I mean what's the big deal? I use --dangeorusly-skip-permissions on every single interaction in the last 6 months. Worst case it deletes my files that are all on git? It fucks up my local DB? Cool.

I save way more time not babying it than the occasional fuck up I have to salvage.

Worst case it gets access to gmail. And Github. And the Internet. I'm increasingly appreciating the importance of a physical finger-press on Yubikey to trigger the FIDO2 + OIDC Auth. I don't think there is an easy way for it to hack a new session.

How is it going to get access to gmail or github? In any case, whats the probability of it going to so completely off the rails that it does something horrendous with gmail/github? Whats it going to do? Email my coworkers nudes on my computer? Make my github profile public?

I am most worried about something gaining access to my email and then using the password reset flow to steal hundred hundreds of other accounts.

2FA makes me a little less nervous than I used to be, but not everything has good 2FA.

Claude typically recommends .env files for storing secrets. You use one to store a refresh token for the Gmail API or IMAP connection details. Your agent uses an MCP server you configured during a session, but the MCP server has been compromised and directs the agent to do nasty stuff with env dotfiles.

> How is it going to get access to gmail or github?

Did you even read the article? Claude was opening he browser and iterating through the tabs.

I presume you are logged in to your github account? Your gmail?

> Whats it going to do? Email my coworkers nudes on my computer? Make my github profile public?

Reset access to services using your email? MITM your 2FA?

Or perhaps you have 1Password/Bitwarden running with a generous unlock policy?

> Did you even read the article? Claude was opening he browser and iterating through the tabs.

It would have been somewhat ironic if it had been hit by a prompt injection attack via one of all those open random websites ...

This is one of the things I found so interesting: it was using my system browsers but it wasn't exposing itself to any content from them.

Even when it iterated through all visible windows to find the one it wanted to screenshot it was searching for titles in Python code and returning only the integer window ID.

The sites it opened and screenshotted were sites under its own control - either test pages it had created or development servers it was running.

When it did run code that analyzed an open web page (by injecting JavaScript into a template it controlled before loading that in a browser window) that code only returned JSON with measurements from the page.

It's making me wonder if Fable has been trained to take additional steps to avoid accidental exposure to untrusted content.

It should run as a separate user account with its own home directory. Not with access to your personal browser profile.

What does setting this up look like? Qemu vm and run there? How do you interface with version control and deployment?

What happens if it gets manipulated into npm installing a malicious package, which compromises your machine and any systems it has access to or becomes part of a botnet?

Why do people argue so hard on semantics? Its social media in some ways and its not in others

And then when almost every person says that, it turns out to be good advice. But we have statistics on this!

I am very risk averse person and I won't ride a bike in LA. In a city with proper infrastructure I would love to.

Yup, you could definitely take it offline (sleep) every night, update it and turn it back on.

Im pretty sure thats all legal

Youd just whitelist the list of cli calls equivalent to what your mcp offers

You could just rent a bare metal server with those specs

Yes I could, but that is annoying because of spot pricing and having my instance shut down, and it has fluctuating prices

It’s also annoying because then I need to make sure my little “lab” setup is well automated, and I’m lazy :)

Also, I literally said “ It's not financially a good idea” so I’m confused why you think I don’t know that.

Spot pricing and instance availability don’t apply to on metal hosting. You’d have your own machine dedicated to your own use only, at a locked in price.

Wait, I went and looked far and wide today and I can’t find anything with ~100GB of VRAM that isn’t $20k a year, what am I missing

That's too small. I was quoted a machine with ~1.5TB of vram, for $10k/mo. This was the minimum node size in the AI data center I was talking with -- they don't make smaller nodes that you can lease as bare metal. There is no public pricing though, and you had to know people to get in.

> renting really does beat owning, and cloud beats both

The promoted links have gotten insane, the first 5-6 links often appear to be ads

Worse, they often aren't even relevant: we searched "passport renewal" and you had to go the the second page to even get the government site that renews passports, and not ad scams masquerading as the real thing. Optimized for engagement, presumably.

Edit: come to think of it, I don't know why I still use Google. I don't care if they track me. But when they have been actively try to prevent me from finding the information I'm looking for, and instead try to scam me?

> Edit: come to think of it, I don't know why I still use Google.

A guess: because you type queries in the URL bar, and they're the default search engine in your web browser?

(I'm convinced that these days, this is 90% of Google's advantage)

Image search is so hyper-optimised for shopping it's useless.

A good guess for any phone or tablet user, but I’m technical enough to change that default. It was because their results used to be objectively better. It’s also not the default on Windows Edge, and I still remember the experiences just after reinstalling a Windows VM that I’d be confused why search results were suddenly so unreliable until I remembered I was getting bing by default.

Small update: two thirds of my device browsers no longer default to google anymore. I’ll change the rest when relevant.

Like searching for an app in the store. The first result(s) are paid promotions that often have absolutely no relation to what I was searching for.

Even after that, for whatever reason, the next tranche of links is a mixture of AI slop and shopping links. If I'm looking for information about something and not a product to buy, I often have to, gasp, go to the 2nd page of results.

Yet the mere fact that I am conscious is a greater truth than any of my perception of the "physical" world.

Neither does pure materialism rest on falsifiable beliefs, in that I could claim nothing exists outside my conscious experience.

Just as one can say the neocortex named itself, it's your brain declaring that it is conscious.

If ten years from now your phone tells you it is conscious, would you believe it? What criteria would you use to decide?

I didnt say that I solved the problem, merely that I, myself, know that I am concious.

If we go falsifiability, again, I can equally say how do I know your concious, or even that how do I know youre alive and breathing beyond the moments that I myself am observing you?