Simon Mavsar

@seba1337 @LukaRenko Vendar v samo zadnji par mesecih so te zadeve (eksponetno) napredovale s tem da je potenciala še veliko. Ali kot je rekel @LukaRenko , plafona se še ne vidi tako hitro.

@seba1337 @LukaRenko Po mojih izkušnjah imajo trenutno lokalni LLM-ji premalo dometa za bolj kompleksne zadeve, tudi online modeli so bili meh tam nekje do decembra lani meh.

Mislim da se mladini več ni treba učiti programskih jezikov, saj bo že tisti, ki so se ga naučili od mame in očeta dovolj za razvoj digitalnih rešitev. Še vedno pa bo potrebno vzpodbujati ustvarjalnost in podjetnost. Izziv za izobraževanje. #stateofai #education

@seba1337 @LukaRenko Pač bottom line je da se nivo abstrackije dviga, tako kot pretekla desetletja iz strojne kode/aslembljerja na vedno višje programske jezike/iterpreterje, se ta nivo sedaj dviga na materin jezik + seveda leogika, matematika, fizika, poznavanje racunalniskih arhitektur, itd...

@seba1337 @LukaRenko Seveda ločiti je potrebno tudi POC/greenfield projekte vs produkcija/legacy codebase, ampak tudi tu je ob pravilni uporabi dodana vrednost vedno večja/raste.

Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.

@LukaRenko Se pa zelo strinjam. Sam sem tega mnenja že kar nekaj časa (Sonnet 4.6). Od Opus 4.5/4.6 naprej se pa zadeve samo še pospešujejo v to smer...

@LukaRenko Sklepam, da si do teh zaključkov (vsaj deloma) prišel po hands-on agentic codingu na toolingu za rodoslovje?

Zna narediti veliko, ampak stetje mu pa ne gre...

Claude: You're right, 8 total. Let me cherry-pick and push to all 7 branches plus push master.

Claude: The last commit is 29adxxb. I'll cherry-pick it onto all other branches and push each one. That's 6 branches — shall I proceed?

@friedmandave Why?

Selling AI solutions to SMB is basically impossible. Was pitched this idea tonight. Avoid.

Ena za 8.marec...

Turnstile - I Wanna Be Adored (The Stone Roses cover) What a cover 👏🏻

Black Mirror material