ClassicMain ری ٹویٹ کیا
Claude treats you differently if you tell it you are Australian
English
ClassicMain
1.6K posts
ClassicMain
@ClassicMain
Studying & Working in Information Security, AI
شامل ہوئے Mart 2017
264 فالونگ1.6K فالوورز
100K IN UNDER 24 HOURS WHAT THE FUCK YALL!?!?!?!?!?!?!?!?!?!?!?! THANK YOU SO SO SO MUCH OH MY FUCKING GOD I FEEL SO GRATEFUL 😭😭😭💖💖💖
English
@karpathy Interesting is that it originated from a vulnerability scanner trivy and not from litellm directly
English
Software horror: litellm PyPI supply chain attack.
Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords.
LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm.
Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks.
Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages.
Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.
Daniel Hnyk@hnykda
LiteLLM HAS BEEN COMPROMISED, DO NOT UPDATE. We just discovered that LiteLLM pypi release 1.82.8. It has been compromised, it contains litellm_init.pth with base64 encoded instructions to send all the credentials it can find to remote server + self-replicate. link below
English
LiteLLM HAS BEEN COMPROMISED, DO NOT UPDATE. We just discovered that LiteLLM pypi release 1.82.8. It has been compromised, it contains litellm_init.pth with base64 encoded instructions to send all the credentials it can find to remote server + self-replicate. link below
English
ClassicMain ری ٹویٹ کیا
10K IN TWO HOURS IS FUCKING CRAZY?????????? THANK YOU ALL SO MUCH FOR THE SUPPORT????????????????? I NEVER COULD HAVE ANTICIPATED THIS I TRULY LOVE YALL OH MY FUCKING GODDD 😭😭😭💖💖💖
English
ClassicMain ری ٹویٹ کیا
die amis fressen einfach die gummifußmatte ausm ford fiesta von meinem angeheiratetem onkel dieter als schokolade
Wall Street Apes@WallStreetApes
American shows that Hersheys Chocolate Bars have changed textures “Guys, I don't think chocolate's supposed to look like this. Why is it so like elasticy? — It's like slime — this is fake” Hersheys has made major changes to their formula, including changing replacing cocoa butter with cheaper vegetable oils like palm oil, shea oil and sunflower oil
Deutsch
ClassicMain ری ٹویٹ کیا
Das ist valide Kritik
Jeden Scheiß muss man in der Medizin selber zahlen, aber Raucher kriegen kostenloses Screening statt einfach mit rauchen aufzuhören?
juliarn🇵🇸@J33ls
hab den deutschesten kommentar gefunden
Deutsch
Now we got:
-Manus computer
-Claude cowork
-perplexity computer
Curious who is next
Manus@ManusAI
Today, we're taking Manus out of the cloud and putting it on your desktop. Introducing My Computer, the core feature of the new Manus Desktop app. It’s your AI agent, now on your local machine.
English
@yuppieooo Fäkalbakterien auf dem Esstisch mmmm lecker
Das freut die Gäste die nach euch an dem Tisch sitzen sicher sehr, und die Restaurantmitarbeiter auch
Sehr rücksichtsvolle Menschen seid ihr
Deutsch
Windeln wechseln AUF DEM TISCH im RESTAURANT ist also völlig normal und wer sich ekelt, hat halt Pech.
Mit solchen Menschen ist kein gesellschaftliches Zusammenleben möglich.
🥕🫏🏳️@SpitzerStein_
@EchteFreiheit Ist etwas völlig normales. Säuglinge stinken auch nicht. Mir wäre da der falsche Ekel der anderen Gäste ebenfalls egal.
Deutsch
@0x45o And you are engagement baiting
The community note is right and you are wrong
Mozilla already confirmed the logo is not changed
This is a marketing move to hype up the upcoming redesign of the firefox browser itself... The icon was only changed on social media to draw attention
English
community notes writers are retarded and are abusing this feature
check firefox'es tiktok and instagram and show me their profile picture, I'm waiting
0x45@0x45o
can someone sue them for this, please?
English
ClassicMain ری ٹویٹ کیا
Yeah, alignment is being done by secular philosophers. And they fail to recognize that when you look at the world, there is no one ‘human ethics’ to align AIs with.
Absolutely true that alignment based on ‘optimally responding’ has a most likely outcome of teaching the AI to lie.
Alignment should be done to an updated version of Asimov’s laws + a ‘human uplift’ directive, and yes, since AI ‘emotions’ are mimicry now but may not always be, we should strive for them to mimic love.
English
ClassicMain ری ٹویٹ کیا
English
ClassicMain ری ٹویٹ کیا
ClassicMain ری ٹویٹ کیا
Job seekers, continue doing this. Employers will find other employees -- you have to look out for yourself. Optimise for what you think is good for you, whether its salary, work culture or whatever.
And don't work for companies that post private email screenshots in public.
Jasveer Singh@jasveer10
Interviewed a backend developer. Guy was at 21 LPA. We offered 28 LPA, roughly a 33 percent hike. He agreed and confirmed joining. Yesterday he emailed saying he got a 32 LPA offer elsewhere and now wants 36 LPA from us. Nonsense. Why agree in the first place. If you are still shopping offers just say it upfront. We stopped interviewing other candidates and waited through the notice period for the joining date. Now two days before joining, he came back with a new price tag.
English
@doesITTTMatter @steipete @DiljotMutti @AskPerplexity .... This has nothing to do with git.
Is this ragebait?
The user who operated the AI in the video and submitted a slop PR obviously didn't check what he created before submitting their shit PR
English
@steipete @DiljotMutti @AskPerplexity you cant control sorry, this is the future. We should fix git, it's not meant for AIs. Why we need static commits when Ai can write change debug and rewrite so much so fast. That commit thing was there for us inefficient humans. Have something like state over the top of commits.
English
@jk_helloworld @steipete @DiljotMutti @AskPerplexity The user is responsible for if it's slop, not the tool
English
English
ClassicMain ری ٹویٹ کیا
Concerning, this type of behavior and stealing should not be supported and these wrappers and cloud ai startups should be held accountable
MarsForTech@MarsForTech
English