Joined June 2016
- Tweets 2,888
- Following 857
- Followers 484
- Likes 31,705
215 Photos and videos
vchrombie retweeted
Jun 2
not all of us were made to cook. some of us were made to have conversations with the person cooking.
449
24,659
168,226
2,965,092
vchrombie retweeted
May 25
I believe everyone who is obsessive about their productivity should (attempt to) have their own version of a TODO list.
I built my own TODO app: No Voids.
2 main motivations: I wanted something personal. And something that is only personal.
There’s an ocean of apps in this space. Many of them great, and a few I managed to stick to. I know the places where I usually stay consistent, and the common reasons I fall off. Most apps either got in the way of my strengths or didn’t help cover my weak areas.
The top apps also drift toward teams: delegation, comments, sprints, workflows. I don't need all that.
So I built something that works for me.
2
1
4
100
vchrombie retweeted
May 12
"Babe wake up"
We got another supply chain attack
Microsoft is investigating mistralai PyPI package v2.4.6 compromise. Attackers injected code in mistralai/client/__init__.py that executes on import, downloads hxxps://83[.]142[.]209[.]194/transformers.pyz to /tmp/transformers.pyz, and launches a second-stage payload on Linux. The file name transformers.pyz appears deliberately chosen to mimic the widely used Hugging Face Transformers library and blend into ML/dev environments.
The main payload is a credential stealer, but it also includes country-aware logic; it avoids Russian-language environments and contains a geo fenced destructive branch that has 1-in-6 chance of executing rm -rf / when the system appears to be in Israel or Iran.
To mitigate this threat: isolate affected Linux hosts, block 83[.]142[.]209[.]194, hunt for /tmp/transformers.pyz, pgmonitor[.]py, and pgsql-monitor.service, and rotate exposed credentials.
ALT Screenshot of mistralai PyPI package v2.4.6 compromise
16
109
1,634
164,279
vchrombie retweeted
Apr 22
Remembering the innocent lives lost in the gruesome Pahalgam terror attack on this day last year. They will never be forgotten. My thoughts are also with the bereaved families as they cope with this loss.
As a nation, we stand united in grief and resolve. India will never bow to any form of terror. The heinous designs of terrorists will never succeed.
5,460
14,360
81,761
34,879,365
vchrombie retweeted
Mar 27
For my friends who are still using UV and might be a little weary about recent compromises to PyPi packages, stick this in your pyproject.toml.
You can let all of those pip users find and report the compromises...
67
487
4,078
287,404
vchrombie retweeted
Mar 27
If you use GitHub (especially if you pay for it!!) consider doing this *immediately*
Settings -> Privacy -> Disallow GitHub to train their models on your code.
GitHub opted *everyone* into training. No matter if you pay for the service (like I do). WTH
github.com/settings/copilot/…
391
905
5,118
586,514
vchrombie retweeted
Mar 27
With agentic slop, we are trading software reliability for shipping velocity and calling it progress. It isn't. Systems are more fragile than ever, and engineers building them no longer trust their code to hold up in real-world edge cases.
I am pro-AI, but this will backfire - big time.
152
186
2,199
90,721
vchrombie retweeted
Mar 25
- XZ utils backdoor: found by guy debugging 200ms latency
- LiteLLM hack: found by guy debugging oom issue
These could have been the most impactful compromises ever.
Forget security vendors, weaponize your engineers’ autism.
56
467
4,206
149,501
vchrombie retweeted
Mar 24
LiteLLM HAS BEEN COMPROMISED, DO NOT UPDATE. We just discovered that LiteLLM pypi release 1.82.8. It has been compromised, it contains litellm_init.pth with base64 encoded instructions to send all the credentials it can find to remote server self-replicate. link below
307
2,241
9,328
5,851,153
vchrombie retweeted
Mar 14
someone built a VS code extension
that turns your claude code agents into pixel art characters working in a little office
each agent gets its own character
> typing when it's writing code
> reading when it's searching files
> speech bubble when it's waiting for you
> sub-agents spawn in with matrix animations
you can even customize the office lol
this is the most unnecessary thing i've ever wanted to install immediately
free AND open source too
84
185
2,732
242,128
vchrombie retweeted
Mar 11
Designers & Builders 👀
Something is wrong in this dashboard table. Most people miss it at first glance.
But once you see it, you can’t unsee it.
Guess what’s wrong here in this table 👇
1
3
10
241
vchrombie retweeted
Mar 11
One thing worth remembering:
Typography decisions shouldn't stop in Figma.
If the behaviour isn’t implemented in code, the interface will fall back to default font behaviour.
Use font-variant-numeric: tabular-nums in your code.👨💻
1
1
2
61
vchrombie retweeted
Feb 5
“We used to review every line of code before it went into production”.
163
1,203
17,696
616,874
vchrombie retweeted
Jan 30
My OCD watching February fitting 4 clean weeks aligned in calendar
72
2,471
25,760
329,479
vchrombie retweeted
Jan 23
401
403
429
500
Jan 21
You cannot write a random number and expect people to understand
300
695
8,276
958,185
