Robert Starsi

Supply chain attacks and OSS sustainability go hand in hand. I've semi-seriously joked for years that OSS upstreams should periodically purposely inject full vulns into their code and let downstreams fuck around and find out. Downstreams can pay to get the non-FAFO version. The not joke part is simply that OSS maintainers aren't a supply chain. OSS maintainers are not responsible for monitoring CVEs (because, they are not a supply chain). OSS maintainers are not at fault when bad shit happens to downstreams, because basically every OSS license (MIT, Apache, GPL, etc.) literally says: the software is provided "as-is, without warranty." You get what you pay for (that is to say: absolutely nothing!) Now, the joke part is that I do believe there is an ethical obligation to try to prevent harm downstream. But "try" is the key word. So, this isn't a serious proposal. But, if you're using OSS code and you're not paying for a license with a contract that promises some kind of warranty, you have no supply chain. You (the downstream user of an OSS lib) ARE the supply chain. To use a metaphor: physical goods have a real supply chain. Car manufacturers, chips, clothes, toys, etc. You have a signed commercial agreement with all your suppliers that promises quantity AND quality and blowback if either are missed. Thats a supply chain. If someone puts some chips on the side of the road with a "FREE" sign, then you integrate those into a product, then find out those chips are hacking customers, its your fault, not the person who dropped them on the side of the road.

Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.

You used to have your bet ideas in the shower, now you have a waterproof speaker. You used to get lost in thought waiting for the train, now you have a phone to fill the gap. You used to daydream on long flights, now there's a screen in your hand and on the seat in front of you. You used to think on your morning commute, now you have a podcast playing before you leave the house. We used to stare in to the sky or into a fire and let our minds drift, now we have TVs and phone to replace that. We filled every silence and lost all of our peace, creativity and ideas that lived within that silence.

opencode 1.3.0 will no longer autoload the claude max plugin we did our best to convince anthropic to support developer choice but they sent lawyers it's your right to access services however you wish but it is also their right to block whoever they want we can't maintain an official plugin so it's been removed from github and marked deprecated on npm appreciate our partners at openai, github and gitlab who are going the other direction and supporting developer freedom