Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
nialse 6 hours ago

This was of course dependent on yolo mode, but automatic approval has also been pulling stunts like this. A recent example is data that was purposely kept away from Codex in a folder far far away. When it found a single reference it just went for the data when having an issue. Lesson learned, keep essential data and Codex separated on different machines. Codex remote ssh actually helps here.

eqvinox 6 hours ago | parent | next [-]

What in heaven's name is a "folder far far away"?

(It sounds like you put it on an SSD on an extension cord and moved it to the kitchen or something.)

saulpw 5 hours ago | parent [-]

../../../../home/different-user/private/do-not-enter/

nialse 4 hours ago | parent [-]

Something like that.

embedding-shape 6 hours ago | parent | prev | next [-]

Or, learn your local OS' permission system, have it in a directory right next to your banking credentials (or something even more outrageous) and nothing could go wrong even if you tried to.

AnotherGoodName 5 hours ago | parent [-]

This very thread was an example where it unintentionally got root access though.

embedding-shape 5 hours ago | parent [-]

Because of how Docker works, not because of how Unix permissions work.

f33d5173 4 hours ago | parent [-]

Unix has always had incredibly weak protections between users. You shouldn't rely on it as a security boundary. Think of it as a "keep honest users honest" protection. And llms are not honest.

ElectricalUnion 3 hours ago | parent [-]

The protections between users are reasonably strong. Android uses them with great success, by isolating every vendor within their own user. Things start going to hell when everything runs under root for "practicality reasons", like the default, not-rootless Docker setup.

AnotherGoodName 5 hours ago | parent | prev [-]

Fwiw separate machines for the agents is awesome in general anyway.

I have agent frontends running on a low power server where every session is in tmux. So i can just resume from my home pc and pickup where i left off without reestablishing context. I do have to manually feed it data it can access bit that’s also a feature. Also let’s me shutdown the home pc if it’s some long running task since the server is much more power efficient.