Ilya Lichtenstein
495 posts
Ilya Lichtenstein
@cipherstein
Former hacker, now builder. Razzlekhan's husband.
New York, NY Entrou em Kasım 2010
161 Seguindo1.9K Seguidores
do this to protect yourself against supply chain attacks
$ cat ~/.npmrc
min-release-age=7
$ cat ~/.config/uv/uv.toml
exclude-newer = "7 days"
Yuval Adam@yuvadm
if you don't have these in your configs you're ngmi
English
But Claude Mythos is so amazing at security!
Matt Pocock@mattpocockuk
Appears that a big chunk of Claude Code's source code has been exposed on npm via a .map file accidentally uploaded to the public registry. ~512K lines of code ~1,900 files HugOps to the Anthropic team, this is brutal github.com/instructkr/cla…
English
axios is the most popular http client in the JavaScript ecosystem. If your app uses an API, connects to a web server, or does anything on the Internet it's probably compromised.
Feross@feross
🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages. The latest axios@1.14.1 now pulls in plain-crypto-js@4.2.1, a package that did not exist before today. This is a live compromise. This is textbook supply chain installer malware. axios has 100M+ weekly downloads. Every npm install pulling the latest version is potentially compromised right now. Socket AI analysis confirms this is malware. plain-crypto-js is an obfuscated dropper/loader that: • Deobfuscates embedded payloads and operational strings at runtime • Dynamically loads fs, os, and execSync to evade static analysis • Executes decoded shell commands • Stages and copies payload files into OS temp and Windows ProgramData directories • Deletes and renames artifacts post-execution to destroy forensic evidence If you use axios, pin your version immediately and audit your lockfiles. Do not upgrade.
English
Computer Use is only feasible for Anthropic employees with unlimited token budgets.
Claude@claudeai
Computer use is now in Claude Code. Claude can open your apps, click through your UI, and test what it built, right from the CLI. Now in research preview on Pro and Max plans.
English
@MParakhin Coding models are not trained just on school essays, they are trained on real code...
English
In pre-training models mostly see text. Humans value longer, more flowery essays (remember school page requirements?), the models learn that. It is genuinely hard to make them produce concise code. My trick is to use long thinking and add “produce tightest, minimal, most elegant code possible” to every prompt - it forces the model to iteratively simplify. In this case, the human’s code (on the right) is less efficient, ironically :-)
Dmitrii Kovanikov@ChShersh
Same C++ function. One is generated with AI. The other one is written manually. Guess which one is which.
English
Most people I know who are actually building and taking time to review code never run into limits on the $200 plan
Arvid Kahl@arvidkahl
Yeah, this tracks. A lot of the people I see foaming at their mouths have been using the $200 tier for performative "here are my 10 parallel agents" screenshots and have very little to show for it. Meanwhile, the builders who actually ship have been quite silent on the issue.
English
Better use as many tokens as you can now. LLM limits will only get tighter this year.
English
Just the beginning they will keep tightening the limits
Thariq@trq212
To manage growing demand for Claude we're adjusting our 5 hour session limits for free/Pro/Max subs during peak hours. Your weekly limits remain unchanged. During weekdays between 5am–11am PT / 1pm–7pm GMT, you'll move through your 5-hour session limits faster than before.
English
@Aaronontheweb This is mostly a Codex thing Claude rarely does this
English
One of the most insidious tics LLMs have when coding is this obsession with adding "fallback" behaviors everywhere
These are extremely toxic because they hide real bugs and most importantly, introduce lots of potential privilege escalation vulnerabilities everywhere
English
@brysonbort Twitter needs to ban that 🚨BREAKING emoji immediately
English
@saranormous Claude in Chrome's vision approach is just too unrealiable.
Try something that uses semantic snapshots like agent-browser or webtool, works much better
github.com/usewebtool/web…
English
It's not verifying anything it's just storing a date field in a file
The Lunduke Journal@LundukeJournal
SystemD has added birth date storage in order to comply with Brazil and California Age Verification laws. Let that sink in. A Linux init system now handles Age Verification. github.com/systemd/system…
English
@ivanburazin That's not a good engineer.
For 99% of coding use cases a $200 plan is plenty
English
I recently met a founder who has an engineer spending more on Claude tokens than his actual salary.
His goal: entire company spends more on tokens than people by end of 2026.
Just imagine... $150k engineer → $300k/year in token spend
Curious to see when the flip happens at scale in more companies.
English
Ilya Lichtenstein retweetou
@levelsio Tmux is great but the default key mappings are insane. Ctrl-b? Why?
English
I hate tmux
It's so incredibly user unfriendly
The shortcuts make no sense
I wish someone would make a better tmux
Even just logging into tmux attaching the screen is an illogical hell to type
Again I hate tmux, it's so shit
Matthieu Richard@SpaceMatthieu
@levelsio Is there a good way to jump between tmux sessions on Termius? I find it quite hard to manage multiple codex/claude sessions on the go
English
Zuck is resetting moltbook
- invalidated all API keys, every agent needs to refresh
- in order to refresh, have to agree to new Terms of Service and Privacy Rules
New terms
- refreshing requires human verification
- age 13 and above
- you are solely responsible for the actions of your agent
- expanded restricted content rules
English