I'm glad the article questions _whether this is even a problem_, but it seems they tried to answer it and failed to come up with a convincing argument:
> I don't get it. It's a very optional feature that you have to:
> Go out of your way to enable, supply your own API key
> (and pay for it yourself), enable something that is not
> enabled by default. Why are people reacting so strongly
> to this?
... and the article's answer(s), which I don't think are a very convincing rebuttal:
> A lot of it boils down to having this "shoved down
> their throats". It's the fact that it's being added
> to a tool without the user having the agency to decide
> if they want it to be added or not.
> I think that one of the greatest errors that was made
> with putting this in iTerm2 was making a big show of it,
> and by not letting you use local models (such as with
> Ollama) instead of having OpenAI be the only option.
I mean, this is open-source. You get a lot of features without any agency here, you are free to edit those out and it has no impact if you don't use it.
Assuming you're unhappy with this (I am neutral on it), I'm actually curious: what do you lose by iTerm2 having an opt-in feature that you don't need to use? How do you replace all the lost features of iTerm2 that aren't in Terminal.app? And if there aren't any features you're losing out on, why did you even switch to iTerm2?
Uhh, I don't understand. It's an open-source project with a ton of eyeballs on it. Are you saying that someone is going to sneak in a change to exfiltrate all keystrokes in a massively popular terminal app without anyone noticing? Is this risk new somehow?
I guarantee this is the beginning of iTerm2 becoming a closed-source paid product. Oh, I'm sure there will always be an "open source" version of it, but we have all seen this movie before.
I fail to see how this is not a slippery slope argument. A feature was added to a GPL’d open-source project, and said feature relies on a third party (OpenAI) in order to work.
Hi! I'm someone who generally hates the "shoved-down-your-throat"ness of AI, and who got pretty upset at the MDN saga (which we do not need to relitigate here), so I think we have something in common. I'm not bothered by this feature though, because it's totally optional and unobtrusive. Can I ask why this is important to you?
How? how does it take less effort than... nothing... like its not enabled by default, and requires a api key if you even do want it, like the app is the same for everyone that doesn't want to use the feature lol
It doesn't matter if a small group of nerds don't like it.
No one really rips out iTerm2 from a mac setup and they can throw their Mac out of the window with iTerm2 if they really hate AI that much (because it has ai and will get more, you had to get out of your way with Siri and co already anyway...)
And as I said it before: this is not a hype. Look it up. Ai delivers already things it doesn't fit hype.
And no ai will not go away, at least I'm not seeing a single thing right now indicating a platoon very soon.
I have been working on something like this that fits better into my existing bash/zsh workflow. So I landed on using ollama and a small widget that tries to mirror the same behavior of ctrl+r aka reverse-i-search. Barely functional, but I have found value from it.
My personal problem with this is that I have no confidence in the answer provided by an AI. If I search the internet for help with some command line operation, I can try to find a reputable source that provides not only the command I'm looking for, but an explanation of the syntax that a) gives me confidence that it will do what I expect it to and b) allows me to learn how to construct that command so I can do it myself next time. This is, of course, less true today than it used to be, now that Google is likely to show me some convincing AI slop at the top of my results.
I do have this confidence if by AI we mean GPT4. I already routinely use it to generate small scripts and complex command line incantations. My memory is better spent elsewhere imo
This isn’t the use case for the majority of people. Most are amateur developers who copy/paste the first thing they see on StackOverflow without understanding what they’re doing or reading the explanation because they just want to move forward on whatever project they’re actually working on (ex: building a REST API but they can’t install the necessary Python packages the YouTube tutorial they’re following uses). LLM-powered guidance here is tremendously useful, and if the person is curious, they can ask the LLM to explain the command, which it’s actually very good at based on my experience with GPT-4 and GPT-4o.
I think saying there’s “no confidence in the answer provided by an AI” is an overstatement and underestimates the value AI can have for the majority of users because that statement overestimates the value of “a reputable source that provides not only the command I’m looking for, but an explanation of the syntax” for the majority of users. Reputable sources and thorough explanations are great in theory, but very few have the patience to go through all that for a single CLI command when they want to make visible progress on the bigger picture project they actually care about.
That's why I was explicit in calling it "my personal problem" in the very beginning of my comment, and specified that I don't have confidence in the answer returned by AI. I apologize if I inadvertently appeared to speak for anybody but myself.
No worries—and it's clear that it's your personal problem. I think it's always valuable to present a counterpoint in these comment threads so that less-informed readers know the issue isn't totally clear and that the truth likely lies somewhere between your point and mine. I apologize if I came across as argumentative—my goal is to expand the scope of the discussion.
> I think saying there’s “no confidence in the answer provided by an AI” is an overstatement and underestimates the value AI can have for the majority of users because that statement overestimates the value of “a reputable source that provides not only the command I’m looking for, but an explanation of the syntax” for the majority of users. Reputable sources and thorough explanations are great in theory, but very few have the patience to go through all that for a single CLI command when they want to make visible progress on the bigger picture project they actually care about.
These are exactly the people who shouldn't be running code written by a random number generator.
> These are exactly the people who shouldn't be running code written by a random number generator.
The beauty of technology and the internet is that there's near-zero gatekeeping. Anyone with enough interest and time can learn to build anything without seriously harming anyone. Dismissing LLMs as a random number generator is very clearly an overstatement for the value they're already able to provide. Ideally, how would you suggest a new developer learn to build something such as a REST API in Python?
> I have no confidence in the answer provided by an AI
You don’t need to have confidence, these are shell one liners, you can generate it, run it, and verify the results in the time it would take you to open a browser window or scroll halfway down a man page.
And if it doesn’t work, then you can still fallback on those.
I verify the results by looking at the output and seeing if it did what I wanted it to do.
I don’t mean to be dismissive or reductive. If I need to do something more complex then I’m probably not trying to do it in a shell one-liner.
I used this feature earlier today and prompted it with something like “given piped input, use awk to filter just the 2nd and 5th columns, and truncate the 5th column to 25 chars”. I don’t use awk often but I know that it exists, and I could have figured out how to do this in about 20-40 seconds with a google search or man page, but this was 10x faster.
Is this a real opinion people have, or am I misunderstanding...
It sounds like you're recommending people to not understand the shell one-liners they're pasting into their CLI and instead just verify that the outcome was observed after the fact?
That's pretty much the opposite of what I've understood to be "good terminal practice" for my entire life, which can be summed up as "don't execute anything in the terminal that you don't understand".
Is "just paste it and hope you don't lost data/just installed a virus" the new modus-oprandi?
> It sounds like you're recommending people to not understand the shell one-liners they're pasting into their CLI and instead just verify that the outcome was observed after the fact?
Yes
> Is "just paste it and hope you don't lost data/just installed a virus" the new modus-oprandi?
No
Somewhere in between those two extremes is knowing enough to know that the command you’re pasting in isn’t going to install a virus, even though you don’t fully understand what the -g flag is doing
AFAIK not if you don't turn this on, and not what you don't type in the box.
My big disappointment is that you can't use providers other than OpenAI. Stop this. It's like making a web browser that can only use Google. AI APIs are actually kind of simple. Make it so I can pick one including a locally hosted one (ollama etc.) if I want.
Could get some overzealous security groups in fortune 500 banning its use though. Can the IT department ensure it is not turned on by their developers on work machines?
would be awesome if this used a local llm. there are several open ones on hugging face fund for terminal command help with low parameters. I'm thinking something like llamafile would be awesome to ship with this app cross platform (though iterm2 specifically could probably assume apple silicon architecture support only). Benefits would be
- no external dependencies (OpenAI payment, network availability...)
- no data leaving my device
- it could deeply learn my configs and filesystem to give specific commands as opposed to general guidance (I know you can embed and send to OpenAI but I'd really not want to share all my hard drive)
DEFINE_STRING(aitermURL, @"https://api.openai.com/v1/completions", SECTION_EXPERIMENTAL @"URL for AI API.\nA ChatGPT API endpoint should be here. Note that this URL is only used if the model name does not begin with `gpt-` because those models used an older API.");
Eh, I'm really not a fan of iterm's tmux integration. It tries to do too much. I can't have my tmux statusbar (only the iterm one) and it really wants you to use iterm panes (and iterm commands to split them...). I like that my terminal config is mostly portable.
What does the tmux integration actually do? I use tmux all the time on my mac all servers, but I remember I once tried the iterm integration and everything was very confusing and I turned it off. I just always start iterm, start or attach to existing tmux, and just have 1 tab open and use tmux normally.
Then I sometimes open up other tabs, where I ssh into various servers and `tmux -a` to my session there.
What extra stuff do I get from this "tmux integration" ?
But why do you need to change? As the article says, this is entirely opt-in, and need you to supply your own API key if you want to use it. You choose the API URL, so you can even run ollama and never let it leave your machine.
I installed https://wezfurlong.org/wezterm/index.html today after seeing those release notes and am liking it so far after adding the five-ish lines of config, which were way easier to use than those clunky panels
you don't wanna forget wezterm which has a nice lua scripting language that allows you to do tons of fun stuff, and is otherwise super-minimal as well. Also happens to run everywhere including Windows and BSD.
From reading that issue, it sounds like some people are worried about compliance with security policies (whether personal or corporate)
I'm very happy with iTerm2, its features are useful to me, but I can't see myself using the AI chat feature when I have copilot in VS code. I could see a use case for people unfamiliar with certain commands, something like "please sort this output by the first then fourth columns". But if I'm writing a script or small Python utility, then VS code will be where I do it.
For compliance though, the AI integration could be a separate binary that you can access via the command line, although as pointed out in a reply, that's the same as a code path that isn't used. However, it is easier to block a separate binary, so maybe that's the thinking there?
Instead, maybe the people who have an issue with this feature would be happy with an optional setting "assign this keyboard shortcut to the AI binary". Or a feature flag that says "do not access the network under any circumstances".
I get the compliance perspective but it feels stupid to bring it up now, especially since iTerm2 has already had integrated network features for a long time.
Agreed on the "do not access the network" feature flag though, every program should have that. Or really it should just be a toggle in the OS on a per-app basis.
> Agreed on the "do not access the network" feature flag though, every program should have that.
I would claim that is not the responsibility of the app. That should be the sandbox/OS responsibility, to make sure it's actually true, rather than an app providing a checkbox that potentially does nothing.
I dunno about "do not access the network" — sounds like the wrong granularity. I want an app like e.g. Evernote or Calendly, to sync to its own cloud backend (or better, to my configured server.) I just don't want them sending my data off anywhere else.
Annoyingly though, in that scenario, the desire to not have my data processed by third-party vendor APIs, would need to apply to both the client (which I can control through technical measures, e.g. LittleSnitch) and to the cloud backend it talks to (which I fundamentally cannot control.) So such a config flag can't be purely a technical measure, but also has to be something communicated to the backend, ala "Do Not Track." And unlike HTTP, most of the other application-layer protocols we use today don't have anything like a standardized way to communicate "user-imposed constraints on how they want you to process their request, while still giving the same result".
Technical measures are the wrong lever to this problem. I can always send your precious data to my backend and proxy it to whatever third party vendor from there, and there’s nothing you can do to prevent that.
Instead, a legal solution like the GDPR offers better means of protection. The way the fines are structured, vendors have a clear incentive to not exfiltrate your data in the first place.
> Instead, a legal solution like the GDPR offers better means of protection.
I mean, yes, that was my point — that there'd need to be some legal thing like GDPR. But that thing would very likely need some kind of explicit user-driven policy choice (ala how websites are now forced to ask for a user-driven cookie-handling policy.)
To comply with such a law, it would be likely that every application-layer protocol that could in theory involve a backend that relies on the use of third-party ML vendors, would have to be modified to somehow carry that policy choice along with requests. It'd be a huge boondoggle.
Given that the "do not track" header is almost universally disregarded, I'm not sure what value we'd gain from implementing more instances of disregarded user preferences.
> And unlike HTTP, most of the other application-layer protocols we use today don't have anything like a standardized way to communicate "user-imposed constraints on how they want you to process their request, while still giving the same result".
This is the wrong approach and what you really want is for LLMs to instead have access to a palette of pre-vetted bugtested commands and options implemented by other applications.
ie think like those python embeds in OpenAI… but instead of building a python script, you should be building an Ansible playbook or a MacOS shortcut that does the task, rather than an LLM banging together shell code directly.
Things like file access or web request etc are just more primitives in this model. Don’t want it to call out to the web? Don’t give it access to the web request primitives. Like this literally has been a solved problem for 30 years - macOS intents and windows COM interfaces allow applications to expose these capabilities in a way that can be programmatically interfaced by other code to build up scripts.
This is HyperCard-era stuff, Unix just won so thoroughly that people don’t consider these capabilities, and everyone assumes everything has to be a single giant unshaped command of CLI garbage piped together.
The Unix mindset is not the right one for LLMs working at a token level. The idiom you need to mimic is MacOS intents or Ansible actions… or at least powershell actions. The amount of unconstrained shell-scripting involved needs to be minimized rigorously. Every time you do it it’s a risk, so why make it write anything more complex than glue code or composable YAML commands?
You're misunderstanding what I was trying to describe.
I wasn't talking about the direct use-case at hand (iTerm), because iTerm communicates directly with ML APIs. But such a "request processing constraint" would not be for use in communicating with ML APIs.
If the client application is directly communicating with an ML API, then the technical measure — a group-policy flag that tells the app to just not do anything that would communicate with those APIs; or further, which alters the app's sandbox to forcibly disable access to any/all known ML API servers on the OS-network-stack level — is enough to prevent that.
Rather, what I was referring to by a "request processing constraint", is for the other case — the case that can't be addressed through purely technical measures. And that's the case where a client application is making a request or syncing its data to a regular, non-ML business-layer server; where that backend then might decide to make requests to third-party ML APIs using the client's submitted data.
Think: the specific REST or gRPC API that most proprietary "service client" apps are paired with; or an arbitrary SMTP server for your email client; or the hard-coded AMQP broker, for an IoT device that relies on async data push to a remote message-queue; or the arbitrary S3-compatible object-store endpoint for your `rclone` or `pgbackrest` invocation.
It is for these systems, that you'd need a way for the client to tell the backend system it is communicating with, that the client is operating under a regime where third-party ML is not to be used.
The spirit of such a "request processing constraint" being communicated to such a backend system, would be: "don't allow any of the data being carried by this request, once it arrives at your [regular non-ML business-layer] backend system, to then be sent to any third-party ML APIs for further processing. Not in the process of resolving the request, and not later on for any kind of asynchronous benefit, either. Skip all those code-paths; and tag this data as tainted when storing it, so all such code-paths will be skipped for this data in the future. Just do what processing you can do, locally to your own backend, and give me the results of that."
(Ideally, there would also be some level of legal regulation, requiring vendors to at least put their "best effort attempt" into creating and maintaining a fallback backend-local [if not client-side!] implementation, for people who opt out of third-party ML processing — rather than just saying "the best we can do is nothing; your data goes unprocessed, and so the app just does nothing at all for you, sorry.")
---
You're also misunderstanding the misapprehensions that the people in the comments section of this post are having to data being passed to ML models.
Most of the people here who are having a visceral reaction to iTerm including ML capabilities, aren't thinking through the security concerns of this specific case of iTerm generating a shell script. I do understand that that's what you were trying to address here by talking about high-level capability-based APIs; but it wasn't what I was trying to suggest fixing, because "iTerm could generate a dangerous shell script" isn't what anyone was really complaining about here.
Rather, what people here were doing, was echoing a cached-thought response they had already long decided on, to the use or capture of their data by third-party ML-model service APIs generally.
The things that make people reject the idea of applications integrating with third-party ML APIs generally, are:
1. that the model would "do its job", but produce biased or censored results, creating unexpected "memory holes" in the resulting data (for recognition / transformer models), or tainting their processed d...
> From reading that issue, it sounds like people are worried about compliance with security policies (whether personal or corporate)
This is incredibly stupid. If they don't trust iTerm to respect their privacy, why were they using it in the first place? For all they know it very well could have been sharing all their data without telling them from the very beginning. Alas, the tool is open source they could just audit instead of yelling at clouds but hey.
They trusted it before; now things have changed, and they have lost that trust. Previously there was no reason to believe that iTerm would send your terminal input or output to a 3rd party.
iTerm still do not send anything to a third party, you do, by willingfully using a feature that explicitely states so. If you have concern that iTerm would do something behind your back, then you shouldn't be using it in the first place.
> For compliance though, the AI integration should probably be a separate binary that you can access via the command line. Maybe with an optional setting "assign this keyboard shortcut to the AI binary".
There's no difference at all between a code path that's never called and another binary that's never called.
You are simply wrong for even trying to argue about privacy concerns when it is a feature that is entirely off by default (and also doesn't send anything that you don't enter in the box dedicated to it).
It makes absolutely 0 sense to have any concern about this but not have concerns about the capability of the terminal to perform any other call over the network.
I think the issue that people here are expressing are not necessarily their personal concerns, but concerns that their employers may now have if they learn about the feature.
If they're worried about your terminal calling OpenAI servers if you ask it to call OpenAI servers, why are they not worried about all the many more damaging things you can do with your terminal when you ask it to?
Guess what? My terminal has always been able to call ChatGPT, even before this curl wrapper was released :O
Almost. The never-called code path may nonetheless reside in memory under control of a process with certain privileges, which does make it a tad less secure than a binary resting on disk. It’s also far more likely to be invoked by mistake (a bug) and you can’t totally remove it or take away its execute flag to drop that risk to basically zero.
Eh. I was the CISO at a HIPAA-covered healthcare company, and I have no problem with the way iTerm handles this. Nothing gets sent from your terminal, other than what you type into the separate AI prompt window. You have to manually enter your ChatGPT key. You have to manually choose to open the AI prompt.
I see this as not substantially different from a programmer having a browser tab open where they could type questions and get answers, just more convenient. If I didn't want my coworkers doing that at all, I'd push out a device policy adding a firewall block for OpenAI's API servers and then not worry about it at all.
> +1 to the people who'd like to donate 50$ for a version which does not send my input anywhere. Okay, previously I never donated the project. But use the iTerm2 for ~10yrs and would like to continue.
So, this person has been using iTerm2 for 10 years without paying, and would only consider donating if this feature is removed?
Hah! Just another turn of the wheel, this time with AI. Lots of entitled developers out there who sure do have a lot of time on their hands to complain.
> it is a very unwelcome statement of disagreeable values. Adding OpenAI integration, as optional as it is here, makes it clear that you don't stand against OpenAI and the whole "AI" industry.
Imagine the crime of maintaining a free and open source terminal emulator in one's spare time... how hideous.
It's hard to believe that some of these comments aren't trolling. Do they also consider the fact that iterm can call out to tools like `wget` and `curl` a privacy risk and slippery slope that might share their data if used wrong?
Choosing a network capable download command is different than an option to send all commands to the cloud for processing. And we know defaults get changed at times, sometimes on purpose (hi facebook!).
We also have decades of experience and culture around how to use network commands properly, especially for FLOSS tools.
Considering that newbies will be attracted to these cloud tools, the risk of information leakage sounds a lot higher in the second instance.
Complete whataboutism. If I fat finger bad data, that's expressly my fault. This is a case where I now need to worry about tools I use that never sent my usage data somewhere now sending it somewhere.
But isn’t it more fun to make up unrealistic/impossible scenarios and then get mad at those instead since the reality is that there is nothing to be mad about? /s
I can’t stand the people up in arms about an opt-in feature that is one of many that are in iTerm2. ITerm2 is not and will not become some kind of AI-based terminal, that idea is so absurd and so are the people making that argument.
In fact, the implementation is so barebones that it’s not useful IMHO so the outrage is even more silly.
1. A terminal shouldn't be able to ask some resource on the internet what to type and auto-execute it.
2. AI fear/fatigue/???
I think point 1 is reasonable to an extent, but it should be taken in context. iTerm2 is a free app, and as far as I can tell, not even remotely required on any mac platform, since there is technically a default dumb terminal, which can be customized. I think the context issue is from the video demos I've seen, nothing directly types into your terminal, it's up to the user to review/copy/paste the generated code snippet. The underlying tech has been in iTerm for a while, from the best I can see. Auto-fill also enables things like the 1password integration, and anyone can open a chatgpt client and copy/paste shell code from there in the same way the iTerm2 integration works.
I understand point 2, I have never cared for any AI hype, it has near-zero interest for me, and doesn't affect my work. Almost every editor has some capacity to ask the internet for data and paste it in, from AI or otherwise, and no one is really sounding a major alarm bell around that. You could argue there is a big push for these integrations to train models, but even that requires a key.
Seriously confused, the article first screws up royally saying its not opensource, which they correct, but then discuss "shoved down their throats" ... a feature that exists but is not enabled by default and doesn't even work if you don't provide a key.
It's absolutely rediculous that supporting something, thats opt-in not opt-out is causing a ruckus lol, people really have too much fuckin time on their hands to bitch about things.
This is like bitching that Firefox allows us to enable a proxy server, and throwing a fit that a feature exists even as an option to be enabled.
If you think AI is bad, wait til you hear about humans...
Im being facetious, but my point is that raw power/data usage isn't by itself a bad thing, as long as it is providing commensurate value. Now you can argue thy don't do that yet, but that would require a lt more nuance than "using resources bad".
I don't think "AI bad" but I think some of the people saying "AI bad" have interesting reasons for saying so.
For the record I believe a lot of the "AI Bad" discourse is a direct carryover from "NFT/Crypto Bad" discourse. A lot of the annoying voices that were loudly promoting NFTs and dodgy web3 companies two years ago are now LOUDLY promoting dodgy AI companies...
Some of it still rings true, a lot of it seems like "twitter is still mad"
The parallels even extend further: A lot of the people (largely correctly!) crying "scam" back then for crypto are now crying scam for AI.
If I had to draw a historical analogy, it'd be to the dot com bubble: Yes, it was a bubble – yet the Internet turns out to have been real. It just was almost impossible to guess correctly as to which company would still be around after the bubble burst (to say nothing of the now-giants that didn't even exist back then).
But that kind of bubble is very different from crypto, which so far has yet to prove that there was any substance to it, despite having gone through at least one global hype cycle and bubble burst two years ago. I don't recall there being two years of frantic search of an application for the web/Internet back in the early 2000s.
Just wait until the enshittification hits. The power and compute to train and run AI models aren't free and all of these products integrating AI are going to get... interesting when the AI companies start trying to get to profitability.
Fortunately, the iTerm feature is not mandatory, nor are they now sponsored by OpenAI or neglecting other "duties" (it's a free and open-source project) as far as I can tell.
iTerm has always been an "everything and the kitchen sink" type of project/software. If you want minimalism, especially in the interest of security, it's definitely not the terminal emulator for you – its attack surface must be massive.
Yeah, I'm not one of the people mad at iTerm right now, I'm simply saying those people aren't absolutely deranged and there are good reasons to balk at the inclusion of AI features where they don't need to exist.
Looking at the issue tracker, they're abusive bullies acting like they own the project though. They could've nicely instead of balking and stick to facts instead of making wild claims about bait and switch spyware. Their behavior is anything but normal.
You're right across the board. My only issue with it is general-purpose AI fatigue. Everywhere I look, blog posts use the same generic-looking AI art (I can't quite put it into words, but you probably know the look I'm talking about), social media posts are written up using genAI (e.g. Linkedin will now ask you if you want AI to write your post for you -- though let's be honest, original thoughts are few and far between on there to begin with), and while interviewing recently I received multiple warnings about disabling any AI assistants in my editor (to me, it's kind of a bummer that that's a big enough issue to mention at all).
I have, in principle, nothing against an opt-in feature that requires unmistakable user consent and a specific sequence of actions to enable. I'm just kinda tired of AI in general, and I'm also worried about potential licensing issues that may arise if you use genAI in your terminal to write scripts that weren't permissively licensed before being used as part of a training set. That's nothing new though, I had, and have, the same concerns with Github Copilot.
I also recognize that my complaint is pretty personal (not counting the licensing thing). My low-level annoyance with genAI isn't something the AI industry at large should seek to resolve. Maybe I'm more set in my ways than I should be at this point in my life. Either way, it's a factor for me and a few other tech people I know.
> while interviewing recently I received multiple warnings about disabling any AI assistants in my editor
Weird. Does the company forbid its staff to use AI assistants?
I get that they want to find out what you know. If you know how to solve problems using an AI, isn't that what they are going to (increasingly) expect you to do on the job?
In fact, demonstrating that you can effectively use AI to develop, would seem to me to be something they'd want to see.
The stated reason was that they wanted to understand my ability to solve a problem and my thought process when faced with their problem. Having run technical interviews in the past, I completely agree with the reasoning.
While I don't use it, I'll grant you that AI is good at solving small, repetitive, tedious problems; stuff that's maybe a bit too domain-specific to be widely available in a library, but that's consistently subtly different enough that you have to sink time into either making different implementations or trying to generalize.
AI is generally going to be poor at solving novel problems, and while that's something that you can never really use in an interview for a variety of reasons, I can send you a problem that's likely new to you and see how you tackle it.
I'll also admit that there's not a single good way to do that as it is. Technical interviewing is more of an art than a science, and it's difficult to get really good signal from an interview, generally speaking.
If you're experienced with how to use an LLM they can be very good at helping with novel problems and much more than boilerplate.
I've been able to tackle problems that would have otherwise taken up too much time and effort between my jobs as both expert witness for software related Federal lawsuits and as a father of two young children.
Here's just a sampling of what I've accomplished since I started using these tools:
A convolutional neural network trained using PyTorch to predict the next chord (as tablature) on a guitar based on image data. Includes labeling software for the image data as well as an iOS app for hosting and running the model.
A web framework written in C using clang blocks for the DSL, per request memory arena, and complete JSON-API compatible ORM, JWT auth, and enough sanitizers and leak detect to make your head spin.
A custom CLI DSL modeled somewhat on AWK syntax written with Python Lex Yacc for turning CSV data into matplotlib graphics.
A custom web framework written in F# that compiles to JS with Fable.
LLMs helped with looking up documentation, higher level architecture, fixing errors, and yes, plenty of boilerplate!
All of this being said, I brought with me almost 30 years of experience writing software and a pretty good idea high level of how to go about building these things. The devil is in the details and that's where the LLM was most useful.
The interview (test) isn't how well you know your IDE or the compiler tools, but the test is: Can you work hard (study leetcode) and have mental ability to achieve your goals (a job offer).
IMHO, this is the same as disabling linting or compiling. Or why companies (used to) do coding challenges on a white board.
The trouble is that AI assistants have seen all of the contrived algorithmic problems before. I once interviewed a candidate for whom Copilot spat the answer out as soon as he typed the function signature. Whether these problems are a good idea in the first place is a separate discussion, but as it stands the AI seems to just sidestep the whole thing.
I hate them too, but I'll put up with them out of necessity if the product or company mission's interesting to me.
Ironically, the most interesting positions I've held have almost universally been at companies that don't have leetcode-style questions as part of the hiring process.
You'll think I'm kidding but at least 1/3rd of Google isn't sure if AIs can code, and 1/3 thinks that if they can the code is too bad to bother with. Things like "gee idk, VS Code autocomplete is pretty cool" are either non-sequitors or a battleground.
> Everywhere I look, blog posts use the same generic-looking AI art (I can't quite put it into words, but you probably know the look I'm talking about)
The best is going to boingboing, and seeing that shit art everywhere, while they have posts whining about AI art. Be Consistent. You're just being part of the problem if you can't even abide by the basics.
I never thought I would end up hating the whole tech world so much, and I thought "Crypto" was peak - but that was just a bunch of scammy dudes and rugpulls for suckers. This? Everyone is suckers. In theory there's a case to be made for it, but I trust none of the entities involved in pushing this out.
For about 5 years I thought MS was going to do something good. WSL2 was actually good tech and they seemed to uh... "embrace" open source. But since 2020 I feel like things are just going downhill.
My inner old man yells at the lawnmowermanchild : GET OFF MY LAWN.
I don't think it's uncommon for a feature to start as opt-in, then turn to opt-out, then finally turn to built-in, so it makes sense to me to be wary if the feature is something you don't want in something typically light and not-overburdened-by-features as a terminal emulator.
Yes, but you have to take into account what kind of product it is and who's the developer and their track record.
It's different if a paid or ad supported product wants to increase the amount of people who use a feature vs. an open source developer adding a feature for people to use and having no benefit by people using it. iTerm already has a lot of advanced options and that's just one more of it.
Relevant track record: the developer thought this would be a worthwhile "feature" to add. Frankly, that says enough. Even if they do eventually give in and remove it, the stain will still be there.
You’re talking about someone publishing high quality open source software for over a decade that’s beloved by millions of users. Have some respect, man.
You might disagree with the way a specific feature works, but this is absolutely no reason to talk about someone like Mr. Nachman this way.
100% this, it’s honestly a bit embarrassing reading through some of these comments or Gitlab issues (“I would donate if you remove this feature”) as a fellow developer. I expected a bit more of my peers on a developer focused tool.
"Just for the future, I'd like to have a discussion before introducing highly controversial 'features' like this" is another one. Not only does it come off as entitled and condescending, it also shows they haven't bothered to even look at the existing development process. iTerm2 already has test releases with detailed release notes.
What is disrespectful about gp's comment? It's okay to disagree with decisions made by even the most dedicated maintainers; I've switched to software (forks, or similar projects) many times on principle - I respect JetBrains, but disagreed with an awful decision they made that was a stain and made me question their judgement and avoid their otherwise excellent IDEs whenever possible. I haven't bought any personal licenses from them since - is that disrespectful in your books?
I hope iTerm moves this functionality into a plugin with the next version.
I for one am horrified at the sheer amount of ill will and sense of entitlement directed towards a developer who has been working tirelessly on high quality free and open source software out of his spare time. It's a thankless job he has continued for more than a decade.
These people have benefitted from iTerm2, possibly for years. Instead of giving back or thanking the person behind it, they chose to flood HN and the issue tracker with insults and lies. They literally pretend as if he's trying to sneak in spyware that steals each and every keystroke. They berate, mock, and question the morality of him and anyone else who dares to push back.
I see this kind of bullying behavior in some open source communities and am taken aback every time I see it. The lack of empathy on display here is ironically less than an LLM and that's saying something.
It appears your issue is not with the comment at the head of this thread specifically, but generally with other comments elsewhere (on HN and Github); that doesn't make the comment disrespect or untrue by association.
AI is a lightning rod issue, while insults are not ok, disagreement is inevitable, disagreeing wirh a decision a maintainer made is orthogonal to dis/respect.
Open Source is fickle - you can diligently work on a project for years and have it forked for mundane reasons, such as some people thinking you're not doing things fast enough for their liking, or you included a controversial feature - and they won't have to pay you or even send you a "thank you" note, that does not change the value of the contributions.
> people really have too much fuckin time on their hands to bitch about things
I always find it so puzzling when people say this. If this author has "too much time" what would the ideal society look like to you? Would you prefer to live in a society where every person is worked to the bone for optimal productivity, such that there is not even a spare 30 minutes in their week to write something that isn't generating economic output? I really want to know what you mean when you say this.
Having a proxy setting actually is a problem, which is why, for example, Microsoft Windows Server lets you create a policy that prevents users from configuring it.
Codecierge allows terminal scrollback and its presumably unredacted data to be sent to a third party, it is a conduit for data exfiltration and may violate a whole bunch of compliance policies, so if it cannot be disabled, it may put companies in violation of those compliance certifications.
> It's absolutely rediculous that supporting something, thats opt-in not opt-out is causing a ruckus lol, people really have too much fuckin time on their hands to bitch about things.
People have preferences. They find their preferences meaningful to them. This means there will always be a healthy competitive market of alternatives to choose from in order to serve those preferences. This is not a bad outcome. Why do you find it "worthy of ridicule?"
preferences aren't above criticism, i see many people on the internet with the misapprehension that just because "it's an opinion" somehow ought to shield you from people being able to say "that's a dumb opinion"
Sure. I just wouldn't expect to get particularly far with that strategy.
> ought to shield you from people being able to say "that's a dumb opinion"
We're talking about a preference of which terminal emulator to use. Is there some larger social consequence that should be addressed this way?
Having openly genocidal racist attitudes are "dumb opinions" that are worthy of public challenge. Whether or not I want to use iTerm2 because they added LLM interfaces is probably not.
i feel like you are treating 'dumb' as synonymous with 'reprehensible'.
worthy of public challenge? we're commenting on an internet forum. not using a terminal because it has added a feature that is opt-in seems silly to me, it doesn't have to be racist or genocidal to reach the threshold of 'worthy to comment on'
you’re being silly on this just as much as you’re being silly about iterm
yes, in the context of an internet discussion about iterm we can of course say that you’re being silly, even if genocide exists. Don’t be silly.
not exactly like the front page of the NYT is discussing akira2501’s iterm stance instead of genocide, here, you’re just having an emotional tantrum over some random computer thing.
people have just gotten silly over this whole thing, visceral emotional reaction is about right.
Because they’re going beyond their personal preference - which could be fulfilled by never using this feature - by trying to press their legitimate preferences onto others by blackballing companies that even touch LLMs.
My preference is to not use software which has these features in it. I don't need my terminal software having a network request layer which can exfiltrate my data to unknown third parties.
You might feel comfortable with a labeled "off switch" but many of us do not. Is that an allowed preference? Or should I be ridiculed?
> press their legitimate preferences onto others
You mean describe their preferences openly and allow others to come to their own conclusion? Or are you suggesting that they're bullying other people into this position against their will?
To me it seems the opposite. Whenever these criticisms come up there is a contingent dedicated to minimizing them to the point of suggesting that they should be openly ridiculed. Or that they've misunderstood their own preferences. Or that they've taken them "too far" somehow.
> by blackballing companies that even touch LLMs.
Yes, preferences even extend to economic decisions. People often forget that this is the basis of all economy.
iTerm has had a font fetcher, a crash reporter, and an automatic updater that all hit the internet for a while. Did anyone care? Is there anybody who turned off the crash reporter but started a fairly mean-spirited thread that the crash reporter was still in the binary? Is there anybody who didn't bother reading the code for what the crash reporter did and expressed that they're not "comfortable with a labeled 'off switch'"?
Seems like this preference only comes up when the endpoint is an LLM. It's an isolated demand for rigor rooted in the visceral emotions LLMs seem to inspire.
> there will always be a healthy competitive market of alternatives
I'm not complaining about iTerm2, but this statement on its own is not true.
For example - a healthy competitive market for phones that respect your privacy. Cars without touchscreen controls for everything. Televisions that are not "smart".
Honestly, I hope that iterm2 gets a "local AI" feature.
That was specifically to the world of open source.
I can't do anything about our government failing to enforce anti trust laws that have existed for more than a century. If they did enforce them then perhaps this statement would have wider truth to it.
This was fixed now. The article’s main point still stands IMO. I.e. that iterm2 focused on openai and not some local workflow by default.
Optional or not, I’d like core features to be privacy friendly and provider agnostic. Otherwise a plugin might be a better fit.
> I think that one of the greatest errors that was made with putting this in iTerm2 was making a big show of it, and by not letting you use local models (such as with Ollama) instead of having OpenAI be the only option.
I think you can hardly call it “focused on”, when it’s one feature out many many updates made to the software. Alao I believe you can retarget the calls to a local instance of a model behind an OpenAI compatible API, and it will happily use that.
I meant “focused on” in the sense that AI features specifically are focused on openai, to the point of mentioning openai only in the changelogs.
I haven’t seen an official demo of using ai features with a local instance. I believe it should be the other way round, the focus should be on local (because again, this is provider agnostic and privacy friendly).
You can change the endpoint, which anyone could learn from reading the comments on the release yesterday or reading the wiki
> I think that one of the greatest errors that was made with putting this in iTerm2 was making a big show of it, and by not letting you use local models (such as with Ollama) instead of having OpenAI be the only option.
There is not a single line this is that is true. A big show was not made and you can use Ollama with it. The “big show” was made by other people not the developer behind iTerm2.
You can always fork it if you disagree with the direction of development.
Everyone of course knows perfectly well that it’s not anywhere near that level of concern in reality, one might say just concern trolling in fact.
But if you and enough other people really do feel strongly enough, you can maintain a security-focused fork with… removing an optional LLM thing that requires manually entering a key. Sure.
Sure, but the gitlab thread is not respectful or constructive criticism. It’s a bunch of knee jerk users saying they can’t use iTerm2 anymore and overtly threatening and/or bribing the devs because they don’t like any product that includes a nice UX to interface with an “AI” language model.
Brave’s crypto reward features might be a better analogy, but I like the comparison.
Fortunately I get paid to throw shade. Here is a free sample:
“Unsupervised use of LLMs can increase the risk of exposing sensitive information. Mitigation strategies and capabilities are not mature.
“Exploiting AI requires rapidly increasing the capital expenditures (input) per worker while the horizon for productivity gains (output) is uncharted and unknown.
Except LLMs have real value today unlike crypto which is mostly used for scams and speculative trading. That’s what makes this different from Brave. Also I don’t think the CEO has any integrity whereas the iTerm2 developer has been making an incredible product for free for over a decade.
> It's absolutely rediculous that supporting something, thats opt-in not opt-out is causing a ruckus
iTerm is pretty extensible, and there are other ways of making the AI bloat (IMO) opt-in, without including it in the core software.
The biggest issue for me is that it increases the attack surface on iTerm2 with no tangible benefit (to me), I'd be similarly upset if they added an opt-in "Share on Facebook/StackOverflow" feature. I'd seriously consider switching to a purist fork that doesn't integrate social-media sharing as a core-feature of a terminal app.
I don't want LLMs to parrot back code from other projects without understanding what that code does and what my code does. I don't want it to parrot back irrelevant slop.
And I especially don't want it to parrot:
rm -rf $BUILDDIR/ && ./build-project.sh
and just hallucinate the assumption that $BUILDDIR is already defined.
But GitHub doesn't ship copilot as a separate binary. So the threat vector of “AI has no place in my VCS get it out it increases the surface area” is there. So it’s okay for github to have copilot but not iterm2 to have codesierge? Doesn't add up.
The point here is about compliance. I agree it’d be stupid to pipe the output of an LLM to a terminal’s command line. But people are saying they can’t use iterm2 now because compliance says no AI and having an mdm-secure way to disable the functionality is not enough because _there could be a bug_ or something. Yet they’re checking commits, in presumably the same compliance regime, into other software with AI features.
> Because you’re already using other software that has LLM integration
Oh really, which software would that be? And which other LLM-enabled software connects production environments or has access to auth credentials/tokens?
Not sure you're being downvoted—probably the last bit of your statement... but there is a wave of "jam AI into it or you're not keeping up with the Joneses" in every application and tool I've noticed over the past year now.
It's nauseating, really, and I think for some devs they probably thought their terminal environment was the last place they'd see anything AI pop up, so they're taking out the pent up annoyance out on iTerm2.
Misunderstanding. I’m talking about the death of the buzzword, not the death of what it represents.
AI is here to stay but eventually it will die out as a buzzword and as a trend to be made to fit in places it has no reason being in.
Big Data, Blockchain etc are all still here and used but the trend of being used as a buzzwords and added to random products for no reason has long been forgotten.
How is this different than say, searching stack overflow for a command or chain of commands?
You still have to enable the feature, and you still have to hit enter.
If you are running commands in a privileged terminal then you ought to already have enough experience to be skeptical of commands that you don’t understand, and ensure that you do understand them before you run them.
The only thing that caused me any concern about the demo was that the user action to take the proposed command from the prompt window back into the terminal, was unclear. That is the dangerous step, and should be hard to do accidentally and be very clear on impact.
A stack overflow answer that is downright wrong is likely to be downvoted or removed completely. An answer that works but has subtle security issues is likely to have comments warning readers to be cautious.
AI has none of this. An AI will tell you with full confidence to use a command that it doesn't understand, it merely constructed it from a statistical model that is impossible to understand completely. That command may work, or it may be totally invalid, or it may expose you to a major security risk. We really don't know.
I think the feature is dumb but also the backlash is completely pointless. It literally doesn't get in your way in any manner. It's only extremely hypothetical concerns (read bullshit) about sending random data to openai.
As someone who similarly suffers from AI fatigue, I already do. I can’t wait for the AI hype cycle to follow the blockchain path, I just hope whatever comes afterwards isn’t even worse.
Why should they care about 'most software' if they have tools that work for them?
For example I don't hate iTerm because I don't need to. I can just use a better terminal emulator and get on with my life. People say the same about vscode, why spend the energy hating it instead of just using neovim and forgetting it exists.
Example from earlier today. I wanted to know how to format a date as "06/04/1947", just like that with leading zeros. I can never remember the details of the complex Ruby `strftime` method, so I usually have to spelunk in the docs for the details. Instead I prompted an LLM with "format a Ruby date like '06/04/1947'" and it gave me the correct answer, faster than I could have found the doc page let alone decoded it.
I think that, in its current iteration, it is not that easy to know.
I haven't tried GPT 4 (which I've heard is much better), but my experiences with 3.5 have been extremely frustrating and underwhelming. I absolutely hate when it starts making stuff up and I have to fix it via the traditional way, it just wasted my time!
I guess this boils down to personal preference, but so far I just prefer a good old Google search.
I was quite happy with copilot auto complete, though. Mostly because of how low friction it was.
If only you could read the source to confirm for yourself or if the developer had a proven track record instead of being someone who just popped up on the scene for the first time…. Oh wait, you can look at the source and the developer has a proven track record maintaining iTerm2 for over a decade.
Your condescension is embarrassing as it shows you have no idea what you are talking about in this context.
“A terminal emulator is probably also a fairly bad place to implement this because it's probably one of the most privileged programs on a developer's machine. It deals with all the secrets in the world, and the threat that it could be used to upload them all to a third party is great enough that people are willing to switch away from it sight unseen.”
It’s important to call out poor judgment around development of our FLOSS tools, they are precious.
I love iTerm2. It has a gazillion features, most of which I don't want and never use (but I love the small subset I do use). I saw the new AI stuff on the release notes, thought, "ugh, lame, I'll never use that", and moved on with my day.
iTerm2 is so good, it’s worth using macOS just for the crazy good terminal. I love the quake term hotkey access and while I’m sure other terminals can easily do it too, I think it might have been the first?
I think the only thing keeping me on iterm is terminal.app's lack of a way to easily disable mouse integration.
If you're using a TUI that works with the mouse but need to select some text, in iterm you hold Option and can select. In Terminal.app you need to use the menu to turn mouse handling off, select your text, then turn it back on.
Yeah, Terminal.app isn’t necessarily better than iterm2, depending on what you need out of your terminal emulator. The latter’s got more features, for sure. The Mac platform’s just blessed with two way-above-average terminal emulators, one installed by default, is all I mean.
I use iterm2 as a default and haven't given it any thought or looked into to it.
But "AI powered" very often implies spying on you and sending home everything it can which has me a bit concerned. Is this true or likely to become true of iterm2?
Plug: This entire thread really doubles my motivation to get Terminal Click [0] out the door even sooner. I'm an indie dev who wants to sell an offline binary for the equivalent of a night out at the movies, probably cheaper.
if the concern is that iterm2 can’t get through a finance industry audit anymore, why would anyone install a shell (ie extremely privileged software) from some rando? What’s your plan for providing security audits and ongoing patching and updates to a PCI level compliance and who does your certifications?
What are the odds that this isn’t a ghost repo in 5 years let alone 25?
People are just trying things out and it will be some time before developers and users settle on what works best for them. In this case, you need to provide your own API key which is a pretty good filter for who wants to use it. Maybe it's distasteful to follow hype in certain cases although this one appears actually useful, even if minimally to the author. I would be more concerned with AI-in-the-OS or other deeply embedded system making it impractical to avoid.
It is a good point and I am cautiously following developments on these because it will not be a pleasant surprise out of the blue. Users need to see how it helps, developers need to see where/how it fits, companies "need" (will) test people's tolerance everything imagined in between.
The analogy is broken a little by subscription license trends but otherwise I'd suggest it may be like getting a car with either manual or automatic transmission. Most people will opt for the automatic and pay more because it's easier. A still sizable portion will opt for the manual either for simplicity, control, cost savings, or a combination of these.
A developer will not want to leave the market for AI-powered versions of their app on the table so obviously they'll pursue it; users given the choice will have needs based on some other context. Maybe a journalist wants GPT powered research tools and plain editing software. A romance novel writer can handle their own research but appreciates GPTs to help synthesize that into outlines and exposition. Will everyone get the kitchen sink without any say or will boundaries emerge which lead to different patterns of providing software?
People who think this feature is dumb are the same ones who thought graphical user interfaces and languages with memory management built in were dumb.
Engineers must be open to new ideas.
Personally I spend a lot do time googling arcane parameters and if AI can help me avoid that, it’s a win.
If you don’t want to use it great. Good for you. You’ve spent enough time on the command line to know all the inconsistent insanity. Not everyone has or wants to.
Another point brought out is that iTerm2 may be offering their users data, for free, as training data for LLMs. You need an API key to use the built-in ChatGPT feature, but do you need a key if you're just feeding data to the AI?
The mid/disinformation in this comment almost makes me want to flag it.
What an absolutely absurd idea that can be easily confirmed (it’s open source) and is borderline libel against the developer who has been maintaining this project for over a decade.
It’s a crazy conspiracy theory that we can confirm or deny by looking at the code and it’s a theory about a practice (OpenAI taking training data from sources sending it to them not using the API, and also OpenAI doesn’t train on API data) that we have never seen in the wild.
The amount of FUD and vitriol displayed by some circles for a small and non-intrusive optional feature is insane. This is especially evident in the issue tracker. The response is more vicious than Windows shoving AI in the start menu, and it's baffling.
I have no use for the feature, I can write shell commands on my own. But why in the world would I go berating the developer over this? Why would anyone? iTerm2 is a gift that users owe him for, not the other way around.
I see this in some open source communities. Is this kind of thing normal?
If you have so little trust in the dev, why would you use iTerm2 in the first place instead of the built in Terminal app?
Based on the same unfounded paranoia, how do we know it’s not keylogging your passwords and or stealing other sensitive information you enter into the terminal? Oh right, we can just check the source code because it’s open source.
I have as much AI feature fatigue as the next person, but feel like I have way more anti-AI histeria fatigue at this point. Seems like for some people all rational thinking goes out the window as soon as AI is mentioned and pure emotion takes over.
Funny, I just switched to alacritty after using iTerm2 for over a decade because I wanted to get closer to a no frills experience (do one thing well). This was after trying warp terminal which is firmly heading in the opposite direction. Whatever the case, it’s nice to have a bunch of great options.
I did the same thing last night. Spent 10 minutes setting up a config file, which I then added to my dotconfig repo, and had Alacritty working perfectly. Highly recommended!
Warp is really radical. It’s a completely reimagined terminal experience. It’s an AI first experience with the intention that you never need to Google another command invocation. They have a feature which allows you to save and label frequently used commands for easy access. Input and output are completely separated. It feels truly innovative, but for me, it was too much of a departure from the familiar environment of a traditional terminal. I can see people that are ready for it truly loving it. The only major downside is that they require you to register to use it, and I have seen people mention that it sends a lot of data “home”. I can see that being a dealbreaker for many. My low-tech alternative approach is to use alacritty with atuin and starship. Three tractable suckless programs that work beautifully together. Like anything, it’s a matter of preference and needs. HTH
A lot of people are angry or don't understand the feature. Am I the only one who actually loves this feature? I'd say 50% of my interactions with GPT are "Make a command line to do X". Right now I have to copy/paste back and forth to the GPT and tell it what happened.
Having all of that built into the terminal is fantastic! The only feature I would ask for is obfuscation -- when I'm doing it for work, I am always careful that I change my question such that I get the right answer without revealing any company information.
Of course a solution to this is enabling someone to point at another model that they control, either locally or hosted privately.
If there were a way for me to type a question and get just the command line back by searching on Google, yeah, I'd like that too. But that's not how Google works. ChatGPT can give me exactly what I want.
And if it were, what's stopping the same filters to be added to google to convert the LLM output(or the google search results) into just the command to execute?
That's how the plugin developed for iTerm2 works, but the actual result from chatgpt needs to be filtered by iTerm2 to get to the result in the demonstration.
What's stopping the same filtering from being used on a google search result instead of a response from an LLM API?
No, that's not how the plugin works. It sends context to ChatGPT telling it to return a single command that is copy/pasteable. The plugin does no filtering of the results. You can literally read the code for yourself:
No, but I might like iterm to have integrated support for various commands, shortcuts, aliases, etc. This is, IMHO, a very natural extension of that. I would prefer even less friction, as for any command I don't know by heart, asking ChatGPT in natural language is the most efficient way to get the commands and arguments I want, usually the very first time. Again IMHO, in the near term future, "great terminal" and "first class LLM support" will go hand in hand for most (but of course, not all) users.
Do you use tmux? If not are you appalled that iTerm2 has support for that? What about the other billion config/settings/features of iTerm2 that you choose not to use?
iTerm2 is a great terminal. It was great before the update and it’s still great after the update.
You can use a privately hosted model with iTerm2, just change the API endpoint in advanced settings to any of the myriad of local LLMs that are OpenAI compatible (like ollama or LMStudio).
Why does the emulator have to do this? Can’t it be a plug-in for bash/zsh/whatnot? Those already support tab completion. It could even be a cli:
prompt “command that you want it to generate”. Then inspect it and run it. If you are feeling very lucky type “$(prompt “command you want to run”)” and poof it executes. Why does this need to be in one of the most privileged apps on my machine?
> Why does the emulator have to do this? Can’t it be a plug-in for bash/zsh/whatnot?
I've no interest in using it because I'm a cheap bastard and am not going to pay $20/month for a key, but if I were going to use it I'd want it in the terminal emulator. If it were a shell plugin I'd have to install it in my shell on my Mac, the shells on my two Raspberry Pis, the shell on my Amazon Lightsail instance, and the shells on the half-dozen or so servers at work that I regularly ssh to from home. Oh, and also the shells in the Linux VMs I run my work test environment in.
API keys are unrelated to the $20/month product, and the keys are pay-as-you-go. The newest model is $15 per million tokens of output, which is to say, you would be extremely hard-pressed to spend $20/month on the API.
Why can it not be a plugin for the terminal emulator?
I understand why people don't like that "integrates with third party LLM services" was just added as a core feature to their terminal emulator(which are typically very minimal applications when it comes to business logic).
I can also see the usefulness of having it in the terminal emulator, but I think most people's reaction comes from the confusion of it being included in the core code instead of an extra module you download.
This whole things feels like if vim added a copilot integration into the core app. It make a lot more sense as an additional download than core functionality.
> It's everywhere, and it's exhausting. Part of my job requires me to keep up with the latest advances with AI and I'm unable to. Everything happens so much.
Good god yes. I'm bullish on AI, have been playing with it a lot over the past year, and am now making a commercial AI-powered desktop app but this is exactly how I feel. I went from feeling the most excited I've been since I started programming as a kid to feeling like I'm drowning.
Today on the front page of HN between a fifth and a quarter of the articles have been about AI of some sort. Not necessarily LLMs but between the Microsoft AI annoucements, a post on RAG and another on neural networks, CLIP representations, it feels like it's non stop onslaught of AI news that I try to keep up with and we're more than a year into the hype.
I have sgpt installed and configured and use it practically every day. Great tool, almost magic when it works right (four out of five, maybe?). Less time reading tldr, man pages, browsing for random breadcrumbs, more time doing things. I recommend it.
I also switched to WezTerm from iTerm awhile ago, largely because iTerm does so much stuff which isn't a emulating a terminal. I have a tool for querying OpenAI from the command line, I don't need or want it built into my terminal emulator, just doesn't jibe with my philosophy. I keep iTerm around for the "Quake terminal" feature, though. That remains pretty slick.
The outrage and self-entitlement is absurd imho. Making it disabled-by-default rather than merely not configured seems like a reasonable accommodation, and is the likely outcome of all this hoopla. People who are complaining that their security policy won't allow it are either confused or dishonest: it makes a network call if you ask it to, the endpoint is either blocked by your policy or it isn't, this adds no new capabilities from a security standpoint.
Probably politically wise to emphasize that it works with any OpenAI compatible endpoint, including a local one. The program is not in fact tied to OpenAI in any way and it might unruffle some featheres.
It's reasonable to want your terminal to just be a terminal, and not feature badges, alerts, log search, its own autocomplete, triggers, annotations, a password manager, and now AI integration. If that's what you want, iTerm hasn't been the emulator for you for a long time. That's fine, there are options.
I built something similar with GPT-4o support https://github.com/gogainda/cmdhelp Mac users just can download the built executable and start using it. All you need is an API key
312 comments
[ 3.0 ms ] story [ 333 ms ] threadIf someone wants a local model, why not submit a PR instead of complaining? Local models have OpenAI compatibility! https://ollama.com/blog/openai-compatibility
* EDIT: I see that the OpenAI URL is configurable under Advanced > Experimental > URL for AI API. Perhaps this already works?
It takes much less effort for me to simply switch back to Terminal.app.
Trust. “AI” features are a trust rubicon. Once you add it, the assumption is that surveillance is now baked in.
This is some wildly narcissistic logic.
Other people are free to add features to the software that they write, that is their agency.
No one really rips out iTerm2 from a mac setup and they can throw their Mac out of the window with iTerm2 if they really hate AI that much (because it has ai and will get more, you had to get out of your way with Siri and co already anyway...)
And as I said it before: this is not a hype. Look it up. Ai delivers already things it doesn't fit hype.
And no ai will not go away, at least I'm not seeing a single thing right now indicating a platoon very soon.
I have been working on something like this that fits better into my existing bash/zsh workflow. So I landed on using ollama and a small widget that tries to mirror the same behavior of ctrl+r aka reverse-i-search. Barely functional, but I have found value from it.
I think saying there’s “no confidence in the answer provided by an AI” is an overstatement and underestimates the value AI can have for the majority of users because that statement overestimates the value of “a reputable source that provides not only the command I’m looking for, but an explanation of the syntax” for the majority of users. Reputable sources and thorough explanations are great in theory, but very few have the patience to go through all that for a single CLI command when they want to make visible progress on the bigger picture project they actually care about.
> I think saying there’s “no confidence in the answer provided by an AI” is an overstatement and underestimates the value AI can have for the majority of users because that statement overestimates the value of “a reputable source that provides not only the command I’m looking for, but an explanation of the syntax” for the majority of users. Reputable sources and thorough explanations are great in theory, but very few have the patience to go through all that for a single CLI command when they want to make visible progress on the bigger picture project they actually care about.
These are exactly the people who shouldn't be running code written by a random number generator.
The beauty of technology and the internet is that there's near-zero gatekeeping. Anyone with enough interest and time can learn to build anything without seriously harming anyone. Dismissing LLMs as a random number generator is very clearly an overstatement for the value they're already able to provide. Ideally, how would you suggest a new developer learn to build something such as a REST API in Python?
You don’t need to have confidence, these are shell one liners, you can generate it, run it, and verify the results in the time it would take you to open a browser window or scroll halfway down a man page.
And if it doesn’t work, then you can still fallback on those.
I don’t mean to be dismissive or reductive. If I need to do something more complex then I’m probably not trying to do it in a shell one-liner.
I used this feature earlier today and prompted it with something like “given piped input, use awk to filter just the 2nd and 5th columns, and truncate the 5th column to 25 chars”. I don’t use awk often but I know that it exists, and I could have figured out how to do this in about 20-40 seconds with a google search or man page, but this was 10x faster.
It sounds like you're recommending people to not understand the shell one-liners they're pasting into their CLI and instead just verify that the outcome was observed after the fact?
That's pretty much the opposite of what I've understood to be "good terminal practice" for my entire life, which can be summed up as "don't execute anything in the terminal that you don't understand".
Is "just paste it and hope you don't lost data/just installed a virus" the new modus-oprandi?
Yes
> Is "just paste it and hope you don't lost data/just installed a virus" the new modus-oprandi?
No
Somewhere in between those two extremes is knowing enough to know that the command you’re pasting in isn’t going to install a virus, even though you don’t fully understand what the -g flag is doing
I fail to see any middle ground between those two "extremes", it's pretty black and white.
You find something and discover after trying it out that you have the gnu version or Mac version or a outdated or much newer version of the tool.
Than I give up, scroll through some shitty man page to slowly pull out one option after the other.
Is a 3rd party getting every key stroke I make and output it produces?
My big disappointment is that you can't use providers other than OpenAI. Stop this. It's like making a web browser that can only use Google. AI APIs are actually kind of simple. Make it so I can pick one including a locally hosted one (ollama etc.) if I want.
- no external dependencies (OpenAI payment, network availability...)
- no data leaving my device
- it could deeply learn my configs and filesystem to give specific commands as opposed to general guidance (I know you can embed and send to OpenAI but I'd really not want to share all my hard drive)
DEFINE_STRING(aitermURL, @"https://api.openai.com/v1/completions", SECTION_EXPERIMENTAL @"URL for AI API.\nA ChatGPT API endpoint should be here. Note that this URL is only used if the model name does not begin with `gpt-` because those models used an older API.");
https://github.com/gnachman/iTerm2/blob/a196d31658a8d0aa2dc5...
According to the docs it only uses that if the model doesn't begin tieh gpt- and uses an old API, so alas it doesn't seem compatible with ollama.
Edit: here is the relevant part of the code: https://github.com/gnachman/iTerm2/blob/a196d31658a8d0aa2dc5...
Looks like adding ollama support is really a matter of changing a few lines of code.
Edit 2: Seems to be fixed in the next beta release: https://github.com/gnachman/iTerm2/commit/fcd212490626f1d8ea...
- alacritty - kitty
are decent alternatives I have found as a drop in replacement. Might need to add tmux if you were reliant on the window/pane management of iTerm2
For heavy tmux user it could be a deal breaker, especially given that kovid (kitty author) is hostile towards tmux.
What extra stuff do I get from this "tmux integration" ?
Benefits:
-You can keep using a terminal app you apparently like (understandably, it’s great)
-You don’t have to find and install a replacement
-You don’t have to re-add tmux
-Not actively enabling a new chat feature you don’t like costs very little time
Downsides:
-…
https://gitlab.com/gnachman/iterm2/-/issues/11470
I'm very happy with iTerm2, its features are useful to me, but I can't see myself using the AI chat feature when I have copilot in VS code. I could see a use case for people unfamiliar with certain commands, something like "please sort this output by the first then fourth columns". But if I'm writing a script or small Python utility, then VS code will be where I do it.
For compliance though, the AI integration could be a separate binary that you can access via the command line, although as pointed out in a reply, that's the same as a code path that isn't used. However, it is easier to block a separate binary, so maybe that's the thinking there?
Instead, maybe the people who have an issue with this feature would be happy with an optional setting "assign this keyboard shortcut to the AI binary". Or a feature flag that says "do not access the network under any circumstances".
Agreed on the "do not access the network" feature flag though, every program should have that. Or really it should just be a toggle in the OS on a per-app basis.
I would claim that is not the responsibility of the app. That should be the sandbox/OS responsibility, to make sure it's actually true, rather than an app providing a checkbox that potentially does nothing.
Annoyingly though, in that scenario, the desire to not have my data processed by third-party vendor APIs, would need to apply to both the client (which I can control through technical measures, e.g. LittleSnitch) and to the cloud backend it talks to (which I fundamentally cannot control.) So such a config flag can't be purely a technical measure, but also has to be something communicated to the backend, ala "Do Not Track." And unlike HTTP, most of the other application-layer protocols we use today don't have anything like a standardized way to communicate "user-imposed constraints on how they want you to process their request, while still giving the same result".
Instead, a legal solution like the GDPR offers better means of protection. The way the fines are structured, vendors have a clear incentive to not exfiltrate your data in the first place.
I mean, yes, that was my point — that there'd need to be some legal thing like GDPR. But that thing would very likely need some kind of explicit user-driven policy choice (ala how websites are now forced to ask for a user-driven cookie-handling policy.)
To comply with such a law, it would be likely that every application-layer protocol that could in theory involve a backend that relies on the use of third-party ML vendors, would have to be modified to somehow carry that policy choice along with requests. It'd be a huge boondoggle.
This is the wrong approach and what you really want is for LLMs to instead have access to a palette of pre-vetted bugtested commands and options implemented by other applications.
ie think like those python embeds in OpenAI… but instead of building a python script, you should be building an Ansible playbook or a MacOS shortcut that does the task, rather than an LLM banging together shell code directly.
Things like file access or web request etc are just more primitives in this model. Don’t want it to call out to the web? Don’t give it access to the web request primitives. Like this literally has been a solved problem for 30 years - macOS intents and windows COM interfaces allow applications to expose these capabilities in a way that can be programmatically interfaced by other code to build up scripts.
https://developer.apple.com/documentation/appintents
https://learn.microsoft.com/en-us/windows/win32/com/the-comp...
This is HyperCard-era stuff, Unix just won so thoroughly that people don’t consider these capabilities, and everyone assumes everything has to be a single giant unshaped command of CLI garbage piped together.
The Unix mindset is not the right one for LLMs working at a token level. The idiom you need to mimic is MacOS intents or Ansible actions… or at least powershell actions. The amount of unconstrained shell-scripting involved needs to be minimized rigorously. Every time you do it it’s a risk, so why make it write anything more complex than glue code or composable YAML commands?
I wasn't talking about the direct use-case at hand (iTerm), because iTerm communicates directly with ML APIs. But such a "request processing constraint" would not be for use in communicating with ML APIs.
If the client application is directly communicating with an ML API, then the technical measure — a group-policy flag that tells the app to just not do anything that would communicate with those APIs; or further, which alters the app's sandbox to forcibly disable access to any/all known ML API servers on the OS-network-stack level — is enough to prevent that.
Rather, what I was referring to by a "request processing constraint", is for the other case — the case that can't be addressed through purely technical measures. And that's the case where a client application is making a request or syncing its data to a regular, non-ML business-layer server; where that backend then might decide to make requests to third-party ML APIs using the client's submitted data.
Think: the specific REST or gRPC API that most proprietary "service client" apps are paired with; or an arbitrary SMTP server for your email client; or the hard-coded AMQP broker, for an IoT device that relies on async data push to a remote message-queue; or the arbitrary S3-compatible object-store endpoint for your `rclone` or `pgbackrest` invocation.
It is for these systems, that you'd need a way for the client to tell the backend system it is communicating with, that the client is operating under a regime where third-party ML is not to be used.
The spirit of such a "request processing constraint" being communicated to such a backend system, would be: "don't allow any of the data being carried by this request, once it arrives at your [regular non-ML business-layer] backend system, to then be sent to any third-party ML APIs for further processing. Not in the process of resolving the request, and not later on for any kind of asynchronous benefit, either. Skip all those code-paths; and tag this data as tainted when storing it, so all such code-paths will be skipped for this data in the future. Just do what processing you can do, locally to your own backend, and give me the results of that."
(Ideally, there would also be some level of legal regulation, requiring vendors to at least put their "best effort attempt" into creating and maintaining a fallback backend-local [if not client-side!] implementation, for people who opt out of third-party ML processing — rather than just saying "the best we can do is nothing; your data goes unprocessed, and so the app just does nothing at all for you, sorry.")
---
You're also misunderstanding the misapprehensions that the people in the comments section of this post are having to data being passed to ML models.
Most of the people here who are having a visceral reaction to iTerm including ML capabilities, aren't thinking through the security concerns of this specific case of iTerm generating a shell script. I do understand that that's what you were trying to address here by talking about high-level capability-based APIs; but it wasn't what I was trying to suggest fixing, because "iTerm could generate a dangerous shell script" isn't what anyone was really complaining about here.
Rather, what people here were doing, was echoing a cached-thought response they had already long decided on, to the use or capture of their data by third-party ML-model service APIs generally.
The things that make people reject the idea of applications integrating with third-party ML APIs generally, are:
1. that the model would "do its job", but produce biased or censored results, creating unexpected "memory holes" in the resulting data (for recognition / transformer models), or tainting their processed d...
This is incredibly stupid. If they don't trust iTerm to respect their privacy, why were they using it in the first place? For all they know it very well could have been sharing all their data without telling them from the very beginning. Alas, the tool is open source they could just audit instead of yelling at clouds but hey.
There's no difference at all between a code path that's never called and another binary that's never called.
You are simply wrong for even trying to argue about privacy concerns when it is a feature that is entirely off by default (and also doesn't send anything that you don't enter in the box dedicated to it).
It makes absolutely 0 sense to have any concern about this but not have concerns about the capability of the terminal to perform any other call over the network.
The way I phrased it might be why you're misunderstanding me. I'll try to clean it up.
If they're worried about your terminal calling OpenAI servers if you ask it to call OpenAI servers, why are they not worried about all the many more damaging things you can do with your terminal when you ask it to?
Guess what? My terminal has always been able to call ChatGPT, even before this curl wrapper was released :O
The right thing to do, then, would be for the OS to have a group policy setting like:
"Disable application features that rely on processing documents, data, or application state using remote third-party inference APIs."
...and then for apps to look for it and respect it; and for corporations concerned about this to set it as part of MDM.
Then apps could offer these features as available by default, but also forcibly disabled when relevant.
I see this as not substantially different from a programmer having a browser tab open where they could type questions and get answers, just more convenient. If I didn't want my coworkers doing that at all, I'd push out a device policy adding a firewall block for OpenAI's API servers and then not worry about it at all.
> +1 to the people who'd like to donate 50$ for a version which does not send my input anywhere. Okay, previously I never donated the project. But use the iTerm2 for ~10yrs and would like to continue.
So, this person has been using iTerm2 for 10 years without paying, and would only consider donating if this feature is removed?
clearly hyperbole
Even when it's turn on you have to manually engage it
Rage posters always gloss over details in their rush to tell the world how mad they are
> it is a very unwelcome statement of disagreeable values. Adding OpenAI integration, as optional as it is here, makes it clear that you don't stand against OpenAI and the whole "AI" industry.
Imagine the crime of maintaining a free and open source terminal emulator in one's spare time... how hideous.
We also have decades of experience and culture around how to use network commands properly, especially for FLOSS tools.
Considering that newbies will be attracted to these cloud tools, the risk of information leakage sounds a lot higher in the second instance.
iTerm doesn't have that. It has a separate pop-up window where you can type questions and get answers.
If it had a feature like you describe, I'd be there with my pitchfork. Thankfully, it doesn't.
I can’t stand the people up in arms about an opt-in feature that is one of many that are in iTerm2. ITerm2 is not and will not become some kind of AI-based terminal, that idea is so absurd and so are the people making that argument.
In fact, the implementation is so barebones that it’s not useful IMHO so the outrage is even more silly.
I understand point 2, I have never cared for any AI hype, it has near-zero interest for me, and doesn't affect my work. Almost every editor has some capacity to ask the internet for data and paste it in, from AI or otherwise, and no one is really sounding a major alarm bell around that. You could argue there is a big push for these integrations to train models, but even that requires a key.
Every Linux shell can do that, regardless of your terminal emulator, and arguably that's by design:
What iTerm can do is essentially just some GUI sugar around that capability.If you don't like it, just don't do it :)
It's absolutely rediculous that supporting something, thats opt-in not opt-out is causing a ruckus lol, people really have too much fuckin time on their hands to bitch about things.
This is like bitching that Firefox allows us to enable a proxy server, and throwing a fit that a feature exists even as an option to be enabled.
The proxy server was not created through petabyte-scale plagiarism.
A proxy server does not use half a million kilowatt hours of electricity a day.
This is nothing like complaining that Firefox allows you to enable a proxy server.
I use ChatGPT but I also think the AI detractors have some good points...
Im being facetious, but my point is that raw power/data usage isn't by itself a bad thing, as long as it is providing commensurate value. Now you can argue thy don't do that yet, but that would require a lt more nuance than "using resources bad".
For the record I believe a lot of the "AI Bad" discourse is a direct carryover from "NFT/Crypto Bad" discourse. A lot of the annoying voices that were loudly promoting NFTs and dodgy web3 companies two years ago are now LOUDLY promoting dodgy AI companies...
Some of it still rings true, a lot of it seems like "twitter is still mad"
If I had to draw a historical analogy, it'd be to the dot com bubble: Yes, it was a bubble – yet the Internet turns out to have been real. It just was almost impossible to guess correctly as to which company would still be around after the bubble burst (to say nothing of the now-giants that didn't even exist back then).
But that kind of bubble is very different from crypto, which so far has yet to prove that there was any substance to it, despite having gone through at least one global hype cycle and bubble burst two years ago. I don't recall there being two years of frantic search of an application for the web/Internet back in the early 2000s.
iTerm has always been an "everything and the kitchen sink" type of project/software. If you want minimalism, especially in the interest of security, it's definitely not the terminal emulator for you – its attack surface must be massive.
I happily use iTerm2 and will continue to do so.
I have, in principle, nothing against an opt-in feature that requires unmistakable user consent and a specific sequence of actions to enable. I'm just kinda tired of AI in general, and I'm also worried about potential licensing issues that may arise if you use genAI in your terminal to write scripts that weren't permissively licensed before being used as part of a training set. That's nothing new though, I had, and have, the same concerns with Github Copilot.
I also recognize that my complaint is pretty personal (not counting the licensing thing). My low-level annoyance with genAI isn't something the AI industry at large should seek to resolve. Maybe I'm more set in my ways than I should be at this point in my life. Either way, it's a factor for me and a few other tech people I know.
Weird. Does the company forbid its staff to use AI assistants?
I get that they want to find out what you know. If you know how to solve problems using an AI, isn't that what they are going to (increasingly) expect you to do on the job?
In fact, demonstrating that you can effectively use AI to develop, would seem to me to be something they'd want to see.
Why would you work somewhere that prescribed your workflow?
You're a professional. Do your job as you see fit, whether that involves AI assistance or not.
> demonstrating that you can effectively use AI to develop, would seem to me to be something they'd want to see.
Irrelevant. They want you to meet business needs more than play with today's shiny technology.
While I don't use it, I'll grant you that AI is good at solving small, repetitive, tedious problems; stuff that's maybe a bit too domain-specific to be widely available in a library, but that's consistently subtly different enough that you have to sink time into either making different implementations or trying to generalize.
AI is generally going to be poor at solving novel problems, and while that's something that you can never really use in an interview for a variety of reasons, I can send you a problem that's likely new to you and see how you tackle it.
I'll also admit that there's not a single good way to do that as it is. Technical interviewing is more of an art than a science, and it's difficult to get really good signal from an interview, generally speaking.
I've been able to tackle problems that would have otherwise taken up too much time and effort between my jobs as both expert witness for software related Federal lawsuits and as a father of two young children.
Here's just a sampling of what I've accomplished since I started using these tools:
A convolutional neural network trained using PyTorch to predict the next chord (as tablature) on a guitar based on image data. Includes labeling software for the image data as well as an iOS app for hosting and running the model.
A web framework written in C using clang blocks for the DSL, per request memory arena, and complete JSON-API compatible ORM, JWT auth, and enough sanitizers and leak detect to make your head spin.
A custom CLI DSL modeled somewhat on AWK syntax written with Python Lex Yacc for turning CSV data into matplotlib graphics.
A custom web framework written in F# that compiles to JS with Fable.
LLMs helped with looking up documentation, higher level architecture, fixing errors, and yes, plenty of boilerplate!
All of this being said, I brought with me almost 30 years of experience writing software and a pretty good idea high level of how to go about building these things. The devil is in the details and that's where the LLM was most useful.
Beyond that, if it helps you spend more time with your family while still being good at your job, that's always a win.
IMHO, this is the same as disabling linting or compiling. Or why companies (used to) do coding challenges on a white board.
Ironically, the most interesting positions I've held have almost universally been at companies that don't have leetcode-style questions as part of the hiring process.
They got that AI grease on them
Positive prompt: 1girl, hacker, laptop, terminal, coffee, green hair, green eyes, ponytail, hoodie
Negative prompt: worst quality, low quality, medium quality, deleted, lowres, comic, bad anatomy, bad hands, text, error, missing fingers, extra digit, fewer digits, cropped, jpeg artifacts, signature, watermark, username, blurry, looking at viewer
Steps: 25, Sampler: DPM++ 3M SDE Karras, CFG scale: 7, Seed: 1313606321, Size: 768x384, Model hash: 51a0c178b7, Model: kohaku-xl, VAE hash: 235745af8d, VAE: kohaku-xl.safetensors, Denoising strength: 0.7, Hires resize: 2048x1024, Hires upscaler: Latent (bicubic), Version: v1.6.0-2-g4afaaf8a
I never thought I would end up hating the whole tech world so much, and I thought "Crypto" was peak - but that was just a bunch of scammy dudes and rugpulls for suckers. This? Everyone is suckers. In theory there's a case to be made for it, but I trust none of the entities involved in pushing this out.
For about 5 years I thought MS was going to do something good. WSL2 was actually good tech and they seemed to uh... "embrace" open source. But since 2020 I feel like things are just going downhill.
My inner old man yells at the lawnmowermanchild : GET OFF MY LAWN.
It's different if a paid or ad supported product wants to increase the amount of people who use a feature vs. an open source developer adding a feature for people to use and having no benefit by people using it. iTerm already has a lot of advanced options and that's just one more of it.
You might disagree with the way a specific feature works, but this is absolutely no reason to talk about someone like Mr. Nachman this way.
https://iterm2.com/downloads.html
And oh, they're now demanding an apology ... for a gift they willingly grabbed without a single thank you.
I hope iTerm moves this functionality into a plugin with the next version.
We’re not talking about a faceless company like JetBrains here, but a single human being, for chrissakes.
These people have benefitted from iTerm2, possibly for years. Instead of giving back or thanking the person behind it, they chose to flood HN and the issue tracker with insults and lies. They literally pretend as if he's trying to sneak in spyware that steals each and every keystroke. They berate, mock, and question the morality of him and anyone else who dares to push back.
I see this kind of bullying behavior in some open source communities and am taken aback every time I see it. The lack of empathy on display here is ironically less than an LLM and that's saying something.
AI is a lightning rod issue, while insults are not ok, disagreement is inevitable, disagreeing wirh a decision a maintainer made is orthogonal to dis/respect.
Open Source is fickle - you can diligently work on a project for years and have it forked for mundane reasons, such as some people thinking you're not doing things fast enough for their liking, or you included a controversial feature - and they won't have to pay you or even send you a "thank you" note, that does not change the value of the contributions.
I always find it so puzzling when people say this. If this author has "too much time" what would the ideal society look like to you? Would you prefer to live in a society where every person is worked to the bone for optimal productivity, such that there is not even a spare 30 minutes in their week to write something that isn't generating economic output? I really want to know what you mean when you say this.
https://github.com/Xe
Codecierge allows terminal scrollback and its presumably unredacted data to be sent to a third party, it is a conduit for data exfiltration and may violate a whole bunch of compliance policies, so if it cannot be disabled, it may put companies in violation of those compliance certifications.
People have preferences. They find their preferences meaningful to them. This means there will always be a healthy competitive market of alternatives to choose from in order to serve those preferences. This is not a bad outcome. Why do you find it "worthy of ridicule?"
Sure. I just wouldn't expect to get particularly far with that strategy.
> ought to shield you from people being able to say "that's a dumb opinion"
We're talking about a preference of which terminal emulator to use. Is there some larger social consequence that should be addressed this way?
Having openly genocidal racist attitudes are "dumb opinions" that are worthy of public challenge. Whether or not I want to use iTerm2 because they added LLM interfaces is probably not.
worthy of public challenge? we're commenting on an internet forum. not using a terminal because it has added a feature that is opt-in seems silly to me, it doesn't have to be racist or genocidal to reach the threshold of 'worthy to comment on'
yes, in the context of an internet discussion about iterm we can of course say that you’re being silly, even if genocide exists. Don’t be silly.
not exactly like the front page of the NYT is discussing akira2501’s iterm stance instead of genocide, here, you’re just having an emotional tantrum over some random computer thing.
people have just gotten silly over this whole thing, visceral emotional reaction is about right.
My preference is to not use software which has these features in it. I don't need my terminal software having a network request layer which can exfiltrate my data to unknown third parties.
You might feel comfortable with a labeled "off switch" but many of us do not. Is that an allowed preference? Or should I be ridiculed?
> press their legitimate preferences onto others
You mean describe their preferences openly and allow others to come to their own conclusion? Or are you suggesting that they're bullying other people into this position against their will?
To me it seems the opposite. Whenever these criticisms come up there is a contingent dedicated to minimizing them to the point of suggesting that they should be openly ridiculed. Or that they've misunderstood their own preferences. Or that they've taken them "too far" somehow.
> by blackballing companies that even touch LLMs.
Yes, preferences even extend to economic decisions. People often forget that this is the basis of all economy.
Seems like this preference only comes up when the endpoint is an LLM. It's an isolated demand for rigor rooted in the visceral emotions LLMs seem to inspire.
People (or power users at least) tend to remember incidents like that. I don’t think it’s entirely “just because LLM’s”.
Also, what was the bug?
I'm not complaining about iTerm2, but this statement on its own is not true.
For example - a healthy competitive market for phones that respect your privacy. Cars without touchscreen controls for everything. Televisions that are not "smart".
Honestly, I hope that iterm2 gets a "local AI" feature.
Running a local LLM or stable diffusion is fun.
I can't do anything about our government failing to enforce anti trust laws that have existed for more than a century. If they did enforce them then perhaps this statement would have wider truth to it.
Optional or not, I’d like core features to be privacy friendly and provider agnostic. Otherwise a plugin might be a better fit.
> I think that one of the greatest errors that was made with putting this in iTerm2 was making a big show of it, and by not letting you use local models (such as with Ollama) instead of having OpenAI be the only option.
Seems like lots of knee jerking going on.
I haven’t seen an official demo of using ai features with a local instance. I believe it should be the other way round, the focus should be on local (because again, this is provider agnostic and privacy friendly).
> I think that one of the greatest errors that was made with putting this in iTerm2 was making a big show of it, and by not letting you use local models (such as with Ollama) instead of having OpenAI be the only option.
There is not a single line this is that is true. A big show was not made and you can use Ollama with it. The “big show” was made by other people not the developer behind iTerm2.
Everyone of course knows perfectly well that it’s not anywhere near that level of concern in reality, one might say just concern trolling in fact.
But if you and enough other people really do feel strongly enough, you can maintain a security-focused fork with… removing an optional LLM thing that requires manually entering a key. Sure.
The “love it or leave it” of the open source world. Sorry, I don’t buy that framing. No one should be immune from criticism.
Fortunately I get paid to throw shade. Here is a free sample:
“Unsupervised use of LLMs can increase the risk of exposing sensitive information. Mitigation strategies and capabilities are not mature.
“Exploiting AI requires rapidly increasing the capital expenditures (input) per worker while the horizon for productivity gains (output) is uncharted and unknown.
iTerm is pretty extensible, and there are other ways of making the AI bloat (IMO) opt-in, without including it in the core software.
The biggest issue for me is that it increases the attack surface on iTerm2 with no tangible benefit (to me), I'd be similarly upset if they added an opt-in "Share on Facebook/StackOverflow" feature. I'd seriously consider switching to a purist fork that doesn't integrate social-media sharing as a core-feature of a terminal app.
What's your threat model?
Why do you ask, will you help with designing a mitigation plan?
I'll humor you: It's a turnkey gadget for sniffing/exfiltrating the output of any open iTerm2 shell.
I use web search, I don't use LLM websites.
I use MacOS, I don't use Siri.
I use Windows, I don't use Cortana/Copilot.
------------------------------------------
I don't want LLMs to parrot back code from other projects without understanding what that code does and what my code does. I don't want it to parrot back irrelevant slop.
And I especially don't want it to parrot:
rm -rf $BUILDDIR/ && ./build-project.sh
and just hallucinate the assumption that $BUILDDIR is already defined.
A terminal on the other hand...
You have to explicitly pay for it and add it to your repo.
Oh really, which software would that be? And which other LLM-enabled software connects production environments or has access to auth credentials/tokens?
Past wall of fame
- Network
- Big Data
- Blockchain
- Cloud
- NFT
- VR
It's nauseating, really, and I think for some devs they probably thought their terminal environment was the last place they'd see anything AI pop up, so they're taking out the pent up annoyance out on iTerm2.
Smart home Smart phone Smart watch Smart thermostat Etc.
Not all of these are created equal!
AI is here to stay but eventually it will die out as a buzzword and as a trend to be made to fit in places it has no reason being in.
Big Data, Blockchain etc are all still here and used but the trend of being used as a buzzwords and added to random products for no reason has long been forgotten.
Hope it clears it out.
You still have to enable the feature, and you still have to hit enter.
If you are running commands in a privileged terminal then you ought to already have enough experience to be skeptical of commands that you don’t understand, and ensure that you do understand them before you run them.
The only thing that caused me any concern about the demo was that the user action to take the proposed command from the prompt window back into the terminal, was unclear. That is the dangerous step, and should be hard to do accidentally and be very clear on impact.
AI has none of this. An AI will tell you with full confidence to use a command that it doesn't understand, it merely constructed it from a statistical model that is impossible to understand completely. That command may work, or it may be totally invalid, or it may expose you to a major security risk. We really don't know.
Edit Because I hit submit too soon: George Nachman is a great guy who delivers a cool tool for free and doesn't deserve the pushback.
For example I don't hate iTerm because I don't need to. I can just use a better terminal emulator and get on with my life. People say the same about vscode, why spend the energy hating it instead of just using neovim and forgetting it exists.
Why the heck not use AI when it's better?
I think that, in its current iteration, it is not that easy to know.
I haven't tried GPT 4 (which I've heard is much better), but my experiences with 3.5 have been extremely frustrating and underwhelming. I absolutely hate when it starts making stuff up and I have to fix it via the traditional way, it just wasted my time!
I guess this boils down to personal preference, but so far I just prefer a good old Google search.
I was quite happy with copilot auto complete, though. Mostly because of how low friction it was.
"Oh, sweet summer child..." :-D
Your condescension is embarrassing as it shows you have no idea what you are talking about in this context.
Not to mention iterm development has slowed a lot in recent years. Who knows how much longer the author will be around.
From: https://xeiaso.net/notes/2024/ai-hype/
“A terminal emulator is probably also a fairly bad place to implement this because it's probably one of the most privileged programs on a developer's machine. It deals with all the secrets in the world, and the threat that it could be used to upload them all to a third party is great enough that people are willing to switch away from it sight unseen.”
It’s important to call out poor judgment around development of our FLOSS tools, they are precious.
If you're using a TUI that works with the mouse but need to select some text, in iterm you hold Option and can select. In Terminal.app you need to use the menu to turn mouse handling off, select your text, then turn it back on.
EDIT: looks like someone even investigated that: https://babbagefiles.xyz/quake-drop-down-terminal-history/
But "AI powered" very often implies spying on you and sending home everything it can which has me a bit concerned. Is this true or likely to become true of iterm2?
Edit: looking around the thread and at other conversations like https://gitlab.com/gnachman/iterm2/-/issues/11475 it's not just me with this concern
Feeling a bit like a dying breed.
[0] https://terminal.click
What are the odds that this isn’t a ghost repo in 5 years let alone 25?
Also, Terminal Click is an experimental project. We'll see where it lands.
[0] https://handmadecities.com/about
Why Windows is adding an ai key?
Not sure what Ubuntu and other distributions will do but they will probably add it too.
(I'm not against this, just stating it)
Because they need a gimmick to sell new ipads to people who don't really understand what a nanometer means in the context of semiconductors?
To accelerate ai for Photoshop, after effects, local enhanced Siri, voice to text and text to voice.
The analogy is broken a little by subscription license trends but otherwise I'd suggest it may be like getting a car with either manual or automatic transmission. Most people will opt for the automatic and pay more because it's easier. A still sizable portion will opt for the manual either for simplicity, control, cost savings, or a combination of these.
A developer will not want to leave the market for AI-powered versions of their app on the table so obviously they'll pursue it; users given the choice will have needs based on some other context. Maybe a journalist wants GPT powered research tools and plain editing software. A romance novel writer can handle their own research but appreciates GPTs to help synthesize that into outlines and exposition. Will everyone get the kitchen sink without any say or will boundaries emerge which lead to different patterns of providing software?
Engineers must be open to new ideas.
Personally I spend a lot do time googling arcane parameters and if AI can help me avoid that, it’s a win.
If you don’t want to use it great. Good for you. You’ve spent enough time on the command line to know all the inconsistent insanity. Not everyone has or wants to.
I upgraded this morning too and saw updates too.
It's been 3 hours since, continued working on my terminal, it has not gotten in my way at all.
It's a non-issue for me.
What am I missing?
What an absolutely absurd idea that can be easily confirmed (it’s open source) and is borderline libel against the developer who has been maintaining this project for over a decade.
It’s a crazy conspiracy theory that we can confirm or deny by looking at the code and it’s a theory about a practice (OpenAI taking training data from sources sending it to them not using the API, and also OpenAI doesn’t train on API data) that we have never seen in the wild.
I have no use for the feature, I can write shell commands on my own. But why in the world would I go berating the developer over this? Why would anyone? iTerm2 is a gift that users owe him for, not the other way around.
I see this in some open source communities. Is this kind of thing normal?
Based on the same unfounded paranoia, how do we know it’s not keylogging your passwords and or stealing other sensitive information you enter into the terminal? Oh right, we can just check the source code because it’s open source.
I have as much AI feature fatigue as the next person, but feel like I have way more anti-AI histeria fatigue at this point. Seems like for some people all rational thinking goes out the window as soon as AI is mentioned and pure emotion takes over.
I like the idea and may enable it.
Having all of that built into the terminal is fantastic! The only feature I would ask for is obfuscation -- when I'm doing it for work, I am always careful that I change my question such that I get the right answer without revealing any company information.
Of course a solution to this is enabling someone to point at another model that they control, either locally or hosted privately.
It's not what I want iterm to do, I want iterm to be a great terminal.
And if it were, what's stopping the same filters to be added to google to convert the LLM output(or the google search results) into just the command to execute?
And sure, Google could add that, but it doesn't have that today.
That's how the plugin developed for iTerm2 works, but the actual result from chatgpt needs to be filtered by iTerm2 to get to the result in the demonstration.
What's stopping the same filtering from being used on a google search result instead of a response from an LLM API?
https://gitlab.com/gnachman/iterm2/-/blob/master/sources/iTe...
iTerm2 is a great terminal. It was great before the update and it’s still great after the update.
Well goodbye to that part.
prompt “command that you want it to generate”. Then inspect it and run it. If you are feeling very lucky type “$(prompt “command you want to run”)” and poof it executes. Why does this need to be in one of the most privileged apps on my machine?
I've no interest in using it because I'm a cheap bastard and am not going to pay $20/month for a key, but if I were going to use it I'd want it in the terminal emulator. If it were a shell plugin I'd have to install it in my shell on my Mac, the shells on my two Raspberry Pis, the shell on my Amazon Lightsail instance, and the shells on the half-dozen or so servers at work that I regularly ssh to from home. Oh, and also the shells in the Linux VMs I run my work test environment in.
I understand why people don't like that "integrates with third party LLM services" was just added as a core feature to their terminal emulator(which are typically very minimal applications when it comes to business logic).
I can also see the usefulness of having it in the terminal emulator, but I think most people's reaction comes from the confusion of it being included in the core code instead of an extra module you download.
This whole things feels like if vim added a copilot integration into the core app. It make a lot more sense as an additional download than core functionality.
I'm with the others that want it in a command, not embedded in my terminal
Good god yes. I'm bullish on AI, have been playing with it a lot over the past year, and am now making a commercial AI-powered desktop app but this is exactly how I feel. I went from feeling the most excited I've been since I started programming as a kid to feeling like I'm drowning.
Today on the front page of HN between a fifth and a quarter of the articles have been about AI of some sort. Not necessarily LLMs but between the Microsoft AI annoucements, a post on RAG and another on neural networks, CLIP representations, it feels like it's non stop onslaught of AI news that I try to keep up with and we're more than a year into the hype.
I also switched to WezTerm from iTerm awhile ago, largely because iTerm does so much stuff which isn't a emulating a terminal. I have a tool for querying OpenAI from the command line, I don't need or want it built into my terminal emulator, just doesn't jibe with my philosophy. I keep iTerm around for the "Quake terminal" feature, though. That remains pretty slick.
The outrage and self-entitlement is absurd imho. Making it disabled-by-default rather than merely not configured seems like a reasonable accommodation, and is the likely outcome of all this hoopla. People who are complaining that their security policy won't allow it are either confused or dishonest: it makes a network call if you ask it to, the endpoint is either blocked by your policy or it isn't, this adds no new capabilities from a security standpoint.
Probably politically wise to emphasize that it works with any OpenAI compatible endpoint, including a local one. The program is not in fact tied to OpenAI in any way and it might unruffle some featheres.
It's reasonable to want your terminal to just be a terminal, and not feature badges, alerts, log search, its own autocomplete, triggers, annotations, a password manager, and now AI integration. If that's what you want, iTerm hasn't been the emulator for you for a long time. That's fine, there are options.
Is there a MacOS app that does "Quicksilver" (cmd-space Spotlight box) style input that injects the GPT text at cursor or puts it into your clipboard?