LLMs are not a security barrier. LLMs cannot be a security barrier. They cannot form part of a security barrier. You must place the security barrier between the LLM and the backend systems, the same as you would place it between your web or mobile app and your backend systems. Assume that if the LLM agent can use a service, the human interacting with the agent can also call that service with arbitrary parameters.
The tools you're providing to your LLM agent must never have privileges greater than those you intend to afford to the user who is prompting / interacting with the agent.
You want to use an LLM to make a customer service bot? Sure, you can do that. But that bot MUST NOT UNDER ANY CIRCUMSTANCES be allowed to perform any action you wouldn't let the customer do himself. If it can read your CRM, you need to scope that access to exactly the same access you'd be willing to give the customer directly. Can it cancel orders? That tool must not be able to cancel any order you wouldn't let the customer cancel himself through your app or website.
Don't treat an LLM as if it could replace a human customer service agent, or a human researcher, or a human underwriter, or a human manager. Never make the mistake of believing that the LLM, with any level of clever prompt engineering or attempts at input sanitization, will be "good enough" at not getting fooled. If you trust it with the keys to the kingdom, in the same way that you'd trust a human with those keys, it's a matter of when—not if—you're going to get pwn3d.
Of course, holding this principle, if your autonomous agent can access the web, you must assume that literally anyone on the internet can call any of that agent's tools with arbitrary parameters.
This should be obvious to anyone who has ever developed an AI application. How are these companies deploying LLMs that have access to their full CRM Database and can just email that to anyone who asks nicely?! It truly is the 90's again.
Companies should think LLM just as an user interface, which is operating with the backend; the same principles apply. But the problem is that even today with traditional user interfaces, some companies will forget that the intended user interface is not the only part which should be secured.
In American homes, cables are typically stapled to the wood frame construction, not run in conduit. You have to cut open the finished wall surface to change them.
I run small outsourced IT systems for SMBs. Web scrapers, reporting, stuff like that. Baisically private bespoke SaaS.
About $10k/mo gross revenue and takes a few hours of work a week (unless there’s a downtime event that needs fixing). A lot of upfront work to build some of these systems though.
Got to $2k/mo in the first month of doing this. I don’t recommend working (as a solo operator) with clients who have budgets less than $5-10k/mo. Too much overhead for too little return in that case.
In what little spare time I have left after my day job and looking after two small kids, I put more automation in place to improve reliability for my clients and reduce my own ops time requirement.
I get leads for this by referral from people I’ve done good work for in the past. But it’s the kind of thing you could bootstrap by direct outbound sales, publishing authority-building content to the right business audience, going to conferences/trade shows, or building a referral network from other service provides.
I’ve thought about doing this, but a few reservations came up when I considered getting started with a family friend. I just pictured a contracted ”IT MANAGER” getting rabbit holed into some time-sink extreme;
1. Dedicated operational IT admin:
Dealing with repetitive tasks+requests, like managing customer’s Microsoft environment and on-site infrastructure.. Owning physical and AD infra doesn’t sound like a part-time job.
For e.g; a/v and physical IT asks; like conference room operation maintenance and support, Desktop workstation triage (have you tried turning the monitor on?). The dreaded “can you set up the printer?”…
And what if the customer sets me up as their site’s dedicated AD domain admin? Resulting in repetitive requests for user/access management CRUD operations. And/or micromanagement of tedious things like email and mailing lists…
Or
2. Dedicated software developer, website or business workflows.
Building a website and getting micromanaged or overburdened. (“can you change the logo to blue?” “Can you redesign the whole home page?”)
Or, get pulled deep into providing a business-critical software workflow or application. Fielding sales/exec requests, interpreting their business requirements, and then building AND delivering (for e.g a customer management system) is not a part time job…
How do you operate to keep the scope limited? What steps help buffer yourself from a slippery slope of full-time services?
The word "no" can be very effective. Remember that you control the type of work that you take on.
I have a small side gig building "controllers." By controllers I mean devices that are typically arduino controlled and use peripherals in the arduino ecosystem. They span a very wide range, but are typically very feature-limited. e.g., I have a client who is converting massage chairs to be pay-per-use.
As you noted, it's not easy to keep a service-based business from growing to take over all your time. I manage it by keeping the feature set clearly specified and working on fixed price.
Want to add a feature we didn't discuss? That's another charge. My niche is taking on very small projects that are too small to move the needle for a full-blown engineering services company (I've worked for two) and I always work fixed-price, so I need to be very aggressive about scope creep.
Project scope keeps growing? Either tell the client that it will be a while until I have time to complete it, or, more frequently, that they will need to find someone else. This is pretty easy to say because as mentioned above I'm clear about only taking on small projects.
I've had people who basically want me to be their engineering department. That's a hard "no:" I simply don't have the time.
I don’t take on huge IT projects anymore, or ones that have potential to require lots of changes over time.
Used to do this as an agency principal and it involved a lot of time spent managing clients and projects and subcontractors. Drove myself crazy and took a couple years off after nearly burning out.
I look for projects where the software solves a single targeted business problem and can quickly get to “done”. Then the client is happy to pay for ongoing maintenance/ops, so any additional effort I put into the software is around reducing my ongoing workload.
A couple questions, if you don't mind. How did you go about finding clients? What is the nature of the work agreement—project-based, hourly, or something else?
I work mostly in the travel industry. First client 10+ years ago came from a friend who worked as a manager in a large company and needed some special software built to improve his unit’s results - the existing contractor was not good and internal IT did not have time/skill.
Follow on work came from other people at that first client company who knew my work and went on to work at other companies.
Significantly more than $200, but we had motorized external screens & shutters put on the bedroom windows. I flashed Tasmota onto some cheap Sonoff modules to control the motors and integrated via MQTT into Homebridge so we can easily set schedules or ask Siri to put the shades up or down.
We're sleeping so much better with the room mostly blacked out (we also have rear neighbors with bright lights, and cats that roam the neighborhood and set off everyone's motion sensors all night).
Having an exterior covering on the southwest-facing windows has also massively reduced the need for cooling in the summer — our original reason for having the install done.
Our bedroom has ~99% light reduction with the external screens, and our toddler's room upstairs has completely opaque roller shutters and gets DARK, which has made for very easy nap times and great overnight sleep. When we ask Siri to wake the kid up, a scene is executed that rolls up the shutters, turns on the overhead light, and plays a happy song on the HomePod. Always puts him a great mood.
Did you file a CA tax return? If not, it sounds like they "estimated" one for you based on your past earnings and when you didn't pay it, they seized the funds.
You should be able to sort this out by filing nonresident returns for the years you were absent. If the state wants to contest the return, then you see them in court. Otherwise they have to refund you.
On the advice of my tax advisors, I've made a point of filing nonresident returns for multiple years after moving out of a state (and out of the USA), even if the earned amount is $0 and the owed amount is $0.
This starts the statute of limitations (where applicable) and it puts you into the bucket of "people who have filed tax returns, which we may or may not audit" versus "people who have not filed tax returns, who we may or may not think should have filed a return".
At the point where you stop filing nonresident returns, you ought to make sure you have essentially zero ties to the state. The nonresident returns you filed should have had a mailing address in a different state. Your drivers license should be from a different state (or expired). You should not be registered to vote in the state. You should not have any bank, brokerage, or other financial accounts with an address in the state. If you own a business, it should not be registered as doing business in the state. No one should be 1099'ing you at an address in that state. Anything that the state's tax board can access in their databases should point to you living elsewhere.
[Obligatory disclaimer that I am not a tax attorney and this is not legal advice. Consult your accountant or a competent attorney as your case may dictate.]
> At the point where you stop filing nonresident returns, you ought to make sure you have essentially zero ties to the state. The nonresident returns you filed should have had a mailing address in a different state. Your drivers license should be from a different state (or expired). […]
All of this rigamarole is probably necessary because there have been people in the past that were (tax) residents but tried to argue they were not to get out of paying what they owed. So now all the honest people have to jump through extra hoops because some yahoos in the past tried to 'work' the system.
Does anyone know how to tell the FB "pixel" to stop sending the query string to Facebook?
Facebook now alerts you if you're sending what looks like PII to them in the query string, e.g. parameters named "first_name", but after extensive Googling I couldn't find any way to tell the FB code to strip off the query string before sending conversion events back to the mothership.
It's not exactly easy, but with Google Analytics it's at least possible to redact the URL before it gets attached to the transmitted event.
The only thing I could think of was to do for Facebook was to use a redirect (or the History API) to strip the query off the URL before loading the FB pixel, but this will break any other embeds that are relying on query params for e.g. form-filling.
I set up a DNS entry in my hosts file for all facebook/meta domains (https://github.com/jmdugan/blocklists/blob/master/corporatio...) to be blocked (routed to 0.0.0.0). The effectively blocks any data from the "pixel" because when it tries to send it, the request fails.
Your co-founder's code is mostly worthless at this point without the continuing involvement of the co-founder. Developers have their own idiosyncratic coding styles, and without a multi-member dev team providing continuity of design, I expect that a new developer would rewrite it as the product evolves.
At the same time ... if you've been at this for 6 months already and you don't have any meaningful traction, you should strongly re-evaluate whether this is going to be a viable market for you.
FWIW, figuring out what to build is often more difficult that building a product. It would probably take much less than 6 months to rebuilt the product given the knowlege you've gained along the way. Maybe it's worth getting a new technical partner or hiring some devs and re-building the product. Perhaps you can ask your co-founder to let you use the current product and pay for support in the meantime while you find a team to build the next version.
This is a great point. I had thought a little about this but wasn't sure to what extent this code would have value with a different technical partner. Thank you!!
Agree on the lack of traction - I'm not convinced it's dead yet, but I recognize there will soon come a time when it is time to put this behind me, I'd just like to try a little harder before doing so.
I once negotiated my rent up. In the tight rental market pre-COVID, I needed a place for my family while we waited six months for the purchase of our house to close.
Our current living situation was intolerable due to unending construction noise next door, and the minimum time you could rent an apartment for was 6 months, so it was a matter of moving right now or being stuck until we took possession of the house.
Found the perfect place, at a reasonable price, and of course there was tons of interest in it. I insisted on getting the first viewing appointment, put in an application immediately, and offered the landlords an extra $50/month on top of the rent they were asking.
So, of course my application was the one they accepted. In this situation, $300 very well spent.
That makes sense, I am remember contacting too many too good to be true ads without response.
I came here to save $ but I guess I will spend more thanks to this thread
An overboost would have been catastrophic for the mission.
JWST has thrusters on only one side, and to correct for an excess of velocity it would have had to rotate such that its instruments faced the sun, ruining them instantly.
As such, the mission design called for a deliberate underboost, to be made up for by JWST's own precise thrusters. But a more precise launch vehicle means that the error bars are smaller, and they can use a much smaller underboost than would be required from a less precise launch vehicle.
The tools you're providing to your LLM agent must never have privileges greater than those you intend to afford to the user who is prompting / interacting with the agent.
You want to use an LLM to make a customer service bot? Sure, you can do that. But that bot MUST NOT UNDER ANY CIRCUMSTANCES be allowed to perform any action you wouldn't let the customer do himself. If it can read your CRM, you need to scope that access to exactly the same access you'd be willing to give the customer directly. Can it cancel orders? That tool must not be able to cancel any order you wouldn't let the customer cancel himself through your app or website.
Don't treat an LLM as if it could replace a human customer service agent, or a human researcher, or a human underwriter, or a human manager. Never make the mistake of believing that the LLM, with any level of clever prompt engineering or attempts at input sanitization, will be "good enough" at not getting fooled. If you trust it with the keys to the kingdom, in the same way that you'd trust a human with those keys, it's a matter of when—not if—you're going to get pwn3d.
Of course, holding this principle, if your autonomous agent can access the web, you must assume that literally anyone on the internet can call any of that agent's tools with arbitrary parameters.