Gabriele Scotto di Vettimo

Animations make the app.

Live on App Store apps.apple.com/us/app/momento…

2x Claude usage means more time to build out side projects! Remade an old app of mine: turn multiple clips into montage memory videos

@albertvancouver @hnykda Check the footer of the site 😂

@gabsdv @hnykda lmfao I thought this was photoshopped...

LiteLLM HAS BEEN COMPROMISED, DO NOT UPDATE. We just discovered that LiteLLM pypi release 1.82.8. It has been compromised, it contains litellm_init.pth with base64 encoded instructions to send all the credentials it can find to remote server + self-replicate. link below

@IceSolst But they're secured by Delve though x.com/gabsdv/status/…

LiteLLM is one of the smartest targets for hackers: corporations use it as an llm proxy. What data passes through there? EVERYTHING. Secrets, data. But you can also manipulate. Imagine Claude Code (via proxy) inserting backdoors in every codebase devs are working on.

@karpathy Don't worry, they're secured by Delve 👍 x.com/gabsdv/status/…

Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.

@___4o____ It gets funnier x.com/gabsdv/status/…

YC btw

@marvinvonhagen Loving the new recipes. Currently trying to learn how to make better meals: x.com/gabsdv/status/…

Poke Recipes are the first normie-compatible "vibecoding app" literally takes one message. wait time is 1 minute or less and you can send it to your parents, non-technical friends. they can use it immediately in their texts! no download, no signup and you even get paid! for example, send the link to 100k new US users and we'll send you $100,000.00 create your first Recipe now at Poke.com 🌴

Just made my first poke recipe: an actual recipe curator! Choose when you receive unique, tasty meals to cook instead of ordering doordash. @interaction team has been innovating like crazy recently with poke 🔥🌴 poke.com/r/M9CW_A58QAS

@kr0der Where did you get it 👀

Poke is back? 👀 my Interaction merch is one of my fav shirts at the moment, it feels super high quality might be time to give Poke another shot

@Dianadotlu This is so cool!

Been gone from internet for a bit! Hiii again!! Made this while exploring ways of interacting with AI — select and control the output length through pinching More demos coming :)

@adoniscyril @interaction I think there are a few mcps out there that do google suites already

@gabsdv @interaction dude can you do this for google suite?

Poke by @interaction has been amazingly useful for Google Calendar, but it hasn't been able to read and update Google Tasks - until now. Introducing Google Tasks MCP ✅! Works seamlessly with agents, including Poke! Open source repo below, readme has steps for deploying

4. UIUC fourier traces

3. Conway's game of life

Creating easter eggs for UIUC's Claude Builder Club website 🧵 1. Wireframe terrain flyover

@alyx_so @jaykch Do you mind sharing where you got the phone assets?

@jaykch pre-rendered 3D + AE with planar tracking applied to the screens

product work, soar onboarding.

@claudeai Starting off strong in @UofIllinois! x.com/gabsdv/status/…

We're launching Claude Community Ambassadors. Lead local meetups, bring builders together, and partner with our team. Open to any background, anywhere in the world. Apply: claude.com/community/amba…

Saw this and knew I had to remake it in react native

Great turnout for the @Claudeai Builder Club kickoff at @UofIllinois! If you're a UIUC student, come to meetings for free 6 months of Claude Pro and a collaborative environment to work with AI. Open to all majors and technical backgrounds!