The Threat and Opportunities Of AI
The Pandora’s box of Artificial Intelligence has been opened, what does that mean for us mere mortals? Anecdotally, I’ve found that having a conversation with an LLM is like having a conversation with someone who has been learning something for anywhere between 1 and 7 days with the upper limit likely to increase with time, I don’t expect it to replace someone with years of domain-specific experience. I operated under the assumption that AI can be used for trivial tasks that have a very defined set of rules: “Extract text from an image”, “list some synonyms for the word knowledge”, and “Convert this document into YAML”. AI is good at these tasks and will continue to get better.
For those using AI in this way, it can increase operational efficiency for simple tasks, but you must not trust it blindly. The bigger risk is the enshittification (I believe that’s the technical term) of information: AI generated articles, conversation, and tooling. However, this presents an opportunity.
The internet is becoming increasingly saturated with low-quality, unreliable information. This overabundance of enshittified content has led to a decline in its demand, while simultaneously increasing the demand for well-researched, carefully curated, and expertly synthesized information. This is part of the reason I write this series each week, to help cut down on the noise and provide what I hope is well-thought-out information.
- Recommended reading: “AI Won’t Take Your Job, a Person Using AI Will”—Yes, You Using AI Will Replace You Not Using It
Downpour: The Cloud Retreat
Over the past 10 years, many organizations migrated a large percentage of their resources to the cloud and many companies are have never purchased physical hardware, building their entire business within the cloud. The cloud is here to stay, but hosting everything in the cloud is costly and drastically increases complexity. Even AWS noted recently that (PDF)
Customers may switch back to on-premises for a number of reasons, including to reallocate their own internal finances, adjust their access to technology, and increase the ownership of their resources, data, and security.
Many companies quickly migrated to the cloud for various reasons and are now in over their head in both complexity, billing, and security. Many cloud services make sense – I don’t think we’ll see on-prem email making a return, but if a small-medium business can build a 1 Petabyte on-prem NAS solution for $10k. With very rough calculations (AWS calculation/GCP calculation), that is ~89x cheaper over 4 years than using a cloud provider (and that is before factoring in transfer costs). Could this cost be optimized? Absolutely, but you must factor in the time and cost of doing so.
Caught My Eye
- Diskonaut: Like WinDirStat but cooler because… Rust and Linux. Allows you to visually see (and delete) large files/directories.
- Jdupes: This one was new to me and an absolute lifesaver. Jdupes de-duplicates files on your filesystem. I ran it over my backup folders and removed about 500GB of data. Turns out I had my VM folder backed up multiple times.
- ZSTD: Pretty good compression algorithm even with default settings. Took ~540GB of data down to 427 GB.
- Microsoft mitigating NTLM relay attacks by default: Microsoft continues to make progress on getting rid of NTLM. It will still be around for many years though.
- Staff Engineer Architypes: Overview of a few different types of software engineers that roughly align with security engineering. I think I fall more into the solver category. “The Solver digs deep into arbitrarily complex problems and finds an appropriate path forward. Some focus on a given area for long periods. Others bounce from hotspot to hotspot as guided by organizational leadership.”
- Adrift in the cloud: A Forensic Dive Into Container Drift: A cool deep dive into OverlayFS. I can’t get my hands on enough content like this.
- Linux Attack, Detection And Live Forensics: This class seems jam packed with content, I will likely purchase it soon. Also see: Federated Security Training
- NoseyParker: A nice tool for searching for secrets inside a file-system or remote repo.