Living Dangerously with Claude

Posted by FromTheArchives 10/22/2025

Living Dangerously with Claude(simonwillison.net)

250 points | 108 commentspage 2

burgerquizz 10/24/2025|

claude condom gives you protection on claude YOLO mode

https://github.com/nikvdp/cco

croemer 10/26/2025|

By default can still read anything, including all secrets in .env files, kubernetes credentials etc

igor47 10/22/2025||

My approach is to ask Claude to plan anything beyond a trivial change and I review the plan, then let it run unsupervised to execute the plan. But I guess this does still leave me vulnerable to prompt injection if part of the plan is accessing external content

abathologist 10/23/2025||

What guarantees do you have it will actually follow the stated plan instead of doing something else entirely?

igor47 10/28/2025||

in my experience, it does tend to follow the plan pretty well.

ares623 10/23/2025||

Just don’t think about it too much. You’ll be fine.

zxilly 10/23/2025||

I should like to know how much this would cost? Even Claude's largest subscription appears insufficient for such token requirements.

simonw 10/23/2025|

I ran a cost estimate on the project I describe in https://simonwillison.net/2025/Oct/23/claude-code-for-web-vi... - which was covered by my Claude Max account, but I dug through the JSONL log files for that session to try and estimate the cost if I had been using the API.

The cost estimate came out to 63 cents - details here: https://gistpreview.github.io/?27215c3c02f414db0e415d3dbf978...

jh3 10/24/2025||

What are you doing to keep a JSONL per session? Or is this something built in? I’m interested in estimating token costs in this way.

simonw 10/24/2025||

It's built in - the ~/.claude/projects folder stores the JSONL for 30 days or you can extend the retention time like this: https://simonwillison.net/2025/Oct/22/claude-code-logs/

danielbln 10/22/2025||

Claude Code offers sandboxing now: https://www.anthropic.com/engineering/claude-code-sandboxing

js2 10/23/2025|

It's discussed in the linked post.

ZeroConcerns 10/23/2025||

So, yeah, only tangentially related, but if anyone at Anthropic would see it fit to let Claude loose on their DNS, maybe they can create an MX record for 'email.claude.com'?

That would mean that their, undoubtedly extremely interesting, emails actually get met with more than a "450 4.1.8 Unable to find valid MX record for sender domain" rejection.

I'm sure this is just an oversight being caused by obsolete carbon lifeforms still being in charge of parts of their infrastructure, but still...

tryauuum 10/23/2025||

a not really related fact. I remember reading some RFC, and the sender should try sending to the server specified in A record if there are no MX records present

vidarh 10/24/2025|||

This sounds like it's an inbound check, as part of spam prevention, by seeing if the sending domain looks legitimate. There are a whole lot of those that are common that are not covered in RFCs.

rstupek 10/24/2025|||

You are correct that is the expected order of operations

tug2024 10/24/2025||

[dead]

BoredPositron 10/23/2025||

[flagged]

simonw 10/23/2025|

This particular post was a talk I gave in person on Tuesday. I have a policy of always writing up my talks, it's a little inconvenient that the one happened to coincide with a busy week for other content.

What do you think of this one? I'm trying a new format: https://simonwillison.net/2025/Oct/23/claude-code-for-web-vi...

catigula 10/23/2025|

Telling Claude to solve a problem and walking away isn't a problem you solved. You weren't in the loop. You didn't complete any side quests or do anything of note, you merely watched an AGI work.

simonw 10/23/2025||

Here's one I did even less work for: https://tools.simonwillison.net/terminal-to-html - prompt and video here: https://simonwillison.net/2025/Oct/23/claude-code-for-web-vi...

_factor 10/23/2025|||

Writing your Java code on an IDE, you just sat by while the interpreter did all the work on the generated byte code and corresponding assembly.

You merely watched the tools do the work.

bitpush 10/23/2025|||

This exactly is the part that lots of folks are missing. As programmers in a high level language (C, Rust, Python ..) we were merely guiding the compiler to create code. You could say the compiler/interpreter is more deterministic, but the fact remains the code that is run is 100% not what you wrote, and you're at the mercy of the tool .. which we trust.

Compiled output can change between versions, heck, can even change during runtime (JIT compilation).

catigula 10/23/2025||

The hubris here, which is very short-sighted, is the idea that a. You have very important contributions to make and b. You cannot possibly be replaced.

If you're barely doing anything neither of these things can possibly be true even with current technology.

catigula 10/23/2025||||

This is a failure of analogy. Artificial intelligence isn't a normal technology.

voidhorse 10/24/2025|||

I don't think anyone would claim that writing a poem yourself and hiring someone to write a poem for you are the same thing.

In the same way, there is a distinct difference form having and encoding the concepts behind a piece of software yourself and having a rough idea of what you want and hiring a bunch of people to work out that conceptualization for you. Contrarily, a compiler or interpreter is just a strict translation of one representation of that conceptualization into another (modulo maybe alterations in one dimension, namely efficiency). It's a completely different dynamic and these snarky analogies are either disingenuous or show that AI boosters understand and reflect on what it is they are really doing far less than the critics.

wahnfrieden 10/23/2025|||

Who cares? I don’t see any issue. I write code to put software into users hands, not because I like to write code.

catigula 10/23/2025||

You don't see any issue with the I in this equation falling out of relevance?

Not even a scrap of self-preservation?

wahnfrieden 10/23/2025|||

Since I ended my career as a wage worker and just sell my own software now, automation is great for me. Even before GPT hype I saw the writing on the wall for relying on a salary and got out so that I could own the value of my labor.

I don’t see my customers being able to one-shot their way to the full package of what I provide them anytime soon either. As they gain that capability, I also gain the capability to accelerate what more value I provide them.

I don’t think automation is the cause of your inability to feed and house yourself if it reduces the labor needed by capital. That’s a social and political issue.

Edit: I have competitors already cloning them with CC regularly, and they spend more than 24h dedicated to it too

If the capability does arrive, that’s why I’m using what I can today to get a bag before it’s too late.

I can’t stop development of automation. But I can help workers organize, that’s more practical.

catigula 10/23/2025||

>I don’t see my customers being able to one-shot their way to the full package of what I provide them anytime soon either

What if they are, or worse? Are you prepared for that?

If you point me towards your products, someone can try to replicate them in 24 hours. Sound good?

Edit: I found it, but your website is broken on mobile. Needs work before it's ready to be put into the replication machine. If you'd like I can do this for you for a small fee at my consulting rate (wink emoji).

dist-epoch 10/23/2025|||

> someone can try to replicate them in 24 hours.

All the more reason to not hand-code it in a week.

wahnfrieden 10/23/2025|||

Idk what you found but it’s an iOS/Mac app

I’m not sure what your point is. That I should give up because everything can already be replicated? That I shouldn’t use LLMs to accelerate my work? That I should feel bad for using them?

ares623 10/23/2025||||

I live for shareholder value.

wahnfrieden 10/23/2025||

It feels great to when I’m the only shareholder

dist-epoch 10/23/2025|||

Do you think a programmer not using AI will stop it's march forward?

Applejinx 10/24/2025|||

…over a road of bones? Is that your image?

I'm not scared for me, but I'm definitely worried for some of you. You seem weirdly trusting. What if the thing you're counting on is really not all you think it is? So far I'm about as impressed as I am of the spam in my inbox.

There sure is a lot of it, but the best it can do is fool me into evaluating it like it's a real communication or interaction, only to bounce off the basic hollowness of what's offered. What I'm trying to do it doesn't _do_… I've got stuff that does, for instance leaning into the genetic algorithm, but even then dealing with optimizing fitness functions is very much on me (and is going well, thanks for asking).

Why should I care if AI is marching if it's marching in circles, into a wall, or off a cliff? Maybe what you're trying to do is simply not very good or interesting. It'd be nice if my work could get away with such hollow, empty results but then I wouldn't be interested in it either…

wahnfrieden 10/24/2025||

As your response is that for someone to find productivity with this tool, the only way you can understand that to be true is for their work to be hollow and the results uninteresting and must be beneath you, I will simply say about the rest of your message: Skill issue

catigula 10/23/2025|||

If more people see the cows 4 beef analogy we gain more votes against it.

bdangubic 10/23/2025||

exactly. the problem did get solved though which is the whole point :)