RESTful APIs may be dead soon. Instead, web services may expose a single POST entry point for a prompt. Internally, an AI agent may decide how to interpret it and what to do with the data and the database.

Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.

🚨 IBM to acquire Confluent for $11B Just two months after the rumor leaked, we now have a name - $IBM. As I mentioned then, there were signs. $CFLT's business was struggling. Is this a good sign? Not really. IBM is a household name but not for anything good (its software). It's been a "dying company" for decades now, but its stock price keeps performing. Some people call it a cockroach - a company that doesn't innovate but simply can't die. 🪳 I don't have any beef with IBM but there are two quotes that stand out to me: > "Good software goes to IBM to die" > "IBM is a private equity firm disguised as a tech company" What's next for the data streaming industry? More consolidation. 💀 What's next for Kafka? I don't know. Keep in mind Confluent accounts for at least 60-70% of Apache Kafka contributions. It really depends on how IBM treats it. • Maybe they let Confluent run somewhat independent like Red Hat. • Maybe they divert all of that effort into proprietary tech and starve the OSS off. It's not an exciting acquisition in any case. It's probably one of the saddest way to end Confluent's journey. That's how life turns out sometimes. 💔

holy shit, this is the most beautiful react app I've seen openDAW: a next-generation web-based Digital Audio Workstation — link to github below