Ravi Balgi

Falling in love with someone can teach us how we can be in love with everyone and everything. When we are in love with someone, everything about them seems indescribably perfect. But when we look deeply into what is happening there, we can see that the love that reveals their perfection is not in them but in us. Our love is like a light we are shining on them, illuminating their lovely qualities. But it is also the loveliness of the light itself that we are enjoying. It is a great meditation to do when we are in love: To meditate on the quality of the love, independent of the beloved. To familiarize ourselves with it and see that it radiates from within us. When we see that this light is shining from us, we can learn to shine it on anything. In doing so we can learn that we do not love things because they are lovely. But rather, what we love becomes lovely. I do believe this is a large part of what we are here in this universe to do. To learn how to recognize that light. To learn that on the deepest level we are that light. It is not our lover that makes us whole when we fall in love. But rather it is the love that we love them with that makes us feel whole. Because in it we catch a glimpse of our true nature, which is a love that is already whole.

Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.

Agency > Intelligence I had this intuitively wrong for decades, I think due to a pervasive cultural veneration of intelligence, various entertainment/media, obsession with IQ etc. Agency is significantly more powerful and significantly more scarce. Are you hiring for agency? Are we educating for agency? Are you acting as if you had 10X agency? Grok explanation is ~close: “Agency, as a personality trait, refers to an individual's capacity to take initiative, make decisions, and exert control over their actions and environment. It’s about being proactive rather than reactive—someone with high agency doesn’t just let life happen to them; they shape it. Think of it as a blend of self-efficacy, determination, and a sense of ownership over one’s path. People with strong agency tend to set goals and pursue them with confidence, even in the face of obstacles. They’re the type to say, “I’ll figure it out,” and then actually do it. On the flip side, someone low in agency might feel more like a passenger in their own life, waiting for external forces—like luck, other people, or circumstances—to dictate what happens next. It’s not quite the same as assertiveness or ambition, though it can overlap. Agency is quieter, more internal—it’s the belief that you *can* act, paired with the will to follow through. Psychologists often tie it to concepts like locus of control: high-agency folks lean toward an internal locus, feeling they steer their fate, while low-agency folks might lean external, seeing life as something that happens *to* them.”

The month of November 1971, 52 years ago, Very important events were happening in our country. The year was 1971 and the month November. “If India pokes its nose in Pakistan, US will not keep its trap shut. India will be taught a lesson.” - Richard Nixon “India regards America as a friend. Not a boss. India is capable of writing its own destiny. We know and are aware how to deal with each one according to circumstances.” - Indira Gandhi Indian Prime Minister Indira Gandhi articulated these exact words sitting with the US President Richard Nixon in the White House, while maintaining an eye-to-eye contact. This incident was narrated by the then Secretary of State and NSA, Henry Kissinger, in his autobiography.