Comment by hansvm
5 days ago
It's been all of 3 days since Claude decided to delete a large chunk of my codebase as part of implementing a feature (couldn't get it to work, so it deleted everything triggering errors). I think Anthropic is right to hold the line on not letting the current generation delete people.
You didn't use git with a remote repo? or did it somehow delete the repos, or perhaps you didn't commit and checkout into a feature branch before it ran?
I used git and appropriate sandboxing. It was fine. I just reset the sandbox and went on with my day.
It still made that decision though, and we don't have git for people.
You're 100% right, no respawns IRL.
>You didn't use git with a remote repo?
He said tried not succeeded.
(You might be missing the analogy being made.)
I probably am, sorry :)
I've had codex delete the entire project directory including .git, and the only thing that saved me was a remote copy.
I'm not blaming you, but it's scary how many people are running these agents as if they were trusted entities.
they're tools, you don't ascribe trust to them. you trust or distrust the user of the tool. It's like say you trust your terminal emulator. And from my experience, they will ask for permission over a directory before running. I would love to know how people are having this happen to them. If you tell it it can make changes to a directory, you've given it every right to destroy anything in that directory. I haven't heard of people claiming it exceeded those boundaries and started messing with things it wasn't permitted to mess with to begin with.
That would be --dangerously-skip-permissions for Claude, and --dangerously-skip-permissions for codex.
Aka yolo mode. And yes, people (me) are stupid enough to actually use that.
1 reply →
OK, but we learned decades ago about putting safety guards on dangerous machinery, as part of the machinery. Sure, you can run LLMs in a sandbox, but that's a separate step, rather than part of the machinery.
What we need is for the LLM to do the sandboxing... if we could trust it to always do it.
3 replies →
https://news.ycombinator.com/item?id=47150476
Hopefully they won't allow it to launch the nukes without input from the individuals in charge.
Unfortunately I think the 'death by algorithm' rubicon has already been crossed, even by the US.