> A group of individuals adept with use of such an idiot savant enhanced environment would be incredibly capable. They'd be a force unseen in human civilization before today.
I'm sorry but your comment is a good example of the logical shell game many people play with AI when applying it to general problem solving. Your LLM AI is both an idiot and an expert somehow? Where is this expertise derived from and why should you trust it? If LLMs were truly as revolutionary as all the grifters would have you believe then why do we not see "forces unseed in human civilization before today" by humans that employ armies of interns? That these supposed ubermensch do not presently exist is firm evidence in support of current AI being a dead end in my opinion.
Humans are infinitely more capable than current AI, the limiting factor is time and money. Not capability!
No, that is now pasture. Be truthful to yourself. Cattle ranching, particularly in "undeveloped wilderness" is incredibly destructive of the local environment.
I am a pro wildlife photographer and spend hours studying birds. And there is so little undeveloped wilderness left that it's just very sad. Even relatively wild places usually have some human influence.
I've traveled many tens of thousands of miles of gravel/dirt roads and 4wd trails all over the USA. There is essentially no place left in the lower 48 that is actually untouched. You can be 100 miles from the nearest paved road and still find trash and other impacts.
> Cattle ranching, particularly in "undeveloped wilderness" is incredibly destructive of the local environment.
This is the opposite of the truth. In fact cows are cultivating, manure spreading and seeding machines that vastly improve their future forage just by doing their thing, if not over grazed. I know a local rancher who makes all of his money as an elk hunting guide on his property. He keeps a herd of cattle for the purpose of improving the forage for the elk, and for his own table.
I invite you to come and hike on this land. I very much doubt that you would conclude that it has been damaged by the cows. In most places you could walk through a time warp to three hundred years ago and you couldn't tell the difference.
I find this data quite amusing. In another life I cleaned up after things like fire damages. The vast majority of them were kitchen fires and the only one I can specifically recall that was not cooking-related was some dude's hot rod that blew up and set the garage on fire.
Without any personal or professional reason, I've seen many of them as a casual onlooker. I remain terrified of open pot deep frying over a stove.
But the insurance assessors I've talked to recently do mention a new trend in battery fires - though usually caused by a combination of bad quality, excessive quantity stored and sloppy practices bordering on the abusive.
Nonsense, the claims are trivial to verify for yourself - the Daily Mail did post false claims about NK soldiers in the Ukraine and then dissappear the article once it had done its work.
JWT/OIDC, where the thing you're authenticating to (like MongoDB Atlas) trusts your identity provider (AWS, GCP, Modal, GitLab CI). It's better than mTLS because it allows for more flexibility in claims (extra metadata and security checks can be done with arbitrary data provided by the identity provider), and JWTs are usually shorter lived than certificates.
A db connection driver? You pass the JWT as the username/password which contains the information about your identity and is signed by the identity provider that the party you're authenticating to has been configured to trust.
Or, you use a broker like Vault to which you authenticate with that JWT, and which generates a just in time ephemeral username/password for your database, which gets rotated at some point.
It's not quite a zero-trust solution though due to the CA chain of trust.
mTLS is security at a different layer though than IP source whitelisting. I'd say that a lot of companies we spoke to would want both as a defense-in-depth measure. Even with mTLS, network whitelisting is relevant. If your certificate were to be exposed for instance, an attacker would still need to be able to forge a source IP address to start a connection.
If mTLS is combined with outbound connections, then IP source whitelisting is irrelevant; the external network cannot connect to your resources.
This (and more) is exactly what we (I work on it) built with open source OpenZiti, a zero trust networking platform. Bonus points, it includes SDKs so you can embed ZTN into the serverless function, a colleague demonstrated it with a Python workload on AWS - https://blog.openziti.io/my-intern-assignment-call-a-dark-we....
I'd put it in the zero-trust category if the server (or owner of the server, etc) is the issuer of the client certificate and the client uses that certificate to authenticate itself, but I'll admit this is a pedantic point that adds nothing of substance. The idea being that you trust your issuance of the certificate and the various things that can be asserted based on how it was issued (stored in TPM, etc), rather than any parameter that could be controlled by the remote party.
Completely agree. IP addresses are almost never a good means of authentication. It results in brittle and inflexible architecture as well. Applications become aware of layers they should be abstracted from
Firewalls exist, many network environments block everything not explicitly allowed.
Authentication is only part of the problem, networks are firewalled (with dedicated appliances) and segmented to prevent lateral movement in the event of a compromise
It's not authentication. People aren't using static ips for authentication purposes
But if I have firewall policies that allow connections only to specific services I need a destination address and port (yes, some firewalls allow host names but there's drawbacks to that)
> IP addresses aren't authenticated, they can be spoofed
For anything bidirectional you'd need the client to have a route back to you for that address, which would require you compromising some routers and advertising it via BGP etc.
You can spoof addresses all you want but it will generally not do much for a stateful protocol
> People aren't using static ips for authentication purposes
Lol. Of course they do. In fact, it's the only viable way to authenticate servers in Current Year. Unlike ssh host keys, of which literally nobody on this planet takes seriously, or https certificates which is just make-work security theater.
Agree the article could have been better written but I don't think the fundamentals behind why people are leaving the corporate internet behind are going to change soon. Nobody that left because of trolling and abuse is going back for instance.
This is a weird hill to die on man. Modern ECUs are smart enough to tune the timings in to prevent knock when the wrong fuel is used, at the cost of both efficiency and fuel economy. "Runs" is not the same thing as "runs well"
