so... anywhere in the world?

I would be shocked if GitHub's lawyers didn't argue that using copyrighted material as training data for an AI model is highly transformative. There may be snippets available from the original but they are completely divorced from their original context and virtually unrecognizable unless they happen to be famous like the Quake inverse square root algorithm. And I think GitHub's lawyers would also argue that Copilot's use does not affect the _original_ market -- e.g. it does not hurt Quake's sales if their algorithm is anonymously used in a probably totally unrelated codebase.

Your counterexample would probably fail both tests -- it's not transformative use if your software hands out complete pieces of copyrighted software, and it would definitely affect the market if Copilot gave me the entire source code of Quake for my own game.

[0]: https://fairuse.stanford.edu/overview/fair-use/four-factors

[0]: https://slate.com/technology/2016/08/in-copyright-law-comput...

I think the point though is that security warnings need to be actionable and high-signal. Experienced folks are absolutely tuning out the security warnings on npm install, because 95% of the warnings are like the examples in the post -- I know they don't affect me/my use case and there's nothing I can do about them anyway. The effect is only compounded for novices who run "npx create-react-app hello-world" and immediately see something incomprehensible about a vulnerability in react-scripts > webpack > watchpack > watchpack-chokidar2 > chokidar > glob-parent. It either discourages them from programming entirely or it teaches them to ignore security warnings.

I don't disagree with your overall point -- e.g. we should absolutely teach novices "here's what XSS is and how to avoid it" early and often. But if a dependency manager is going to surface a vulnerability alert every time I install dependencies, the alerts should be 1) high severity (to the point where I should actually stop using the package if I am unable to patch/upgrade) or 2) at least immediately actionable. The current npm audit implementation does the opposite -- 95% of the alerts are totally irrelevant to my actual security posture, and the suggested command to upgrade a vulnerable dependency is unreliable and can actually downgrade to an older, even-less-secure version (!).

- https://packagecontrol.io/packages/SublimeLinter

- https://packagecontrol.io/packages/SublimeLinter-eslint

- https://packagecontrol.io/packages/JsPrettier

- https://packagecontrol.io/packages/LSP

- https://packagecontrol.io/packages/LSP-typescript

If you're on macos, I also recommend creating a file at ~/Library/Application Support/Sublime Text 3/Packages/User/Default (OSX).sublime-mousemap with the following contents -- this adds a cmd+click "go to definition" shortcut that's also equivalent to what VS Code provides. (I guess the path should be "Sublime Text 4" now? but after upgrading, the config at the "Sublime Text 3" path still works for me.)

[ { "button": "button1", "count": 1, "modifiers": ["super"], "press_command": "drag_select", "command": "lsp_symbol_definition" } ]

I've tried to switch to VS Code a few times -- language features (especially TypeScript) tend to work better out-of-the-box but it still isn't close in terms of performance. If you want IDE-like features to "just work" then VS Code is definitely the best choice, but the persistent (albeit sleight) input lag drives me up the wall.

[0]: https://www.jstor.org/stable/1339714?seq=1

Aha! is the #1 tool for product managers to plan strategy and roadmaps. We serve more than 300,000 users worldwide.

We are looking for:

* Experienced full-stack engineers to work on the Aha! product. Our application is built in Ruby on Rails, with some React on the frontend for rich client-side experiences.

* Security engineers, with hands-on Rails development experience plus experience with compliance projects, security policy development, or other security initiatives.

* A senior product manager with experience serving the needs of product and/or engineering teams.

Aha! is profitable, you can work from anywhere in North or South America, and we offer excellent benefits. We use our own product to manage our work (which is especially rewarding) and we deploy continuously.

Our entire team is remote - in North American timezones so we can collaborate during the work day.

You can view open engineering positions at https://www.aha.io/company/careers/current-openings, and click through to a specific job for our simple application form. Our job postings also have a lot more detail about the team, our values, and what you'd be doing day-to-day.

It's also worth noting that ADHD often comes with other mental health comorbidities; in my case, it exacerbated my depression. I would often fall into a spiral of inability to focus -> feeling bad about myself for not completing work that I was generally more than capable of doing -> even less ability to focus. I still have depression, but starting on ADHD medication all-but-removed my most frequent trigger.

Aha! is the #1 tool for product managers to plan strategy and roadmaps. We serve more than 300,000 users worldwide.

We are looking for:

* Experienced full-stack engineers to work on the Aha! product. Our application is built in Ruby on Rails, with some React on the frontend for rich client-side experiences.

* Security engineers, with hands-on Rails development experience plus experience with compliance projects, security policy development, or other security initiatives.

* A senior product manager with experience serving the needs of product and/or engineering teams.

Aha! is profitable, you can work from anywhere in North or South America, and we offer excellent benefits. We use our own product to manage our work (which is especially rewarding) and we deploy continuously.

Our entire team is remote - in North American timezones so we can collaborate during the work day.

You can view open engineering positions at https://www.aha.io/company/careers/current-openings, and click through to a specific job for our simple application form. Our job postings also have a lot more detail about the team, our values, and what you'd be doing day-to-day.

Aha! is the #1 tool for product managers to plan strategy and roadmaps. We serve more than 300,000 users worldwide.

We are looking for:

* Experienced full-stack engineers to work on the Aha! product. Our application is built in Ruby on Rails, with some React on the frontend for rich client-side experiences.

* Security engineers, with hands-on Rails development experience plus experience with compliance projects, security policy development, or other security initiatives.

* A senior product manager with experience serving the needs of product and/or engineering teams.

Aha! is profitable, you can work from anywhere in North or South America, and we offer excellent benefits. We use our own product to manage our work (which is especially rewarding) and we deploy continuously.

Our entire team is remote - in North American timezones so we can collaborate during the work day.

You can view open engineering positions at https://www.aha.io/company/careers/current-openings, and click through to a specific job for our simple application form. Our job postings also have a lot more detail about the team, our values, and what you'd be doing day-to-day.

Aha! is the #1 tool for product managers to plan strategy and roadmaps. We serve more than 300,000 users worldwide.

We are looking for:

* Experienced full-stack engineers to work on the Aha! product. Our application is built in Ruby on Rails, with some React on the frontend for rich client-side experiences.

* Security engineers, with hands-on Rails development experience plus experience with compliance projects, security policy development, or other security initiatives.

Aha! is profitable, you can work from anywhere in North or South America, and we offer excellent benefits. We use our own product to manage our work (which is especially rewarding) and we deploy continuously.

Our entire team is remote - in North American timezones so we can collaborate during the work day.

You can view open engineering positions at https://www.aha.io/company/careers/current-openings?category..., and click through to a specific job for our simple application form. Our job postings also have a lot more detail about the team, our values, and what you'd be doing day-to-day.

Aha! is the #1 tool for product managers to plan strategy and roadmaps. We serve more than 300,000 users worldwide.

We are looking for:

* Experienced full-stack engineers to work on the Aha! product. Our application is built in Ruby on Rails, with some React on the frontend for rich client-side experiences.

* Security engineers, with hands-on Rails development experience plus experience with compliance projects, security policy development, or other security initiatives.

Aha! is profitable, you can work from anywhere in North or South America, and we offer excellent benefits. We use our own product to manage our work (which is especially rewarding) and we deploy continuously.

Our entire team is remote - in North American timezones so we can collaborate during the work day.

You can view open engineering positions at https://www.aha.io/company/careers/current-openings?category..., and click through to a specific job for our simple application form. Our job postings also have a lot more detail about the team, our values, and what you'd be doing day-to-day.

Comments URL: https://news.ycombinator.com/item?id=24669060

Points: 3

# Comments: 1