• crimsonpoodle@pawb.social
    link
    fedilink
    arrow-up
    7
    ·
    3 hours ago

    I don’t understand why this happens; why would you ever be working with a live production DB in the first place? Why would’t you do all your development and testing on a mock? If it’s data which is too large to store the schema can still be mocked; and if it’s data it should be backed up and generally read only. If you’re having to manually fuss with user data you’re doing something wrong.

    • zalgotext@sh.itjust.works
      link
      fedilink
      arrow-up
      3
      ·
      3 hours ago

      Well, sure, but even if a developer correctly tests on a development environment, they still probably have prod settings laying around on their filesystem for the times where they need to put out fires in prod. That’s kinda what it looks like what happened here - the LLM found a .env file with prod settings, and used that config to run destructive tests. All the more reason to not give an LLM side wide reaching access to your computer, but it’s not necessarily an indication that someone regularly tests in prod.

      • Zannsolo@lemmy.world
        link
        fedilink
        arrow-up
        4
        ·
        2 hours ago

        We have to remote into a management server to access databases outside of our local dev environment. Allowing direct access to production from your development environment seems crazy to me.

        • zalgotext@sh.itjust.works
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          2 hours ago

          Some places deploy to prod multiple times a day. Trying to coordinate access through a management server in situations like that can get cumbersome. It’s also easier to audit who’s doing what if they connect from their personal environment. Different strokes for different folks of course, but it’s certainly not uncommon to be able to connect to prod directly from a dev box.

          • Zannsolo@lemmy.world
            link
            fedilink
            arrow-up
            5
            ·
            1 hour ago

            Prod deployments should come from a build server though and if you’re deploying multiple times a day you should have a well built CI pipeline to handle it.

            Remoting into a management server would still have people using an account on the management server and their personal db login credentials.

            We also don’t give devs write access to production and all scripts run in production are run by our DBA after they have been approved by the lead Dev, operations and the DBA.

            This might be overkill for some systems, but we won’t ever accidentally delete our prod data. Our system requires this level of scrutiny due to the nature of our systems.

            • zalgotext@sh.itjust.works
              link
              fedilink
              arrow-up
              1
              ·
              58 seconds ago

              Sure, that’s a very, very robust way of doing things. And I’m not trying to say what you’re describing is wrong either. I’m just saying that some places don’t have the knowledge/ability to set things up that way, so they play fast and loose with prod access. Couple that with giving LLMs free reign over the computer with those prod settings, and you end up in situations like in the original post.

              It’s not unrealistic, is all I’m trying to claim. It’s a failure on several levels, but it’s not unrealistic.

          • Pup Biru@aussie.zone
            link
            fedilink
            English
            arrow-up
            3
            ·
            edit-2
            1 hour ago

            that is absolutely NOT the way that works in any functional environment

            your ability to deploy quickly comes directly from your automation, and those automation tools - NOT developers - have the secrets in them

            deploy to prod multiple times per day isn’t some win by itself… the ability for large teams (not 1 fuckwit and a goon squad of agents) to deploy without breaking things and in ways that are safe is the win here… anyone can deploy to prod multiple times per day… but anyone isn’t netflix (the originators of the “multiple times per day” line) with the uptime they achieve over years while doing it

  • GoatSynagogue@lemmy.world
    link
    fedilink
    arrow-up
    21
    ·
    6 hours ago

    Anyone giving “AI” access to production databases through tools like that are morons who shouldn’t be anywhere near a production environment.

    • Bluewing@lemmy.world
      link
      fedilink
      arrow-up
      5
      ·
      4 hours ago

      No, No events like this are a good thing! It shows to the C-suite that AI isn’t a thing to be trusted in your company. We need more failures like this.

    • vanillama@programming.dev
      link
      fedilink
      arrow-up
      4
      ·
      5 hours ago

      How do you achieve that? Calling it out when it happens?

      I don’t like LLMs outside of debugging and the way it mimics human closeness creeps me out

      • Jerkface (any/all)@lemmy.ca
        link
        fedilink
        English
        arrow-up
        9
        ·
        edit-2
        5 hours ago

        Typically you can add some of your own alignment that is inserted before your prompt. On ChatGPT, they call it “memories”. I have found most agents are able to adopt a non-conversational mode when instructed, but sometimes you end up fighting with the platform alignment.

        It’s not just creepy, I think it’s harmful, manipulative, and calculated. As social animals, we are extremely vulnerable to forming unconscious assumptions that we consciously know are bananas, particularity when our social machinery is engaged. For example, it’s well known that even the developers of video games fall the illusion of moral agency and personhood of the characters in their own games. We are primed to be fooled and accept software agents as people, and I believe AI companies are actively and intentionally trying to exploit this psychological weakness.

      • Bluewing@lemmy.world
        link
        fedilink
        arrow-up
        2
        ·
        4 hours ago

        Just let the failures happen, and they will happen. The instant AI failure costs them millions, the faster they can learn to drop it.

  • anniewang2007a@sh.itjust.works
    link
    fedilink
    arrow-up
    1
    arrow-down
    2
    ·
    2 hours ago

    Every single one of these companies use git and can roll back changes. It’s extremely unlikely that this damage is permanent.

    • zalgotext@sh.itjust.works
      link
      fedilink
      arrow-up
      8
      ·
      edit-2
      2 hours ago

      Hopefully they’re not storing their production database in git lol. They should be taking backups of the database, but unless they’re making one after every transaction, permanent data loss is a real possibility.

      • filcuk@feddit.uk
        link
        fedilink
        arrow-up
        4
        ·
        2 hours ago

        Let’s be honest, you have to be extremely careless to have agents running destructive commands freely in prod

  • rozodru@piefed.world
    link
    fedilink
    English
    arrow-up
    5
    arrow-down
    1
    ·
    6 hours ago

    what I always love about this stuff is most of the time it simply boils down to not committing changes. the LLM constantly assumes that you’re committing, it will NEVER tell you or recommend you commit, but it assumes you are. so these tech bros are just cruising along, vibing, and then boom the agent does something that nukes the entire thing. panic. tech bro starts freaking out on the agent. agent says “lets rebase or pull the previous commit” and gives them the git code to do that. tech bro hasn’t committed shit. and this is how you get a nuked prod environment.

    • IphtashuFitz@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      ·
      5 hours ago

      None of that helps if you grant the LLM access to the production database and it decides to drop table user; to free up some space. That’s when you find out if your database recovery process actually works. You do have database backups, right? Or is that not a thing when vibe coding?

      • valkyre09@lemmy.world
        link
        fedilink
        arrow-up
        5
        arrow-down
        1
        ·
        4 hours ago

        My friend and I set up Kopia in our home labs.

        About a week later we decided to test out a disaster recovery only to discover we’d screwed up the permissions and nothing was backing up properly.

        Was a relatively easy fix since we caught it, but I share this cautionary tale to remind you all to test your backups regularly!

  • Fmstrat@lemmy.world
    link
    fedilink
    arrow-up
    12
    arrow-down
    1
    ·
    9 hours ago

    I run code-server in a Docker container, isolated to sets of development projects, and backed up via ZFS that the container has no knowledge of. On top of that, each set of projects has it’s own user space.

    I still get nervous hitting “Approve All” in Kilo. How do these people feel so free?

  • Ech@lemmy.ca
    link
    fedilink
    arrow-up
    40
    arrow-down
    1
    ·
    15 hours ago

    Am I reading this right that they’re still letting the program run even as they figure out how badly it fucked up their system?

    • vala@lemmy.dbzer0.com
      link
      fedilink
      arrow-up
      31
      ·
      11 hours ago

      They have no idea what else to do. They were in over their head so long before this problem happened.

      • python@lemmy.world
        link
        fedilink
        arrow-up
        27
        ·
        11 hours ago

        Yeah, when my company first forced Claude on everyone the head engineers managed to negotiate that Claude would only run in a WSL sandbox. But people were lazy, so they just gave that WSL as many permissions as possible (Mounting C directly to it, opening up all interfaces, popping in full-access git tokens etc.). Then management sent out an extremely biased “survey” that has the question “Is having Claude in the WSL inconvenient to you?” and all the lazy bastards said yes. So now management lifted the sandboxing requirement to make work “easier” for devs. In the meantime, the engineers arguing for proper sandboxing are already so worn out from telling people to not intentionally compromise their sandbox that they’ve kinda just given up. Not having a sandbox at all isn’t much more insecure than whatever people are already doing 🫠

      • Captain Aggravated@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        36
        arrow-down
        1
        ·
        13 hours ago

        So, earlier today I was being unhealthy on youtube, and someone half my age made a HUGE point to tell his audience including me that even if a self-driving Tesla runs a red light, it’s the human driver that gets the ticket.

        Now…I’m a pilot. I have been since I came in that guy’s mom. In the aviation community, we have this concept called Pilot In Command. In the US, this is set into law in 14 CFR 91.3. The pilot in command of an aircraft is fully responsible for, and is the final authority as to, the operation of that aircraft. Not the administrator, not your instructor, not air traffic control, not the President of the United States, not god, the PIC. That concept doesn’t exist in driver’s ed, but it needs to. We need to teach student drivers about the Driver In Command responsibility.

        Too long, didn’t process the metaphor: Nobody thinks about anything they do unless the law requires it.

        • FishFace@piefed.social
          link
          fedilink
          English
          arrow-up
          7
          ·
          7 hours ago

          That concept doesn’t exist in driver’s ed

          Well yeah, because there’s no-one else with a set of controls in a car.

          The concept absolutely exists in law but it’s just called… “the driver.”

          • starman2112@sh.itjust.works
            link
            fedilink
            arrow-up
            2
            ·
            edit-2
            4 hours ago

            Well nowadays there is “someone else” (for a given definition of “someone”) with a set of controls. Kids are being taught to drive in machines that literally drive themselves, and they need to learn that every decision that the self-driving computer makes ultimately falls on them as the driver. I think they were saying that this is a concept that needs to be taught, not a law that needs to be enacted.

            That’s not to say that a manufacturer is blameless when a FSD car careens into the side of a building at 80 mph. Just that immediate legal responsibility for the movement of a vehicle generally falls on a driver.

          • Bytemeister@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            5 hours ago

            The concept is that anything that happens to that aircraft (or car) is the sole responsibility of the pilot. Flying into restricted airspace? If it’s necessary to avoid a collision, you do it. Putting the plane down in a field? Better than hoping you can make it to a runway when your engine is out and lives are on the line. Another driver signals that you are clear to make a left turn on a congested road? Nope, because when that traffic you couldn’t see hits you on the right, you’re responsible for your car, their car, and all the people inside both vehicles.

            • FishFace@piefed.social
              link
              fedilink
              English
              arrow-up
              2
              ·
              4 hours ago

              Well not quite. A manufacturing or maintenance defect will not be the responsibility of the pilot (unless they should have spotted it on their walkaround)

              I’m not sure what comparison you’re trying to make though; the grandparent said there needs to be a similar concept for cars, I said that there already was one. Are you agreeing or disagreeing that there already is one? Are you saying that, at present, the driver would not be responsible for moving into traffic if someone else had flashed their lights? Because that is certainly not true where I live.

              • Bytemeister@lemmy.world
                link
                fedilink
                English
                arrow-up
                1
                ·
                4 hours ago

                The problem is that in that case, due to poor training or judgement, the person driving the turning car did not consider themselves solely responsible for the safe operation of the vehicle, they let the driver in the signaling car decide if it was safe.

                It’s subtle, but it happens all the time, because we don’t train drivers to think that way.

                • FishFace@piefed.social
                  link
                  fedilink
                  English
                  arrow-up
                  2
                  ·
                  3 hours ago

                  In my country, we do train drivers to think that way, and then drivers stop thinking that way because they’re lazy.

                  The difference here is not a conceptual one where drivers don’t understand rationally that they’re respondible for their actions, it’s one of standards and levels of training.

        • manefraim@lemmy.world
          link
          fedilink
          arrow-up
          11
          ·
          10 hours ago

          Wait whose mom? The youtuber? You were unhealthily watching your son whose half your age? And you became a pilot the same day of the conception and have been ever since…

          If I solve this do I get to join Mensa?

          • MonkeMischief@lemmy.today
            link
            fedilink
            arrow-up
            1
            ·
            3 hours ago

            Either that, or by “unhealthily”, maybe he was obsessed with this kid’s channel so much he went out and seduced the kid’s mom as some kind of display of ultimate dominance, maybe using “I just got my pilot’s license” as an opener.

            …Or yeah his kid who he conceived when he got his pilot’s license is now half his age and runs a YouTube channel, and excessive YouTube is unhealthy by default. . .maybe that one’s more likely. 😂

          • EvilHankVenture@lemmy.world
            link
            fedilink
            arrow-up
            2
            ·
            4 hours ago

            Are you under the impression that everytime someone comes inside a woman that woman becomes pregnant, and that this can only happen one time in a woman’s life?

    • vithigar@lemmy.ca
      link
      fedilink
      arrow-up
      19
      ·
      15 hours ago

      Having working production database config and credentials in your local .env, as appears to be the case here, is equally wild, and basically begging for something like this to happen.

  • Zedd_Prophecy@lemmy.world
    link
    fedilink
    English
    arrow-up
    52
    ·
    edit-2
    19 hours ago

    Some time ago I worked for an insurance rating company as a tech and the task was given me to go run through the new code that was in beta. Sure ! I spent a few hours on Friday trying to break it and I couldn’t, so at the end of the day I got a little funky with the .css backgrounds and put in a very tiled Beavis and Butthead gif. It looked freaking horrible and I loved it. Monday I was directed to the big guys office ( the developers had not given every beta account a separate .css file … or even separated things. Everyone in beta called in Monday with that background. I didn’t get in trouble because they wanted me to break it. Really awkward conversation though trying not to smile.