83

cross-posted from: https://programming.dev/post/8121843

~n (@nblr@chaos.social) writes:

This is fine...

"We observed that participants who had access to the AI assistant were more likely to introduce security vulnerabilities for the majority of programming tasks, yet were also more likely to rate their insecure answers as secure compared to those in our control group."

[Do Users Write More Insecure Code with AI Assistants?](https://arxiv.org/abs/2211.03622?

you are viewing a single comment's thread
view the rest of the comments
[-] CCMan1701A@startrek.website 6 points 10 months ago

I'm not even sure how to utilize AI to help me write code.

[-] ericjmorey@programming.dev 4 points 10 months ago

There are lots of services to facilitate it. Copilot is one of them.

[-] Assian_Candor@hexbear.net 1 points 10 months ago* (last edited 10 months ago)

Is it really helpful / does it save a lot of time? I’m the worlds #1 LLM hater (don’t trust it and think it’s lazy) but if it’s a very good tool I might have to come around

[-] ericjmorey@programming.dev 3 points 10 months ago

I haven't been using it much, so I don't know if I'm a good judge. But I see it as an oversized autosuggestion tool that sometimes feels like an annoying interuption but sometimes feels like it helped me mover faster without breaking my train of thought.

By "it", I mean I've tried several different ways to have an integrated LLM assistant integrated into my dev environment, none of which I was initially satisfied with in terms of workflow. But that's kinda true for every change I've made to my dev environment and workflows. It takes me a while to settle on anything new.

I recommend none in particular, but I recommend that you take time to at least check it out. They have potential.

[-] pkill@programming.dev 4 points 10 months ago

Also one really good practice from pre-Copilot era still holds, that many new users of copilot, my past self included might forget: don't write a single line of code without knowing it's purpose. Another thing is that while it can save a lot of time on boilerplate, you need to stop and think whenever it's using your current buffer's contents to generate several lines of very similar code whether it wouldn't be wiser to extract the repetitive code into a method. Because while it's usually algorithmically correct, good design still remains largely up to humans.

[-] Spzi@lemm.ee 3 points 10 months ago

There's a very naive, but working approach: Ask it how :D

Or pretend it's a colleague, and discuss the next steps with it.

You can go further and ask it to write a specific snippet for a defined context. But as others already said, the results aren't always satisfactory. Having a conversation about the topic, on the other hand, is pretty harmless.

[-] Auzy@beehaw.org 1 points 10 months ago

Copilot or Tabnine are the two major ones.

They're awesome for some things (especially error handling). But no.. AI will not take over the world anytime soon

this post was submitted on 04 Jan 2024
83 points (100.0% liked)

Programming

17314 readers
291 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities !webdev@programming.dev



founded 2 years ago
MODERATORS