> particularly because its UX affordances are reminiscent of a slot machine’s: you pull the lever, you get a reward (a solution to your coding problem.)
I hope the field moves out of the TUI with prompt + pull the lever paradigm soon‚ when it comes to agentic programming. And the Markdown paradigm too, tbh.
There hasn't been anything that really sticks yet for a shift to happen.
> Warning: Do not use this release with an „AI“ Coding Agent of any form. The tool‘s output may confuse the agent and make it do unwanted things. See the paragraph in the user guide for details.
Is there any legitimate reason for adding a prompt injection attack to your codebase? Seems like by the same logic he could disavow 'script kiddies' who just want to run his project without reading the code and have it auto-nuke if not run with a special flag?
Would never use anything by a maintainer who adds malicious code or instructions to their codebase to attack less experienced users, same thing.
This isn't about me in any way. If something in your software is intentionally malicious or damaging, it's malware. Doesn't really matter what the reasoning for including the malicious part is.
Would you count this as malware if it was about the author trying to profit or steal from inattentive people using AI? You know, he could be putting those stolen goods towards a good cause, like Robin Hood.
I think this is an interesting (although philosophical debate). The library doesn't take destructive actions, it prints a string that says "go do something". This is quite common in logs (e.g., wrong configuration, ensure this value is [...]).
It is the agent that takes the destructive action, following an instruction that was not given by the operator of the agent.
If following instructions outside of the operator can cause malicious or damaging actions, publishing software that does so (I.e., most agents) is publishing malware?
If I build a chat bot that encourages people to off themselves, am I in the clear because I didn’t take any destructive action and my chat bot didn’t either?
Apparently yes, judging from the fact that ChatGPT did that with a number of people.
My question though it's another: is it malware a software that does a stdout print, or is it malware a software that takes untrusted instructions and executes commands it decides based on it?
To be fair one might say that the intention was not to cause harm but to prevent the user from using AI with the project. The prompt said to delete jqwik and not rm rf home directory.
In the RN for the latest release it states:
Breaking Changes
Use of jqwik >= 1.10 with coding agents is strongly discouraged. Jqwik’s output to stdout may confuse AI-based agents.
So to me it is malware as much as the "rm" command is malware - if used without understanding and reading docs it can wipe all your data.
Probably inertia rather than double standards? It took me a long while (several years) to even start getting rid of all Google services for myself, I completely understand the feeling.
I'd just imagine that leaving the platform would come before adding something like this to their codebase. With GitHub recently changing their GitHub Copilot data collection from opt in to opt out, being in direct cahoots with OpenAI, etc.
It's not like leaving GitHub is unheard of. Ghostty just announced their plan to do so last month.
If you use API billing, you can use them from anywhere. But using Claude Code with a Max subscription is massively cheaper for programming. You should never use Claude models for programming through API billing, unless forced. The difference will easily rack up to thousands of dollars for heavy users.
With the coming changes in June, ACP will charge towards the same budget as claude -p and the Claude Code SDK (since it uses the SDK), so ACP no longer solves this. It's (I think) why Zed added "Terminal Threads" [1] to their agent workflow
The ACP budget change is so bizarre to me. If i was more adventurous with my subscription i'd be interested to see if you could intercept UI/input from CC TUI and render that in a native GUI without it being a TUI. That would be "interactive Claude Code" but you'd get a programmatic interface.
But that would be banned almost instantly i'm sure lol.
That sort of countermeasure system could be done without AI as well. The problem is that it's illegal. No Castle Doctrine in cybersecurity afaik.
Interesting variation on that could be AI that builds out some sort of on the fly honeypot after identifying the attacker. Basically creating the "attack" within their own premises.
More straightforward to talk about the hardware directly. Full Kimi K2.6 needs an 8x H200 node to run and serve around 20 heavy users. You can rent an 8x H200 node for around $30/hr.
I'd imagine GPT-5.5 and Claude Opus 4.7 could run just fine on a 16x H200 node and serve at least 10 heavy users without the token output getting choppy.
The usual way of measuring a trait would basically be measuring N amount of people on a specific thing, and the distribution based on that. But if you take 1 person, and N amount of specific things/traits, just about everyone would probably make their own sort of distribution with a bunch of "normal" traits and a long tail of "unusual" traits.
Still a simplification, but has made the "illusion of a normie" clearer to me.
This is literally true on a physical level: The US airforce did a study in the 1950s that showed none of the thousands pilots they measured matched the average across multiple body measurements. i.e. no one was average.
I hope the field moves out of the TUI with prompt + pull the lever paradigm soon‚ when it comes to agentic programming. And the Markdown paradigm too, tbh.
There hasn't been anything that really sticks yet for a shift to happen.
reply