Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
gruez 10 hours ago

>And you have to work around that, because IT dept of the corporation will never lift restrictions.

Because otherwise people do dumb stuff like pasting proprietary designs or PII into deepseek

kbelder 9 hours ago | parent [-]

Oh, they'll do that anyway, once they find the workaround (Oh... you can paste a credit card if you put periods instead of dashes! Oh... I have to save the file and do it from my phone! Oh... I'll upload it as a .txt file and change the extension on the server!)

It's purely illusory security, that doesn't protect anything but does levy a constant performance tax on nearly every task.

gruez 9 hours ago | parent | next [-]

>Oh, they'll do that anyway, once they find the workaround ...

This is assuming the DLP service blocks the request, rather than doing something like logging it and reported to your manager and/or CIO.

>It's purely illusory security, that doesn't protect anything but does levy a constant performance tax on nearly every task.

Because you can't ask deepseek to extract some unstructured data for you? I'm not sure what the alternative is, just let everyone paste info into deepseek? If you found out that your data got leaked because some employee pasted some data into some random third party service, and that the company didn't have any policies/technological measures against it, would your response still be "yeah it's fine, it's purely illusory security"?

unethical_ban 9 hours ago | parent | prev [-]

What's the term for the ideology that "laws are silly because people sometimes break them"?

jeltz 8 hours ago | parent | next [-]

Posting stuff into Deepseek is banned. The corporate firewall is like putting a camera in your home because you may break the law. But, yeah, arguing against cameras in homes because people find dead angles where they can hide may not be the strongest argument.

unethical_ban 8 hours ago | parent [-]

Disclaimer: I work in corporate cybersecurity.

I know that some guardrails and restrictions in a corporate setting can backfire. I know that onerous processes to get approval for needed software access can drive people to break the rules or engage in shadow IT. As a member of a firewall team, I did it myself! We couldn't get access to Python packages or PHP for a local webserver we had available to us from a grandfather clause. My team hated our "approved" Sharepoint service request system. So a few of us built a small web app with Bottle (single file web server microframework, no dependencies) and Bootstrap CSS and SQLite backend. Everyone who interacted with our team loved it. Had we more support from corporate it might have been a lot easier.

Good cybersecurity needs to work with IT to facilitate peoples' legitimate use cases, not stand in the way all the time just because it's easier that way.

But saying "corporate IT controls are all useless" is just as foolish to me. It is reasonable and moral for a business to put controls and visibility on what data is moving between endpoints, and to block unsanctioned behavior.

collingreen 8 hours ago | parent | prev | next [-]

I don't think that's a good read if the post you're implying this at. I think a more charitable read would be something like "people break rules for convenience so if your security relies on nobody breaking rules then you don't have thorough security".

You and op can be right at the same time. You imply the rules probably help a lot even while imperfect. They imply that pretending rules alone are enough to be perfect is incomplete.

pigeonhole123 9 hours ago | parent | prev [-]

It's called black and white thinking