Introducing Devin Desktop: the next generation of Windsurf
Manage fleets of local and cloud agents from one surface
Support for any ACP-compatible agent
With a full IDE for when you need to jump into the code
Introducing Claude Opus 4.7, our most capable Opus model yet.
It handles long-running tasks with more rigor, follows instructions more precisely, and verifies its own outputs before reporting back.
You can hand off your hardest work with less supervision.
To stop ants coming in to your house leave a saucer of milk outside. The adult ants drink it & it has an effect on ant reproduction. The young are born without toes so they can't climb in to your
cavity walls.
This effect is called lack toes in toddler ants.
Software horror: litellm PyPI supply chain attack.
Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords.
LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm.
Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks.
Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages.
Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.
Was talking to a Polish American friend who took retirement recently. Asked him if he is going to travel the world. He said he prefers traveling within US and Canada visiting the National parks and Alaska in future. He has turned a new Toyota Sequoia into a mini camper. This is just an American thing.
America is huge with endless roads, excellent camping options, inexpensive gas (compared to Europe especially- gas price in US - gallon less than $3. Europe, the liter price converted into gallon - $7:60 to $9.80/gallon depending on the country), ease of language convenience, safety and the range of terrains from beaches to deserts to mountains to plateaus, glaciers and geysers make Americans not look beyond US. They might add Canada but otherwise they are a contented travelers.
🚨 Did You Know: 10 years ago, Infosys was one of the earliest backers of OpenAI. They invested alongside Elon Musk, Peter Thiel, AWS, and others ($1B → ~$45B today).
Instead of doubling down, they fired their CEO Vishal Sikka, and now their stake is worth nothing.
How could this possibly happen? Who is Vishal? More below:
We just launched ChatGPT Go in India, a new subscription tier that gives users in India more access to our most popular features: 10x higher message limits, 10x more image generations, 10x more file uploads, and 2x longer memory compared with our free tier. All for Rs. 399. 🇮🇳
✨Announcing LangExtract! ✨
Our new open-source Python library for information extraction, powered by #Gemini.
✅ Turn text into structured data
✅ Trace every insight to its source
✅ Visualize results instantly
Explore the blog by @AkshayGoelMD and Atilla: https://t.co/FM4DW1aKfS
#DevTools #MachineLearning #Python
Most AI professionals know this but rarely say it out loud: most of your time won't be spent on the AI part. The unspoken reality is that 80% of your work is data wrangling, evaluation setup and handling edge cases.