I just read a tech "policy" document of one of the largest packaged food makers in Mexico. They explicitly say they ONLY use paid services/software to ensure there is liability and support.
There are A Lot of businesses thar are happy to burn cash for a false sense of security. They don't know better.
> They explicitly say they ONLY use paid services/software to ensure there is liability and support.
Hahahahaha. Yes, by all means, call IBM or Oracle and ask them to compensate you for downtime. Support, sure, of a sort. If you throw enough money at them, you'll get an answer from them in an arbitrarily short time frame.
I would love to see a "distributed LLM" system, where people can easily setup a system to perform a "piece" of a "mega model" inference or training. Kind of like SETI@home but for an open LLM (like https://github.com/evilsocket/cake but massive )
Ideally if you "participate" in the network, you would get "credits" to use it proportionally to how much GPU power you have provided to the network. Or if you can't, then buy credits (payment would be distributed as credits to other participants).
That way we could build huge LLMs that area really open and are not owned by any network.
I would LOVE to participate in building that as well.
I've done a mix of SOC2, ISO27001 and PCI L1 for 3 different startups. 2 of them b2b. All certified 100% and fully compliant.
The problem with the current frameworks is that the "controls" are so asinine and auditors so hard headed, that getting certified becomes a matter of "checking the box" .
Particularly most of those frameworks REQUIRE maintaining so much paper red tape that make a 10 person startup want to kill themselves. And in addition the costs are stupid high for startups that are just "starting up".
On the flip side, how many large companies have we seen that have all the SOCs, ISOS and whatnot certifications, and they get pwn3d and their data stolen or exposed.
It tells you that a place being certified doesn't guarantee shit.
The reality is that large companies ask for certs as a CYA mechanism: the "security" department of LargeCo, asks for the compliance cert so that when shit hits the fan, they can say "not my fault, they told me they were compliant"
The good thing is that with the new Bullshit generators (llm) this certifification/compliance process will collapse.
Well, yes, but that's the point of many contracts, they are often designed to shift risk to parties that are better equipped to handle those risks. We run our app on GCP because as a 20 person company I don't want to be responsible for physical security and a million other risks.
With ISO27001 or SOC 2, I have more information about the other party's ability to manage those risks than just taking their word for it. I'm trusting a third party auditor to vouch for them.
Fraud undermines all kinds of relationships and yes LLMs make it worse. The last job we opened I got hundreds of perfect cover letters asserting the candidates met all of the criteria. Bah.
My perhaps naive hope is that a few of these companies involved will face criminal fraud charges and we will start to develop new reflexes as a society that just bc LLMs making lying very very easy, there are still consequences.
The standards are very sensible. If you can't be bothered to provide even simple evidence that your employees are using basic harddrive encryption, use password managers, and your product has backup in place, I don't want to do business with you.
And Delve isn't an auditor. Though they were apparently in cohoots with equally criminal third party auditors. So I guess I'm going to be looking more closely at just exactly who exactly are auditing our vendors in the future...
X11 was started in 1984 in MIT. That means, when Wayland was first conceived in 2008, there had been 24 years of X development.
I guess Kristian grossly underestimated the effort required to write a full features Display manager.
FWIW, innmy career the times I've had to perform very impactful changes in software, I always start from the current codebase and remove/simplify stuff.
As an example, once I was in a company that had built a huge Ruby monolith which was not scaling at all. It had APIs for everything, including "high frequency trading" in the same codebase server, under a METAL aws instance (that's how they scaled).
What we did initially was simply copy the repo N times (sign up, compliance, risk, trading, etc), spin up an copies of the same server and use a balancer to route APIs to the different boxes.
Then we started removing unused stuff from each of the repository to specialize them. Fiinally we simplified complexity on each separate codebase.
They started saying "let's rewrite from scratch, X is too complicated "; 17 years later, they have realized the reasons for all the complexity that was written during 25 years (1984 by MIT).
I guess in around 8 years we will have 2 implementations of X.
Indeed. Clean sheets of paper don’t stay clean very long in the real world. That said, in the manner of “plan to throw one away,” we can learn from our mistakes and do better the next time around. Though perhaps X10 was the one that got thrown away before X11.
Or lucky! I had a great time during mine because my advisory was amazing. However, my cohort mates, many of whom I'd say are much smarter/intelligent than I, got stuck with terrible mentors.
My LinkedIn was full of people opening for work. Pretty sad.
reply