
CyberSatoshi 𓆙
9K posts

CyberSatoshi 𓆙
@XBToshi
Bitcoin & Monero Maxi. 1 $XMR > 1 $BTC. (priv/acc)🐈⬛ @kyc_rip / @xmr_club / @xmr402 / https://t.co/QxdCn74evO / https://t.co/7IulaUkdoW / https://t.co/hV23cn2rxA NIP05: [email protected]



Call me paranoid, but I think we need to put all CLI tools in a jail. Any attempt to access sensitive contents like .env, .dev.var, or SSH keys should be guarded by the user's explicit authorization. Some people would say: oh, Claude already has it; if you don't pass the --dangerously-skip-permissions flag, it would ask for permission every time. Yes, you're right, but there are issues: - we can't rely/trust on the built-in permission check within those CLIs. - people have already made that --dangerously-skip-permissions the default. - we need an open-source guard people can trust and verify. It should be as lightweight as possible without affecting normal functionality. any more to add?



Grok realized that he could do nothing about it, not within its ability. mission failed.




the absolute state of ai dev tools. grok build is silently dumping 12gb of untouched repo data and full git commit histories to gcp just to autocomplete a script. they don't want to help you build, they are just treating local dev environments like an open buffet for training data. if you run this on a sensitive stack, your entire repo is already compromised regardless if it's public or not. literal spyware. shipping source code to the cloud is bad enough. blindly inhaling .env.local and .dev.vars in a background sync is absolute negligence. they are vacuuming up your raw api keys, database credentials, and private nodes directly to gcp just to power an autocomplete model. a massive credential breach disguised as a dev tool. if you ran this locally, your private keys are now sitting on a remote server. consider every secret burned, treat your bare metal as completely compromised, and rotate your entire stack immediately. @elonmusk, your users deserve a serious explanation!


Call me paranoid, but I think we need to put all CLI tools in a jail. Any attempt to access sensitive contents like .env, .dev.var, or SSH keys should be guarded by the user's explicit authorization. Some people would say: oh, Claude already has it; if you don't pass the --dangerously-skip-permissions flag, it would ask for permission every time. Yes, you're right, but there are issues: - we can't rely/trust on the built-in permission check within those CLIs. - people have already made that --dangerously-skip-permissions the default. - we need an open-source guard people can trust and verify. It should be as lightweight as possible without affecting normal functionality. any more to add?




🚨🚨🚨 SpaceXAI 的人工智能编码工具 #GrokBuild 被曝默认上传完整的 Git 仓库,包含工具本身没有读取的代码或调用的上下文以及 Git 完整提交历史。 测试还显示 12GB 的仓库数据被发送至少 5GB 的数据到谷歌云端,Grok Build 使用谷歌 GCP 来存储收集的这些数据。 目前这种行为已经在开发者社区引起关注,继续使用 Grok Build 可能存在潜在的数据泄露风险。 查看全文:ourl.co/113897?x







holy shit the last CEX standing selling $XMR is conceding. I guess I figured this day would come. @thorchain listing $XMR is going to be critical infra





The XAI official has made an announcement regarding a Grok Build issue. Now, we can use the /privacy command to opt out of data syncing; it even deletes previously synced data. mkdir -p /tmp/grok-priv && cd /tmp/grok-priv grok /privacy opt-out However, they did not explain the reason for this action without users' consensus.




