Malicious litellm 1.82.8: Credential Theft and Persistent Backdoor
https://www.reddit.com/r/programming/comments/1s2h4by/malicious_litellm_1828_credential_theft_and/
<!-- SC_OFF -->litellm, a famous python package got compromised and it executes on your system without even importing it — cloud creds, SSH keys, K8s secrets, crypto wallets, env vars and what not, all exfiltrated to the attacker's server. Full technical analysis: https://safedep.io/malicious-litellm-1-82-8-analysis/ <!-- SC_ON --> submitted by /u/No_Plan_3442 (https://www.reddit.com/user/No_Plan_3442)
[link] (https://safedep.io/malicious-litellm-1-82-8-analysis/) [comments] (https://www.reddit.com/r/programming/comments/1s2h4by/malicious_litellm_1828_credential_theft_and/)
https://www.reddit.com/r/programming/comments/1s2h4by/malicious_litellm_1828_credential_theft_and/
<!-- SC_OFF -->litellm, a famous python package got compromised and it executes on your system without even importing it — cloud creds, SSH keys, K8s secrets, crypto wallets, env vars and what not, all exfiltrated to the attacker's server. Full technical analysis: https://safedep.io/malicious-litellm-1-82-8-analysis/ <!-- SC_ON --> submitted by /u/No_Plan_3442 (https://www.reddit.com/user/No_Plan_3442)
[link] (https://safedep.io/malicious-litellm-1-82-8-analysis/) [comments] (https://www.reddit.com/r/programming/comments/1s2h4by/malicious_litellm_1828_credential_theft_and/)
Litellm 1.82.7 and 1.82.8 on PyPI are compromised, do not update!
https://www.reddit.com/r/programming/comments/1s2h8lt/litellm_1827_and_1828_on_pypi_are_compromised_do/
<!-- SC_OFF -->We just have been compromised, thousands of peoples likely are as well, more details updated IRL at the link Update: Callum McMahon, who discovered this, wrote an explainer and postmortem going into greater detail: https://futuresearch.ai/blog/no-prompt-injection-required <!-- SC_ON --> submitted by /u/ddp26 (https://www.reddit.com/user/ddp26)
[link] (https://futuresearch.ai/blog/litellm-pypi-supply-chain-attack/) [comments] (https://www.reddit.com/r/programming/comments/1s2h8lt/litellm_1827_and_1828_on_pypi_are_compromised_do/)
https://www.reddit.com/r/programming/comments/1s2h8lt/litellm_1827_and_1828_on_pypi_are_compromised_do/
<!-- SC_OFF -->We just have been compromised, thousands of peoples likely are as well, more details updated IRL at the link Update: Callum McMahon, who discovered this, wrote an explainer and postmortem going into greater detail: https://futuresearch.ai/blog/no-prompt-injection-required <!-- SC_ON --> submitted by /u/ddp26 (https://www.reddit.com/user/ddp26)
[link] (https://futuresearch.ai/blog/litellm-pypi-supply-chain-attack/) [comments] (https://www.reddit.com/r/programming/comments/1s2h8lt/litellm_1827_and_1828_on_pypi_are_compromised_do/)
Why Raft can’t safely commit old-term entries — from an implementation/debugging perspective
https://www.reddit.com/r/programming/comments/1s32qin/why_raft_cant_safely_commit_oldterm_entries_from/
<!-- SC_OFF -->I recently finished the MIT distributed systems labs and wrote up one Raft rule that took me some time to fully understand: why a leader cannot safely commit old-term entries just because they’re replicated on a majority. When reading the paper, this can feel like a detail you just accept and move on from. But during implementation/debugging, it becomes much more concrete. You start seeing why “replicated on a majority” is not enough by itself, and why the current-term restriction matters for safety. I tried to explain it from the perspective of someone implementing and debugging Raft, not just restating the theory. Article: https://abdellani.dev/posts/2026-03-23-why-raft-cant-safely-commit-old-term-entries/ I’d be curious how this clicked for others:
did it make sense immediately from the Raft paper, or only after implementing/debugging it? <!-- SC_ON --> submitted by /u/am0123 (https://www.reddit.com/user/am0123)
[link] (https://abdellani.dev/posts/2026-03-23-why-raft-cant-safely-commit-old-term-entries/) [comments] (https://www.reddit.com/r/programming/comments/1s32qin/why_raft_cant_safely_commit_oldterm_entries_from/)
https://www.reddit.com/r/programming/comments/1s32qin/why_raft_cant_safely_commit_oldterm_entries_from/
<!-- SC_OFF -->I recently finished the MIT distributed systems labs and wrote up one Raft rule that took me some time to fully understand: why a leader cannot safely commit old-term entries just because they’re replicated on a majority. When reading the paper, this can feel like a detail you just accept and move on from. But during implementation/debugging, it becomes much more concrete. You start seeing why “replicated on a majority” is not enough by itself, and why the current-term restriction matters for safety. I tried to explain it from the perspective of someone implementing and debugging Raft, not just restating the theory. Article: https://abdellani.dev/posts/2026-03-23-why-raft-cant-safely-commit-old-term-entries/ I’d be curious how this clicked for others:
did it make sense immediately from the Raft paper, or only after implementing/debugging it? <!-- SC_ON --> submitted by /u/am0123 (https://www.reddit.com/user/am0123)
[link] (https://abdellani.dev/posts/2026-03-23-why-raft-cant-safely-commit-old-term-entries/) [comments] (https://www.reddit.com/r/programming/comments/1s32qin/why_raft_cant_safely_commit_oldterm_entries_from/)
How the TeamPCP attack exploited CI/CD pipelines and trusted releases to release infected Trivy and LiteLLM packages
https://www.reddit.com/r/programming/comments/1s35ohw/how_the_teampcp_attack_exploited_cicd_pipelines/
<!-- SC_OFF -->TeamPCP attack shows how CI/CD can be abused by compromised pipelines to compromised repos to push out infostealers in the packages. Most notable ones were Aquasec's entire GitHub acc including Trivy repo and LiteLLM python package. <!-- SC_ON --> submitted by /u/raptorhunter22 (https://www.reddit.com/user/raptorhunter22)
[link] (https://thecybersecguru.com/news/teampcp-supply-chain-attack/) [comments] (https://www.reddit.com/r/programming/comments/1s35ohw/how_the_teampcp_attack_exploited_cicd_pipelines/)
https://www.reddit.com/r/programming/comments/1s35ohw/how_the_teampcp_attack_exploited_cicd_pipelines/
<!-- SC_OFF -->TeamPCP attack shows how CI/CD can be abused by compromised pipelines to compromised repos to push out infostealers in the packages. Most notable ones were Aquasec's entire GitHub acc including Trivy repo and LiteLLM python package. <!-- SC_ON --> submitted by /u/raptorhunter22 (https://www.reddit.com/user/raptorhunter22)
[link] (https://thecybersecguru.com/news/teampcp-supply-chain-attack/) [comments] (https://www.reddit.com/r/programming/comments/1s35ohw/how_the_teampcp_attack_exploited_cicd_pipelines/)
Open source isn't a tip jar – it's time to charge for access
https://www.reddit.com/r/programming/comments/1s3ams9/open_source_isnt_a_tip_jar_its_time_to_charge_for/
submitted by /u/henk53 (https://www.reddit.com/user/henk53)
[link] (https://theregister.com/2026/03/25/open_source_bill_opinion) [comments] (https://www.reddit.com/r/programming/comments/1s3ams9/open_source_isnt_a_tip_jar_its_time_to_charge_for/)
https://www.reddit.com/r/programming/comments/1s3ams9/open_source_isnt_a_tip_jar_its_time_to_charge_for/
submitted by /u/henk53 (https://www.reddit.com/user/henk53)
[link] (https://theregister.com/2026/03/25/open_source_bill_opinion) [comments] (https://www.reddit.com/r/programming/comments/1s3ams9/open_source_isnt_a_tip_jar_its_time_to_charge_for/)
The gold standard of optimization: A look under the hood of RollerCoaster Tycoon
https://www.reddit.com/r/programming/comments/1s3fj4b/the_gold_standard_of_optimization_a_look_under/
submitted by /u/r_retrohacking_mod2 (https://www.reddit.com/user/r_retrohacking_mod2)
[link] (https://larstofus.com/2026/03/22/the-gold-standard-of-optimization-a-look-under-the-hood-of-rollercoaster-tycoon/) [comments] (https://www.reddit.com/r/programming/comments/1s3fj4b/the_gold_standard_of_optimization_a_look_under/)
https://www.reddit.com/r/programming/comments/1s3fj4b/the_gold_standard_of_optimization_a_look_under/
submitted by /u/r_retrohacking_mod2 (https://www.reddit.com/user/r_retrohacking_mod2)
[link] (https://larstofus.com/2026/03/22/the-gold-standard-of-optimization-a-look-under-the-hood-of-rollercoaster-tycoon/) [comments] (https://www.reddit.com/r/programming/comments/1s3fj4b/the_gold_standard_of_optimization_a_look_under/)
Paper: What if independently deployable functions shared memory instead of serializing data between them?
https://www.reddit.com/r/programming/comments/1s3fnlu/paper_what_if_independently_deployable_functions/
submitted by /u/PlayfulLingonberry73 (https://www.reddit.com/user/PlayfulLingonberry73)
[link] (https://doi.org/10.5281/zenodo.19161471) [comments] (https://www.reddit.com/r/programming/comments/1s3fnlu/paper_what_if_independently_deployable_functions/)
https://www.reddit.com/r/programming/comments/1s3fnlu/paper_what_if_independently_deployable_functions/
submitted by /u/PlayfulLingonberry73 (https://www.reddit.com/user/PlayfulLingonberry73)
[link] (https://doi.org/10.5281/zenodo.19161471) [comments] (https://www.reddit.com/r/programming/comments/1s3fnlu/paper_what_if_independently_deployable_functions/)
Mojo's not (yet) Python
https://www.reddit.com/r/programming/comments/1s3gbuz/mojos_not_yet_python/
submitted by /u/eatonphil (https://www.reddit.com/user/eatonphil)
[link] (https://theconsensus.dev/p/2026/03/12/mojos-not-yet-python.html) [comments] (https://www.reddit.com/r/programming/comments/1s3gbuz/mojos_not_yet_python/)
https://www.reddit.com/r/programming/comments/1s3gbuz/mojos_not_yet_python/
submitted by /u/eatonphil (https://www.reddit.com/user/eatonphil)
[link] (https://theconsensus.dev/p/2026/03/12/mojos-not-yet-python.html) [comments] (https://www.reddit.com/r/programming/comments/1s3gbuz/mojos_not_yet_python/)
Redash's Python sandbox escape gives attackers full server access. Vendor says "use at your own risk"
https://www.reddit.com/r/programming/comments/1s40jgg/redashs_python_sandbox_escape_gives_attackers/
submitted by /u/sixcommissioner (https://www.reddit.com/user/sixcommissioner)
[link] (https://www.ox.security/blog/redashs-python-sandbox-escape-gives-attackers-full-server-access) [comments] (https://www.reddit.com/r/programming/comments/1s40jgg/redashs_python_sandbox_escape_gives_attackers/)
https://www.reddit.com/r/programming/comments/1s40jgg/redashs_python_sandbox_escape_gives_attackers/
submitted by /u/sixcommissioner (https://www.reddit.com/user/sixcommissioner)
[link] (https://www.ox.security/blog/redashs-python-sandbox-escape-gives-attackers-full-server-access) [comments] (https://www.reddit.com/r/programming/comments/1s40jgg/redashs_python_sandbox_escape_gives_attackers/)
How C++ Finally Beats Rust at JSON Serialization - Daniel Lemire & Francisco Geiman Thiesen
https://www.reddit.com/r/programming/comments/1s4261u/how_c_finally_beats_rust_at_json_serialization/
submitted by /u/BlueGoliath (https://www.reddit.com/user/BlueGoliath)
[link] (https://www.youtube.com/watch?v=Mcgk3CxHYMs) [comments] (https://www.reddit.com/r/programming/comments/1s4261u/how_c_finally_beats_rust_at_json_serialization/)
https://www.reddit.com/r/programming/comments/1s4261u/how_c_finally_beats_rust_at_json_serialization/
submitted by /u/BlueGoliath (https://www.reddit.com/user/BlueGoliath)
[link] (https://www.youtube.com/watch?v=Mcgk3CxHYMs) [comments] (https://www.reddit.com/r/programming/comments/1s4261u/how_c_finally_beats_rust_at_json_serialization/)
Upgrading Sea of Thieves From C++14 to C++20 Wasn't Easy Here's Why - Keith Stockdale - CppCon 2026
https://www.reddit.com/r/programming/comments/1s426l8/upgrading_sea_of_thieves_from_c14_to_c20_wasnt/
submitted by /u/BlueGoliath (https://www.reddit.com/user/BlueGoliath)
[link] (https://www.youtube.com/watch?v=b6j6SZiXmoo) [comments] (https://www.reddit.com/r/programming/comments/1s426l8/upgrading_sea_of_thieves_from_c14_to_c20_wasnt/)
https://www.reddit.com/r/programming/comments/1s426l8/upgrading_sea_of_thieves_from_c14_to_c20_wasnt/
submitted by /u/BlueGoliath (https://www.reddit.com/user/BlueGoliath)
[link] (https://www.youtube.com/watch?v=b6j6SZiXmoo) [comments] (https://www.reddit.com/r/programming/comments/1s426l8/upgrading_sea_of_thieves_from_c14_to_c20_wasnt/)
From zero to a RAG system: successes and failures
https://www.reddit.com/r/programming/comments/1s45e9i/from_zero_to_a_rag_system_successes_and_failures/
submitted by /u/BrewedDoritos (https://www.reddit.com/user/BrewedDoritos)
[link] (https://en.andros.dev/blog/aa31d744/from-zero-to-a-rag-system-successes-and-failures/) [comments] (https://www.reddit.com/r/programming/comments/1s45e9i/from_zero_to_a_rag_system_successes_and_failures/)
https://www.reddit.com/r/programming/comments/1s45e9i/from_zero_to_a_rag_system_successes_and_failures/
submitted by /u/BrewedDoritos (https://www.reddit.com/user/BrewedDoritos)
[link] (https://en.andros.dev/blog/aa31d744/from-zero-to-a-rag-system-successes-and-failures/) [comments] (https://www.reddit.com/r/programming/comments/1s45e9i/from_zero_to_a_rag_system_successes_and_failures/)
GitHub will use your repos to train AI models
https://www.reddit.com/r/programming/comments/1s45lme/github_will_use_your_repos_to_train_ai_models/
<!-- SC_OFF --> Important update On April 24 we'll start using GitHub Copilot interaction data for AI model training unless you opt out. Remember to opt-out fellows engineers. Important correction: As many of you noted, the title of the post is misleading. This update will impact only "GitHub Copilot interaction" and not "all your repos". Direct opt out link: Direct opt out link <!-- SC_ON --> submitted by /u/Ok-Lifeguard-9612 (https://www.reddit.com/user/Ok-Lifeguard-9612)
[link] (https://github.com/) [comments] (https://www.reddit.com/r/programming/comments/1s45lme/github_will_use_your_repos_to_train_ai_models/)
https://www.reddit.com/r/programming/comments/1s45lme/github_will_use_your_repos_to_train_ai_models/
<!-- SC_OFF --> Important update On April 24 we'll start using GitHub Copilot interaction data for AI model training unless you opt out. Remember to opt-out fellows engineers. Important correction: As many of you noted, the title of the post is misleading. This update will impact only "GitHub Copilot interaction" and not "all your repos". Direct opt out link: Direct opt out link <!-- SC_ON --> submitted by /u/Ok-Lifeguard-9612 (https://www.reddit.com/user/Ok-Lifeguard-9612)
[link] (https://github.com/) [comments] (https://www.reddit.com/r/programming/comments/1s45lme/github_will_use_your_repos_to_train_ai_models/)
A Tale Of Four Fuzzers
https://www.reddit.com/r/programming/comments/1s46jhs/a_tale_of_four_fuzzers/
submitted by /u/matklad (https://www.reddit.com/user/matklad)
[link] (https://tigerbeetle.com/blog/2025-11-28-tale-of-four-fuzzers/?v=2) [comments] (https://www.reddit.com/r/programming/comments/1s46jhs/a_tale_of_four_fuzzers/)
https://www.reddit.com/r/programming/comments/1s46jhs/a_tale_of_four_fuzzers/
submitted by /u/matklad (https://www.reddit.com/user/matklad)
[link] (https://tigerbeetle.com/blog/2025-11-28-tale-of-four-fuzzers/?v=2) [comments] (https://www.reddit.com/r/programming/comments/1s46jhs/a_tale_of_four_fuzzers/)
Tests as Institutional Memory
https://www.reddit.com/r/programming/comments/1s49q4m/tests_as_institutional_memory/
submitted by /u/devTripp (https://www.reddit.com/user/devTripp)
[link] (https://trippw.com/blog/tests-as-institutional-memory) [comments] (https://www.reddit.com/r/programming/comments/1s49q4m/tests_as_institutional_memory/)
https://www.reddit.com/r/programming/comments/1s49q4m/tests_as_institutional_memory/
submitted by /u/devTripp (https://www.reddit.com/user/devTripp)
[link] (https://trippw.com/blog/tests-as-institutional-memory) [comments] (https://www.reddit.com/r/programming/comments/1s49q4m/tests_as_institutional_memory/)
Shell Tricks That Actually Make Life Easier (And Save Your Sanity)
https://www.reddit.com/r/programming/comments/1s4adqp/shell_tricks_that_actually_make_life_easier_and/
submitted by /u/BrewedDoritos (https://www.reddit.com/user/BrewedDoritos)
[link] (https://blog.hofstede.it/shell-tricks-that-actually-make-life-easier-and-save-your-sanity/) [comments] (https://www.reddit.com/r/programming/comments/1s4adqp/shell_tricks_that_actually_make_life_easier_and/)
https://www.reddit.com/r/programming/comments/1s4adqp/shell_tricks_that_actually_make_life_easier_and/
submitted by /u/BrewedDoritos (https://www.reddit.com/user/BrewedDoritos)
[link] (https://blog.hofstede.it/shell-tricks-that-actually-make-life-easier-and-save-your-sanity/) [comments] (https://www.reddit.com/r/programming/comments/1s4adqp/shell_tricks_that_actually_make_life_easier_and/)
Building a NES Emulator from Scratch
https://www.reddit.com/r/programming/comments/1s4bj6i/building_a_nes_emulator_from_scratch/
submitted by /u/matiassalles99 (https://www.reddit.com/user/matiassalles99)
[link] (https://matiassalles99.codes/posts/building-nes-emulator-crystal-book/) [comments] (https://www.reddit.com/r/programming/comments/1s4bj6i/building_a_nes_emulator_from_scratch/)
https://www.reddit.com/r/programming/comments/1s4bj6i/building_a_nes_emulator_from_scratch/
submitted by /u/matiassalles99 (https://www.reddit.com/user/matiassalles99)
[link] (https://matiassalles99.codes/posts/building-nes-emulator-crystal-book/) [comments] (https://www.reddit.com/r/programming/comments/1s4bj6i/building_a_nes_emulator_from_scratch/)
What I Learned from a $2,000 Pen Test
https://www.reddit.com/r/programming/comments/1s4bv9a/what_i_learned_from_a_2000_pen_test/
submitted by /u/Weary-Database-8713 (https://www.reddit.com/user/Weary-Database-8713)
[link] (https://glama.ai/blog/2026-03-26-the-hackers-who-tracked-my-sleep-cycle) [comments] (https://www.reddit.com/r/programming/comments/1s4bv9a/what_i_learned_from_a_2000_pen_test/)
https://www.reddit.com/r/programming/comments/1s4bv9a/what_i_learned_from_a_2000_pen_test/
submitted by /u/Weary-Database-8713 (https://www.reddit.com/user/Weary-Database-8713)
[link] (https://glama.ai/blog/2026-03-26-the-hackers-who-tracked-my-sleep-cycle) [comments] (https://www.reddit.com/r/programming/comments/1s4bv9a/what_i_learned_from_a_2000_pen_test/)
Carrier Classes & Discussing Syntax - Inside Java Podcast 52
https://www.reddit.com/r/programming/comments/1s4c1s1/carrier_classes_discussing_syntax_inside_java/
submitted by /u/BlueGoliath (https://www.reddit.com/user/BlueGoliath)
[link] (https://www.youtube.com/watch?v=b6cXuA84c9g) [comments] (https://www.reddit.com/r/programming/comments/1s4c1s1/carrier_classes_discussing_syntax_inside_java/)
https://www.reddit.com/r/programming/comments/1s4c1s1/carrier_classes_discussing_syntax_inside_java/
submitted by /u/BlueGoliath (https://www.reddit.com/user/BlueGoliath)
[link] (https://www.youtube.com/watch?v=b6cXuA84c9g) [comments] (https://www.reddit.com/r/programming/comments/1s4c1s1/carrier_classes_discussing_syntax_inside_java/)
My Story with Programming Languages
https://www.reddit.com/r/programming/comments/1s4d2ce/my_story_with_programming_languages/
<!-- SC_OFF -->Hi there! I’m glad to share my story with programming languages, from age 16 to now, with you! <!-- SC_ON --> submitted by /u/Ok-Razzmatazz-6125 (https://www.reddit.com/user/Ok-Razzmatazz-6125)
[link] (https://github.com/shd101wyy/Yo/blob/develop/docs/en-US/MY_STORY_WITH_PROGRAMMING_LANGUAGES.md) [comments] (https://www.reddit.com/r/programming/comments/1s4d2ce/my_story_with_programming_languages/)
https://www.reddit.com/r/programming/comments/1s4d2ce/my_story_with_programming_languages/
<!-- SC_OFF -->Hi there! I’m glad to share my story with programming languages, from age 16 to now, with you! <!-- SC_ON --> submitted by /u/Ok-Razzmatazz-6125 (https://www.reddit.com/user/Ok-Razzmatazz-6125)
[link] (https://github.com/shd101wyy/Yo/blob/develop/docs/en-US/MY_STORY_WITH_PROGRAMMING_LANGUAGES.md) [comments] (https://www.reddit.com/r/programming/comments/1s4d2ce/my_story_with_programming_languages/)
Petri nets as music sequencers — using token rings, inhibitor arcs, and Euclidean rhythms to generate deterministic tracks.
https://www.reddit.com/r/programming/comments/1s4nuem/petri_nets_as_music_sequencers_using_token_rings/
submitted by /u/orksliver (https://www.reddit.com/user/orksliver)
[link] (https://blog.stackdump.com/posts/petri-net-sequencer) [comments] (https://www.reddit.com/r/programming/comments/1s4nuem/petri_nets_as_music_sequencers_using_token_rings/)
https://www.reddit.com/r/programming/comments/1s4nuem/petri_nets_as_music_sequencers_using_token_rings/
submitted by /u/orksliver (https://www.reddit.com/user/orksliver)
[link] (https://blog.stackdump.com/posts/petri-net-sequencer) [comments] (https://www.reddit.com/r/programming/comments/1s4nuem/petri_nets_as_music_sequencers_using_token_rings/)