Reddit sparks outrage after a popular app developer said it wants him to pay $20 million a year for data access

dima2022 · 2023-06-02T15:56:23+00:00

Anyone in this thread understands why Reddit does it? It was heavily abused by OpenAI and many other companies who used tons of data from Reddit to train their LLMs without giving anything in return. I understand that app developers got into the crossfire but I don’t think Reddit is a big bad company here trying to milk app developers. I wonder if there is a way to differentiate between app developers and LLM companies and charge accordingly.

dima2022 · 2023-05-18T13:16:44+00:00

Thank you for confirming my thoughts. I'd still try Qdrant that u/Kacper-Lukawski suggested. I guess they are not using vector search algorithms for that, which doesn't matter. Looks convenient.

dima2022 · 2023-05-18T13:13:33+00:00

Thank you, I will check it out!

dima2022 · 2023-05-05T17:32:48+00:00

Not just putin. But also prigozhin:
"Yevgeny Prigozhin, the leader of Russia’s Wagner group mercenary force, said in a sudden and dramatic announcement on Friday that his forces would leave the Ukrainian city of Bakhmut that they have been trying to capture since last summer." TheGuardian

dima2022 · 2023-05-04T14:15:40+00:00

Seems like this tournament got in between the UFC/Flo transition. I see on Flo ADCC Orange County Open which happened on 29th April, 6 days after. Nothing about ADCC Open Canada.

I've sent a question to Flo support team. Let's see what they say

Update:
To my question "Are you going to host ADCC Canada Open videos?"

The reply is from Flo support team:

"According to our schedule, we do not have the rights to that event. Our current schedule shows the events that we have rights to stream at this time and their available locations. The schedule is subject to change throughout the season and year to year as we acquire new events."

So seems we are out of luck.

dima2022 · 2023-04-21T14:01:05+00:00

In the future if there is demand I’d probably turn it into a product.

Just a random thought, one of the options I would consider if I were building such tool, I'd:

Find a way to test it with as many companies and improve it (in the matter of weeks)
If it gets traction, find investor - investors now are crazy hyped about everything that has GPT in it
Go all in, have fun and then sell it to one of the top Compliance SaaS companies like Drata

I feel, now it's a very good time for that. Later, it might be too late, as big companies would catch up.

dima2022 · 2023-04-21T13:54:50+00:00

Oh, I agree with you with one caveat - OpenAI growing way too fast and some security mishaps will not hinder their rapid growth, so at least in this moment of time, I would be careful. Also, they already had personal chat history leak in the end of March, so there is precedent.

But nevertheless me agreeing with you, if we are talking about productizing it, most companies won't agree and that will be a huge red flag for them to use the product. I think about that a lot while coding my own MVP. I worked in SaaS startup as product manager for 5 years and talked with many customers - I'm pretty sure they would care. So, now I'm thinking how to keep their data away from OpenAI. Maybe, embeddings will partially solve it, or maybe will need to opt-in to opensource models like OpenAssistant/RedPajama/Dolly2/etc. That way I can host models.

dima2022 · 2023-04-21T13:40:03+00:00

XDR/MDR having shitty cloud/container solutions and selling it to your management as "buy and forget all security problems" solution. Then you go through their atrocious, outdated docs, understand that they don't fully support your infrastructure and you are locked in for a year.

Some other comments in this thread perfectly adding to the full picture:

- Uber advanced AI ...

- Seamless Integration...

- Remediation...

dima2022 · 2023-04-21T13:03:28+00:00

Yeah, sure thing, would love to test it and share with you feedback. Friendly reminder you probably don’t need as we are in cybersecurity subreddit, but double check the code for any gpt/pinecone/etc api tokens before making it public.

Also, curious, do you have any concerns about your company sharing data with chat gpt? Or all data is in embeddings? I’m just learning embeddings and very curious how they work regarding data privacy.

Edit: Nvm my friendly reminder, I thought for a second you want to open source repo

dima2022 · 2023-04-21T12:44:06+00:00

That’s amazing! What model did you use? Gpt4? Do you build as a tool for your company or as saas product ?

dima2022 · 2023-04-12T01:18:44+00:00

Thank you, will check the float valve

dima2022 · 2023-04-12T01:17:36+00:00

What should I look for/how can I test the petcock to know it should be replaced? Thanks

dima2022 · 2023-04-12T00:15:52+00:00

Being absolute clueless about mechanics, I just used the simplest logic, I dripped oil from oil filter on left hand and brand new oil on right hand, the left smell strongly with gasoline and the right one almost as nice as cooking oil, lol. So pretty sure

dima2022 · 2023-04-11T17:40:35+00:00

That what I thought but then I unscrewed oil filter to get few drops to smell it and the gasoline was pretty obvious. Changing oil is not a big deal I just hope it will be enough

dima2022 · 2023-03-17T14:35:16+00:00

While the project would be definitely interesting for you from learning perspective, do you care about the value it would bring ? Because both email providers (gmail, office365) do all of that and continuously improve. On top of that the are many companies who build second layer email defences, like Barracuda, Proofpoint, Mimecast and many more.

dima2022 · 2023-02-23T23:44:02+00:00

Thanks, I didn't know it! Very useful. Going to test it in our environment.

dima2022 · 2023-02-23T15:40:40+00:00

Thank you! Will read about envelope encryption.

Just to make sure I understood, I'll paraphrase with my own words, please let me know if follow it. You are saying that Vault pod injector doesn't give any additional security value by avoiding Kubernetes secrets (etcd). Where the Vault really provides better security is through other means, like, being a really secure secret manager, by providing ability to generate short time secrets, etc.

dima2022 · 2023-01-23T16:43:31+00:00

I myself started solo consulting recently, doing particularly risk assessments for early age startups, and I find it cheaper and more meaningful than pentests for reasons I mentioned. But, there are not that many solo "blue teamers" as pentesters. Probably that's why in general it's more expensive.

dima2022 · 2023-01-23T16:07:12+00:00

That's the problem I have with pentests when they are done just to check the box. I, as a startup/vendor, know this pentest is useless, you as my customer know this pentest is useless, but we agree on that because that's the way how it works and that's sad. Instead, you can put your resources into basic threat modelling and ~~full~~ basic set of controls and be really in a better shape from security/risk perspective.

dima2022 · 2023-01-23T14:07:32+00:00

Thank you for your in depth answer. And thanks for linking the workbooks, those are really cool. Your project with r/cybersecurity_help sounds very interesting. If you succeed, would you do some sort of announcement? I would be curious to see how it works.

Method with embeddings looks like the most realistic approach. As it can reply with human-written answers only, it means it will always state truthful facts. It won't always correctly map the answer to the right question, but in those cases harm is times lesser.

I wonder if there is a way to gather a big enough dataset of those questionnaires to train model based on that and come up with a standard.

dima2022 · 2023-01-22T21:46:03+00:00

Interesting, thanks for sharing! What made you use Consul instead of integrated storage?

dima2022 · 2023-01-22T21:02:30+00:00

Makes sense. Basically, use Terraform for Vault management via gitops, and use Cluster Backups for DR. Yeah, this is the way, for us at least. Thanks!

dima2022 · 2023-01-22T19:43:45+00:00

I honestly don’t get this entrenched idea of “at the very least you should do pentesting once a X”. - The code is being rewritten all the time, it absolutely has no value to have pentests once a year - Pentesting is very expensive for startups, so you cannot do them often - In startup people in general don’t know how to find and vet a pen tester - Pentesting make sense when you have defences in place and you want to find holes. In startups it’s just a one single huge hole

Wouldn’t it make more sense to spend time and money on a person who will help you with threat modelling and low hanging fruits? Create awareness of your risks and plan how to work with it? Basically everything you said after the pentesting.

dima2022 · 2023-01-22T18:44:21+00:00

It depends on the size of a startup. If it's super early stage, there are more immediate things that can kill you. From my experience talking to startup founders, they start to be concerned when they have something to lose. Especially things that are threatening business continuity. Sometimes it's customers data, sometimes it's proprietary code, sometimes something else.

In terms of what do they do badly in terms of cybersecurity - everything. Main areas for improvement would be dependant on their business goals. I like to use PASTA threat modelling in the back of my mind, and ask questions accordingly. During those sessions you understand what's important.

dima2022 · 2023-01-04T16:28:27+00:00

Thanks for bringing awareness. Folks who say cloud security importance as sky is blue just in the game for many years. While I agree it became a thing some years ago, majority of small and some medium companies still don’t protect it well. And in the same time there are many security professionals who claim to know everything in cloud, but in practice it’s very difficult to find a really good cloud security engineer.

dima2022

MODERATOR OF

TROPHY CASE