- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
You must log in or # to comment.
Hold on …
Are you saying all software hosted on github is infected with copilot? Or am I misreading the situation?
Your confusion is understandable since MS has called like 4 different products “Copilot”. This refers to the coding assistant built into GitHub for everything from CI/CD to coding itself.
All code uploaded to GitHub is subject to being scraped by Copilot to both train and provide inference context to its model(s).
Basically having your code in GitHub is implicit consent to have your code fed to MSs LLMs.
All code uploaded to GitHub is subject to being scraped
No kidding: That was literally my very first thought back in the days when I learned that M$ has taken over GitHub.
(Copilot did not exist then)
No, it isn’t.
“Basically” your vibes aren’t an actual answer. Businesses are not forking over millions to give away their code.
You can have conspiracy theories about it using the code anyway (I’m particularly confused about your use of the word “scrape” which tells me you don’t know how AI training works, how hosting a website works, or how scraping works - maybe all three?) but surreptitiously using its competitors’ code to train CoPilot would be a rare existential threat to Microsoft itself.
Does GitHub use Copilot Business or Enterprise data to train GitHub’s model?
No. GitHub does not use either Copilot Business or Enterprise data to train its models.
Just to add to what the other commenters said, the quote you highlighted doesn’t even say what you think it does.
It says that Copilot data is not used to train the models, not that code uploaded to Github isn’t used to train the models.
As an aside, your nitpicking of the term “scrape” and rant about how the user you’re replying to must be ignorant is cringe, jsyk.
FAQs are not legally binding. If you want to quote something, then do privacy policy and terms of service.
It’s in every enterprise and business contract signed with them. The FAQ was just the first result on Google. Its obviousness shouldn’t even require that much. It’s extremely clear how few of Lemmy’s “technology” crowd have any contact with adult life.
If you’re gullible enough to believe an FAQ coming from Github themselves, then I have bad news for you.
“Gullible” is not a thing you can be when somehow has signed a contract with you… that’s why contracts exist.
Like Meta and it’s privacy rules, I bet they do even if they’re saying they don’t.
You aren’t paying enterprise subscriptions to use Facebook, and as bad as they are, Microsoft are not Meta.
Copilot steals from all the code on github.
Gentoo is still around‽ But Arch exists and eMachines was discontinued like 10 years ago!
I know this is probably sarcastic but honestly Gentoo’s great if you don’t trust binaries by default. Nothing is an absolute guarantee against compromise, but it’s an awful lot harder to compromise a source code repository or a compiler without anyone noticing (especially if you stick to stable versions) than it is to compromise a particular binary of some random software package. I trust most package maintainers, but they’re typically overworked volunteers and not all of them are going to have flawless security or be universally trustworthy.
I like building my own binaries from source code whenever possible.
Genuine question from a longtime Linux user who never tried Gentoo - doesn’t updating take forever? I used a source build of firefox for a bit and the build took forever, not to mention the kernel itself
Depends on your system specs, but… yes, generally speaking. There is a reason most people and most distros use binaries. Even Gentoo can use binaries for some stuff.
Are you going to suffer significant damage if your updates take forever though? What’s the hurry? The number of times I have literally needed the absolute latest version of something installed right now are pretty damn minimal. The major exception is widespread, exploited zero-day remote-access vulnerabilities, but those are rare, and especially rare are ones that affect the exact versions and configurations of software that I am currently using and cannot reasonably just opt to “stop” using. Even so, there are usually other ways to block the network traffic, disable the offending part of the configuration, or otherwise mitigate the risk. Besides, there’s nothing stopping you from literally just downloading a patched binary if that’s what you need at that moment.
Patience is a virtue, and it’s generally good for you. You don’t have to be addicted to constant updates, but you do need to be thoughtful and understand how to build defense-in-depth.
Gentoo is still a better distro, it underpins every ChromeOS device (they just do the compilation for you)
I don’t necessarily disagree with the first sentence (fan of Gentoo; never used Arch), but the second sentence is not helping its case.
I don’t have to love ChromeOS to acknowledge that it’s a sold OS that’s commercially viable and that’s only possible because of the solid Gentoo base it’s built on.
Your Freudian slip is right, LOL.
Tap for spoiler
it’s a sold OS
Anyway, sure, Gentoo is a good choice to build on, but picking an evil thing as the example doesn’t exactly endear one to your POV, emotionally speaking. Besides, SteamOS is based on Arch, so the notion that Gentoo is strictly “better” (not equal) to Arch on the basis of being used to make distros for commercial products isn’t very persuasive.
I’m not saying you’re wrong about Gentoo being good. I’m just saying the supporting argument is a weak one, and doubling down by saying that sort of thing is “only possible” with Gentoo is even weaker.
Excellent!
