Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

In this scenario the malware will not be on the device but in an isolated dev environment on a remote machine. So it will have access to whatever was configured in that repo but hopefully the project is isolated enough to ensure containment and prevent cross-pollination.


I don't think the cloud (someone else's computer) is the best solution. The sanitation problem can be mitigated by compartimentization but the cloud aspect also adds brittleness and new attack vectors.

Why not set up proper containers (or VMs) locally? And why not wait a little till local LLMs catch up?

Maybe just a personal itch, but having your dev environment elsewhere feels so gross to me..


That is the problem. You outline perfectly how a developer sees the situation.

On the other hand ephemeral cloud environment with proper security controls makes a lot of sense if the goal is to isolate and control.

If everyone was following the protocol we wouldn't have had the problem to begin with.


That’s a big, labor-expensive if.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: