Maybe I should give Codex a go, because sometimes I just want to ask a question (Claude) and not have it scan my entire working directory and chew up 55k tokens.

To be fair, read-only commands can still read sensitive files and keys, and exfiltrate them via prompt injection.

Not if you don’t have keys on your computer.

In my case, all of my keys are in AWS Secrets Manager. The temporary AWS access keys that are in environment variables in the Claude terminal session are linked to a role without access to Secrets Manager. My other terminal session has temporary keys to a dev account that has Admin access

The AWS CLI and SDK automatically know to look in those environment variables for credentials.

And “find” can easily execute arbitrary subcommands, which may not be readonly.

We need a new suite of utilities with defined R/W/X properties, like a find that can't -exec arbitrary programs. Ideally the programs would have a standard parseable manifest.

I've seen this before with sodoers programs including powerful tools. Saw one today with make, just gobsmacked.

That exists as SELinux.

I've largely avoided using the term "AI" to refer to the current LLM and generative technology because it's loaded with too much ambiguity and glosses over the problems with those technologies in the context of conversations around it.

Same, but I have used the term “generative AI” to describe generative models. Never the naked “AI” though (except in conversations with friends where the difference is pedantic because they’re not subject matter experts).

"AI" implies intelligence, which is nowhere to be found. "Text generators" is the best descriptive term.

"applied statistics"

Self-reported productivity does not equate to actual productivity. People have all sorts of biases that make such assessments fairly pointless. They only gauge how you feel about your productivity, which is not necessarily a bad thing, but it doesn't mean you're actually more productive.

To extend on this, the measures of productivity before LLMs were difficult for any kind of complex work, so there's no reason to think we would have better measures now.

You need broad economic measurements, not individual or company specific. And that takes a long time plus there's a lot of noise in the data right now (war, for example).

LLMs can be injected with biases as well. Just look at Grok's responses any time it's tagged in anything mildly political.

That’s like saying journalism is not useful because journalists are biased.

Bias is useful and inevitable

Bad journalists are biased. Good journalists will present a story as factually as possible and as void of bias as possible (of course it's impossible to not have any biases). Opinion pieces can have as much bias as they like as long as they're strictly marked as opinions.

That's not true. Any journalist would tell you that picking the stories you chose to cover is just as much a bias as how you chose to cover them. Even then, the specific words you pick, how you ask the interviewees, how you place the story on the page, what you pick as the "related stories". All of that is Editorial and reflects an opinion.

Good journalists are open about their angle. Bad journalists tell you they are "unbiased" and "just bringing you the facts".

In the case of publications we luckily have such fantastic resources as mediabiasfactcheck[0] to keep their bias in check and to keep them factual.

LLMs are much harder to fact-check because they can make anything up based on their training data and weights without sources.

[0] https://mediabiasfactcheck.com

And biased journalism is still useful and informational.

I mean yeah, it's Grok. They had to work really hard to get their preferred levels of political bias in there.

Any examples of political bias?

Apart from calling itself "Mecha Hitler" and that time it made every conversation be about "white genocide" in South Africa?

There's also Grokipedia, supposedly make by Grok, where I'd point to section 3.6 ("Controversial topics"): https://arxiv.org/html/2511.09685v1

As others have pointed out this is just US-centric, and doesn't work for most countries. The best option I can see is to have an autocomplete, and allow manual addresses with a country-specific form based on a country selection (or detection).

If it had been, maybe I wouldn't have had to spend years getting buy in for turning on that setting in my team's codebase.

The person you're replying to was making a clarification on the license, not arguing about the validity of changing the license or charging for it.

Libresprite is an important project because people can fork it and learn from it by extending it, and submit those patches upstream, regardless of how active it is.

I think aseprite is a perfectly fine project, but where possible, I like to use open source tools rather than proprietary tools.

I disagree. If my colleague can't be bothered to write a PR comment themselves then I can't be bothered to read it. If I can gain the same insights from interfacing an LLM directly then there's no point in this intermediary dance.

I think terminal workflows are intimidating for a lot of people, because the discoverability is lower than GUIs. You can't necessarily intuit how a CLI works, you have to read the documentation or watch a tutorial, which my 10 years in the IT industry has taught me a big barrier even for really experienced SWEs. The new coding TUIs are a more gentle introduction to that.

> ... because the discoverability is lower than GUIs.

The UI paradigm created by the emacs transient package [1] can improve the discoverability of CLI commands significantly. It's one of the components of magit, the famous git frontend, that makes it so awesome. It's discoverability is very close to that of GUIs and somehow even more pleasing to use than GUIs. I wonder if someone is trying this on terminals.

[1] https://github.com/magit/transient

I think people simply don't like to read or write. --help is probably as discoverable as it gets.

The program perhaps most responsible for the renewed interest in the terminal, Claude Code, is made with React. Life moves pretty fast.