Those new though… Pondrat, poolrat, applejesus 😂 They sure are having fun.
At the same time, I’m becoming more convinced that dev environments should run in VMs or containers. It’s not clear to me if SELinux would help Amy against these kinds of threats.
It’s best to have a local copy of package repos with whitelisted libraries, or so I’ve heard. But containers are fine, too. Especially with VSCode .devcointainers, it’s super easy to setup and distribute with the repo, there’s really no reason not to do that.
The biggest issue here that a lot people don’t realize is Bing AI, it’s insanely easy to poison it’s results, since it summarizes search results. It’s only a matter of time before someone convinces it to start using or adding a typosquatted/malicious library to answers to a common programming question, and it will be a fun times ahead.
Those new though… Pondrat, poolrat, applejesus 😂 They sure are having fun.
At the same time, I’m becoming more convinced that dev environments should run in VMs or containers. It’s not clear to me if SELinux would help Amy against these kinds of threats.
Anti Commercial-AI license
It’s best to have a local copy of package repos with whitelisted libraries, or so I’ve heard. But containers are fine, too. Especially with VSCode .devcointainers, it’s super easy to setup and distribute with the repo, there’s really no reason not to do that.
The biggest issue here that a lot people don’t realize is Bing AI, it’s insanely easy to poison it’s results, since it summarizes search results. It’s only a matter of time before someone convinces it to start using or adding a typosquatted/malicious library to answers to a common programming question, and it will be a fun times ahead.