(felixrieseberg.github.io)

1122 points felixrieseberg | 2 comments | 06 May 25 15:02 UTC | HN request time: 0s | source

Show context

rafram ◴[06 May 25 15:56 UTC] No.43906574[source]▶

This is cool, but does no one even look at what libraries they're shipping anymore? I mean, why does this Clippy-style LLM interface bundle:

- A JavaScript implementation of the Jinja templating language

- A full GitHub API client

- A library that takes a string and tells you if it's a valid npm package name

- A useless shim for the JavaScript Math module

And 119 other libraries? This thing would have taken up 10% of the maximum disk space available on a Windows 95 FAT16 volume.

replies(6): >>43906612 #>>43906753 #>>43906837 #>>43906870 #>>43906877 #>>43906903 #

1. anaisbetts ◴[06 May 25 16:21 UTC] No.43906870[source]▶

>>43906574 #

So to be clear, your complaint is that the nostalgia Clippy app that puts a cartoon paper clip on your desktop, isn't efficient enough?

replies(1): >>43907689 #

2. rafram ◴[06 May 25 17:39 UTC] No.43907689[source]▶

>>43906870 (TP) #

I think it’s legitimate to ask why these dependencies are necessary. LLMs have created whole new classes of vulnerabilities, and things like a GitHub client (which downloads arbitrary data/code) and a templating engine (which executes it) expose an even larger attack surface.

If someone’s going to get RCE on my machine, I don’t want it to be through the silly Clippy LLM UI, you know?

↑

Show HN: Clippy – 90s UI for local LLMs