zlacker

[return to "Watching AI drive Microsoft employees insane"]
1. cebert+t[view] [source] 2025-05-21 11:01:43
>>laiysb+(OP)
Do we know for a fact there are Microsoft employees who were told they have to use CoPilot and review its change suggestions on projects?

We have the option to use GitHub CoPilot on code reviews and it’s comically bad and unhelpful. There isn’t a single member of my team who find it useful for anything other than identifying typos.

◧◩
2. jshear+E[view] [source] 2025-05-21 11:04:40
>>cebert+t
> Do we know for a fact there are Microsoft employees who were told they have to use CoPilot and review its change suggestions on projects?

It wouldn't be out of character, Microsoft has decided that every project on GitHub must deal with Copilot-generated issues and PRs from now on whether they want them or not. There's deliberately no way to opt out.

https://github.com/orgs/community/discussions/159749

Like Googles mandatory AI summary at the top of search results, you know a feature is really good when the vendor feels like the only way they can hit their target metrics is by forcing their users to engage with it.

◧◩◪
3. XorNot+D2[view] [source] 2025-05-21 11:31:34
>>jshear+E
Which almost feels unique to AI. I can't think of another feature so blatently pushed in your face, other then perhaps when everyone lost their minds and decided to cram mobile interfaces onto every other platform.
◧◩◪◨
4. diggan+I3[view] [source] 2025-05-21 11:42:21
>>XorNot+D2
> I can't think of another feature so blatently pushed in your face

Passkeys. As someone who doesn't see the value of it, every hype-driven company seems to be pushing me to replace OPT 2FA with something worse right now.

◧◩◪◨⬒
5. simonw+T5[view] [source] 2025-05-21 12:00:13
>>diggan+I3
It's because OTP is trivially phishable: setup a fake login form that asks the user for their username and password, then forwards those on to the real system and triggers the OTP request, then requests THAT of the user and forwards their response.

Passkeys fix that.

◧◩◪◨⬒⬓
6. diggan+W7[view] [source] 2025-05-21 12:14:20
>>simonw+T5
Except if you use a proper password manager that prevents you from using the autofill on domains/pages others than the hardcoded ones. In my case, it would immediately trigger my "sus filter" if the automatic prompt doesn't show up and I would have to manually find the entry.
◧◩◪◨⬒⬓⬔
7. ipsi+jb[view] [source] 2025-05-21 12:40:29
>>diggan+W7
And yet that's not enough, even when someone very definitely knows better: https://www.troyhunt.com/a-sneaky-phish-just-grabbed-my-mail...

Turns out that under certain conditions, such as severe exhaustion, that "sus filter" just... doesn't turn on quickly enough. The aim of passkeys is to ensure that it _cannot_ happen, no matter how exhausted/stressed/etc someone is. I'm not familiar enough with passkeys to pass judgement on them, but I do think there's a real problem they're trying to solve.

◧◩◪◨⬒⬓⬔⧯
8. diggan+9d[view] [source] 2025-05-21 12:56:37
>>ipsi+jb
If you're saying something is less secure because the users might suffer from "severe exhaustion", then I know that there aren't any proper arguments for migrating to it. Thanks for confirming I can continue using OTP without feeling like I might be missing something :)
◧◩◪◨⬒⬓⬔⧯▣
9. simonw+FR[view] [source] 2025-05-21 16:57:34
>>diggan+9d
Passkeys genuinely do protect against severe exhaustion attacks.
[go to top]