250
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 10 Aug 2024
250 points (100.0% liked)
TechTakes
1488 readers
85 users here now
Big brain tech dude got yet another clueless take over at HackerNews etc? Here's the place to vent. Orange site, VC foolishness, all welcome.
This is not debate club. Unless it’s amusing debate.
For actually-good tech, you want our NotAwfulTech community
founded 2 years ago
MODERATORS
Do we know if local models are any safer or is that a trust me bro?
well we're talking about data across a company. Tho apparently it does send stuff back to MS as well, because of course it does.
Best way to deal with it? What's the modern solution here
Thanks but it's too late. Here it's all over unfortunately. I'm just doing my best to mitigate the risks. Anything more substantial?
“better late than never”
if it already got force-deployed, start noting risks and finding the problem areas you can identify post-hoc, and speaking with people to raise alert level about it
probably a lot of people are going to be in the same position as you, and writing about the process you go through and whatever you find may end up useful to others
on a practical note (if you don’t know how to do this type of assessment) a couple of sittings with debug logging enabled on the various api implementations, using data access monitors (whether file or database), inspecting actual api calls made (possibly by making things go through logging proxies as needed), etc will all likely provide a lot of useful info, but it’ll depend on whether you can access those things in the first place
if you can’t do those, closely track publications of issues for all the platforms your employer may have used/rolled out, and act rapidly when shit inevitably happens - same as security response
How's it at your place? What's your experience been with this whole thing
whenever any of this dogshit comes up, I have immediately put my foot down and said no. occasionally I have also provided reasoning, where it may have been necessary/useful
(it’s easy to do this because making these calls is within my role, and I track the dodgy parts of shit more than anyone else in the company)
Hm, that's good to have such authority on the matter. What's your position?
I'm struggling with people who don't fully understand what this is all about the most.
my position is "the hell with all this clown-ass bullshit"
I mean your position in the company.
I knew/understood what you meant
Limit access on both sides (user and cloud) as far as you can, train your users if possible. Prepare for the fire, limit liability.
Local models are theoretically safer, by virtue of not being connected to the company which tried to make Recall a thing, but they're still LLMs at the end of the day - they're still loaded with vulnerabilities, and will remain a data breach waiting to happen unless you make sure its rendered basically useless.
You can download multiple LLM models yourself and run them locally. It’s relatively straightforward;
https://ollama.com/
Then you can switch off your network after download, wireshark the shit out of it, run it behind a proxy, etc.
you didn’t need to give random llms free advertising to make your point, y’know