsh
@devloperhs
Technical Writer | Sharing real builds + prompts weekly | Dev Blogs in bio 👇
Vadodara Katılım Mart 2024
171 Takip Edilen547 Takipçiler
@TheCoderShow @jigsmedev @claudeai @AnthropicAI Would love to join the meetup, it will be fun. Part of college cbc
English
@jigsmedev @claudeai @AnthropicAI Love the energy! Ahmedabad…
Let’s see more of you show up.
Tag someone who’d come 👀
English
Gujarat has some of the sharpest builders in India.
Yet no one is hosting serious AI meetups there.
Show me the demand and I’ll make it happen.
Reply with your city for an official @ClaudeAI meetup by @AnthropicAI.
I’ll go where the crowd is loudest. 👀
English
When I built menugen ~1 year ago, I observed that the hardest part by far was not the code itself, it was the plethora of services you have to assemble like IKEA furniture to make it real, the DevOps: services, payments, auth, database, security, domain names, etc...
I am really looking forward to a day where I could simply tell my agent: "build menugen" (referencing the post) and it would just work. The whole thing up to the deployed web page. The agent would have to browse a number of services, read the docs, get all the api keys, make everything work, debug it in dev, and deploy to prod. This is the actually hard part, not the code itself. Or rather, the better way to think about it is that the entire DevOps lifecycle has to become code, in addition to the necessary sensors/actuators of the CLIs/APIs with agent-native ergonomics. And there should be no need to visit web pages, click buttons, or anything like that for the human.
It's easy to state, it's now just barely technically possible and expected to work maybe, but it definitely requires from-scratch re-design, work and thought. Very exciting direction!
Patrick Collison@patrickc
When @karpathy built MenuGen (karpathy.bearblog.dev/vibe-coding-me…), he said: "Vibe coding menugen was exhilarating and fun escapade as a local demo, but a bit of a painful slog as a deployed, real app. Building a modern app is a bit like assembling IKEA future. There are all these services, docs, API keys, configurations, dev/prod deployments, team and security features, rate limits, pricing tiers." We've all run into this issue when building with agents: you have to scurry off to establish accounts, clicking things in the browser as though it's the antediluvian days of 2023, in order to unblock its superintelligent progress. So we decided to build Stripe Projects to help agents instantly provision services from the CLI. For example, simply run: $ stripe projects add posthog/analytics And it'll create a PostHog account, get an API key, and (as needed) set up billing. Projects is launching today as a developer preview. You can register for access (we'll make it available to everyone soon) at projects.dev. We're also rolling out support for many new providers over the coming weeks. (Get in touch if you'd like to make your service available.) projects.dev
English
@karpathy So basically are you saying,
LLM memory should adapt to new data as we add more conversation.
Means like having a way to degrade old memory weight and upgrade the new memory weights, to retrieve the latest info while still keeping track of old ones, for extra context?
English
One common issue with personalization in all LLMs is how distracting memory seems to be for the models. A single question from 2 months ago about some topic can keep coming up as some kind of a deep interest of mine with undue mentions in perpetuity. Some kind of trying too hard.
English
@TukiFromKL So basically he saying,
llm memory should adapt to new data as we add more conversation .
Means like having a way to degrade old memory weight and upgrade the new memory weights, to retrieve the latest info while still keeping track of old ones, for extra context?
English
🚨 Are you paying attention to what Karpathy just admitted..
the founding member of OpenAI.. the guy who trained the models you use every day.. just said every single LLM has the same problem..
ask it one question two months ago and it treats it like your entire identity..
oh wait.. you mentioned crypto once in January? congratulations.. you're now a crypto guy forever.. you also asked about a recipe? every conversation starts with "as someone who enjoys cooking.."
these models don't remember you.. they stereotype you.. off a single data point..
we gave AI a photographic memory and forgot to give it the ability to forget.. and forgetting is the most human thing there is..
Andrej Karpathy@karpathy
One common issue with personalization in all LLMs is how distracting memory seems to be for the models. A single question from 2 months ago about some topic can keep coming up as some kind of a deep interest of mine with undue mentions in perpetuity. Some kind of trying too hard.
English
@nidhisinghattri @AnthropicAI Built me a oss contributor agent , that fetches the top issues for user input repo , reads the contribution.md file , forks the repo, fixes the issues , pushes the code in forked repo, creates a pr , all while respecting the contribution guidelines.
Model - claude
English
sharing a pro tip: check out the demos on Claude Agent SDK from @AnthropicAI. they have wide range of demos from research agent to a basic chat app
once you watch the video, probably the best place for you to dig in deeper
Nidhi Singh@nidhisinghattri
the pattern for building any AI agent is simpler than you think: fetch tool -> read the internet reader tool -> read local files writer tool -> create output I used this exact pattern to build a job agent that writes a tailor resume + a cover letter for you
English
@iHarnoorSingh @Kimi_Moonshot @gmi_cloud @dify_ai @photon_hq @contextkingceo @hydra_db Any option / plan for remote hackathons ?
English
i am so excited to host this hackathon in SF
Rare to see @Kimi_Moonshot sponsoring events, and Hydra_db is partnering with them.
Looking for cool devs, with @gmi_cloud , @dify_ai & @photon_hq also sponsoring!
Agents are having their moment. Build one. Win a Mac Mini + $500 in few hours.
comment if you want to come & i'll dm the link!
English
@jahirsheikh8 Its looka similar to this opensource openscreen
github.com/siddharthvadde…
openscreen.vercel.app
English
Introducing Screenmint.
A free screen recorder that looks like you paid for it.
• buttery smooth recordings
• clean, aesthetic output
• no paywalls, no watermark, no license
• will be available for macOS, Windows, and Linux
Built this over 3 months pushing my limits.
Thought of charging for it…
but remembered why I started.
This should be free for everyone.
100% Open source and completely free.
Coming soon 🚀.
English
@jahirsheikh8 Great project, but will it allow auto pan , zooms capture based on mouse movemens?
English
@Yuchenj_UW Trust badges are important , but they can easily be faked , we need something cryptographically signed , that can be verified by the user.
English
Thought this was fake at first. It’s actually real.
AI labs like OpenAI and Anthropic will ship cybersecurity agents that continuously scan codebases to replace SOC 2 auditor companies I feel.
Andrej Karpathy@karpathy
Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.
English
I’m starting a new series of articles:
"How to Recreate Amazing Website Sections with AI"
Send me your favorite website sections, and I’ll try to rebuild it and show you how to build them using AI.
I’ll pick the best ones and write a full tutorial for each.
The first one drops in a few minutes!
English
@snyksec In particular this clarifies the timeline more: 1.82.7 was published 10:39 UTC, PyPI quarantine approx 13:38, so this was up ~3 hours. At 3.4M downloads/day this might be approx ~425K downloads, a lot of that could be non-latest/locked versions so maybe 20K - 80K range exposure.
English
Software horror: litellm PyPI supply chain attack.
Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords.
LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm.
Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks.
Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages.
Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.
Daniel Hnyk@hnykda
LiteLLM HAS BEEN COMPROMISED, DO NOT UPDATE. We just discovered that LiteLLM pypi release 1.82.8. It has been compromised, it contains litellm_init.pth with base64 encoded instructions to send all the credentials it can find to remote server + self-replicate. link below
English
In fact a hacker spent years infiltrating XZ Utils, a core Linux package, to plant a backdoor granting access to millions of systems via SSH.
One engineer caught it by accident and reported.
Supply chains are our biggest blind spot.
Andrej Karpathy@karpathy
Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.
English
@rohit4verse Tracing is what matters in production a lot , and I got introduced to it while using openai dashboard .
I felt it was restrictive , so I went for langsmith , learnt and dived into it.
Really it opens a new world and perspective.
What are some other that offers same exp?
English
want to get featured on learn2vibecode dot dev for free?
I have 6 placeholders here for some fire quotes about vibecoding.
To get featured drop a reply about what fascinates you the most about vibecoding and I might put you up here :)
It can be anything!
(not testimonials)
English
need some testers for my multiplayer minecraft island built with @GoogleAIStudio i am preparing a playground for my students to build their buildings with a limited building block budget
English
@geminicli Need to give it a go , I was planning to use superpowers , but now it looks like the conductor might be able to pull the job
English
Plan mode was built to be fully extensible 🧩
An example is the Conductor extension for Gemini CLI
It uses both plan mode and the ask_user tool.
Conductor enables Context-Driven Development, acting as an orchestrator for multi-step development tracks, guiding you through complex migrations or feature implementations.
Have you tried it? 🚆
English
