8
ddonohoe about 3 hours ago 0 comments
ES version is available. Content is displayed in original English for accuracy.
ES version is available. Content is displayed in original English for accuracy.
Discussion Sentiment
Analyzed from 297 words in the discussion.
Trending Topics
Discussion (0 Comments)Read Original on HackerNews
Either way the prevalence of these is so widespread that you can no longer avoid it by being "smart". Sandbox everything, run vscode in a limited-access box and use the remote development features vscode already has. Run it on another machine if you can.
Use hardware keys (yubikey, token2). Use socket-based authentication. It's hard and a worse dx experience, but there really isn't any other way unless you never touch public libraries or don't use vscode. At bare minimum use a simple jail such as bwrap to strip access to most of the sensitive credentials and limit persistant access.
--
This is probably a hallucinated story based on a real incident. (another post by same author: https://medium.com/bean-bag-scientist/report-01-running-a-fu...)
You are a programmer who is all-in on LLM code generation. You get so much written every day! Hundreds of thousand lines of code, and you barely lifted a finger. But... your LLMs are trained on the entirety of Github.
How many repos on there are full of trojans and viruses? How do you know that your super-productive LLM isn't copying those instead of the canonical version of whatever frameworks it's building?
One day you find one. You write a blog post about it. Or, rather, the vague outline of a post. You make an LLM flesh it out, of course. You barely lift a finger.