Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
soundworlds 9 days ago

If I understand this correctly, Anthropic's argument is now "yes this will blow up some of your infrastructure, but it will be worth it"

The problem is that no one has been able to prove that it is actually worth the cost. That is a very fragile assumption.

daveshistory 9 days ago | parent | next [-]

It's Shrek logic. "Some of you are going to die, and that is a sacrifice I am willing to make."

TeMPOraL 8 days ago | parent [-]

No, it's the actual reasonable approach that sane people have to security. In the real world, security is always about costs and benefits, because you can always make something more secure than it is by spending more money, but it also doesn't make sense to spend more than you're getting from it.

Normally, you secure things up to minimize (${cost of security measures} + ${expected damage from attacks that materialized}), writing off actual material damage with insurance wherever possible. You pick security measures based on their effectiveness, which usually translates to "how expensive will it make success for attackers", aiming to push that above the value the attackers can expect to gain.

There are obvious exceptions to that, like risk to life and limb, as well as some other special situations where attackers may have unusual motivations and thus the economic logic of "make stealing treasure cost more than the treasure" stops applying. But those are exceptions. Almost everything you deal with in your life - from your bike shed to the corporation that owns your bank - follows the above logic in terms of security.

--

I spell this out because I've noticed that tech industry circles have this weird, belief in security as some kind of binary, holy good, that you either have and are blessed, or don't and sin. This obsession starts with failing to even recognize, much less ask, the most important questions about security: why do you want to protect it, and who are you protecting it from?

hext 7 days ago | parent [-]

100% agree, and so happy to see somebody call this out. If you go on /r/SelfHosted or any other novice oriented forum, you’ll quickly realize that most users are simply “keeping up with the joneses” when it comes to security & redundancy. That itself is fine I guess, but the zero tolerance they have for anything else is just absurd.

alansaber 9 days ago | parent | prev | next [-]

This has always been the premise. They can't fix the fundamental problems with LLMs but they can continue to optimise them for IE parsing large volumes of data quickly

szundi 9 days ago | parent | prev [-]

[dead]