More

jadamson · 2026-03-24T13:23:47 1774358627

In case you missed it, according to the OP, the previous point release (1.82.7) is also compromised.

dot_treo · 2026-03-24T13:30:49 1774359049

Yeah, that release has the base64 blob, but it didn't contain the pth file that auto triggers the malware on import.

jadamson · 2026-03-24T13:34:26 1774359266

The latest version with the the pth file doesn't require an import to trigger the exploit (just having the package installed is enough thanks to [1]).

The previous version triggers on `import litellm.proxy`

Again, all according to the issue OP.

[1] https://docs.python.org/3/library/site.html

jadamson · 2026-03-24T13:15:50 1774358150

Most his recent commits are small edits claiming responsibility on behalf of "teampcp", which was the group behind the recent Trivy compromise:

https://news.ycombinator.com/item?id=47475888

soco · 2026-03-24T13:33:26 1774359206

I was just wondering why the Trivy compromise hit only npm packages, thinking that bigger stuff should appear sooner or later. Here we go...

jadamson · 2026-03-21T23:29:17 1774135757

Little St. James

jadamson · 2026-03-21T07:35:16 1774078516

I don't understand your suggestion. If you're still showing one character after each character entered, what's changed?

What's the benefit of having a random character from a random set, instead of just a random character?

oneeyedpigeon · 2026-03-21T07:47:32 1774079252

I think the idea is that each character overwrites the previous, so you're never showing the total length (apart from 0/1!)

jadamson · 2026-03-21T07:53:36 1774079616

Ah, and the characters are supposed to be an ASCII spinner.

I think if I was new to Linux that would confuse the life out of me :)

NiloCK · 2026-03-21T07:53:38 1774079618

There's no persistent reveal of password length after you're finished typing. It reduces the length-reveal leak from anyone who eventually sees the terminal log to people who are actively over-the-shoulder as you type it.

ordu · 2026-03-21T09:46:49 1774086409

If you can see 1 char from set of 4 you know the number of characters modulo 4. If the minimum length of a password is 6, and probably it is no longer than 12 characters, then you can narrow the length to 1 or 2 numbers. It is marginally better than asterisks of course, of course, but it is still confusing.

NiloCK · 2026-03-21T15:21:31 1774106491

The original suggestion included randomizing the first character of the set, which removes this attack.

DrawTR · 2026-03-21T07:52:31 1774079551

They mean to have a static single character on the screen and have it change with every keypress. For example, you type "a" and it shows /. You type "b" and it shows "|", etc.

jadamson · 2026-03-15T19:12:48 1773601968

I like how some of the logos are inexplicably upside down:

https://office.eu/images/social-proof/tu-berlin.svg https://office.eu/images/social-proof/itzbund.svg

jadamson · 2026-03-12T02:14:59 1773281699

Safari is the highest for 10 tabs but second-lowest for 20? This reads like AI slop, but even if it's not, it's definitely blogspam with no methodology.

coloneltcb · 2026-03-12T03:33:23 1773286403

in practice, I can have ~infinte tabs in Safari on my M1 MBP. I'll have multiple windows with hundreds of tabs open and I've never seen it stutter once.

It's actually enabling my worst tab-hoarding tendencies. In the Intel days I'd pay a performance price at some point and have to tend to my tabs, but now they just keep propagating....

jadamson · 2026-03-11T10:24:10 1773224650

It signifies that someone notable in the industry has recently died, in this case Tony Hoare [1]

[1] https://news.ycombinator.com/item?id=47324054

jadamson · 2026-01-09T21:10:42 1767993042

It very much is the same incident.

commandlinefan · 2026-01-10T15:40:37 1768059637

Apparently it is, my mistake. Surprisingly that the angle makes it appear so different.

jadamson · 2026-01-08T01:47:57 1767836877

> Can you see which way a vehicles wheels are pointed when you are standing right in front of it?

You're moving the goalposts. You said she tried to murder him, she clearly did not. What the officer perceived is another matter.

silexia · 2026-01-08T04:06:19 1767845179

[flagged]

_DeadFred_ · 2026-01-08T05:49:02 1767851342

The officers were shouting at her to 'move move move'.

mindslight · 2026-01-08T17:50:31 1767894631

[flagged]

lamontcg · 2026-01-08T20:05:20 1767902720

You're more likely to get scolded here for accusing that person of being a shill/troll than to see them get removed for acting exactly like one.

That kind of neutral bias is selectively employed to protect right wing takes from getting attacked by more liberal ones.

Although, here's pg with a brief moment of insight:

https://xcancel.com/paulg/status/2009219891933630925

> hardcore Trump supporters are indistinguishable from bots.

That'd get him spanked on this forum if he didn't own it.

jacquesm · 2026-01-09T10:31:43 1767954703

Not enough insight to abandon X, and so still lending it and the bots legitimacy.

mindslight · 2026-01-10T04:06:39 1768017999

Your comment got me thinking -

Maybe pg should come back to this board, and make HN his primary venue. Does he really like getting backscatter from all the bots and botlike humans on xitter? He could still syndicate there.

Meanwhile, HN certainly could stand to use an opinionated benevolent dictator (or at least tone-setter), not mere "both sides" moderation (as heroic as it has been). With such an anchor we might be able to constructively discuss these problems without getting derailed by the handful of reactionary flamebaiters.

jacquesm · 2026-01-10T12:13:04 1768047184

He could start a mastodon instance tomorrow and within a couple of weeks it would be one of the larger ones.

Steltek · 2026-01-09T01:46:18 1767923178

I'm immediately reminded of this:

---

The moral of the story is: if you’re against witch-hunts, and you promise to found your own little utopian community where witch-hunts will never happen, your new society will end up consisting of approximately three principled civil libertarians and seven zillion witches. It will be a terrible place to live even if witch-hunts are genuinely wrong.

---

https://slatestarcodex.com/2017/05/01/neutral-vs-conservativ...

jacquesm · 2026-01-09T02:58:07 1767927487

It is unfortunately very true. For about 20 years I moderated a very large forum. We tried so hard to be even handed it was somewhat comical, and then one day I decided to just clean house. Things improved remarkably after that but there were always new people willing to see how far they could bend the rules. It's interesting how you get these new accounts on HN that immediately start lawyering with the rule book in hand. There is no way that that is organic.

Dan & Tom are so incredibly restrained, I'd be much more of a shoot-first-and-ask-questions-later type because the longer such behavior goes on the more people will believe it is acceptable.

silexia · 2026-01-09T05:46:52 1767937612

[flagged]

jacquesm · 2026-01-09T09:00:54 1767949254

> I am quite glad Dan and Tom run this and not you.

You should be.

> I would like to see all the far left cranks who have taken over what was once an entrepreneur / hacker / libertarian's forum banned.

Right...

For anybody that wants to see what I was getting at: check parents comment history. Showdead 'on'.

jadamson · 2026-01-07T04:57:21 1767761841

Ozone doesn't generate ions, ionizers produce ozone, and how much will depend on the device.