Ludic 🧛Great news everyone! I finally talk about AI hype. Someone finally mentioned LLMs one time too many, and the reckoning is upon us:
https://ludic.mataroa.blog/blog/i-will-fucking-piledrive-you-if-you-mention-ai-again/
Tindra@ludicity as someone in cybersecurity, I can say that you are correct that zero trust has meaning, but that meaning is not how people who develop products treat it.
@TindrasGrove Good to know! It's interesting because I really am not a sophisticated actor in the security space, but it's still quite obvious when some people are full of it. Although, of course, I'm sure slightly more savvy grifters sneak past my detectors.
@ludicity I think there’s some significant overlap in our fields (especially when it comes to who is actually using the not-snake-oil), so there’s some amount of transferability in BS detection skills.
Last week I went to a local data analytics conference, and the talk I got the most out of was the one person who said “you don’t need AI for any of this!!”
Jamie Gaskins@TindrasGrove @ludicity Gonna have to add it to my list, then
Jamie Gaskins (@[email protected])
@[email protected] I hate how, as soon as a word/phrase is taken seriously, its meaning is twisted. Agile: I Can't Believe It's Not Waterfall™ DevOps: the people we throw our code over the wall to SRE: wrong DevOps with new vocabulary (the definitions are the same, we just changed the names) Monitoring: alerting Alerting: posting to a Slack channel nobody's watching TDD: there are tests in the repo MVC: my app has 3 parts
@TindrasGrove @jamie I just spoke to my brother (read team supernerd) and asked him to explain ZT, as I got many, many emails about it and some disagreed with each other.
Within 30 seconds I said "Wait, so it's a philosophy, not a feature".
I literally just do databases and it's obvious, what the hell are all these dweebs learning?
@ludicity @TindrasGrove Databases definitely have fewer disagreement in definitions (and arbitrary definitions are pretty rare) because SQL is standardized but they aren’t immune to it, either.
For example, SERIALIZABLE transaction isolation means different things in Postgres and MySQL. And some of MySQL’s consistency guarantees are only truly guaranteed up to some level of write throughput to a given table. It’s wild out there.
@jamie @TindrasGrove Hm, I should do some deep dives. I've been meaning to crack open The Art of Postgres.
At least one email I received was from someone who was very, very confidently wrong though on ZT.
@ludicity @TindrasGrove I have no doubt. Arbitrary definitions are rampant in security because almost nobody has sufficient experience to check them.
@ludicity @TindrasGrove More to your point, though, people often do what they’re incentivized to do. If using some terminology is better for them on a metric that they care about, they may use it even if it’s not accurate. That catches on because other people do the same and many care about the same metrics.
It’s really easy to tell who’s full of it because they try to sell ZT as a product, not as an architectural philosophy.
They *want* it to be a product, because it’s possible to “achieve” implementing a product. You can’t “achieve” a philosophy. You just improve your process, incrementally, for ever and ever.