Sabitlenmiş Tweet
𝐚𝐥𝐢𝐜𝐞 ✨
9.5K posts
𝐚𝐥𝐢𝐜𝐞 ✨ retweetledi
𝐚𝐥𝐢𝐜𝐞 ✨ retweetledi
𝐚𝐥𝐢𝐜𝐞 ✨ retweetledi
The talking over each other's timing was masterful.
English
@thmaist I have a lot of Scorpio & Pluto placements myself 😅 and this post was just about Sun signs!
English
I’m not prejudiced against people based on zodiac signs but I am absolutely prejudiced against people who are prejudiced against others for their zodiac signs lol
English
𝐚𝐥𝐢𝐜𝐞 ✨ retweetledi
Software horror: litellm PyPI supply chain attack.
Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords.
LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm.
Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks.
Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages.
Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.
Daniel Hnyk@hnykda
LiteLLM HAS BEEN COMPROMISED, DO NOT UPDATE. We just discovered that LiteLLM pypi release 1.82.8. It has been compromised, it contains litellm_init.pth with base64 encoded instructions to send all the credentials it can find to remote server + self-replicate. link below
English
𝐚𝐥𝐢𝐜𝐞 ✨ retweetledi
have you guys ever been so attracted to someone that ovulation feels like psychosis
English
i didn’t even know people were still buying routers in this day and age 🤨
Joe@JoePostingg
If your router is more than a few years old you should buy a TP-Link Archer BE3600 right now. Good home routers basically won't exist in six months, you'll have to buy an enterprise device if you want something that actually works.
English
𝐚𝐥𝐢𝐜𝐞 ✨ retweetledi
I think its time that women rule the world. The men have done more than enough damage.
Zoya🕊️@Zoya_ki_batein
First female Ngoni chief in Malawi ends child marriage. She has broken up 850 child marriages in three years.
English
STOP speaking injustice into existence. STOP saying “nobody will be investigated”, “nobody will face the consequences.” maybe you have the luxury of living comfortably in a fundamentally unjust world, but i and many others do not. so STOP making this the reality we live in
Bark@barkmeta
Let me explain what just happened 👇 5 minutes before the President announced a halt to attacks on Iran… someone placed a $1.5 BILLION bet on stocks going up and dumped $192 million in oil. 5 minutes… These trades were 4 to 6 times larger than anything else in the entire market. Whoever did this wasn’t guessing. You don’t risk $1.5 billion on a hunch. There was zero public indication this announcement was coming. No leaks. No press. Nothing. The only people who knew were in the room when the decision was made. Someone in that room picked up a phone. And within minutes they made more money than most Americans will earn in a thousand lifetimes. In a single trade. On a war that cost you $4+ a gallon gas and $16 billion in tax dollars. American citizens funded this war. Politicians are profiting from it. This is not the first time. Every major announcement from this administration has had massive suspicious trades right before it dropped. Tariff reversals. Policy shifts. War decisions. This is the most blatant insider trading operation in the history of American politics. It’s not even close. And it’s happening over and over in broad daylight. You would go to federal prison for trading on a tip from your cousin. These people are front running war decisions with billion dollar bets and nobody will ever ask a single question. Nobody will be investigated. Nobody will be charged. By tomorrow this will be buried under the next satisfying headline. Just like last time. And the time before that. The game is rigged. And they’re not even trying to hide it anymore…
English
𝐚𝐥𝐢𝐜𝐞 ✨ retweetledi
Hi r/relationships! I (32M, strawberry) have started to suspect my wife (28F, strawberry) and her boss (39M, eggplant) of
English
𝐚𝐥𝐢𝐜𝐞 ✨ retweetledi
𝐚𝐥𝐢𝐜𝐞 ✨ retweetledi
𝐚𝐥𝐢𝐜𝐞 ✨ retweetledi
Good morning America! Peach trees are blooming on our farm in Kentucky. I’ve planted about 14 different varieties here over the years.
English
𝐚𝐥𝐢𝐜𝐞 ✨ retweetledi
