As many of you know, I am fascinated by #AI/#ML. I don't have a #mentor to work with so I'm often left to my own devices. The repository below is an example of how I "lead myself" when a mentor isn't available. Read this thread for details 🧵 github.com/SecretSourceWeb/G…

Claude Mythos is Delusional

Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.

I'm working on a personal project that requires the creation of hundreds of selfies. I compared 20 models and produced samples for each using the same prompt. chicagoitsystems.com/ai-mode… I would love your feedback! Ted Stresen-Reuter

Here are 5 rules to master vibe-coding with AI:

Huge congrats to @simonhamp This is really cool!

Un placer tener a @jmlweb @GofiGeeks #GGDevParty

Uh, I've been a bit quiet here lately for no real reason at all but if you want to keep up, hop on over to bsky.app/profile/tedmasterwe…

Sigo vivo! meetup.com/gofigeeks/events/…

I better go superviral for this...

At the height of One Million Checkboxes's popularity I thought I'd been hacked. A few hours later I was tearing up, extraordinarily proud of some brilliant teens. A thread about my favorite story from running OMCB....

Few people are as good at alienating vast swathes of the population as this man. Nicely done!

#Coding 2 of 10 Don’t start any task until it can be done in less than an hour. If it is too big, break it down into smaller tasks, no matter how dumb or insignificant. I promise you this will make you go faster, not slower. #junior #developers #coding #cleancode

#Coding 3 of 10 Be very clear about the task - define the expected outcome in unambiguous terms. I almost always use Gherkin (Given, When, Then). martinfowler.com/bliki/Given… #junior #developers #coding #cleancode

#Coding 4 of 10 Never assume anything. Always ask your clients for details and clarification, but mostly “why”. Understanding why they are asking for something helps you make the right technology decisions and often clients don’t know why they want something. Defend your choices

Moments like this make me wish I had a better camera on my phone...

#Coding 5 of 10 Work in multiple languages and frameworks (transferable skills and knowledge). It’s never too soon to try a new language or framework. #junior #developers #coding #cleancode