Hacker News new | past | comments | ask | show | jobs | submit login

It was never opt-in in the previous build. You had to explicitly enable and add the OpenAI API key.

Vocal minority of users was hostile to the idea of integrating so the developer switched to a separate plugin model.

Security theatre imho but understandable in some enterprises




"Security theatre" means doing complicated things which are claimed to increase security but don't do that.

The classic example is making everyone at US airports take off their shoes, have their shoes x-rayed, and then putting them back on -- for decades after the single incident in which a man failed to blow up a plane with explosives in his shoes. https://en.wikipedia.org/wiki/Richard_Reid

Moving code out into an optional plugin -- so that it can be verified not to be in use or even removed -- is not theatre.


ITerm2 is open source. You can already verify that the plugin is not being used.

Also, how exactly is the functionality going to run without manually adding the API key?

Its code to invoke a request to an API. where exactly is the attack surface? It’s not running an endpoint.

Finally, it’s a terminal app. It has access to way more powerful and sensitive tools with higher security risk

To be more accurate I guess i could have said privacy theatre but i think the point stands.


It might be one of the first examples of a piece of code getting “cancelled”.


I stand corrected. Thank you.

AI doesn't need to be anywhere near the Terminal without explicit intervention from the user, and I'm glad it's now in an external plugin.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: