If you're not reviewing the horrible code that co-pilot writes, then you're the co-pilot.

@chr0mg0d

2 ай бұрын

in the short term, long term you will be unemployed 😁

@kspen72

2 ай бұрын

@@chr0mg0d 😁

@ChrisWilson49ers

2 ай бұрын

Boom. Lol

@Yadlina

2 ай бұрын

@@chr0mg0d yeah, like everyone else or what do you mean? im an programmer too, but in some years you can buy a burger from me

@gainchang501

2 ай бұрын

@@Yadlina ai will also sell burgers 😆

is this video a advertisment for snyk??

@qwertquadrat

2 ай бұрын

21:42 "Thank you so much to SNYK for sponsoring this video" - so yes ^^

Personally I think a Co-Pilot is just what the name suggests, a copilot. Not a replacement tool. I know that this is a given but be aware that you still need to do the thinking as person and scan the generated code on vulnerabilities and all.

@ZM-dm3jg

2 ай бұрын

Obviously. Only junior developers use it blindly. All the code it writes should be reviewed, just like you would do with code written by an unreliable junior dev

@chr0mg0d

2 ай бұрын

@@ZM-dm3jgevery code should be reviewed no matter the source 🖖

I am not on the whole AI-assistant bandwagon, but, to be fair, "Can you clean this code?" can be interpreted in many ways, in particular it might be interpreted as a request to _format_ the code. A better prompt might be "Can make sure the following code has no security vulnerability?"

So far it works pretty well for me to take code from AI that I would have been able to write anyway. If I let it compose too much without my direct review, I end up with an application that is partly built, but without me being able to effectively maintain (or secure) it. It still saves a lot of time, but I can't just let it go on its own. So far.

Do you see any different results when asking copilot to produce "secure" code or by calling out specific vulnerabilities?

@joe-skeen

2 ай бұрын

Right... His prompt was very specifically created to produce insecure code. I guess the point is that copilot isn't secure by default, but this is clearly a stupid programmer error 😂

@mollthecoder

2 ай бұрын

@@joe-skeen That was an example. The point is that it CAN write vulnerable code and shouldn't be trusted.

Hallucination is a known thing with generative AI. You HAVE to check everything.

@dakoderii4221

2 ай бұрын

Many of the people working on it are micro-dosing LSD so of course the AI is tripping too.

Snyke for security chatgpt for structing the code and copilote for writing fast and then sent it back to chatgpt so it make you understand the code correctly and perfectly

when i am writing rust with co-pilot half the time it either writes syntax errrors or on allowing a completion it just that moment switched to a different suggestion that replaces half my well working code just below with crap

I enjoyed this. The same paradigm with training data applies as with other answers.

I'm fascinated by how John types.

bruh how does he type without all the fingers on the keyboard. Bro is literally typing with index fingers without looking at the keyboard.

@shambles07

2 ай бұрын

I never noticed that, that’s actually wild. I gots to use all 10

@chiroyce

2 ай бұрын

ikr!

@Alex_Vir

2 ай бұрын

Well at 2:06 it isn't even that, his right hand is using his middlefinger.

@xanderplayz3446

2 ай бұрын

I do.

I used some codium ai for writing some code and it's pretty secure, I also added sny along side just to make sure because I want to host it online and security is one of the main points. Not that my app is very important but just want to make sure that the passwords are encrypted and that my db isn't dropped or so. my custom application is a cusotm inventory site for the scouts

How do you feel about having a 3rd party (snyk) scanning through your entire codebase? Isn't that a potential risk in itself? Do their analyzers copy code to their servers? What are their ML algorithms/ AI doing with the analyses?

Personally I enjoy Snyk to show me possible vulnerabilities in my code but I have had issues with it stating that Snyk has said there exploits when the data was filtered multiple different ways to make sure the text was filtered and replaced with data that doesn’t even touch the user’s input only generated from the back end and Snyk saying it was a path traversal exploit

What a surprise ! An AI that doesn't understand anything can make critical mistakes ! 🙃

@not_ever

2 ай бұрын

To some people this is genuinely surprising, which is honestly frightening.

@c0smoslive391

2 ай бұрын

yup... victims of the OVERHYPED train@@not_ever

@chr0mg0d

2 ай бұрын

so ai isn’t better than most humans? what a shame 😆

Another great and informative video, John. However, I do understand that being sponsored means you can't put your sponsors in a bad light and take away from their product, but it would have been nice if you asked copilot to specifically write or modify your code to be MORE secure instead of being vague in your prompts. Generative AI is only as good as the prompts you feed it.

Currently in the middle of an C# course. No auto pilot here, not for me. But truth to be told sometimes chat GPT for internal testing

We are slowly building GLADOS, the coding core, the seccurity core, the youtube video posting core SoonTM

This was just an ad for synk…

In 2003 that php include killed my home webpage :) those were the days

linear dependence, topological defects, swiss cheese and riemannian manifolds

Awesome Video

Did you come up with this vid idea just to sell us snyk. I mean cool tool but i'd love to see it on a production code base not on some easy code

I only use co-pilot to help me figure out what is possible

Copilot is pretty good for peon level react/js & crud code, but it's actually just a net efficiency loss if you are working on something complex and low level or mathematical. Id just really discourage anyone from using it to write code if they are trying to learn something.

Super interesting 🦾🤖🇺🇲

Can you recommend any good resources to get good at coding?

@chr0mg0d

2 ай бұрын

stack overflow helped me a lot in getting better. first reading, later even asking and answering 🖖

@drew5367

2 ай бұрын

@@chr0mg0d my brain breaks every time I have to read a nested loop and figure out what it does.

co-pilot AND php? we've made some serious mistakes

And someone wants to defend someone actually writing this.. then how the fuck do they have job???

I think it's a little disingenuous because ANY AI is only as good as the prompt. Asking Co-Pilot to "Clean the code" is dis-ambiguous - after all, it "cleaned up your code" by making it more readable. How about asking it to SECURE any potential vulnerabilities in the code and see what it does?

There are more insecure programs than secure ones over the internet. AI is based on training (i.e. democracy). Well, there are more programmers unable to write secure code than the ones able to do so. What you think what the AI will learn? :D

It's Microsoft...

I found it funny that you only type with one finger per hand 😅

You can't just say "clean code" to copilot as a prompt and expect it to remove vulnerabilities. Also co-pilot is just that. It's a tool to be used alongside good programming practices. You can't expect "clean code" to look for sql-injections, or xss exploits. Co-pilot and chat gippity write stuff based on your prompts.

ai for coding is like ai for writing papers in college . you can do small segments and itll be fine but it wont work out well if you do large amounts

yes but is this a really a tech issue? This more of a vulnerability of natural language i think. How chatgpt/copilot is hard coded to not reveal proprietary software and the general nature of code vulnerability - chatgpt will never give the `correct` answer not because its lack of understanding of the coding but more of how to patch a vulnerability without revealing proprietary cyber security method. Ive even had chatgpt explain this to me once when to write a generator that uses python iter and next special methods for file chunking. Chatgpt further get stuck in a loop where it replies with the same answer refusing to use the next or iter method and even explains that even even though next and iter would be more secure but its not allowed to share proprietary technology, 13:53 Paint it in a bad light please. The qualities are not flaws but guardrails and a majority of people don't realize the accumulative affect this will have on the industry as a whole while millions of dollars get invested into this system that intentionally misleads people. AI SAFETY IS DANGEROUS

Therd😮😮

😃👍

"I misunderstood what generative AI is and I made a video about it."

I was thinking you were going to talk about the BIGGER issue of Copilot stealing code from developers and repurposing and "giving it" to other developers without knowledge of licenses

0% of my code is written by AI.

If you want AI to fix a vulnerability in your code, don't just write "clean this code?". Need to learn to prompt a bit :p

There's literally NO difference between copying code examples form stack overflow, which everyone did in the past, and now letting AI do it. Responsibility is still on the hands and mind of the developers. Add some git hooks to run tests on the dev machine and again on a CI pipeline for each pull request to run more sec tests.

🇿🇼🖤

Second

Third

Damn tried to be first! 😂

first

Lulz... they hacked Ray and are actively sabotaging you. :D

Anyone else get freaked out that it’s software debugging other software that was written by software? I personally would like to have a career in the IT field but it looks like they aren’t gonna need very many humans anymore….

Co-pilot: Guide to what your next turn and speed should be GH CoPilot: No better than the script kiddie copying code expecting something cool to happen

horrible example. Copilot did exactly what you told it. Your example is flawed from the beginning because taking that sort of input from the user is already suspicious. Like literally.. who would actually write this???

code has more holes than swiss cheese,, script kiddie stuff

@Alex_Vir

2 ай бұрын

My god the code that is bad is bad??? Tell me more!

use C script kiddie

@Decrupt

2 ай бұрын

what

@Nik-rx9rj

2 ай бұрын

Use C instead of PHP? Are you an insane person?

@thegame9305808

2 ай бұрын

He isn't writing a subroutine..he is showing us a web application that most of us interact with....C is different ballgame....learn before you call someone a kiddie

@delarosomccay

2 ай бұрын

Python is the language of choice for AI and pen testing these days. C is so 1980s ;)

This is why we still need actual programmers (for now), even if its just to know what to ask co-pilot what to do.