| ▲ | freed0mdox 3 days ago | ||||||||||||||||||||||
I have the opposite experience. After years in appsec and pentesting, I can read any codebase and quickly understand its parts, but I wouldn’t be able to write anything of production quality. LLMs speed the comprehension process up for me even further. I guess it comes down to practice, if you practice reading code, you get good at reading code. | |||||||||||||||||||||||
| ▲ | GuB-42 3 days ago | parent | next [-] | ||||||||||||||||||||||
Maybe you are used to read high quality code. I suspect that the simple fact that you are auditing some code means that someone actually cares, making it higher quality than average. High quality code is generally hard to write and easy to read. | |||||||||||||||||||||||
| ▲ | dingnuts 3 days ago | parent | prev [-] | ||||||||||||||||||||||
reading production code that is known to work can be done with faith and skimming. You don't have to understand every function call because they've each been tested and battle hardened, so it's easy to get an overview of what is happening. LLM code is NOT like this at all, but it's like a skilled liar writing something that LOOKS plausible, that's what they're trained to do. People like you do not have the ability to evaluate the LLM output; it's not the same as reading code that was carefully written at ALL. If you think it's the same, that is only evidence that you can't tell the difference between working code and misleading buggy code. What you've learned to do is read the intent of code. That's fine when it's been written and tested by a person. It's useless when it comes to evaluating LLM slop. You're being gaslit. | |||||||||||||||||||||||
| |||||||||||||||||||||||