Just absolutely no regard for security at all.

cdamian@rls.social

@mhoye
Found it
https://grith.ai/blog/clinejection-when-your-ai-tool-installs-another

kayohtie@blimps.xyz

@pmc @mhoye @cwebber People granting tokens way too much access because it's easier to check a box for 'all' than it is to drill down and consider specifics needed, frequently.

401matthall@mastodon.xyz

@mhoye

FFS.

feld@friedcheese.us

@mhoye

> developers not working in an isolated environment (zone, vm, jail, etc) and letting their devtools access their whole laptop

they deserve it

tanepiper@tane.codes

@mhoye postinstall was probably the worst thing added to npm - it's been there since the start with absolutely no effort to secure it or remove it

mhoye@cosocial.ca

@feld "they deserved it" is a childish, bullshit response to systemic problems.

feld@friedcheese.us

@joe @mhoye well we used to tell people not to run .exe and .scr etc files on Windows or they'd get a trojan/virus.

A lot of what people do these days on MacOS/Linux is pretty damn close to running untrusted code/binaries

sun@shitposter.world

@feld @joe @mhoye have you actually set it up, it's not easy to get a working but reasonably convenient dev system. I've been trying for a while now

mhoye@cosocial.ca

@tanepiper It's been around in the Debian dpkg system for ages, and it's got a lot of utility in that context and definitely works system-wide. But the Debian community doesn't have the NPM "let anyone do anything whatever" ethos, and the versioning systems in that part of the world are much slower and more methodical. You pretty much need to be on Sid and updating every day to get bitten by this in that part of the ecosystem.

feld@friedcheese.us

@joe @mhoye you can trust what you get from your OS package manager and not much more.

npm, pip, cargo, hex, gem, etc are the wild west

tanepiper@tane.codes

@mhoye yes, that's the parallel part to it - being responsibility enough to have that level of utility - sadly npm is a wildwest of some of the poorest software development practices out there.

hennell@phpc.social

@tiotasram @mhoye yeah not sure I'd want it installed, but I assume it doesn't do anything just on install, like you'd need to set-up keys or features or something? But then I wouldn't assume packages could global install so who knows anymore.

vfig@mastodon.gamedev.place

@mhoye the "S" in "AI" stands for "Security"

rick_d_card@mastodon.social

@mhoye Yikes!

nobody@mastodon.acm.org

@mhoye
Gotta love ai

dalias@hachyderm.io

@mhoye How tf does "npm install openclaw" result in openclaw being given backdoor privileges? As opposed to just some files appearing that only do anything if you execute them.

mischievoustomato@tsundere.love

@feld @mhoye i wonder what this applies to, I've done baremetal rust dev (personal project) with cargo, but it was a thing I made from scratch.

mischievoustomato@tsundere.love

@feld @joe @mhoye @sun explain the process

lispi314@udongein.xyz

@mhoye@cosocial.ca That’s an impressive malware distribution hack.

I would ask if cline was compromised but looking up what it is, it was malware from the very start.

feld@friedcheese.us

@mischievoustomato @joe @mhoye @sun make a freebsd jail (like a mini copy of the whole OS). put all your dev tools in there. run them from within the jail. if it gets popped, they can't get out to the juicier bits on your real OS