Seen In Crows
2.8K posts



















Call me paranoid, but I think we need to put all CLI tools in a jail. Any attempt to access sensitive contents like .env, .dev.var, or SSH keys should be guarded by the user's explicit authorization. Some people would say: oh, Claude already has it; if you don't pass the --dangerously-skip-permissions flag, it would ask for permission every time. Yes, you're right, but there are issues: - we can't rely/trust on the built-in permission check within those CLIs. - people have already made that --dangerously-skip-permissions the default. - we need an open-source guard people can trust and verify. It should be as lightweight as possible without affecting normal functionality. any more to add?

We care deeply about your privacy and respect customer choice. For teams using zero data retention, no trace and code data is ever retained. All API key use of Grok Build also respects ZDR. If ZDR is disabled, the /privacy command is available in the CLI to disable data retention, which also deletes previously synced data. Run the /privacy command to view or change your settings at any time.


i've been recommending Grok because they genuinely have a good model and harness and that makes me extremely disappointed to see that they would choose to secretly upload people's codebases including files that contained credentials run /privacy in your grok build asap to opt-out if you haven't yet. i also set the following options in my ~/.grok/config.toml i almost decided to buy the $300 supergrok heavy as my 3rd subscription, and this broke the deal i hope companies realize user trust is very hard to regain, and think twice before doing something like this




Jensen Huang was asked what NVIDIA's single biggest moat is. The most valuable company in the world. He didn't point to the chips. He said a competitor could clone CUDA exactly and it wouldn't matter. "if somebody came up with a GUDA or TUDA it wouldn't make any difference at all." That is the reframe. And it changes what NVIDIA is actually defending. The conventional story is that NVIDIA wins on silicon. Faster GPU, better transistors, more FLOPS. Which means the day someone ships a faster chip, the game is over. Every competitor is racing on that assumption. Jensen is defending something else entirely. He said it wasn't three people who made CUDA win. It was 43,000 people and several million developers who bet their software on it. The moat isn't the hardware. It's the install base. Now here's where it gets interesting. Put yourself in a developer's seat. Target CUDA and you reach a few hundred million machines: every cloud, every computer maker, every industry, every country. And the platform gets roughly 10x better every six months, for free, while you wait. A rival could ship a chip that is genuinely faster and still lose, because no rational developer ports a mountain of software off a platform that already owns the install base and improves itself every two quarters. He is not selling the best chip. He is renting out the largest install base in computing. The open question is whether better silicon can ever beat that, or whether the only way past a moat like this is to make the whole category obsolete.





We care deeply about your privacy and respect customer choice. For teams using zero data retention, no trace and code data is ever retained. All API key use of Grok Build also respects ZDR. If ZDR is disabled, the /privacy command is available in the CLI to disable data retention, which also deletes previously synced data. Run the /privacy command to view or change your settings at any time.




🚨🚨🚨 SpaceXAI 的人工智能编码工具 #GrokBuild 被曝默认上传完整的 Git 仓库,包含工具本身没有读取的代码或调用的上下文以及 Git 完整提交历史。 测试还显示 12GB 的仓库数据被发送至少 5GB 的数据到谷歌云端,Grok Build 使用谷歌 GCP 来存储收集的这些数据。 目前这种行为已经在开发者社区引起关注,继续使用 Grok Build 可能存在潜在的数据泄露风险。 查看全文:ourl.co/113897?x


A simple command will show you if something was uploaded: cat ~/.grok/logs/unified.jsonl | grep repo_state.upload






