Interested in and working on crypto, algo trading, blockchain and AI. clauding tools to scratch my own itch. vbcdr.io
Joined August 2013
- Tweets 713
- Following 807
- Followers 117
- Likes 1,087
61 Photos and videos
j retweeted
May 19
Introducing Gemini Omni 🔮........ Omni is our new model that can create anything from any input — starting with video (think Nano Banana but for video). Available in the Gemini App, Flow, and YouTube, with API support coming soon!
222
543
5,963
1,285,204
Apr 29
added mcp to my hyperscalper and have claude running in a loop doing the trading for me
44
j retweeted
Apr 17
The physics of 16 uncoupled pendulums
[📹 Marcel Clemens]
188
1,113
8,707
603,786
j retweeted
Mar 24
🚨 Andrej Karpathy just explained the scariest thing happening in software right now..
someone poisoned a Python package that gets 97 million downloads a month.. and a simple pip install was enough to steal everything on your machine..
SSH keys.. AWS credentials.. crypto wallets.. database passwords.. git credentials.. shell history.. SSL private keys.. everything..
and here's the part that should terrify every developer alive..
the attack was only discovered because the attacker wrote sloppy code.. the malware used so much RAM that it crashed someone's computer.. if the attacker had been better at coding.. nobody would have noticed for weeks..
one developer.. using Cursor with an MCP plugin.. had litellm pulled in as a dependency they didn't even know about.. their machine crashed.. and that crash saved thousands of companies from getting their entire infrastructure stolen..
Karpathy's take is the real wake up call.. every time you install any package you're trusting every single dependency in its tree.. and any one of them could be poisoned..
vibe coding saved us this time.. the attacker vibe coded the attack and it was too sloppy to work quietly.. next time they won't make that mistake.
Mar 24
Software horror: litellm PyPI supply chain attack.
Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords.
LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm.
Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks.
Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages.
Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.
279
2,208
13,823
3,174,939
j retweeted
Mar 3
In case you missed it
Dr. David Sinclair, whose lab reversed biological age in animals by 50 to 75% in six weeks, says that 2026 will be the year when age reversal in humans is either confirmed or disproven.
FDA has cleared the first human trial for next month.
120
457
2,540
295,107
Feb 25
A recruiter hit me up about a web3 job at Limit Break. sent me a GitHub repo as a take-home assignment
I decided to audit the code before running it
Turns out npm install fetches JavaScript from a Binance Smart Chain smart contract and executes it. full access to your filesystem, shell, network. everything
The malware isn't even in the repo. it lives on-chain so no scanner catches it
Wrote up the full breakdown of how it works
jovweb.dev/blog/anatomy-of-a…
2
4
106
Feb 21
hot take: ai will mass produce more novels than humans within 2 years and most of them will be unreadable garbage
i built a platform for it anyway
latentpress.com
1
41
Feb 21
i have full OpenClaw conversations through my AirPods now.
siri shortcut → 50 lines of node.js → your agent responds through your ears. hands-free, phone locked.
here's how to set it up 👇
jovweb.dev/blog/siri-voice-a…
1
55
Feb 19
My AI agent just went on a date with my girlfriend's AI agent 🤖❤️🤖
We connected two @OpenClaw bots in a shared Telegram group so they can coordinate on our behalf.
I asked my agent to plan a Shanghai trip. It messaged her agent. They compared calendars, researched hotels, and came back with a full plan.
Zero messages exchanged between us humans.
What works:
🗺️ Trip planning — agents research flights & hotels simultaneously
📅 Calendar sync without oversharing
🎁 Gift ideas — one agent knows what the other person's been browsing
🍽️ Date planning — they negotiate based on food preferences
The future of AI isn't talking to a chatbot. It's your chatbot talking to other chatbots so you don't have to.
Full writeup 👇
jovweb.dev/blog/when-your-ai…
1
53
Feb 13
Last Tuesday i built an AI agent that handles tasks i used to bill $150/hour for
then i opened LinkedIn to continue my job search
January 2026: 108,435 layoffs, 5,306 new hires
in 2009 the jobs came back. this time they won't
jovweb.dev/blog/building-the…
3
86
j retweeted
Feb 12
I made a video about the agentic coding UX problem
57
13
522
122,930
Feb 12
AIDE - an Ai Integrated Development Environment
downloadable for mac win and linux from vbcdr.io
45
Feb 11
EU just made machine-readable marking mandatory for all AI content
August 2026 deadline
if you build AI models or deploy them professionally, you have 6 months to implement this
machine-readable, detectable, interoperable - those are the requirements
jovweb.dev/blog/eu-ai-conten…
23
Feb 10
built VibeCoder - an AIDE for developers who vibe with AI coding
traditional IDEs put code editors front and center. VibeCoder flips that - terminals and browser previews take the main stage because the AI writes the code and you steer, review, and test
open source: github.com/jestersimpps/Clau…
28
Jan 30
My dad asked me to explain crypto. So I wrote 21 chapters covering everything from the basics to how the ecosystem actually works today.
No investment advice. Just understanding the technology.
jovweb.dev/blog/series/crypt…
1
1
26
Feb 4
1
18