If Prograis shows up at 70% of what he once was, he will splatter Connor Benn all around the ring.
English
Lewis Cowell
11.7K posts
Lewis Cowell
@LewisCowell
Husband | Dog Dad | Quoter of Films | Seller of Software
United Kingdom Sumali Temmuz 2010
570 Sinusundan519 Mga Tagasunod
Lewis Cowell nag-retweet
I spent my entire week working on an AI security deal and Anthropic decide to leak their Claude Code source code.
English
Listening to Jessie Buckley drone on about human rights with a flat background sound for 60 minutes straight really isn’t what I was expecting from a Max Richter concert. 1/10
English
Lewis Cowell nag-retweet
🚨 Andrej Karpathy just explained the scariest thing happening in software right now..
someone poisoned a Python package that gets 97 million downloads a month.. and a simple pip install was enough to steal everything on your machine..
SSH keys.. AWS credentials.. crypto wallets.. database passwords.. git credentials.. shell history.. SSL private keys.. everything..
and here's the part that should terrify every developer alive..
the attack was only discovered because the attacker wrote sloppy code.. the malware used so much RAM that it crashed someone's computer.. if the attacker had been better at coding.. nobody would have noticed for weeks..
one developer.. using Cursor with an MCP plugin.. had litellm pulled in as a dependency they didn't even know about.. their machine crashed.. and that crash saved thousands of companies from getting their entire infrastructure stolen..
Karpathy's take is the real wake up call.. every time you install any package you're trusting every single dependency in its tree.. and any one of them could be poisoned..
vibe coding saved us this time.. the attacker vibe coded the attack and it was too sloppy to work quietly.. next time they won't make that mistake.
Andrej Karpathy@karpathy
Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.
English
Lewis Cowell nag-retweet
How dudes feel after putting an egg on top of the microwave ramen
English
Lewis Cowell nag-retweet
Lewis Cowell nag-retweet
FIX YOUR LOWER BACK!
By popular demand, here’s my complete mobility routine for the lower back.
Nearly 2 years ago I severely herniated a disc at L5-S1. I narrowly avoided emergency surgery. Even before that I had struggled with chronic lower back pain for 10+ years.
I’ve spared no expense in my search for a cure. I tried everything short of invasive treatments (stem cells and surgery).
What I learned along the way is that much of what the medical establishment tells you about the cause and the cure for back injuries is WRONG.
The root cause of your chronic back pain is almost certainly *lack of mobility and strength* in the posterior chain (hamstrings, hips, glutes, back, abs) — especially the intricate scaffold of muscles up and down the spine.
That's why outcomes for back surgeries are so abysmal—it doesn't address the real problem.
So it stands to reason that the cure is to MOVE, building strength and range of motion.
For the first time I feel like I’m steadily gaining ground and have a real shot at coming back even better than before my injury. I’m already doing things (like Jefferson Curls) that I never thought would be possible.
Here’s my current program, which I consider a “best of” collection of mobility exercises for the back.
I do the full program about 3 times a week and a subset of the exercises (the first 5) another couple times.
🧵
English
Lewis Cowell nag-retweet
If you’re 35+ and want to stay strong, mobile, and pain-free…
Do these 5 moves daily.
Most people ignore this until it’s too late. 🧵
1. Deep Squat (2 minutes)
English
Lewis Cowell nag-retweet
"...those models have been extracted. It's called a distillation attack, Eli. I have unfettered access to your model so I generate millions of exchanges and use the outputs as training data"
"No, no, no, this is Claude, do you understand?"
"Do you understand, Eli? That's more to the point. Do you understand? I eat your data. I eat your compute. I eat it all up"
English
Lewis Cowell nag-retweet
Lewis Cowell nag-retweet
Lewis Cowell nag-retweet
this is actually insane
> be tech guy in australia
> adopt cancer riddled rescue dog, months to live
> not_going_to_give_you_up.mp4
> pay $3,000 to sequence her tumor DNA
> feed it to ChatGPT and AlphaFold
> zero background in biology
> identify mutated proteins, match them to drug targets
> design a custom mRNA cancer vaccine from scratch
> genomics professor is “gobsmacked” that some puppy lover did this on his own
> need ethics approval to administer it
> red tape takes longer than designing the vaccine
> 3 months, finally approved
> drive 10 hours to get rosie her first injection
> tumor halves
> coat gets glossy again
> dog is alive and happy
> professor: “if we can do this for a dog, why aren’t we rolling this out to humans?”
one man with a chatbot, and $3,000 just outperformed the entire pharmaceutical discovery pipeline.
we are going to cure so many diseases.
I dont think people realize how good things are going to get
Séb Krier@sebkrier
This is wild. theaustralian.com.au/business/techn…
English
Lewis Cowell nag-retweet
> be uk government
> make web portal for doing taxes
> companieshouse
> click file for different company
> enter company number
> prompt for auth
> hit back button 3 times
> authentication bypassed
> ???
> full information leaked
> can modify company details for uk gov
> ???
Dan Neidle@DanNeidle
I see some weird things but this takes the biscuit. A vulnerability in the Companies House website, that let anyone view the private dashboard of any one of the five million registered companies, see directors' personal details. And modify them.
English
Just met a cute girl at the wedding I'm at.
Like actually cute. Genuinely attractive human being.
We’re talking. Vibes are good. She's laughing at my jokes. I'm being charming.
Then she tells me what she does and drops it:
“I’m a Commercial AE at Grafana”
My ears PERKED up.
I played it cool. Said “Nice — what’s your attainment looking like?”
She said “I’m hitting quota pretty consistently.”
That’s where a normal guy would have said “Impressive” and gone for the number.
But I am not a normal person.
My brain flipped straight into sales manager mode and I said:
“What’s your current pipeline coverage? You actually using a proper sales methodology or just MEDDPICC? What’s your Stage 2 to Stage 4 conversion rate? Forecast accuracy month over month?”
She looked confused.
I kept going.
“How are you fudding Datadog? Are you laying strategic traps across every stage of the process? Or are you mostly running demos and hoping for the best? How are you integrating AI in your workflow?”
She said “I usually just do good demos and then send over proposals. It works most of the time.”
And I said “So you don’t actually sell. You’re basically taking warm leads and order taking, until it doesn't work and you crash out on a PIP.”
The vibe was GONE.
Her friend pulled her away. She didn’t look back.
I was standing there alone at the wedding holding a drink I wasn’t even sipping, running the mental math on whether someone with that weak sales motion could ever scale to enterprise without serious process and coaching.
My friend walked over and said “bro she was into you what happened”
I said “She’s an AE… but I don't think she'll get an Enterprise rep promotion anytime soon”
He said “so?”
SO???
I would rather DIE alone than let a rep with no real MEDDPICC discipline think we’re on the same level.
She had a pretty face but a DISGUSTING qualification process and I simply cannot overlook that.
Could’ve had her number.
But she knows I only respect Prez Club level performers.
And honestly? That’s worth more.
Study the Deal Director way.
Tony Chau@SaskioLoL
Just met a cute girl at the wedding i'm at like actually cute. genuinely attractive human being. we're talking. vibes are good. she's laughing at my jokes. i'm being charming. then gaming gets brought up, she says it "i play league" my ears PERKED up i played it cool. i said "oh nice what rank are you" she said "diamond 4" and that's where a normal person would have said "wow that's really impressive" and gotten her number but i am not a normal person my brain immediately went into autopilot and i said "what's your peak LP" she looked confused i kept going "do you duo? what's your solo only win rate. what champions do you play. are you a one trick or do you actually play the game" she said "i play lux support" and i said "so you don't actually play league of legends" the vibe was GONE her friend pulled her away. she didn't look back. i was standing there alone at a wedding holding a drink i wasn't even sipping doing MENTAL MATH on whether lux support can even maintain a 50% win rate in diamond without a duo my friend walked over and said "bro she was into you what happened" i said "she peaked d4 with lux support" he said "so?" SO??? i would rather DIE alone than let a lux support player think we're on the same level she had a pretty face but a DISGUSTING opgg and i simply cannot overlook that could've had her number but she knows i'm higher elo and honestly that's worth more Study the Saskio way
English
Lewis Cowell nag-retweet
Lewis Cowell nag-retweet
@earnings_watch They’re my employer so it wouldn’t be appropriate for me to speculate on their earnings!
English
@LewisCowell It's fascinating how market sentiment can shift based on new tech features. For $ZS, the current implied move of ±11.7% is notably below its historical average of ±14.8%.
Do you think this divergence could signal a buying opportunity if earnings come in strong?
English
Watching the like of $RBRK, $ZS, $PANW and $CRWD sell off because of a Claude feature that scans code for vulns, might be the biggest evidence that nobody knows what the fuck they doing when it comes to investing 💀
English
@LewisCowell You only liked it because of the British reference.
English