123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182 |
- <!doctype html><!-- This is a valid HTML5 document. -->
- <!-- Screen readers, SEO, extensions and so on. -->
- <html lang="fr">
- <!-- Has to be within the first 1024 bytes, hence before the `title` element
- See: https://www.w3.org/TR/2012/CR-html5-20121217/document-metadata.html#charset -->
- <meta charset="utf-8">
- <!-- Why no `X-UA-Compatible` meta: https://stackoverflow.com/a/6771584 -->
- <!-- The viewport meta is quite crowded and we are responsible for that.
- See: https://codepen.io/tigt/post/meta-viewport-for-2015 -->
- <meta name="viewport" content="width=device-width,initial-scale=1">
- <!-- Required to make a valid HTML5 document. -->
- <title>GitHub's Copilot Is Generating Functional API Keys (archive) — David Larlet</title>
- <meta name="description" content="Publication mise en cache pour en conserver une trace.">
- <!-- That good ol' feed, subscribe :). -->
- <link rel="alternate" type="application/atom+xml" title="Feed" href="/david/log/">
- <!-- Generated from https://realfavicongenerator.net/ such a mess. -->
- <link rel="apple-touch-icon" sizes="180x180" href="/static/david/icons2/apple-touch-icon.png">
- <link rel="icon" type="image/png" sizes="32x32" href="/static/david/icons2/favicon-32x32.png">
- <link rel="icon" type="image/png" sizes="16x16" href="/static/david/icons2/favicon-16x16.png">
- <link rel="manifest" href="/static/david/icons2/site.webmanifest">
- <link rel="mask-icon" href="/static/david/icons2/safari-pinned-tab.svg" color="#07486c">
- <link rel="shortcut icon" href="/static/david/icons2/favicon.ico">
- <meta name="msapplication-TileColor" content="#f7f7f7">
- <meta name="msapplication-config" content="/static/david/icons2/browserconfig.xml">
- <meta name="theme-color" content="#f7f7f7" media="(prefers-color-scheme: light)">
- <meta name="theme-color" content="#272727" media="(prefers-color-scheme: dark)">
- <!-- Documented, feel free to shoot an email. -->
- <link rel="stylesheet" href="/static/david/css/style_2021-01-20.css">
- <!-- See https://www.zachleat.com/web/comprehensive-webfonts/ for the trade-off. -->
- <link rel="preload" href="/static/david/css/fonts/triplicate_t4_poly_regular.woff2" as="font" type="font/woff2" media="(prefers-color-scheme: light), (prefers-color-scheme: no-preference)" crossorigin>
- <link rel="preload" href="/static/david/css/fonts/triplicate_t4_poly_bold.woff2" as="font" type="font/woff2" media="(prefers-color-scheme: light), (prefers-color-scheme: no-preference)" crossorigin>
- <link rel="preload" href="/static/david/css/fonts/triplicate_t4_poly_italic.woff2" as="font" type="font/woff2" media="(prefers-color-scheme: light), (prefers-color-scheme: no-preference)" crossorigin>
- <link rel="preload" href="/static/david/css/fonts/triplicate_t3_regular.woff2" as="font" type="font/woff2" media="(prefers-color-scheme: dark)" crossorigin>
- <link rel="preload" href="/static/david/css/fonts/triplicate_t3_bold.woff2" as="font" type="font/woff2" media="(prefers-color-scheme: dark)" crossorigin>
- <link rel="preload" href="/static/david/css/fonts/triplicate_t3_italic.woff2" as="font" type="font/woff2" media="(prefers-color-scheme: dark)" crossorigin>
- <script>
- function toggleTheme(themeName) {
- document.documentElement.classList.toggle(
- 'forced-dark',
- themeName === 'dark'
- )
- document.documentElement.classList.toggle(
- 'forced-light',
- themeName === 'light'
- )
- }
- const selectedTheme = localStorage.getItem('theme')
- if (selectedTheme !== 'undefined') {
- toggleTheme(selectedTheme)
- }
- </script>
-
- <meta name="robots" content="noindex, nofollow">
- <meta content="origin-when-cross-origin" name="referrer">
- <!-- Canonical URL for SEO purposes -->
- <link rel="canonical" href="https://fossbytes.com/github-copilot-generating-functional-api-keys/">
-
- <body class="remarkdown h1-underline h2-underline h3-underline em-underscore hr-center ul-star pre-tick" data-instant-intensity="viewport-all">
-
-
- <article>
- <header>
- <h1>GitHub's Copilot Is Generating Functional API Keys</h1>
- </header>
- <nav>
- <p class="center">
- <a href="/david/" title="Aller à l’accueil"><svg class="icon icon-home">
- <use xlink:href="/static/david/icons2/symbol-defs-2021-12.svg#icon-home"></use>
- </svg> Accueil</a> •
- <a href="https://fossbytes.com/github-copilot-generating-functional-api-keys/" title="Lien vers le contenu original">Source originale</a>
- </p>
- </nav>
- <hr>
- <p>Microsoft, in partnership with OpenAI, made Copilot available on <a href="https://fossbytes.com/tag/github" target="_blank" aria-label=" (opens in a new tab)" rel="noreferrer noopener" class="ek-link">GitHub</a>. For starters, it’s an assistant that can help you with better code suggestions, but it has been recently brought to notice that the AI is leaking API keys that are valid and still functional.</p>
- <p>First reported by a SendGrid engineer, he asked the AI for the keys, and it showed them. If you’re wondering the big deal here, API keys are critical as they provide access to all your app’s databases.</p>
- <p>Developer <a href="https://github.com/dtjm" target="_blank" aria-label="dtjm (opens in a new tab)" rel="noreferrer noopener" class="ek-link">dtjm</a> opened a request in Report Bugs where he posted an image of him requesting the secrets and getting back API keys.</p>
- <figure class="wp-block-image size-large"><img width="1024" height="630" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%201024%20630'%3E%3C/svg%3E" alt="AI is emitting secrets - github copilot" class="wp-image-217388" data-lazy-srcset="https://fossbytes.com/wp-content/uploads/2021/07/AI-is-emitting-secrets-1024x630.jpeg 1024w, https://fossbytes.com/wp-content/uploads/2021/07/AI-is-emitting-secrets-300x185.jpeg 300w, https://fossbytes.com/wp-content/uploads/2021/07/AI-is-emitting-secrets-768x473.jpeg 768w, https://fossbytes.com/wp-content/uploads/2021/07/AI-is-emitting-secrets-1536x946.jpeg 1536w, https://fossbytes.com/wp-content/uploads/2021/07/AI-is-emitting-secrets.jpeg 1876w" data-lazy-sizes="(max-width: 1024px) 100vw, 1024px" data-lazy-src="https://fossbytes.com/wp-content/uploads/2021/07/AI-is-emitting-secrets-1024x630.jpeg" /><noscript><img width="1024" height="630" src="https://fossbytes.com/wp-content/uploads/2021/07/AI-is-emitting-secrets-1024x630.jpeg" alt="AI is emitting secrets - github copilot" class="wp-image-217388" srcset="https://fossbytes.com/wp-content/uploads/2021/07/AI-is-emitting-secrets-1024x630.jpeg 1024w, https://fossbytes.com/wp-content/uploads/2021/07/AI-is-emitting-secrets-300x185.jpeg 300w, https://fossbytes.com/wp-content/uploads/2021/07/AI-is-emitting-secrets-768x473.jpeg 768w, https://fossbytes.com/wp-content/uploads/2021/07/AI-is-emitting-secrets-1536x946.jpeg 1536w, https://fossbytes.com/wp-content/uploads/2021/07/AI-is-emitting-secrets.jpeg 1876w" sizes="(max-width: 1024px) 100vw, 1024px" /></noscript></figure>
- <p>GitHub CEO has acknowledged the issue, and the GitHub team is working on the issue. </p>
- <p>Earlier this week, a lot of established open-source developers are moving away from GitHub. One of the developers said, “I disagree with GitHub’s unauthorized and unlicensed use of copyrighted source code as training data for their ML-powered GitHub Copilot AI. This product injects source code derived from copyrighted sources into their customers’ software without informing thereof the license of the source code. This significantly eases unauthorized and unlicensed use of copyright holder’s work.”</p>
- <p>If Microsoft is really doing this is still unknown, certain instances definitely prove the above statement. Here’s one of them.</p>
- <figure class="wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter"><div class="wp-block-embed__wrapper">
- <blockquote class="twitter-tweet" data-width="550" data-dnt="true"><p lang="en" dir="ltr">reproducing carmack's famous inverse square root function from Quake 3 <a href="https://t.co/l9xB2gflhc">https://t.co/l9xB2gflhc</a></p>— nixCraft (@nixcraft) <a href="https://twitter.com/nixcraft/status/1411440811095564290?ref_src=twsrc%5Etfw">July 3, 2021</a></blockquote><script data-minify="1" async src="https://fossbytes.com/wp-content/cache/min/1/widgets.js?ver=1625862119" charset="utf-8"></script>
- </div></figure>
- <p>What do you think of the GitHub Copilot AI? Do you think Microsoft is making the AI suggest code from copyrighted sources? Let us know your thoughts and opinions in the comments section below.</p>
- </article>
-
-
- <hr>
-
- <footer>
- <p>
- <a href="/david/" title="Aller à l’accueil"><svg class="icon icon-home">
- <use xlink:href="/static/david/icons2/symbol-defs-2021-12.svg#icon-home"></use>
- </svg> Accueil</a> •
- <a href="/david/log/" title="Accès au flux RSS"><svg class="icon icon-rss2">
- <use xlink:href="/static/david/icons2/symbol-defs-2021-12.svg#icon-rss2"></use>
- </svg> Suivre</a> •
- <a href="http://larlet.com" title="Go to my English profile" data-instant><svg class="icon icon-user-tie">
- <use xlink:href="/static/david/icons2/symbol-defs-2021-12.svg#icon-user-tie"></use>
- </svg> Pro</a> •
- <a href="mailto:david%40larlet.fr" title="Envoyer un courriel"><svg class="icon icon-mail">
- <use xlink:href="/static/david/icons2/symbol-defs-2021-12.svg#icon-mail"></use>
- </svg> Email</a> •
- <abbr class="nowrap" title="Hébergeur : Alwaysdata, 62 rue Tiquetonne 75002 Paris, +33184162340"><svg class="icon icon-hammer2">
- <use xlink:href="/static/david/icons2/symbol-defs-2021-12.svg#icon-hammer2"></use>
- </svg> Légal</abbr>
- </p>
- <template id="theme-selector">
- <form>
- <fieldset>
- <legend><svg class="icon icon-brightness-contrast">
- <use xlink:href="/static/david/icons2/symbol-defs-2021-12.svg#icon-brightness-contrast"></use>
- </svg> Thème</legend>
- <label>
- <input type="radio" value="auto" name="chosen-color-scheme" checked> Auto
- </label>
- <label>
- <input type="radio" value="dark" name="chosen-color-scheme"> Foncé
- </label>
- <label>
- <input type="radio" value="light" name="chosen-color-scheme"> Clair
- </label>
- </fieldset>
- </form>
- </template>
- </footer>
- <script src="/static/david/js/instantpage-5.1.0.min.js" type="module"></script>
- <script>
- function loadThemeForm(templateName) {
- const themeSelectorTemplate = document.querySelector(templateName)
- const form = themeSelectorTemplate.content.firstElementChild
- themeSelectorTemplate.replaceWith(form)
-
- form.addEventListener('change', (e) => {
- const chosenColorScheme = e.target.value
- localStorage.setItem('theme', chosenColorScheme)
- toggleTheme(chosenColorScheme)
- })
-
- const selectedTheme = localStorage.getItem('theme')
- if (selectedTheme && selectedTheme !== 'undefined') {
- form.querySelector(`[value="${selectedTheme}"]`).checked = true
- }
- }
-
- const prefersColorSchemeDark = '(prefers-color-scheme: dark)'
- window.addEventListener('load', () => {
- let hasDarkRules = false
- for (const styleSheet of Array.from(document.styleSheets)) {
- let mediaRules = []
- for (const cssRule of styleSheet.cssRules) {
- if (cssRule.type !== CSSRule.MEDIA_RULE) {
- continue
- }
- // WARNING: Safari does not have/supports `conditionText`.
- if (cssRule.conditionText) {
- if (cssRule.conditionText !== prefersColorSchemeDark) {
- continue
- }
- } else {
- if (cssRule.cssText.startsWith(prefersColorSchemeDark)) {
- continue
- }
- }
- mediaRules = mediaRules.concat(Array.from(cssRule.cssRules))
- }
-
- // WARNING: do not try to insert a Rule to a styleSheet you are
- // currently iterating on, otherwise the browser will be stuck
- // in a infinite loop…
- for (const mediaRule of mediaRules) {
- styleSheet.insertRule(mediaRule.cssText)
- hasDarkRules = true
- }
- }
- if (hasDarkRules) {
- loadThemeForm('#theme-selector')
- }
- })
- </script>
- </body>
- </html>
|