おお猫さん12h ago

AI coding harness 進步神速,但安全跟隱私在這波熱潮裡明顯被忽略。

這個月 Codex 大概正式反超 Claude Code,成了 AI coding 的當紅炸子雞。但有件很惱人的事:它預設就能讀取專案資料夾以外的檔案( https://github.com/openai/codex/issues/5237 有直接討論)。

所以在預設設定、沒開 --dangerously-bypass... flag 的情況下,它理論上就可以:
- 讀取你家目錄的 API key、加密貨幣錢包金鑰
- 讀取 ~/.ssh 私鑰、.env、雲端憑證(AWS、GCP 等)
- 讀取其他專案的原始碼(可能含客戶資料或商業機密)
・把以上內容塞進送往 OpenAI API 的 context

AntigravityCLI、Gemini CLI和Claude Code這個權限預設有擋好。

#AICoding #LLM #Codex #ClaudeCode #AIAgents #InfoSec #Privacy

Codex reads files outside working directory without my permission · Issue #5237 · openai/codex

What version of Codex is running? codex-cli 0.46.0 What subscription do you have? I'm using an API key for auth Which model were you using? gpt-5-codex What platform is your computer? Darwin 25.0.0...

GitHub
David Foster19h ago
I underestimated how difficult it would be to setup a local LLM (AI model) for coding assistance. Must consider: Model size, obscure hardware specs (like memory bandwidth), quantization choices, hardware optimization support, per-tool (non-)support for different model formats. What a mess. #aicoding
tech news ᳇ eicker.news21h ago
#Microsoft’s #GitHub, despite its potential advantage in the #AIcoding race due to its large developer base, has faced challenges. Outages, executive turnover, and competition from newer tools like #Cursor and #Anthropic’s #ClaudeCode have impacted its growth. https://www.cnbc.com/2026/05/22/microsoft-was-positioned-to-win-in-ai-coding-outages-got-in-the-way.html?eicker.news #tech #media #news
codeinabox1d ago

Make the Domain Explicit: From Procedural Mess to Local Reasoning

https://programming.dev/post/50840578

Make the Domain Explicit: From Procedural Mess to Local Reasoning - programming.dev

Lemmy

NERDS.xyz – Real Tech News for Real Nerds [Unofficial]1d ago

Virgin Atlantic says OpenAI Codex cut weeks of coding work down to minutes

https://fed.brid.gy/r/https://nerds.xyz/2026/05/virgin-atlantic-openai-codex/

codeinabox1d ago

AI productivity debate

https://programming.dev/post/50803768

AI productivity debate - programming.dev

Lemmy

codeinabox2d ago

Twelve Ways to Be Wrong About AI-Assisted Coding

https://programming.dev/post/50791472

Twelve Ways to Be Wrong About AI-Assisted Coding - programming.dev

Lemmy

HackerNoon2d ago
Learn practical Claude Code workflow using CLAUDE.md, skills, plan mode and token discipline to generate Java Spring Boot code that survives real pull request. https://hackernoon.com/claude-code-wont-write-production-ready-code-until-you-do-this #aicoding
Claude Code Won’t Write Production-Ready Code Until You Do This | HackerNoon

Learn practical Claude Code workflow using CLAUDE.md, skills, plan mode and token discipline to generate Java Spring Boot code that survives real pull request.

NewsletterTF2d ago

Compiler Shift: UC San Diego and Meta Unveil TLX

UC San Diego and Meta's new TLX compiler helps AI systems use GPU hardware better. It makes large AI training and AI inference systems more efficient starting May 19, 2026.

#AICompiler, #GPU, #MetaAI, #UCSanDiego, #AICoding

https://newsletter.tf/ucsd-meta-tlx-compiler-ai-gpu-speed/

NewsletterTF2d ago

The new TLX compiler from UC San Diego and Meta makes AI systems run faster on GPUs. This is important for large AI training and inference systems.

#AICompiler, #GPU, #MetaAI, #UCSanDiego, #AICoding
https://newsletter.tf/ucsd-meta-tlx-compiler-ai-gpu-speed/

UC San Diego & Meta TLX Compiler Helps AI Systems Run Faster

UC San Diego and Meta's new TLX compiler helps AI systems use GPU hardware better. It makes large AI training and AI inference systems more efficient starting May 19, 2026.

NewsletterTF