Henry AT

Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.

MIT offers 12 Books on AI & ML (FREE TO DOWNLOAD): 1. Foundations of Machine Learning cs.nyu.edu/~mohri/mlbook/ 2. Understanding Deep Learning udlbook.github.io/udlbook/ 3. Algorithms for ML algorithmsbook.com 4. Reinforcement Learning andrew.cmu.edu/course/10-703/... 5. Introduction to Machine Learning Systems mlsysbook.ai/book/assets/do… 6. Deep Learning deeplearningbook.org 7. Distributional Reinforcement Learning direct.mit.edu/books/oa-monog… 8. Multi Agent Reinforcement Learning marl-book.com 9. Agents in the Long Game of AI direct.mit.edu/books/oa-monog… 10. Fairness and Machine Learning fairmlbook.org 11. Probabilistic Machine Learning ❯ Part 1 : probml.github.io/pml-book/book1… ❯ Part 2 : probml.github.io/pml-book/book2…

@Frospigliosi Jajajaja, pasaras a la historia como el personaje mas Incongruente, incoherente, discordante, inconsistente, disonante mejor ser disparatado 😂 🤣.

Condolencias a la familia del presidente Alberto Fujimori. Luchó con férrea voluntad, hasta el final de su vida, por lo que creyó necesario para mejorar la vida de los peruanos. (Con AFF el 15/1/24).

Mientras nosotros dormíamos muy cómodos, los familiares de las víctimas de la represión de Dina Boluarte, han hecho vigilia frente al Palacio de Justicia durante 2 días seguidos en el suelo. Aguantaron el frío, el maltrato, la injusticia y siguen luchando. ¡Ni olvido, ni perdón!

segundo 25, Amelancolizar 🥹

LOL, using the tongue for other things.

El niño carga agua en un carrito de bebé. Alguien grita entre las ruinas, el gato escapa y los drones acechan. El apocalipsis en Gaza no es una película.

Ray-Ban Meta Smart Glasses look great, new forms of interaction are going to be consolidated

@Ojo_Publico @arivme Ojala se haga justicia algún día. R.I.P.

#11D A un año de su muerte, la familia de David Atequipa —adolescente de 15 años que falleció tras el impacto de un proyectil de arma de fuego en #Andahuaylas— vela sus fotos en su casa, junto con otros deudos de la represión a las protestas. 📹✍️Red Regional OjoPúblico / @arivme

Huaoooo 😱

This is going to revolutionize the way we interact with the world. With you "AI Pin"

UPDATE: Jay-Z is officially back on Instagram. Both him and his wife Beyoncé only follow each other 👀❤️

@LearningToan @Stanford learn

11 years ago, @Stanford created a 5 parts series to help students study more efficiently. It got over 3,000,000 views and helped 10000s of students. The series is hard to find on YouTube, so I've compiled it for you. 1. Like + Comment "learn" 2. Follow me @LearningToan And I will DM you.

Here are the 10 #ChatGPT plugins currently available in the @OpenAI Plugin Store: 1 - Speak 2 - Shop 3 - Expedia 4 - Zapier 5 - Wolfram 6 - Milo Family AI 7 - Instacart 8 - Klarna Shopping 9 - Kayak 10 - OpenTable ↓

@marquitus_dev @jcfmunoz 🤣🤣🤣🤣🤣

Por favor... estoy al borde del colapso. iCloud Drive me ha recreado mi carpeta de Keynote porque sí, sin yo pedir nada, y he perdido TODOS mis archivos de formaciones, presentaciones... El trabajo de varios años. Y no hay nada en los Time Machine. ¿Alguien que me pueda ayudar?

A clip from Don’t Look Up, and then a real TV interview that just happened

What's new in Swift 5.6? Existential any, type placeholders, CodingKeyRepresentable, #unavailable, and more! - Read the full article here: hackingwithswift.com/articles/247/w… - Try the Xcode playground: github.com/twostraws/what… - Compare all Swift versions: whatsnewinswift.com