mastodon.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
The original server operated by the Mastodon gGmbH non-profit

Administered by:

Server stats:

336K
active users

Waldo Jaquith

I just noticed that GitHub Actions has an "explain error" button, and I thought I'd see how it explained this build error. This is what happened when I pushed the button.

...what

“We made a button that does one thing!"

Does it do the thing?

"...no.”

@waldoj I think there's supposed to be a permission request dialog in that flow, if I'm remembering right. I tried hitting it once too and got a request to give access to the logs. I think.

@ian Ah, so that must be the thing that's silently failing for me. That would explain it!

@waldoj I asked the main GitHub Copilot (search widget -> Ask Copilot) what to do. It found the correct answer and I didn't have to download logs.

But if it's correct and there is no such config option, this is indeed an odd way for Microsoft to implement this feature.

Because GitHub is so complex, I've found asking it how to do stuff is usually faster than trying to find the right docs.

(Don't worry, the branch with the vulns is not public-facing 😁)

@waldoj
My guess is, they're still red-teaming it to make sure there aren't bad-advice-to-the-people-with-privilege escalations.

If my PR can get your repo's workflow to fail in a way that emits arbitrary text, that text could persuade the LLM to give you a plausible but dangerous suggestion.

If I'm right, Microsoft should probably have turned off the feature rather than making it more convoluted to access. But different teams may have disagreed about that, leaving it in the current state.

@jamiemccarthy Interesting! It refused to entertain any such questions from me, and would only repeat the same error about not having access. I’ll try feeding it those data points and see if that works.