If you have Copliot enabled I would recommend enabling it for specific file types/languages and disable it by default. I think it's easy to forget a file type with sensitive content. And you can always enable it for a language if you forgot it.
On Sun, Nov 17, 2024 at 6:19 AM Red S <[email protected]> wrote: > If you installed Github Copilot in your personal code editor/computer, be > aware that it uploads "snippets" of your input files to it and possibly to > third-party APIs (e.g., OpenAI). I think people are just beginning to > become aware of the implications of this due to their employers crafting > policies around what LLMs they can use and what-not, but it's still early > days and it's easy to accidentally screw up, so here are some thoughts > about this. > > I think it's really easy to install Github Copilot to get code completions > in say, Emacs, and then to open up your ledger and it's in Copilot > minor-mode everywhere (for example if you enabled it via `(add-hook > 'prog-mode-hook 'copilot-mode)` or similar, to be turned on everywhere > ("it's amazing, right?")), which means you get completions on its contents. > AFAICT it's impossible to know how much context is sent up to the models > for queries. GH claims general "context" is sent: > > > Glad you brought this up. The first thing I did before installing Copilot > long ago was to solve for this. I use both Copilot and Codeium with Neovim > personally. In short, here are some options I found. These work well for > folks who use terminal based editors (vim/emacs, mostly): > > 1. configure Copilot/Codeium/AI in your editor to be disabled for > certain file types > 2. configure your editor to disable the Copilot/Codeium/AI plugin for > certain file types > 3. entirely disable network access from your editor > > (1) involves trusting the plugin under question, which isn’t a great idea. > > (2) is better, but I found how easy it was to mess this up and get it > wrong. Editor configurations for power users span many files and > directories, and it’s easy to overlook something when updating your config > > (3) is best (most secure), and I use it for things I need most security > for (files with account numbers, passwords, cloud API keys, and other > sensitive data). My setup is to run a separate instance of neovim via > flatpak. Under the hood, it’s essentially containerized execution of > neovim, which means all one has to do is to disable the network interface > on that container like so: > my_editor_secure () { # my editor uses a gpg plugin for which it needs to > access the gpg-agent flatpak run --user --unshare=network > --socket=gpg-agent io.neovim.nvim $* + } > > Which guarantees nothing will leave your computer. You could simply make > this your default editor command, and occasionally run it with network > access enabled if you need to update plugins and such. > > > -- > You received this message because you are subscribed to the Google Groups > "Beancount" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion visit > https://groups.google.com/d/msgid/beancount/e955bcd7-6ab1-4e2f-bf35-e9d755858a02n%40googlegroups.com > <https://groups.google.com/d/msgid/beancount/e955bcd7-6ab1-4e2f-bf35-e9d755858a02n%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Beancount" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/beancount/CAPytOJG4LUocPDv3HEaRmBk3u%2BzFijE5a72g6xhMe1asjaC-GQ%40mail.gmail.com.
