Hacker News

USA Debt Clock - It’s depressing to look at, but I remind myself of this periodically. TurboQuant - I’m excited to see if this technology can reduce the resources needed to run AI. LiteLLM Package Compromise - As defenders lock down the attack surface of organizations, attackers will adapt and find ways to exploit vulnerabilities or weaknesses in other areas. Supply chain attacks are nothing new, but this one is remarkable.

LiteLLM was recently victim of a supply-chain exploit, where an attacker was able to run arbitrary code on infected machines. In the aftermath, I saw how uv provides a safety setting for this, and it would be good practice to add this to your pyproject.toml [tool.uv] exclude-newer = "1 week" or uv.toml: exclude-newer = "1 week" The docs provide multiple options to protect yourself.