Alex

Blanche: When it comes to the FBI… Director Patel has cleaned house there too. There is not a single man or woman with a gun, federal agent, still in that organization that had anything to do with the prosecution of President Trump. President Trump for the first time in modern history has said I am the president and if you work in the executive branch, you work for me. And guess what? We can all read the constitution. He's right. And unfortunately, past administrations, Republican included, have just resigned themselves to putting up with partisan actors within the DOJ. We do not.

BARCLAYS: KEEP BUYING DESPITE MARKET FEARS Stocks have struggled this month, with the S&P 500 down 4.2% amid the U.S.-Iran war, rising oil prices, and persistent inflation. But Barclays says investors should stay invested. Strategist Ajay Rajadhyaksha argues fundamentals remain stronger than sentiment suggests, pointing to solid U.S. earnings and ongoing investment cycles. Markets appear to expect a short-lived conflict, with bonds and other assets pricing in a temporary inflation shock rather than prolonged disruption. Oil prices have risen, but not dramatically over the long term. Despite volatility, the S&P 500 is still within 6% of its record high, and market stress indicators have eased. Bottom line: uncertainty is high, but Barclays says it’s a “wall of worry” investors should keep climbing.

INDUSTRIAL METALS Markets are pricing in a global recession and demand destruction due to high energy prices right now. If it goes this way, we'll just have to wait until the cycle is complete. The one positive is that it's shock-driven, so we'll likely see the bottom much sooner than we'd normally have to wait for. SHORT-TERM TREND CHANGES SINCE LAST WEEK • SILVER – UNITED STATES: sideways 🟨 ➝ downtrend 🟥 • COPPER – UNITED STATES: sideways 🟨 ➝ downtrend 🟥 • PLATINUM – UNITED STATES: sideways 🟨 ➝ downtrend 🟥 • ALUMINUM – UNITED STATES: uptrend 🟩 ➝ sideways 🟨 • LITHIUM CARBONATE – CHINA: uptrend 🟩 ➝ sideways 🟨 • URANIUM SPOT PRICE – GLOBAL: sideways 🟨 ➝ downtrend 🟥 • TIN – LME, UNITED KINGDOM: sideways 🟨 ➝ downtrend 🟥 • ZINC – LME, UNITED KINGDOM: sideways 🟨 ➝ downtrend 🟥 MEDIUM-TERM TREND CHANGES SINCE LAST WEEK • SILVER – UNITED STATES: uptrend 🟩 ➝ sideways 🟨 • COPPER – UNITED STATES: uptrend 🟩 ➝ sideways 🟨 • PLATINUM – UNITED STATES: uptrend 🟩 ➝ sideways 🟨 • URANIUM SPOT PRICE – GLOBAL: uptrend 🟩 ➝ sideways 🟨 • ZINC – LME, UNITED KINGDOM: uptrend 🟩 ➝ sideways 🟨 COT CHANGES SINCE LAST WEEK • COPPER – UNITED STATES: neutral 🟨 ➝ negative 🟥 • PLATINUM – UNITED STATES: neutral 🟨 ➝ negative 🟥 • ZINC – LME, UNITED KINGDOM: neutral 🟨 ➝ negative 🟥 Medium-Term Trend: past 20 weeks | Short-Term Trend: past 20 days $SI / $SLV / $PSLV $PL / $PPLT $PA / $PALL $HG Highlight for the week, shown below. 👇

LiteLLM HAS BEEN COMPROMISED, DO NOT UPDATE. We just discovered that LiteLLM pypi release 1.82.8. It has been compromised, it contains litellm_init.pth with base64 encoded instructions to send all the credentials it can find to remote server + self-replicate. link below

Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.

Uranium All right, I may get some pushback on this one, but I sold half of my physical SPUT here. Please note that I bought it in mid-2021, rode it up, and rode it back to trend. Although I don't think it'll happen, I don't want to repeat that exercise. It's profit taking, as simple as that. Now I'll use the proceeds to hunt for other opportunities in this space, I think we have a decade to go here. Alternatively, if we settle over $100/lb for good, I may add back a bit higher.

Today, we’re releasing a feature that allows Claude to control your computer: Mouse, keyboard, and screen, giving it the ability to use any app. I believe this is especially useful if used with Dispatch, which allows you to remotely control Claude on your computer while you’re away.

Dear NATO partners, Thank you for your interest in Ukrainian drone technologies. Unfortunately, the transfer of modern drones is currently not possible. Their use requires serious training, and our instructors mostly speak Ukrainian. Many terms, as practice has shown, cannot be translated — they have to be experienced. There are also well-founded concerns that the equipment could fall into enemy hands. Given your current combat experience, we are not confident you would hold out even for three days. Please do not take this as criticism — rather, as an observation from the front line. As a compromise, we can offer upgraded Mavics. However, this would require approval from “Madyar.” As you know, he has his own conditions — including, but not limited to, the exclusion of Hungary from the EU. Additionally, we are ready to consider supplying outdated drones, for which the enemy already has electronic warfare countermeasures. If you manage to use them effectively, we can revisit the discussion about newer models. As for long-range and strike systems — their transfer is not possible in order to avoid escalation. This is a principled position. In terms of defensive solutions, we can allocate up to 100 units per month. We should note right away — we ourselves are short on them, as industry has not yet been fully converted to a wartime footing. Respectfully, Ukraine (a country that has been “holding out for three days” for five years)