Comment by abigail95
1 month ago
I run multiple claudes in danger mode, when it burns me it'll hurt but it's so useful without handcuffs and constant interruption I'm fine with eventually suffering some pain.
1 month ago
I run multiple claudes in danger mode, when it burns me it'll hurt but it's so useful without handcuffs and constant interruption I'm fine with eventually suffering some pain.
Please post when it breaks something important so we can laugh at you.
What would it break? It can't do anything that NPM malware wouldn't also do and that's a risk I've already accounted for.
At best someone extracts 0-59 minutes of a session key for my aws credentials for one development account, boring, whatever source code is currently on the machine, also boring,
There's more risk that vetting someone on Upwork goes wrong and they burn me than Claude does.
Am I blind to the actual risk here? how many of you execute unverified code from libraries without a sandbox?
In that case, you’re not a very nice person.
Meh. When someone proudly announces to the world they are deliberately doing unsafe things as if they are untouchable, then it is only fair to be mocked when they are finally touched.
In some cases "victim blaming" is just fine.
Like if someone purposefully runs at a brick wall, it's just fine to go <nelson>HA-HA</nelson> at them. Did they expect a different result than pain?
You should not have mercy on someone who repeatedly ignores all warnings without thinking and then hurts themselves in the way the warnings promised. At that point you are on your very own.
If you don't impose some kind of sandboxing, how can you put an upper bound on the level of "pain"? What if the agent leaked a bunch of sensitive information about your biggest customer, and they fired you?
Someone could post everything on that machine to the internet and nothing would happen because I'm not that interesting, my code isn't that interesting, there's no customer data on the machine.
I sell bespoke SaaS solutions to mid sized businesses. Really really boring stuff. My moat isn't my secret super duper fast software or secret client list, it's that I can integrate and iterate faster than others can in the same space.
Part of that value comes from letting Claude do his thing.
At least put it in a container, you savage.
Same risk model - it's still going to have access to the recent AWS session, access to the source code. I guess it's also got my KDE settings too, what a score.
I'm not running it on my personal computer or anything with cookies, private keys, or anything like that.
Ah, no risk, no fun! };->
This feels like the new version of not using version control or never making backups of your production database. It’ll be fine until suddenly it isn’t.
I have hourly snapshots of everything important on that machine and I can go back through the network flow logs, which are not on that device, to see if anything was exfiltrated long after the fact.
It's not like I'm running it where it could cause mayhem. If I ever run it on the PCI-DSS infra, please feel free to terminate my existence because I've lost the plot.
Likewise. I’ll regret it but I certainly won’t be complaining to the Internet that it did what I told it to (skip permission checks, etc.). It’s a feature, not a bug.
I do to. Except I can't be burnt since I start each claude in a separate VM.
I have a script which clones a VM from a base one and setups the agent and the code base inside.
I also mount read-only a few host directories with data.
I still have exfiltration/prompt injection risks, I'm looking at adding URL allow lists but it's not trivial - basically you need a HTTP proxy, since firewalls work on IPs, not URLs.