| ▲ | jryio 9 hours ago |
| It's so important to remember that unlike code which can be reverted - most file system and application operations cannot. There's no sandboxing snapshot in revision history, rollbacks, or anything. I expect to see many stories from parents, non-technical colleagues, and students who irreparably ruined their computer. Edit: most comments are focused on pointing out that version control & file system snapshot exists: that's wonderful, but Claude Cowork does not use it. For those of us who have built real systems at low levels I think the alarm bells go off seeing a tool like this - particularly one targeted at non-technical users |
|
| ▲ | Workaccount2 8 hours ago | parent | next [-] |
| Frequency vs. convenience will determine how big of a deal this is in practice. Cars have plenty of horror stories associated with them, but convenience keeps most people happily driving everyday without a second thought. Google can quarantine your life with an account ban, but plenty of people still use gmail for everything despite the stories. So even if Claude cowork can go off the rails and turn your digital life upside down, as long as the stories are just online or "friend of a friend of a friend", people won't care much. |
| |
| ▲ | soiltype 6 hours ago | parent | next [-] | | Considering the ubiquity and necessity of driving cars is overwhelmingly a result of intentional policy choices irrespective of what people wanted or was good for the public interest... actually that's quite a decent analogy for integrated LLM assistants. People will use AI because other options keep getting worse and because it keeps getting harder to avoid using it. I don't think it's fair to characterize that as convenience though, personally. Like with cars, many people will be well aware of the negative externalities, the risk of harm to themselves, and the lack of personal agency caused by this tool and still use it because avoiding it will become costly to their everyday life. I think of convenience as something that is a "bonus" on top of normal life typically. Something that becomes mandatory to avoid being left out of society no longer counts. | | |
| ▲ | lijok 5 hours ago | parent [-] | | People love their cars, what are you talking about | | |
| ▲ | ehnto 4 hours ago | parent [-] | | I am a car enthusiast so don't think I'm off the deep end here, but I would definitely argue that people love their cars as a tool to work in the society we built with cars in mind. Most people aren't car enthusiasts, they're just driving to get to work, and if they could get to work for a $1 fare in 20 minutes on a clean, safe train they would probably do that instead. | | |
| ▲ | jakeydus 2 hours ago | parent [-] | | I am this person. I love the convenience of a car. I hate car ownership. |
|
|
| |
| ▲ | yencabulator 7 hours ago | parent | prev [-] | | I mean, we were there before this Cowork feature started exposing more users to the slot machine: "Claude CLI deleted my home directory and wiped my Mac"
https://news.ycombinator.com/item?id=46268222 "Vibe coding service Replit deleted production database, faked data, told fibs"
https://news.ycombinator.com/item?id=44632575 "Google Antigravity just deleted the contents of whole drive"
https://news.ycombinator.com/item?id=46103532 | | |
| ▲ | Workaccount2 6 hours ago | parent [-] | | That's what I am saying though. Anecdotes are the wrong thing to focus on, because if we just focused on anecdotes, we would all never leave our beds. People's choices are generally based on their personal experience, not really anecdotes online (although those can be totally crippling if you give in). Car crashes are incredibly common and likewise automotive deaths. But our personal experience keeps us driving everyday, regardless of the stories. | | |
| ▲ | yencabulator 6 hours ago | parent [-] | | We as a society put a whole lot of effort into making cars safer. Seatbelts, ABS, airbags.. Claude Code should have airbags too! | | |
| ▲ | TeMPOraL 3 hours ago | parent [-] | | Airbags, yes. But you can't just make it provably impossible for a car to crash into something and hurt/kill its occupants, other than not building it in the first place. Same with LLMs - you can't secure them like regular programs without destroying any utility they provide, because their power comes from the very thing that also makes them vulnerable. | | |
| ▲ | yencabulator an hour ago | parent [-] | | I see you've given up. I haven't. LLM inside deterministic guardrails is a pretty good combo. |
|
|
|
|
|
|
| ▲ | alwillis 8 hours ago | parent | prev | next [-] |
| The first version is for macOS, which has snapshots [1] and file versioning [2] built-in. [1]: https://eclecticlight.co/2024/04/08/apfs-snapshots/ [2]: https://eclecticlight.co/2021/09/04/explainer-the-macos-vers... |
| |
| ▲ | shepherdjerred 6 hours ago | parent | next [-] | | Are average users likely to be using these features? Most devs at my company don’t even have Time Machine backups | |
| ▲ | cbm-vic-20 8 hours ago | parent | prev [-] | | RSX-11M for the PDP-11 had filesystem versioning back in the early 1980s, if not earlier. | | |
|
|
| ▲ | falcor84 5 hours ago | parent | prev | next [-] |
| Once upon a time, in the magical days of Windows 7, we had the Volume Shadow Copy Service (aka "Previous Versions") available by default, and it was so nice. I'm not using Windows anymore, and at least part of the reason is that it's just objectively less feature complete than it used to be 15 years ago. |
|
| ▲ | toddmorey 9 hours ago | parent | prev | next [-] |
| Q: What would prevent them from using git style version control under the hood? User doesn’t have to understand git, Claude can use it for its own purposes. |
| |
| ▲ | twosdai 9 hours ago | parent | next [-] | | Didn't actually check out the app, but some aspects of application state are hard to serialize, some operations are not reversible by the application. EG: sending an email. It doesn't seem naively trivial to accomplish this, for all apps. So maybe on some apps, but "all" is a difficult thing. | | |
| ▲ | CuriouslyC 4 hours ago | parent | next [-] | | For irreversible stuff I like feeding messages into queues. That keeps the semantics clear, and makes the bounds of the reversibility explicit. | | | |
| ▲ | huflungdung 8 hours ago | parent | prev [-] | | [dead] |
| |
| ▲ | nikkwong 9 hours ago | parent | prev | next [-] | | You can’t easily snapshot the current state of an OS and restore to that state like with git. | | |
| ▲ | madeofpalk 8 hours ago | parent | next [-] | | Maybe not for very broad definitions of OS state, but for specific files/folders/filesystems, this is trivial with FS-level snapshots and copy-on-write. | |
| ▲ | alwillis 8 hours ago | parent | prev | next [-] | | At least on macOS, an OS snapshot is a thing [1]; I suspect Cowork will mostly run in a sandbox, which Claude Code does now. [1]: https://www.cleverfiles.com/help/apfs-snapshots.html | | |
| ▲ | nikkwong 8 hours ago | parent | next [-] | | Ok, you can "easily", but how quickly can you revert to a snapshot? I would guess creating a snapshot for each turn change with an LLM become too burdensome to allow you to iterate quickly. | | |
| ▲ | alwillis 7 hours ago | parent [-] | | For the vast majority, this won't be an issue. This is essentially a UI on top of Claude Code, which supports running in a sandbox on macOS. |
| |
| ▲ | bigyabai 8 hours ago | parent | prev [-] | | All major OSes support snapshotting, and it's not a panacea on any of them. |
| |
| ▲ | Imustaskforhelp 9 hours ago | parent | prev | next [-] | | Well there is cri-u for what its worth on linux which can atleast snapshot the state of an application and I suppose something must be similar available for filesystems as well Also one can simply run a virtual machine which can do that but then the issue becomes in how apps from outside connect to vm inside | | |
| ▲ | nicoty 8 hours ago | parent [-] | | Filesystems like zfs, btrfs and bcachefs have snapshot creation and rollbacks as features. |
| |
| ▲ | viraptor 8 hours ago | parent | prev | next [-] | | Sure you can. Filesystem snapshotting is available on all OSes now. | |
| ▲ | Analemma_ 7 hours ago | parent | prev [-] | | I wonder if in the long run this will lead to the ascent of NixOS. They seem perfect for each other: if you have git and/or a snapshotting filesystem, together with the entire system state being downstram of your .nix file, then go ahead and let the LLM make changes willy-nilly, you can always roll back to a known good version. NixOS still isn't ready for this world, but if it becomes the natural counterpart to LLM OS tooling, maybe that will speed up development. |
| |
| ▲ | samuelstros 7 hours ago | parent | prev [-] | | Git only works for text files. Everything else is a binary blob which, among other things, leads to merge conflicts, storage explosion, and slow git operations |
|
|
| ▲ | y42 9 hours ago | parent | prev | next [-] |
| Indeed there are and this is no rocket science. Like Word Documents offer a change history, deleted files go to the trash first, there are undo functions, TimeMachine on MacOs, similar features on Windows, even sandbox features. |
| |
| ▲ | fuzzy2 8 hours ago | parent | next [-] | | Trash is a shell feature. Unless a program explicitly "moves to trash", deleting is final. Same for Word documents. So, no, there is no undo in general. There could be under certain circumstances for certain things. | | |
| ▲ | NewsaHackO 7 hours ago | parent | next [-] | | I mean, I'm pretty sure it would be trivial to tell it to move files to the trash instead of deleting them. Honestly, I thought that on Windows and Mac, the default is to move files to the trash unless you explicitly say to permanently delete them. | | |
| ▲ | johnisgood 7 hours ago | parent [-] | | Because it is the default. Heck, it is the default for most DEs and many programs on Linux, too. |
| |
| ▲ | Ajedi32 8 hours ago | parent | prev | next [-] | | Everything on a ZFS/BTRFS partition with snapshots every minute/hour/day? I suppose depending on what level of access the AI has it could wipe that too but seems like there's probably a way to make this work. | | |
| ▲ | literalAardvark 8 hours ago | parent | next [-] | | I guess it depends on what its goals at the time are. And access controls. May just trash some extra files due to a fuzzy prompt, may go full psychotic and decide to self destruct while looping "I've been a bad Claude" and intentionally delete everything or the partitions to "limit the damage". Wacky fun | |
| ▲ | antinomicus 8 hours ago | parent | prev [-] | | The topic of the discussion is something that parents, grandmas, and non technical colleagues would realistically be able to use. | | |
| ▲ | Ajedi32 8 hours ago | parent [-] | | A "revert filesystem state to x time" button doesn't seem that hard to use. I'm imagining this as a potential near-term future product implementation, not a home-brewed DIY solution. |
|
| |
| ▲ | OJFord 7 hours ago | parent | prev [-] | | Shell? You meant Finder I think? | | |
| |
| ▲ | 8 hours ago | parent | prev | next [-] | | [deleted] | |
| ▲ | cush 8 hours ago | parent | prev | next [-] | | State isn't always local too | |
| ▲ | 8 hours ago | parent | prev [-] | | [deleted] |
|
|
| ▲ | bob1029 6 hours ago | parent | prev | next [-] |
| In theory the risk is immense and incalculable, but in practice I've never found any real danger. I've run wide open powershell with an OAI agent and just walked away for a few hours. It's a bit of a rush at first but then you realize it's never going to do anything crazy. The base model itself is biased away from actions that would lead to large scale destruction. Compound over time and you probably never get anywhere too scary. |
|
| ▲ | seunosewa 9 hours ago | parent | prev | next [-] |
| There's no reason why Claude can't use git to manage the folders that it controls. |
| |
| ▲ | binarymax 8 hours ago | parent | next [-] | | Most of these files are binary and are not a good fit for git’s graph based diff tracker…you’re basically ending up with a new full sized binary for every file version. It works from a version perspective, but is very inefficient and not what git was built for. | |
| ▲ | oblio 9 hours ago | parent | prev [-] | | Git isn't good with big files. I wanted to comment more, but this new tool is Mac only for now, so there isn't much of a point. | | |
|
|
| ▲ | Weryj 9 hours ago | parent | prev | next [-] |
| TimeMachine has never been so important. |
| |
| ▲ | fragmede 4 hours ago | parent | next [-] | | Arq does it better. | |
| ▲ | greenavocado 9 hours ago | parent | prev [-] | | TimeMachine is worthless trash compared to restic | | |
| ▲ | bspinner 9 hours ago | parent [-] | | Please elaborate | | |
| ▲ | greenavocado 8 hours ago | parent [-] | | It works on Linux, Windows, macOS, and BSD. It's not locked to Apple's ecosystem. You can back up directly to local storage, SFTP, S3, Backblaze B2, Azure, Google Cloud, and more. Time Machine is largely limited to local drives or network shares. Restic deduplicates at the chunk level across all snapshots, often achieving better space efficiency than Time Machine's hardlink-based approach. All data is encrypted client-side before leaving your machine. Time Machine encryption is optional. Restic supports append-only mode for protection against ransomware or accidental deletion. It also has a built-in check command to check integrity. Time Machine has a reputation for silent failures and corruption issues that have frustrated users for years. Network backups (to NAS devices) use sparse bundle disk images that are notoriously fragile. A dropped connection mid-backup can corrupt the entire backup history, not just the current snapshot. https://www.google.com/search?q=time+machine+corruption+spar... Time Machine sometimes decides a backup is corrupted and demands you start fresh, losing all history. Backups can stop working without obvious notification, leaving users thinking they're protected when they're not. https://www.reddit.com/r/synology/comments/11cod08/apple_tim... The shift from HFS+ to APFS introduced new bugs, and local snapshots sometimes behave unpredictably. https://www.google.com/search?q=time+machine+restore+problem... The backup metadata database can grow unwieldy and slow, eventually causing failures. https://www.reddit.com/r/MacOS/comments/1cjebor/why_is_time_... https://www.reddit.com/r/MacOS/comments/w7mkk9/time_machine_... https://www.reddit.com/r/MacOS/comments/1du5nc6/time_machine... https://www.reddit.com/r/osx/comments/omk7z7/is_a_time_machi... https://www.reddit.com/r/mac/comments/ydfman/time_machine_ba... https://www.reddit.com/r/MacOS/comments/1pfmiww/time_machine... https://www.reddit.com/r/osx/comments/lci6z0/time_machine_ex... Time Machine is just garbage for ignorant people. | | |
| ▲ | BrandoElFollito 7 hours ago | parent | next [-] | | Almost all of my backup is around restic, including monitoring of backups (when they fail and when they do not run often enough). It is a very solid setup, with 3 independent backups: local, nearby and far away. Now - it took an awful lot of time to set up (including drinking the wrapper to account for everything). This is advanced IT level. So Time Machine is not for ignorant people, but something everyone can use. (I never used it, no idea if it's good but it has to all last work) | | |
| ▲ | greenavocado 4 hours ago | parent [-] | | One works, one loses your data. Oh well. Guess there's a lot of money to be made wrapping it with a paid GUI |
| |
| ▲ | lijok 5 hours ago | parent | prev [-] | | But I just want to backup my important files to the cloud |
|
|
|
|
|
| ▲ | akurilin 5 hours ago | parent | prev | next [-] |
| You make a good point. I imagine that they will eventually add Perforce-style versioning to the product and this issue will be solved. |
|
| ▲ | 4 hours ago | parent | prev | next [-] |
| [deleted] |
|
| ▲ | hopelite 4 hours ago | parent | prev | next [-] |
| Somewhat related is a concern I have in general as things get more "agentic" and related to the prompt injection concerns; without something like legally bullet-proof contracts, aren't we moving into territory of basically "employing" what could basically be "spies" at all levels from personal (i.e., AI company staff having access to your personal data/prompts/chats) to business/corporate espionage, to domestic and international state level actors who would also love to know what you are working on and what you are thinking/chatting about and maybe what your mental health challenges are that you are working through with an AI chat therapist. I am not even certain if this issue can be solved since you are sending your prompts and activities to "someone else's computer", but I suspect if it is overlooked or hand-waved as insignificant, there will be a time when open, local models will become useful enough to allow most to jettison cloud AI providers. I don't know about everyone else, but I am not at all confident in allowing access and sending my data to some AI company that may just do a rug pull once they have an actual virtual version of your mind in a kind of AI replication. I'll just leave it at that point and not even go into the ramifications of that, e.g., "cybercrimes" being committed by "you", which is really the AI impersonator built based on everything you have told it and provide access to. |
|
| ▲ | o_m 8 hours ago | parent | prev | next [-] |
| So the future is NixOS for non-technical people? |
| |
| ▲ | porkloin 4 hours ago | parent | next [-] | | Yes, and I think we're already seeing that in the general trend of recent linux work toward atomic updates. [bootc](https://developers.redhat.com/articles/2024/09/24/bootc-gett...) based images are getting a ton of traction. [universal blue](https://universal-blue.org/) is probably a better brochure example of how bootc can make systems more resilient without needing to move to declarative nix for the entire system like you do in NixOS. Every "upgrade" is a container deployment, and you can roll back or forward to new images at any time. Parts of the filesystem aren't writeable (which pisses people off who don't understand the benefit) but the advantages for security (isolating more stuff to user space by necessity) and stability (wedged upgrades are almost always recoverable) are totally worth it. On the user side, I could easily see [systemd-homed](https://fedoramagazine.org/unlocking-the-future-of-user-mana...) evolving into a system that allows snapshotting/roll forward/roll back on encrypted backups of your home dir that can be mounted using systemd-homed to interface with the system for UID/GID etc. These are just two projects that I happen to be interested in at the moment - there's a pretty big groundswell in Linux atm toward a model that resembles (and honestly even exceeds) what NixOS does in terms of recoverability on upgrade. | |
| ▲ | teekert 8 hours ago | parent | prev [-] | | Or rather ZFS/BTRFS/BchachFS. Before doing anything big I make snapshot, saved me recently when a huge Immich import created a mess, `zfs rollback /home/me@2026-01-12`... And it's like nothing ever happened. |
|
|
| ▲ | kamaal 2 hours ago | parent | prev | next [-] |
| >>I expect to see many stories from parents, non-technical colleagues, and students who irreparably ruined their computer. I do believe the approach Apple is taking is the right way when it comes to user facing AI. You need to reduce AI to being an appliance that does one or at most a few things perfectly right without many controls with unexpected consequences. Real fun is robots. Not sure no one is hurrying up on that end. >>Edit: most comments are focused on pointing out that version control & file system snapshot exists: that's wonderful, but Claude Cowork does not use it. Also in my experience this creates all kinds of other issues. Like going back up a tree creates all kinds of confusions and keeps the system inconsistent with regards to whatever else it is you are doing. You are right in your analysis that many people are going to end up with totally broken systems |
|
| ▲ | heliumtera 7 hours ago | parent | prev | next [-] |
| There was a couple of posts here on hacker news praising agents because, it seems, they are really good at being a sysadmin.
You don't need to be a non-technical user to be utterly fucked by AI. |
| |
| ▲ | TeMPOraL 3 hours ago | parent [-] | | Theoretically, the power drill you're using can spontaneously explode, too. It's very unlikely, but possible - and then it's much more likely you'll hurt yourself or destroy your work if you aren't being careful and didn't set your work environment right. The key for using AI for sysadmin is the same as with operating a power drill: pay at least minimum attention, and arrange things so in the event of a problem, you can easily recover from the damage. |
|
|
| ▲ | neocron 8 hours ago | parent | prev [-] |
| Not a big problem to make snapshots with lvm or zfs and others. I use it automatically on every update |
| |
| ▲ | lp0_on_fire 8 hours ago | parent | next [-] | | What percentage of non-IT professionals know what zfs/lvm are let alone how to use them to make snapshots? | | |
| ▲ | neocron 8 hours ago | parent [-] | | I assumed we are talking about IT professionals using tools like claude here? But even for normal people it's not really hard if they manage to leave the cage in their head behind that is ms windows. My father is 77 now and only started using computer abover age 60, never touched windows thanks to me, and has absolutely no problems using (and administrating at this point) it all by himself | | |
| |
| ▲ | fouronnes3 8 hours ago | parent | prev [-] | | I'm not even sure if this is a sarcastic dropbox-style comment at this point. |
|
