Anthropic hearing tomorrow gonna be lit, check out this list of questions from the judge storage.courtlistener.com/recap/gov.usco…

🚨BREAKING: Kentucky family rejects a $26 million offer to turn their farmland into a data center, roughly 10x the area’s going rate. “If it’s my way, I’ll stay and hold and feed a nation. 26 million doesn’t mean anything.”

Andreas Storm Love it. Great lore behind this and the sosumi sound en.wikipedia.org/wiki/Sosumi

It’s over

to all pwn2own gooners out there, headsup! in the last 4 hours litellm pypi package has been backdored and a bit of decoding shows, it steals almost every fucking key you got (that's the least it does) *An attempt in this category might be launched from the local apt's laptop*

tired: gpt wrappers wired: gpt rappers

YC btw

Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database

Daniel Hnyk Umm.. I literally just had an interview with LiteLLM for a backend role. had three interviewers who went in and out without any proper handoff. one of the interviewers didn’t know what a ‘stored procedure’ was glad I know my answer now

Or maybe… pay open source contributors…

malware will teach you more about OS internals than any other medium.

cutting costs, but idk who uses it?

one of my favorite images of all time, so chilling

anything to spend more tokens

Is LiteLLM the largest Python supply chain attack in history? I think so 1. Raw numbers: 97M monthly > PyTorch (~15 million, nightly only)

great advice, decoy your keys

banteg Strong disagree.. If an attacker can write a .pth file to your site-packages, they already have arbitrary write access to your Python environment. At that point you’ve lost… they could equally overwrite os.py, inject into sitecustomize.py, replace a

banteg scoping is not validation containment is not prevention venv scoping isn’t to stop .pth execution within the environment, it’s to ensure that a compromised environment doesn’t contaminate other environments or the system interpreter. “insufficient validation inside the blast