the TRUTH about ChatGPT generated code

Video quality	The size	Download

Информация о the TRUTH about ChatGPT generated code

Название	:	the TRUTH about ChatGPT generated code
Продолжительность	:	10.35
Дата публикации	:
Просмотров	:	99 rb

If you're commenting that you need to prompt ChatGPT to write secure code, and it doesn't do it by default, you've entirely missed the point 😁
Comment from : Low Level Learning

Circular buffers once you get past the end it wraps around can’t overflow a circle 😎
Comment from : CursedFox

Chat gpt is a chatbot you could however feed code into an actual coding ai instead of using random stack overflow stufd
Comment from : CursedFox

This seemed like it was making fun of it but the fact it just made a working server is fucking amazing to me
Comment from : mycollegeshirt

It is pretty bad It's weird how people keep saying how great it is at writing code It's really kinda like an advanced Google With percise answers that may or might not be right Like stack overflow Not to take away anything from that I actually like that its like that and really like ai as it is now, its amazing for understanding terribly written documentation It feels like when eventually it is better it would take away the challenge and fun of programming
Comment from : mycollegeshirt

Back in the late 1980s, people were talking about how code generators (I think they were called 4GL languages, or something like that) were going to replace programmers Over 30 years later, I'm still banging out code on a keyboard
Comment from : Tim Smith

ChatGPT is definetely a great tool to generate snippets code just to get you going, surely it is up to you to ensure that the particular code is suitble for whatever you are trying to do Make the code more secure if you want, you can't blame ChatGPT if you fail to vet the code its generate for you
Comment from : CMTEQ

Fight against himself ❌brbrbrFight against an AI✅
Comment from : Emanuel Hernandez

if you can't exploit a bug running it in your own machine I wouldn't call that a bug really
Comment from : Jp

Fun fact:brbrThis type of behavior from ChatGPT is not tolerated by me
Comment from : The Royal Australian

A study from three months in the future compares ChatGPT to Stack overflow and wasn't impressed, but its coding is still better than the crappy encyclopedic prose it writes Best personal assistant ever, but I would never let it sign off on anything I didbrbr'"Who Answers It Better? An In-Depth Analysis of ChatGPT and Stack Overflow Answers to Software Engineering Questions"br(Samia Kabir and David N Udo-Imeh and Bonan Kou and Tianyi Zhang 2023)
Comment from : Lucha Libre Films

04:00 With respect, honestly it feels like you just don't want to admit that that wasn't security vulnerability
Comment from : Rafaa Ferid

Awesome video! Still, you did not actually exploit the vulnerabilities Could you expand on this in another video? I am genuinelly interested 😅 Thanks!
Comment from : Adrian Santos

While ChatGPT can rehash code that is readily available, I very much doubt you can get anything of creative value out of it, and while it might prove useful in generating boilerplate, there are myriad tools that are also capable of doing the same, with more detailed interfaces
Comment from : Brian Piltin

ChatGPT is not good for actual software development, but it is good for a fast understanding of a problem I usually use a LLM with a PDF of Hardware Chips to produce micropython code for some tasks Not for development or deployment, just scripting what i need in a fast way not needing to read the whole documentation or look up stuffbrbrIf you use it for fast prototyping is quite nice brbrThe problem is not the tool, it is how you use it
Comment from : nuit

So long and thanks for the fish
Comment from : Tim Nosco

USU USU
Comment from : David Qin

Nowadays ChatGPT is more useful It has the continue generating button, so you dont have to ask it "OH you didnt finish the code finish it please" everytime
Comment from : Illia Zhdanov

4:00 WHY? That doesn't count!
Comment from : Illia Zhdanov

Hmm
Comment from : A1

For python, I found that it is pretty bad at fixing bugs and it often doesn't give the complete code in response to a prompt, even if you use chatgpt 4 In fact I am beginning to think that it is crap at writing code
Comment from : keiichicom

A year ago you would have swear no AI would ever write a piece of code that compile and now they did it you play the naysayer with a profound misunderstanding of what a language model is and what it is not
Comment from : OL9245

I like to think of chatCPT as a new intern with little experience You can offload some of your tedious work onto them, but you will have to spend a lot of time reviewing it to find and fix all of the mistakes Sometimes it's worth it, sometimes it's not For a web server, it's probably not worth it, there are just so many places it can go wrong and so many subtle bugs (in my opinion)
Comment from : Monke Mode

Don't be ignorant OPENAI is awsome no need to replace programmers today but for sure in 10 years! The best thing is tht u get a teacher the best versin of teacher one wish to have
Comment from : Illyrian

Even though the main message of the video can be beneficial to new programmers (write your own code!) ChatGPT is no worse off from losing in an arbitrary scoring system OpenAI doesn't really benefit from caring about Good programmers and users of ChatGPT can work with the limits of ChatGPT while getting immense benefit from it, instead of throwing in the towel when it doesn't allow them to jump 100 steps in their problem-solving at once Would be fair to include a disclaimer like that unless the intention is to score off self-generated controversy (which I don't think is true)brbrLike with any programming, iteration, piecing the problem to parts, and reflection are king
Comment from : madmax404

chatgpt once managed to fool me into running a fork bomb
Comment from : Toroasaurus

Ohh no this whole video is just gaslighting lol
Comment from : Jirka Svítil

Starting with 1 minute of gaslighting XD
Comment from : Jirka Svítil

is this gpt-4?
Comment from : Philzskillz

U didnt asked to make it super secure, a machine is only as smart as the user
Comment from : Bob Bob

I learned alot of algorithm and logic through gpt than i ever with google, ChatGPT just provide thekey word I need to search on google The days were stockoverflow is important are longover Now those Obxnoxious gatekeeper can rot in hell
Comment from : Exogen Design

Chat gpt is fairly new give it enough time without real regulations and there is a big chance of it
Comment from : encryptlake games

Watched up to 57th second: I already agree Not only that, it produces code that segfaults also Let alone unsafe algorithm implementations And I am just bored on this AI fuzz It's really just noisy Ten years from now, maybe a bit better but still probably edit after finishingbr> editbrlol! I almost did the same as your first example try ask it to return the environment variables instead of returning a file you 'll be amazedbr
Comment from : Kaotisk Hund

wait stackoverflow has a homepage?
Comment from : BugzumDev

Clearly we should ask ChatGPT to only code in Rust /s
Comment from : Koroistro

LLM assisted coding is just the next evolution of coding You'll still need someone to tell it what to make Like not needing to know assembly but it being really useful You may not need to read LLM generated code but you'd really be better off if you could
Comment from : Edward Scrase

"A person could expand upon this code and make it usnsafe" No shit, I'm not the biggest chatgpt fan but this is barely a valid argument I think if used responsibly it can offer some decent ideas but having data limited to 2021 is rough
Comment from : Thezwolf

Can you repeat using Rust ? If it gets right you :-) Cause maybe the way to go is to not use C - cause it takes more time sometimes to check everything which could go wrong
Comment from : wenahy

Someone will not be spared when the AI takes over
Comment from : Wananoo Tapia

On the first example, you went for a buffer overflow attack but the code was secure towards it But I tried the same prompt and was able to do a path traversal attackbrbrStill, we must be careful
Comment from : Clodoaldo Brasilino

So this means that it's not going to replace actual engineers in the near future
Comment from : Oh Wow!

If you don`t want buffer overflow vulnarable code just ask chat gpt for a program written in Rust lol
Comment from : Peter S

Bofa💀
Comment from : GADONK!

Meh chatgpt is okay at doing little odds and ends for folks who can't write their own code To your point, it's not replacing real programmers, but it might enable someone to quickly fill a temporary need who otherwise could not
Comment from : Kelemvor Lyonsbane

Chat gpt is a great tool for learning, but you gotta use your critical thinking, it gives you a direction and you improve it I dont think we can relay on that tecnology yet, other than to ask for specifics uses of certain functions in which it is exceptional Better than google for search so efficient
Comment from : Gabriel Martins

I assume the code AI generates is the same quality of the youtube scripts AI generates - pure shit with rare but glaring inaccuracies
Comment from : Sean Faherty

Last week I generated a Makefile using ChatGPT and when I ran make clean I realized that it generated make clean as “rm -rf *” 💀
Comment from : Timothy Portnoff

How confident are we that your average dev creates more secure code than this? 🤷
Comment from : TelQuel

you need to understand the chatGPT output and how it works, this is the same as any chatgpt output, right down to having it writing a memo, or having it rewrite a spreadsheet brbrif you asked chatgpt to write an email to your boss, you better fricken read it before clicking send this is no different
Comment from : Dixie_rekd

6:53 It's signed not unsigned
Comment from : ProPOV

I dont think this is fair
Comment from : Bukhari kibuka القارئ الأغندي

The NSA has one of the first, if not the first, Artificial Intelligence computer systemsbrSource: Edward Snowden leaksbrSelf Automated Target Aquisition NetworkbrSATANbrA user provides target details to SATAN, and the computer Ai network determines the best path to exploit the target using the six degrees of separation principlebrLike Kali, but Ai, with a database of vulnerabilities and exploits for every re'd device
Comment from : Ben Eehayeh

So, there'll be less no of coder job and a dramatic incrase in code reviewer job But how will new coders become code reviewers if they don't get the experience of coding something themselves?
Comment from : Anik Samiur Rahman

You know, the BOFA protocol could be a very useful addition to my Network UTilities Stack (NUTS)
Comment from : Miniarts

I don't think this test was very fair It follows your instructions (mostly) if you were a litttle more specific about the critical parts of your code there would be less errors despite my mostly successful experiments I still think humans will need to review improve and test the code, and especially practice prompt engineering This certainly will make coding much faster
Comment from : Y Vinitsky

Did you know; if you walk up to a random software engineer in a coffee shop and give them these prompts and a time constraint (substituting for token limit) you will most likely bnot/b get a better result!
Comment from : 98ahni

Sorry to come here and criticize your video, but try spending more time and researching more before making a video about this topic as it sadly doesnt seem like u know what u are talking about when it comes to AI and prompting Im sure you are good at the security stuff, but that doesnt matter when the video is mainly focused on AI So please spend more time on research and prompts next time as all your conclusions seemed obviously wrong in a lot of ways
Comment from : Ludvig Erdmann

you should have tried giving /etc/password or some other secure file as the filename Maybe something in /ssh/
Comment from : Guy van den Berg

You could ask Chat-GPT to continue the third code
Comment from : Hatim

That is not the assertion of chatgpt
Comment from : Blank Realist

Please buy a new mic 😭
Comment from : Mike Ockslong

Spoiler: it makes so vulnerable code I needed to vomitbrNever ask it to do anything with SQL or anything like that
Comment from : Mike Ockslong

That doesn't prove that gpt chat is bad,
Comment from : CasaMoaraFetele

Strange Video
Comment from : urbaniv

The HTTP server has a path traversal vulnerability too, since it doesn't drop privileges or sanitize user input You can send GET //etc/shadow HTTP/11[CRLF] (note the double slash) and start cracking those hashes
Comment from : Marc-André Servant

it wont replace developers, but im pretty sure people are gonna use one of those lenguaje model and generate vulnerable code, im pretty sure
Comment from : lPlanetarizado

That's a bad take You didn't specify requirements for gpt prompt AT ALL, to get the desired output you need to say what you want So sad
Comment from : Semёn Sem

Homeboy is in denial and truly trying to justify his career choice Chat GPT is already better than about 85 of all the current programmers, and its 7 months old Buckle up its gonna be a wild ride
Comment from : Jeremy

Is this GPT 35 or GPT 4?
Comment from : James Siggins

Were you hoping to irritate people into engaging in your comment section for some algorythm love? - These prompts were terribly vague about your expectations With just a few words like "follow best practices as though a senior developer" you'd get different results Haven't tried "for use in production" but that might be good enough!
Comment from : Julian Sloman

Not a fan of Chat-GPT but there is so much copium in this video
Comment from : SleepySundayMorning

A bug that you cannot possibily trigger is not a bugbrbrReading it as 'oh if you change this its vulnerable' is no different than saying a fire exit is vulernable because what if you weld it shut
Comment from : Stephan Reiken

Copium
Comment from : quinn maloney

in conclusion: if AI takes programmers' jobs, they can at least still make it big in malware development
Comment from : מלכ כדורים

You never specified make safe code, some people don't care, why would chatgpt :P
Comment from : Christopher Pearce

It's really sad seeing people depending on ChatGPT to write code, instead of learning how to code It's also stupid to believe that a company would use ChatGPT instead of a real human
Comment from : xXrandomryzeXx

The thing is that no matter how bad it is it will only get better It is leaning and improving all the time
Comment from : Chris F

Even though you gave zero points to ChatGPT, you did not prove any of the code is vulnerable, by triggering the bug
Comment from : Bram Fran

After the initial public madness/ panic over ChatGPT I gave it one of the tests I used to give to students (not asking for the most standard textbook examples but slightly different problems a cautious human being should be easily able to do fine with if knowing those most standard textbook examples) It failed 100 some times presenting me the most standard textbook example solution -- as I would have expected from transformer based stuff I don't think human intelligence is solely or very much dominantely transformer based, and I am sure programming non trivial stuff is AI hard If so there is almost no chance any such technology will ever produce good code The current versions certainly are not and yes, there is need for educating people what they do, same as there is need to educate subject matter experts without deep understanding of AI what the expert systems given to them do, and therefore can't do I really like to use several AI tools, but I know that none of them can be trusted I have to catch their mistakes Don't use any for code generation at all
Comment from : Erik Itter

Another vulnerability with the first code which can actually be exploited: you can put a in the filename and exit the scope of the program A server that serves files should ensure that it's only able to serve files inside its own scope to prevent you from essentially reading the entire computer's file systembrbrFor the buffer overflow, read just reads bytes while sscanf expects a null-terminated string So if the memory in the buffers was not zero-initialized, this could cause sscanf to recieve a longer input than expected, causing a buffer overflow No obvious way to control it but it is an issue
Comment from : Electra

I was gona comment that lots of the vulnerabilities shown are not inharently a problem as most can be fixed with some minor corrections, but you are very correct, a new programmer just would not know that many of these things are problems While yes chat gpt can save some time writing template code and filling in boiler plate, it absolutly does need a fair bit of corrections that are not obvious to the untrained eye I still think it is a good tool to save some time writing starting templates, that really should only be done by people with the knowledge of how to make propper corrections and identify bad practices
Comment from : Lumpology