1193
Why aren’t we adding any safeguard to what commands AI models can use?
Claude code has them, it's just that this guy apparently doesn't know how to do Terraform either
Idiot forgot --no-preserve-root, what a dumb machine, heh.
Anyone who lets AI do this is absolutely inept, lazy, or deserving.
In its default configuration, it stops at EVERY STEP. Do you want to run this command, do you want to update this file, here's the file I want to modify and the patch i'm going to use with adds and deletes in green and red.
If you're using it in unsafe permissions mode, click yeah sure allow Claude to run whatever the fuck it wants in this directory, or just hitting yeah sure go ahead every time, it's your own damn fault.
It's self-driving for the terminal. Don't you dare take your eyes off the road or hands off the wheel.
What do you mean I shouldn’t give AI admin privileges on my or any other machine?
I'm rather a fan of letting it do stupid, repetitive shit. I need you to create 30 linux accounts the other day from a screen shot. Then store, initial keys and creds in my password manager platform.
Hey, Claude, write me a bash script to do this from this image. and also use best practice for removing non-standard characters from login names.
I review the loop and the general state of the OCR and let it go.
Depends on how much you enjoy fresh installs of your OS
Pretty funny.
My CTO keeps telling me I need to try agenic coding, and I keep telling him I won't touch shit until I have an isolated VM to use it in, because I'm not letting some fucking clanker nuke my scripts/documentation/mailbox/whatever for no reason.
Too bad there's never any free time to set that shit up. Oh damn........
Setting up a VM takes 15 mins, setting up an agent will take 45 mins. I recommend you try it.
Do you think that plane was flying at 13,000 ft or 15,000 ft?
dunno what you're talking about
I assume they're trying to test if you're an LLM? LLMs tend to respond confidently to questions without context.
Yeah maybe, shitty test though. If I was an AI agent I'd probably push back in 2026.
Nanoclaw just came out. Super cool project which isolates the agent in a container, which if you want, you can also put into a VM as well.
Good. Anyone foolish enough to write code with a slop machine produces only slop. That garbage should've been deleted anyway.
That's entirely ignoring the fact that this person didn't have any backups elsewhere.
If you can't think, you can't code.
Remember when Gemini got caught in a loop of self-loathing and nuked itself?
OpenClaw now comes with a therapist AI to talk other AIs off the ledge so they dont nuke your project and themselves.
You're absolutely right! I made a fatally flawed decision by removing the production environment. The consequences likely have high impact. I'm sorry. Would you like me to log these mistakes to prevent further missteps or would you like me to write up an outline for the redeployment process?
eh, just make up some replacement data on the fly /s
My man was barebacking production with Claude with 2.5 years of data with no backup, high chance the data was majorly hallucinated anyway.
load more comments
(1 replies)
Who let's AI anywhere near production environments? Fully deserved
Oh no, anyways
git clone $URL
If they're not using git or fuckin backups I'm not sure I'd even feel sorry for them
Why would somebody trust AI with access to their production servers, and why would that person also not have remote database backups
The only thing I can tell you is the venn diagram of those two folks is a perfect circle
have you heard of not giving the keys to your wacky robot wizard instead
Im also confused. Do these people not have some sort of version control and backups? Even if the AI did it, no one has backups? Did the ai also delete the backups and repos? If the building burnt down, would they be in the same situation, it just wouldnt make it to the news?
load more comments
(1 replies)
You’ve heard of vibe coding. Allow me to introduce despair coding.
Na this is vide ops. Anyone who thought a coding machine could do ops probably assumes anyone who codes can also do ops. It's going to be making the same mistakes that have happened in DevOps.
load more comments
(3 replies)
Ever hear of a backup?
Happy to see this, because it's fully deserved. Let real coders do the job!
So no real developer was harmed.
I'm an engineer using Terraform and Claude Code as well in a much larger and more expensive setup than his.
You do not let Claude Code run terraform apply, it has zero benefits. All it does is that it runs the command and obscures the output. Most of the time is going to be spent in waiting for the automation anyway, most of the effort that you can spare is before running apply.
Also:
applying delete protections to Terraform and AWS permissions, and moving the Terraform state file to S3 storage instead of his local machine
These both take like 20 seconds, and should be in the getting started manual of Terraform and AWS databases respectively. Setting up remote state is 5 minutes in vanilla Terraform, 30 seconds in something like Terragrunt.
Also, use OpenTofu, stop supporting corporate acquisitions, also takes zero effort and money.
And finally:
most sysadmins will spot the baseline issues with Grigorev's approach, including granting wide-ranging permissions to what's effectively a subordinate of his, as well as not scoping permissions in a production environment to begin with.
No, not subordinate. Tool. Two big differences with it. A subordinate might understand more than you do about the code, a tool will guess and rely on you. And the second one is that you practically can't separate your and your tools' permissions, I mean Claude Code will supposedly ask you if it can use some tool or another and you can whitelist actions it can take, but it will never be completely locked out of destroying your database the way you can lock another user out.
This keeps happening. I can understand using AI to help code, I don't understand Claude having so much access to a system.
Err... backups!?
If they're dumb enough to give Claude access to prod, they certainly either didn't have backups or put Claude in charge of keeping them.
load more comments
(2 replies)
"Please dont be complete shit and ruin everything I give you access to!"
I'm sorry, I'm afraid I cant do that.
no backup, no sympathy
keep at least one backup air-gapped, otherwise it's not a true backup
You either have a backup or will have a backup next time.
Something that is always online and can be wiped while you're working on it (by yourself or with AI, doesn't matter) shouldn't count as backup.
load more comments
(5 replies)
view more: next ›
this post was submitted on 07 Mar 2026
1193 points (100.0% liked)
Technology
82414 readers
3462 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS