20 chunks · 19 episodes
...hat's not a good assumption for people vibecoding little apps that operate over sensitive data. Every non-toy vibecoded mini app that's useful almost by definition maintains sensitive state.
...Workday. But it makes it easy for HR to create compliant workflows on extremely sensitive data without needing to work with engineers. Kind of like when someone sees the boyfriend and says, "... What, is he funny or something?"
...er of them is the multiplication of "powerful" and "naive." LLMs with access to sensitive data are the most confusable deputies ever!
...ple say "I run MoltBot in a VM so it's safe." Yes, but then you put all of your sensitive data into it! It doesn't matter if it's in a VM if it has all of your data anyway. The idea of "let's let people run OpenClaw in a VM" is hilarious to me....
...ing a 339% year-over-year growth. The report also highlights a 152% increase in sensitive data leaks." "The report recorded a 540% surge in valid prompt injection reports" "13% of organisations experienced an AI-related security incident in 202...
...es in LLMs: RadWare: ShadowLeak: A Zero-Click, Service-Side Attack Exfiltrating Sensitive Data Using ChatGPT's Deep Research Agent.. Ars Technica's summary Eito Miyamura: "We got ChatGPT to leak your private email data… …All you need? The victi...
The News Feed betrayal effect: the dissonance that happens where sensitive data users added in one context is now used in another context. This happened when Facebook enabled the News Feed for the first time. It didn't make any n...
...e, it will have to be antifragile; auto-isolating code that has been tainted by sensitive data.
...Origins should prefer not to have the data with all the downside risk of having sensitive data. There should be ways for creators of code to write arbitrary code that runs blindly. This would allow them to do useful things for users on sensitiv...
...hree of the legs of the iron triangle. Untrusted code - Creates open-endedness. Sensitive data - Can work on real and specific things, not just generic things. Network access - Can interact with the rest of the world, not just an island or dead...
...ier is context someone else maintains about you. It's about distilling the key, sensitive data to make sense of you to someone or something that doesn't know you. The word "dossier" implies something clandestine and nefarious, not aligned with ...
...e web? It would be overwhelming. The web doesn't do it because it doesn't allow sensitive data (only data the user trusted the origin to have access to). The origin might trust more third parties than the user realizes, but technically users ar...
A friend told me: "vibe coding on your sensitive data has SHARP edges" Vibe coding is great fun, but if you do it on sensitive data, you can very quickly get yourself into trouble.
Untrusted code and sensitive data are explosive. Code is open-ended, it can do things. Data is about what's meaningful to you. Historically the combination has been explosive all in a...
...itten by other anonymous creators is untrusted. You can't run untrusted code on sensitive data. LLMs can write code. Now you just need a way to make running on untrusted code on sensitive data safe.
...ts comes power. What if you could write little Vals that would run on your most sensitive data?
...ppens after that point. This makes it quite hard to trust any given origin with sensitive data, who knows what the origin might do with it? The more trust an incremental origin requires, the more the ecosystem will tend to stabilize on a small ...
...atives, and convinces people to give you–an app they just met–all of their most sensitive data. A very steep hill to climb. Also, a very scary one: most tinkerers don't want all of that radioactive data. But what if there were an open platform ...
...duling feature. One from a startup you've never met before who you have to give sensitive data to. And the other, a service that already has your calendar data. Which one do you pick? The latter, unless the former has an expected value an order...
Writing hand-rolled SQL to work with potentially-sensitive data is an escape hatch in internal systems. It needs to be possible, of course. But every time it happens it is kind of a bug; it's dangerous, expensive,...