> "Had the engineer that acted on that known better, or did other checks, this would have been avoided."
<insert takes long drag tweet[1] here>
I personally find "LLMs can do $THING poorly" and "LLMs can do $THING well" articles kinda boring at this point. But! I'm hopeful that stories like this will shift the industry's focus towards robustness instead of just short-term efficiency. I suspect many decision making and change management processes accidentally benefited from just being a bit slow.
> The job of a code reviewer isn't to review code. It's to figure out how to obsolete their code review comment, that whole class of comment, in all future cases, until you don't need their reviews at all anymore.
Making entire classes of issues effectively impossible is definitely the ideal outcome. But, this feels much more complicated when you consider that trust doesn't always extend beyond the company's wall and you cannot always ignore that fact because the negative outcomes can be external to the company.
What if I, a trusted engineer, run `npm update` at the wrong time and malware makes its way into production and user data is stolen? A mistake to learn from, for sure, but a post-mortem is too late for those users.
I'm certainly not advocating for relying on human checks everywhere, but reasoning about where you crank the trust knob can get very complicated or costly. Occasionally a trustworthy human reviewer can be part of a very reasonable control.
Japanese manufacturing addressed this too! There’s a whole branch of Deming’s work around supply chains and how it’s often worth working with “more expensive” suppliers when their quality is consistently high, because compensating for low quality inputs to your own work is far more expensive.
It’s also the case that someone you trust makes an honest mistake and, for example, gets their laptop stolen and their credentials compromised. I do trust my team, and want that to be the foundation to our relationship, but I also recognize that humans are infallible and having guardrails (eg code review) is beneficial.
Congratulations! Fish is such a wonderful shell. It’s been my daily driver for many years now but I’ve had a renewed appreciation for it now that I’m working in several different development environments.
The default fish install Just Works so well that I don’t bother with trying to schlep my dotfiles around.
While there are compliance/security benefits it is not the primary motivation.
If you have fairly complicated infrastructure it can be way more efficient to have a pool of ready to go beefy EC2 instances on a recent commit of your multi-GB git repo instead of having to run everything on a laptop.
Most interesting e2e projects have abandoned email, specifically SMTP, as a secure messaging platform. I would look outside SMTP-based solutions if I were to start using a different project (assuming doing so is an option... I hope it is!).
A big problem is that a lot of this is driven less by people who have a genuine need for encrypted communication and more by people who want one on principle. And the latter tend to include the people who are more likely to try The Next New Thing.
And it also makes sense. A lot of these services are from companies that need to make money. And there isn't much money in the journalists and dissidents who don't have a bespoke solution.
Signal is nice, and I use it. But it's an instant messaging system. Email has different use cases.
I think what we're going to need is a new, non-SMTP protocol, which preserves all of the good things about email, while providing e2e encryption and (pseudonymous) identity assurance. I don't know enough to be involved in designing that protocol, though, other than saying what I want to see as an end-user.
pond has interesting properties, I think the next generation mail will have to implement some of those ideas.
and Signal/WhatsApp comes to replace (and kill) xmpp, not email. Another issue is the generational shift away from email, that is only for Spam and Work, more and more everytime...
Cross-platform (Chrome web-apps don't count), Federated, Distributed, to name a few. The reason email is so entrenched is probably because of these reasons entirely. Being able to send a message from any provider to any provider certainly helped spread adoption easily.
There are protocol properties, and client properties. I think some of both are important.
### Protocol
* Easily federated
* Identifiers can be memorable/meaningful (unlike phone numbers) while still being globally unique (thanks to federation)
* Device independent (not tied to a phone number, can generally use the same account on different devices)
* Can contact people you don't know/haven't met (this is possible with Signal, but they'd have to publicly share their personal cell phone number, which is a no-go).
### Client
* Optimized for longer-form, less immediate messaging (folders, drafts, rich text)
* MIME attachments (Signal supports only a limited number of predefined types of attachments)
I feel like you could probably layer an email-equivalent on top of Matrix, but I'm not 100% sure about that.
The author of the article mentions Signal as well, but how do you handle communication from a laptop or desktop computer and/or with people who don't own an Android or IOS smartphone?
Signal does have a desktop application. I believe you can also register a Signal account using a phone number from a service like Twilio. I'm not 100% sure that will work with Signal desktop though.
Signal in a chrome app can pair to signal on android/IOS. But I don't believe you can use chrome only. The chrome app just waits for you to pair with a phone and can't send/receive messages until you do so.
Praetorian | Security Engineer | Austin, Texas | REMOTE (For principal and staff positions)
Praetorian is different. We are a collective of highly-technical engineers focused on helping our clients solve their most difficult security problems. Rather than break things over and over, our goal is to have an actual impact in making the world a better place. 100% privately owned and self-funded, we are focused on doing the right thing over short term profits. Where other companies pay lip service to vision statements and principles, we are unwaveringly guided by our core values, which are:
* Put the client first - Everything else will work out.
* Enjoy the work you do - Passion eats education and experience for breakfast.
* Be humble - True significance is only achieved as a team.
* Embrace the wobble - There is existential urgency to our work. We need to move and adapt quickly.
* Walk with a swagger - Relish the new challenge.
* Default to open - The right decision is in the data. Share all of it.
* Orient to action - Do not wait to be directed. Engage.
* Performance matters - We are a small company intent on doing big things. Every individual effort counts.
* Stop evil - Our mission is to make the world a safer and more secure place.
* Make craters - Our time on this earth is short. Leave an impact.
Although small, we are growing rapidly, with 50% YOY growth for the past three years. That growth is based on fantastic clients and their support. Our annual net promoter score is consistently over 80%. By comparison, Apple is typically in the mid 70s, and Amazon is usually in the high 60s.
We are looking for experienced engineers that share our values. We offer our staff a generous benefits package, including:
<insert takes long drag tweet[1] here>
I personally find "LLMs can do $THING poorly" and "LLMs can do $THING well" articles kinda boring at this point. But! I'm hopeful that stories like this will shift the industry's focus towards robustness instead of just short-term efficiency. I suspect many decision making and change management processes accidentally benefited from just being a bit slow.
[1] https://waffles.fun/amy.png
reply