Slightly safer vibecoding by adopting old hacker habits
5 days ago
- #Supply-Chain Attacks
- #Coding Agents
- #Development Security
- The author's development setup involves working on a rented server or VM, accessed via SSH with GitHub key forwarding.
- Development is done within a screen or tmux session, using tools like vim and Claude code, with no secrets stored on the development server.
- This setup mitigates supply-chain attacks by limiting compromises to the development VM, though GitHub key abuse remains a risk.
- To reduce GitHub key risks, the author suggests forking a development repository from the main one and using cross-repository pull requests, with human review.
- In this model, the main secret at risk in supply-chain attacks is Claude credentials, reducing concerns about prompt injection.
- The SSH and screen-based development model has roots in hacker culture for security and is resurging with agent-first development for long-running compute needs.