gsbonnet

@marclou yeah but the hardest part is breaking the silence when you're in a cave, trying to make yourself heard

There's something magical about digital products. You build once, and it works forever. Every day... - dozens of founders list their startups for sale - hundreds of messages from buyers are sent - millions of pageviews are stored in my database I can be sleeping or at the gym; the shop is open 24/7.

idea: a git for writers

just finished to rebuild Internet Book Project because I wanted something more like git to write stories online (crowd-written). Idea: anyone can write and contribute to an open book

It’is sec-news.ai just fyi

It feels so good when your AI security newsletter is so powerful that it properly summarises what you need to know from the IT security space for the last few days. Filtering the noise was a struggle, now fixed. Let’s see how to accelerate the news delivery now.

Then I am constantly surrounded by psychopaths All the plane is usually standing still and trying to rush out

Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.

@jackfriks Feedback so far?

okay i bought it. now i try for 1 week and if i dont love it ill return it

@joni_vrbt By reading the comments I am wondering if we’re living in the same world?

Name a tech company that has literally zero haters

Do you think there are still some guys out there coding without AI? Like, still looking on Stack Overflow for debugging Googling error codes Reading docs to understand how to use a library? I'm genuinely asking

@nikitabier define spamming is multiple posting considered as spamming?

The financial incentive to spam on X will decline enormously over the next 30 days and soon be negative.

@elonmusk Elon is basically explaining the stocks play you should have

Matter, Energy & Intelligence

@theannalux @1Password Not switching to a competitor is insane How do they justify this increase?

Classic inflation @1Password increases their price by 37%!! Jesus

@jackfriks Or this. I’m like you, I love Apple but don’t want to validate their price tag for their provided features. x.com/dariusdan/stat…

i tried looking for a 120hz monitor that has integrated webcam and lightning power connectivity other than the $4000 apple XDR and it’s looking bleak…

Alimentary job is unfortunately very real and difficult to quit once you’re in, and cost of living are getting so high that without your salary increasing you’re basically shifted to a lower range in the class pyramid, every year a bit more Then you survive during 45y I do agree to exit, but it’s not so easy

People born in servitude these days Your primary goal should be to exit servitude

@elonmusk @nikitabier @X @Support paid a full premium subscription to just get 7 views that's what I call being scammed

@elonmusk @nikitabier Can you please see my tweet @elonmusk @nikitabier @x @Support or am I just a ghost to you

hey @elonmusk / @nikitabier, can we have the possibility to mute the em dash please? currently it is not possible

Vibe-coding allows you to live the dream, like zuck did, but without Anthropic Legend

Claude Code is dead and just discovered I have a wife in the living room