DON’T DO SNAKE OIL WRITING
by Ploum on 2025-11-26
https://ploum.net/2025-11-26-snake-oil-writing.html
In computer security, it is often said that the fact you don’t see any
vulnerability in the code you write is no proof that your code is
secure. It is proof that you are blind to all the mistakes you made in
your shitty code.
The less competent you are, the more confident you will be and the more
vulnerable code you will write.
And people will exploit vulnerabilities of your code. Even if you
honestly believe in your aptitude, you will end up writing "snake-oil"
security systems.
Schneier on Security (www.schneier.com)
https://www.schneier.com/crypto-gram/archives/1999/0215.html#snakeoil
But I’m not a cryptographer. I’m a writer.
When you use an LLM to generate text, the fact that you find the output
good doesn’t mean that it is good. It only means that you are blind to
the shit you’ve generated.
The simple idea that you think you could get people read your bland
generated text and not notice is the proof that you are totally
incompetent at writing. You should not trust yourself with that the same
way I would never trust myself to check if LLM-generated source code is
secure.
Did you really expect nobody to notice that your text was generated?
Seriously?
People will notice how stupid your writing is. Some, like myself, will
be offended. Other will simply walk away with a bad feeling. One sure is
certain: nobody will think it is interesting. Nobody will care about
what you wrote. People will simply stop reading you. People will stop
sharing you, stop discussing about your writing.
Because you are doing snake-oil writing.
Fortunately, the cure is very simple.
Even if you think that what you produce is bad, be honest, straight.
People will notice that you want to improve. Some will even offer
advice. You will learn. You will make mistakes, which is an essential
part of learning. If you acknowledge those mistakes, people will
appreciate your work even more.
Writing secure code is not about magical genius thinking from behind a
Guy Fawkes mask. It is about tediously learning patterns of
vulnerabilities, about humility that you can’t catch everything alone.
Writing text is not about doing beautiful sentences. It is thinking
about the information you really want to transmit. Some really good
writers make awful sentences. But they are still good because each
sentence gives you something, because you feel information and emotions
flowing from the writer to you.
If you are tempted to use an LLM to generate a text, don’t publish the
output of the LLM. Publish the prompt! That’s where your information is.
It is what people want to hear.
You were tricked into doubting your own ability to write and to use a
very costly text generator instead of trusting yourself. This impairs
your ability to learn, to improve while insulting all the people that
may read you. Like a cocaine addict, you are destroying yourself and
destroying your reputation by screaming like a maniac. But you feel good
because your brain is altered to believe that "you are better and more
productive".
Stop the slop while you can.
If you are holding an MBA and using LLM to generate marketing content,
it may be too late. If that’s the case, follow Bill Hicks advice and,
please, kill yourself!
Picture by Jeff Nelson
https://commons.wikimedia.org/wiki/File:Snake_oil_ink_stamp.jpg
