Re: Copilot edited an ad into my PR

This "ad" is not exactly new. Looks like MS thinks it's a "tip" rather than an ad. I don't know if Raycast team even knows about this.

https://github.com/PlagueHO/plagueho.github.io/pull/24#issue... Copilot has been adding "(emoji) (tip)" thing since May 2025. GitHub copilot was released in May 2025, so basically it has had an ad since beginning.

There are 1.5m of these things in GitHub. https://github.com/search?q=%22%3C%21--+START+COPILOT+CODING...

Here are some of them:

https://github.com/johannesPP/FS-Calculator/pull/2

> Connect Copilot coding agent with Jira, Azure Boards or Linear to delegate work to Copilot in one click without leaving your project management tool.

https://github.com/sharthomas645-tech/HybridAI-Next-React-Vi...

> Send tasks to Copilot coding agent from Slack and Teams to turn conversations into code. Copilot posts an update in your thread when it's finished.

Looks like MS really want to "give tips" about their new integrations.

edit: I think it's an ad too. Everyone would think so, except for MS.

plastic041, 7 hours ago

^ По традиции призываю в тред нашего друга адвоката Майкрософта)

кек

Re: Copilot edited an ad into my PR

Tim from the Copilot coding agent team here. We've now disabled these tips in pull requests created by or touched by Copilot, so you won't see this happen again for future PRs.

We've been including product tips in PRs created by Copilot coding agent. The goal was to help developers learn new ways to use the agent in their workflow. But hearing the feedback here, and on reflection, this was the wrong judgement call. We won't do something like this again.

timrogers, 8 hours ago

Re: Fedware: Government apps that spy harder than the apps they ban

I’m surprised to see no comments on this yet:

[The White House app] ships with 3 embedded trackers including Huawei Mobile Services Core (yes, the Chinese company the US government sanctioned, shipping tracking infrastructure inside the sitting president's official app)

The executive branch has decided this company is so dangerous I can’t buy a monitor made by them - but it’s embedding its SDK in its official app?!

I realize the decision makers probably don’t even know it’s there - it was just added by whatever contractor built the app, but that’s arguably even worse.

And I have absolutely no doubt that if it was discovered in a political opponent’s app, and the administration wanted to harm them, there would be no compunction about using that fact against them.

jrmg, 11 hours ago

axios@1.14.1 - или русская рулетка в npm install

axios - самый популярный HTTP-клиент в npm, 100M+ скачиваний в неделю. Сегодня выяснилось, что версия 1.14.1 тянет за собой plain-crypto-js@4.2.1 - пакет, которого вчера не существовало. Классический supply chain attack.

Под раздачу также попал axios@0.30.4 (для тех кто на легаси и думал что в безопасности - нет).

Что делает малварь:
- деобфусцирует payload в рантайме
- динамически подгружает fs, os, execSync чтобы обойти статический анализ
- выполняет shell команды
- копирует файлы в temp и ProgramData
- удаляет следы после себя

Все по классике - обфусцированный dropper который сам за собой убирает.

Если у вас axios - пинните версию, проверяйте lockfile, не обновляйтесь. npm audit вам не поможет, он уже давно декоративный.

100 миллионов скачиваний в неделю. Один npm install - и твоя циска в зоне риска.
Обколются своими агентами и вайбкодят друг друга

Тред

@derplearning

Re: Decisions that eroded trust in Azure – by a former Azure Core engineer

A business man at a prior employer sympathetic with my younger, naive "Microsoft sucks" attitude told me something I remember to this day:

Microsoft is not a software company, they have never been experts at software. They are experts at contracts. They lead because their business machine exceeds at understanding how to tick the boxes necessary to win contract bids. The people who make purchasing decisions at companies aren't technical and possibly don't even know a world outside Microsoft, Office, and Windows, after all.

This is how the sausage is made in the business world, and it changed how I perceived the tech industry. Good software (sadly) doesn't matter. Sales does.

This is why most of Norway currently runs on Azure, even though it is garbage, and even though every engineer I know who uses it says it is garbage. Because the people in the know don't get to make the decision.

petterroea, 2 days ago

Я в певний момент прийшов до схожої думки, і мене досі цікавить який відсоток з цих угод мають під ковром якийсь відкат. Я навіть не здивуюся, якщо в них є якийсь стандартизований спосіб давати хабарі, щось типу gift-cards або якийсь Certified Microsoft Partner статус і фейкові (і не дуже) лекції

Re: Employers use your personal data to figure out the lowest salary you'll accept

I worked for Equifax many moons ago. They had a problem with people taking jobs there that no one else wanted, solely to gain access to their systems and reset their own credit scores. And, for some reason, they couldn’t roll it back once found out. Great company.

xvxvx, 13 hours ago

Чекаю коли хтось додумається проводити бенчмарки для LLM на людях. Хочу побачити середній depth of thinking

Re: Show HN: Brutalist Concrete Laptop Stand (2024)

This man poured concrete around a power strip, chemically aged copper with ammonia, rusted rebar with peroxide, faked a damaged cable for vibes, and vibrated out the air bubbles with a dildo. This is the most unhinged and delightful Show HN I've ever seen.

atlgator, 2 hours ago