As I had previously explored, there is now a great potential for anyone using commodity hardware, even that which can be purchased at your local Costco, to enable sovereign AI capabilities. From simple code generation inside Visual Studio Code, to generating function-level code blocks based on prompts of desired functionality, to doing in-depth security analysis …
In my first comparative analysis of local LLMs I looked at Using a Local LLM | Function-Level Code Generation and Accuracy. As I continue my investigation into the use of a local LLM on commodity hardware (specifically an RTX 5070 TI), I want to evaluate how each of the models does when analyzing source code …
As part of investigating the use of a local LLM on commodity hardware (specifically on an RTX 5070 TI), I wanted to step away from the more standardized testing (e.g., LiveCodeBench) and do a highly-unscientific, gut-check on what to expect. I mean, in the real world, what do those scoring numbers actually translate to as …
Read more “Using a Local LLM | Function-Level Code Generation and Accuracy”
With AI-based code completion being the latest rage, I wanted to check out the basics of local capabilities that are available as an alternative to Cursor‘s hosted services. The primary prerequisite that I have is that it must have a native plugin for Visual Studio Code. This search brought be to Llama.VSCode, which (among other …
Read more “Using a Local LLM | Visual Studio Integration – Code Completion with WSL”
Note: This article is a copy of one that I have written for the compliance.engineering blog. Check it out! In my previous article I was discussing the need for accurately describing system architecture in a way that would enable consistent discovery, documentation, and dissemination of these details across internal teams, with outside auditors, as well …
Note: This article is a copy of one I have written for the compliance.engineering site. Check it out! The organizational dilemma of understanding systems Every day decisions are made, from the low-risk decision on how you would like your coffee or tea, to high-risk decisions on organizational strategy or accepting the implications stemming from proposed …
Until the creation of the European Union’s Digital Operational Resilience Act (DORA) (2022/2554), there hasn’t been much need for those of us in the U.S. to be aware of Threat-Led Penetration Testing (TLPT). DORA’s text also isn’t explicitly clear around what this TLPT is, or what makes it distinctly different from the average penetration testing. …
Read more “E.U. DORA – Threat-Led Penetration Testing, what is it?”
A while ago I had the opportunity to explore the use of Retrieval-Augmented Generation (RAG) with the use of both internal and public LLMs, including various GPT and Llama models. The opportunities here are extensive, both for good, as well as harm if not implemented with proper oversight. Here’s a high level overview of that …
Wazuh provides and extremely valuable view into the security health of your systems. However, there are times where the default, out-of-the-box rules don’t work well for you. There’s a nice tutorial on custom rules in the Wazuh documentation, however, it wasn’t apparently clear to me the hierarchical nature of these rules. As a consequence, when …
There has been a lot of great work done to generate STIG baselines for the various VMware products. This content is publicly-available on Github under the vmware/dod-compliance-and-automation repository. As I’m currently focused on using VMware Photon 5, I’m going to explore that process with you now. Initial Testing Before applying your STIG, you’ll probably want …