Systems Engineer with a penchant for PowerShell, science, cooking, information security, family, cookies, and the Oxford comma. @pscookiemonster.bsky.social
I appreciate Kevin bringing and highlighting this stuff, because many cyber people will just map out the impacts in our head. The endless contexts of data exposure in ways the system was never designed to guard against, and Microsoft could have tried but didn’t. I just. I can’t.
Something that always gets me in Security is assumptions. Instead of actively validating them constantly. Policy looks right, nobody changed it. All good!
Okay but one of the other 14 ways a change can occur overwrote your policy. Did you check if it's right ON THE CLIENTS? All?
The Call for Papers for the PowerShell and DevOps Global Summit is open - we’re looking for dynamic speakers who are excited to share their knowledge with a friendly and welcoming community.
The CFP closes November 15th, so don’t wait too long!
https://t.co/qhBv2iUpmF
Anyone in Windows ecosystems using Loki? Curious about what client/config you are using to get (1) parsed event data (2) into named fields. Promtail seems to dump an xml string (wat). Fluent bit produces an array of values (better, but still, wat). Telegraf...
Telegraf does it! Yay! Oh. Loki / logfmt silently drop any field with an invalid escape character. And Windows uses '\' all over the place. Anything I should be considering client, config, or Loki-wise?
IT career advice:
The tools you already have do a LOT more than your company uses them for. Often products are purchased to do ONE thing. Tools need both a motivated admin + one with time.
Learn what you already own and master it. I see this CONSTANTLY. Volunteer responsibility.
World, meet Alex, Bill, and Mophat, three workers whose labor was essential to filtering violence and abuse out of ChatGPT.
For the first time they’re ready to tell you who they are—and how the work unraveled their lives and their families.
https://t.co/QXqCRAcOZX
Do you have any idea just how far out of your way you have to go in your treatment of Open Source to have Oracle coming out looking like the better party?
New paper!📢
On Hate Scaling Laws for Data-Swamps with @vinayprabhu, Sang Han & @VishnuBoddeti
Paper: https://t.co/cOSdEhU0bR
Code: https://t.co/rfK541SIql
WARNING: Contains examples of hateful text & NSFW images that might be disturbing, distressing, &/or offensive
Long 🧵
1/
* People ask LLMs to write code
* LLMs recommend imports that don't actually exist
* Attackers work out what these imports' names are, and create & upload them with malicious payloads
* People using LLM-written code then auto-add malware themselves
https://t.co/Va9w18RpWu
Reminder: just because most people have stopped taking precautions, it doesn’t mean you’re not going to get sick (or get someone else sick). We are in no sense “past this”
when asked what can be done to the mass generation and spread of misinformation enabled by LLMs, altman said "the only way to tackle problems that arise from AI is with AI" and can't help but think of this passage from Weizenbaum in 1972 warning exactly this
I think we can call it shut on 'Open' AI: the 98 page paper introducing GPT-4 proudly declares that they're disclosing *nothing* about the contents of their training set.
MSFT lays off its responsible AI team
The thing that strikes me most about this story from @ZoeSchiffer and @CaseyNewton is the way in which the MSFT execs describe the urgency to move "AI models into the hands of customers"
https://t.co/d7r3ljUF9D
>>
When you're Associate Director of something called "Human-Centered Artificial Intelligence" but the $$ all comes from Silicon Valley so you feel compelled to retweet the clown suggesting that the poors should have LLM-generated medical advice instead of healthcare.
After years in security monitoring, detection engineering, training ML models and writing detections, you'll learn one thing:
The problem isn't that malware tries to look like legitimate software, it's that software does a lot of things that you'd only expect from malware