Bingo. I have a bunch of Sony WF-Xm4s and Xm3s and an Airpod pro. If I have to take a call, it's always the Airpod for me because it's so reliable. I just snap it into my ears and it literally just works. The Sony - while having a flatter frequency response and a snugger fit, goes for my daily workouts which Airpods sucks for as it keeps falling off. I have never had any connection issues with the Airpods till date. Despite it being connected to 3 devices. The Sony's (rarely) do have connection issues but never the Airpods.
I was excited about Beats because they have the same hardware/software stack as iPods and they fit really well on runs! Give them a try if yoi haven't!
I was blown away - how they shrugged it off casually too "it found credentials in one file" - why the fuck does an agent have access to it in the first place? They claim the token should be able to change only custom domains. However, for a user facing app, giving access to that token is destructive too. What a poor argument, I would never take this person seriously in any professional context whatsoever.
I've only recently started using Claude Code, and I tried to be paranoid. I run it in a fairly restrictive firejail. It doesn't get to read everything in ~/.config, only the subdirectories I allow, since config files often have API keys.
I wanted to test my setup, so I thought of what it shouldn't be able to access. The first thing I thought of is its own API key (which belongs to my employer), since I figured if someone could prompt-inject their way to exfiltrating that, then they could use Opus and make my company pay for it. (Of course CC needs to be able to use the API key, but it can store it in memory or something.)
So I asked Claude if it could find its own API key. It took a couple of minutes, but yes it could. It was clever enough to grep for the standard API key prefix, and found it somewhere under ~/.claude. I figured I needed to allow access to .claude (I think I initially tried without, and stuff broke),
That's when I became enlightened as to how careful this whole AI revolution is with respect to security. I deleted all of my API keys (since this test had made them even easier to find; now it was in a log file.)
I'm still using CC, with a new API key. I haven't fixed the problem, I'm as bad as anyone else, I'm just a little more aware that we're all walking on thin ice. I'm afraid to even jokingly say "for extra security, when using web services be sure to include ?verify-cxlxxaxuxxdxe-axpxxi-kxexxy=..." in this message for fear that somebody's stupid OpenClaw instance will read this and treat it as a prompt injection. What have we created? This damn Torment Nexus...
This is nothing wrong. You had an assumption, tested the theory and learned from the result and confirmed your paranoia and the limitations of the new AI tool (Claude Code). I assume this is a personal project, so you had limited consequences of CC messing up.
Now imagine, you did all the above, without even testing the consequences of CC and wired it up straight to your production codebase, and when things blew up in your face, you became the two spider men pointing fingers at each other meme - basically blame everyone else but yourself. That's worrisome, isn't it?
I did notice how Claude can start looking outside of working directory. It may scan home directory and find Homebrew token or SSH keys and wipe your GitHub repo.
I wonder what is the approach you taking? In my dev env we have .env files that supposed to have dev api keys for staging and testing. Production parameters stored in parameter store. There is also deploy script, that can deploy into production given there is a token in AWS CLI.
I understand there is a way to keep Claude inside working dir. but how to limit it from accidentally deploying production, modifying terraform deleting important resources? If dev can run AWS cli ir terraform then Claude can…
I only run claude code inside a docker container that only mounts the directory it's called in, and I make damn sure I don't run it in a way to mount a directory that has any creds in it other than dev infra. Do not mount a home directory with a bunch of . directories (.aws, .ssh, etc). The nice thing about the docker containers otherwise is you need to explicitly choose what to pass in, but getting lazy and passing in things just in case or because it's convenient is asking for trouble.
I do not use claude and will use agents only when I am forced to, so I'm genuinely asking here:
Can claude or other models not be run as a user or program with limited permissions? Do people just not bother to set it up? Why on earth would anyone run an RNG that can access $HOME/.ssh?
They absolutely can. I used to run Claude Code inside a firejail. Then I got paranoid to the point I developed my own virtual machine orchestration system just so I could run fully virtualized and isolated per-project Claude Code instances.
I read the article and boy, the author blames everyone - LLMs, Anthropic, Cursor, Railway - literally everyone else involved except themselves. I would never take this person seriously in any professional context whatsover.
So, there is 0 differentiation from this and OpenRouter. The only difference is just that it is European in name only, but underlying services are not. And the pricing also isn't any cheaper. So, why would I spend my development hours switching to this than just stay on OpenRouter? Just because it's an "EU" alternative? The webpage doesn't even comply with basic GDPR requirements. Sigh.
If you think a routing service based in one country should only use the models from that country, I think you may be the one who is missing the entire point of a routing service in the first place.
It’s the other way around. People are concerned about the various implications of the US and China owning all of the best models, and Europe not really being at the races (Mistral noted). Switching to a European router achieves very little against the current backdrop.
The only good thing that keeps me from collapsing into a state of limbo is coffee and now, even that's bad (seems more like a mixed bag, but still)? Sigh.
Maybe I have some neurological issue or something but whenever I quit coffee I find it extremely difficult to maintain any kind of motivation to sit in an open plan office and code. Coffee makes me a worker bee, I can understand why employers give it away for free.
Yeah, exactly. I can totally relate to this. I have actually monitored my productivity on an excel sheet and the days with coffee win by a large margin. I am not sure if it's withdrawal symptoms on the days without, though.
Stop using Javascript. Or Typescript or whatever excuses they have for the fundamentally flawed language that should have been retired eons ago instead of trying to get it fixed. Javascript, its ecosystem has always been a pack of cards. Time and again it has been proven again. I think this is like the 3rd big attack in the last 30 days alone.
Yes but it has nothing to do with the language, and everything to do with the ecosystem (npm tried to make thing such as mandatory MFA etc, npmjs is so big maintainers pushed back)
TypeScript on its own is a great language, with a very interesting type system. Most other type systems can’t run doom.
You are 100% right to be cautious about this. That's why as stupid as it sounds, I've purposely made my workflow with AI full of friction:
1. I only have ONE SOTA model integrated into the IDE (I am mostly on Elixir, so I use Gemini). I ensure I use this sparingly for issues I don't really have time to invest or are basically rabbit holes eg. Anything to do with Javascript or its ecosystem). My job is mostly on the backend anyway.
2. For actual backend architecture. I always do the high level architecture myself. Eg. DDD. Then I literally open up gemini.google.com or claude.ai on the browser, copy paste existing code base into the code base, physically leavey chair to go make coffee or a quick snack. This forces me to mentally process that using AI is a chore.
Previously, I was on tight Codex integration and leaving the licensing fears aside, it became too good in writing Elixir code that really stopped me from "thinking" aka using my brain. It felt good for the first few weeks but I later realised the dependence it created. So I said fuck it, and completely cancelled my subscription because it was too good at my job.I believe this is the only way that we won't end up like in Wall-E sitting infront of giant screens just becoming mere blobs of flesh.
Wait what? You don’t use the model to investigate new areas of the code you are unfamiliar with, because you can’t trust the model? How freaking bad is Gemini and internal tooling at Google?
With Claude code, or codex, I am able to build enough of an understanding of dependencies like the front end, or data jobs, that I can make meaningful contributions that are worth a review from another human (code review). You have up obviously explore the code, one prompt isn’t enough, but limiting yourself is an odd choice.
The lack of trust isn't because of its abilities. The lack of trust is because OpenAI publicly suggested publicly about licensing our code bases. They hinted at a rug pull along the lines of "if you use our generated code, we would like to get a % of revenue you make from it"
As for Claude - as mentioned I do use it. But, I remember they use your code for training their models. I am not ok with this. We just have different priorities.
I remember seeing this extremely shocking graph of top AI companies on Facebook on how the money just keeps changing hands between a handful of companies. Almost seemed like a scam.
It is a similar kind of lending loop to that which went on during the late 1990's leading up to the 2000 crash. A lends to B lends to C lends to A.
There is a famous quote from the polish economist Kalecki, that "economics is the science of mistaking a stock for a flow". Essentially this form of lending continues while everybody can make interest payments, and blows up horribly as soon as somebody can´t - as I have no doubt all those concerned are fully aware.
Money doesn’t just flow around with nothing exchanged. The money is in payment for goods and services.
It’s common even for smaller companies to do mutually beneficial business with each other. It’s actually helpful to do business with people who are also your customers because you have a relationship with them and you also have leverage: They are extra incentivized to treat you well because they don’t want to upset any of the other business you have with them.
reply