Sabitlenmiş Tweet
Frank Zheng
82.5K posts
Frank Zheng
@fkz_tw
A Coder / Programmer / Pythonista / SRE / Web Back-end Engineer and Taiwanese. Retweets ≠ Endorsements. Tweets are my own.
Taiwan Katılım Ağustos 2012
1.8K Takip Edilen3.6K Takipçiler
Frank Zheng retweetledi
Frank Zheng retweetledi
Surprised with how good the comments on github gists are. A lot more helpful, insightful, constructive, a lot less AI... Is it the user community? The markdown format? The (lack of) incentives?
Suddenly feeling like I should gist more.
@github consider competing with X (?)
English
Frank Zheng retweetledi
Frank Zheng retweetledi
The best engineers today don’t write more code.
They write less.
AI writes code.
Engineers design systems.
That’s where the leverage is.
English
The best engineers today don’t write more code.
They write less — and design better systems with AI.
Less is more.
Paradigm shift.
The real leverage now is in system design and workflow automation.
Make system design and workflow automation great again.
English
Frank Zheng retweetledi
Frank Zheng retweetledi
Software horror: litellm PyPI supply chain attack.
Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords.
LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm.
Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks.
Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages.
Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.
Daniel Hnyk@hnykda
LiteLLM HAS BEEN COMPROMISED, DO NOT UPDATE. We just discovered that LiteLLM pypi release 1.82.8. It has been compromised, it contains litellm_init.pth with base64 encoded instructions to send all the credentials it can find to remote server + self-replicate. link below
English
There are 10 types of people in the world:
those who understand AI, and those who don’t.
English
Frank Zheng retweetledi
Frank Zheng retweetledi
GPT 5.2 is "ridiculously better" than Opus 4.5 they said...
I tested BOTH on identical bugs in OpenCode and recorded everything
GPT 5.2 → 24 minutes for nothing
Opus 4.5 → 4 minutes and done
Full video proof (crazy)
Always test yourself instead of trusting tweets
Paul Solt@PaulSolt
Codex 5.2 is RIDICULOUSLY better than Opus 4.5 I tried Opus 4.5 and boy did it STRUGGLE today. Some aspects are good, but it feels like it’s not listening to me. Jumps right into coding before I had a chance to ok the plan… Opus can’t fix a simple UI issue with 5 prompts…
English
Frank Zheng retweetledi
Frank Zheng retweetledi
We are starting to test ads in ChatGPT free and Go (new $8/month option) tiers.
Here are our principles. Most importantly, we will not accept money to influence the answer ChatGPT gives you, and we keep your conversations private from advertisers.
It is clear to us that a lot of people want to use a lot of AI and don't want to pay, so we are are hopeful a business model like this can work.
(An example of ads I like are on Instagram, where I've found stuff I like that I otherwise never would have. We will try to make ads ever more useful to users.)
OpenAI@OpenAI
In the coming weeks, we plan to start testing ads in ChatGPT free and Go tiers. We’re sharing our principles early on how we’ll approach ads–guided by putting user trust and transparency first as we work to make AI accessible to everyone. What matters most: - Responses in ChatGPT will not be influenced by ads. - Ads are always separate and clearly labeled. - Your conversations are private from advertisers. - Plus, Pro, Business, and Enterprise tiers will not have ads.
English
Frank Zheng retweetledi
1/n
I’m really excited to share that our @OpenAI reasoning system got a perfect score of 12/12 during the 2025 ICPC World Finals, the premier collegiate programming competition where top university teams from around the world solve complex algorithmic problems. This would have placed it first among all human participants. 🥇🥇
English
Frank Zheng retweetledi
Frank Zheng retweetledi
Open-source Free Domain For Everyone.
English
Frank Zheng retweetledi
1/n I’m thrilled to share that our @OpenAI reasoning system scored high enough to achieve gold 🥇🥇 in one of the world’s top programming competitions - the 2025 International Olympiad in Informatics (IOI) - placing first among AI participants! 👨💻👨💻
English
Frank Zheng retweetledi