Falguni Das Shuvo

Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.

Blimey!

@tahins 😁

Intelligence is what made us fast 😂

@GMJuditPolgar 8 for sure.

Which would be your seat❓️ #ChessConnectsUs

@Sensodyne_US Hi @Sensodyne_US , Thanks for the reply. I've already contacted mystory.bd@haleon.com. They replied that Haleon does not officially sell this product in Bangladesh. They have reached out to the appropriate department in France. I'll keep you posted if I get a reply.

Hi Falguni. We appreciate your bringing this matter to our attention; quality is of utmost importance to us. We would appreciate an opportunity to speak with you personally. Please call us at 1-866-844-2797 Mon-Fri 8 a.m. - 6:00 p.m. EST or send an email to mystory.us@haleon.com. Thank you.

Is it even a legitimate product? It says "made in USA" on the back. @Sensodyne_US

I didn't find any similar-looking products on the official Sensodyne websites. I'll be happy to provide more details if required.

@GithubProjects Inspired!!🤟🤟

sudo apt install --meow

@AmiiThinks @MPI_IS If you are interested in working with me at *the* RL powerhouse @UAlberta on robot learning on physical robots, please drop me a message. Retweets welcome 🙏

@dtrbchlr @AmiiThinks @MPI_IS @UAlberta I've always been fascinated by robot intelligence. RL + Robotics is my dream. I study RL, publish implementations, and try to fit NNs in ESP32 :). I'm taking my first steps alone due to a lack of collaboration. This opportunity would be like a dream come true. Super enthusiastic!

A bit late but still want to congratulate @RichardSSutton for his achievements in RL and AI & his huge positive influence on so many researchers! Guess it’s a good moment to announce that I joined @UAlberta 😎 Feeling honored to work alongside Rich and my other colleagues!

Yep, it does struggle with watch faces!!!

Happy New Year 🥳

Merry Christmas !!

Congratulations to @DGukesh for being the youngest world champion.

📢 GridMind: A hands-on RL companion! 🎯 Compatible with gymnasium environments. 📚 Accompanies readers of Reinforcement Learning: An Introduction (2nd ed.). 🐍 Try it: pip install gridmind 🐙 Explore: github.com/shuvoxcd01/Gri… #ReinforcementLearning #GridMind

🔗 GitHub: github.com/shuvoxcd01/Ran…

🚶‍♂️🎉 Presenting: Random Walk environment! 🌟 Dive into this custom Gymnasium environment that simulates a Markov Reward Process. Perfect for hands-on exploration of RL concepts and making learning fun! 🔗 PyPI: pypi.org/project/random… #ReinforcementLearning #RandomWalkEnv #AI

🚀 Implemented Tabular TD(0) Prediction! 🎉 It’s a small step in #ReinforcementLearning but a huge one for me. After digging into Sutton & Barto’s work, it feels great to see it in action. Check it out here: github.com/shuvoxcd01/TD-… 💻 #RL #MachineLearning #AI #OpenSource

Huge congratulations to @DemisHassabis and John Jumper on being awarded the 2024 Nobel Prize in Chemistry for protein structure prediction with #AlphaFold, along with David Baker for computational protein design. This is a monumental achievement for AI, for computational biology, and science itself. 🧬

Congratulations to John Hopfield and Geoffrey Hinton. This is a great inspiration. #NobelPrize #ArtificialIntelligence