Hacker News new | past | comments | ask | show | jobs | submit
teekert | on: Slightly safer vibecoding by adopting old hacker habits
Some weeks ago I opened Zeditor, it asks me if I want AI, I say yes, a sidebar opens I ask said LLM: What can you see? It does some `ls`'s, it sees my .ssh folder and priv keys. I turned it off. Now I run Claude code in a container with just pwd mounted to it.

The whole experience was a bit jarring. When it knows I use nix, the the thing can easily `nix-shell -p nmap` its way into learning a lot more about my entire network than I am comfortable with. I think I'll edit the Containerfile further to also make Claude Code a user that can't install anything.

It's really like some "agent" (yeah I know, but I mean really an external person) takes control of your computer, with the same privileges as you. Idk why I had to see this happen in front of my eyes to fully realize this.

Of course every computer program has these rights, and you have to trust any of these devs...

PunchyHamster | parent | next
> The whole experience was a bit jarring. When it knows I use nix, the the thing can easily `nix-shell -p nmap` its way into learning a lot more about my entire network than I am comfortable with. I think I'll edit the Containerfile further to also make Claude Code a user that can't install anything.

Note that putting it in container changes jack shit, if it still has network access, it can scan your network anyway, and it needs access to install language deps and such to "do its work"

It's a security nightmare.

loading story #47686979
anthk | parent
That's what happens with propietary software. No sane person -for work if your dumb $BOSS makes in mandatory- should be using that outside of a Guix/Nix env with really constrained settings.

At home I have no propietary software at all modulo some original GBC ROMs I dumped to play with emulators, but that is not my 'daily computing' usage but an act of nostalgia.