HackerTrans
TopNewTrendsCommentsPastAskShowJobs

cleansy

no profile record

Submissions

Delve Deep Dive – companies with potentially auto-generated compliance reports

peakmaven.com
2 points·by cleansy·4 mesi fa·0 comments

comments

cleansy
·mese scorso·discuss
> so I don’t even know at this point what the EU is trying to defend here.

Says it right there: "Apple was simply unable to develop interoperability solutions that meet essential EU privacy and security standards," Regnier said. "Instead of trying to find a suitable compliance solution, Apple simply made a request to the European Commission to be exempted from their interoperability obligations under the DMA - and this for at least 18 months. That's not an option."
cleansy
·mese scorso·discuss
Yeah, highly inaccurate data. Shows Auth0 with an uptime of 0.6% over 24h. Smells like a slop project.
cleansy
·3 mesi fa·discuss
I worked as a tech in porn in my very early 20s. My experience was the opposite, interviewers later on remembered my CV because I was transparent about it. In 2009-2011 weren’t many places where a junior developer could work on code that served 100M ad impressions /month and 3-5M requests on the pages. Gambling and porn both hook into your dopamine systems, but mixing them together does not make sense at all. The consequences of watching pornography are two orders of magnitude milder than a gambling addiction.
cleansy
·3 mesi fa·discuss
Fake it til you make it [into the news for fraud allegations].
cleansy
·3 mesi fa·discuss
No, I think about it all the time. It’s just baffling that this kind of attack is still a thing, after a decade+ of this happening over and over again.
cleansy
·3 mesi fa·discuss
To have an initial smoke test, why not run a diff between version upgrades, and potentially let an llm summarise the changes? It’s a baffling practice that a lot of developers are just blindly trusting code repos to keep the security standards. Last time I installed some npm package (in a container) it loaded 521 dependencies and my heart rate jumped a bit
cleansy
·4 mesi fa·discuss
Sure thing! Here: (ffmpeg). Ffmpeg wrapped in simple yet elegant parens. Or fancier: {ffmpeg}, or more brutalistic: [ffmpeg]. Do you want to try a cookie recipe ingredienting ffmpeg?
cleansy
·4 mesi fa·discuss
Sure, I work in security, and the amount of sub-6 month old companies with SOC2 reports are mind-boggling. The trend started probably a year ago or at least I noticed it. There is seemingly no oversight of AICPA to enforce any kind of standard in practice, companies like Delve are hiring vibe-auditors to autogenerate the reports. You already had the issue with low-cost providers like A-Scend who have maybe one qualified auditor across 5 auditing teams or so (I worked with them several times) - but at least they had several rounds of human-QA before issueing any kind of report. A company that started 6 months ago simply cannot in any meaningful way prove that they should be trusted, because they cannot prove that their processes are solid. And that's fine and normal, you have early adopters and companies with not-so-critical data for these use cases. Getting some vibe audited reports early on is setting you up for distrust, it's a signal that you are willing to take all short cuts to get enterprise customers and that's a red flag.
cleansy
·4 mesi fa·discuss
Just some unfiltered feedback after checking out the website: from what I understand this is an SaaS only? So basically I’m asked to upload ALL company docs to a company that existed for basically a minute with some questionable SOC2 report. Soc2 is basically dead as a security artefact and the data asked to upload is sensitive by nature. I don’t see that working.
cleansy
·10 mesi fa·discuss
Not surprising since concepts are virtual. There is a person, a person with a partner is a couple. A couple with a kid is a family. That’s 5 concepts alone.