I thought it was good to move away from GitHub since it is owned by m$?
-
I thought it was good to move away from GitHub since it is owned by m$?
-
I thought it was good to move away from GitHub since it is owned by m$?
It's not a big deal since git repos aren't hard to migrate. GitHub is fine currently and if they push people away then there are a couple of alternatives.
Firefox hosting on Github is a good move because it lowers the barrier of entry for contributors.
-
It's not a big deal since git repos aren't hard to migrate. GitHub is fine currently and if they push people away then there are a couple of alternatives.
Firefox hosting on Github is a good move because it lowers the barrier of entry for contributors.
I agree here.
-
It's not a big deal since git repos aren't hard to migrate. GitHub is fine currently and if they push people away then there are a couple of alternatives.
Firefox hosting on Github is a good move because it lowers the barrier of entry for contributors.
Indeed. This "GitHub is owned by Microsoft, therefore evil lurks around every corner" thing has been going for many years now with no sign of the promised apocalypse and no real reason to expect said apocalypse. Back in the day I used to do a lot of modding for an open-source game and almost all the mods were hosted on GitHub, but then when Microsoft bought it about half of the modders threw an ideological fit and moved their mods to a wide scattering of other hosts. It made everything so much more of a hassle to fork and submit issues and whatnot, I'm sure it's done more harm to the project than anything Microsoft would ever do.
-
I agree here.
Moving to git is one thing, but doesn't going to GitHub put all their code at risk for CoPilot AI mining by Microsoft? (If one considers that a bad thing, which many don't, I guess.)
-
Wasn't it revealed that Microsoft was training their Copilot on Github repositories, including private ones such as paying coorporations believing their source code to be safe and secure, resulting in secrets suddenly being made semi-public?
I feel that there were other incidents too, though I can't remember them off the top of my head. Definitely not a place I'd recommend anyone to keep anything they love, even if they keep to best practices and don't store secrets in their repositories.
-
Wasn't it revealed that Microsoft was training their Copilot on Github repositories, including private ones such as paying coorporations believing their source code to be safe and secure, resulting in secrets suddenly being made semi-public?
I feel that there were other incidents too, though I can't remember them off the top of my head. Definitely not a place I'd recommend anyone to keep anything they love, even if they keep to best practices and don't store secrets in their repositories.
It was an open source game with open source mods. It wouldn't have made sense to have private repos.
I did a little Googling and Microsoft denies using private repositories for training. Do you have a source?
-
Moving to git is one thing, but doesn't going to GitHub put all their code at risk for CoPilot AI mining by Microsoft? (If one considers that a bad thing, which many don't, I guess.)
Your code is AI mined regardless where you put it today I'm afraid to tell.
Unless you put your code in a private repository self hosted behind a login. However, if your code is public. You can bet it will be used for AI training. Again regardless of which platform. And regardless which LLM. So all platforms, all internet, all LLMs.
-
The claim above was off the top of my head, but I've found multiple pages of results describing the panic that ensued.
Now, Microsoft (Copilot and Github) are less than clear on what exactly is used for training, but the general consensus seems to be, that they don't train on private repositories. Though there appears to be some confusion about this, especially regarding Microsoft's honesty about not using loopholes (this article might be faked, I haven't tried confirming it, though, this topic is a shit show ripe with miscommunication, misinformation, and quite a lot of confusion and fear regardless).
It appears that the specific issue I was referring to required a human error for copilot being able to train on the private repositories. Namely, some unfortunate fool temporarily making the repository public (in which case it obviously isn't private anymore, and therefore free for grabs by scrapers). Usually this wouldn't be a problem, since no indexer or scraper can check all of Github all at once all the time, so the chance of a briefly exposed repository being cached is rather small, albeit always there.
That said, Copilot, Bing, and Github are likely better integrated than Bing simply wasting resources on continuously scraping Github for new repositories. I personally imagine that Github saving resources by sending a signal to Bing when a repository is made public isn't entirely unlikely (that's something I might do, harboring no ill intentions), meaning that it is possible (though in no way confirmed) that Bing punishes briefly exposed Github repositories instantly by forever caching them.
Is this 100% Microsoft being predatory? No, obviously not, since it requires a user error to happen in the first place, and since Copilot is technically only trained on public or exposed data. Though, Microsoft learning about this rather scammy behavior and simply classifying it a "low-impact-severity" and disabling the Bing cache for humans (but apparently not Copilot) doesn't sit right with me. I'm sure that they knew exactly which kind of data they were working with during dataset sanitation, so they could have chosen not to use sensitive data or at least inform exposed clients that they are adding their cached secrets to Copilot.
-
Your code is AI mined regardless where you put it today I'm afraid to tell.
Unless you put your code in a private repository self hosted behind a login. However, if your code is public. You can bet it will be used for AI training. Again regardless of which platform. And regardless which LLM. So all platforms, all internet, all LLMs.
Thanks, that's what I thought. I've never put anything personal in a public repo in my life for reasons just like this. Bleh.
-
Thanks, that's what I thought. I've never put anything personal in a public repo in my life for reasons just like this. Bleh.
Also maybe a private repository on github might also not as private as you think. Just saying.
-
Also maybe a private repository on github might also not as private as you think. Just saying.
Oh yeah, definitely. I'm on self-hosted forgejo, having had to migrate off gitea recently.
![😕](https://forum.agnos.is/assets/plugins/nodebb-plugin-emoji/emoji/android/1f615.png?v=704ab443e62 ":\")
-
Forgejo used to be a soft fork. But is today indeeda hard fork of gitea. Just for the people out there who didn't knew about Forgejo.
