我在自己的机器上运行大型语言模型(LLM)代码时应该有多担心?
老实说,我对人工智能持怀疑态度,但最近我决定尝试一下大语言模型(LLM)辅助开发,结果对我来说非常成功。在我正在进行的项目中,感觉我在一周内完成了几个月的工作。大部分时间本来是用来研究一些统计方法的,而验证一种方法的准确性要比找到一种有效的方法并学习如何实现它快得多。
然而,这让我在电脑上运行了一些代码,至少可以说是可疑的。我正在使用谷歌的Gemini Pro,尽管我不断要求LLM只给我它正在更改的代码块,但它却一直让我完全替换,比如说,main.py文件。这让我对在我的机器上运行任意代码感到真正的担忧,无论是出于故意还是懒惰。
我在这里的问题是:(1)当这些代码与我的内部文件系统完全无关时,我承担了多大的风险?(2)除了常规备份之外,还有哪些缓解策略可以保护我,除了在多重通行或UTM中处理所有事情?(3)如果我需要为所有操作运行虚拟机,哪种虚拟机在Mac上最容易在正常使用和虚拟机之间切换?
非常感谢任何建议。尽管我已经开发了十多年Python项目,但我主要还是一个业余程序员。
查看原文
Look, I'll be honest about being an AI skeptic generally, but I recently thought I'd give LLM assisted development a try and it's been wildly successful for me. On the project I've been working on, it feels like I've gotten multiple months worth of work done in a week. Most of that time would have been spent researching some statistical methods for doing things, and it's much quicker to verify a method as being accurate, than it is to find one that works and learn how to create an implementation.<p>However, this has still had me running code in my computer that is, to say the least, dubious. I'm using Google Gemini Pro, and while I keep asking the LLM to only give me chunks of code that it's changing, it keeps asking me to just replace, say, the main.py file completely. This has me genuinely concern about running arbitrary code on my machine, intentionally or just due to laziness.<p>My question here is (1) how much of a risk am I taking on running this kind of code when it's not at all related to my internal filesystem, (2) what are mitigation strategies I can take to protect myself beyond regular backups short of just doing everything in, say multipass or UTM, and (3) if I need to run a virtual machine for everything, which is the easiest to run for moving back and forth between normal use on a mac?<p>Really appreciate any advice here. I'm mostly a hobbyist programmer, even if I've been developing stuff in Python for a decade and a half a this point.