So I want to beat a particular #cybersecurity drum that drives me crazy. If you read this year-old paper on abandoned S3 buckets, consider all the things that can go wrong. Then reflect on the fact that at all times, every bit of data could have been “encrypted at rest” and “encrypted in transit.” Those 2 security controls amount to very little in the cloud. Encrypt at rest on my phone? My laptop? Of course. The physical theft is a major possibility. Contents of an S3 bucket? Not making any difference.

Think about TLS in this case. The malicious payloads would all come from a valid HTTPS endpoint running state of the art TLS done the right way. You will definitely get exactly the malicious payload that was intended, with minimal chance that a different bad actor could MitM your malware download and cause you to download different malware than the malware you were trying to download.

Encryption in the cloud (at rest or in transit) is not access control.

https://labs.watchtowr.com/8-million-requests-later-we-made-the-solarwinds-supply-chain-attack-look-amateur/

It really bums me out that I keep seeing blog posts from technical people like "putting aside the obvious moral and ethical implications of LLMs, I'm interested in evaluating whether they can be useful for my work."

Like "putting aside the obvious moral and ethical concerns of breaking into my neighbours' houses, I'm interested in evaluating whether this can be useful for acquiring other people's valuables."