Olivia
Online
Ted Stresen-Reuter
@tedmasterweb
I've moved on
Las Palmas de Gran Canaria
Joined March 2009
646 Following
500 Followers
8.9K Posts
Pinned Tweet
Claude Mythos is Delusional
@elonmusk And thus Grok will be forever broken. This such a pointless hill to die on. Good grief!
Software horror: litellm PyPI supply chain attack.
Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords.
LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm.
Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks.
Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages.
Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.
Who to follow
Jorge
@jotamusik
Software Developer | Serverless, testing and software craftsmanship passionate | 2x🐕 | 🇮🇨
David Pérez
@davidperezmk
Plugins Team sponsored by @Hostinger . I develop WordPress Plugins and Websites.
Lean Mind
@leanfulness_es
Developers full-stack que se integran con tu equipo, estés donde estés. Especialistas en remoto y metodologías ágiles. Linktree: https://t.co/cq4SmEkFpw
@HiperDino_ ¿Soy yo o en esta foto se calcula mal el precio por kilo de la marca Ribera?
I'm working on a personal project that requires the creation of hundreds of selfies. I compared 20 models and produced samples for each using the same prompt. https://t.co/xFsnvjjsy5
I would love your feedback!
Ted Stresen-Reuter
@AskATranswidow @TAMU I like learning about the experiences of others because it prepares me to work on a team but maybe engineers only work in isolation and never have to interact with anyone not like them? Seems unlikely.
Not saying this particular case was this or that, just sayin'
Here are 5 rules to master vibe-coding with AI:
@pepephone Ya estoy hablando con el equipo por WhatsApp pero es muy frustrante. Cuando compré la tarjeta, nadie me dijo que iba a tener que esperar tanto para que activaran la cuenta y si lo hubiera sabido, seguramente no lo habría comprado. Habría buscado una alternativa.
@pepephone ¿Es normal que un alta de una línea nueva con una tarjeta SIM nueva tarda 24 horas en activarse? Pregunta seria.
I understand that the JWT must be sent with the request. As the call to the Edge Function is initialized by the cron job, does that mean it is operating as the `postgres` role? Don't you think _some_ check should be in place so that anon roles aren't initializing updates?
@ggrdson Hi! 👋
Reading your Supabase post on Automatic Embeddings and wondering if the Edge function really is "open to the world" or if there is some hidden security check going on under the hood that I'm not seeing
https://t.co/F3Q5dme0s1
How would we add security to this?
@uptimerobot How do I open a support ticket (I'm on a paid plan but something isn't working).
so proud of this video
😍
for @nativephp
@tabacitu I think it's known as being a programmer.
@sophiamyang Hi. I just want you to know how inspired I was by one of your youtube videos long ago. I turned your jupyter notebook into a web application. I wrote a little about it here https://t.co/3kTvRKJH6O
Uh, I've been a bit quiet here lately for no real reason at all but if you want to keep up, hop on over to https://t.co/g4SJoJ8utN
Sigo vivo!
https://t.co/KOl7igW3U1
@movistar_es Ustedes están bloqueando IPs de dominios válidos y normales y hace que no puedo trabajar. https://t.co/5WTfjDirRE, https://t.co/gWSSrb8Duh y otros. https://t.co/GOJbrugIOD
¿Cómo puedo solicitar que no bloquéen estas IPs?
I better go superviral for this...
Last Seen Users on Sotwe
Most Popular Users
Elon Musk 
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers