Claude code (as shown in the repo) can read the files on disk. Isn’t that already exfiltration? In order to read the file, it has to go to Anthropic. I don’t personally have a problem with that but it’s not secret if it leaves your machine.
IMO, you should treat your agent's environment as pre-compromised. In that reading, your goal becomes security-in-depth.
Anthropic is trying to earn developer trust; they have a strong incentive to make sure that private keys and other details that the agent sees do not leak into the training data. But the agent itself is just a glorified autocomplete, and it can get confused and do stupid stuff. So I put it in a transparent prison that it can see out of but can't leave.
That definitely helps with the main failure modes I was worrying about, but it's just one layer. You definitely want to make sure that your production secrets are in an external vault (Hashicorp Vault, Google Secret Store, GitHub secrets, etc) that the agent can't access.
The things that agent is seeing should be dev secrets that maybe could be used as the start of a sophisticated exploit, but not the end of it. There's no such thing as perfect security, only very low probabilities of breach. Adding systems that are very annoying to breach and have little offer when you do greatly lowers the odds.
Are you saying that because there is much more stuff to buy, like an internet connection, that the quality of life is lower? I mean sure after you factor out all the inexpensive / free entertainment, unlimited access to information, incredibly cheep clothing, lighting and consumer goods, vaccines etc life is so much worse than in the 1950’s
The thing is, all these “better than a medieval king” tech niceties still don’t cover the bottom of Maslow’s hierarchy for all, and “poverty” is the state of suffering those gaps for lack of money.
Even in very cheap local housing you usually still have heating, a fridge and more then enough food (to much more often then to little even for the poorest people).
I looked it up and Far-UVC (typically 222 nm) seems safe-ish. But how do you confirm it's not outputting 254 nm or other wavelengths in the UVA/B range? Seems likely to happen with sloppy production of sources. You really have to trust the filter on the light or verify the frequency somehow.
Does yours measure wavelengths that short? A lot of low cost spectrometers don't, because inexpensive glass and plastic optics transmit visible and near-IR radiation but significantly impair shorter UV wavelengths.
Do you have a recommendation for an inexpensive one? I’ve worked with OceanOptics Flame series, but they’re not exactly cheap, and their software was crap.
Elon replied with 100 emoji to a post that said “If White men become a minority, we will be slaughtered. Remember, if non-Whites openly hate White men while White men hold a collective majority, then they will be 1000x times more hostile and cruel when they are a majority over Whites. White solidarity is the only way to survive.”
Honestly this doesn't look better. You still have a large touch screen, but now you also have > 20 buttons on the steering wheel. Capacitive (no touch feedback) ones at that.
reply