Get the top HN stories in your inbox every day.
dmitriv
somebehemoth
I think the constructive criticism is best directed at whatever process you are following. That process allowed a very visible user facing change in a widely used piece of software. How did this change make it to production without some process catching the impact of this change? Was there really no internal discussion from a code review at least? This seems hard for me to believe. I expect more from Microsoft.
serial_dev
> Was there really no internal discussion from a code review at least? This seems hard for me to believe.
The outlined story feels unfortunately very believable to me.
Teams need to push out the most number of features, and nobody stops even for a second to think about how a feature might affect other flows or other users not in the feature request.
It might have been quickly reviewed to check if the code does what it needs to do (add the coauthor note).
Do you think reviewers will think about unwanted effects, when they need get back to feeding their own poorly thought out and underspec’d features to their LLMs?
_doctor_love
> Was there really no internal discussion from a code review at least? This seems hard for me to believe.
>The outlined story feels unfortunately very believable to me.
100% agree here - we seem to forget that most developers hate code reviews. I actually laughed out loud at the use of the word "discussion," it's so rare people want to get together and talk about changes. By the time the PR is up anything that stands in the way of merging and shipping is seen as a nuisance.
To my mind this whole debacle is not really the individuals fault or even the team's fault but the economic pressures that drive people into situations like this.
dmitriv
Fair point. We did catch it internally in testing (as we use VS Code for all our work, so some folks did stumble on it), but I think we underestimated the impact and should do a better job at that.
saghm
This is honestly the most concerning part of all of this. You're saying you knew that this exact bug was present up front and still decided to release it?
This basically invalidates the entire premise that it was an innocent mistake. It's impossible for me to believe that you actually thought that people wouldn't care about 100% of their commits being attributed to Copilot even when it was never used. Either you're misconstruing what you caught with the testing beforehand or your entire development process is tainted, because there's no way that a non-evil corporation would see this default behavior and think that people would be fine with it. It seems far more likely you just thought you could get away with it.
anbende
A generous read of this comment might be that you did catch it internally in testing AFTER it shipped but shrugged it off as something you'd patch in the next release in a week or two. Is that what you meant here?
Or that it was caught but didn't surface fully before release?
A helpful governance policy here might be that anything that mutates user content without opt-in consent requires a distinct sign-off or a double sign-off. If the goal is to prevent this from happening in future.
lppedd
Thank you. My personal opinion is the idea of weekly releases should be discarded. It's too easy to release broken stuff in non-insiders updates.
I think many people agree here.
geekone
You say in another comment this slipped through testing. Can you elaborate on exactly what was caught in internal testing?
undefined
PunchyHamster
It got to production because they wanted it.
> This seems hard for me to believe. I expect more from Microsoft.
Those are some baseless expectations given the entire company's history
noisy_boy
Expecting more from Microsoft is the new showing-my-age: of being born in this century.
marricks
Also, who/what group is pushing for this change internally and what is the opinion of the team implementing it? What is the road map and vision for AI in VSCode?
sorry_outta_gas
[dead]
jamesbfb
I think there’s a few of us who appreciate you being up front. I’d question the intent and why it was a mistake, especially when the commit[0] message reverting said functionality states “widespread criticism” citing this very HN article makes it look seemingly like the revert is due to negative PR opposed to a mistake.
[0]https://github.com/microsoft/vscode/pull/313725/commits/1e70...
l2dy
Author of that PR doesn't seem to be a Microsoft employee. Keep in mind that anyone on GitHub can create PRs against VSCode.
beardbandit
Author is absolutely from Microsoft
lightdot
Even if that would be so, the person who approved it certainly is.
dmitriv
I am reverting it because there are bug in the feature and it obviously does not work as expected. Any feedback is important, HN or not.
liendolucas
So, you're reverting because of "bugs", not because you had massive backfire? Do you understand that no one wants this, right?
undefined
PufPufPuf
My issue with this: if my intention is to never have these "co authored by <tool>" trailers in my commits, this is a sudden breaking change. What's worse, it is not immediately visible to the user. Now I could look like I use a not-company-approved AI. That's absolutely unacceptable, this could cost people their jobs. The "bug" (or "metrics boosting feature", as PMs call it?) that it claims all commits including ones never touched by Copilot are just icing on cake.
alemanek
Changing the default behavior for all of your users with no notification is pretty unforgivable. Even if this feature worked correctly, it obviously doesn’t, this should at minimum be a prompt after upgrade to let the user confirm that this is what they want. But honestly should be opt in for those that want it.
To have it silently just start adding marketing copy to git commit messages is pretty bad. To have that added text not be visible to the user in the UI so they can remove it before commit is just much worse.
This kind of thing being released speaks to a greater disfunction over there. Not a good look at all and I am not a Microsoft or AI hater. But my commit messages are not where you move fast and break things
Aperocky
Well, the good news is commit messages are some of the most visible thing, and there are no silent modifications that are really possible.
The bad news is - where else have this happened in VS Code?
- A happy user of (n)vim
echoangle
> Well, the good news is commit messages are some of the most visible thing, and there are no silent modifications that are really possible.
The problem is that it's only visible after committing, it doesn't seem to show in the integrated git view when you prepare the commit.
Aerolfos
> Changing the default behavior for all of your users with no notification is pretty unforgivable.
I noticed that as soon as you make a bug report/feature request on VSCode's repo, you instantly get someone's OpenClaw agent with an automated pull request that sometimes wants to change defaults in the main codebase
Looks like AI is really trigger-happy with that, with zero understanding or care that there's thousands of users affected and it's not just one individual's settings.json
Also, the hallucinated PR does not necessarily address the original issue whatsoever, just like this PR. It should have functionality to detect AI-authored code, but whoever made the PR skipped actually doing the hard work and just changed a default to always on, exactly the kind of misunderstanding you see with OpenClaw shotgun PRs
zelphirkalt
And then they apparently posted an alibi "I'm sorry" here. Or maybe it is genuine, but the choice is between incompetence and fake "I'm sorry". Where is QA?
zzo38computer
> To have it silently just start adding marketing copy to git commit messages is pretty bad. To have that added text not be visible to the user in the UI so they can remove it before commit is just much worse.
This is one of the problems, but it is not only one. To be better, should be:
1. It should be visible in the UI for entering the commit message, to make it clear what it is doing.
2. It should not add such a thing if the Copilot is disabled. (It is mentioned by dmitriv and would hopefully be fixed soon enough)
I do not use Copilot nor any other LLMs nor VS Code, but if the problems are corrected then I think the feature would probably be reasonable.
dmitriv
Agreed on both points. Having it shown before going into the commit would let the developer decide whether they want it. #2 is fixed in my PR.
imron
> Changing the default behavior for all of your users with no notification is pretty unforgivable
How else is a poor programmer gonna hit their KPIs and get that promo?
someguynamedq
"unforgivable" is a little melodramatic
allarm
No, it's fine. I really hope that more people will switch to something else, like Neovim, Emacs, or any other open-source editor where such unacceptable situations are practically impossible. I hope more people will start to value their privacy and right to choose, and find the courage to say gtfo and switch to something else. Because this is unforgivable.
lucas_t_a
please no more popups on vscode, im begging you
Pay08
It really is a problem, across Microsoft as a whole. I had to ditch VS after the constant popups finally pissed me off enough.
dakolli
[flagged]
boxed
> Changing the default behavior for all of your users with no notification is pretty unforgivable.
What does that even mean? The git log exists. Do you mean they should shove the entire git log in the face of every user on every update?
Obviously this change was a massive fuckup, but that sentence makes absolutely no sense.
alemanek
It just means that when changing a global default with such impact the user should be prompted with an option to opt out of the new behavior. Something like “AI assisted changes will now have ‘coauthored by Copilot’ added to the commit message”. If the user clicks “no thanks” it changes their local setting to “off” to opt them out of this new global default.
anvuong
Don't you understand that the default shouldn't be changed at all in this case? It improves nothing and affects every single user. If an org/project wants this behavior then it can enforce this flag for its contributions. The only valid reason for this change is someone's performance somewhere in Microsoft is dependent on VS Copilot usage metric.
dmitriv
Good feedback, there needs to be a more explicit opt-in into this for teams that want it. FWIW nobody's performance here will improve from having this metric :-)
allarm
> FWIW nobody's performance here will improve from having this metric
It's even more frightening if so. Meaning you really thought it's something users wanted.
kgeist
Interesting case:
- a project manager vibe-coded the change without thinking it through at all
- the PR was reviewed by an LLM
- an actual engineer gave LGTM without really reviewing the changes, trusting the LLM
Did I get this right?
throwaway277432
>a project manager vibe-coded the change without thinking it through at all
The PMs vibe-coding and having no idea what they're doing isn't even the main issue (although it is pretty bad).
The main issue is: how are the actual engineers supposed to "review" the slop? They probably report to the same PM or are at below in the org chart and might be evaluated by them. Not just at MS, but any company.
Such a conflict of interest would be detrimental to quality anywhere. You wouldn't build a bridge like this, nor should you software.
undefined
duskdozer
The revert commit appears to have also been done by copilot
strix_varius
You can't make this shit up.
teg4n_
The LLM actually points out the problem tho
isityettime
Maybe the engineer's LLM agent's summary of the GitHub LLM bot's review omitted that warning.
schwede
Why does the commit editor hide the coauthored message? Why not pre-populate the text field and users take or leave it when committing?
dmitriv
I think this is a good point - perhaps there should be some commit-time UI which would let the user make the choice. Thanks for the suggestion!
jdlshore
Co-Authored-By is normally a trailer, and trailers aren’t part of the commit message. It’s likely the commit editor isn’t set up to show trailers. They’re not exactly obscure, but it does seem that they’re relatively unknown.
mplanchard
What do you mean they aren’t part of the commit message? Trailers like (signed off by) are absolutely part of the message. Tools can choose to treat them as special metadata, but they’re part of the commit.
The docs for the function to interpret trailers even says this explicitly: https://git-scm.com/docs/git-interpret-trailers
> Add or parse structured information in commit messages
snet0
Why are you taking the fall and not the PM who authored the change (and submitted a PR with an uninformative title and no comment) and, I'm assuming, plays a role in managing the project?
rsynnott
One fascinating thing about the whole AI phenomenon is how incredibly hostile it is to _standards_. Whether something works properly, or is ethical, or is true, no longer matters at all; all that matters is "pls use our AI".
Microsoft spent literal decades rehabilitating their reputation. And then set fire to the whole thing in an offering to their robot gods.
And it's not just them. There was a time that Google cared deeply about UX. Now, on macOS Google remaps CMD-G in Google Docs to launch some LLM bullshit (EDIT: huh, they may have fixed this; it was definitely doing it a couple of weeks ago), because, after all, it has only had a standard universal meaning on macOS for about three decades, no big deal.
storus
It's a complete takeover of technically incompetent management that feels like it can finally execute their ideas to the fullest instead of relying on those pesky swengs with their obstructions, complaints and problems. We'll soon get the management utopia everywhere.
mohamedkoubaa
Principal engineer balks at bad UX when the PM should know better (it's their job)
2023: Ah well I guess we can't do it
2025: you're fired. Hey kid we hired two weeks ago, implement bad idea please
palata
To be fair, it was already done by bad managers long before.
Kwpolska
2026: you're fired. Hey Claude, implement bad idea please
brazukadev
That's how I got my first opportunity 20 years ago
JXavierH
Implement bad idea, but use AI. That's the MO right now.
yubblegum
Give me a break. This was already happening with Web 2.0 and things like "microservices".
xp84
It wasn’t AI that brought us Apple’s gray on slightly-lighter-gray UI standards, nor the 10,000,000 ••• menus that have infested every webapp in the past 10 years as an alternative to thoughtful UI design. We humans made everything shitty before we made AI.
drivers99
> Apple’s gray on slightly-lighter-gray UI standards
It's a tangential point, but I turned on System Settings -> Accessibility -> Display -> Increase Contrast (the on/off option, not Display Contrast) and now at least the windows are outlined sharply.
befictious
Good thing we trained our fortune teller calculators on all that historic shittiness!
iugtmkbdfil834
Maybe, but at least the 10,000,000 options were there instead deemed that they are not to be used by those pesky users. And now its they are not just hidden. They are simply not there.
coldtea
Guns and bombs also didn't create war. But they did made it way more lethal.
jayd16
What is it about AI where the discussion is immediately derailed with whataboutism? Like, are these actually good faith comments? What's the point of bringing up "well some other bad stuff already existed"?
hansmayer
It makes perfect sense / there was that talk by the ex-Google CEO Eric Schmidt saying something along the lines "imagine you could develop the software, but without that arrogant programmer". They just hate people, that's all.
wiseowise
The sentiment is mutual.
cindyllm
[dead]
ravenstine
100%
This AI boom is not a boom because its good for developers or users. It's a boom because it's a management dream; the promise of pumping up growth while reducing expensive workforce is simply too good for them to not throw decades of platitudes and "best practices" out the window. When people point out where AI fails, they're not seeing past the end of their nose. They don't realize they're not the real customers. It is leadership with millions in buying power who are the customers, and they're the same ones who only ever cared about managing the perception of success and growth; your clean code and user-focused development practices didn't matter to them back then and they certainly don't matter to them at all now. When it comes to an absolute state of garbage products and software, we still ain't seen nothin' yet.
singpolyma3
To be fair, most of our industry is so stupendously bad at executing that you can keep growth and save costs by simply laying people off. No AI required.
Tade0
Some time ago my then project owner remarked that possibly in the future apps won't require an UI and people will just interrogate the LLM directly.
I read that as a sign to make a coordinated exit.
Truth be told our project was one of many "catalogue of stuff" kind of apps which at this and projected scale could have well been a spreadsheet in the cloud with search enhanced by LLM.
elcritch
The idea of having a non-crap Siri on my phone that I could interrogate directly would be amazing.
My ADHD brain would love to do this stuff:
"Hey AI, how much is my electric bill this month?" and "Okay thats high. Pay it but remind me next week to order a new AC after researching options for me."
wiseowise
> Some time ago my then project owner remarked that possibly in the future apps won't require an UI and people will just interrogate the LLM directly.
And those LLMs will run on unicorn farts and world hunger will be solved too. Do people lack basic logic or is it just when it comes to LLMs?
digitaltrees
Bring on the feature creep and epic down time
xnx
On the other hand, no one to place the blame on if management does it themselves.
dgellow
The recent cases of companies who deleted their prod DBs while using LLMs are blaming “the rogue AI”. So it seems you can just blame AI lab companies and folks roll with it. Even better, they asked it to generate its own apology, no need to spend time trying to explain to your customers why everything is gone
lkjdsklf
That's definitely not true.
There's always people for management to blame. That's the great part of being management.
By definition, there's someone/thing you're managing that you can pass the blame onto.
morpheos137
Perennial HN trope: all bad tech evolutions are management's fault. Engineers are flawless paragons of technical purity.
matheusmoreira
Hard to blame the engineer when the engineer gets fired for not implementing management's whims. As much as I'd like to hold people accountable and say they should just accept getting fired instead of compromising the ideals, the truth is I've got a family now and if they paid me enough I'd do the same.
antonvs
Remind me who makes the final decisions in these scenarios. Also, how do boots taste?
jazzypants
Of course there are shitty engineers, but they aren't allowed to do anything without shitty management.
uncircle
Found the project manager
ExoticPearTree
> Microsoft spent literal decades rehabilitating their reputation. And then set fire to the whole thing in an offering to their robot gods.
Probably they thought the new generations forgot about how awful they were in the not so distant past.
I think they set it all on fire because greed got the better of them again.
makeitdouble
> greed
Is a greed/not greed scale really useful to discuss company behaviors ?
I wanted to say I get what you mean, but even thinking about the company I root for the most, I can't think of a point where they're not driven by their desire to make a lot more money.
If your point is that there's good and bad ways to seek money, I'm not sure it's properly encompassed by "greed", which I interpret as the intensity of a desire, not its nature or validity.
To you "greed" might mean something else, but is it properly conveyed ?
estimator7292
Approximately everybody would like more money.
Greedy people put the desire for more money above the welfare of the business, themselves, and other. Greedy people literally put their desire for more personal wealth above the very lives of others.
Greed/not greed is a very fair way of putting it. One can operate a business that requires profit without wanting to destroy everyone and everything that stands in the way of more money.
kukkeliskuu
The Seven Deadly Sins provide an interesting perspective to human psychology even in modern times. Greed / avarice is defined as wanting more than you need.
techno303
maybe long term vs. short term is the key idea. apple, for example, could rake in bountiful measures in the short term if they ventured away from their boutique-electronic-consumer-goods niche. in the long run it would hurt their bottom line to do so
rafael-lua
I'm old generation and almost forgot for a while. GitHub was good even on their hands at the beginning, C# is amazing, TypeScript is amazing, wsl2 is game changer (which includes the change in Microsoft's position about linux), vscode is amazing, microsoft great increase in presence on opensource was nice (rushstack for example), etc...
But well, they still have the garbage side, which seems to be spreading again.
ExoticPearTree
I second the C# praise: we have a few teams building software with C# and having to debug it here and there, it is very modern, compiles cross-platform and has lots of functionality already built-in and from the release notes I read from time to time, the people behind it know what they are doing.
wiseowise
> Probably they thought the new generations forgot about how awful they were in the not so distant past.
And they're right.
ninjagoo
> Probably they thought the new generations forgot about how awful they were in the not so distant past.
More likely, never learned about it in the first place, save a few whispers. Who's got time to go digging in deep, when there's 'experiments to run, research to be done' ...
> I think they set it all on fire because greed got the better of them again.
new blood, new greed
ProofHouse
Whomever at Microsoft is making these decisions and oversees all this, yeeeesh
jcgrillo
Isn't that just like.. what Microsoft has always been? Browser wars, Tay, bad behavior around open source software.. This is how they roll. They're being their best selves.
uncircle
The fish rots from the head. The AI push, the destruction of Windows are the result of Nadella's strategy.
cyanydeez
AI psychosis. Divide between rich and poor. They live in their own golden bubbles and there's no sanity checks. The workers are so far removed from the realm of competentance and influence it's just CEOs and VPs trying to pump the next 6 months stock value regardless of anything.
It's like the zeitgeist has decided the only thing that matters is their own farts and how they dont smell.
shaky-carrousel
The industry spent decades preaching us about power savings, with Microsoft settings application lecturing about power saves and the update app programming them on renewables peak, only for... wasting gigawatts by forcing us to have copilot everywhere.
If Microsoft were consistent, which isn't, power saving mode would disable AI features.
pletnes
They asked developers to help them improve windows battery life on laptops, competing against chromebooks and macbooks.
The AI gigawatts are all in data centers.
They never cared for the environment (in this way, at least).
baobabKoodaa
Windows still asks you to reduce the refresh rate of your monitor from 240Hz to 60Hz in order to save the environment.
carschno
In literally must have missed that. When did Microsoft ever encourage energy saving? Is this related to power saving for extending laptop battery runtime? But then I don't get the link to renewable energy.
Anyway, I agree with the notion of the extreme energy-inefficiency of LLMs. The scale of it makes it hard to imagine any less efficient product will ever be invented.
shaky-carrousel
They literally have a green leaf next to power saving options. Also, there's an option in windows upgrades to time the upgrades to when the grid is mostly renewables.
kami23
When I've been working on stuff that requires a SSO login, I noticed that it makes, what I considered, hostile anti-user choices in defaulting to tracking pieces of information I didn't want to track and hadn't mentioned.
Fair that I didn't instruct it explicitly to make more pro-user choices, it just seemed to think slurping as much information into the backend was an default intention. Wasted a few more tokens to iterate on it to remove things, but it was IMO interesting enough that I finally submitted feedback around what I imagine is an interesting training problem.
pseudohadamard
If you're using Claude, try /grill-me before getting it to start working on things.
pocksuppet
Has always been the case. Corporations hate standards and would rather lock you in except where market forces prevent them. It was a miracle we have something like the internet - and the government had to create it.
Microsoft's decade-long PR rehabilitation has worked wonders for them.
dspillett
Except the standards other & regulations that increase the barrier for market entry. They love those standards once they feel sufficiently entrenched.
diego_sandoval
> Microsoft spent literal decades rehabilitating their reputation.
Mmm... I think I missed that part.
smaudet
Not everyone bought it, but they campaigned hard...and now see it was all just a dog and pony show. The hold-outs were right...
bigstrat2003
Not really. A company is not one monolithic entity with a single will. Far more plausible than "it was all a trick" is that for a time, people were in charge who really were trying to improve things, and now, those people have been replaced with others who are willing to burn it all down.
ninjalanternshk
Before 2010 or so, “serious” internet developers wouldn’t touch Microsoft stuff — Microsoft was for office memos and poorly structured spreadsheets and that was it.
So yeah, Azure being a real option at the highest levels of internet-scale operations is a turnaround from where they were.
Demiurge
That’s not an accurate take. Microsoft has had a monopoly on the PC desktop OS. Anyone writing applications for users was targeting Windows and using Microsoft. To call most of these developers “not serious” is quite and overstatement. This includes all PC game developers, DAW, CAD, Adobe…?
Azure expanded the Microsoft franchise, and provides another prong to their whole integration story just like cloud AD services and online Office 365 provide another way to stay integrated into their ecosystem.
Yeah, they needed to work on their image somewhat, but their image never negatively impacted them
krupan
They went from demonizing open source software to buying GitHub, releasing their own open source software (including VSCode), and hosting Linux on Azure. Huge changes! But of course it ends up being another Embrace and Extend move by the masters of that tactic
undefined
bitwize
Hackernews used to experience a collective paroxysm of joy every time a new Visual Studio Code dropped. There definitely was a pervasive belief that the Nadella era ushered in a cuddly new Microsoft.
danlugo92
I remember a time, way back, around 2010 maybe?, where Microsoft was referred to as "M$" in this place and generally perceived as an evil corporation o.O
discordance
Remember “Microsoft <3 Linux”
hirvi74
I tried my hardest to block that out of my memory. Everyone knew their fingers were crossed behind their backs.
janice1999
They invested billions. They're scared.
ExoticPearTree
> They invested billions. They're scared.
They could have shipped a good product with all those billions they spent in reinventing Clippy.
I have this feeling that their bet was that all the Microsoft shops will jump on Copilot without looking at alternatives, so they did not really have to make it as good as their competition.
b00ty4breakfast
"good" is not important for software anymore, at least in the regular consumer market. Companies have discovered that people will just continue to accept subpar, unfinished and sometimes even partially-functioning software.
rsynnott
Making good products simply no longer seems to be on the agenda for most of these companies.
altmanaltman
Microsoft continues to make billions in profit despite its spending on AI, because it has a diversified business that generates revenue. I don't get why they would be "scared"? It's basically a calibrated risk at that level.
KronisLV
> They could have shipped a good product with all those billions they spent in reinventing Clippy.
I really liked Copilot - it gave you a lot of tokens across a bunch of models and their agentic features were perfectly serviceable, alongside it being really affordable! And then they moved over to usage based billing and it no longer has that advantage over the alternatives: https://github.blog/news-insights/company-news/github-copilo...
I still think they have a really good AI tab autocomplete implementation and it's nice to be able to use that in VSC without swapping to another editor altogether... but that's not enough to really make me pay for their subscription. I could probably move to Zed altogether if I had a problem with VSC itself, though at least the base editor doesn't feel like it has been enshittified and I quite like it, all things considered.
estimator7292
Good products are not profitable enough. Not that good products are profitable at all, but if it doesn't make disgusting amounts of money this quarter it's not worth considering at all.
We've reached the phase of "infinite shareholder growth" where physics says no, and that is so unacceptable that we'd rather burn down the entire global economy than accept less than exponential growth. It isn't that growth is impossible either, there just can't be enough growth. Break-even is apparently a fate worse than death
bigyabai
> They could have shipped a good product with all those billions
They did. It's called Azure: https://www.geekwire.com/2026/microsoft-tops-wall-street-exp...
krupan
And they aren't the only ones! The bubble might be reaching it's size limits
nicbou
Good thing they are holding the economy at gunpoint.
cyanydeez
They invested billions. They can exit in 6 months if this thing stays afloat.
I don't think it's fear; it's greed.
rcbdev
GMAIL in the web is so shitty, I literally switched over to another provider. I don't know how anyone can use them as their webmail client. You can't make sense of longer mail threads with forwards, answers etc. in between - it becomes an unreadable hot mess.
jaskerr
Would you tell us which provider/client you switched to?
ddkto
The best part is that copilot commented on the PR saying that this doesn’t actually change the behaviour, creates inconsistency in the codebase and suggested reverting the change! (This comment seems to have been ignored…)
> The configuration schema default was changed to "all", but the runtime fallback in extensions/git/src/repository.ts still calls config.get('addAICoAuthor', 'off'). This is now out of sync and can lead to unexpected behavior in contexts where the contributed configuration defaults aren't loaded (e.g., some tests/hosts), and it makes the intended default unclear. Update the runtime fallback to match the schema default (or omit the fallback so the contributed default is used).
HeavyStorm
That's pretty standard review practice in there by now.
jagged-chisel
But it was apparently ignored.
dlopes7
It wasn’t ignored, the second commit fixes what the bot suggested
stefan_
I also liked the bot posting screenshot diffs that are all false positives, while apparently not capturing the default change (is it not in some menu somewhere?)
aduwah
Constructive feedback: revert it and then apologise instead of just doing half of it.
brendoelfrendo
There are two commits in the PR, the second of the two seems to update the fallback config to avoid the inconsistency that Copilot was complaining about.
yankohr
This feels like the modern version of 'Sent from my iPhone' but much more invasive. Git commits are legal and technical records. Falsifying who authored a piece of code just to pump up AI usage stats is a huge breach of trust and it is disappointing to see Microsoft prioritize branding over the integrity of the developer's log. I expect my IDE to record what happened, not what the marketing department wants people to think happened.....
tln
Absolutely, messing with commits is more invasive than messages. It gets worse:
"Sent from my iPhone" appears in the authoring view, and you can delete it.
Co-authored-by: NEVER appears in the commit message UI - it is added without the user even seeing it.
apexalpha
My Claude Code just puts it in the commit which anyone can read before pushing. Is that not the case here?
adastra22
I don't use git features in vscode, but from what I understand the user clicked some button to make a commit, typed in a commit message, and then hit "OK" and the editor called `git commit ...` in the background... after silently adding "Co-Authored by Microsoft Copilot" to the commit message.
That's a little different than Claude doing the commits all by itself and happening to include an attribution line. Especially since, as it turns out, this was being done on clients that had all the AI stuff turned off. But even if that weren't the case, it'd still be wrong.
Also you shouldn't be using Claude that way...
slenk
Anthropic documents how to turn it off, though, and shows you in the commit message preview
Esophagus4
And also those early Spotify days where Spotify would automatically post what you’re listening to to your Facebook wall.
I’ve always seen that practice of using the user as your recommendation lever without their consent as unethical.
delecti
Those services always asked ahead of time though. And at the time, it was seen as cool, like a not-so-subtle "look at me, listening to music on this cool service".
heisenbit
My suspicion is that it violates the users copyright on their commit message.
rodw
Technically (in the US at least) purely AI-generated content has no copyright, hence any copyright associated with the commit can only assigned to the human authors (or the entity they are working for). As I understand it neither Copilot nor Microsoft should have any actual claim of authorship (from a copyright/IP perspective).
It's still quite problematic IMO
yubblegum
It is designed to undermine any future disputes regarding IP and their "AI" being trained on our mind products.
Henchman21
I think it's kinda cute that you don't see it as an attempt to steal code by claiming they "co-authored" it. How long before they claim they can use any code co-authored by Copilot in training? How long before you see your own code, "co-authored by Copilot" as an output in a commercial product that YOU aren't making a profit from? Just a thought :)
undefined
visarga
That makes the bite less damaging - if everyone hax "Co-authored-by AI" in their commits less shame for it, just a normal fact of life now, not a sign of low quality.
aDyslecticCrow
It's either neutral useless information, or a sign of low quality. It's never positive.
Its a sign that the developer didn't pay attention to what they committed. Like a spelling error, or forgetting to run the linter.
If the IDE added "written with vscode" i would be equally furious.
Pay08
According to the link, the message changing isn't visible to the user in any way (besides running a git log after the fact).
Pay08
I've never heard of git commits being used in a legal case, do you have any examples?
tuetuopay
I don't know if it's been tested in court, but that's the rationale behind the Signed-off-by lines the kernel requires in all patches sent. It's a way to tell the (legal) ownership of a piece of code.
polski-g
Good point. That fake commit addendum means that the entire commit contents would not be under copyright protection. AI generated code is not currently copyrightable.
jiveturkey
It doesn't mean that. A Co-Authored-By header isn't a legal signature or legal assertion of AI generated code.
VanTheBrand
It’s certainly an assertion.
whattheheckheck
Is thos actually decided yet? Closest thing was the image generation cases. What's your go to source for this?
bdangubic
Not that simple… this is great read: https://legallayer.substack.com/p/who-owns-the-claude-code-w...
bjt
Still if you're the lawyer on the side of the lawsuit claiming that the code is copyrightable, you really don't want that copilot attribution in the commit message muddying the waters.
hirvi74
Outside this instance, how can one prove code was AI generated beyond a reasonable doubt? Also, do you (or anyone else) know how much AI/copied-code has to be modified for it to be considered independent?
If AI generates code, and one just renames some variables/method signatures, then what?
tyre
> how can one prove code was AI generated beyond a reasonable doubt?
Subpoena the provider they use.
Even if they don’t retain the full context, they have to save API calls for billing and analytics. If you’re clauding for the hour up to and after the commit, one can reasonably assume you built it with (if not exclusively by) AI.
graemep
Reasonable doubt is required in criminal cases,most disputes about whether AI or human wrote code will be civil cases.
MaKey
FYI, they changed the default of 'git.addAICoAuthor' to 'chatAndAgent' afterwards: https://github.com/microsoft/vscode/pull/312880
So it was 'off' -> 'on' -> 'chatAndAgent'
nusl
Changed back or not, this demonstrates that they're either willing to make sweeping changes like this that hurt a massive number of users, or that they're incompetent to the point of not realising the impact of the first change. They'd have had to just blindly make the change, since the original PR was approved and merged within the same minute by the original author (no additional eyes, at least that we can see), or ignore user complaints and make it anyway. Both cases demonstrate terrible stewardship of VSCode.
undefined
dbeley
This should be higher, as this dates from 5 days ago I wonder why OP didn't bother to mention this follow-up
kllrnohj
To be fair to OP, that follow-up doesn't appear to be mentioned anywhere in the discussion on #310226, either. They probably should have left a note about that change before locking the thread.
indrora
To be honest, I didn't see the follow up. It just incensed me enough that they would do that to begin with.
Right up there with Zed being pretty open that they siphon your code through their API surface and have a "Just Trust Us Bro" data retention policy, along with no way to turn the collaboration features off.
- OP
kevinmgranger
What's this about Zed? I've been considering switching to it but I want to know more about what you mentioned.
undefined
SwellJoe
"Sent from my iPhone" marketing only works if people want everyone to know they're using the product.
ssl-3
That's one way that it works, but that's not the main driver.
This kind of tagline marketing works best with people people who aren't even aware that they're participating, and who aren't bothered to do anything different it even if they become aware.
The juice isn't worth the squeeze, so the marketing remains.
Sent from my iPhone
Downloaded from Demonoid
Rusty n Edie's: The world's friendliest BBS 216-726-0737SwellJoe
But, also, I think in this case, it makes people less likely to use the product, as there's a lot of baggage around agent-written code. People who shouldn't be using it are using it to make so many PRs it's become a DoS attack for some projects, so a lot of project maintainers are rightly sniffy about AI-written code.
ssl-3
I'd like to think that the level of cognitive sophistication necessary to assess the situation negatively would be very widely available. That would be a very pleasant line of thought for me.
But then, I look at the modern-world empires that are built upon advertising and realize that reality just isn't that way. At all.
tardedmeme
There's no such thing as bad publicity. If people who didn't know about your product become angry about your product, they're more likely to buy it.
TeriyakiBomb
100% I have one ~tiny~ project that has a handful of stars and actual people seem to use it. End of last year I received a huge slop drive-by PR on it. Spent 20 minutes reading it, realised it was just nonsense. I want my friggin' 20 minutes back.
I can't imagine how infuriating this is for maintainers of projects with much more footfall. I'm frankly shocked more aren't just outright closing the doors to PRs from unknown contributors
bandrami
Huh. I always thought the point of "Sent from my iPhone" (or the earlier "Sent from my Blackberry") was that it indicated "I don't have access to my desktop and file server right now so don't expect me to send that file".
bandrami
I once was involved with booking the actor Kal Penn for an event and his signature line was "Sent from your mom's house". I always loved that.
djyde
However, there's one counterexample: some email clients in the past experienced explosive growth by adding signatures. It was annoying, but it definitely worked.
blaze33
Someone, somewhere, probably has a "% of commits co-authored by copilot" KPI.
conception
100% hundreds of people do.
manquer
Doubly so, because you are being used as ad-channel and not being compensated for it either.
k8sToGo
Microsoft already does this with their mobile Outlook. Sent by Outlook Android / iOS on the bottom of the message.
chrisweekly
Huge difference: the commit signature may not have had anything to do with Copilot, whereas email sent by mobile Outlook was... sent by Outlook.
kevincox
Nah, they are both unacceptable spam. Don't put words in my mouth and don't hijack my communication for marketing.
abustamam
I don't really send emails anymore but when I actually used email to keep in touch with friends (during the interesting bit of time between smart phones becoming mainstream and SMS and other messaging services becoming more popular than email), I changed my signature to be "Sent from your iPhone" even though I used an android and mainly sent emails from my computer, just to be an edgy teenager. Got some interesting responses from that.
It's interesting to see how communication, digital and otherwise, has evolved over time.
frizlab
But you can see it and remove it before sending. It’s definitely not the same.
nsxwolf
Sometimes it randomly pushes without me asking, so I have a mess to clean up.
sunaookami
Does anybody else remember Tapatalk? They did the same with signatures in forums.
sleepybrett
"sent from my iphone" originally meant more than just "i have a fancy phone that lets me send email" in the early days it meant "I'm not at my desk right now."
dsign
This is bad. I need to start Monday warning my team about this and installing validation hooks in our repos that catch any commits with this. We don't have a non-AI policy, but we have an "approved AI" policy due to data security, and having all your commits say "Co-Authored-by Copilot" is more or less the same as as "I ** on infosec". We also have a "short commits message" policy, and that "Co-Authored" thingy takes characters.
dmitriv
Sorry about that, it's being reverted: https://github.com/microsoft/vscode/pull/313931
lionkor
short commit messages, but you would usually allow details in the details part of the commit message, right? Which is where this goes?
mister_mort
This is pumping someone's metrics up inside of Microsoft, somewhere.
The question is - will their boss revert it or encourage it when they discover the source of the stats being juiced?
650
A Principal Software Engineer at Microslop merged this - https://www.linkedin.com/in/dmitriy-vasyura-9191611/
This is the author of the MR - https://github.com/cwebster-99 - A Product Manager at Microslop
I've routinely spoken on the uselessness, and oftentimes detriment of product managers in tech.
The dearth of leadership driving for vanity metrics like PMs writing code doesn't help either.
dmitriv
I'm here in case you have something to say to me directly.
650
Why did a PM create the merge request? It seems like internal testing brought up issues, why was it merged regardless? Is velocity a metric you were aiming for when merging this?
unchar1
What was the reasoning for this change?
undefined
voganmother42
[flagged]
wswope
[flagged]
ArmadilloGang
I can’t access that LinkedIn link without going through their Persona ID process, which requires all kinds of PII.
> LinkedIn users attempting identity verification may be unknowingly handing sensitive personal data to Persona Identities Inc., a company that distributes information to government agencies, credit bureaus, utilities, and mobile providers.
^ Link from a LinkedIn page I found on a Kagi search.
I can view some LinkedIn pages but not others without logging in.
Even though I’ve never posted to LinkedIn it only use it as a public résumé, my account was flagged as needing identity verification. I’m pretty sure this happened a year or two ago when I changed my email address from one domain I owned to another domain I owned.
I’ve never been able to log in since then, and there is no support path. The only available way past it is to simply submit all the info to Persona.
dmitriv
I'm here, what would you like to know?
undefined
gopher_space
The role feels like it’s borne out of a desire to see employees as fungible.
esafak
This is what happens when nontechnical people land production code in order to game their promotion metrics.
I sense the PM in question is disconnected from the sensibilities of the users she ostensibly represents. Looking at her record I see she never worked as a programmer. But with four years in her current position she ought to have figured this much out. Strong AI incentives perhaps?
k8sToGo
Isn't that someone the person who created the PR? "Product Manager at @microsoft working on VS Code and GitHub Copilot!" it says on her profile
whynotmaybe
Isn't it also cause they want to tag those commit so that they don't feed it into copilot training?
harambee4ever
My first thought when I read this was that it was accidental. But the title of the PR looks like that they aren't even trying to hide it
7734128
Never attribute malice as mistakes when it comes to Microsoft.
telchior
That someone saw Google's claim that 75% of their code is written with AI and said "hold my beer".
Juiced stats? No such thing, at least as long as stock number go up.
liquid_thyme
>No such thing, at least as long as stock number go up.
You want your 401k to go up, don't you? /s
low_tech_love
Isn’t this a kind of “leopards ate my face” situation? I thought we had all “agreed” that letting AI write code and take control of software repositories is good, even if we have no idea what is going on beyond a thin surface layer, because well it’s fast and we can fix it later and lol who needs testing? My customers are my testers.
And now it’s suddenly bad because the developer is the customer?
tln
The sneaky commit modification is triggered by very modest usage of AI such as auto-completion.
Look, if an agent writes the code and the commit message then adding a Co-authored-by by default is ok. Not even showing it before the commit is made is not, and adding the message when AI was just completing code is not.
bojan
I genuinely think it's not ok even then. Copilot is a tool, one of many I use. That tool has no business polluting commit messages without my knowledge.
The appended message isn't even adding any new information, as in this day and age a vast majority of commits is probably "co-authored" by an LLM.
tln
I should have been clearer, the hidden addition is never ok.
If I ask Claude to write a commit message, it will inserted a co-author line (and an ad), but I can see it and disapprove, add a counter instruction to CLAUDE.md etc
low_tech_love
I personally don’t understand the need to treat a tool as an “author” but that’s not important, my comment is mostly regarding the backlash of what happened. A feature was rushed in and does not work as intended, in a kind of disastrous way. Now we feel like our customers do when they have to deal with all the crap that our AI co-authors push forward without the right process.
AlienRobot
Glorified autocomplete, syntax reminder and random snippet generator thinks it's co-authoring things.
undefined
mrcartmeneses
Next it will be Co-authored by Co-Pilot with help from Dominos Pizza
Qem
Next Microsoft will sue you to get a share of revenues and ownership as co-author, if your product ever makes success.
k8sToGo
But only if you watched this 1 min Segment of today's sponsor...
Your free commit today is brought to you by duff beer
IdontKnowRust
This will be so true hahaha
dessimus
More like Carl's Jr.: Fuck you! We're eating.
amarant
Microsoft is such a master class in how to make me hate you, quickly.
dd8601fn
I know you didn’t mean it that way, but boy did that make me feel old.
Anyone else remember the bill gates borg category on slashdot?
willhslade
Indeed fellow traveller. I do.
OutOfHere
There is more of it that's going on. For me, Microsoft's SwiftKey keyboard app sabotages the use of a competing search engine (DuckDuckGo) in Firefox in Android for me. When typing a multi-word double-quoted search phrase, it doesn't allow it to be typed correctly.
tardedmeme
DuckDuckGo is not a competitor to Bing. It is a sub-brand of Bing for the purpose of market segmentation. While Bing attracts users who install Windows and click on internet, DuckDuckGo attracts users who feel concerned about privacy. It's the same engine under the hood.
OutOfHere
Last I read, Microsoft pays DuckDuckGo somewhat proportional to its user count.
digitaltrees
This is especially hostile to users given that courts are ruling that AI written code can’t be copyrighted.
When Hotmail inserted “sent using Hotmail” in emails as a growth hack it didn’t have legal consequences. This might.
Get the top HN stories in your inbox every day.
I am the person who approved this PR and would like to acknowledge and apologize for the mistake of turning this feature on by default without sufficient upfront validation.
There was no ill intent by evil corporation, but rather a desire to support functionality that some customers expect of VS Code w.r.t. AI-generated code. As folks mentioned here - many similar tools do this as well.
Obviously, it should not be on when disableAIFeatures is on and it should not be reporting changes that were not done by AI. I'll work on fixing those and meanwhile revert default to off in 1.119 update.
I am open to any (constructive) comments/suggestions - please feel free to reach me directly (my alias @microsoft.com) or open an issue on GitHub. Happy to answer anything here as well.