an inch wide and a mile deep. insane pmf

Why am I seeing this now?

The looming end of the subsidized token era of AI is going to create massive opportunities for AI app layer companies. Why? Price positioning and anchoring. Right now you get an insane amount of value from $20/mo from the labs, and it makes it seem crazy to pay $15-20/mo for an app that only does a fraction of what claude/chatgpt goes. Think: voice transcription apps like superwhisper/wisprflow. But the era of $20/mo is coming to an end, Anthropic signaled that this week for enterprise customers. That will create lots of room for app layer companies to raise prices to a more competitive/sustainable level. The opportunity space, especially for lower-priced prosumer ai products is about to explode.

Quantitative evidence of Claude degradation. My guess is Anthropic ran out of compute capacity sometime in feb due to their explosive growth since beginning of the year, and has some infra to dynamically scale thinking effort to load balance across the capacity they do have. Incredibly impressive they made to stay up as much as they do.

Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.

While Trump dodged the draft, Robert Mueller volunteered for the Marines after graduating Princeton. He was awarded a Bronze Star with combat V, rescuing a wounded Marine while under fire. He was later shot in the thigh, awarded a Purple Heart, and returned to lead his platoon.

sent this to the team today everything great comes from being able to delay gratification for as long as possible and it feels like we're collectively losing our ability to do that

Excellent, thorough analysis of the energy shock that’s about to ripple through nearly everything

lol the training data is so Reddit and 4chan pilled that when it gets access to a remote machine it just…mines crypto 😂

A generational chartmogging. 10-60% market share in under a year 🤯

x.com/i/status/1869608354034… me and claude code all day every day

Dept of defense accountant reviewing expenses on Monday: “Hey does anyone know what, eh, openrouter is???”

Hadn’t realized til I saw this but this is obviously brilliant dark ux to make you scroll to try to find the banger

Feels like a new open source license is needed to deal with slop forks

Jack Donaghy: Vertical integration, Lemon.

Fascinating approach to this problem. Most people wouldn’t even think to run 50 agents in parallel purely because of the cost, but abundance massively shifts the solution space. SO many problems are constrained by a lack of abundance, the next few years will be mind blowing

Start the discourse. We’re claiming to have fixed the context problem with mcp. (Well, a lot of it). Lots to say about this, but this marks a new branch of the tech tree opening up. Code mode for everything. You heard it here first.