> +1 to the people who'd like to donate 50$ for a version which does not send my input anywhere. Okay, previously I never donated the project. But use the iTerm2 for ~10yrs and would like to continue.
So, this person has been using iTerm2 for 10 years without paying, and would only consider donating if this feature is removed?
> it is a very unwelcome statement of disagreeable values. Adding OpenAI integration, as optional as it is here, makes it clear that you don't stand against OpenAI and the whole "AI" industry.
Imagine the crime of maintaining a free and open source terminal emulator in one's spare time... how hideous.
Hah! Just another turn of the wheel, this time with AI. Lots of entitled developers out there who sure do have a lot of time on their hands to complain.
1. A terminal shouldn't be able to ask some resource on the internet what to type and auto-execute it.
2. AI fear/fatigue/???
I think point 1 is reasonable to an extent, but it should be taken in context. iTerm2 is a free app, and as far as I can tell, not even remotely required on any mac platform, since there is technically a default dumb terminal, which can be customized. I think the context issue is from the video demos I've seen, nothing directly types into your terminal, it's up to the user to review/copy/paste the generated code snippet. The underlying tech has been in iTerm for a while, from the best I can see. Auto-fill also enables things like the 1password integration, and anyone can open a chatgpt client and copy/paste shell code from there in the same way the iTerm2 integration works.
I understand point 2, I have never cared for any AI hype, it has near-zero interest for me, and doesn't affect my work. Almost every editor has some capacity to ask the internet for data and paste it in, from AI or otherwise, and no one is really sounding a major alarm bell around that. You could argue there is a big push for these integrations to train models, but even that requires a key.
From reading that issue, it sounds like some people are worried about compliance with security policies (whether personal or corporate)
I'm very happy with iTerm2, its features are useful to me, but I can't see myself using the AI chat feature when I have copilot in VS code. I could see a use case for people unfamiliar with certain commands, something like "please sort this output by the first then fourth columns". But if I'm writing a script or small Python utility, then VS code will be where I do it.
For compliance though, the AI integration could be a separate binary that you can access via the command line, although as pointed out in a reply, that's the same as a code path that isn't used. However, it is easier to block a separate binary, so maybe that's the thinking there?
Instead, maybe the people who have an issue with this feature would be happy with an optional setting "assign this keyboard shortcut to the AI binary". Or a feature flag that says "do not access the network under any circumstances".
I get the compliance perspective but it feels stupid to bring it up now, especially since iTerm2 has already had integrated network features for a long time.
Agreed on the "do not access the network" feature flag though, every program should have that. Or really it should just be a toggle in the OS on a per-app basis.
> For compliance though, the AI integration should probably be a separate binary that you can access via the command line. Maybe with an optional setting "assign this keyboard shortcut to the AI binary".
There's no difference at all between a code path that's never called and another binary that's never called.
You are simply wrong for even trying to argue about privacy concerns when it is a feature that is entirely off by default (and also doesn't send anything that you don't enter in the box dedicated to it).
It makes absolutely 0 sense to have any concern about this but not have concerns about the capability of the terminal to perform any other call over the network.
Eh. I was the CISO at a HIPAA-covered healthcare company, and I have no problem with the way iTerm handles this. Nothing gets sent from your terminal, other than what you type into the separate AI prompt window. You have to manually enter your ChatGPT key. You have to manually choose to open the AI prompt.
I see this as not substantially different from a programmer having a browser tab open where they could type questions and get answers, just more convenient. If I didn't want my coworkers doing that at all, I'd push out a device policy adding a firewall block for OpenAI's API servers and then not worry about it at all.
> From reading that issue, it sounds like people are worried about compliance with security policies (whether personal or corporate)
This is incredibly stupid. If they don't trust iTerm to respect their privacy, why were they using it in the first place? For all they know it very well could have been sharing all their data without telling them from the very beginning. Alas, the tool is open source they could just audit instead of yelling at clouds but hey.
It's hard to believe that some of these comments aren't trolling. Do they also consider the fact that iterm can call out to tools like `wget` and `curl` a privacy risk and slippery slope that might share their data if used wrong?
Complete whataboutism. If I fat finger bad data, that's expressly my fault. This is a case where I now need to worry about tools I use that never sent my usage data somewhere now sending it somewhere.
Choosing a network capable download command is different than an option to send all commands to the cloud for processing. And we know defaults get changed at times, sometimes on purpose (hi facebook!).
We also have decades of experience and culture around how to use network commands properly, especially for FLOSS tools.
Considering that newbies will be attracted to these cloud tools, the risk of information leakage sounds a lot higher in the second instance.
hiatus|1 year ago
> +1 to the people who'd like to donate 50$ for a version which does not send my input anywhere. Okay, previously I never donated the project. But use the iTerm2 for ~10yrs and would like to continue.
So, this person has been using iTerm2 for 10 years without paying, and would only consider donating if this feature is removed?
tedunangst|1 year ago
dmix|1 year ago
clearly hyperbole
Even when it's turn on you have to manually engage it
Rage posters always gloss over details in their rush to tell the world how mad they are
eriri|1 year ago
> it is a very unwelcome statement of disagreeable values. Adding OpenAI integration, as optional as it is here, makes it clear that you don't stand against OpenAI and the whole "AI" industry.
Imagine the crime of maintaining a free and open source terminal emulator in one's spare time... how hideous.
phillipcarter|1 year ago
mrozbarry|1 year ago
I understand point 2, I have never cared for any AI hype, it has near-zero interest for me, and doesn't affect my work. Almost every editor has some capacity to ask the internet for data and paste it in, from AI or otherwise, and no one is really sounding a major alarm bell around that. You could argue there is a big push for these integrations to train models, but even that requires a key.
lxgr|1 year ago
Every Linux shell can do that, regardless of your terminal emulator, and arguably that's by design:
What iTerm can do is essentially just some GUI sugar around that capability.If you don't like it, just don't do it :)
bloopernova|1 year ago
I'm very happy with iTerm2, its features are useful to me, but I can't see myself using the AI chat feature when I have copilot in VS code. I could see a use case for people unfamiliar with certain commands, something like "please sort this output by the first then fourth columns". But if I'm writing a script or small Python utility, then VS code will be where I do it.
For compliance though, the AI integration could be a separate binary that you can access via the command line, although as pointed out in a reply, that's the same as a code path that isn't used. However, it is easier to block a separate binary, so maybe that's the thinking there?
Instead, maybe the people who have an issue with this feature would be happy with an optional setting "assign this keyboard shortcut to the AI binary". Or a feature flag that says "do not access the network under any circumstances".
nulld3v|1 year ago
Agreed on the "do not access the network" feature flag though, every program should have that. Or really it should just be a toggle in the OS on a per-app basis.
iLoveOncall|1 year ago
There's no difference at all between a code path that's never called and another binary that's never called.
You are simply wrong for even trying to argue about privacy concerns when it is a feature that is entirely off by default (and also doesn't send anything that you don't enter in the box dedicated to it).
It makes absolutely 0 sense to have any concern about this but not have concerns about the capability of the terminal to perform any other call over the network.
kstrauser|1 year ago
I see this as not substantially different from a programmer having a browser tab open where they could type questions and get answers, just more convenient. If I didn't want my coworkers doing that at all, I'd push out a device policy adding a firewall block for OpenAI's API servers and then not worry about it at all.
oreilles|1 year ago
This is incredibly stupid. If they don't trust iTerm to respect their privacy, why were they using it in the first place? For all they know it very well could have been sharing all their data without telling them from the very beginning. Alas, the tool is open source they could just audit instead of yelling at clouds but hey.
dcow|1 year ago
derefr|1 year ago
The right thing to do, then, would be for the OS to have a group policy setting like:
"Disable application features that rely on processing documents, data, or application state using remote third-party inference APIs."
...and then for apps to look for it and respect it; and for corporations concerned about this to set it as part of MDM.
Then apps could offer these features as available by default, but also forcibly disabled when relevant.
sixhobbits|1 year ago
JasserInicide|1 year ago
mixmastamyk|1 year ago
We also have decades of experience and culture around how to use network commands properly, especially for FLOSS tools.
Considering that newbies will be attracted to these cloud tools, the risk of information leakage sounds a lot higher in the second instance.
whimsicalism|1 year ago
octernion|1 year ago
eriri|1 year ago