Clem

@badlogicgames Legend

@dotta We need more content like that to demonstrate how Paperclip can be used to its full potential!

I'm challenging myself to make sure I setup at least one Paperclip Routine per day that makes Paperclip better Today I'm having it pull my bookmarks and write a report on what we could do to make Paperclip better

@karpathy I put together a read-only Bash audit script to help people check their own machines for affected LiteLLM installs and references, including 1.82.7 and 1.82.8: gist.github.com/promptinprod/1…

Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.

@hnykda I put together a read-only Bash audit script to help people check their own machines for affected LiteLLM installs and references, including 1.82.7 and 1.82.8: gist.github.com/promptinprod/1…

LiteLLM HAS BEEN COMPROMISED, DO NOT UPDATE. We just discovered that LiteLLM pypi release 1.82.8. It has been compromised, it contains litellm_init.pth with base64 encoded instructions to send all the credentials it can find to remote server + self-replicate. link below

@pierreeliottlal reddit

In less than a year, we managed to get more than 13M organic views on Reddit. It brought over 100,000 people to our website without spending a cent. We put together a Reddit Strategy Playbook that gets me 1M+ organic impressions/month… and makes my posts show up consistently inside AI outputs (ChatGPT, Gemini, etc.). Here’s what’s inside the playbook: 😈 How We grow my SAAS gojiberryAI with Reddit 🔥 The 3+1 post formats that always go viral 🚫 How to get traffic from 100 subs → without getting banned 🔎 Our Reddit SEO method to rank in AI-generated answers ⚡ The automation flows we use to convert views into demos 🏴‍☠️ A little bonus just for you Want the full 1M Views/Month Reddit Strategy (100% Organic)? Here’s how to get it: ✅ Repost this post ✅ Comment “REDDIT” I’ll send it straight to you.

@viperr Love it! I've added the possibility to use it with liked tweets as I like instead of bookmark github.com/viperrcrypto/S…

I just open sourced Siftly, a self-hosted AI knowledge base for your X bookmarks. Most people save thousands of tweets and never use or find them again. Siftly fixes that with a full AI pipeline that runs locally on your machine. Here's what it does:

@levelsio Short it

Ummm guys

@soliton_ earni.fi

Excited to share I've been accepted in the Educators fellowship @1WriteofPassage by @david_perell! I loved witnessing how many of my peers like @AustinScholar or @anafabrega11 found their words through the program. Curious to experience it myself.

@LFC @takumina0116

Taki 🥰

one of the biggest inefficiencies of our time is that every software engineer has like three $50M businesses just sitting in a folder called ~/Desktop/side-projects

amazing to think that “Yo” could have achieved product-market fit if they had simply survived long enough to pivot to “gm”

PleasrDAO but for bail funds and canceling debts instead of fractionalizing dog pics

Why so many people with a startup idea never ship

If founder is the smartest person in the startup, The startup ain't going anywhere.

Decentralized Web3 is probably less prone to DNS issues. Just saying.

I'll never understand why funding rounds are celebrated like guaranteed success stories for startups.

web2 vs. web3