Comment by maxloh

1 day ago

I don't find a closed-source Chinese agent system trustworthy.

It is essentially a black box with full user permissions, meaning you are just handing over your entire system to a Chinese-owned server. With OpenCode and its GLM provider, at least I can monitor which files were read, which were edited, and what commands were executed.

Not to mention that Chinese national security laws legally obligate companies to cooperate with state intelligence and counter-espionage efforts [0]. If you have this installed on a corporate workstation, and your company is large enough, the possibility of them spying on you is not just a risk—it's almost a certainty.

[0]: https://en.wikipedia.org/wiki/National_Intelligence_Law_of_t...

I agree. I don't find the US competitors trustworthy either. I think open source is the way here.

  • Thank you. It doesn't make sense to me how much people trust our companies so much more than Chinese ones for no reason. This country has an abysmal track record when it comes to respecting its citizen's rights or privacy. Propaganda working as intended I suppose.

    • It’s not no reason. At a fundamental level I don’t trust the companies any differently. But at a professional level, nobody is going to question my using Claude or OpenAI in a professional capacity - to work on customer projects, analyze their data, etc.

      I also consider Microsoft to be the biggest industrial spy in the world, them and google both are no doubt mining everything you type into office / gsuite, all your emails, etc. But nobody bats an eye when you write a word doc about some sensitive matter.

      If my customers thought I was feeding their data into a Chinese owned LLM API (which to be clear I’m not), I don’t think it would go over well, and I’d be exposed legally to all sorts of things.

      So the reason is risk aversion and desire to participate in US / western commerce. One can debate the actual threat, but why would you ever risk sending your data to a processor perceived as dodgy?

At least the model weights are open, I’m not American, so to me this is much more trustworthy in every possible way. You’re talking as if US intelligence are the good guys, and to me at least, they are not to any extent.

  • We are talking about an agent harness here, not a model.

    Nevertheless, Americans thinking they are morally superior to China is always quite funny.

    This administration is corrupt, cruel and doesn’t care about human rights.

    And the worst is… Americans have voted for that administration…. twice!

    I digress…

    • It didn't stop all of Facebook's behavior, far from it, but we did get to see Zuckerberg hauled in front of Senate committees multiple times (who we do vote for).

      This has never happened in China, and will never happen, nor anything like it. Some open oversight is almost always better than possible secret oversight (and do you think that the Chinese government has user privacy on even its top 10 priorities?)

    • foolish to blame one administration rather than all administrations since jfk was killed for trying to change things

    • While Trump is terrible, all the same morally questionable practices existed under Clinton, Bush, Obama, Biden. This administration just likes to brag about it. The US has been controlled by an evil technocracy/intelligence apparatus for 25+ years that gives zero f*ks about democracy or a constitution.

      1 reply →

  • What can you gain by looking at the weights, whether open source or not? Are they not what determines the model's output, but in an oblique way? We can't really fix the weights ourselves, weight by weight, or can we?

  • There's no way to safely use SOTA LLMs if privacy, and IP protection are your concern. Unless you want to spend 100k+ to host a 1T param model. Even if you use OpenCode you're sending all that information to random data centers you know nothing about.

    But yes, US intelligence has killed and ruined the lives of far more people than China has. Not sure how so many people buy into the narrative that they're protecting freedom and democracy.. They're protecting their freedom to kill and crush all their enemies and control every "democracy" on earth.

    • You can run one on a cloud provider. You’re correct that intelligence orgs probably still can access them, but if you’re that high value of a target then you have bigger problems and / or can afford to build an air gapped system or whatever. If you’re just concerned about other companies mining your messages, self hosting in the cloud solves that.

      Reminds me a bit of the old “is your adversary Mossad or not Mossad” decision matrix https://www.usenix.org/system/files/1401_08-12_mickens.pdf

    • "US intelligence has killed and ruined the lives of far more people than China has" - please provide a strong argument for this statement, with numbers and sources.

      I'm no apologist for the US Intelligence and related organizations (not by a very long shot), but that is a very extreme statement to make.

      5 replies →

That's why I like to use Reasonix with Deepseek. Hitting cache makes requests basically free and that's through unsubsidized American providers like Digital Ocean or cloudflare.

In a sense it's a clean reminder that all these, especially non-local, llm tools should NEVER run outside a container. I'm currently looking at z-jail specifically for these scenarios; VMs are too heavy & expose too many sec issues of their own for continual integrated use in my case.

Run it in a container under Opencode. It works great, and I even upgraded to their pro plan (~$60/month). If you want it in a container, there's info in my profile under my projects. That code is entirely open source, and it's there simply because I built what I needed for my own work. I'm sure there a zillion other ways to do it. However, I highly advise against running any agent on bare metal, regardless of the company's country of origin. My thesis addresses this directly and repeatedly.

By the way, some pedant recently asked why anyone would run software with only a few stars. My thoughts on that are minimal: people can practice whatever slop logic they want. I've architected and built systems that handled tens of thousands of users. I'm not fucking around. The way I build isn't typical, and I don't suggest anyone try to mimic my approach, but it works for me and the way my mind processes complex systems.

To the peanut gallery: use it or don't, but don't give me a hard time unless you're ready to get one back. I've made plenty of mistakes in my career, and accountability is a crucial part of growth. I'm more than willing to work with anyone using my code, provided they bring valid, substantial criticism to the table.

If you are not US based that’s not really a big concern.

  • I think it’s a real concern. Chinese companies are much more closely tied to the state, as in if you decide to go to China one day they might already have all the data on how you have interacted with their models.

    The US is certainly inching in that direction but it’s not like someone from the US government sits at Anthropic’s HQ reading chats from state people of interest.

    • > all the data on how you have interacted with their models

      1) there is a very non-zero chance that the US government also has that data from OpenAI and possibly Anthropic

      2) unless you are asking the chinese models to draw up plans to overthrow the chinese government, it's extremely unlikely they would ever care.

      while china has a track record of harassing it's own dissident citizens abroad, if you're not chinese and not trying to subvert their government (or are a high-ranking government official yourself), it's kind of silly to suppose they would ever care about you or what you do.

      and if you have information they want for their own national development purposes, like EUV engineers, they are much more likely to offer you fabulous amounts of money instead of try to intimidate or threaten it out of you.

      2 replies →

    • > if you decide to go to China one day they might already have all the data

      PRISM ... XKeyscore ...

      > The US is certainly inching in that direction

      Itching to go in a direction that (publicly known) they have been in for decades now.

      3 replies →

    • It's interesting how you would say this about China but not about the US, especially given what's happened recently with Anthropic and the US govt.

      Do you really think the US government doesn't get access or couldn't get access to any of your chats with Claude?

      1 reply →

yes but the americans are also doing it, and i don’t really work on anything worth spying on

NSA can also legally force companies to spy. Secret spy courts and gag orders are a thing.

Actually there are more such cases against the USA than China in public.

I'm in the US. The benefit of the Chinese spying on me vs a US company is the Chinese can't come to my door and take me to jail.

As someone who loves using OpenCode w/ local Chinese open source models, this is basically my take on this as well. There's no way I would ever put a piece of proprietary Chinese software that gets full system control on anything important. This is definitely something I would only ever run sandboxed in a lab environment for toy projects, not for serious work. I feel only marginally better about Codex/Claude Code, hence my strong preference for local LLMs w/ OpenCode, but a proprietary approach to Chinese models is a hard no from me dawg.

> It is essentially a black box with full user permissions,

You mean, like Windows and Android?