Abhishek

Since an FIR has been filed against me, I want to ask the Health Minister a few questions. JP Nadda ji, why is FSSAI going after those who are raising questions instead of those accused of wrongdoing? In a Democracy, does an ordinary citizen not have the right to question alleged irregularities in public institutions? We exposed alleged corruption and irregularities in FSSAI’s recruitment process. Instead of investigating the matter, FIRs are being used against those speaking in the public interest. Is this accountability or an attempt to intimidate and silence dissent?

Recently my son asked me why he needs to do mental math when calculators exist. I told him if he doesn't, he will make irrational decisions throughout his life. Let me explain. Say you see two packs of snacks. A 500g pack for ₹100, and a 200g pack for ₹45. Which one should you buy? The math is not at all hard, but people who are scared of mental math will not do it. This is not such an important decision that you pull out a calculator for it. So you make the decision on vibes - say ₹100 "looks too high", or that the smaller pack costs "less than half of the biggest one" or some such. The problem isn't that you made a poor decision on snacks. It is that if you do this repeatedly, you train your mind to make decisions on vibes. Over time your reasoning muscle atrophies - so you start relying even more on vibes. Before you know it, you are taking even big decisions on vibes. Should I rent or buy a house? Let's decide based on "EMI affordability", not rental yield. Should I invest in this IPO? I have heard of the company's brand so I'm all in. It isn't only financial or quantitative decisions either - in my mind the math muscle and the logic muscle are closely correlated, so a decline in one certainly affects the other. Like the Arab who let the camel's nose inside the tent, fear of math is the first step towards thoughtlessness, and needs to be nipped in the bud. Intellectual laziness starts with snack prices.

Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.