Rendered at 20:05:08 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
epistasis 15 hours ago [-]
Great timing, I was just getting frustrated about this today. I've got a pyinfra secrets.py and another project with an .env for logins for grabbing and moving data. I use LLMs on both of them extensively (having an LLM setup all my proxmox VMs and LXC containers and configure them without doing that yak shaving has been amazing.)
It would be nice to use something like SOPS[1] + age right from the start, so I don't feel like I need to go rotate all those keys.
It's one thing to have it stored locally on your own box, and another to have it off in the training data of a hugely-overvalued gigantic corporation that's going to do anything it can to survive in the coming years.
It’s your last point that keeps me up at night. I opt out of letting my data be used for training (and don’t use tools like Gemini that make this very difficult or impossible).
But I have very little reason to trust that they actually don’t use my data. The incentives to violate the data controls are so great with the billions sloshing around AI companies. The worst that would happen if they are found to be abusing my data would be civil penalties (i.e. fines) that I’m sure executives would see as the cost of doing business.
Ideally there would be an attested zero data retention option, but I’m sure that’s not available.
pixel_popping 5 hours ago [-]
Attestation requires Enclave of some sort, I'm pretty certain they wouldn't want to do this, data is their entire business model.
Their ToS is irrelevant in the cybersecurity sense of things, if it's there in plaintext, it can be used.
It would be nice to use something like SOPS[1] + age right from the start, so I don't feel like I need to go rotate all those keys.
It's one thing to have it stored locally on your own box, and another to have it off in the training data of a hugely-overvalued gigantic corporation that's going to do anything it can to survive in the coming years.
[1] https://github.com/getsops/sops
But I have very little reason to trust that they actually don’t use my data. The incentives to violate the data controls are so great with the billions sloshing around AI companies. The worst that would happen if they are found to be abusing my data would be civil penalties (i.e. fines) that I’m sure executives would see as the cost of doing business.
Ideally there would be an attested zero data retention option, but I’m sure that’s not available.
Their ToS is irrelevant in the cybersecurity sense of things, if it's there in plaintext, it can be used.