mist

THIS IS FUCKING WILD! a humanoid robot named Edward Warchocki chased away a herd of wild boars in Warsaw.. it was shouting "GO AWAY!" in Polish as the animals fled into the forest.

Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.

The antidote for brain rot is books. The antidote for brain rot is books. The antidote for brain rot is books. The antidote for brain rot is books. The antidote for brain rot is books. The antidote for brain rot is books. The antidote for brain rot is books.

12 Kubernetes commands you should master for troubleshooting: 1. kubectl get pods - Shows all running containers in your cluster so you can see which ones are healthy or crashed 2. kubectl describe pod [name] - Gives detailed information about a specific pod including why it failed to start 3. kubectl logs [pod-name] - Displays the output messages from your application to see errors and what went wrong 4. kubectl logs [pod-name] --previous - Shows logs from a crashed container that restarted so you can see what caused the crash 5. kubectl exec -it [pod-name] -- bash - Opens a terminal inside your container to investigate files and run commands directly 6. kubectl get events --sort-by=.metadata.creationTimestamp - Lists recent cluster activities in order to trace what happened during an incident 7. kubectl top pods - Shows how much CPU and memory each pod is using to identify resource problems 8. kubectl get pods -o wide - Displays pods with extra details like which physical server they are running on 9. kubectl port-forward [pod-name] 8080:80 - Creates a tunnel to access your application directly from your laptop for testing 10. kubectl get pods --all-namespaces - Shows containers across all sections of your cluster not just the default view 11. kubectl describe node [name] - Reveals information about the physical or virtual servers running your containers 12. kubectl get pods --field-selector=status.phase=Failed - Filters to show only the pods that have crashed or failed Master these twelve commands and you will debug Kubernetes issues faster than most engineers with years of experience

Spent the whole day reading about CPU caches from this paper. Its super dense,there’s so much packed into it that I’ll definitely need to revisit the cache section again tomorrow or I’ll forget parts of it. Skipped the RAM section for now will read it after revisiting cache