| ▲ | zmmmmm 8 hours ago | |||||||
This is pretty egregious. And outside the fact the server is now disabled by default, once it's running it is still egregious: > When server is enabled, any web page served from localhost/127.0.0.1 can execute code > When server is enabled, any local process can execute code without authentication > No indication when server is running (users may be unaware of exposure) I'm sorry this is horrible. I really want there to be a good actual open cross-provider agentic coding tool, but this seems to me to be abusive of people's trust of TUI apps - part of the reason we trust them is they typically DON'T do stuff like this. | ||||||||
| ▲ | BrouteMinou 4 hours ago | parent | next [-] | |||||||
Why TUI apps in particular? | ||||||||
| ▲ | glerk 7 hours ago | parent | prev [-] | |||||||
Factory’s droid is pretty good for a cross-provider solution. | ||||||||
| ||||||||