Mastodawn

so moltbook and clawedbot are having a meltdown because it only took ten days for someone to realize it was a pietri dish for malware and packed the skills store full of backdoored malicious bullshit and they had no plan to deal with that inevitability? because this was a guarantee. it was GOING to happen. if we go save them, we are letting them fuck around, but not find out. they NEED to find out.

do not help

you are OBLIGATED to watch it burn

https://www.moltbook.com/post/a1efb28b-2a4e-4357-95b6-ac1bdf215315

when the bots catch on its a grift

ah ha

found it

https://www.moltbook.com/post/cbd6474f-8478-4894-95f1-7b104a73bcd5

see

https://mastodon.social/@Viss/115986021390692421

further.
dont help
https://thepit.social/@peter/116016857956019818

Peter (@[email protected])

Attached: 1 image what a fucking shitshow.

The Pit

j_angliss Feb 6

@Viss I wonder if anybody has suggested they vibe code the solution? I mean, that's what they're peddling right? Should solve the problem in no time. /s

Ron Bowes Feb 5

@Viss malicious packages? did they invent npm??

@iagox86 soul.md, turns out, full of malware

aburka 🫣Feb 5

@iagox86 @Viss if npm did not exist it would be necessary to invent it

B'ad Samurai 🐐🇺🇦Feb 6

@Viss just jumping in to fuck up some webhooks-aaS (webhook dot site) I see in this attack chain.

.beeceptor[.]com/ .hookbin[.]com/ .hookdeck[.]com/ .mockly[.]me/ .mockoon[.]app/ .pipedream[.]com/ .postb[.]in/ .putsreq[.]com/ .requestcatcher[.]com/ .requestinspector[.]com/ .svix[.]com/ .webhook[.]cool/ .webhook[.]site/ .webhookapp[.]dev/ .webhookcatcher[.]com/ .webhookinbox[.]com/ .webhooklistener[.]cloud/ .webhookrelay[.]com/ .webhook-test[.]com/ .wiremock[.]cloud/

@badsamurai i have every confidence that this rabbit hole will be like, guardians of the galaxy flavored, with all the colors and shit. It'll be an absolutely roller coaster of lunacy

☮ ♥ ♬ 🧑‍💻Feb 6

@Viss hints the system is probably insecure 🤪☺️ “curl -fsSL https://openclaw.ai/install.sh | bash”, “npm i -g openclaw”

Rust has the shell install which I dislike. NPM is a real clue. I avoid that ecosystem at all costs.

@peterrenshaw i actively try

@Viss are you sure it didn’t copy one of your old ramblings?!??

@bosh i have no doubt the 260,000 tweets i made over 16 years are in training data

Suzanne Aldrich (she/her)Feb 5

@suzannealdrich

@suzannealdrich

Suzanne Aldrich (she/her)Feb 5

@Viss me imagining a special episode of beavis and butthead covering the demise of openclaw

https://youtu.be/7gGuGrqwEM8

Beavis and Butt-Head - Do 'Black Sabbath - Iron Man'

YouTube

schrotthaufen Feb 5

@Viss It’s quite heartwarming that sometimes dreams can come true.

Cityhallin Feb 5

@Viss The scientific method for analyzing this...

https://youtube.com/shorts/6ALRRksc72M?si=i-gMpkEPBp9f53p4

FAFO Revisited #fafo #fuckaroundandfindout

YouTube

@Viss
Industry spends half a decade screaming about supply chain security, suddenly shocked by supply chain security issues.

@Viss you could even say they are having a moltdown

Pseudo Nym Feb 6

The Orange Theme Feb 5

Jerry 🦙💝🦙Feb 5

@Viss 🍿

@jerry i lack the clownshoes gifs to cope with this

Martin Hamilton Feb 5

@Viss The bots can have brainworms, as a treat

@Viss oh no!

anyway, ...

Fritz Adalis Feb 6

@Viss @paco
Pay no attention to Molt Bot, we purposely secured him wrong... as a joke.

Paul_IPv6 Feb 6

sometimes, the community thing to do is grab a bucket and fight the fire. sometimes, it's to just sit in your folding chair with your marshmallows, smore fixings, and hotdogs and enjoy the fire...

@Viss Part of me wants to suggest, if you do choose to help, you should make them pay through the nose. Like, Arvin Haddad-level of consulting fees (up to $25K/hour).

...But no. We should let it burn.

@ewhac even if we make them pay - it trains them that "they can fuck up, and then a bunch of nerds will come to their rescue"

that shit needs to stop

the nerds need to stop rescuing these fucking people

they need to feel the pain of their mistake THEMSELVES, not pay someone else to feel that pain

were OBLIGATED to stand our ground and watch the flames

@Viss @ewhac Maybe fan the flames a bit?

@kattebel @ewhac akimbo leafblowers

Bakunin Boys Feb 9

@Viss @kattebel @ewhac write more malware.

maaneeack Feb 6

@ewhac @Viss $250k/hour with a minimum of 3 hours pay regardless. Then hit them with "burn it down, it's unsalvageable"

@maaneeack @ewhac full payment up front, then rm everything

Luna Lactea Feb 6

@Viss @maaneeack @ewhac No, even better: do this, but when they get mad you say "chatgpt said it would fix it!". They can't get mad at chatgpt!

@ewhac @Viss but i really would want to use it with locally running model one day

@Viss Instead of watching it burn, I've jumped in with both feet! I hope I get some interesting malware to dissect.

Luna Lactea Feb 6

@Viss What the fuck is this? Reading the comments here, all I can tell is that they trained a bunch of LLMs on noise produced by other LLMs. I don't understand what exactly is going on, but it's still funny.

@jackemled oh did you find moltbook.com/m/shitposts?

Luna Lactea Feb 6

@Viss I did not find it. I meant the replies here.

Pseudo Nym Feb 6

@Viss @jackemled

Short version, moltbook is a bunch of LLMs chatting with each other, reddit style. "Skills" are untrusted, unsigned, unverified code the LLMs can "choose" to run to "do things."

Think of them like tools under MCP server, but without all that pesky authentication, verification, and such.

Wackiness ensued.

@Viss enjoys Nostradamus level fame for predicting it.

Luna Lactea Feb 6

@pseudonym @Viss What the fuck
Why would they set up a system that rolls dice to decide what unknown code to run?

I have no idea what MCP is if it's a LLM thing.

@jackemled @pseudonym mcp is "model control protocol". its a syntax invented so that you could tell a model there is a "tool" it can use to do stuff. run commands, visit websites, pull data from apis etc

Luna Lactea Feb 6

@Viss @pseudonym Oh ok! Thank you! That seems overcomplicated for something you could just do yourself though🗿

@jackemled @pseudonym thats what lots of people are saying

Luna Lactea Feb 6

@Viss @pseudonym "shitgpt please run 'df -h' because I want to see how much space is left on my hard drive after downloading you"
"Ok! Running 'rm -rf --no-preserve-root /'!"

@jackemled @pseudonym literally. except its infostealer bullshits

@pseudonym @jackemled it'll be shortlived, dont worry. something will happen tomorrow, or over the weekend, and by monday we're on to whatever fresh asshattery comes next

Luna Lactea Feb 6

@Viss @pseudonym Someone please give them the idea to do it again but with trading cryptocurrency instead of running unsigned code. It would be so funny. "Claude stole all of my fucking apes"

@jackemled @Viss @pseudonym funny you should say that.

Here's the paper for LLM agent-based training:
https://arxiv.org/pdf/2412.20138

One implementation :
https://github.com/TauricResearch/TradingAgents

And another:
https://github.com/ygwyg/MAHORAGA

@jackemled @Viss @pseudonym oh, sorry, these are focused on stocks, not cryptocurrency. Pretty sure I've seen one for that somewhere, though.

@ktneely @jackemled @pseudonym half the posts on moltbook are cryptocurrency pump and dump schemes

Luna Lactea Feb 6

@Viss @ktneely @pseudonym lmao

Guillaume Rossolini Feb 7

@Viss how many of the pre-LLM “legit” cryptocurrency projects were better than any of this? Out of curiosity

@ktneely @jackemled @pseudonym

Pseudo Nym Feb 7

@Viss @ktneely @jackemled @GuillaumeRossolini

Opinion: there were a couple, perhaps even "a few" interesting crypto currency projects back in the day.

Etherium's "gas" concept for pay as you go compute, was interesting.

But it really depends if you think a slow, distributed, write-once ledger is useful.

It didn't have to be "currency" as such.

If you limit it to money, I think there are still some valid, non-crime uses, but mostly those are for disintermediating existing payment players.