llm/9ad11e16-7acb-4923-bb7e-5d14cd36cf3f/topic-9-0617f808-6e63-46b3-92cd-2a5aef2e0078-input.json
The following is content for you to summarize. Do not respond to the comments—summarize them. <topic> Security Risks of Remote Access # Several commenters express concern over the security implications of the proposed setup. Issues include leaving a computer unlocked at home, opening SSH ports (even via VPN), and the potential for bad actors to gain access to a local network. Discussions involve best practices such as using key-based authentication, locking the keychain via command line, and the general risks of exposing a development machine to remote connections. </topic> <comments_about_topic> 1. How did you make sure Claude wasn't doing anything unintended while allowing it to run scripts it wrote on your network? 2. I still manually approve tool use requests at the start of a run. As it gets deeper in I might allow it to run safer commands without that oversight (e.g. writing to local text files), but potentially destructive execution still requires approval. As for the local env, I'm treating the Android terminal as a sandbox. Anything gets trashed I just reset and reinstall my toolchain. I won't pretend I'd use this workflow for anything high-stakes. But for simple things like "I wonder how my Hue lights actually work?", its viable. 3. Run it inside a VM, make snapshots of the VM if needed (or use vagrant/ansible to rebuild), commit regularly, ... 4. The VM still needs access to the network for the use cases they described though. 5. Email might work, however if you're a Telegram user you could write a bot that runs on your home system that runs the cli commands on your behalf and then sends the output as a response to you. No need to open up any ports on your router. 6. > What is the downside to using email? Make sure you authenticate somehow to prevent external abuse. 7. interesting. email. Simple multiple sessions support to reply vs tabbing here there get threaded. clever with vpn vps if want to interact? how would that work? 8. E-mail is not secure (sent in plain text) 9. You're vibe coding. Clearly what you're working on isn't of enough value to secure anyway. 10. Unless you set up pgp in your email client... 11. I do the same. I can SSH into my router at home (which is on 24/7), then issue a WOL request to my dev machine to turn it on. You don't even have to fully shut down you dev machine, you can allow it to go into stand-by. For that it needs to be wired by cable to LAN, and configured to leave the NIC powered on on stand-by. You can then wake up the device remotely via a WOL magic packet. Maybe this is possible with WLAN too, but I have never tried. Also, you don't need a Tailscale or other VPN account. You can just use SSH + tunneling, or enable a VPN on your router (and usually enjoy hardware acceleration too!). I happen to have a static IP at home, but you can use a dynamic DNS client on your router to achieve the same effect. 12. Can you do the same to remotely wake up my MacBook on demand via WoL and ssh into it from my phone? What are the security risks? 13. My desktop is 11 years old, but I still feel like it does so much that I wouldn't want any cloud services except for AI. (And there's no way this thing would handle a useful local model, but I'm also really not very enthused about the kind of data sharing involved in remote AI use.) 14. Hey, come on, it could be better: you could have hundreds of employees venting directly to chat logs held by Microsoft detailing all your internal politics, planning, customer acquisition strategies, code, integrations desires, excel sheets, emails, and projects. Nothing could possibly go wrong, those guys are always 100% trustworthy and reliable, contracts and NDAs with them are ironclad and easily enforceable… … o_o 15. Termux can access the full file system if you have root access, which is how I play around with it; however, running a VM is a safer and easier route, especially as smartphone manufacturers are making it tougher to root the device you own. 16. Is being able to SSH into your home machine that easy these days? I never had a strong enough reason to spend more than a few minutes trying, but I always suspected that my ISP would make this harder for me than I would hope. 17. "2. Make sure your computer is ON and UNLOCKED When disconnecting/reconnecting power, make sure you unlock the computer. I've ran into this issue one too many times." - this is the biggest problem that needs to be solved - i dont want to keep my computer running 24x7 wasting power for stuff like this - why not make a robotic arm that you keep at the computer table which can use open cv to plug the computer on when required? 18. Do you have recommended reading? I haven't been confident enough that I wouldn't overlook serious security issues opening SSH on my own machines. 19. I’m wary of enabling ssh/remote login. It seems like it could be an attack vector. 20. Please mask your identifiers, unless they are already spoofed. You potentially give out a lot of your info to bad actors. Other than that, love it :) 21. Thanks! I did not sppof! I thought that since it was my local Tailnet, only devices on that net could connect. I just rebuilt the network as a precaution. 22. Most of the time it's probably fine, but we should assume we don't know about all the attack vectors bad actors might use, so better safe than sorry. I forgot to say that I _absolutely loved_ the photos! 23. My setup is very similar. After you log in you can unlock keychain by running this command ‘security unlock-keychain’ 24. Did I read that right, that you have to have your computer unlocked at all times? Yeah what can go wrong when you are travelling and your computer is at home unlocked lmao? </comments_about_topic> Write a concise, engaging paragraph (3-5 sentences) summarizing the key points and perspectives in these comments about the topic. Focus on the most interesting viewpoints. Do not use bullet points—write flowing prose.
Security Risks of Remote Access # Several commenters express concern over the security implications of the proposed setup. Issues include leaving a computer unlocked at home, opening SSH ports (even via VPN), and the potential for bad actors to gain access to a local network. Discussions involve best practices such as using key-based authentication, locking the keychain via command line, and the general risks of exposing a development machine to remote connections.
24