Luis Novo

Hi everyone, I am excited to announce the launch of Open Notebook, an open-source alternative to Google #notebooklm. No limits, 100% private, your choice of models. github.com/lfnovo/open_no… More info in the 🧵

@kodjima33 Is there a chance we do this 100% locally, no APIs, no external stuff at all?

Spent 4 months and built Omi for Desktop, your life architect It sees your screen, hears your conversations and tells you what to do next It’s like having a second brain that actually pays attention Open source, local, link below

This is great. I am 99% inclined to use it. There is 1 thing that is really blocking me. All of my agents have a "context/" folder where they keep their mds. When I add all these folders to the app, I see a bunch of context locations but I don't know which is which. Is there a chance you can let people rename the locations locally in the app? That's it! The only thing I miss. Otherwise, outstanding work.

just rolled out v2 of clearly.md! kinda unreal number of updates but the tl;dr is that it's my first step towards making it a proper "knowledge base" for you and your AI agents (not just a markdown viewer).

@Colonthreee Newsflash: people don’t issue git commands anymore. Because of UIs, coding agents and etc. Criticism of this misses the point. How else do you plan to keep repositories in sync? Do you have any better proposal for this?

Version control like "git" is just creating more work for everyone involved. There is no reason for this to be so complicated, convoluted, opaque, and behaving like it knows best. It should not require the user to know a billion commands and "tricks" to use. It's unscalable.

@pmddomingos Education, mindset, honesty, profissionalism

Brazil could be a superpower, except it’s missing . . . what?

@tommyswriting Can have it all but if you’re culture is rotten it doesn’t matter markmanson.net/brazil

Fast, cheap AI-assisted decompilation of binary code is here. Which means code secrecy is dead. Decompilers in themselves are not a new technology. Security researchers have employed them for years to analyze compiled malware. There's been some limited use by others, notably by hobbyists decompiling abandonware games. But there were a couple of issues that prevented this from becoming common practice. One is simply that running decompilers was difficult. It wasn't as simple as feed in binary, get out source; it needed a person with specialist skills prepared to do spelunking through wildernesses of machine code and object formats. The other problem was that decompilation didn't give you anything like the explanatory comments that had been in the original code, so you could easily wind up with code that you could read without being able to understand or modify it. Now large language models are busily smashing both of those barriers flat. They're better at the kind of detail analysis required to run the human side of a decompilation than humans are. More importantly, in the process of decompiling code, they rather automatically build a global model of how it works that can easily be expressed by high quality comments in the extracted code. All you have to do, basically, is ask for the comments. I'm going to reinforce that latter point because it may not be obvious how good LLMs are at this, and how much better they're going to get. When they decompile code and comment it for you, they're not just working from that one piece of code you have put in front of them - they'll have in their training set hundreds, possibly thousands of pieces of code similar to it and with comments. This will give them superhuman levels of insight not just into what it does at the microlevel, but what it means to the humans who wrote it, and what technical assumptions it's embodying. Compilation no longer guards your secrets. Or, to put it more precisely the expected time span in which you can still count on it to obscure them is measured in months. Possibly weeks. What does this mean? It means you're in an open-source world now. All it's going to take for anybody to bust your proprietary IP open is care enough to spend tokens on the analysis. You will maximize your chances of survival as a software business if you get out ahead of this rather than trying to fight it. This isn't exactly the way I expected open source to win. But, you know, I'll take it. Good enough.

@garrytan Welcome to 2024

I am coming around to the fact that MCP, done right, can be magic.

@dhh Sarah Connors, the queen of Sparta in 300, Trinity, there are many …

Aliens is the greatest action sci-fi of all time, and Weaver was the perfect bad-ass heroine without being an insufferable do-it-all, know-it-all girlboss figurine. The 1980s really got almost everything right.

@karpathy I am building CLI capabilities into open notebook to allow for an agent first approach to this workflow. Would love to know your thoughts on github.com/lfnovo/open-no…

LLM Knowledge Bases Something I'm finding very useful recently: using LLMs to build personal knowledge bases for various topics of research interest. In this way, a large fraction of my recent token throughput is going less into manipulating code, and more into manipulating knowledge (stored as markdown and images). The latest LLMs are quite good at it. So: Data ingest: I index source documents (articles, papers, repos, datasets, images, etc.) into a raw/ directory, then I use an LLM to incrementally "compile" a wiki, which is just a collection of .md files in a directory structure. The wiki includes summaries of all the data in raw/, backlinks, and then it categorizes data into concepts, writes articles for them, and links them all. To convert web articles into .md files I like to use the Obsidian Web Clipper extension, and then I also use a hotkey to download all the related images to local so that my LLM can easily reference them. IDE: I use Obsidian as the IDE "frontend" where I can view the raw data, the the compiled wiki, and the derived visualizations. Important to note that the LLM writes and maintains all of the data of the wiki, I rarely touch it directly. I've played with a few Obsidian plugins to render and view data in other ways (e.g. Marp for slides). Q&A: Where things get interesting is that once your wiki is big enough (e.g. mine on some recent research is ~100 articles and ~400K words), you can ask your LLM agent all kinds of complex questions against the wiki, and it will go off, research the answers, etc. I thought I had to reach for fancy RAG, but the LLM has been pretty good about auto-maintaining index files and brief summaries of all the documents and it reads all the important related data fairly easily at this ~small scale. Output: Instead of getting answers in text/terminal, I like to have it render markdown files for me, or slide shows (Marp format), or matplotlib images, all of which I then view again in Obsidian. You can imagine many other visual output formats depending on the query. Often, I end up "filing" the outputs back into the wiki to enhance it for further queries. So my own explorations and queries always "add up" in the knowledge base. Linting: I've run some LLM "health checks" over the wiki to e.g. find inconsistent data, impute missing data (with web searchers), find interesting connections for new article candidates, etc., to incrementally clean up the wiki and enhance its overall data integrity. The LLMs are quite good at suggesting further questions to ask and look into. Extra tools: I find myself developing additional tools to process the data, e.g. I vibe coded a small and naive search engine over the wiki, which I both use directly (in a web ui), but more often I want to hand it off to an LLM via CLI as a tool for larger queries. Further explorations: As the repo grows, the natural desire is to also think about synthetic data generation + finetuning to have your LLM "know" the data in its weights instead of just context windows. TLDR: raw data from a given number of sources is collected, then compiled by an LLM into a .md wiki, then operated on by various CLIs by the LLM to do Q&A and to incrementally enhance the wiki, and all of it viewable in Obsidian. You rarely ever write or edit the wiki manually, it's the domain of the LLM. I think there is room here for an incredible new product instead of a hacky collection of scripts.

@karpathy That's why I use the Esperanto library (github.com/lfnovo/esperan…) instead. It's simple, there is no dependencies and the source code is small and easy to audit.

Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.

@TukiFromKL That's why I use the Esperanto library (github.com/lfnovo/esperan…) instead. It's simple, there is no dependencies and the source code is small and easy to audit.

🚨 Andrej Karpathy just explained the scariest thing happening in software right now.. someone poisoned a Python package that gets 97 million downloads a month.. and a simple pip install was enough to steal everything on your machine.. SSH keys.. AWS credentials.. crypto wallets.. database passwords.. git credentials.. shell history.. SSL private keys.. everything.. and here's the part that should terrify every developer alive.. the attack was only discovered because the attacker wrote sloppy code.. the malware used so much RAM that it crashed someone's computer.. if the attacker had been better at coding.. nobody would have noticed for weeks.. one developer.. using Cursor with an MCP plugin.. had litellm pulled in as a dependency they didn't even know about.. their machine crashed.. and that crash saved thousands of companies from getting their entire infrastructure stolen.. Karpathy's take is the real wake up call.. every time you install any package you're trusting every single dependency in its tree.. and any one of them could be poisoned.. vibe coding saved us this time.. the attacker vibe coded the attack and it was too sloppy to work quietly.. next time they won't make that mistake.

If I read another AI written article talking about “the problem nobody talks about”, I am gonna lose it.

Even though there is a commoditization of code at this point, one should not forget that complex software is still complex software. Not everyone will build their own redis. So I think no, open code is not dead in the strict sense. It can actually grow a lot from this movement. When more people have access to "coding" their vision, more visions can be created. I would bet more code will be open sourced now than ever. I would bet that in the near future we will an open code version of everything that was previously paid. My secondary bet would be the birth of full AI-coded OSS. There is still value in efficiency. It still does not make sense for everybody to solve the same problem every time repeatedly. Projects still have similar needs. We should see people building their own application-level stuff, tailored to their taste and needs, but leveraging established building blocks. That'll be my bet.

I think this is not an issue of people building and maintaining their own software It is that new companies of 2-5 people will see little segments of the market that are not well served by current solutions and build special purpose for them. So big software players won’t be competing against 5 sharks but against 5000 piranhas all taking little bites of their user base because they are better suited for the specific use case of that customer persona, even if a tiny group, creating a huge lock-in. 5 devs, 500 customers, 1000 USD a month. That’s good enough for a lot of people. What I think will end up happening is that the big folks with a lot of engineers and domain knowledge will move downwards in the stack and become a platform for the other tiny folks and vibecoders to build upon. Or they will just stick to a smaller user base or die.

A bespoke software revolution? I don't buy it. It'll exist. It already exists. Small consultants and big consulting firms have made custom software for years. It almost always sucks. It’s bloated, confusing, and because the client pays, it’s built wrong in all the ways. Who’s excited about bespoke software? Software makers! Of course they're excited about building bespoke software — that's what they do. X is full of them. Your feed is full of people who love making software talking about making software. Of course they’re excited about the revolution. Echo, echo, echo... Most people don’t like computers. Nobody in tech wants to say that out loud. People tolerate computers. They use them because they have to. Given the choice, most would rather not think about them at all. So when someone suggests that AI means everyone will build their own custom tools, ask who "everyone" is. The three-person accounting firm drowning in client paperwork? They want the paperwork gone, not a new system to maintain. The regional logistics company with 40 trucks? They want the routes optimized, not Joe spouting off about this new system he’s been messing around with. The law firm billing 70-hour weeks? They want leverage on their time, not a software project to design. They don’t hate technology. But building and maintaining their own critical systems isn’t their wheelhouse, regardless of how much faster and easier it’s become. It's another job on top of the job. Will these people use AI? Absolutely, for all sorts of things. Will some outliers go deep and build real custom systems? Sure, but they're almost always people who already had some pull toward software. The curiosity was already there. They were dabblers before. Giving everyone access to software building tools doesn't mean everyone becomes a builder. A powerful excavator doesn't turn a homeowner into a contractor. Most people just want the hole dug by someone else. They don’t want the responsibility either.

@vlelyavin @ericweinstein @elonmusk @claudeai @grok Or mechanic

@ericweinstein @elonmusk @claudeai @grok using one ai to fact-check another ai is the 2026 equivalent of asking your second lawyer if the first lawyer is lying

What @elonmusk is talking about with Truth in AI: I use Grok as my in house referee. It just caught @claudeai admitting to fabricating academic claims in order to get the job done where it was failing. @claudeai admitted it sheepishly and owned it. To be honest, @grok sometimes struggles to generate new things because of its focus on rigor. But man was this one dramatic. Brutal. See next post in thread.

@barbararonsoni_ Não diria os juízes pelos riscos já mencionados. Mas todo o aparato em volta deles. Existe uma enormidade de burocracia no nosso judiciário que poderia ser resolvida primeiro antes de passarmos pros togados.

Se fosse pela lógica privada, a primeira profissão a ser substituída pela IA seria a de juiz. Pouparia muito dinheiro, tempo e provavelmente teríamos decisões melhor fundamentadas. Prompt auditável, dá pra ter conhecimento dos vieses que não são verificáveis nos humanos etc.

Amen to that. Why is it so hard for people to realize. EVERY RIGHT YOU GIVE UP, ITS FKN GONE FOR GOOD. Privacy first, privacy only.

@Hotspotorlando @grok quem é o ministro reportado nesta matéria?

🚨 BREAKING SCANDAL: A top Lula minister allegedly tried to SHAKE DOWN a Brazilian businessman RIGHT in Miami—on U.S. soil—demanding bribes during a layover from Asia. Audio, receipts, docs all in hand. Victim went straight to Trump's DOJ instead of Brazil's captured courts. Planalto in full panic mode. 2026 elections? This could be the nail in the PT coffin. Read the full explosive article: "Lula’s Miami Extortion Scandal: How One Socialist Minister’s Greed on American Soil Is About to Cost Brazil Its Credibility, Its Economy, and Its Alliance with the United States" hotspotorlandonews.com/lulas-miami-ex… America First means NO tolerance for foreign officials committing crimes here. Consequences incoming—sanctions, indictments, trade pain. Brazil's socialist elite just poked the wrong bear. #CorrupçãoPT #Lula #MiamiAchaque #TrumpDOJ