Septuple Agent

Some people keeps looking me up on LinkedIn. I don't update that shit within reason.

Humorous to observe retail managers transition from being nice during their starting week to the end of their first month, when they begin conveying conceit.

People should start asking "Why would I need an app for that?" at this point.

Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.

This 1-pager from Xusheng Li on GDB internals of how watchpoints are implemented is a delight to read! (especially that double-write behaviour false positive - I did not know about that)

If CEOs were truthful about AI, they'd tell you that their own jobs should be replaced by AI before anyone else's.

Wow. This skit hits. It hits so hard it may've just murdered an industry. 💀

r/Polyamory users are 17 times more likely to use the word "neglected" in their comments compared to the average subreddit. This is higher rate than r/DeadBedrooms, r/MuslimMarriage, and r/Divorce.

Top resources for backend/systems learning: - OS Dev Wiki - Beej's Guides - Julia Evans' Blog - Low Level Programming University - Computer Science from the Bottom Up - Crafting Interpreters - The Linux Documentation Project - Writing an OS in Rust - Destroy All Software - Casey Muratori's courses - MIT OpenCourseWare - Compiler Explorer - Computer Systems: A Programmer's Perspective - Hacker News - Lobsters - /r/systems - ByteByteGo - High Scalability - Martin Kleppmann's Blog - Architecture Notes - The Morning Paper - Brendan Gregg's Blog - Dan Luu's Blog - Phil Eaton's Blog - Database Internals (book) - Designing Data-Intensive Applications - Systems We Love talks - Strange Loop conference videos - Papers We Love - CMU Database Group

The Leatherman Arc is awful.

If a balisong became a multitool, it would be a Leatherman Arc.

To live longer, stop exercising like a human.

In case anyone wants to get me a Wednesday present.

Today, we're introducing Spectre I, the first smart device to stop unwanted audio recordings. We live in a world of always-on listening devices. Smart devices and AI dominate our world in business and private conversations. With Deveillance, you will @be_inaudible.

The first two known exploits against live ZK circuits just happened, and they weren't subtle underconstrained bugs. They were Groth16 verifiers deployed without completing the trusted setup ceremony. One was white-hat rescued for ~$1.5M, the other drained for 5 ETH. 🧵

10 Most Expensive Sit Down Restaurant Chains in the United States

i built an entire x86 CPU emulator in CSS (no javascript) you can write programs in C, compile them to x86 machine code with GCC, and run them inside CSS

She explains that corporate life isn’t real. Everyone is acting, performing, and playing a role.