The value of SOC2 is that it does take some experience to be able to plausibly fake the evidence which weeds out people that truly have no idea what they're doing. It also provides a blueprint of the stuff you should be doing if you actually care.
yeah it's funny to see some defense of this practice as "well the whole thing is pointless anyway so nothing is lost by defrauding folks". Pretty hollow argument
yes, the equivalent of looking at api spec and saying it's pointless because there's no implementation.
I feel like in the last five years all prior knowledge and art wrt infosecurity was lost from the "dev community". My guess is that hackers have an embarrassment of exploits and are being unusually quiet. I expect a series of major breaches/hacks over the next few months that are ignored and it just becomes normal to have all of your customer data dumped onto the public web. For example, the digital banking system could go under, and most kids would just download some new crypto app. It won't really matter that nothing replaces the dollar or our global banking infrastructure. The zeroing out of the financial system would just be the "coyote suddenly being affected by gravity".
The only should is you should succeed in making the change wanted or needed by your customer or stakeholders or yourself. How you do it is a capital problem. Cheaper faster better is preferred.
Imagine saying the 30% rule is you must eat in 30% of the time or eat vegetarian 30% of the time. It’s missing the point.
There is a mind; the model + text + tool inputs is the full entity that can remember, take in sensory information, set objectives, decide, learn. The Observe, Orient, Decide, Act loop.
As the article says, the models are trained to be good products and give humans what they want. Most humans want agreeableness. You have to get clear in your heuristic instructions what you mean by "are you sure?", as in, identify areas of uncertainty and use empiricism and reasoning to reduce uncertainty.
I don't even understand the concern here. Perhaps the parent thought this meant "a warrant is not required", which is absolutely untrue. Instead, the judge still creates the warrant, and any trial/arrest/action must have a warrant.
(Finding out what ISP a user belongs to, isn't really that private. If you look at the US comparatively, Homeland has a list of every single credit card transaction ever. The US doesn't need to ask an ISP if someone is a customer. What this does is simply confirm, and then the judge can create a warrant specific for that ISP.)
Such as compelling the ISP, or what not, to take action. The ISP is not the subject here. And obviously hiding the warrant from the ISP makes zero sense, as they're going to know who the person is anyhow.
This is stuff that goes back to phone taps. Nothing new here.
Does a warrant ever expire? How long can they monitor you once the warrant is issued? Do they ever have to notify you or anyone else that you were being monitored and they found no criminal conduct? Don't you see the potential for abuse here?
All of these questions, and more, are answered by examining what happens with phone taps. Phone taps, which historically were treated precisely the same, and further, there was only ever one phone company in a region back then.
All legislative change is interpreted by courts. So to answer your questions:
# look to see how the legislation is written for phone taps
# know that this new legislation is changing things, the code is being modified
# now look at judicial decisions, and you will have your answer
Seeing as you have no idea how other warrants work, when they expire, you're really just looking for the worst case scenario, without even attempting to see what would happen, and has happened for 100+ years.
That came later than the beginning. Workhouses came before the loom. You can see this in the progression of quality of things like dinner plates over time.
Making clay pottery can be simple. But to make “fine china” with increasingly sophisticated ornamentation and strength became more complex over time. Now you can go to ikea and buy plates that would be considered expensive luxuries hundreds of years ago.
Compilers made programming faster, cheaper, and more consistent in quality. They are the proper analogy of machine tools and automation in physical industries. Reusable code libraries also made programming faster, cheaper, and more consistent in quality. They are the proper analogy of prefabricated, modular components in physical industries.
I'm building a zork-like dungeon explorer for vibe coded projects. Ok, the zork interface is not that important, but it adds an extra layer of fun, and does reflect the reality of how I dig through a codebase to understand it. You start at the entry point and start exploring each code path to build a map of what is going on, taking notes as you go, and using tools if you're lucky to get a sense of the overall structure. You can also go up and down a level of abstraction like going up and down a dungeon.
It incorporates also complaints from a static analyzer for Python and Javascript that detects 90+ vibe slop anti-patterns using mostly ASTs, and in some cases AST + small language models. The complaints give the local class and methods a sense of how much pain they are in, so I give the code a sense of its own emotional state.
I also build data flow schematics of the entire system so I can visualize the project as a wire diagram, which is very helpful to quickly see what is going on.
That sounds neat! I especially like "I give the code a sense of its own emotional state". I can just imagine a function crying "Why did they use that algorithm ?? Why so much spaghetti ?? I'm soo ugly ..Why Why Why" :-D
That would probably motivate me to fix the poor thing, just so I don't feel like I'm torturing it! :-D
SOC2 is as useful as a privacy policy at protecting your data. It’s all humans following human incentives.
reply