@Ric_RTP@ylecun Geez I wasted a few minutes reading the comments in your thread. There’s your answer. Pelosi cheated, Trump uses a third party to invest and should be “allowed” to get rich since he’s running the country well.
@Ric_RTP@ylecun So what? If the goal is to share the corruption… thank you. If the goal is to stop the corruption… not gonna happen. I hope this wasn’t a surprise to Americans. If you elected Trump, then I hope you read up on his business tactics.
@trq212 How does going viral actually work!! Are people using the right tools to read/write markdown files? Try reading HTML without a browser! The question should be how do we improve a compressed document like markdown and keep HTML for UI-heavy documents.
@karpathy This whole markdown file topic got some crazy reactions. Are people using the right tools to read/write the markdown files? Try reading html without a browser!
We invited Claude users to share how they use AI, what they dream it could make possible, and what they fear it might do.
Nearly 81,000 people responded in one week—the largest qualitative study of its kind.
Read more: https://t.co/tmp2RnZxRm
Introducing OpenReward.
🌍 330+ RL environments through one API
⚡ Autoscaled sandbox compute
🍒 4.5M+ unique RL tasks
🚂 Works like magic with Tinker, Miles, Slime
Link and thread below.
@karpathy we should probably also treat this as a wake up moment for all noveau package managers - uv and bun presumptively - to make these entire classes of things far less risky, eg by adding a lot of guards on install scripts up to the point of manually approving baches of network calls
Software horror: litellm PyPI supply chain attack.
Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords.
LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm.
Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks.
Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages.
Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.
@Substack I went to share a link to a post and welcome.ed9069b4.js was blocked by a corporate firewall. https://t.co/FeOJaqiSSL is not blocked. DM if you want details.
@emollick We need open source to prevail. I don’t think we want hyper-personalized ad-packed Ai systems. Has anyone experienced Alexa answer your questions and then quickly follow with “did you know I could also…”? Imagine that 10x more personal.
Going Founder Mode On Cancer
https://t.co/vAqXIV5zvE
Sid Sijbrandij is a generational founder. He founded and led GitLab, one of the largest remote companies in the world, from idea-stage startup to NASDAQ-listed software giant.
But in 2022, a six centimeter mass growing from his upper spine threatened to end all of that. He had cancer.
What happened next is nothing short of remarkable. Sid went founder mode on his care journey. In the years since, he's deployed cutting-edge genomics to profile his disease. Based on this data, he's developed a growing armamentarium of personalized therapies.
As a result, his disease is now undetectable.
A simplistic version of this story could be, “Wow! A brilliant billionaire seemingly cured his cancer. Good for him!”
But as I’ve gotten to know Sid, it’s become abundantly clear to me that there is more to the story than that.
In an in-depth profile for The Century of Biology, I explore Sid's journey and what this might mean for the future of cancer care.
We estimate that GPT-5.3-Codex with reasoning effort `high` (not `xhigh`) has a 50%-time-horizon of around 6.5 hours (95% CI of 3 hrs to 17 hrs) on our suite of software tasks. OpenAI provided API access for this evaluation.