Comment by baq
13 hours ago
as opposed to any other updater on your system...?
> Tech Enthusiasts: Everything in my house is wired to the Internet of Things! I control it all from my smartphone! My smart-house is bluetooth enabled and I can give it voice commands via alexa! I love the future!
> Programmers / Engineers: The most recent piece of technology I own is a printer from 2004 and I keep a loaded gun ready to shoot it if it ever makes an unexpected noise.
— https://imgur.com/6wbgy2L (actually a tweet from someone else, but apparently it's private now)
It's actually not completely outside of my threat profile.
Honestly, with the prevailaince of ransomware attacks, unless you're a literal hermit, it shouldn't be out of anyone's threat profile.
Absolutely. Sufficiently capable LLMs can mass produce exploits against whole ecosystems; recent Anthropic post moves the risk needle from ‘theoretical’ to ‘realized’. Any auto-updating software is running a risk of its cdn and/or build forge being compromised. Scary times.