Summarizer

Security Risks of Remote Access

Several commenters express concern over the security implications of the proposed setup. Issues include leaving a computer unlocked at home, opening SSH ports (even via VPN), and the potential for bad actors to gain access to a local network. Discussions involve best practices such as using key-based authentication, locking the keychain via command line, and the general risks of exposing a development machine to remote connections.

← Back to Stop Doom Scrolling, Start Doom Coding: Build via the terminal from your phone

The discussion highlights a sharp tension between the convenience of remote AI execution and the vulnerability of leaving home hardware unlocked and accessible via the web. While some users advocate for sandboxing tools in virtual machines or using Telegram and email bots to avoid opening ports, others remain deeply skeptical of the privacy risks inherent in data-sharing with cloud providers. Practical workarounds like Wake-on-LAN and command-line keychain unlocking are suggested to minimize power waste and exposure, yet many commenters agree that such setups are currently best suited for low-stakes experiments rather than high-stakes development. Ultimately, the consensus emphasizes that while remote access is increasingly accessible, it requires a rigorous combination of manual approvals and network isolation to prevent unintended scripts or bad actors from compromising the local environment.

24 comments tagged with this topic

View on HN · Topics
How did you make sure Claude wasn't doing anything unintended while allowing it to run scripts it wrote on your network?
View on HN · Topics
I still manually approve tool use requests at the start of a run. As it gets deeper in I might allow it to run safer commands without that oversight (e.g. writing to local text files), but potentially destructive execution still requires approval. As for the local env, I'm treating the Android terminal as a sandbox. Anything gets trashed I just reset and reinstall my toolchain. I won't pretend I'd use this workflow for anything high-stakes. But for simple things like "I wonder how my Hue lights actually work?", its viable.
View on HN · Topics
Run it inside a VM, make snapshots of the VM if needed (or use vagrant/ansible to rebuild), commit regularly, ...
View on HN · Topics
The VM still needs access to the network for the use cases they described though.
View on HN · Topics
Email might work, however if you're a Telegram user you could write a bot that runs on your home system that runs the cli commands on your behalf and then sends the output as a response to you. No need to open up any ports on your router.
View on HN · Topics
> What is the downside to using email? Make sure you authenticate somehow to prevent external abuse.
View on HN · Topics
interesting. email. Simple multiple sessions support to reply vs tabbing here there get threaded. clever with vpn vps if want to interact? how would that work?
View on HN · Topics
E-mail is not secure (sent in plain text)
View on HN · Topics
You're vibe coding. Clearly what you're working on isn't of enough value to secure anyway.
View on HN · Topics
Unless you set up pgp in your email client...
View on HN · Topics
I do the same. I can SSH into my router at home (which is on 24/7), then issue a WOL request to my dev machine to turn it on. You don't even have to fully shut down you dev machine, you can allow it to go into stand-by. For that it needs to be wired by cable to LAN, and configured to leave the NIC powered on on stand-by. You can then wake up the device remotely via a WOL magic packet. Maybe this is possible with WLAN too, but I have never tried. Also, you don't need a Tailscale or other VPN account. You can just use SSH + tunneling, or enable a VPN on your router (and usually enjoy hardware acceleration too!). I happen to have a static IP at home, but you can use a dynamic DNS client on your router to achieve the same effect.
View on HN · Topics
Can you do the same to remotely wake up my MacBook on demand via WoL and ssh into it from my phone? What are the security risks?
View on HN · Topics
My desktop is 11 years old, but I still feel like it does so much that I wouldn't want any cloud services except for AI. (And there's no way this thing would handle a useful local model, but I'm also really not very enthused about the kind of data sharing involved in remote AI use.)
View on HN · Topics
Hey, come on, it could be better: you could have hundreds of employees venting directly to chat logs held by Microsoft detailing all your internal politics, planning, customer acquisition strategies, code, integrations desires, excel sheets, emails, and projects. Nothing could possibly go wrong, those guys are always 100% trustworthy and reliable, contracts and NDAs with them are ironclad and easily enforceable… … o_o
View on HN · Topics
Termux can access the full file system if you have root access, which is how I play around with it; however, running a VM is a safer and easier route, especially as smartphone manufacturers are making it tougher to root the device you own.
View on HN · Topics
Is being able to SSH into your home machine that easy these days? I never had a strong enough reason to spend more than a few minutes trying, but I always suspected that my ISP would make this harder for me than I would hope.
View on HN · Topics
"2. Make sure your computer is ON and UNLOCKED When disconnecting/reconnecting power, make sure you unlock the computer. I've ran into this issue one too many times." - this is the biggest problem that needs to be solved - i dont want to keep my computer running 24x7 wasting power for stuff like this - why not make a robotic arm that you keep at the computer table which can use open cv to plug the computer on when required?
View on HN · Topics
Do you have recommended reading? I haven't been confident enough that I wouldn't overlook serious security issues opening SSH on my own machines.
View on HN · Topics
I’m wary of enabling ssh/remote login. It seems like it could be an attack vector.
View on HN · Topics
Please mask your identifiers, unless they are already spoofed. You potentially give out a lot of your info to bad actors. Other than that, love it :)
View on HN · Topics
Thanks! I did not sppof! I thought that since it was my local Tailnet, only devices on that net could connect. I just rebuilt the network as a precaution.
View on HN · Topics
Most of the time it's probably fine, but we should assume we don't know about all the attack vectors bad actors might use, so better safe than sorry. I forgot to say that I _absolutely loved_ the photos!
View on HN · Topics
My setup is very similar. After you log in you can unlock keychain by running this command ‘security unlock-keychain’
View on HN · Topics
Did I read that right, that you have to have your computer unlocked at all times? Yeah what can go wrong when you are travelling and your computer is at home unlocked lmao?