No sh*t, this is what I predicted from day one.
So you predicted that security flaws in software are not going to vanish with AI?
I predicted that introducing AI on software engineer (especially juniors) will result in overall worse code, since apparently people don’t feel responsible for the genAI code. While I believe the responsibility is still fully at the humans who try to deliver code. And on top of that, most devs are not doing good code reviews in general (often due to lack of time or … skill issue). And now we have AI that generates code which are too easily accepted on top of reviewers who blindly accept code… And no unit tests or integration tests… And then we have this current situation. No wonder this would happen. If you are in software engineering, you would know exactly where I’m talking about. Especially if you would work at larger companies.
All software has bugs. I prefer the human-generated bugs, they’re much easier to diagnose and solve.
My point exactly, now you have genAI code written by AI, who doesn’t know what it is doing. Instructed by a developer, who doesn’t understand the programming language. Reviewed by a co-worker, who doesn’t know what is doing on. It’s madness I tell you!
We should have looked to melroy
Thank you! That is indeed a valid point. I was hoping more people came up with this valid remark. Do you have any other questions or predictions you would like to know? So that we don’t get “surprises” in the field of technology again?
Please hit me with some predictions :D
Sure!
- More and more (AI) spyware / malware is getting injected into projects and operating systems. Without the user consent. Mobile phones, laptops, desktop PCs, smart devices, etc. This comes from companies, but also from governments (no, not just China, but also US and EU).
- AI bubble itself will burst for the “normal users” and most companies who won’t really benefit from AI / LLMs as they thought they will. This will be apparenty only after several years. Where the highly skilled developers left the companies, and you are left with software engineers using AI tools which generates wrong code. The damage LLM (like AI Code generation) is doing and will be continue to do in the upcoming years is very untransparent, but it won’t be nice. We suddently are not getting AGI.
- More research and efforts will be put into alternative computers, like computers based on biology. Like using living cells. After all nature is so much more efficient then our current technologies. This could fix the energy demand issues we now see with AI.
- Biology computer will then also create huge moral issues. Since, how do we know the cells are not becoming aware? How do we know it won’t feel pain or the cells are feeling trapped? After all, we, humans, don’t even know how conscious really works and self aware.
- Users & companies want to get back in control over 5 or 15 years from now. So their could be a big move back from “Cloud” to on-prem. You are already seeing this now with the fediverse.
- The internet becomes too much centralized and controlled by goverments. Blocking public DNS IPs. Overruling them. The only answer would be is to create a much more decentralized internet alternative, so over 20 or 30 years from now (so we can still talk which each other about issues in the goverments par example). The current internet is just too fragile. And the root of the problem is already DNS. Meaning you need to basically start from scratch.
- Over 80 years Windows might only be used by corporate businesses. Most people might only use Android or any Linux based distro. This mainly depends on how fast we change our education process, so young people learn about alternatives. And schools should stop promoting and forcing people to use Microsoft products only. If schools won’t change, then we might have a huge issue, and this topic won’t be valid.
- Google will be split into multiple companies.
- Microsoft might be split later as well into multiple companies, but only much later, after Google.
- … Should I continue or stop here…?
@Eheran@lemmy.world @RagingRobot@lemmy.world
#it #software #ai #predictions
and here’s me learning C programming language from a selfhosted AI :/
It’s a great launching pad to learn how a language works, but beyond simple things, it get bad very fast.
I also use AI to look for terms in specific domains, which is really helpful as well.
ahahahaha…
Good. Maybe if the stuff trashes enough of our infrastructure somebody somewhere will actually figure out that it’s bad and get rid of it forever.
I know, it’ll never happen. But a man can dream.
trashes enough of our infrastructure somebody somewhere will actually figure out that it’s bad and get rid of it forever
thinking Neoliberlism.
Wow, the text generator that doesn’t actually understand what it’s “writing” is making mistakes? Who could have seen that coming?
I once asked one to write a basic 50-line Python program (just to flesh things out), and it made so many basic errors that any first-year CS student could catch. Nobody should trust LLMs with anything related to security, FFS.
What llm did you use, and how long ago was it? Claude sonnet usually writes pretty good python for smaller scripts (a few hundred lines)
It was ChatGPT from earlier this year. It wasn’t a huge deal for me that it made mistakes, because I had a very specific use case and just wanted to save some time; I knew I’d have to troubleshoot grafting it into my function, but even after I pointed out that it was using depreciated syntax (and how to correct it), it just spat out the code again with even more errors and still using depreciated syntax.
All LLMs will fail like this in some way, because they don’t actually understand what they’re generating (i.e. they have no mechanism for self-evaluating the veracity of their statements).
This is a very simple one, but someone lower down apparently had issue with a script like this:
https://i.imgur.com/wD9XXYt.png
I tested the code, it works. If I was gonna change anything, probably move matplotlib import to after else so it’s only imported when needed to display the image.
I have a lot more complex generations in my history, but all of them have personal or business details, and have much more back and forth. But try it yourself, claude have a free tier. Just try to be clear in the prompt what you want. It might surprise you.
I appreciate the effort you put into the comment and your kind tone, but I’m not really interested in increasing LLM presence in my life.
I said what I said, and I experienced what I experienced. Providing me an example where it works is in no way a falsification of the core of my original comment: LLMs have no place generating code for secure applications apart from human review, because they don’t have a mechanism to comprehend or proof their own work.
I’d also add that, depending on the language, the ways you can shoot yourself in the foot are very subtle (cf C++/C, which are popular languages for “secure” stuff).
It’s already hard to not write buggy code, but I don’t think you will detect them by just reviewing LLM code, because detecting issues during code review is much harder than when you’re writing code.
Oh, and I assume it’ll be tough to get an LLM to follow MISRA conventions.
It’s already hard to not write buggy code, but I don’t think you will detect them by just reviewing LLM code, because detecting issues during code review is much harder than when you’re writing code.
Definitely. That’s what I was trying to drive at, but you said it well.
Nobody should trust LLMs with anything
ftfy
also any inputs are probably scrapped and used for training, and none of these people get GDPR
also any inputs are probably scraped
ftfy
Let’s hope it’s the bad outputs that are scrapped. <3
Eh, I’d say mostly.
I have one right now that looks at data and says “Hey, this is weird, here are related things that are different when this weird thing happened. Seems like that may be the cause.”
Which is pretty well within what they are good at, especially if you are doing the training yourself.
you are part of the problem
That is about the most generic statement possible, with nearly zero knowledge of what I’m doing on yours.
So… What problem? Feel free to enlighten me.
My experience with ChatGPT goes like this:
- Write me a block of code that makes x thing
- Certainly, here’s your code
- Me: This is wrong.
- You’re right, this is the correct version
- Me: This is wrong again.
- You’re right, this is the correct version
- Me: Wrong again, you piece of junk.
- I’m sorry, this is the correct version.
- (even more useless code) … and so on.
That sums up my experience too, but I have found it good for discussing functions for SQL and Powershell. Sometimes, it’ll throw something into its garbage code and I’ll be like “what does this do?” It’ll explain how it’s supposed to work, I’ll then work out its correct usage and solve my problem. Weirdly, it’s almost MORE helpful than if it just gave me functional code, because I have to learn how to properly use it rather than just copy/paste what it gives me.
That’s true. The mistakes actually make learning possible!
Man, designing CS curriculum will be easy in future. Just ask it to do something simple, and ask your CS students to correct the code.
I interviewed someone who used AI (CoPilot, I think), and while it somewhat worked, it gave the wrong implementation of a basic algorithm. We pointed out the mistake, the developer fixed it (we had to provide the basic algorithm, which was fine), and then they refactored and AI spat out the same mistake, which the developer again didn’t notice.
AI is fine if you know what you’re doing and can correct the mistakes it makes (i.e. use it as fancy code completion), but you really do need to know what you’re doing. I recommend new developers avoid AI like the plague until they can use it to cut out the mundane stuff instead of filling in their knowledge gaps. It’ll do a decent job at certain prompts (i.e. generate me a function/class that…), but you’re going to need to go through line-by-line and make sure it’s actually doing the right thing. I find writing code to be much faster than reading and correcting code so I don’t bother w/ AI, but YMMV.
An area where it’s probably ideal is finding stuff in documentation. Some projects are huge and their search sucks, so being able to say, “find the docs for a function in library X that does…” I know what I want, I just may not remember the name or the module, and I certainly don’t remember the argument order.
AI is like having an intern you can delegate to. If you give it a simple enough task with clear direction, it can come up with something useful, but you need to check.
AI is fine if you know what you’re doing and can correct the mistakes it makes (i.e. use it as fancy code completion)
I’m not a developer and i havent touched code for over 10 yrs, but when i heard about my company pushing AI tools on the devs, i thought exactly what you said. It should be a tool for experienced devs who already know what they’re doing…
Lo and behold they did the opposite… They fired all the senior people and pushed AI on the interns and new grads… and then expected AI to suddenly make the jr devs work like the expensive Sr devs they just fired…
Wtf
Yeah, it makes no sense. AI is at best a replacement for junior devs and interns.
All the while it gets further and further from the requirements. So you open five more conversations, give them the same prompt, and try pick which one is least wrong.
All the while realising you did this to save time but at this point coding from scratch would have been faster.
I wish we could say the students will figure it out, but I’ve had interns ask for help and then I’ve watched them try to solve problems by repeatedly asking ChatGPT. It’s the scariest thing - “Ok, let’s try to think about this problem for a moment before we - ok, you’re asking ChatGPT to think for a moment. FFS.”
I had a chat w/ my sibling about the future of various careers, and my argument was basically that I wouldn’t recommend CS to new students. There was a huge need for SW engineers a few years ago, so everyone and their dog seems to be jumping on the bandwagon, and the quality of the applicants I’ve had has been absolutely terrible. It used to be that you could land a decent SW job without having much skill (basically a pulse and a basic understanding of scripting), but I think that time has passed.
I absolutely think SW engineering is going to be a great career long-term, I just can’t encourage everyone to do it because the expectations for ability are going to go up as AI gets better. If you’re passionate about it, you’re going to ignore whatever I say anyway, and you’ll succeed. But if my recommendation changes your mind, then you probably aren’t passionate enough about it to succeed in a world where AI can write somewhat passable code and will keep getting (slowly) better.
I’m not worried at all about my job or anyone on my team, I’m worried for the next batch of CS grads who chatGPT’d their way through their degree. “Cs get degrees” isn’t going to land you a job anymore, passion about the subject matter will.
And that’s not even getting into how flooded the sector is with the hundreds of thousands being laid off for the past few years
And that’s what I’m blaming the low quality of applicants on recently. We looked for almost two years for a FE lead, and then they ended up being super toxic a few months in (they blew up in a meeting w/ some remote teams that came to town to visit). Even decent junior devs are hard to find it seems.
So it seems a lot of these layoffs are cutting out the less skilled devs, but given that we’ve been able to hire a few great people in the last year, there is some good talent getting caught in the cross-fire as well.
Outsourcing killed a lot of the junior and even mid-level career level opportunities in CS and AI seems on track to do the same.
The downside is that going into CS now (and having gone into CS in the last decade or so, especially in English-speaking countries) was basically the career equivalent of just out of the starting line running full speed into a brick wall.
The upside is that for anybody who now is a senior techie things have never been this good because there are significantly fewer people at that level than there is need for such people, since in the last decade or so a lot of people haven’t had the chance to progress in their careers to that point.
Whilst personally this benefits me, I’m totally against this shit and what it has done to the kids entering my career.
Yup, and that’s why I’ll discourage people from entering my career, not because it’s a bad gig and it’s going away, but because the bar for competency is about to go up. Do it if you’re passionate and you’ll probably do well for yourself, but don’t do it if you’re just looking for a good job. If you just want a good job, go into nursing, accounting, or the trades.
I think it’s even worse than just the bar for competency going up: even for a coding wizard going into the career, it’s a lot harder to squeeze through the bottleneck which is getting an entry level position nowadays unless they have some public proof out on the Net of how good they’re at coding (say, commits in open source projects, your own public projects, or even Youtube videos about it).
This is something that will negativelly impact perfectly capable young developers who have an introvert personality type (which are most of them in my experience, even in domains such as Hacking) since some of the upsides of Introversion are a greater capacity for really focusing on on things and for detailed analysis - both things that make for the best programmers - and self publicising isn’t a part of the required skillset for good developers (though sooner or later the best ones will have to learn some “image management” if they end up in the Corporate world)
I’m a bit torn on this since on one side salesmanship being more of a criteria determining one’s chances of getting a break at the start of one’s career as a developer is bad news (good coding and good salesmanship tend to be inverselly correlated) but on the other side a junior developer with some experience actually working with other people on real projects with real users (because they contributed to existing open source projects) has already started learning what we have to teach fresh-out-of-Uni developers to make them professionals.
it’s a lot harder to squeeze through the bottleneck
Eh, I think that’s overblown. As someone involved in hiring, we go through a ton of crappy candidates before finding someone half-decent, and when we see someone who actually knows what they’re doing, we rush them through the process. The problem is that we’re not a big tech company, we’re in manufacturing, but we do interesting things w/ software. So getting on at one of the big tech companies may be challenging, but if you broaden the scope a little, there are tons of jobs waiting. We’ve had junior positions open for months because the hiring pool is so trash, but when we see a good candidate, we can get an offer to them by the end of the week.
We don’t care too much about broader visibility (though I will look at your code if you provide a link), we expect competency on our relatively simple coding challenges, as well as a host of technical questions. We also don’t mind hiring immigrants, we’ve sponsored a number of immigrants on our team.
introversion
As an introvert myself, I totally get it. I got my job because a recruiter reached out to me, not because I was particularly good at following up with applications. And that’s why I tend to tell people to not get into CS. I encourage them to take CS classes if they’re offered, but not to make it a career choice, and this is for two reasons:
- manage expectations of the future of CS - junior jobs are likely to contract a bit w/ AI
- thin the field so it’s easier to find the good candidates - we have to go through 5-10 candidates before we find someone we like
I see. That does change the idea I had about things a bit.
It’s been a while since I was last hiring.
I wasn’t aware that the problem nowadays in the West (or at least the US) was an excess of people who don’t really have a natural skill for it choosing software development as a career.
That kind of thing was one of the main problems with outsourcing to India maybe a decade ago: the profession was comparatively very well paid for the country so it attracted far too many people without the right skills resulting in a really low average quality of the programmers there - India had really good programmers just like everywhere else but then had a ton of people also working as programmers who should never had gone into it, so the experience of those having to deal with outsourced programming in India usually was pretty bad (I remotelly was a technical lead for a small outsourced team in India from London, and they were really bad whilst, curiously, the good programmers from the Indian Subcontinent I worked with had emigrated from there and were working in London and New York).
Critical thinking is not being taught anymore.
Has critical thinking ever been taught? Feel like it’s just something you have or you don’t.
Nah, it’s something you’re lucky enough to learn coincidentally or you don’t. And if you found out too late in life, you might be too stubborn to learn it at that point.
British primary schools used to have something called ‘problem solving’ it was usually a simple maths problem described in words that required some degree of critical thinking to solve. e.g. A frog is at the bottom of a 30m well, it climbs 7m each day but in the night it slides 3m back down in its sleep. You can’t just calculate 30/(7-3) because it doesn’t account for the day the frog gets over the top and thus doesn’t slide back down in its sleep.
Not the most complex problem but pretty good for kids under 10 to start getting the basics.
Critical thinking is essentially learning to ask good questions and also caring enough to follow the threads you find.
For example, if mental health is to blame for school shootings then what is causing the mental health crisis and are we ensuring that everyone has affordable access to mental healthcare? Okay, we have a list of factors that adversely impact mental health, what can we do to address each one? Etc.
Critical thinking isn’t hard, it just takes time, effort.
I have the impression that most people (or maybe it’s my faith in Humanity that’s at an all time low and it’s really just “some people”) just want pre-chewed explanations given to them rather than spend time and energy figuring things out themselves - basically baby pap as ideas food rather than cooking their own ideas food out of raw ingredients.
Certainly that would help explain the resurgence of Populist sloganeering and continued popularity of Religion (with it’s ever popular simple explanations of “Deity did it” and “it’s the will of Deity”)
Critical thinking, especially Skepticism, does not make for good Consumers or mindless followers of Political Tribes.
Altering the prompt will certainly give a different output, though. Ok, maybe “think about this problem for a moment” is a weird prompt; I see how it actually doesn’t make much sense.
However, including something along the lines of “think through the problem step-by-step” in the prompt really makes a difference, in my experience. The LLM will then, to a higher degree, include sections of “reasoning”, thereby arriving at an output that’s more correct or of higher quality.
This, to me, seems like a simple precursor to the way a model like the new o1 from OpenAI (partly) works; It “thinks” about the prompt behind the scenes, presenting only the resulting output and a hidden (by default) generated summary of the secret raw “thinking” to the user.
Of course, it’s unnecessary - maybe even stupid - to include nonsense or smalltalk in LLM prompts (unless it has proven to actually enhance the output you want), but since (some) LLMs happen to be lazy by design, telling them what to do (like reasoning) can definitely make a great difference.
And that’s why I’m the one that fixes the PC when it breaks… because even good programmers may even consider the pc to be magicboxes if they’ve never turned a screwdriver in their life…
I like using it like a rubber ducky. I even have it respond almost entirely in quacks.
Note: it’s a local model running for free. Don’t pay anyone for this slop.
AI created 17 Security Corporation™️s in response to this comment.
as opposed to human-generated code
But at least that crappy bug-riddled code has soul!
no common sense allowed in this thread, sir. only AI hate bandwagon please.
“When asked about buggy AI, a common refrain is ‘it is not my code,’ meaning they feel less accountable because they didn’t write it.”
That’s… That’s so fucking cool…
Amazing
The thing I dislike most about code assisting tools is that they’re geared to answering your questions instead of giving advice. I’m sure they also give bad recommendations but I’ve seen LLMs basically double down on bad code.
No they’re giving you exactly what you’re asking for. Problem is you’re not asking for advice. Your asking to “build a thing” and expecting it to read your mind.
What a surprise, right?
Eaxctly my point as well here… https://kbin.melroy.org/m/technology@lemmy.world/t/461269/-/comment/4095583
Oh geez…who could have seen this coming?
Oh wait, every single senior developer who is currently railing against their moron AI-bandwagoning CEOs.
Middle and upper management are like little children - they’ll only learn that fire hurts by putting their hand in it.
Lmao this is precisely how I thought this would turn out.
No, it isn’t. Poor code quality peer review checks and QA policies are more to blame. We shouldn’t care how an individual developer generates a solution, it should be irrelevant whether they wrote it in reference to docs, copy pasted from stack overflow or generated by AI. I encourage Jrs to use AI as I think it can be a great problem solving tool, but you better understand what you’re submitting to PR otherwise you’re an absolute schmuck.
Lmao my job announced layoffs a few months back. They continue to parade their corporate restructuring plan in front of us like we give a fuck if shareholders make money. My output has dropped significantly as I search for another role. Whatever code I do write now is always just copy pasted from AI (which is getting harder to use…fuck you Copilot). I give zero fucks about this place anymore. Maybe if people had some small semblance of investment in their company’s success (i.e.: not milked by shareholders and beaten to dust by shitty profit driven metrics that take away from the core business), the employees might give enough fucks to not copy paste shitty third party code.
Additionally, this is a training issue. Don’t offload the training of your people onto the universities (which then trap the students into an insurmountable debt load leading them to take jobs they otherwise wouldn’t want to take just to eat and have a roof over their heads). The modern corporate landscape has created a perfect shitstorm of disincentives for genuine effort and diligence. Then you expect us to give a shit about your company even though the days of 40 years and a pension are now gone. We’re stuck with 401k plans and social security and the luck of the draw as to whether we can retire or not. Work your whole life for what? Fuck you. I’m gonna generate that AI code and enjoy my 30s and 40s.
A workforce trapped by debt, forced to prioritize job security and paycheck size over passion or purpose. People end up in roles they don’t care about, working for companies they have no investment in, simply to keep up with loan payments and the ever increasing cost of living.
“Why is my organization falling apart!?” Fucking look up from the stupid fucking metrics that don’t actually tell you anything you dumb fucks. Make an actual human decision and fix the wealth inequality. It’s literally always wealth inequality.
15 years ago I got a job where I wasn’t allowed to do anything. I hated it. I wanted to learn and be valuable and be valued. I left that job.
I worked for a bank and then Red Hat and I loved what I did and burned myself out trying to make them happy. Only to find out they still didn’t value me.
I switched jobs two years ago and increased my pay 30% overnight and back to a job doing nothing. And I’m totally fine with it now. I have a family and I focus on them and during work, if they don’t have anything for me to do I make my own happiness.
Fuck corporations. I’ll take your money, I’ll never again kill myself as I’ll never be valued anyway. Jobs aren’t worth it. People are.
Similar trajectory for me, but I’m now being micromanaged on the daily. We got a new CIO recently who is micromanaging his direct reports and our culture has evaporated overnight. The shit is indeed rolling down hill and the writing is on the wall to leave. I know it’s not just me either. There will be an exodus when rates get cut and hiring picks up again. This place is fucked.
But that’s the key. If you can find something and lay low with minimal annoyance, hang onto that for as long as you can.
I told my manager that I’ve been burned and can’t make myself work hard for another company again. She’s leaving so there’s no vested interest in the company for her. But yeah, fuck these cunts.
You are my spirit animal.
Are you also finding copilot to be less helpful of late? The other day it couldn’t follow the simplest of instructions
“People work in roles they don’t care about, for companies they have no investment in, to pay loans they shouldn’t have.”
That sounds like a fight club quote lol. I know you didn’t say “loans they shouldn’t have” but the cost of college is just stupidly high. It doesn’t have to be free but come on.
It doesn’t have to be free but come on.
I beg to differ! My degree was free for all intents and purposes, and no, it didn’t take away from the challenge or the quality of education. I cried blood tears in order to graduate but it was worth it.
Chuck Palahniuk leaking into my writing like the carrot out of the protagonist’s ass in Guts.
“AI” is just good for simple code snippets. (Which it stole from Github repos).
This whole ai bs needs to die already, and the people who lie about it held accountable.
Good. This is digital Darwinism at its finest. Weeds out the companies who thought they could save money by relying on a digital monkey instead of actual professionals.
