134 sats \ 2 replies \ @ek 10 Apr \ parent \ on: What are you working on this week? builders
We use coderabbitai as you can see in the PRs in our repo. It does spot some things here and there (like this timing attack vector) but it definitely does not replace a human code review ... yet? Maybe it never will. Maybe that's just cope and human arrogance though. We will have to see.
However, I would say it currently definitely already helps with freeing up time for more important details; essentially making you more efficient.
I also use Github Copilot. I was actually quite shocked how useful it can be when I started using it. Made me feel dumb I haven't tried it out earlier. It really seems to get the context and can predict easy stuff pretty well so I don't have to bother with typing it out myself. I can just press TAB to let the AI complete the code I was about to write myself.
ChatGPT is also pretty useful. I use it as a search engine on steroids. If I don't find a good answer on StackOverflow, ChatGPT can often give me an answer that is good enough to keep the ball rolling.
My mind was actually blown by it when it was released in November 2022 and I just tried it out for fun for pentesting lab homework. I basically simply copied the code from the exercise into the prompt input and asked: "What is wrong with this code? How can I exploit it?" Then it gave me a few things I could check for and the solution was indeed in there!
I see AI assisting humans with writing code more and more. I see AI less as replacing software engineers, but more as creating jobs that don't exist yet. Prompt engineers are just one example. AI will make more people "code" who never would have coded leading to "commodification of software" than replacing existing devs. That's my prediction.
Wow, that’s cool about the timing attack!
reply
Thanks for the insight! I just got out of a briefing with the Department of Commerce talking about their AI priorities (NIST falls under their purview). We hear a lot on The Hill about how AI is already replacing tech workers, especially in areas of coding so I was interested in your outside opinion!
reply