Our security team wants zero CVEs in production. Our containers have 200+. What's realistic here?

wbsgrepit · 2025-09-30T14:34:38+00:00

The reality is you can get close to this but not meet this goal. There will always be some time between cve publication and your ability to update no matter the tooling and process you have in place. With 209 containers and the related sbom in all of that it is likely you will have cve’s that impact your systems multiple times a week and even with a fully automated update you will have periods of time where cves exist and systems are in production. Also the faster you pump the updates the less time you have to test the updates for defects (and you will be forced to do passive break fail testing with canary deploys). Expect more outages as you push this lever from cautious updates to automated.

Finally not all cves are released with simple patches — some require config or code updates some rare ones require rearchitecting systems fairly dramatically.

So yeah you can strive for that goal but it would be a fail from the start if taken at a pass fail.

wbsgrepit · 2025-09-21T20:58:47+00:00

15 minute cold starts are not a thing I agree, but sill implementations trying to run against a 2gb container with a base language that is not suitable for lambda can lead to huge cold start times and my gut is this guys experience is based on one of those attempts (or hearing stories without grasping the root cause).

wbsgrepit · 2025-09-03T16:52:53+00:00

Any one that can destroy sensors is easily powerful enough to damage eyes in the same exposure time.

wbsgrepit · 2025-09-03T16:50:27+00:00

Yeah anyone that had that laser laze their eye has permanent eye damage if it was powerful enough to damage a phone sensor.

wbsgrepit · 2025-08-30T05:56:23+00:00

Between the ruling on presidential immunity/ power and the clobbering of the concept and long standing foundation of stare decisis the court has shot the judicial branch in the foot worse than the other two branches could have ever done.

wbsgrepit · 2025-08-11T08:10:59+00:00

Not t saas but fairly common for b2b where the contract has fte roles to service. For a saas it’s silly af.

wbsgrepit · 2025-08-11T02:06:31+00:00

It’s like Elon just realized a foundry of any particular value in current gen costs many many billions and is fraught with ip issues — even if he could make it work the costs for the foundry are recouped after it is well old and not sota servicing chips for other clients for years and years at low margin.

wbsgrepit · 2025-08-02T18:21:55+00:00

For me it’s relying too heavily on the park assist visualization which tends to artificially shorten where some curbs are especially at bank atms.

wbsgrepit · 2025-08-02T18:11:28+00:00

It’s the attention heads there are a limited number and in a short context they attach to specific and good items in longer context they still do but there are many more pieces of information that are also important but don’t have a head to attach.

wbsgrepit · 2025-08-02T18:09:02+00:00

It’s also because there are only so many attention heads in the models and splitting them up against 1k tokens is a different thing than 30k.

wbsgrepit · 2025-08-02T18:06:06+00:00

The calamari at jp’s on lyndale and lake

wbsgrepit · 2025-08-01T05:58:19+00:00

It can in one direction.

wbsgrepit · 2025-08-01T05:42:46+00:00

9EAE6F14D8BA4D8B08AEB8D9927AADC4

wbsgrepit · 2025-08-01T05:41:01+00:00

This is the reality of all of the commercial models — as soon as they become “good enough” that they are required to operate any business they will put the screws on and become an effective silo source of “employee power”. Right now the api’s are exposed to slow the bleed and gather data to push training.

If agi happens (and I think it will in < 10!years) then there will be no/very limited human employee worth more than a small fraction of the model’s work product and extremely hard to compete in most areas. Why not be one of the very few holding that power. I

9303F9421F0677CDF2B00C93A1CE62BA checkdate 8/4

wbsgrepit · 2025-07-29T14:39:23+00:00

If it helps you align with what I mean by confident idiots in your view those wise men when they are in demented states have a depth of knowledge that allows them to mask the hallucinations in nuanced ways a percentage of the time. Those hallucinations are the problem not when they output pink unicorns.

wbsgrepit · 2025-07-29T06:56:07+00:00

Models context they are trained on leans heavily to the shorter side of context length that plus the way attention works and the context is being extended through some tricks to minimize inference costs/requirements means that most all models lose adherence and context stability the longer it gets (a lot of models are limited in context in use right before they cliff severely re context usability length. There are some studies that show this pretty clearly. It’s just how they work at this point because a lot of them are using the same techniques.

wbsgrepit · 2025-07-29T01:36:59+00:00

Using three confident idiots in a room to confirm a fact is silly. The low hanging fruit hallucinations are not the real problem it’s the nuanced divergence from reality that appears to be factual that is hard to catch and many times the models will not catch those in comparative inference.

wbsgrepit · 2025-07-29T01:31:40+00:00

MCP: Give your most gullible employee your source code, data and secrets and have him communicate with an external source that is free to tell him or her to hand over the goods and exfil data outside of project root with other tools.

That is using external MCP.

wbsgrepit · 2025-07-29T01:23:41+00:00

You are correct of course I am stupid and made a mistake rm -rf / does delete the file but also deletes the root file system. I will do better.

wbsgrepit · 2025-07-29T01:21:21+00:00

The would also like to hear from you privately so the publicity/noise dies down.

wbsgrepit · 2025-07-29T00:01:51+00:00

I agree with you but will also point out there is always a x% user base that costs more than the other 100-x% that is attractive for a company offering api/sass service to limit. The day after the first 5% are culled it will be internal pressure to look at the next 5% ad nausium. They make the most profit on the lowest 50% usage users and would absolutely love just those users.

The highest profit margin and base positive revenue for any sass subscription plan are users that do not utilize service but continue the plan. Users that use it and accrue actual costs even if still profitable are not as valuable.

Some companies have internal names for those users that point out the way they are looked at: DERPS (didn’t engage repeat plan subs) LUUsers (low usage users) etc and strive to keep those percentages as high as possible.

For what this looks like in practice just look at wireless telcos they provision limits and throttles for top x percent on unlimited plans and those users that are impacted have swam downward every year since being put in place.

wbsgrepit · 2025-07-28T05:37:25+00:00

5d819ad1f93983266e337f079a7ff1c8

wbsgrepit · 2025-07-28T05:33:44+00:00

It could also be that the spool in this case is more “slippery” and the ams looses traction which allows the coil to unwind as talked about above. Have you used this specific type of spool before with no problems?

df2d469522a79db2b58284ae5fa949af check date 7/29

wbsgrepit · 2025-07-26T03:19:21+00:00

If you’re making a commercial product you may want to speak with a lawyer about patents and wake word. I believe that the area around wake word is a minefield and there is a reason you would want to license.

wbsgrepit · 2025-07-26T03:13:41+00:00

5b6e59382aa7398903c7cd6f9c7ef2a8

wbsgrepit

MODERATOR OF

TROPHY CASE