Post · bonfire.cafe

Post

Working on a set of personal backup/recovery scripts that store data remotely in an S3 bucket.

As I was putting API keys in config files, something hit me that made me profoundly sad:

Can I trust my IDE (vscode) and its extensions to not exfiltrate this key data via #copilot or other #AI features that are there by default?

The answer is: I don't know.
Which means the answer is no.

Are we really going to have to sandbox and monitor every single app we run?

I'm getting too old for this shit.

@jpoesen@social.jpoesen.com replied · last week

I used to worry about applications phoning home with metadata.

Now I worry about applications grabbing everything they can get their hands on while shouting "Don't worry, it's for your own good, you'll see!"

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

Automatic federation enabled