Giuseppe Pagnoni

Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.

A nice podcast 'debate' with a colleague who has slightly different views about consciousness than me. (I had to leave 15 minutes before the end -- they ran over the allotted time -- in case you wonder why I suddenly disappear from the conversation! youtu.be/R7insQBa-qo

Article: "Inferential planning in the frontal cortex" Coauthors: @FranDonnarumma Thomas Parr @jcrwhittington @GiovanniPezzulo biorxiv.org/content/10.110…

I'm very excited to share that my very first first-author paper is now published🎉 doi.org/10.1016/j.neun… Here are the key points of our work: ・Synaptic pruning is mathematically equivalent to statistical structure learning. (1/4)

Elegant theoretical derivations are exclusive to physics. Right?? Wrong! In a new preprint, we: ✅"Derive" a spiking recurrent network from variational principles ✅Show it does amazing things like out-of-distribution generalization 👉[1/n]🧵 w/ co-lead @dekelgalor & Jake Yates

Finally review on spontaneous activity as a generative model across species and scales is out @neuron sciencedirect.com/science/articl…

FYI: open access link to our new publication: Shedding Light on Changes in Subjective Experience During an Intensive... sciencedirect.com/science/articl…

Our lab has submitted a paper for a special collection in @SciReports 1 year and 3 months ago (!) and haven't received any reviews back yet. Communications with the editors were difficult and nonexistent lately. Anybody with the same experience? Suggestions?

I am looking forward to my extended Q&A with Karl Friston on Saturday, regarding artificial consciousness. npsa-association.org/events/follow-…

This was DISGUSTING!

@elonmusk @realDonaldTrump Trump is a bully and a buffoon!! He has tarnished the good name of this country!! The meeting with Zelenskyy in the Oval Office was an ambush created by Trump and Vance. It's absolutely deplorable!! I am so ashamed, and you should be, too!

Un litigio che farà la storia, nello Studio Ovale, davanti alle telecamere. Con Trump che mostra il suo volto peggiore: «Non hai carte in mano». E Zelensky: «Non sono venuto qui per giocare a carte».

BREAKING: President Zelensky tells Brett Baier what angered him the most in his exchange with Trump today. Zelensky only wants respect for his country and his people. That’s it. Trump completely disrespected Ukraine and Ukrainians and propped up Putin. America needs to wake up.

This is utterly repulsive! Trump and Vance just tried to humiliate Zelensky live on American TV, smugly demanding gratitude while openly mocking him like playground bullies counting favors. My respect for Zelensky—and my embarrassment as an American—just surged off the charts. I’m beyond disgusted!”

I have covered presidential politics for 40 years. This was the most juvenile display by a President and Vice President I have ever seen. Other presidents treated their enemies with more respect. This is a low point and a dark day for the US.

"I always hesitate to bring my political beliefs into this space. I don’t think my listeners would expect that from me and some of you will find it disappointing: not what you were looking for... " [1 of 2]

@RCarhartHarris @RickZeifman Really interesting. Simulated annealing comes to mind, where the energy of the system that gets minimized by the process of revision is the variational free energy

Extremely excited about this stellar work and new measure from @RickZeifman and co. The 'REB-Q' has a great future: "From relaxed beliefs under psychedelics (REBUS) to revised beliefs after psychedelics (REBAS)." pubmed.ncbi.nlm.nih.gov/39881126/

Our roadmap for the development of #scalable #aligned #AI from first principle descriptions of natural intelligence 🧠 A path based upon enabling artificial agents to learn a good model of the world that includes a good model of our preferences arxiv.org/abs/2410.00258

It was so much fun chatting with @veritasium about the principle of least action! And what a great video Derek and his team made. Hope you enjoy it! youtu.be/Q10_srZ-pbs?fe…