A Paste Policy

  • Comments posted to this topic are about the item A Paste Policy

  • There's the old copy/paste from Stack Overflow joke.  Make sure you copy the solution, not the problem.

    Taking Lawrence Philips metaphone as an example.  Metaphone 3 is commercial and sold as source code.  If that algorithm is published on a website then copy/pasting it is not OK.

    Metaphone and double-metaphone are available in Apache Commons so you have more freedom to incorporate it in your internal offerings.

    For Python programming I use Sourcery and SonarLint to spot coding problems.  I have a love/hate relationship with SQLFluff.  If I accept those packages recommendations then they are rewriting my code.  In the case of the 1st two, if I don't understand their recommendation then I don't use it.  In the cases where I don't understand it I go away and research what the packages are recommending so I undert.  I think this is the key thing to anything that generates code on your behalf.  Make sure you understand what it produces.

    In terms of threats to software I am more worried about supply chain attacks.  A popular library containing either a vulnerability, deliberate back door or even malicious code.  For this reason a good vulnerability scanner is essential.  That said, there is a lag between a library version becoming available and its flaws being discovered and logged in a vulnerability DB used by the scanners.


  • Artificial intelligence simplifies and complicates things. As you said, how much can we trust the codes given by artificial intelligence?

  • T-SQL is a very high level and declarative language, so when I'm searching for code on the web, what I'm looking for is a brief and to the point example of how to accomplish a task. For example: +"sql server" convert +bigint to +hex string

    What I find is probably not the author's original work but rather derived from yet another source (possibly Microsoft's own T-SQL documentation), and the final code I incorporate into my solution will be derivation from that with my own customization, optimization, and style.

    Of course, if we're talking about some other language like JavaScript where folks routinely download and utilize class libraries and frameworks, then code reuse and intellectual property is more complicated.

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

  • ingilteremuhasebe wrote:

    Artificial intelligence simplifies and complicates things. As you said, how much can we trust the codes given by artificial intelligence?

    You can't. You should assume a junior/new dev wrote the code and it needs peer review

  • This is a very big deal and as Steve noted - companies should be paying attention.  We have gone so far as to end our CoPilot POC because there are "legal proceedings" as to whether or not the code suggested in Visual Studio by CoPilot can be used in production.  We have also told developers not to use code from ChatGPT.

  • This problem, either on the legal or the quality/security side, cries for proper regulation. With the growing use of AI  and cloud-based solutions, this problem will be much more severe in the (not so far) future.

    In the 80s', when I started programming, the formula was so simple. Yes, we used C, then C++ and a lot of Assembly, and some people said: "The ASM is so difficult" or "The pointers in C...". But I always knew what I was doing, which part of the program did what, and more importantly, where it came from (from my brain). Then the programming languages became more and more complex. Nowadays, I'm not always sure what is happening in the background. It's true; I can read all the source codes with much time and energy, which are insufficient anyway.

    An example: If I use ASP.NET + Angular (which is typical nowadays, and you can replace them with React, Vue and so on), naturally, I need some SQL also. I may use Visual Studio for this project. In the first step, I must load many NuGet packages as I also need many packages for the Angular side and EF for the SQL. The NuGet and Angular packages and the Angular, C#, EF, and ASP.NET are changing so fast that I barely follow even the changing list. I have no chance for the source code itself.

    Meanwhile, the CoPilot came into the picture, which may help or lead me into the forest. As @iowadave has already mentioned. (Yes, IF I want and can separate the front-end and back-end, etc. But most of us can't, because of the costs, and the Financial Department...) The complexity of these systems is growing continuously. Where is it lead?

    As I see, in the not-so-far future, we will not be able to avoid the "help" of AI. But, the AI will (already is) use an immense and puzzling database of "knowledge", which comes from the "cloud", and I won't have any chance to verify where it comes from and what it is doing exactly. If I start using systems to check it, those systems become more unverifiable also. These all begin to get out of control. When a "helping" system says that one day: "X and Y deprecated, I changed the solutions at 2645 places, in 376 files, added 143 new files and deleted 78. Here is the list." I don't want to be there. Good luck checking it from the legal and programming side.

Viewing 7 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic. Login to reply