HackerTrans
TopNewTrendsCommentsPastAskShowJobs

manchicken

no profile record

Submissions

1Password CLI Vulnerability

codeberg.org
119 points·by manchicken·9 माह पहले·60 comments

comments

manchicken
·6 माह पहले·discuss
You mention tokens, what else is in your threat model? Is your AI functionality a custom model?

I am concerned that you haven’t adequately explored and mitigated security and reliability risks involved here before asking folks to YOLO your app into their critical infrastructure.
manchicken
·6 माह पहले·discuss
Who said anything about privacy? Sure, privacy is a concern, but I’m more worried about a vibe-coded app produced by an inexperienced team without the assistance of a security team causing a breach, or an agent-caused outage.

It seems more likely that such a team would have poor security controls, insufficient staff training, and may themselves be threat actors.

For an enterprise tool like this, one which integrates with two or more other sensitive systems, I would expect a vendor to have some manner of independently audited security certification such as ISO-27001.
manchicken
·6 माह पहले·discuss
You may be mistaken. There is a good (and growing) number of folks who have noticed that vibe-coding isn’t always the right fit. There have also been a number of instances where AI agents have destroyed production environments.

In your 4+ years of “experience,” have you acquired the experience necessary to protect anybody’s GitHub, slack, or any other enterprise systems from the numerous security concerns that you’re just hand-waiving away?

Not all “devs” use AI, and very few companies would trust a fully vibe-coded enterprise system plugin with no security team, no enterprise support, no GDPR documentation, and all fielded by a team with fewer than five years of experience.

That seems like the path to breaches, or to having an agent take destroy sensitive systems, or both.
manchicken
·6 माह पहले·discuss
Wild how many folks vibe code a thing and then claim to have created something that they ask us to plug into critical infrastructure with the ability to read, write, and execute.

No thanks.
manchicken
·8 माह पहले·discuss
Privacy for me but not for thee
manchicken
·9 माह पहले·discuss
I don’t think there’s anything intrinsically awful about sports betting. I do think that the way American corporations have set it up, though, has made it a lot more predatory than many fans want to admit.
manchicken
·9 माह पहले·discuss
Yes. At least on macOS.