[2024 dev2next] gen ai panel

Intro and one of the mic runners: Ixchel Ruiz

Panel:  Frank Greco,  Brian Sletten, Neal Ford, Micah Silverman

For more see the table of contents


Opening remarks

  • The people who made money in the gold rush made the tools
  • We’re supposed to be the experts; start using
  • AI is not going to take your job, but the person who knows how to use AI well will take your job
  • Snyk has a mandate should be using AI at some point every day
  • If you think this isn’t going to change your job, you aren’t paying attention.
  • Tech journalism is dead; don’t be a credulous idiot and believe PR
  • 28% task competition in tasks for junior devs and none for senior
  • 41% increase in rewrites
  • Radical decrease in moving code around. Keeps adding code, not looking reuse.
  • Don’t want junior devs adding garbage code nobody needs

Q&A

  • Language model selection? hard question. Need to build something quick and iterate. A lot of moving parts in a RAG system. Consider cost (latest and greatest more expensive, more work inference stage costs more). Excel is an abstraction and we know how it works. LLMs are nondeterministic and black boxes.
  • Tech debt? need guardrails to protect against blasting code. Need whether came from junior dev, senior dev, or AI. Dev are more trusting of code from LLMs and falsely believe it is more secure. In past devs, were more pessimistic and verified more. Don’t yet have best practices for probabilistic systems.
  • Have to be careful with prompts with natural language vs turning complete language. Is it a new programming language that looks like natural? In near future, will have a LLM whisperer on each time.
  • News article where tried to get ChatGPT to admin sentiment? we anthropomorphize., Turning test not enough. Arc test (https://lab42.global/arc/) working on better approach. (Abstract and Reasoning Corpus). Solving problems by recognizing new patterns. In field, people saying LLM not the future. In 70s, Eliza “showed” computers could talk, but really parlor trick. Currently in AI hype cycle. Need people who understand limits of mind/limits of what possible. Not on verge of generalized AI/sentience. May not be in our lifetime if even possible. Plenty of natural stupidity.
  • LLMs trained on internet text and generate vast amounts of text which put on internet. When pollute internet to point can’t be trained? on the cusp. “Dead internet” theory where generated content exceeds humans. What happens when people don’t create new poems and creativity. “AI has taught me to believe in a soul because I’ve seen art created without it”
  • Definition of AGI? ARC competition. Referenced books for why not on cusp [didn’t really answer]
  • Reused joke from yesterday about the real changes are in AV, not in AI (when the mic didn’t work)
  • AI fundamentally lies to us; we call hallucinations. Companies say LLMs wouldn’t exist if couldn’t break copyright laws and 2/3 of ChatGPT users present results as own work. Integrity of crypto bros? Industry has ignored ethics for so long. Physists brought into fiction as evil once could destroy world. We are next as bad guy. Youtube on apology tour for dumbing down culture. Project Nightshade lets artists poison art to confuse LLMs. [it adds a pixel layer to categorize incorrectly]
  • AI tooks that help with daily work cycle? Assembly AI API to create transcript from audio, Copilot, Codium (suggests tests). Warp terminal – creates regex from standard English.
  • Prove work made by human vs AI: False positive rate too high. Need ethics. Ex: should have musicians for making music. Teacher added white on white text in test question so could tell if cheating. Unfortunately not sustainable or scalable
  • Open source LLMs: different than what used to with open source. The key is the data. Not open source if don’t say where data coming from legally. Chain of thought makes beefing up model less important due to post processing. Asymmetric power between big tech companies and others. How compete? Microsoft doesn’t have a Windows dept; it is spread out over different departments.
  • Hiring changing narrative especially for recent grads? AI or other job market trends? Yes. Bias if train on resumes with western names or traditional education. Will be fallout. Recent story: manager submitted resume and it got rejected; fired HR. AI is the new electricity where just expect it. Difference is we understood electricity before started using. Hype cycle were AI needs to be on resume to get attention. In NY, big companies hiring junior people expecting AI to help them out. Market for senior folks is dead.

Closing thoughts

  • Learn things. Mediocre people trying to use AI for competitive advantage. Use as tool to be better.
  • Education. AI is not a search engine. Don’t use it as one.

My take

The format was audience Q&A. I enjoyed reading about the ARC project and Nightshade. Great audience questions and great end to the day.

[2024 dev2next] Breaking AI

Speaker; Micah Silverman @afitnerd)

For more see the table of contents


Notes

  • ChatGPT took 2 months to get to 100 million global monthly active users. By contrast, TikTok took 9 months, Uber 70 months, Instagram 30 months
  • Hot trend, but also people found utility in it.

App Security

  • Getting hard.
  • Code growing faster and apps getting more complex

Common uses in dev

  • Adding comments
  • Summarizing Code
  • Writing “readme”
  • Refacotring code
  • Proividing templates
  • Pair programming
  • Generating code – the new stack overflow

Stats and studies

  • 92% using AI coding use
  • 57% completed tasks faster (not necessarily better)
  • 27% more likely to finish task
  • 40% co-pilot code contained vulnerabilities
  • More likely to believe wrote more secure code, but wrote less secure code. Because believed was more secure, didn’t look hard.

AI code

  • Like junior dev just out of bootcamp. Need to checked works and secure
  • Example hallucinations. Change over time. Over a few months, went from 98% on math to 2% on math. Open AI fixed basic math. Designed to be good prediction engines, not math
  • “chatGPT is confidently wrong” – Eelko de Vos

AI Coding

  • Asked for an Express app to take name in request param and returns a website showing name
  • All LLMs tried had XSS/injection
  • If questioned or asked to create a secure express app, would get sanitized one. Let of sanitization varies.
  • Showed Synyk advisor – gives health score on libraries – ex: sanitizer. Need to check recommended libraries

Co-pilot

  • 40% code trained on is insecure
  • Used approach where prompt through comments (vs chat feature)
  • Used live templates to autocomplete prompt comments to save time for demo
  • Example with Spring boot and Thymeleaf. Copilot got that from context of project
  • Not quite right but made minor changes vs starting from scratch
  • Copyright was 2017; noted hadn’t done that before
  • Copilot tried to provide the next comment/prompt. Not what wanted, but reasonable
  • Synk IDE extension – Detected SQL injection in view that looks like problems view

Chat GPT

  • Had do a security code review
  • Added HtmlUtils.htmlEscape(username) – context aware; knew using Spring Boog

My take

Micah said up front that he has no connection to Microsoft or IntelliJ and is just using their products. I never thought to give that disclaimer when I use tools. I’ll think about whether I want to when it isn’t almost 9pm. I am very much a morning person. In fact, that’s why I chose this talk. I thought it would require loading the least info into my mind to understand at this hour while still learning. The demo of copilot for building an app was fun with a good emphasis on security.