Comment by butlike

3 days ago

So the idea is that these should be treated as programs in an extremely low trust environment, akin to running malware in a VM?

yes, this is basically experimental tech, if used with open source harnesses. if used with proprietary harnesses, treat as actual malware.

  • Technically open source harness like opencode is more "malwarey" than claude code for example because its default permissions are very open.

    • I disagree with this, Claude code does many malware like things and has its source obfuscation. Plan mode doesn’t even work.

  • I never thought about it in that extreme, but just today the google results ai gave me conflicting information from one search to another. Maybe I should start.

    P.S. the conflicting information was Keith Richard's age. One search said he was 37 Dec 18 1981, the other said he was 37 in 1980.

  • I treat all proprietary software as malware, though of course the risk surface varies