Kishore Neelamegam

Here’s what I’d do if I was in charge of GitHub, in order: 1. Establish a North Star plan around being critical infrastructure for agentic code lifecycles and determine a set of ways to measure that. 2. Fire everyone who works on or advocates for copilot and shut it down. It’s not about the people, Im sure theres many talented people, youre just working at the wrong company. 3. Buy Pierre and launch agentic repo hosting as the first agentic product. Repos would be separate from the legacy web product to start since they’re likely burdened with legacy cross product interactions. 4. Re-evaluate all product lines and initiatives against the new North Star. I suspect 50% get cut (to make room for different ones). The big idea is all agentic interactions should critically rely on GitHub APIs. Code review should be agentic but the labs should be building that into GH (not bolted in through GHA like today, real first class platform primitives). GH should absolutely launch an agent chat primitive, agent mailboxes are obviously good. Etc. GH should be a platform and not an agent itself. This is going to be very obviously lacking since I only have external ideas to work off of and have no idea how GitHub internals are working, what their KPIs are or what North Star they define, etc. But, with imperfect information, this is what I’d do.

Your frontends, now faster, on Railway Plus we’ve overhauled our network for increased reliability Let us know how it goes 🙏

I use Kimi 2.5(US). But its too damn slow from here. I used it for mundane non creative loops -- make Github CI go green for a job. Noticed as the context grows > 150K it starts slowing down. Tried @FireworksAI_HQ - it was fast Kimi K2.5. I am waiting Minimax 2.7 @FireworksAI_HQ

why is kimi k2.5 unbearably slow on one day and super fast 200+tps fast on another day

Noticed an image by name 24.7MB by @Docker `prizz/deep-dive`. Budged to delete claiming a container was running. But couldn't locate the container. Suspected it as malware and force terminated it. Turns out it's a docker extension for scan. But these day any cryptic unknowns cause a suspicious eye to make me go on a witch hunt with the LLM.

Exactly

Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.

@FireworksAI_HQ Liked it, very quick with Kimi K2.5 though I have credits in Moonshot. When are you guys supporting Minimax 2.7?

Brave just registered a .agent domain! We support the effort to have the .agent top-level domain managed by a community, instead of being owned by one company. Join the community and pre-register your domain here: agentcommunity.org

Told you.

Nice @AmpCode for this feature. Thank you sir. Usually end up buying credit to complete the run, Thank you for this. -$0.05USD Your balance is negative because we allowed a request to finish and return results to you despite its final cost exceeding your available credits.

Ubicloud is building the open source alternative to AWS and it's unbelievable what that means for running compute in the cloud Imagine this savings for every bit of your cloud spend. It's going to be marvelous. @UbicloudHQ

Also added Codex review on /office-hours It's like getting a whole other YC Partner in there for group office hours

if you’re in India, subscribing to @opencode just got a lot easier upi autopay is now live for opencode go ₹900/month for generous limits and reliable access to open source coding models

Introducing: Browser Use CLI 2.0 🔥 The most efficient browser automation CLI tool > 2x the speed, half the cost > Easily connect to running Chrome > Uses direct CDP Try it now 🔗↓

Imagine leaving a product requirements meeting and Replit is already building the MVP via Granola MCP.

I'm a big believer in open source, especially as AI improves. It was a miss to not mention the Kimi base in our blog from the start. We'll fix that for the next model 🙏 Their team clarified our usage was licensed in the tweet below. x.com/Kimi_Moonshot/…

this is excellent

For agentic systems founders and dev tools founders: People do not want to pay for raw markdown and they shouldn't have to. But they may pay for orchestration, hosting, updates, collaboration, portability, analytics, and managed execution. These can be great businesses.