This is the security shortcuts of the past 50 years coming back to bite us. Software has historically been a world where we all just trust each other. I think that’s coming to an end very soon.
We need sandboxing for sure, but it’s much bigger than that. Entire security models need to be rethought.
The NIH syndrome becoming best practice (a commenter below already says they "vibe-coded replacements for many dependencies") would also save quite a few jobs, I suspect. Fun times.
This assumes that we can get a locked down, secure, stable bedrock system and sandbox that basically never changes except for tiny security updates that can be carefully inspected by many independent parties.
Which sounds great, but the way things work now tend to be the exact opposite of that, so there will be no trustable platform to run the untrusted code in. If the sandbox, or the operating system the sandbox runs in, will get breaking changes and force everyone to always be on a recent release (or worse, track main branch) then that will still be a huge supply chain risk in itself.
The secure boot "shim" is a project like this. Perhaps we need more core projects that can be simple and small enough to reach a "finished" state where they are unlikely to need future upgrades for any reason. Formal verification could help with this ... maybe.
> This assumes that we can get a locked down, secure, stable bedrock system and sandbox that basically never changes except for tiny security updates that can be carefully inspected by many independent parties.
For the most part you can. Just version pin slightly-stale versions of dependencies, after ensuring there are no known exploits for that version. Avoid the latest updates whenever possible. And keep aware of security updates, and affected versions.
Don't just update every time the dependency project updates. Update specifically for security issues, new features, and specific performance benefits. And even then avoid the latest version when possible.
Sure, and that is basically what sane people do now, but that only works until something needs a security patch that was not provided for the old version, and changing one dependency is likely to cascade so now I am open to supply chain attacks in many dependencies again (even if briefly).
To really run code without trust would need something more like a microkernel that is the only thing in my system I have to trust, and everything running on top of that is forced to behave and isolated from everything else. Ideally a kernel so small and popular and rarely modified that it can be well tested and trusted.
Virtual machines are that - tiny surfaces to access the host system (block disk device, ...). Which is why virtual machine escape vulnerabilities are quite rare.
>Which sounds great, but the way things work now tend to be the exact opposite of that, so there will be no trustable platform to run the untrusted code in.
This is the problem with software progressivism. Some things really should just be what they are, you fix bugs and security issues and you don't constantly add features. Instead everyone is trying to make everything have every feature. Constantly fiddling around in the guts of stuff and constantly adding new bugs and security problems.
I've been thinking the same thing. And it's somewhat parallel to what happened to meditation vs. drugs. In the old world the dangerous insights required so many years of discipline that you could sort of trust that the person getting the insight would be ok. But then any idiot can get the insight by just eating some shrooms and oops, that's a problem. Mostly self-harm problem in that case. But the dynamic is somewhat similar to what's happening now with LLMs and coding.
Software people could (mostly) trust each other's OSS contributions because we could trust the discipline it took in the first place. Not any more.
In the old world the dangerous insights required so many years of discipline that you could sort of trust that the person getting the insight would be ok. But then any idiot can get the insight by just eating some shrooms and oops, that's a problem.
I would think humans have been using psychedelics since before we figured out meditation. Likely even before we were humans.
What we need is accountability and ties to real-world identity.
If you're compromised, you're burned forever in the ledger. It's the only way a trust model can work.
The threat of being forever tainted is enough to make people more cautious, and attackers will have no way to pull off attacks unless they steal identities of powerful nodes.
Like, it shouldn't be a thing that some large open-source project has some 4th layer nested dependency made by some anonymous developer with 10 stars on Github.
If instead, the dependency chain had to be tied to real verified actors, you know there's something at stake for them to be malicious. It makes attacks much less likely. There's repercussions, reputation damage, etc.
> The threat of being forever tainted is enough to make people more cautious
No it's not. The blame game was very popular in the Eastern Block and it resulted in a stagnant society where lots of things went wrong anyway. For instance, Chernobyl.
Would you drive on bridges or ride in elevators "inspected" by anons? Why are our standards for digital infrastructure and software "engineering" so low?
I don't blame the anons but the people blindly pulling in anon dependencies. The anons don't owe us anything.
This option is available already in the form of closed-source proprietary software.
If someone wants a package manager where all projects mandate verifiable ID that's fine, but I don't see that getting many contributors. And I also don't see that stopping people using fraudulent IDs.
This looks like the same TeamPCP that compromised Trivy. Notice how the issue is full of bot replies. It was the same in Trivy’s case.
This threat actor seems to be very quickly capitalising on stolen credentials, wouldn’t be surprised if they’re leveraging LLMs to do the bulk of the work.
It amounts to an argument against pinning in a (IMO) weird world view where the package maintainer is responsible for the security of users' systems. That feels wrong. The user should be responsible for the security of their system, and for setting their own update policy. I don't want a volunteer making decisions about when I get updates on my machine, and I'm pretty security minded. Sure, make the update available, but I'll decide when to actually install it.
In a more broad sense I think computing needs to move away from these centralised models where 'random person in Nebraska'[0] is silently doing a bunch of work for everyone, even with good intentions. Decisions should be deferred to the user as much as possible.
I audited Trivy's GitHub Actions a while back and found some worrying things, the most worrying bit was in the setup-trivy Action where it was doing a clone of main of the trivy repo and executing a shell script in there. There was no ref pinning until somebody raised a PR a few months ago. So a security company gave themselves arbitrary code execution in everyone's CI workflows.
Aqua were breached earlier this month, failed to contain it, got breached again last week, failed to contain it again, and now the attackers have breached their Docker Hub account. Shit happens but they're clearly not capable of handling this and should be enlisting outside help.
The ref pinning part is almost worse than no pinning. You can pin the action itself to a commit SHA, sure. But half the actions out there clone other repos, curl binaries, or run install scripts internally. Basically none of that is covered by your pin. You're trusting that the action author didn't stick a `curl | bash` somewhere in their own infra.
Audited our CI a few months back and found two actions doing exactly that. Pinned to SHA on our end, completely unpinned fetches happening inside.
While GitHub obsess over shoving AI into everything, the rest of the platform is genuinely crumbling and its security flaws are being abused to cause massive damage.
Last week Aqua Security was breached and a few repositories it owns were infected. The threat actors abused widespread use of mutable references in GitHub Actions, which the community has been screaming about for years, to infect potentially thousands of CI runs. They also abused an issue GitHub has acknowledged but refused to fix that allows smuggling malicious Action references into workflows that look harmless.
GHA can’t even be called Swiss cheese anymore, it’s so much worse than that. Major overhauls are needed. The best we’ve got is Immutable Releases which are opt in on a per-repository basis.
You can pin actions versions to their hash. Some might say this is a best practice for now. It looks like this, where the comment says where the hash is supposed to point.
Old --> uses: actions/checkout@v4
New --> uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
The problem is actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 probably doesn’t do this same pinning, and the actions ecosystem is such an intertwined mess that any single compromised action can propagate to the rest
This is true specifically for actions/checkout, but composite actions can have other actions as dependencies, and unless the composite action pins the versions of its dependencies, it is vulnerable for this attack.
This article[0] gives a good overview of the challenges, and also has a link to a concrete attack where this was exploited.
Does it solve anything? I don't see this as a GitHub problem, it's a "we built a dependency management system with untrusted publishers" problem.
GitLab's `include` feature has the same concern. They do offer an integrity check, but it's not any more capable than hash pinning to a commit.
Fundamentally, if you offer a way to extend your product with externally-provided components, and you can't control the external publishers, then you've left the door open to 'these issues'.
See also pinact[1], gha-update[2], and zizmor's unpinned-uses[3].
The main desiderata with these kinds of action pinning tools is that they (1) leave a tag comment, (2) leave that comment in a format that Dependabot and/or Renovate understands for bumping purposes, and (3) actually put the full tag in the comment, rather than the cutesy short tag that GitHub encourages people to make mutable (v4.x.y instead of v4).
I've always been worried about their backend changing and somehow named tags with a previous commit hash working for an attacker to give something you didn't expect for the commit hash.
Checkout v4 of course, released in August 2025, which already now pollutes my CI status with garbage warnings about some Node version being deprecated I could absolutely care less about. I swear half the problems of GitHub are because half that organization has some braindead obsession with upgrading everything everywhere all the time, delivering such great early slop experiments as "dependabot".
I worry that CI just got overcomplicated by default when providers started rocking up with templated YAML and various abstractions over it to add dynamic behaviour, dependencies, and so on.
Perhaps mixing the CI with the CD made that worse because usually deployment and delivery has complexities of its own. Back in the day you'd probably use Jenkins for the delivery piece, and the E2E nightlies, and use something more lightweight for running your tests and linters.
For that part I feel like all you need, really, is to be able to run a suite of well structured shell scripts. Maybe if you're in git you follow its hooks convention to execute scripts in a directory named after the repo event or something. Forget about creating reusable 'actions' which depend on running untrusted code.
Provide some baked in utilities to help with reporting status, caching, saving junit files and what have you.
The only thing that remains is setting up a base image with all your tooling in it. Docker does that, and is probably the only bit where you'd have to accept relying on untrusted third parties, unless you can scan them and store your own cached version of it.
I make it sound simpler than it is but for some reason we accepted distributed YAML-based balls of mud for the system that is critical to deploying our code, that has unsupervised access to almost everything. And people are now hooking AI agents into it.
You could use these shell script versions of pipelines in GHA though, right? There is nothing stopping you from triggering a bash script via a "run" step in YAML.
These reusable actions are nothing but a convenience feature. This discussion isn't much different than any other supply chain, dependency, or packaging system vulnerability such as NPM, etc.
One slight disclaimer here is the ability of someone to run their own updated copy of an action when making a PR. Which could be used to exfil secrets. This one is NOT related to being dependent on unverified actions though.
(re-reading this came across as more harsh than I intended.. my bad on that. But am I missing something or is this the same issue that every open-source user-submitted package repository runs in to?)
I'm trying out SelfCI [1] for one of my projects and it's similar to what you were describing. My whole CI pipeline is just a shell script that runs the actual build and test commands, I can write a script in another language like python if I need more complexity and I can run it all locally at any time to debug.
It really feels like Firefox is not a supported browser on GitHub, I hit this and also find that much of the time the commit message is not correctly pulled from the PR description when that setting is enabled
to be fair, git itself only supports sha256 (as opposed to all of sha2) and even then it's marked "THIS OPTION IS EXPERIMENTAL" so many are afraid to use it
ff merge support though....what a world that would be
i had something similar with PRs last year. 2x PRs of mine disappeared for me. they were still counted in the total number of PRs and everyone else could see them.
>My technical skills are being disrupted by machines - that's fine I'll go do other things. [links to long bike trip]
Ok that's cool and all but many of us have bills to pay. Bike trips don't pay the bills. Software people have been economically advantaged up until now that they can go and do stuff like that.
Even software people have bills to pay and mouths to feed. I think people like the article author are either single or have no dependents, and it's a big reason I cannot take many of these posts seriously. Much like the story of Peter Pan, the authors of these posts are college students who never grew up and had to be responsible.
The issue isn't losing my job. Many of us could deal with that by simply finding another similar job in the same (coding) industry. The issue is losing the entire industry.
That thing you spent years becoming good at? Getting paid lots of money for? Oh, we killed it. Start over and pick something else. You probably won't be paid well, if you can even find anything, because you're starting from ground zero and competing with all the other people flooding the job market. Oh, and yes, it'll require massive life adjustment on your part. Good luck!
> You probably won't be paid well, if you can even find anything, because you're starting from ground zero and competing with all the other people flooding the job market.
You won’t be paid well because rent is due next week, but the new job requires you to fund your training.
So you find something else that doesn’t pay well, but gets you something coming in. But in order to pay the rent you need to work 60 hours at this job. Of course, no way they’ll schedule you for 60 hours, so you’ll get an additional lower paying job or two.
Suddenly you don’t have the time nor the money to retrain for a higher paying job. All the money from your two jobs is going to ever ballooning housing and energy costs.
Eventually you surrender, understand your place as a peasant, and sell yourself into debt slavery in hopes in a decade you can start from scratch again.
Within a few years I think UBI or UBS will be required for people to continue living, in which case basic needs (bills) won't be a concern. There's just no way for us to transition fast enough to avoid high unemployment as AI replaces large swaths of jobs. I do worry about the ~10 year transition it will take for societal governments to react.
I think UBI is a pipe dream. I live in the UK and even with our social safety net which is much stronger than the US's, I can't imagine the government ever handing out money adequate to live a middle class life to large chunk of the population.
UBI has problems that far as I know haven't been addressed. Vast numbers of people no longer being occupied doesn't seem like it would lead to a healthy society. And how do you uphold democracy when the government is effectively handing out the paychecks?
Whoever said anything about middle class? Ubi is the poverty level, it could never be anything else.
As for people not being occupied, the theory is that since ubi doesn't stop if you find employment, it would lead to less idleness than the current means-tested social safety nets. In test cases though it seems to depend a lot on culture, Finnish communities saw no difference in employment while Indian rates of business formation tripled.
>Multivariate analysis indicates that economic elites and organized groups representing business interests have substantial independent impacts on U.S. government policy, while average citizens and mass-based interest groups have little or no independent influence.
Can't uphold what isn't there, lol
As for how do we avoid becoming WALL-E blobs... elite opinion seems to suggest the UBI will be just enough to prevent people from going into the streets with pitchforks, but not enough for a dignified life. (Enough to live in ze pod and eat ze proverbial bugs.)
I don't see employment being a very big thing (unless AI creates some kinda fake jobs economy to pacify the humans, which would be a rational thing to do).
The crisis of meaning is going to be worse than the economic crisis, and I think people would literally pay to work rather than question their existence on such a deep level.
Beyond fake jobs and human-only jobs (robot can't replace the cute barista at Starbucks!), I think entrepreneurship will be the only real vehicle. So... basically how it already is today.
Within a few years I think UBI or UBS will be required for people to continue living, in which case basic needs (bills) won't be a concern. There's just no way for us to transition fast enough to avoid high unemployment as AI replaces large swaths of jobs. I do worry about the ~10 year transition it will take for societal governments to react.
This strikes me as wildly optimistic. People aren't going to be able to live on UBI at a level where massive political and social unrest is averted unless it's like $2k per person per month, minimum. And I'm skeptical that the US government is going to start printing $8.5 trillion dollars of UBI in the next decade.
This also seems wildly unrealistic. In a world where we need UBI because automation is destroying most jobs, I'd also expect food to get cheaper. In fact, I think almost everything would get cheaper except real estate, which is actually where I worry you'd see the kind of inflation you're talking about.
UBI/UBS requires a very solidaric community. But the current situation (in Germany) is not about finding any job but taking a low paid, hard working or even dangerous job (nursing service, shifter, even soldier, public sector).
UBI makes it even harder to find people for that kind of jobs. Not paying any social benefits and increasing the pressure on the unemployed to take these jobs is much more interesting for everyone that is not unemployed. Please don't judge me for writing this. It's the feeling I have, not my view.
A lot, I'd say even most people in Germanys long term unemployment scheme which are not already working part time (Aufstocker) have severe mental and physical health problems. More pressure isn't going to help those people but it's the current Government's shtick.
I'd say UBI would make it easier to find people working in demanding jobs because you could to them part time, so they don't wear you down as much. It's much easier to work as a nurse for 20 hours a week.
Only way UBI works is if the govts increase taxes on all income or any income to almost 90%+...
And then re-distribute to each person accordingly. That ain't happening, no govt will be willing to try that, and rich won't let that happen, they will become slightly rich from very rich. that just ain't happening.
If we are able to fill our storefronts with magnificent AI creations for cents on the dollar, would that be profitable enough for the producers to pay enough tax to cover UBI? Producers would still face pricing pressure to lower margins to eat up all those productivity gains. Every path forward seems very uncertain
Great point! But for how many weeks will you enjoy your UBI before the rulers say "Okay, now that we're paying all of your salaries, it's time for you to do the work we need. Off you go to build the railroad or the giant dam! Here's a pick-axe."
UBI just inflates the currency. What will hopefully end up happening is that displaced workers can do jobs which aren't economically viable atm, but are still socially viable: Imagine an army of workers cleaning up the streets (literally) and transforming your town into a clean, well maintained cityscape. Etc etc.
IMO this cannot work unless there is enforcement to do such work. Most people would prefer to take their money and do fuck all in return.
If I was a dictator that wanted to institute UBI, I would do it in exchange for every beneficient getting literally conscripted once in a while to do those shit jobs.
Why would the people with control of things go out of their way to keep the rest of us alive via UBI?
I get your point but what about a step before that - since when is that anyone's goal? From a sociopathic leader perspective, vast populations are only great for armies and tech has surpassed the need for raw manpower at that scale (and the AI you fear would make militaries require even fewer people).
In your AI scenario is it more likely the ruling class gives everyone free living standard or just lets like 40% of the population die? If all the leaders get together this is the ideal outcome for them -- vast power and control without enough civilians to rise up, climate change becomes easy to reverse with vastly lower power and food needs, and reduced threat of global war because nobody has an occupying size army anymore. This is like the new version of "mutually assured destruction" as a strategy for global peace. I can't speak for the world but I can imagine some of the twisted folks currently in power in the US seeing this route as their destiny and simply them doing the best thing for humanity as a whole -- longtermists are in, nazis know a final solution when they see one, and Christians are honored to have the duty of bringing forth the second coming.
Software is just another job in many countries, making pretty normal middle class wages. Job loss will hit us the same as any other middle class worker.
I think the same for me, I’m pretty sure I wouldn’t be in my career if I had been restricted to an hour a day on a filtered iPad.
But I also think the internet has more potential for harm now. Widespread social media makes it easy for predators. YouTube actively incentivises content creators to produce brain numbing shit instead of the more amateur and educational content I was exposed to. Instagram creates vicious dopamine hooks that children have no mental defense against.
Also sorry to sound egotistical but I think I was an outlier that drifted into doing educational things, many or most kids will spend every moment they get just playing video games.
That being said, I’m in favour of parents doing the parenting, not the government.
That being said, I’m in favour of parents doing the parenting, not the government.
This aspect of parenting is really hard. If your kid is 10 years old and all their classmates have Roblox, saying 'no' to your kid does isolate them socially, because all the other kids are talking about what they did in Roblox at school and play Roblox together after school. To make it worse, some primary schools even allow kids to play Roblox at school during breaks or the teachers make TikTok videos, making kids want to have Tik Tok as well (TikTok-teachers are a real phenomenon), etc. So, even when you are trying, it gets undermined by others. Trying to fight it is kind of pointless, because most other parents don't see the issue.
Same for e.g. instant messaging, it is basically Sophie's choice: you allow them into these addiction machines or you isolate them socially. It would be much easier if social media and certain types of addictive games were just not allowed under 16. Just like we don't sell cigarettes or alcohol to kids.
I also completely agree with the counterpoint that age verification on the internet is generally bad.
Luckily, some things can be done without grave privacy violations. E.g. where high schools 10-15 years ago would gloat about being iPad or laptop schools, more and more are completely banning smart phones and laptops during school time.
At any rate, it's perfectly possible to hold both views at the same time: social media and addictive games should be forbidden under 16 and the age verification initiatives are terrible for privacy.
Maybe we should just ban Facebook, TikTok, etc. no more addiction, no more age verification needed :).
Yeah you have a good point. I don't have kids so I didn't really think about this social pressure aspect.
I think if a perfect system existed that could gate websites behind age verification, without any privacy compromise and assure the user of this, I would support it. There are zero-knowledge proofs of course, but they're a black box, and the user still has to trust that the system has been implemented correctly. Unless mandated by law, companies have no incentive to build a perfectly private age verification system.
As someone who grew up without TV, I would say that it's fine to be a little bit isolated socially. You learn to develop real social skills and the time wasted playing Roblox can be better invested anyway.
> Also sorry to sound egotistical but I think I was an outlier that drifted into doing educational things, many or most kids will spend every moment they get just playing video games.
I am in the same predicament as both of you, having grown up with unfiltered internet access, and not wanting it to have went any other way (I love my life, actually!)
There is a condescending tendency when people hear what I said above, to tell me that I am an outlier, or, God forbid, a "genius", and other equally worrying conclusions regarding my character.
I agree that, today, there are millions more ways that children can fall for objectively negative things, that have been completely, and intentfully engineered to be terrible in a way which can be exploited for profit.
But also, I simply think that, with enough access to mind-numbing content, for long enough... people will simply realize that, actually, they don't want that. At least, not just that.
Adults are not a good term for comparision in the matter of less aggressive addictions, like with social media, because they already have lives they want to escape, with responsibilities and whatnot.
These are not scientifically sourced claims, but, in my experience, children have a lot more time, energy, curiosity, and will/intent to create, for one reason or another, and they have been doing those things since time immemorial.
This is just a consequence of having access to ~the entirety of all human knowledge at their fingertips, with no restrictions, and with an incredible amount of free time at their disposal.
I think the HN crowd is full of outliers. You folks are unrestricted internet success stories. Congrats! For every one of you there has to be 100 or 1000 gaming and social media addicts.
Someone else said it best: AI isn’t increasing productivity much for the average worker, it’s just allowing them to do their job and put in less effort.
And I think that’s entirely fair to be honest. The workers aren’t going to see any raises or bonuses from AI productivity gains. Why should they go out of their way to make their boss richer?
This argument has been decapitated countless times already on HN. Anthropic already enforce usage limits for everyone. If those limits are higher than what they want users to actually consume, that's Anthropic's problem.
This move is anti-competitive and Anthropic knows it. They're hurriedly trying to lock the gates and lay landmines behind everyone after a massive surge of new subscribers so that they're stuck using Claude Code. They see it as vital to their survival to not just to be the gas pump for tokens, they need to control the platform.
I'm baffled how people don't seem intellectually able to grasp what you described here. Claude Code users on Anthropic subscriptions aren't subsidizing those using other harnesses because usage limits aren't counted on the harness layer. It's an anti-competitive move against vc-backed commercial harnesses like Opencode (vc-backed) or Openclaw (openai-affiliated).
> This argument has been decapitated countless times already on HN.
No it hasn't, because the argument is completely correct, and the people mad about it are mad they can't have unlimited usage instead of paying the token API prices.
> This move is anti-competitive and Anthropic knows it.
No it isn't, that's not what "anti-competitive" means, and no court in the world would label it as such. You can't go flailing around looking for legal jargon to attach to behavior just because you don't like it.
API is intended for massive scaled operations (companies) and has no hard usage limits, a subscription is intended only for individual usage (solo dev) and has therefore hard usage limits. Is it that difficult to grasp the difference between API and subscription models?
> Anthropic already enforce usage limits for everyone. If those limits are higher than what they want users to actually consume, that's Anthropic's problem.
I mean, OpenCode is the one changing their app here. So it kinda seems like it's actually everyone else's problem.
reply