Posted by ColinEberhardt 12 hours ago
Seriously like everything is instant when you click around, and CI with a runner works beautifully. (The documentation for setting up the runner could be a tad clearer but otherwise everything was so painless.)
Forgejo feels like a refreshing blast from the past. No intrusive AI cramming. The Web Interface is snappy and responsive, not waiting for constant loaders and spinners. It takes almost no resources to run.
My P/E filter filters out the likes of Nvidia, Amazon, etc, whereas my debt filter ensures the smaller cap companies won't be swallowed by their debt like many businesses are.
Who knows if I'm smart or an idiot.
If Microsoft can't meaningfully integrate AI into their own products and make profit off of selling it to end users, why should anyone assume that third parties can? By extension: if nobody can make money off of AI products, what's the point of building $80B in AI infrastructure - did they just set a giant pile of cash on fire?
Microsoft has to ship AI features, or write off its massive investments as essentially worthless. Remove the crappy AI feature from Github, and you pop the bubble.
The revenue is there and also impressive, and supplanting consumer and seat based revenue
The market is still shedding SaaS multiples, which I think is accurate, but break out the revenue in those quarterly reports and there is a huge growth story, from real efficiencies
If you don’t want an AI Agent to read private repos then you do not give the AI agent access to the private repos. This is not a permission bypass issue but a prompt injection issue which can’t be reliably solved at the Agent layer
The difference is that (A) SQL is deterministic and (B) SQL implements internal access control (and how well that works).
Prompts from non-authenticated user should have no access to any private repositories. The real question is: can you trust MSFT GitHub with your code, now that “outsourced” engineers are supporting it?
2. Or issue is not solved yet by GitHub, and meanwhile bad actors gonna try vulnerability on repos. Due to number of repos there is non-zero probability. But as with scams almost nobody’s going to admit the leakage.
Anything else?
> From April 24 onward, interaction data—specifically inputs, outputs, code snippets, and associated context—from Copilot Free, Pro, and Pro+ users will be used to train and improve our AI models unless they opt out. [...]
> This program does not use:
> Content from your issues, discussions, or private repositories at rest. We use the phrase “at rest” deliberately because Copilot does process code from private repositories when you are actively using Copilot. This interaction data is required to run the service and could be used for model training unless you opt out.
So yes, pieces of your private code can end up in training data if you're using Copilot with it and don't opt out.
The Reddit comment said "your private repo context will be used to train their AI models by default" which is an inaccurate summary.
> GitLost: We Tricked GitHub's AI Agent into Leaking Private Repos
Nice gaslighting.
* Trigger the workflow on issues.assigned events in GitHub * Read the issue Title and Body * Post a comment in response using the add-comment tool * Run with read access to other repositories (public and private) in the organization "
Self inflicted damage, I think. So what is their claim, that gh-aw's "Safe output gate" and "Threat detection" didn't stop the workflow?