LLMs should never be trained on restricted data of any kind, as we have seen that they are able to reconstruct their training data. The idea that they could be trained on private/restricted/copyrighted data and that was ok because there wouldn't be redistributing that data should have been killed 3 years ago.
Embedding vector indexes are how we separate code from data. Anything that is not for 100% unadulterated public access should be behind a traditional access control system. RAG search is not magic, it's just a SQL query of a manually created index. It absolutely could have access control built in. It's been out of laziness that it has not.
I think the point of whether we consider user input to be instructions or data is important and I think it should be front of mind for everyone.
But I don't agree prompt injection vs SQL injection is an example of this kind of failure, at least not in this case where it's giving unauthorized access to data. And I don't think the fix really needs to go as far as creating wholly new training methods.
That's because the LLM doesn't have access to the repositories on its own. It has to be given that access through deterministic tools programmed in traditional programming languages. Even the ability to RAG search needs a part A to perform a vector nearest neighbor clustering and part B to retrieve the data found via the embedding index, both of which the LLM can't do on its own.
Prompt injection providing access to unauthorized data is 100% lazy tool development where those tools do not operate through any form of access control. You'd have the same unauthorized access with properly parametrized SQL if none of the search inputs were the user credentials.
This is one of the major dangers of "LLMs are going to democratize coding." Software development isn't a safe field of play. Not only are there a lot of dangers, many of them are subtle, unintuitive, and quite easy to stumble upon. That's why we idealized a mentorship model for junior developers, to try to limit the blast radius of mistakes in a safe, pro-learning environment. But the ever hard driving quest to eliminate software engineers as a species is pushing people into ludicrously stupid actions like giving LLMs full access to write SQL queries and full access to operate the CLI. The problem is not that we are treating the user's input as unfiltered instructions, it's that we're forgetting that the LLM is another agent in the system and treating the LLM's input as unfiltered instructions.
The AI boosterism is really weird. What is the big deal? My job is not to make AI succeed, it's too solve problems for our clients. Yet I'm getting told I need to use AI to do my job or my funding is going to get cut. We've done several research spikes to figure out where AI can fit into our project and apparently coming up with the answer of, "nowhere near the classified data" that means we must not have AI'd hard enough. My project owner doesn't seem to care if our actual project goals are met, he only seems to care that AI was used.
He's not my boss, so he can't literally tell me what to do. And my actual boss has told me to ignore him. But it's a worrying but of psychosis that I fear could infect the rest of the C-suite of it isn't addressed now.
In jurisdictions where 65MPH is the highway speed limit, 80MPH is usually the "reckless driving" threshold. And in Virginia, reckless driving is a felony misdemeanor.
There is a certain brand of conservative Republicans who have learned to weaponize antisemitism against Democrats. The general operating theory is that, since the Holocaust, anyone with even Jewish heritage can do no wrong (though I question the sincerity of the view).
Palantir's CEO, Alex Karp, is the son of a Jewish man. I specifically say "son of," because I understand Jewish heritage to be matrilineal and I don't see Alex Karp engaging in any specifically Jewish traditions. But he does also seem to be one of the "Weaponize the Holocaust" Republicans. Thus, you get defenders such as this.
Regardless, you don't need to make the hitboxes one-to-one with the graphics. Indeed, doing so tends to make for unreliable hitboxes, so most picking systems have two different, idealized enter and exit hitboxes for each icon.
Yeah, it's some bullshit 90s-era basement-dwelling "techie" attitude that even Linus Torvalds said he doesn't want to do anymore almost 10 years ago by now.
As someone who has been training and mentoring and managing people for over 25 years: shame is useless as a tool. There's no "you gotta have thick skin" in people management. That attitude is just covering for the deficiencies of the manager. Most people's natural reaction to shame is to shut down and either slink away or become vindictive. You don't get the right corrective behavior out of using shame.
One's employment of shame as a corrective technique also has a wide blast area. When one singles out and criticizes people in public, the people who aren't being criticized still see it and form new, negative opinions of the criticizer. You undermine your own authority as The Boss when you do that.
Truly being "results focused" means studying actual management theory, negotiation techniques, coaching techniques, and conflict management. Praise in public, criticize in private. Always. And when you do have to criticize, keep the emotion out of it and stick to just the facts.
I have two employees I've had to put on PIPs right now. One of them is actually improving. The other one is a habitual liar, for whatever reason HR won't let me fire him outright, but even him I won't break my rules for, regardless of how angry he has made me, because the rest of my team will see it. During the meeting where I informed them I would be formalizing the process, they were not surprised and agreed that it made sense, because I had done the work before then to establish expectations and work with them to try to improve. There's are also people in the past whom I have fired who have messaged me on LinkedIn, thanking me for being kind to them during the process, because it was what they needed to turn their lives around.
You can tell people they aren't meeting expectations. You can put people on official notice. You can fire people. And you can do all of those things in ways that preserve their dignity. And in that mode, you can get mediocre employees to be good, good employees to be great, and great employees to stay. Or you can treat people like shit and constantly have to go back to the recruiting well. I'm sorry, but I'm far too busy to be constantly interviewing and onboarding new people.
What is the deal with WhatsApp? My family roped me into using it, "because it's better than text messages", we've been using it regularly for over a year, and it's... literally the same thing? I don't get it.
When I mentor new developers, I frequently caution them (with caveats about my experience being only one) against going to work for tech companied. My favorite jobs have all been at companies that were not selling software in some way, but needed a software developer or 5 on staff to do what they needed to do. Industrial manufacturing and adult education were my particular industries where I found this path and the only reason I'm not in them anymore is because I don't have the flexibility to move around anymore, so need to make the best of the DoD consulting shit sandwich I'm in now.
> I've visited many doctors over the years, as a patient, and pretty much all of them treated me well, practiced their jobs professionally and gave me good advice and treatments. I never had a doctor give me advice that turned out to be wrong or ill intentioned.
You are extremely lucky, then.
As a man, I've been gaslit by my doctors about my depression. My PC in my early 20s told me I was just lazy and needed to get a "real" job.
For women, by all accounts, it's much worse. I have not met a woman yet who has not had a story about some doctor treating her like a child, minimizing her pain, etc.
My answer to every food authenticity Nazi is the same: "call a cop." I will do whatever I want and call it whatever I want. I will call sandwiches "European tacos" and there is nothing you can do to stop me. I will call polenta "grits" just to piss you off. Yes, I know it's a different kind of corn. I prefer making you angry over such an inconsequential difference than I care about being precise, and I usually care quite a lot about precision.
Any claims that Python has a huge backwards compat mission go right out the window when you consider Python 3. 3 was a perfect chance to fix all of the major problems with Python, problems other languages have solved so there isn't even a need to invent things from scratch. They didn't and that's why the community is still split on adoption.
It's this sort of stuff that leaves me scratching my head why people like Python so much. I hear them say they prefer the syntax and personally I feel like that's such a small part of the holistic experience of working with any particular language. It's one of the reasons why I gave up on C++ years ago for .NET, the whole system of tooling in .NET has never left me feeling like I was pigeonholed into doing things in stupid, self-flagelating ways. Why should I use a language like C++ that doesn't provide a standard set of package management and build tools? Why should I use a language like Python that feels like it's being designed by amateurs?
I felt like the tooling in Racket, CLisp, and Java were similarly pragmatic and not either religiously devoted to some concept of "backwards compatibility" that I seriously doubt most people actually need, or "ease of use" that actually proves itself to be easy when you consider the not-happy-path of the beginner tutorials. Racket, I didn't continue just because the library ecosystem isn't mature enough to keep up with the latest in databases and other 3rd party services. Java I quit largely because of Oracle and some 2010s problems with stagnation. CLisp mostly because it was too hard to socialize. But never because I thought the core language and tooling were holding me back.
I think the big difference between the Republicans and Democrats is that the R-electorate votes for R-candidates because they want what the R-candidates are promising, while the D-electorare votes for D-candidates because they don't want what the R-candidates candidates are promising.
It's one of the reasons why "both sides" arguments are so frustrating. You can find R-voters who will defend Trump all day, in equal numbers to D-voters who will criticize Biden/Harris. You can see it in the number of R-voters you encounter online who think it's a "pwn" to bring up Clinton going to Epstein's Island, while D-voters respond, "yeah, and? Lock him up, too." We don't want these people who lie to us and glad hand for corporations, but it's marginally better than the alternative.
Embedding vector indexes are how we separate code from data. Anything that is not for 100% unadulterated public access should be behind a traditional access control system. RAG search is not magic, it's just a SQL query of a manually created index. It absolutely could have access control built in. It's been out of laziness that it has not.