[watty]

Just to clarify, and I know you weren't saying they are related, but this has absolutely nothing to do with AI or vibe coding or manager code.

It's a continuation of the Shai Halud worm and the lack of security around developer dependnecy installations, which has existed for a very long time.

Hackers have figured out that developers themselves are an ideal target due to how easy it is to trick them into installing something and how much private information they have on their machines (creds, cloud clis, mcps, etc.).

[josefx]

> due to how easy it is to trick them into installing something

You have tools from large corporations where the official installation procedure involves copy pasting a command from a random blog post, run it with sudo and watch it download and execute a script from a random filehost. This is somehow deemed acceptable by everyone involved.

Meanwhile I can't use teams in our meeting rooms, since any form of internet access was deemed a security risk in rooms where customer projects could be discussed. This is in a day and age where 90% of customer meetings are done over the internet.

Anyone trying to follow sane practices in this industry just asks to end up in a padded cell.

[chickensong]

> Anyone trying to follow sane practices in this industry just asks to end up in a padded cell.

Same as it ever was.

[dessimus]

> Meanwhile I can't use teams in our meeting rooms, since any form of internet access was deemed a security risk in rooms where customer projects could be discussed. This is in a day and age where 90% of customer meetings are done over the internet.

I hope this is in jest. Are you saying in order to discuss any customer project you have to book a meeting room? So no discussions of customer projects at the open plan desks or even in your boss' office for fear that something might overhear that conversation? Or is this only when the customer happens to be on-site to discuss their project? Does your organization assign U.S. Military style NICKA code names to everything?

[dirkc]

> This is somehow deemed acceptable by everyone involved

By some, not all. It's been crazy from the start and it is still crazy to pipe a script to bash!

[madeofpalk]

As with many other things, AI exacerbates this problem. It’s so easy for many more of things things to happen unattended and in greater volume, and the AIs themselves can be tricked into doing these things, not helped by their patten of “prompt the user to approve 30 different inscrutable pythons and bash scripts”.