Good catch, this has now been nerfed and this approach has gotten its own title

Wirbelwind • yesterday at 7:45 PM • 3 replies • view on HN

smaudet • yesterday at 10:31 PM

Actually, the only secure default is to deny everything...how do you know that innocent command is actually innocent?

➕ show 1 reply

KajMagnus • yesterday at 7:54 PM

Top 18%! I denied everything, unless I could see at a glance that it was safe (like Git diff)

xg15 • yesterday at 9:16 PM

Glad I could help. I love the new title :D

alt Hacker News