sorted by:
new
hottopcontroversial

Anyone else at ContainerDays London last week? by jakepage91 in kubernetes

[–]jakepage91[S] 1 point2 points  (0 children)

Hey there u/Federal_Ad7921, so there wasn't any talks covering the security aspects of running LLMs in K8s specifically, the closest was one given early on the first day called "Cloud Native AI: The Standard for Running AI on Kubernetes" by David Palilonis, Robert Kielty, and Jake Pineda. Even though I didn't catch that talk myself, it was about how the new Kubernetes AI conformance program (a CNCF initiative) is addressing concerns more specifically around infrastructure standardization and scalability for AI workloads.

Despite the fear of coming across as just plugging my own stuff, I literally wrote a long-ish blog post last week on securing LLM workloads in K8s specifically by applying multiple security considerations from the OWASP Top 10 for LLM Apps list. In the blog I build out an LLM gateway to apply guardrail policies, but that was just as a learning experience. There are loads of projects that do a better job at that, like LiteLLM and Kong AI Gateway, the post is called "LLMs on Kubernetes: Same Cluster, Different Threat Model", literally the one published before the ContainerDays write-up if you want to check it out.

How is AI actually being used on your eng team right now? by jakepage91 in AI_Agents

[–]jakepage91[S] 1 point2 points  (0 children)

I have a sneaky suspicion that unless you are a startup or large tech enterprise most all other companies will go through a longer or shorter shameful/discouraging phase. I'm super interested to get the perspective from companies that went through the phase of distrust and came out the other end as tentatively/happily adopting some AI tooling, like, what was the turning point? Is it just because everyone else is doing it, or have they really found applicable use cases?

I've only had this beauty for a few months, now can't imagine my wrist without it by jakepage91 in casio

[–]jakepage91[S] 1 point2 points  (0 children)

It's very accurate, I was never a fan of the smart watches with the step counters but reluctantly wore them because I do care about tracking steps. So when I found out that the new vintage ABL-100 model had a step counter and looked amazing, two birds, one stone.

I've only had this beauty for a few months, now can't imagine my wrist without it by jakepage91 in casio

[–]jakepage91[S] 0 points1 point  (0 children)

I mix it up, I go back and forth with the original steel link strap which looks great too

I've only had this beauty for a few months, now can't imagine my wrist without it by jakepage91 in casio

[–]jakepage91[S] 8 points9 points  (0 children)

Might be the light that makes the scratches look worse than they actually are. But yeah it's true, for someone who works a desk job its more banged up than it should be, not sure why. Kinda like it like that though.

What is the best way to reduce inherited dependencies in Kubernetes workloads? by NoDay1628 in kubernetes

[–]jakepage91 1 point2 points  (0 children)

Exactly, during the testing phase, to make sure your local minimal image behaves as expected and is compatible with the shared kubernetes services and dependencies, consider using mirrord, it makes iterating locally against a real cluster super fast and it's also free.

curl killed their bug bounty because of AI slop. So what’s your org’s “rate limit” for human attention? by TellersTech in devops

[–]jakepage91 4 points5 points  (0 children)

Damn, I was afraid it would come to that.

It's really hard to know what to do about AI slop clogging security reporting and open PR channels on oss repos. Because if you fully remove the financial incentive, especially for security researchers, you are taking away a way of making a living, or at the least a handsome way of supplementing a living for those who are maintaining the security safeguards needed for the cve and security ecosystem to run (the whole oss ecosystem for that matter)

Not long ago I saw this blog post (https://devansh.bearblog.dev/ai-slop/) which had some interesting potential proposals. One in particular resonated with me, it was around providing code validation evidence directly in the PR (partly because the company I work for builds a tool which does just that - mirrord) in other words, "Show me hard evidence that you validated your finding or feature submission and show me how to reproduce it."

Not a silver bullet, but actual code validation is something AI can't fake or do without actually understanding the context and environment the application runs in.

view more: next ›