this post was submitted on 13 Aug 2024
-33 points (24.6% liked)

Technology

59329 readers
4667 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

Unlock the power of LLMs like ChatGPT and Ollama to effortlessly query and analyze your SQL database using natural language. Learn to set up and use LangChain for complex queries, making data-driven decisions easier and accessible to all, even without technical expertise.

you are viewing a single comment's thread
view the rest of the comments
[–] breadsmasher@lemmy.world -2 points 3 months ago (1 children)

I did read the article. Do you arbitrarily trust any code you run locally without reviewing it?

[–] tal@lemmy.today 14 points 3 months ago* (last edited 3 months ago) (1 children)

I have reviewed the tiniest fraction of code that I have ever used.

$  dpkg -l|wc -l
4526
$

That's about 4500 software packages I have installed on one Linux system, to say nothing of other computing devices I've used or the other packaging systems in use on this system alone. I have probably looked at any portion of...I don't know, maybe 20 of those? And that's to work on a small portion of any one's codebase, certainly not to audit the software package.

Nobody using any kind of a remotely normal and modern computing environment, even if they are a software developer and know at least one programming language used by some of the software on their system and if they have the relevant domain knowledge to assess security concerns, has the realistic ability to conduct a review of the code that runs on their system, even in environments, like Linux, where the code is available.

It's like asking a mechanical engineer to validate the design correctness of every mechanical device they've ever used prior to using it.