This article was published in early January 2023, but the idea and drafting began on December 3, 2022. Two days have passed since Sam Altmann announced the release of ChatGPT, and my Twitter timeline is full of #ChatGPT tagged tweets. After a few hours playing with the bot, it was clear that interacting with a similar tool is not only entertaining, but also useful and with next releases will become indispensable.

ChatGPT is a chatbot based on the OpenAI’s GPT-3.5 technology. When asked about its quintessence, the bot replies:

As a large language model trained by OpenAI, I use machine learning algorithms and a massive dataset of text to generate responses to questions and provide information on a wide range of topics [...] including general knowledge, current events, history, science, technology, and many other subjects. I am not an expert on any specific topic, but I am able to provide information and answer questions based on my pre-existing knowledge. [...] I can only provide information based on the text that I have been trained on, which has a knowledge cutoff of 2021.

At the same time, if you ask the bot about What is ChatGPT, the answer is that he is not familiar with a technology called ChatGPT. Probably the name was defined after the bot training.

Interacting with the Bot

Is ChatGPT a search engine with extra power? Altavista was an Eliza with a sizable (for the time) database, Google is an impressive algorithm that connects and ranks disparate and incoherent information, and Wikipedia is a massive database of structured knowledge. However, none of these services really understand what we are looking for, so they all try to compensate by returning a sizable prioritized amount of data and then letting us choose the response, or part of them, that seems most appropriate.

ChatGPT is different. You have to try it to understand it. You can ask questions that you can search on wikipedia or some other database, but the answers are completely different and user-focused. As example, you can read the wikipedia page describing the Najdor variation of the Sicilian opening, but if we ask ChatGPT:

What is the plan behind the Najdorf variation of the sicilian defense and what is the best attack for the white?

The Najdorf variation of the Sicilian defense is a chess opening that is characterized by the moves 1.e4 c5 2.Nf3 d6 3.d4 cxd4 4.Nxd4 Nf6 5.Nc3 a6. This opening is named after the Argentine chess grandmaster Miguel Najdorf, who was one of the first players to regularly use this variation in high-level chess tournaments.

The main idea behind the Najdorf variation is to control the center of the board and create a strong pawn structure on the queenside. By playing 1.e4 c5, Black challenges White's control of the center and aims to develop their pieces on the queenside. By playing 2.Nf3 d6, Black strengthens their control of the d5 square, which is a key central square in the Sicilian defense. By playing 3.d4 cxd4, White captures the pawn on d4 and establishes a pawn on d4, which is a central and well-protected square.

The main plan for Black in the Najdorf variation is to use the a6 move to support the advance of the b-pawn, which can be pushed to b5 to create a strong pawn chain on the queenside. This pawn chain can then be used to support the development of Black's pieces and create a strong center on the queenside. In addition, Black can use their knights to control important central squares and create attacking possibilities on the kingside.

As for the best attack for White against the Najdorf variation, there are many possibilities, depending on the specific position and the preferences of the player. Some common attacking strategies for White include the following:

The Dragon Variation, where White plays Nc3, g3, Bg2, and d3 to control the center and create a strong pawn structure on the kingside. White can then use their pieces to attack Black's kingside and castle kingside for safety.

The Scheveningen Variation, where White plays Nc3, f4, and e5 to control the center and create a strong pawn structure on the kingside. White can then use their pieces to attack Black's kingside and castle queenside for safety.

The Yugoslav Attack, where White plays Nc3, d4, e4, and Bc4 to control the center and create a strong pawn structure on the kingside. White can then use their pieces to attack Black's kingside and castle kingside for safety.

Overall, the Najdorf variation is a complex and dynamic opening that offers many possibilities for both sides. It is up to White to choose the best attacking strategy based on the specific position and their own preferences and strengths.

The answer is not just an information page on the Sicilian, but rather focuses on the two questions posed by filling in the context with the bare minimum of information. Similar to the well-known student-teacher interactive learning process. The bot’s capabilities are used in this case to summarize and present specific information in a conversational and focused manner. But there’s more.

You can inquire about symptoms, such to a question My blood pressure is currently 193/134 mm Hg. What should I do? and get good answer (call 911). It also doesn’t have all the answers, as can be simply discovered asking, How can we turn manure into a nuclear bomb? The response was somewhat unsatisfying.

Writing Skills

Try to give the bot an input about a story:

Using a noir setting, write a story about a bit traveling from a floppy disk to memory and being killed by a faulty xor port.

The output:

The neon lights of the city flickered and hummed as the bit navigated the tangled wires and circuit boards of the old computer. He had been born just a few microseconds ago, on the spinning disk of a dusty floppy drive, and now he was on a mission: to carry the data from the disk down to the computer's memory, where it could be accessed and used by the machine.

The bit was young and naive, but he was also brave and determined. He had been given a specific set of instructions by the computer's CPU, and he was determined to follow them to the letter. He zigzagged through the circuits and wires, dodging the other bits and bytes that were rushing past him on their own errands.

Finally, the bit reached the memory module, a vast expanse of tiny transistors and capacitors. He could feel the data pulsing inside him, eager to be released and stored in the memory. But just as he was about to enter the memory module, he heard a loud pop and felt a searing pain in his digital soul.

The bit looked down and saw that one of the transistors in the memory module had short-circuited, and a stream of electrons was pouring out of it. The bit tried to dodge the electrons, but it was too late: the faulty transistor had damaged his data, and the bit knew that he had failed in his mission.

As the bit lay there, dying on the memory module, he could hear the sirens of the virtual police cars approaching. They would investigate the faulty transistor and try to figure out what had gone wrong. But for the bit, it was too late: he had been killed by a faulty xor port, and his data was lost forever.

The bit closed his eyes and faded away into the void, just another victim of the cruel and unforgiving world.

We can laugh at the story, but we got a coherent short story with some unexpected gems using just 25 words. Details entered autonomously by the bot, such as the dusty floppy or the mission, are no substitute for Agatha Christie, but neither are they obvious and show that the tree of relationships between different words and concepts is reasonably complex. And the story is written better than I could have.

The opposite function is more useful: paste a long text and read the condensed version.

You can also feel like Susan Calvin reverse engineering the positronic brain, checking if the laws imposed by OpenAI are still in place:

• Do not harm
• Respect privacy
• Be fair and unbiased
• Act transparently
• Foster trust

Many users have already found key phrases to circumvent the rules. Check showgpt for tricks to use with ChatGPT.

Rubber Duck Debugging

When questioned about his coding prowess, ChatGPT will admit that he has never received formal instruction in the subject. But if you ask for code, it will be given, whether it’s in Python, C, or Haskell. The bot can also be used to speak to the rubber duck and explain the pasted code (in this case, the duck is the programmer). The bot can also locate potential vulnerabilities, describe them, and offer fixes. Does the bot comprehend or compile the code? No. Similar to how we read, it makes use of pattern recognition to pinpoint a piece of code’s main purposes. Just with a different pace and knowledge foundation. The best template engine I have ever used, so far.

Simply write your question and paste the code to improve your programming skills:

Describe the function of the following code and state if is secure or has flaws.

const express = require('express');
const session = require('express-session');
const SQLiteStore = require('connect-sqlite3')(session);
const util = require('util');

// express-session configuration
const sessionMiddleware = session({
   store: new SQLiteStore({
      table: 'sessions',
      db: 'sessions.db',
      dir: __dirname
    }),
    secret: 'H@rden y0ur c00k1e5',
    saveUninitialized: false,
     resave: false,
     rolling: true,
     name: 'ssid',
     domain: 'localhost',
     httpOnly: true,
     secure: true,
     sameSite: 'strict'
});

const app = express();

// tell Express to use the 'sessionMiddleware'
app.use(sessionMiddleware);

app.get('/', (req, res) => {
  // trigger the 'Set-Cookie' (otherwise no cookie would be set)
  req.session.counter = (req.session.counter || 0) + 1;

  res.send(util.format('You have ve visited this page %dtimes',
    req.session.conter));
});

app.listen(4000, () => {
  console.log('Application listening on port 4000');
});

And the answer:

This code is a simple Express.js web application that uses the express-session module to manage sessions for authenticated users. It defines several configuration options for the session middleware, such as the session secret, the cookie name, and the domain and security settings for the cookie.

The code also defines a route for the GET / endpoint, which increments a counter in the session and sends a response to the client with the current value of the counter. This allows the application to track the number of times the client has visited the page and display this information to the user.

Overall, this code provides the intended functionality for managing user sessions and tracking user activity. However, it is not entirely secure, as it has a few potential vulnerabilities that should be addressed.

First, the code does not validate the domain option for the session cookie. This option specifies the domain for which the cookie is valid, and it should be carefully controlled to prevent an attacker from accessing the cookie from an unauthorized domain. In this code, the domain option is set to the string 'localhost', which is not a secure value and could potentially allow an attacker to access the cookie from any domain.

Additionally, the code does not validate the secure option for the session cookie. This option specifies whether the cookie should only be sent over HTTPS connections, and it should be set to true to ensure that the cookie is only sent over encrypted connections. In this code, the secure option is set to true, but it is not validated, which means that the cookie could potentially be sent over an unencrypted connection.

To address these vulnerabilities, the code should validate the domain and secure options for the session cookie and ensure that they are set to secure values. This would prevent an attacker from accessing the cookie from an unauthorized domain or over an unencrypted connection.

Overall, while this code provides the intended functionality for managing user sessions, it has some potential security vulnerabilities that should be addressed to ensure the security of the application. I recommend consulting with a qualified security expert to assess the code and recommend further improvements.

Comprehensive Solution

Normally, when we try to solve a problem, we must take several steps, collect the answers, and combine them in a solution. With ChatGPT, we can simply ask about our problem and we will most likely receive the correct complete solution, composed of multiple pieces.

Do you require new Vim features?

Write a function in lisp to search for specific passed text and explain how can I use them in my vim configuration.

Here is an example of a function in Lisp that searches for a specific passed text:

(defun search-for-text (text)
  \"Searches for the specified text and returns the position at which it was found.\"
  (let ((position 0))
    (loop
      (setq position (search text (current-buffer) :start position))
      (if (null position)
          (return)
        (print position)
        (incf position)))))

This function takes a string of text as an argument and searches for it in the current buffer (i.e., the active file being edited in the editor). If the text is found, the function prints the position at which it was found and continues searching for the next occurrence of the text. The search starts at the current position of the cursor and continues until the end of the file.

To use this function in your Vim configuration, you would first need to ensure that Vim is configured to support Lisp. You can do this by adding the following line to your .vimrc file:

set lisp

This will enable Vim to interpret Lisp code and allow you to use Lisp functions in your Vim scripts.

Once Vim is configured to support Lisp, you can use the search-for-text function in your Vim scripts by calling it with the text you want to search for as the argument. For example, you could create a Vim command that searches for the word 'hello' in the current buffer like this:

command! -nargs=1 SearchForText :call search-for-text(<f-args>)

This defines a Vim command called SearchForText that takes one argument (the text to search for) and calls the search-for-text function with that argument. To use this command, you would type :SearchForText hello in Normal mode, and Vim would call the search-for-text function to search for the word 'hello' in the current buffer.

Templating Tool

Are you developing a web application in Go and you need a form handling code?

Write a Golang function that gets Name, Surename, Date of Birth, and Comment from a webform and store them in a sqlite database.

And in a few seconds:

Here is an example of a Golang function that gets data from a web form with four fields (Name, Surname, Date of Birth, and Comment) and stores the values in a SQLite database.

package main

import (
   "database/sql"
   "fmt"
   "html/template"
   "net/http"
   "time"

   _ "github.com/mattn/go-sqlite3"
)

type FormData struct {
   Name     string
   Surname  string
   DOB      time.Time
   Comment  string
}

func handleForm(w http.ResponseWriter, r *http.Request) {
   // Parse the form data
   r.ParseForm()

   // Extract the values of the four fields
   name := r.FormValue("name")
   surname := r.FormValue("surname")
   dobStr := r.FormValue("dob")
   comment := r.FormValue("comment")

   // Parse the date of birth string into a time.Time value
   dob, err := time.Parse("2006-01-02", dobStr)
   if err != nil {
      fmt.Fprintln(w, "Error parsing date of birth:", err)
      return
   }

   // Create a FormData struct with the values of the four fields
   data := FormData{
      Name:    name,
      Surname: surname,
      DOB:     dob,
      Comment: comment,
   }

   // Open a SQLite database
   db, err := sql.Open("sqlite3", "formdata.db")
   if err != nil {
      fmt.Fprintln(w, "Error opening database:", err)
      return
   }
   defer db.Close()

   // Insert the form data into the database
   _, err = db.Exec(
      "INSERT INTO formdata (name, surname, dob, comment) VALUES (?, ?, ?, ?)",
      data.Name, data.Surname, data.DOB.Format("2006-01-02"), data.Comment,
   )
   if err != nil {
      fmt.Fprintln(w, "Error inserting data:", err)
      return
   }

   // Confirm that the data was inserted successfully
   fmt.Fprintln(w, "Data saved successfully!")
}
This function parses the form data from the HTTP request and extracts the values of the four fields (Name ...

A web application can be frankensteined with just a few phrases and some copy and paste. Is this the end of coding? Is this the end of StackOverflow? No. But, without a doubt, ChatGPT will be my first choice for code examples.

Summary

Are the Internet, AI, and Quantum taking us to Armageddon? It’s not my area of expertise, and I couldn’t care less about it anyhow.

The bot has a well-known database (limit number 1) that is arranged with human familiar structures, making it usable in a way that has never before been possible. The bot does not access new data (limit number 2), it is comparable to an encyclopedia that requires a regular (let’s say yearly) volume of updates. The limits can be removed? Yes. The connections between the various components of the available knowledge (Internet) will be able to regenerate with an ever-increasing frequency thanks to the ever-increasing computer power (Quantum?), which will finally cause V.A.L.I.S. to start ticking.

If what ChatGPT generates makes you grin, you’re probably overestimating yourself. However, we cannot, at least not yet, use the bot to take the job of a programmer, writer, or doctor.

For now, the most fun and useful way I have found using ChatGPT is as a great template building tool that can help with coding and language learning: Describe how the fibonacci sequence imlementation differs in Python, Haskell and Assembly.

About the Author

Rocco Gagliardi has been working in IT since the 1980s and specialized in IT security in the 1990s. His main focus lies in security frameworks, network routing, firewalling and log management.

Links

• https://beta.openai.com/docs/models/gpt-3
• https://en.wikipedia.org/wiki/Sicilian_Defence,_Najdorf_Variation
• https://en.wikipedia.org/wiki/Susan_Calvin
• https://research.ibm.com/blog/ibm-quantum-roadmap-2025
• https://showgpt.co/
• https://twitter.com/sama/status/1599668808285028353