There's really something nasty at play. Those coding agents are clearly not insulated from the system enough and to easy to manipulate to exfiltrate sensitive information.
The GitHub exodus continues. Looks like Forgejo is really benefiting from it, I wonder how far this will go.
Looks like some governments noticed that they can move away from GitHub and are testing the waters. Good idea!
This is indeed time to move away from GitHub if you're still there. There are many viable alternatives.
Good first half of the post, there's indeed more paths out of GitHub than jumping from a centralised system to another one (even though Codeberg and Forgejo are much saner from a governance standpoint). We'll see what the future brings.
People are manipulating vanity metrics to attract VC money? Who would have expected? This is so unsurprising, I don't even understand why people look at those...
Indeed, the giant managed to make itself weak. This means opportunities for other ecosystems to grow faster than before.
A reminder that this is an easy migration. Can also be towards you own instance of Forgejo of course.
Another example of how much of a problem this is for some projects. Of course it is compounded by having so many projects on GitHub, this pushes people to try to farm for activity to attempt to make their resume look good. This is sad.
Github is definitely entrenched by now. Students and beginners hardly look for projects outside of it. Sad state of affair.
This kind of migration is apparently easier than it sounds.
Honestly, it took much longer than I expected. Now you know that GitHub has really become a conduit for Microsoft's AI initiatives.
Another example of attack vectors emerging with adding more and more LLM agents in the development process.
Definitely an interesting tool. GitHub Actions workflow aren't easy to setup while ensuring they're secure, having a tool analyzing them for issues can only help.
Basically the wording allows them to feed whatever system they want with your code... even in private repositories.
Nice to see there are still people out there keeping in mind the "let's not put all our eggs in the same basket". This is especially important for systems with such vendor lock-in as GitHub. I'm a bit less convinced about replacing Git itself for now.
Good reasons to leave indeed. Better host your projects somewhere else.
Early days for this type of research so a couple of limitations to keep in mind while reading this paper. Most notably: rather small sample explored (it's a qualitative study) and tends to conflate GitHub with "the Open Source community". The later especially matters since the vibe can be very different outside of GitHub.
That being said, very interesting findings in there. Some validate my experience with GitHub. It's clear that compared to other spaces there's much more entitlement behavior from some people. Interestingly the words seem on average less violent (although it does happen of course) than in other platforms... still this is important to keep in check since it could have implication toward prospective contributors.
The last point in their discussion section is promising. Some of the current manual interventions from maintainers seem to have good results (encouraging) and it seems possible to at least semi-automate the handling of toxic comments which could help with maintainers well-being.
Definitely agree with this, Github benefited from a powerful network effect and now a good chunk of important projects are "trapped" there. This can't be good long term.
Interesting reverse engineering job of Copilot's client side to have a better idea at which information it actually feeds to the model. A couple of funny tricks to prepare the prompt are involved. Obviously some telemetry involved as well, again with interesting heuristics to try to figure out if the user kept the suggestion or not.