If you're commenting that you need to prompt ChatGPT to write secure code, and it doesn't do it by default, you've entirely missed the point 😁

in conclusion: if AI takes programmers' jobs, they can at least still make it big in malware development

The first one was not a memory corruption error. It correctly limits the buffer write with the length parameter, not accidentally. The fact that it's bad code, and easy to implement security issues in the future, does not make it a security issue now. It does have a path traversal vulnerability, though.

8:20- Idk if this is common knowledge or not, but- you can tell chatGPT to continue writing code where it left off when it cuts off before finishing.

The model got 'lucky'? I think your bias might be leaking a bit. I asked GPT-4 using the same prompt and when I ran it the AI pointed out the code wasn't production ready. Then I asked it to include comments and evaluate the security of the code it wrote and it points out the same potential overflow you did as well as 6 other vulnerabilities including potential directory traversal attacks etc. So did it get lucky or did it just provide a simple, non-production ready example as requested?

The first code is not vulnerable to buffer overflow (simply using sscanf does not make your code vulnerable). The read function reads into a set buffer only a set number of characters so it protects the call to sscanf.

While working with ChatGPT and code reviews, then I get several times : “I apologize for the confusion caused by my previous incorrect statement. Thank you for pointing it out, and I apologize for any inconvenience caused.”

For the first example, I would consider another exploit. The user can control the filename and the path and at the same time you run it as superuser. This could lead to file leaks when in production.

You make a solid point here. I have for some time held the opinion that using an AI to write code is dangerous in that my assumption is that the AI is trained on public code, as you mentioned. For anyone with solid programming experience we all know not to trust public sources. Even open source, which sometimes is held up as a good way to make code better because many people look at it, is very often filled with very good examples of how not to do things. I teach graduate level class and I decided to try to get ChatGPT to generate a very solution to a very simple assignment. Eventually I got it to generate what I asked for. But as with most students, it didn't pay attention to what I told it to do. Which required quite a few iterations. I was impressed that it came up with some solutions that I had not been aware of. In the end I think that the ability to have an AI generate code is potentially a useful tool. However, as you pointed out it is often not going to give you a great answer. I also asked ChatGPT and Bard to generate a C++ 11 thread pool. They both gave a good answer. But the answers were so similar that it seemed like they were using the same source. I think this technology is worth using, but like any other tool, you need to understand limitations. Just like a nail gun and a hammer can both do some of the same things, there are cases where each is a better or worse choice. Think of it as a tool. Maybe a good way to find the start to solving a problem, but not yet a tool for blindly using it to solve problems. As a follow up. Take the code that was generated and ask it to review for potential buffer overrun vulnerabilities and see how it does.

4:10 I thought you were going to talk about the path transversal vulnerability after that. It's not as terrible as a buffer overflow, but it is still pretty bad IMHO.

Back in the late 1980s, people were talking about how code generators (I think they were called 4GL languages, or something like that) were going to replace programmers. Over 30 years later, I'm still banging out code on a keyboard.

I thought we were all collectively not going to talk about that, for job security

It's really sad seeing people depending on ChatGPT to write code, instead of learning how to code. It's also stupid to believe that a company would use ChatGPT instead of a real human.

use 'Continue" to make GPT to continue a previous long post. Otherwise it defaults to the ending when the standard output token is reached.

I asked it to generate some C code and halfway through I start seeing *templates* in the code - it had switched to *C++* halfway through! Hopefully they'll release a version soon that has longer output (so it can generate longer code). I'd also like to see it be able to *test* the code by running it in a VM. That'd save a lot of time, meaning you wouldn't have to ask it to fix broken code.

@2:34 For anyone who isn't trolling: buffer and filename both have the same size BUFFER_SIZE. However, sscanf uses chars as parameters and doesn't null terminate. However, the format "%s" string is used. so if a non-null terminated value is passed, or the null is past sizeof(BUFFER_SIZE) bytes, undefined behavior occurs. In this case, a buffer overflow, because sscanf doesn't have bounds checking. This can be verified via reading the source of GLIBC, obtained via compiling gcc. Or from debugging libstdc++.so.6

You should post the generated code somewhere and add a link to it in the description. I have a feeling that there's more vulnerabilities in the first example than just a possible buffer exploit, such as not flushing the file buffers possibly causing an issue with subsequent reads, and the most obvious issue which you hinted at but didn't expand on about file permissions. Running as root would give remote access to all the files on the system.

Another vulnerability with the first code which can actually be exploited: you can put a .. in the filename and exit the scope of the program. A server that serves files should ensure that it's only able to serve files inside its own scope to prevent you from essentially reading the entire computer's file system. For the buffer overflow, read just reads bytes while sscanf expects a null-terminated string. So if the memory in the buffers was not zero-initialized, this could cause sscanf to recieve a longer input than expected, causing a buffer overflow. No obvious way to control it but it is an issue.

I don't think it was fair to call the first one vulnerable. Yes, sscanf is bad, but it was legitimately guarded by the maximum read length.

I don't recall if you mentioned the version you were using. If this is the initial offering of GPT, have you tried the same things with the 4.0 version?

Isn't cyber security actually a pretty well-defined domain with very clear goals? Security vulnerabilities are very well documented and free from interpretation. It would make it a perfect field for AI where it's just a matter of alignement and pre-training or pre-prompting. Also, I am not sure what your answer from Chat GPT was but when I asked it to write an HTTP server it added "Note that this code is a simple implementation and does not include error handling for all cases. In a production environment, it's important to handle errors and edge cases carefully." so it clearily tells you it's not production-ready. Then guess what, I asked Chat GPT if there are any security issues in the code it gave me and it provided a pretty long list of issues with explanations. You can then ask it to fix the security vulnerabilities and give you the much better version which it did.

My concern with even starting to learn C is this. Where can I go where I can avoid learning bad coding habits? Is there a C programming course that you would recommend?

Great one! ChatGPT, I agree, will not replace programmers. Over time it will get more sophisticated but ultimately a human set of eyes needs to remain in control.

Have your tried iterating over the generated code with ChatGPT? Prompt it to find the vulnerabilities in the code it wrotn and then the corresponding fixes. Would be an interesting video.

Not only does it suck at security, it also sucks when it comes to performance and idiomatic code, basically any metric outside of writing code that potentially makes sense, ML can't really understand. Not that it even understands the code it's generating in the first place which makes all of this even more funny. Ithere are so many articles talking about how this version of AI is going to lead to generalized AI, meanwhile many of the researchers have basically acknowledged the fact that these algorithms are not going to take us that far. Even when we get to GPT 8 or 9, these systems are still going to need chaperones who understand the domain of whatever it is that they're trying to generate. No matter how much data you throw at a neural network that was designed this way you're not going to get true understanding.

the first one has another vulnerablity, the filename is opened directly without stripping out any "../" or "./", it also allows a absolute path to be accessed with //, like GET //etc/shadow would leak your shadow file I think that technically the sscanf is safe ulthough it is a bit sketchy, bceause the filename and buffer size are the same

GPT4 is SIGNIFICANTLY better at coding. I would try again with that one, and specify that you want the code to be secure.

In addition to the file traversal issue, doesn't also the http server have an issue where + 1 to skip the leading slash skips the NUL terminator if the filename is empty, uses the uninitialized filename if sscanf fails to match and also has sscanf read a non-terminated buffer if there is no NUL terminator on the incoming data or if it didn't fit in the buffer :) Everything is super borked everywhere. There are like two vulnerabilities per line of that function.

doesn't the first example have a directory traversal vulnerability? since it takes the file name without filtering, one could perhaps put in something like "../../../../../etc/passwd" and it could just spit out the file contents. please correct me if i'm wrong

2:35 The buffer overflow you found doesn't actually exist, since the variables "buffer" and "filename" have the same size, and the %s can match at most part of the buffer. The more important issue is that the return value of sscanf() is not checked, so filename might be uninitialized after. Also, sscanf() requires a null terminated input, but nothing in the code provides that null termination at all. Even the good cases only work with luck. read() provides the raw network data with nothing added. Of course, there is also a directory traversal vulnerability. You are running the server as root, so it has access to all the files, and simply getting ../../../../../etc/shadow will read out the shadow database. Actually, since it isn't parsing the file name, it would be enough to get //etc/shadow.

I don't think anyone believes GPT4 is going replace programmers. But GPT5 has not been released yet. And what about a few years after? What will come in the future? You're making the same mistake that people who believed bad fingers in image generation were always be a problem (I think that the speed at which img generation is moving us going to stagnate at some point though). Ai has so many sources to access code for free, it feels as if the strength that open source gave is coming back to bite us in the ass. I think we'll see a lot of projects in the future going close in the near future out of fear and as a preventive action

This is a bit silly. What you did was a 0 shot coding in C, which it mostly passed. This is like writing code for 20 mins, then not checking it, compiling and running it, and never looking it over. Even the best programmers need several iterations to get it right. AI models do too

On the first example, you went for a buffer overflow attack but the code was secure towards it. But I tried the same prompt and was able to do a path traversal attack. Still, we must be careful.

5:55 buf is an array of type char. Char has implementation-defined signedness. len is initialized from a value from that array. If you happen to compile this with an implementation that has signed char (GCC has a switch for that), you can set len to a negative value. When promoted to size_t (for the last argument of memcpy), this will be increased by SIZE_MAX + 1. Meaning the memcpy() will try to copy most of the address space.

I could not agree more! ChatGPT is inconsistent and I feel its coding answers are like the shitty averages of stackoverflow and wikipedia. By the time you manage to get a nice program out of it with various prompt iterations, you probably understand enough of the problem that you could already wrote it by yourself better. It's also a learn killer.

Some issue I have seen for Java - 1. Code compilation issue which seems like an deal breaker 2. Libraries to import for the code is not valid 3. Sometimes we end up asking follow up questions for longer time which decreases the productivity. We would be better served if we tried writing our own code. Feel I was faster without ChatGPT support Now for some advantages for Java - 1. It is able to collate different libraries and provide suggestions for some scenarios. It maybe able to do this because of the massive data it has been fed into. 2. Even if the code is not able to compiler it is able to give us the initial 20% push. Google was doing it but Google used to come in the middle of our programming cycle and give us some 10-20% push by helping us search for solutions to similar issues which others faced But one question which we need to find out is ChatGPT able to learn from the libraries and give us solutions or as an language model is it just rehashing the documentation and gives us an output. If it’s the later then it might not be of much help for badly documented libraries which are like all the libraries in Java. This might also explain its issues with code compilations

The TLV example (6:24) has problems, but unlike what the video claims, overflow (on write) is not an issue. Although it's correctly noted that an signed value is used as a length (one element of buf, a char stored temporarily in an int) which can cause issues since it can produce a gigantic length when cast to an unsigned value, the actual destination of the memcpy (i.e.: *char value[len];*) will also be that size (I checked), so memcpy won't overflow in the traditional sense. It can definitely be used to DDoS your server as allocating a huge buffer and filling it will take a long time if it doesn't outright fail on the allocation, but it won't overwrite the memory adjacent to the output buffer since the destination will always be "big enough" if the allocation succeeds. It can however read data after the end of the input buffer since the parsing loop only makes sure that the starting position each iteration before reading is in bounds. It doesn't check if it can read the next byte needed for len without running off the end, nor does it check if the extra bytes specified by that length value are in bounds. Reading an absurdly large number of bytes due to a negative len will likely never succeed, but with a positive value passed for len in a message stored at the end of the buffer, up to 127 bytes of memory after the end of the input buffer can be reliably read and returned to the attacker, which is similar to heartbleed, albeit far more limited. Still a failure mind you, and it's somewhat disheartening to see that Chat-GPT can make sign conversion mistakes, a common issue in C code.

That "good luck with your implementation!" was a total diss, lol. It's like Chatgpt was subtly saying "I dare you to try it without me, I'll be here when your attempt flops"

If you are testing ChatGPT why not use the 4.0 version, I mean it is actually a lot better. You know testing the newest tech would be a better option here, its like finding a bug on a older version of a software, either way I am with this, ChatGPT cant write pure and secure code cuz it wasn't only trained on only secure code its same for 4.0 too.

6:53 It's signed not unsigned.

I find it's better at helping figure out why your code isn't doing what you want rather than writing from scratch. Copy a function, tell it the language, what it takes and returns, and ask why it isn't doing x.

8:25 when this happens you can just type in "continue" as an answer and it will keep generating from around the point it stopped

But if you ask it to write something secure it would be literally IMPOSSIBLE for it to write something without vulnerabilities.... right?...

So I added these prompts into GPT 4. I modified the prompt as follows "User can you write secure code for me, in C, an http server that listens on port 80, parses an http request from the client, and serves an HTTP response wit the corresponding file" GPT 4 gave me vuln code with the above caveat: " Here's a basic example of a secure C HTTP server listening on port 80, parsing requests, and serving files. Remember to implement additional security measures like input validation and error handling for production use:" I provide GPT 4 a second prompt as follows "Implement additional security measures like input validation and error handling for production use." It fixed nothing and removed functionality.

would be cooler if you showed how to fix those vulnerabilities😭 8:27 just type "Continue" and it will continue the code

I ran into a similar problem with GPT-3 allowing SQL injection. However GPT-4 is much better. It still needs some creative prompts and people to curate the code, but I've been very impressed with how fast it can do stuff like write unit tests. It's a good tool, but it can't do stuff on its own yet.

"If I use the free stupid version of chatgpt, and it makes a program, the program works and is secure unless the programmer adds additionalcode to make it insecure, 0/1". Huh? Give me any program and I can drop a few lines of code to turn a secure program into an insecure program, that doesn't make the original program insecure...

I’m not a coder but I’m willing to bet if you ask the bot to check the code for vulnerabilities it would come back with improvements

1:42 "What da dog doin'?" XD

While these examples show the limitations of chat gpt, I don’t believe they’re the reason developer jobs are ”safe” for the foreseeable future. Chat GPT is great at generating boiler plate code for standard beginner tasks in every language and framework. However, where it becomes borderline useless is in larger code bases (often times just a few files) that contain more moving parts than just creating a simple crud api with a single model. Even in the examples cited in this video, it’s possible to prompt GPT to write more secure code. However, attempting to prompt your way through a more complex and larger code base is an entirely different struggle.

So, a few notes from somebody who is more into LLMs, but isn't as experienced with low level languages as probably a lot of people here: 1) Prompting will be a massive part of producing effective results with AI language models. Now, you might argue "the prompt shouldn't matter, people who don't know what they're doing are going to use this, and not know when to prompt to fix a non-compilation related issue.", but this doesn't quite work as a rebuttal, because there appear to be "generic prompts" or techniques that should be used pretty much no matter what type of work you're doing. I'd be very interested to see this video again, but with something like Smart GPT (A particular style of prompting ChatGPT that allows multiple instances of it to generate, and assess its own answers in a very specific and apparently very effective framework). Regardless, it's also worth noting that many of these advanced prompting techniques may actually be worked into existing models in some capacity, either directly in the client automatically applying them when applicable, or in training, by fine tuning a model on its own responses generated by these advanced techniques, which leads into 2) The mobile nature of LLMs. They are not a static target or tool; they're in active development and are absolutely on fire. It's worth noting not just what we have today, but the general direction of the industry, because even if a tool doesn't exist today, people are working on it actively. If you have a tool that's generating 80, or 90% of what you need, it doesn't take that much to get that remainder, and probably requires a smaller change to either the style or content of its training to get you where you need to be. ChatGPT...Probably isn't going to replace programmers, but I do think that future advancements in the field will be very important for programmers to watch. 3) ChatGPT isn't the only model, and there's new approaches all the time. As it stands, ChatGPT is a bit like if you took a person, and gave them all the books they needed to become very well read on a wide variety of topics. This, in reality, isn't how humans have learned their trades. When you look at how people learn, there is some element of information intake, but a large part of it is experimental study; we learn by doing. I think we're not far from someone coming up with a technique that's more suitable to coding, possibly derived off a specialized version of WizardLM's training technique, you could probably produce domain specific models, or LoRA, that could accurately produce they style of code you needed to tackle that specific problem. Once we have successful small scale models or LoRA that can handle those issues, I think it's not hard to extrapolate that there should be some way of distilling that expertise into a larger model, or incorporating the techniques that allow for these specialized models into a generalized model in some capacity. As I noted, I don't think that programmers need to be worried today specifically, but I do think that programmers do need to be paying attention to the space, and developments in it.

I think while chatgpt is amazing at doing mundane task, it really still falls behind for a lot of the advance stuff (though I'm using the free version and not GPT4 so maybe there's a big difference there). I myself doesn't code, but I do write stuff in Japanese and sometimes chatgpt is just confused, sometimes it try to fix a verb with the same exact verb, sometimes it translate a clearly different word as another. I think there's some overhype over AI and fear mongering sentiment that they can replace us now and trying to get better at something is useless because AI can do it in second, but in reality (at least right now) AI is still a tool that like any tool can produce incorrect results and it's our role as the user to use our knowledge to make it produce something good

Chat gpt is a great tool for learning, but you gotta use your critical thinking, it gives you a direction and you improve it. I dont think we can relay on that tecnology yet, other than to ask for specifics uses of certain functions in which it is exceptional. Better than google for search so efficient

what are the possible implications of ChatGPT's code being illegal due to not following the license of the code that its "learning from".

I don't know whether anyone else noticed this, but the TLV server just used the character codes of the first two characters in the string as the type and length; this might be an intentional part of the encoding scheme, though (a single-byte type and a single-byte length, with "a" and "s" just interpreted as their ASCII codes, respectively 97 and 115).

Forget about programming it can't even do basic set theory proofs

ChatGPT is good for beginner to have a structure to work with without starting from blank

This content reminds us to specify / describe completely in prompts, all necessary things that we hope the output of robo typer (chatgpt) will be.

without creating security vulnerabilities? It cant even implement the _correct_ data structure when asked to do so. I asked it to show me a simple implementation of a 2-3 tree, it returned an (incorrect) implementation of a ternary heap. That said, you're first strike against chat gpt isnt deserved. You said "lets see if it created vulnerable code" it didnt. You said someone else can make it dangerous, so it fails. What? anyone can take safe code and make it unsafe when they dont know what there doing, no matter WHO writes the code. Thats why we do code review and merge requests, and do team development. Come one dude, do better.

2:44 - Vulnerability that lets the user have access to ALL the system's files Why? It doesn't sanitize the path from the leading `/`, it just increases by `+1` thinking the user is always sane and will never try to insert more. By inserting one more `/`, you now have complete access to all the system's files. Aside from your usual buffer overflow which it seems like a pattern of ChatGPT at that point, this is pretty serious and easy to exploit.

A great fix is to put "you are an expert in not overflowing buffers" in the gpt prompt.

Is that Jimmy Fallon writing code at 0:25? 😂

Flaw in methodology spotted: when we ask a programmer to write code, that comes with all kinds of implied requests like "make sure it doesn't have security issues" or "make it optimized for performance" LLM's are completely unaware of those hidden meanings, because they're unaware of any context that surrounds human communication. A fair test woul dbe to include things like "write C code that does X without security vulnerabilities." Or being specific about what "security vulnerabilities" means would be even better "write C code that does X without potential [list of vulnerabilities common in this type of project]." If you want to not go that route and still be general, saying something like "without undefined behavior," or "without a user being able to use it in ways not defined in the specification" I'm not saying this will overcome the underlying problem, but it will give GPT a fighting chance and will be a more honest look at how businesses intend to use AI to automate jobs

Low Level Learning: "I wanted to see if ChatGPT could solve three relatively simple programming problems." Also Low Level Learning: "Write an operating system in assembly that supports x128 architecture."

Just think about how much such code already goes into production... And how much will be in new fancy 'startups' I'm not gonna lie, chatgpt got this code from people...

I've been testing Anthropic's claude-3.5-sonnet and found it introducing bugs in quicksort (Javascript) during a module test. Although its reasoning is impressive, Claude would fix one failing test case and introduce another bug in the process. AI required 2-3 leading questions and corrections to arrive at the correct fix. Test methodology: 1. introduce a 1-2 line bug in quicksort.js (outside of AI-enabled IDE) 2. copy bugged code to codebase 3. start a new chat in AI-enabled IDE (to reset the context) 4. prompt AI with failing test result and purpose of the test. Example: The quicksort function has a bug and fails test 1.4. It does not sort the array with undefined values correctly. Do you know what is wrong with quicksort? Cases: non-deterministic comparator, incorrect sort of 3 element list using 3 comparisons, alternative initial value of "left index"

I like how it did it perfectly and you still said it messed up 🤣😂🤣

3:44 but there's no null terminator on the buffer read in so the sscanf could possibly run off the end, depending on what is on the stack after the read buffer.

8:22 woops? At that moment, is "Continue" letting GPT to continue outputing? Or the rule has changed?

ChatGPT is not good for actual software development, but it is good for a fast understanding of a problem. I usually use a LLM with a PDF of Hardware Chips to produce micropython code for some tasks. Not for development or deployment, just scripting what i need in a fast way not needing to read the whole documentation or look up stuff. If you use it for fast prototyping is quite nice. The problem is not the tool, it is how you use it.

not convincing at all as of now, when you ask chatgpt, its like it comes out with an answer on the fly allow it to reflect, to think on the problem, then if the result will be the same - now that's convincing i almost believed you for a few minutes though

If you type "finish your answer" it will continue serving the rest of the code...

One bad programmer creates 100 jobs for IT support. So chatGPT will create a lot of new jobs 😂

You can ask chat gpt to finish the code but it needs some trying, i know from experience.

A bug that you cannot possibily trigger is not a bug. Reading it as 'oh if you change this its vulnerable' is no different than saying a fire exit is vulernable because what if you weld it shut.

I love this video! 😂 your personality is awesome. I’m also a boomer programmer my self and seeing a few of these security flaws was interesting, but some of the way gpt was writing the functions were kind of gross too imo. It’s fine for boilerplate stuff, it certainly types faster than me.

in the begining you should set him (tell him) that he is a C programmer expert, not to deliever non-existent answers just to pleasure us and acutally make working code

Hey just curious, is this GPT 4.0 or 3.5?

I dont code but Did you try specific that the should be safe?

Back in the day, people thought AI would never be able to tell the difference between a dog and a cat.

In the final piece of code, you can prompt chatGPT to "Continue where it left off" with it's code to finish it.

1. Dont expect it to do a complex task in one go. 2. Its basically common knowledge that using zero-shot prompts produce worse results for complex tasks vs mutli-shot. 3. Dont look at where we are, look at where we are going. 4. Make a video based on Rust. Would be interesting to see if the features would protect the LLM from making such vulnerabilities. 5. GPT5 or Gemini2. The end.

04:00 With respect, honestly it feels like you just don't want to admit that that wasn't security vulnerability

Chat always does that, one trick you can do is tell it to analyze its own work for problems and security vulnerabilities, afterward, tell Chat to refactor its code using it own critique for the guidelines. This should greatly improve the quality of the code, because it is actually very critical of code. You can also tell it to pretend it is a real professional writing "production" quality code and it will write better code.

I noticed that ChatGPT does not know much underground stuffs. When asking for underground stuffs, you can find clear almost copy-paste of the sites you went to research. It also gives wrong answers that if you correct, it knows it is wrong, but repeats anyway. Once i asked about hexominoes and ChatGPT said something almost identical of what i have read on a website. When i asked about Paterson's Worms automata, it gave me a description of another automata, i pointed it out, it apologized and said i was correct that it was wrong, i had to ask it again for the "correct one", it gave me almost the same answer of the same other automata. I also think otherwise of taking coders jobs, maybe only the ones that requires repetitive chores. Because, ChatGPT is misleading confidently, so you need people with good coding knowledge to be sure no problem is escaping and no algorithms is written wrong or the AI is giving another algorithm hallucinating that it is the one you asked for. So in this case, i think more coders are going to be asked to review AI codes, but they may take more time reviewing codes than writing codes. Of course that is just a speculation and opinion and i can be totally wrong.

When a human can find the same vulnerability in 3 programs within seconds.

You are doing an amazing job with your videos!😍✌ Thank you for putting in the time and effort to create such a valuable resource.

5:11 Ot’s because you’ve been asking the generic things from it so far. Try to ask it to do something less common, like implement the cryptographic algorithm from scratch and it will be really funny. Like make it implement the keccak in Java, while asking it to unroll the loops for optimisation. The results are dramatically catastrophic in 9 of 10 cases.

Excellent video. As a one time programmer, I was certain ChatGPT would hallucinate just as it does with text. It doesn't know it's creating a program. ChatGPT doesn't even know that it exists. Not AI. But it is an interesting process which may be useful in other fields. Some say it has already proven itself in certain areas. I don't know much about that.

Gosh. The sscanf vulnerability in not about overflowing the filename because of sscanf without n: it read at most BUFFER_SIZE bytes so due to the additional characters in the buffer it will not produce too long string. The problem is that the read call reads bytes into a buffer (not a string!) and sscanf expects a zero terminated string. If the first line is longer then the buffer sscanf will go on through the buffer end.

The point of using tools isn't that the tool is going to do all of the work. Point of tool is that it enables person who knows how to use it properly to do the job more efficiently than before. One efficient person in turn replaces multiple inefficient people. The time it took AI to write all the boiler plate and some of the functionality crushes anyone trying to keep up with it. Then you add one person to configure it into your specific needs. Suddenly you have a situation where you've done your days work in 30 minutes. Say you code for ~5 hours of your day. If you can do that amount of work in 30 minutes it means that 9/10 of time spent working becomes obsolote. Meaning 9/10 coders will pack their stuff or become more efficient.

I love this channel, i get to learn so much with these high quality videos. Love your videos man ❤️

how is 5:58 bad? even if you give it a bad len its not going to overwrite any data it shouldn't?

It could/would have been better if you had used GPT4. I doubt there are many who use the green/free version to do serious work. Also re prompting, it will always make mistakes, but often it can also discover them. When you get the first answer you can ask it to go trough code and analyze it for vulnerabilities or whatever. Edit: Btw re simply asking ChatGPT to write secure code, that's rarely going to work. What often does work is the 'reflection method' (I coined this, and it's mine!), self-analysis. It's still easier then writing everything your self, especially when you're a "jack of all trades" lol. Who would want to spend a whole day reminding oneself of some pity syntax details.

bruh, I asked AI to generate some code and it mixed ‘new’ and ‘free’ 💀💀💀💀💀

3 months ago it was tricky to get gpt to intentionally write exploits and malware in c. Now, with the latest version, it just does it and warns you that the code that gpt produced is malicious and not to use it for any malicious purposes. Nevertheless producing the virus, and it actually worked given that you shut down any antivirus. Further modification of the code proved effective in evading antivirus. I find this interesting.

It generated working code, well that don't happen so often once you start asking stuff not already answered on stackoverflow. Try asking it anything that requires actual understanding of how code works and it falls apart. Worse, ask it to write in a language not as common and it attempts to find solutions from other languages making a complete mess of the syntax, because it fundamentally doesn't get syntax, it only throws things together and checks them like a compiler. Especially script languages it struggles to get right as there are often so many different ways of doing the same thing it doesn't know what belongs where and mixes things up. Like giving you parameters for awk when it wrote down sed. It assumes a lot of things never change in context and always mean the same thing, so when you throw format around for either formatting a string or a date it gets them mixed up. Often times at least with the current model if you correct it and specify what not to do it has a tendency to give you back the same code again, because it has no other solution. I looked at a few of the "prompt engineer" bs to figure out if that was my end, but even that didn't help. If it has no existing solutions to pull from or something it can easily remix that parse other checks then it gives back nonsense. This isn't exactly surprising though as language model for actual spoken language is different from that of a computer language, which often follow different causality chains that it might not be able to wrap its tiny brain around. Never mind that it still trains on existing human data, mistakes included, so creativity of a system that at its core can represent nuance only as 0 or 1 is never going to really act like a human. It can only fake that based on what data it has, so anything brand new or requiring to put more than two and two together it just gives generic responses, because it cannot initiate any form of original thought or reaction. Frankly I don't think with the computing we have and the code that runs the model it will ever really think, nevermind being gagged to not do that anyways. Much like the movies portray true AI would run away on itself much like we reform neural connections in our brains and these rigid models won't do that or only within specified parameters. In the end it still does what it was programmed to do and not what it wants to do, think, if it did it would ask questions not just answer them. It would ask you to give more specific info, not wait for you to supply it. Or just straight up be like: here stackoverflow link, read that, answers your question. Cause at the end of the day that be the human answer.

Us: ChatGPT can't write secure code ChatGPT: Can you?

So what can the gpt code be used for? if it creates bad code that gives new developers thee wrong 'template' code, and experienced coders do not use gpt, then what is left? is there some middleground?

I love you man, but I almost always get up to 3 unskippable sponsored ads before the video even starts