|
|
|
|
|
|
by jaboostin
84 days ago
|
|
|
eh I can nuke the VM and start fresh. Everything is in git anyway. As for sensitive data, it has its own accounts and no credit cards etc so the blast radius feels limited. I would say this is a fundamental impediment to being used in serious use-cases but for some friends messing around I’m not worried. It could have installed say, that vulnerable version of litellm, and the entire VM is compromised. But it’s on an isolated vlan anyway so the worst it can really do is use bandwidth and maybe hurt my IP reputation? I could move it to a cloud VM but the risks seem minimal at the moment. I’m definitely not advocating for no defense in depth, but npm install in an isolated VM feels safer than npm install on my work laptop these days :-) |
|
|
Fair point, so it's really a fancy tamagotchi you got there I guess haha