2023-01-03
It's good that PyTorch found this so quickly. However it makes me worry that many packages share this issue without realizing. You could easily clone pip wheels and add exploits without being obvious. The fragmentation of the ecosystem (see xkcd) is seeing some consequences... https://twitter.com/... https://twitter.com/...
BleepingComputer
PyTorch identifies a malicious dependency using its “torchtriton” library name, warning nightly version users to uninstall; the hacker claims ethical research
2023-01-02
It's good that PyTorch found this so quickly. However it makes me worry that many packages share this issue without realizing. You could easily clone pip wheels and add exploits without being obvious. The fragmentation of the ecosystem (see xkcd) is seeing some consequences... https://twitter.com/... https://twitter.com/...
BleepingComputer
PyTorch identifies a malicious dependency that uses its “torchtriton” library name, warning users to uninstall the framework; the hacker claims ethical research
PyTorch has identified a malicious dependency with the same name as the framework's ‘torchtriton’ library.
2022-05-04
I've tried using GitHub copilot for LaTeX, but its prose recommendations tend to not be nearly as useful as its code suggestions (which are eerily accurate and well-conditioned). I am really curious how this would change if someone trained this OPT model on arXiv exclusively... https://twitter.com/...
MIT Technology Review