this post was submitted on 28 Feb 2025
45 points (100.0% liked)

Programming

18831 readers
614 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities !webdev@programming.dev

founded 2 years ago
MODERATORS
snowe@programming.dev
Ategon@programming.dev
MaungaHikoi@lemmy.nz
45
Copilot exposes private GitHub pages, some removed by Microsoft (arstechnica.com)
submitted 1 week ago by neme@lemm.ee to c/programming@programming.dev
6 comments fedilink hide all child comments
top 6 comments
sorted by: hot top controversial new old
[–] Xanza@lemm.ee 10 points 1 week ago

Microsoft: Copilot is the future! /s

[–] mesamunefire@lemmy.world 6 points 1 week ago* (last edited 1 week ago)

No joke I let them know about that in their official discussion board day 1 copilot came out. When they announced it, the first day you could ask it about the contents of private repos and it would just tell you.

They fixed it but this looks really similar.

[–] dohpaz42@lemmy.world 6 points 1 week ago

The fact that there are so many “acts” that got violated tells me that those laws are just as shoddy as the fact that Microsoft’s fix didn’t take into account that the AI still has access to private data. Total shit show on all fronts.

[–] RedSnt@feddit.dk 4 points 1 week ago* (last edited 1 week ago)

As one commented below the article, "Recall too I bet".
It's like the dumbest anosmic sheep dog that'll just show the wolf the way to the sheep.

[–] mrbn@lemmy.ca 1 points 1 week ago (1 children)

Kind of a nothing burger.

These repositories, belonging to more than 16,000 organizations, were originally posted to GitHub as public, but were later set to private, often after the developers responsible realized they contained authentication credentials allowing unauthorized access or other types of confidential data. Even months later, however, the private pages remain available in their entirety through Copilot.

The repo was listed as public and archived. It's not clear from the article but I suspect that the "private" information is just a copy of what was made public and not the information added after it was made private.

[–] xmunk@sh.itjust.works 9 points 1 week ago

When a code repository is shut down on github the expectation is that it's removed. We're all aware that the internet will never forget that API key you accidentally committed once but the expectation was always that it wouldn't be github itself doing the remembering and openly sharing it with others.