Comment by zmmmmm

Comment by zmmmmm 18 hours ago

3 replies

View on Hacker News

This is pretty egregious. And outside the fact the server is now disabled by default, once it's running it is still egregious:

> When server is enabled, any web page served from localhost/127.0.0.1 can execute code

> When server is enabled, any local process can execute code without authentication

> No indication when server is running (users may be unaware of exposure)

I'm sorry this is horrible. I really want there to be a good actual open cross-provider agentic coding tool, but this seems to me to be abusive of people's trust of TUI apps - part of the reason we trust them is they typically DON'T do stuff like this.

glerk 17 hours ago

Factory’s droid is pretty good for a cross-provider solution.

Reply View 1 reply
  • [removed] 15 hours ago
    [deleted]
    Reply View 0 replies