I feel really sorry for the developer. I've only been a casual observer, but from my view point the community's reaction was... not great, to put it lightly.
I get that a lot of us are tired of 'AI' being shoved down our throat at every possible turn. I get that a lot of us have privacy concerns. I get that maybe you don't want it in your terminal emulator.
But iTerm is a free (both as in gratis and as in libre) open source project. The developer released a feature that they were probably happy and excited about. It was off by default and didn't siphon data or do anything malicious. And a ton of reactions were as if iTerm had just added the devil incarnate or attacked people personally.
Disliking the feature is fine. Voicing your concerns and feedback is fine. But it should always be gracious and in good faith. I think this is a good change, if only to pacify the masses, and I applaud the developer for taking these steps, but I don't like how we got here.
EDIT: gnachman, if you're reading this, thank you for your tireless work on iTerm. It serves me extremely well whenever I'm on macOS and holds a special place in my heart. I bought a MacBook in 2013 and it was the first *nix system that I daily drove as a desktop for a long time. I installed iTerm 2 in my first week and it was a constant companion for many years.
> EDIT: gnachman, if you're reading this, thank you for your tireless work on iTerm. It serves me extremely well whenever I'm on macOS and holds a special place in my heart. I bought a MacBook in 2013 and it was the first *nix system that I daily drove as a desktop for a long time. I installed iTerm 2 in my first week and it was a constant companion for many years.
I'd like to second this. I had to move to a mac for a bunch of reasons that I wasn't super thrilled with and iTerm2 was one of the first things I installed. It made the transition much more bearable and the system just that much more comfortable overall.
I'm sorry that people didn't take kindly to this feature. For what it's worth, I find myself wishing that `Konsole` had a plugin on the side that would allow me to interact with chatGPT and the like. If I ever end up back on a mac full time, I'll (probably) be a happy user of this new function!
I wonder if a lot of the heated discussion is purely an emotional reaction to be hit with "AI feature onboarding" immediately after a normally-drama-free terminal emulator software update. If they had gone with a much more low-key way of notifying users of the feature, maybe folks would be more reasonable.
Not that I blame the maintainers for using the approach they did, though! Usually you do want to be super obvious about new things.
I suspect a lot of it isn't just this feature in itself, but the overall fatigue of having it shoe-horned in everywhere. I recently had to replace the Logitech software for our mice with the (hidden in a kbase) offline version because they'd added AI to what's essentially a mouse driver - two weeks later it pops up in my terminal.
I think for most people, it's not any one mole that's the problem, it's the overall game of whac-a-mole.
The rage was obviously premature, but to give the ragers the benefit of the doubt, maybe it was in anticipation of the all-too-common "You'll get over it"[1] stance that actually didn't end up happening this time. I can totally understand users' frustration with software in general these days, where developers keep cramming in unwanted features, with an "Eat it--it's good for you" attitude. This particular maintainer did not have this attitude, but it's so common as to be expected now.
Whenever any software I use changes anymore, I instinctively expect it to get worse because the developer chose to add something unwanted. It's a sad state for software in general.
> I wonder if a lot of the heated discussion is purely an emotional reaction to be hit with "AI feature onboarding"
It's most likely the reason. Everybody wants to ride the hype wave with AI just like they did with NFTs, dApps, Web3, and so on and people are tired of it.
I'm not for or against AI if we can even call LLMs AI, but I genuinely can't find a use case for an AI prompt in a terminal emulator app. I know it's open-source and I can "take it or leave it", but this feature addition to me seems more like hype than anything else.
> I think this is a good change, if only to pacify the masses
It has nothing to do with "pacifying the masses" and everything to do it with being the right product decision to make. It should never have been added to core and should have been offered as a 100% optional add-on in the first place. People had every right to be deeply upset.
We run into this problem constantly with cloud software where we have zero control over what features they add (aka AI) and often there's no way to opt-out. Thankfully we can expect better from a locally-executing open source terminal app.
> It has nothing to do with "pacifying the masses" and everything to do it with being the right product decision to make. It should never have been added to core and should have been offered as a 100% optional add-on in the first place. People had every right to be deeply upset.
I should not be surprised really, but it is amazing how vehemently anti-AI some people are becoming. It is interesting that it is already creating such divides and rifts. Almost as if all those sci-fi writers predicting the upcoming AI schisms were surprisingly accurate.
While the AI feature wasn't as intrusive as Windows & Microsoft has been, I am glad developers protested a force AI adoption. And also somewhat successful. Only wish enterprise CXO to know where to adopt and where not.
Probably wasn't from a bad faith comment, but what exactly the post you replied to said. Local LLM is an exciting tech and the author probably thought it was cool to add to his free thing he gives away.
It's been in beta for a year. There's been plenty of community discussion in that time, mostly around testing the feature. It was only after the release that all this outrage happened.
Because it is a legitimately useful feature? I've already used it multiple times just today.
It isn't much different than the Github Copilot CLI feature `gh copilot suggest "how do I do X?"`. It actually has a better user experience IMHO. You get to see and edit the suggestion quickly and easily. It's always just a cmd+y away too.
> why did the developer decide to add the feature in the first place? Was it community feedback or some other mechanism that inspired this choice?
You're moving the goalposts and again putting the developer in a position where they have to justify themselves. Which they don't. As GP puts it: "But iTerm is a free (both as in gratis and as in libre) open source project. The developer released a feature that they were probably happy and excited about."
> putting the developer in a position where they have to justify themselves
I'm putting those who offer criticism of the community at large in a position to justify why they're surprised by the outcome.
> The developer released a feature that they were probably happy and excited about.
Then they should ignore the criticism. If you want to build what your heart desires there is nothing stopping you.
If you expect the community who uses your software to uncritically accept what you've done and offer no negative feedback then the fact you've given it away for free (while at the same time accepting sponsorship money) is not a valid position to take.
> I'm putting those who offer criticism of the community at large in a position to justify why they're surprised by the outcome.
I'm not surprised. I'm disappointed.
> If you expect the community who uses your software to uncritically accept what you've done and offer no negative feedback [...]
My point isn't that there shouldn't be feedback. Feedback is important, both positive and negative, especially if it's constructive. But you can and should (and this is really my point) present negative feedback in a manner that is respectful of the project and the developers. It doesn't need to be unkind.
Take this exchange, for example. We may disagree, you may dislike my arguments and I may dislike yours, but we're having a civil discussion. This is healthy. Some of the feedback in relation to this feature on the other hand wasn't in good faith and wasn't civil. There have been allegations of covert data collection, personal attacks on the developers and vocabulary such as 'piece of crap'. This is the behavior I'm criticizing.
> community's reaction was... not great, to put it lightly.
Perhaps, but it was IMO 100% predictable. You don't go walking in a crime ridden area of a big city waving around a bunch of cash and then be shocked when you get mugged, even when it's legally still not your fault.
The whole drama was pretty silly, and the fact that everyone got upset that a feature that is inactive by default, consumes no processing power, memory or anything else and bullied the author of the open-source program should make everyone unhappy.
This is why open-source maintainers burn out and we can't have nice things. Honestly, people, please consider the human on the other side of the toxic discourse.
Agree - it really speaks to the issues around AI and how wrought that conversation has become. To your point that it is turned of by default - you have to opt in if you want it.
Except that it can be. As was pointed out in the original issue to remove it, the feature is not disabled, it is unconfigured. Put anything in the box for the OpenAI key, valid or not, and the functionality to send data to OpenAI is active. Accidentally put a [space] in that box and it looks like there is nothing there, but it's doing things you didn't expect.
That was the wrong way to do it. The feature should have been disabled with an actual, clear toggle that shows that it is. This blew up in the developers face for a good reason.
You still have to take the action to enable the AI features even if you just have a " " character in that field, no? It doesn't send anything to openAI until you open the prompt for it to do so.
At the moment it appears that way, but that is still the wrong action. An unconfigured field is not a disabled function and there is no way in iTerm to disable the functionality. Also, the 'prompt to use OpenAI' is not OpenAI specific, it is a new button in a previous function that you could use in earlier versions for completely non-openai purposes. There isn't a OpenAI specific prompt area.
If you leave the field empty (open to accident) and you don't press this button in this function that you may use for other things (open to accident) it doesn't send data where you didn't expect it to. This is functionally equivalent to you can accidentally send data you didn't mean to. This is simply prevented with a real toggle to disable the function.
I don't know about you, but I have clicked on things I didn't mean to because I lost where the mouse is, or because I'm giving a window focus again, it is not an accident that doesn't happen.
You can accidentally click on this checkbox you're talking about, then accidentally click on the UI element that opens up the AI prompting mechanism, then accidentally type something in and send it as well. I don't understand this
This is what was claimed was happening. I received multiple warnings that iTerm2 was sending "all terminal interactions" to OpenAI's servers regardless of the absence of an API key. Packet captures showing "exfiltrated" data were represented as proof when those were created with an invalid API key, not a blank API key.
The comment for the change contains a note of bitterness:
> I have two goals in this change:
To allow developers in restrictive but technically incompetent organizations to continue to use iTerm2. That is, they disallow anything that could potentially exfiltrate data, but don't have their act together enough to implement MDM.
So that people who hate AI can feel at ease that no AI will happen by accident without having to dig into the weeds of the implementation.
Those words were definitely written through gritted teeth, but it seems to me he's being very literal. The second point in particular is exactly what the anti-AI-feature people seem to be asking for (and they are reasonable for asking for it).
AI is acting as a catalyst here to get people into flame war mode.
The issue here is the existence of a terminal feature that can send your commands to a 3rd party server.
It could have no AI whatsoever; it is reasonable to not want this in an app that you might paste secret keys into.
Do the people who don’t like this feature have the same standards for ever app they use? Probably not, they’re probably being a little hyperbolic, but it sounds like a reasonable request.
The issue here is the existence of a terminal feature that can send your commands to a 3rd party server.
With not many more characters than are needed for an API key, I could write a script in the very terminal provided by iTerm2 that sends all my commands to a 3rd party server!
are they? their position is basically that they don't trust iterm2 to work properly, but only in regard to this specific setting.
if you don't trust iterm2 to work, don't use it. if you do trust it to work, you should be able to trust that the ai feature that's off by default won't magically turn itself on.
I don't think the issue is lack of trust in iTerm2, it's lack of trust in the corporations who operate the AI services and have very strong (profit) incentives to abuse and/or exploit all data they can collect by any means necessary.
The technology isn't the problem; It's the meatbags weaponizing it in the name of a quick buck who are the problem.
Before this recent flare-up in pro/anti-AI tribalism, I have not regularly been demanded to justify my distrust of a corporation. Suddenly I feel I am demanded to justify my lack of faith in corporations who happen to have some involvement in AI. I shouldn't have to say anything beyond simply gesticulating vaguely in the direction of end-stage capitalism; The problems should be readily apparent.
No, people are saying, don't use the feature if you're not interested. It isn't hard. Don't input an API key. Don't do multiple clicks to show the "Codecierge" toolbox. Don't type in a question for the AI. In future versions, don't install the optional AI plugin. And crucially, don't act the way people did in this saga and be civil. Follow any of that, and you're fine.
You missed the point, or I failed to adequately explain it. I know full well (now, without the intentional disinformation that was being spread earlier) that the feature is entirely disabled without an API key present. I understand that, as things stand right now, the decision of whether or not to engage with OpenAI through iTerm2 is entirely mine.
My point is that I believe the reason people are still repulsed by it to such a high degree is not because they all have some irrational deep-seated hatred of the AI technology, but that they are repulsed by the idea of even accidentally engaging with the OpenAI corporation (who just announced a partnership with News Corp of all things...); They are terrified of some situation in the future where someone comes along with code or packet traces and says "Hey, look at this, OpenAI has all your data anyway, and there's nothing you can do about it but seethe and cope; sucks to be you!"
>but that they are repulsed by the idea of even accidentally engaging with the OpenAI corporation
and this is not a reasonable complaint, or a justifiable reason to demand the removal of features. if you have an emotional reaction to the existence of openAI, that's an issue for you to address yourself, not a reason to demand that other people make changes to free apps you've decided use.
Being unable to see the technical and organizational problems with a baked-in API driven feature that many people don't want is its own form of incompetence.
> To allow developers in restrictive but technically incompetent organizations to continue to use iTerm2
I mean sure it was a brash way of putting it but he's not wrong. I contract with an org that basically shuts off access to anything that is in any way related to AI, we can't even visit the OpenAI website on our computers. If this feature was part of core iTerm2 then 100% they would have banned the use of iTerm.
People really underestimate how much time is available to qualify whether a feature that on paper that sounds problematic is benign or functionally helpless without $XYZ other things by a security team. Saying use MDM to 'fix' it is dev time they might not have, and the only ethical thing they can do is remove the new unknown risks from their list of risks.
Much like your SLAs are not my SLAs your risks are not my risks. iterm2 inserting a mechanism to talk to a new class of component is not a minor change.
So they're going to take away MS Office, Windows, Google and Bing too are they? With iTerm it's not even using AI unless you give it an API key, so the whole thing is a storm in a teacup.
Microsoft knows its customers, and presumably provides a method for enterprises to nuke the 'AI' features. A lot of companies absolutely would not adopt an Office update with mandatory LLM.
Ask yourself: is this really a productive comment?
You've got an open-source author that has put a lot of effort into providing something people can use, for free, and your comment above is the toxicity they get in response?
Are you really helping the world of open-source with this type of response?
A grizzled veteran, bemused at the irrational inanity of the world around him, yet still highly effective, listening to his users, and shipping software used by millions.
I agree, as long as you're not incompetent, I bet he'd be a blast to work with.
Entirely optional features that have a history of not becoming optional anymore in many other applications and quite evidently can easily be installed as a plugin instead.
Further, why in the world would you include a completely optional feature that runs afoul of many companies' software policies? And will be blocked by many companies even if it doesn't run afoul of their policies because nearly every competently run company will inspect software that claims to have AI features to understand the extent of the AI integration, but a significant portion of them will choose not to do that analysis for what's a fairly niche software that not only has many alternatives but is an alternative to an OSX built in feature and would block many of your users from using the application.
Even if you disagree with the ideological dissensions, and even if you disagree with the slippery slope argument, why would you grumble about the practical scenario which would block your users from using the application. Especially when you have a fairly easy alternative of packaging it in a plugin.
apple and microsoft have historically provided ways of turning off features that their corporate customers don't want. I doubt this will be any different.
All this needs was a single checkbox “Disable OpenAI Integration” or codecierge or whatever it’s called. A single, unequivocal “this is not enabled” signal to the user who does not want or cannot what this feature enabled.
I actually worked with George and he is about the nicest person there is. This is not sarcasm or double speak. He really was a great guy to work with.
Now he's spending his free time working almost daily on free, open source gift that is iTerm.
The issue here really is the hysteria of people who complain about it.
It's something you had to configure by entering an API key and it wouldn't do anything if you didn't.
Didn't stop people being wrong about what happens and refusing to accept they were wrong even when it was explained to them they were wrong.
You try to spend your free time providing great software to people, add a useful people and have a stream of ignorant complains and hate rain down on you.
I mean, it's true. The issue was full of people supposedly reporting that iTerm would be banned software because.... ???
I'm not sure what the matrix of organisations is that would ban a sideline feature like this through policy only, and not through technical means like MDN.
This is an unfortunate failure of community engagement. Apparently the feature was in beta for months, but given that most people don't use the beta or follow the development of their terminal emulator, it shouldn't be a surprise that there was pushback after release. Usually when introducing a controversial change, you want to do additional community outreach.
It's also a minor UX failure. The onboarding screens weren't loud enough about the need to provide an API key.
I really feel for the maintainers here. They added a cool thing to their popular-for-a-reason terminal emulator, and (from their perspective) people lost their minds over a misunderstanding or (again, from their perspective) unreasonable expectations.
It seems abundantly clear that people are being overly negative about a feature that realistically has no security concerns (even as originally developed). Many commenters did not even know how the feature worked (assumed all keystrokes were being sent by default, etc...)
One outright said that the feature should be removed because the developer must "stand against OpenAI and the whole "AI" industry."
To me this just seems like a lot of people whining and trying to inject politics and unfounded safety concerns into a good implementation of something that many people like. This is an opt-in feature. It has a separate panel to even interact with it. And you need to provide a valid openai API key to use it.
> I don't care if there's a buried flag that enables or disables this behaviour. I want a binary that doesn't have this capability in it at all.
That's a rather absurd way of approaching the threat model of data exfiltration on a terminal app.
By its very definition a terminal needs the ability to spawn unsandboxed processes and send/receive input from/to them, including processes that have network access. Even if the binary doesn't contain specific logic to do this it could invoke curl, or a variety of other binaries that do, either on purpose or accidentally. In addition, it links against AppKit, which includes NSURLRequest. Is that off-limits too?
If one's this allergic to OpenAI, that even an opt-in feature is a concern, they're better off using a firewall like Little Snitch, or blocking it at the DNS level.
Additionally, if you don't trust the developer with this, why would you trust a binary from them without this feature?
People are making their whole personalities about being anti-AI. I'm personally a mix of skeptical+worried about AI; but at some point just being a reactionary ninny makes people tune out on whether there might be some truth at the core of your concern.
It's an interesting point. I too am deeply skeptical and worried, and I would be concerned people think I am "anti-AI". Which I am not -- not least because it's a sixty-plus-year-old discipline that has a development history that spans long before OpenAI and the current burst of empty calories.
But if there's something I am building into my personality, it is rejecting (and calling out) grift. That is what makes me seethe about this entire big picture. The hype, the cultural parasitism, and the callous, blasé "oh yeah if you're not using this already you're probably fucked" FUD/FOMO shit smoothie that generative-AI people seem entirely too comfortable dishing up.
People who even seem in a hurry to jump on that hype train are going to catch the same side eye.
Re: iTerm2 specifically: I don't use iTerm2. I didn't mind it when I did. I wish the developer luck; terminal apps always need more attention. And in this case I don't think a tickbox to switch something on would trouble me.
But if I really relied on a product, seeing its developer divide attention and start shoehorning in LLM APIs to gain a bit of contemporary relevance would at least slightly bother me.
Like when one of your least rigorous-thinking friends or relatives starts talking to you about some opportunity to do with Ethereum. Not often a positive sign.
(This Gitlab issue is not the silliest overreaction I've seen. At the height of the Apple/Samsung Android lawsuit proxy war, I once saw someone demand in a support thread that Wacom remove some Android connection tools that one or more of their smart tablets were using, because Android was "stolen property" or somesuch obviously Jobsian phrasing.)
Well said and I share the same sentiment. AI is not inherently bad, but the hype and the culture surrounding it most certainly has at least weird if not bad vibes (looking at you r/singularity).
I am fully aware that eventually I will need to engage with it -- not least because I want to be teaching.
But I'm really interested in finding a maximally-ethical way through it all. The MagPi magazine has just started an article series about applications of ethical, non-infringing models and on-device AI, so I think there must be an emerging trend line around that.
Though whenever I see people talking about ethical AI stewardship the debate seems to be about one specific corporation which is run by a guy who launched a "let us scan your iris and we'll give you crypto" business.
> start shoehorning in LLM APIs to gain a bit of contemporary relevance
This claim implies that there's no utilitarian reason for this integration, but I don't think that is true. Shell scripting is notoriously arcane, and conversely LMs are pretty decent at unraveling that. You might notice that there are quite a few comments on the issue where users specifically state that they are using the feature and find it helpful. I was actually mildly skeptical when seeing it show up in the changelog for 3.5.0, but after giving it a try, I think this is exactly the kind of useful AI integration that I'd want to see more of (as opposed to how LLMs are being used most of the time).
I think your reading is fair considering what I actually wrote!
It's just not quite what I had in mind. But what I wrote is still quite scrappy; that line is missing at least an "in general" to broaden that point out beyond iTerm 2 specifically. I need to slow down a bit more.
I don't really agree with you on the LLM side of the equation, and I am bothered by the idea that this is where we're all headed. But where I think this integration is not ridiculous is in doing this at the GUI level.
There is an argument for saying "why isn't this a utility at the remote (shell) end", but of course from the perspective of OpenAI API calls being added to everything and calling out from the command line, that would be worse, because you'd be installing it everywhere.
So if it belongs anywhere (colour me wholly unconvinced) it definitely belongs somewhere within the terminal client itself.
But as I say, I don't use iTerm 2. I did take this opportunity to look at what iTerm 2 offers, out of fairness to the author, and it is obviously an impressive bit of work. Maybe when I find a need for Python scripting like that I'll come back to it.
iTerm is a "kitchen sink" type of app in general. That is, it is definitely a terminal emulator, but it has lots of features, and I doubt that most users use even half of that. So in that sense, if you're using it, you're already at least tacitly accepting that philosophy as valid. So optional LLM integration is not really out of place there in the sense that it would be in a truly minimalist terminal emulator, IMO.
With regard to LLMs, for what it's worth, I'm not suggesting that people use them to routinely drive their shell. This is the kind of stuff that you use very occasionally, when it is time to use that one command that is immensely useful for very specialized things, and which you can never in your life remember the syntax for precisely because it's not something you do every day. The canonical examples there are ffmpeg, ImageMagick, and similar tools.
Remember https://linux.die.net/man/1/cdecl? This is basically like that, just based on tech that allows it to be better generalized.
> This is the kind of stuff that you use very occasionally, when it is time to use that one command that is immensely useful for very specialized things, and which you can never in your life remember the syntax for precisely because it's not something you do every day.
Don't people make notes of that somewhere they can look it up?
I mean, you're not going to use this to generate command line arguments for commands you've never heard of before, you're likely not going to use it for commands whose outputs are crucial or behaviours unsafe, and if you do you're going to need to use your actual knowledge to check it hasn't hallucinated something dangerous before you run it -- which means consulting the manual and doing the work.
I get that man pages are a particularly rich, standardised form of training text, I just don't believe there is as much advantage in asking an LLM.
This is one of those areas where I think people project success onto LLMs where there is none. It's like the songwriting example. Sure it can write a bad song fast, but so can literally anyone half-skilled, and if you want to help it write a good song, you're going to have to redo half the work.
The workflow here is to generate the command line first, then consult the manual to see what exactly it does. Which is much easier than reading the whole thing end-to-end trying to find the exact combination for your needs to begin with.
Luddites are making their whole personalities about being anti-exploitation of labor by capitalists. /s
Love how you just lump everyone who take their time to voice legitimate concerns about the ethical and privacy nightmare that is proprietary generative AI services into a category called "reactionary ninnies".
While I'm sure some comments went overboard, people had every right to be upset about this integration being added to iTerm—even as a configure-to-use-it feature. I'm glad this is being extracted out to a completely separate add-on.
This whole ordeal was absolutely absurd and anyone who commented on that Gitlab thread, here on HN, or on other social media are the biggest bunch of entitled crybabies I've ever seen.
I've said my piece on this many times over the last few days here on HN so I won't repeat myself but if you were one of the people complaining then I want you to know in no uncertain terms that you are what's wrong with open source and you are why people don't want to maintain open source projects, you should really be ashamed of yourselves.
Seriously. It's awful to see people accusing him of jumping on the hype train and making it out as if him adding an AI feature is going to make him any more well known or wealthy. Like how about at least considering that he finds ChatGPT useful for coming up with commands and decided it made sense to integrate it into the sidebar toolbelt where he already has tools like paste history, a notepad, and directory history.
> To allow developers in restrictive but technically incompetent organizations to continue to use iTerm2. That is, they disallow anything that could potentially exfiltrate data, but don't have their act together enough to implement MDM.
> So that people who hate AI can feel at ease that no AI will happen by accident without having to dig into the weeds of the implementation.
Some behind the uproar was acting in extremely bad faith.
People were and still are making claims that the initial implementation can make it easy to accidentally send all of your keystrokes to OpenAI. This is not how the feature works at all. It needs explicit user interaction to use. You open the "Codesierge" toolbox and type in a question, which is a lot of clicks and typing. Yet people are posting on Mastodon and elsewhere that "accidentally" setting the API key to a non-empty value in preferences is enough to make iTerm2 send every keystroke to a third party.
Worse yet, someone pointed out in the GitLab thread that there's a call for violence against the dev by one of the participants. And sure enough, there it was on Mastodon and it's quite horrific.
iTerm2 is a gift. The dev makes his ideal terminal and we can use it if we like it. Feedbacks are fine and from my past experience welcomed, but this is something else entirely.
From reading the linked issue thread, it doesn't sound like this title is correct. The AI feature has not been removed from iTerm2, instead they have created an additional plugin that is required to make the AI features work.
BTW - I'm not complaining about whether AI is included or not, just pointing out that the title is incorrect. Here's the link to the plugin: https://iterm2.com/ai-plugin.html From the description: "It provides necessary functionality for iTerm2 to make network requests."
People claiming that the negative response to OpenAI integration into iTerm is a knee-jerk reaction by a bunch of AI haters I think are missing the point.
a) Putting an LLM into iTerm introduces almost no benefit that I can think of, other than "shiny new technology", and is a waste of time and resources. I've heard some people suggest that putting an AI prompt into the terminal could be helpful for generating commands for difficult applications like FFMpeg, but you can also do the same thing by just asking ChatGPT in your browser and copying/pasting, which is what we've always done
b) More importantly, I absolutely do not want there to be any code in the terminal that writes commands for me or on my behalf. The command line is intimately connected to the OS and has access to every file, environment variable and socket on my system. iTerm just had to patch a bug where its URL handling and link previews was causing a remote code execution, so I would have expected this "feature" to cause security issues in the same way
Terminals are also just a fundamentally conservative application. Shiny new technology has never been a clean fit into terminals. Imagine if iTerm decided to integrate NFTs and crypto, or optionally link your Meta account so you can use your terminal in Virtual Reality, would probably draw a similar negative response.
> you can also do the same thing by just asking ChatGPT in your browser and copying/pasting, which is what we've always done
The whole point of software to reduce this kind of tedious manual work. You can also do the same when writing code instead of using Copilot, for example, yet the latter significantly improves productivity in practice precisely because it's one hotkey away.
> More importantly, I absolutely do not want there to be any code in the terminal that writes commands for me or on my behalf.
Have you actually tried to use this feature? At no point does it submit commands directly to the terminal. It has to be explicitly enabled, for starters, by setting it up with a valid API key or custom server URL. Then you need to activate a specific command to open a textbox where you type in your input. Then you get the result back, and you have to use yet another shortcut to actually run the resulting command.
There's just no way to trigger this stuff accidentally. You have to very deliberately carry out several steps to get to the point where there's any commands being generated at all, much less actually running on your system.
> Imagine if iTerm decided to integrate NFTs and crypto, or optionally link your Meta account so you can use your terminal in Virtual Reality, would probably draw a similar negative response.
Your examples are fundamentally different in that they don't add any clear utility to the core function of the terminal, which is interacting with the shell.
No it doesn’t. It fork/executes the plugin in a different process AND verifies the signature. If an attacker can replace the binary and do things with it, you already have a much larger problem. Even if they do, all it does is pass JSON around, it doesn’t allow you to execute anything from within iTerm (afaik)
> It can be called by any process
It’s not like they were storing your OpenAI API keys in some encrypted format in the first place. If you’re that paranoid, you aren’t gonna be using the AI feature in the first place.
One valid concern I can think of is TCC escalation on MacOS since fork/exec is executed in the context of iTerm. I don’t know if signatures are verified before or after running but the binary probably won’t even run without being signed by a paying Apple Developer anyways.
Edit: commenting on the change, I think it was just fine as is. AI is annoying but it was off by default. Based on the author’s comments, they don’t seem to intend on pushing it in people’s face, just something fun and optional
That guy in general was clearly just trolling. If you go further up, you can see that everyone's mostly happy with the solution to have a separate plugin for this but him. His first reason was that he just didn't want to see the other side win because it makes him "feel like a 2nd class community member." Then he switched his argument to that the new method would "have security concerns," again just to keep the whole thing going. It's terrible that the dev has to deal with this kind of thing.
> I don’t know if signatures are verified before or after running but the binary probably won’t even run without being signed by a paying Apple Developer anyways.
It's before. You can code sign and verify macOS binaries with any certificate you wish, including a self-signed one (useful in case you want your private iTerm fork). Note the plugin should be signed with the same certificate as the iTerm app [1], just using a paid account won't work.
I feel like this developer was treated with the same level of trust (0) that big software companies receive nowadays after repeatedly violating the trust of their users. That may have been unfair, but for him to be this caustic in his response for a bad feature that should have been segmented away via a plugin from the very beginning is a bad look. He jumped on the bandwagon, while not accurately gauging where public sentiment was and got burned.
I'm at least quite glad that he listened and moved it into a separate plugin.
Tangentially related, but Warp (another terminal) also integrated AI. Looks like they recently turned on quota for free users as I started hitting a paywall.
I've immediately uninstalled it as there is no way to disable it.
It was never really a case of "AI shoved down our throats" anyways. People just assumed it was and got their pitchforks and torches out. The feature was always opt-in. I'm sorry gnachman had to endure this nonsense.
Outside this bubble here, AI (in its most recent form) is pretty unpopular. No one wants a tool they like to be associated with this just like it would be annoying to start seeing ads in it.
>Outside this bubble here, AI (in its most recent form) is pretty unpopular
Funny because I experience the exact opposite. I see HN extremely negative about anything AI related while my personal acquaintance are excited and enjoying in their apps and tools they use
Ehhh...I can see how people interpreted it this way based on the way the onboarding screens looked. It was very jarring to open up my terminal one day and be greeted by yEt AnOtHeR gReAt Ai FeAtUrE. I imagine that emotional reaction is fueling the discourse quite a bit.
I'm not an iTerm2 user and the attitude of the developer in the response has certainly convinced me to never become one. I understand open source developers get burnt out, particularly with backlash from demanding users who contribute nothing in return, but the contempt for users with very valid concerns about AI and data leaks is not a healthy sign.
Their concerns aren't really valid. It's an entirely optional feature. There is no functional difference between being in the core and being a plugin. Someone who wants to violate exfiltration policies can still do so with maybe one extra step.
On a technical level there is no relevant difference but on a social level there well is, in my opinion.
The expectation is that plugins need to be activated explicitly and that do not get installed or activated automatically. Even stronger, a common impression about plugins is, that they are often a pain to install and get working. I know that this expectation has been violated occasionally in one form or another but I doubt that many people are aware of that or could even come up with examples.
Built-in features on the other hand are completely different. The usual experience is they get moved around, enabled, disabled willy nilly without notification or consent with every (unrelated) update. iTerm2 is not like that and George has done a fantastic job to build a ton of trust over decades, but I don't blame anyone not knowing that and being cautious.
I completely agree. We often forget it's not always about the technical details of the implementation. Its about the attitude of developers and their relationship with their users and those users expectations. Users are 100% correct to be skeptical or even worried when they hear "AI integration". Putting it into the "core" makes a clear statement about the projects intentions. The developer recognizes this by saying the plugin change was to put people "at ease".
The developer did listen and came up with a change. All the while enduring insults, threats, and lies directed at him in the GitLab thread and all over the internet. Yet you attack him [*] for being slightly emotional in his response this one time? Wow.
Speaking of attitude, iTerm2 is a gift, and some users (or maybe even non-users) appear to be in need of a reminding.
Right, there's no functional difference, but there certainly is a social and organizational difference: if a feature is provided as a plug-in, it makes it somewhat more difficult (and, importantly, clearly signals to the user that this is the case) for default-off to turn into default-on, or for optional to turn into required, neither of which is unheard of in modern software development.
> the attitude of the developer in the response has certainly convinced me to never become one
If you are a Mac user and not using (or at least considering) iTerm2, you are doing yourself a disservice. It is by far the best terminal emulator available and runs circles around the built-in option.
If you are a not a Mac user, then the entire discussion is moot either way.
Thanks for the recommendations! I checked them both out, but for me iTerm is still a better fit. I think of my Mac terminal as my viewer into the lower level, and not as the lower level, and the batteries-included approach that iTerm takes (e.g. having a UI for manipulating the settings file) is better aligned with that view.
FWIW, they both seem extremely performant and would probably be a great fit if I daily-drove Linux.
I'm not quite sure what a UI to configure the terminal has to do with being a "viewer into the lower level" since they both run the system zsh and give the same output.
It sounds like it's more about the extra features being included than the "batteries". What features does a terminal emulator need other than "lets a user enter stdin and displays stdout/err"?
Nothing in the comment seems like a "joke" to me. It reads as bitter and condescending and based on the responses here I am not the only one to interpret it that way. That's not the kind of project I'd want to depend on.
I think the root of this issue here is trust and control. I work for a company with a restrictive IT department. It's not "overly-restrictive" because the data with we work with is sensitive. Banning all AI enabled products, which my company did, is absolutely the logical and safe thing to do. (We have self hosted hosted AI solutions and limited GitHub CoPilot access now.)
I'm not an iTerm2 user and only learned about it during this controversy. I was actually interested in using it aside from the AI stuff, and plan on trying it as my primary terminal emulator after the developer's actions.
I get that a lot of us are tired of 'AI' being shoved down our throat at every possible turn. I get that a lot of us have privacy concerns. I get that maybe you don't want it in your terminal emulator.
But iTerm is a free (both as in gratis and as in libre) open source project. The developer released a feature that they were probably happy and excited about. It was off by default and didn't siphon data or do anything malicious. And a ton of reactions were as if iTerm had just added the devil incarnate or attacked people personally.
Disliking the feature is fine. Voicing your concerns and feedback is fine. But it should always be gracious and in good faith. I think this is a good change, if only to pacify the masses, and I applaud the developer for taking these steps, but I don't like how we got here.
EDIT: gnachman, if you're reading this, thank you for your tireless work on iTerm. It serves me extremely well whenever I'm on macOS and holds a special place in my heart. I bought a MacBook in 2013 and it was the first *nix system that I daily drove as a desktop for a long time. I installed iTerm 2 in my first week and it was a constant companion for many years.