Don’t Do Snake Oil Writing
by Ploum on 2025-11-26
In computer security, it is often said that the fact you don’t see any vulnerability in the code you write is no proof that your code is secure. It is proof that you are blind to all the mistakes you made in your shitty code.
The less competent you are, the more confident you will be and the more vulnerable code you will write.
And people will exploit vulnerabilities of your code. Even if you honestly believe in your aptitude, you will end up writing "snake-oil" security systems.
But I’m not a cryptographer. I’m a writer.
When you use an LLM to generate text, the fact that you find the output good doesn’t mean that it is good. It only means that you are blind to the shit you’ve generated.
The simple idea that you think you could get people read your bland generated text and not notice is the proof that you are totally incompetent at writing. You should not trust yourself with that the same way I would never trust myself to check if LLM-generated source code is secure.
Did you really expect nobody to notice that your text was generated? Seriously?
People will notice how stupid your writing is. Some, like myself, will be offended. Other will simply walk away with a bad feeling. One sure is certain: nobody will think it is interesting. Nobody will care about what you wrote. People will simply stop reading you. People will stop sharing you, stop discussing about your writing.
Because you are doing snake-oil writing.
Fortunately, the cure is very simple.
Even if you think that what you produce is bad, be honest, straight. People will notice that you want to improve. Some will even offer advice. You will learn. You will make mistakes, which is an essential part of learning. If you acknowledge those mistakes, people will appreciate your work even more.
Writing secure code is not about magical genius thinking from behind a Guy Fawkes mask. It is about tediously learning patterns of vulnerabilities, about humility that you can’t catch everything alone.
Writing text is not about doing beautiful sentences. It is thinking about the information you really want to transmit. Some really good writers make awful sentences. But they are still good because each sentence gives you something, because you feel information and emotions flowing from the writer to you.
If you are tempted to use an LLM to generate a text, don’t publish the output of the LLM. Publish the prompt! That’s where your information is. It is what people want to hear.
You were tricked into doubting your own ability to write and to use a very costly text generator instead of trusting yourself. This impairs your ability to learn, to improve while insulting all the people that may read you. Like a cocaine addict, you are destroying yourself and destroying your reputation by screaming like a maniac. But you feel good because your brain is altered to believe that "you are better and more productive".
Stop the slop while you can.
If you are holding an MBA and using LLM to generate marketing content, it may be too late. If that’s the case, follow Bill Hicks advice and, please, kill yourself!
I’m Ploum, a writer and an engineer. I like to explore how technology impacts society. You can subscribe by email or by rss. I value privacy and never share your adress.
I write science-fiction novels in French. For Bikepunk, my new post-apocalyptic-cyclist book, my publisher is looking for contacts in other countries to distribute it in languages other than French. If you can help, contact me!