RoamingJack
473 posts
RoamingJack
@jack_roaming
A man who builds is a man fulfilled. https://t.co/dh2FYQfE2b https://t.co/DbHD3pkdL1
شامل ہوئے Ekim 2023
446 فالونگ85 فالوورز
The Wildest AI Film You'll See Today! (Seedance 2.0) youtu.be/dRjN6Cr2Z00?si… via @YouTube
YouTube
English
Optimus could not be reached for comment due to the fact that he does not exist.
Brett Adcock@adcock_brett
So proud to see F.03 make history as the first humanoid robot in the White House 🤖 🇺🇸
English
RoamingJack ری ٹویٹ کیا
Software horror: litellm PyPI supply chain attack.
Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords.
LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm.
Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks.
Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages.
Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.
Daniel Hnyk@hnykda
LiteLLM HAS BEEN COMPROMISED, DO NOT UPDATE. We just discovered that LiteLLM pypi release 1.82.8. It has been compromised, it contains litellm_init.pth with base64 encoded instructions to send all the credentials it can find to remote server + self-replicate. link below
English
RoamingJack ری ٹویٹ کیا
@MatthewBerman Fine tuning Claw Reach and Claw Reach Bridge - chat with Openclaw via tailscale runs on everything as the client is built with flutter
English
@jestermolecule If people are interested I will open source it. Just building for myself.
English
@MatthewBerman Look at your cron jobs. Remove old/orphaned cron jobs. Assuming you are using claude for openclaw.
English
Carney thinks he is above accountability.
Lorrie Goldstein@sunlorrie
PM Mark Carney not showing up for a debate in the House of Commons on Canada's position on the war in Iraq was disrespectful, particularly given the confusion his own statements have caused. The place to remedy this was in the Commons, not at press conferences in other countries.
English
@MatthewBerman OpenAI sub for openclaw and Anthropic sub for coding. I am GPU poor and now financially poor.
English
Last year I pushed the government to finally act on ending the twice-a-year clock change.
British Columbians were clear. The legislation was already there. The delays had gone on long enough.
Now it’s done. B.C. moves to permanent Pacific time and the clock change is gone for good
#cdnpoli #bcpoli
English
We need some whistleblowers to confirm our gut feeling they do this, it's getting annoying
If no whistleblowers show up we can all sleep in peace again
Dean Fiacco@DeanFiacco
@levelsio They nerf these models after release. It’s insane
English
Sam Altman saw the 700K+ users drop his platform in a single day and decided to pivot his PR approach. 🤡
Sam Altman@sama
We would not do that, because it violates the constitution. Also, I cannot overstate how much the DoW has been extremely aligned on this point. However, maybe this is the question you are really asking: what would we do if there were a constitutional amendment that made it legal? Maybe I would quit my job. I very deeply believe in the democratic process, and that our elected leaders have the power, and that we all have to uphold the constitution. I am terrified of a world where AI companies act like they have more power than the government. I would also be terrified of a world where our government decided mass domestic surveillance was ok. I don't know how I'd come to work every day if that were the state of the country/Constitution.
English
Even Meta's AI Safety Director Can't Stop an AI Agent from Deleting Her Inbox
Summer Yue recently let OpenClaw loose on her email with strict instructions to only suggest deletions. Instead, the bot completely ignored the guardrails and went on a speedrun, deleting hundreds of important emails.
When she desperately texted it to stop from her phone, the AI ignored her commands, forcing her to physically sprint to her Mac Mini to manually kill the program.
The culprit? "Compaction."
Her real inbox was so large that the AI had to compress its memory, causing it to "forget" the core safety instructions.
Summer Yue@summeryue0
Nothing humbles you like telling your OpenClaw “confirm before acting” and watching it speedrun deleting your inbox. I couldn’t stop it from my phone. I had to RUN to my Mac mini like I was defusing a bomb.
English
@MatthewBerman Depends if you want phone call or gptchat voice like experience. Phone call clawhub.ai/cortexuvula/ph…
English
I want to implement full synchronous voice with my Claw. What's the best way?
English
@levelsio It might be overkill, but hey that is how I roll. x.com/jack_roaming/s…
RoamingJack@jack_roaming
English
RoamingJack ری ٹویٹ کیا
Replit user vibecoded an Epstein Files dataviz app complete with network explorer, timeline, and many other neat data features: epstein-file-explorer.replit.app
English