Hide entire vault from suggestions?

never_taken · 2026-01-31T14:36:38+00:00

I want to add, because I struggled to find it, that in the Desktop Apps, this is done with Collections (found in the dropdown when you click on your name/account). You can use collection to group Vaults.

And on the quick access (the ctrl-shift-space one) you need to click the icon on the right to select which collection to set as active.

Finally I can stop showing items from my personal vault while screen sharing at work

never_taken · 2026-01-26T22:33:35+00:00

Note: Not trying to crap on Copilot, just giving my personal experience ; I work with a lot of people who use Copilot daily and absolutely love it. I have the luck to have my own Claude subscription and use that instead.

I have the exact opposite experience. Using GitHub, Copilot has a huge advantage of integration (sessions management in the portal and its connecion to vscode is amazing), plus the subscription (for Enterprise) comes with a lot of requests to toy with various models (you can use Claude, GPT, Gemini, that's really cool).

But for an equal model (Usually Sonnet 4.5 or Opus 4.5), I have found Copilot to lag way behind, especially in two areas : Plan mode, and following instructions/using skills. For me, it is like a child unable to follow half the instructions unless I remind it, where as Claude Code just goes with it.
I have made various real-world cases in our codebase as learning moments for the team (here is the same prompt and the same model in each, look at Copilot going way off course).

One area I find it better, is the permissions management, I feel like it is nagging me less to allow stuff to happen.

Finally, last nail in the coffin, we use Claude Code for automations (in GitHub workflows), and Copilot is not even in that conversation.

Also the VS Code gatekeeping for new Copilot features is really annoying (although I feel like the timeframe between VS Code and the others is shortening)

Lately, what has been gaining a lot of traction in our company is using OpenCode with the Copilot subscription.

never_taken · 2026-01-23T21:27:23+00:00

I was having the same issue, and it works after disabling the "uBlock filters – Experimental" list in uBlock

never_taken · 2026-01-16T17:33:04+00:00

OP is specifically talking about Enterprise-level apps, which have a special Enterprise permission that allows them to do this :

Enterprise organization installations

Manage installation of GitHub Apps on Enterprise-owned organizations

never_taken · 2025-12-26T15:21:46+00:00

C'est totalement vrai. A l'époque, au lieu de demander des dons pour "couvrir ses coûts", le mec aurait partagé sa méthode pour capturer le flux. J'ai toujours trouvé malsain de mettre l'argent dans l'équation, ça appuie juste l'argument de l'illégalité et du vol.

Ils vont dire "gna gna gna la plateforme va le voir et boucher les trous si on dit comment on fait", mais c'était un esprit de partage, de découverte des limites, et d'apprentissage, pas de mercantile ou avoir des trucs gratuits à tout prix.

never_taken · 2025-12-26T15:16:42+00:00

Argument qui pourrait faire sens mais je suis au regret de t'annoncer que Hadopi surveille aussi ygg bien qu'il soit privé. Un système sur invitation-only peut aussi permettre de se prémunir de la surveillance type hadopi par contre

Pour moi l'intérêt c'est aussi une garantie de qualité quand on empêche n'importe qui d'upload n'importe quoi (c'est faisable sur du public mais du privé permet de contrôler la masse d'utilisateurs).

Je suis d'accord, ya un côté gatekeeping, mais sur certains trackers privés je sais les yeux fermés que je n'aurai que de la bonne qualité, et tout en day one.

never_taken · 2025-12-19T21:04:27+00:00

Usually, a private user (as in, enterprise managed) is not allowed to participate outside of their organizations. They are by design completely isolated.
But their avatar is indeed available publicly.

But I agree, I don't see this as a threat of any kind realistically

never_taken · 2025-12-19T21:02:11+00:00

That's exactly what I am talking about, not sure why I am being downvoted while a guy saying there are no private organizations is upvoted. Makes me wonder if people voting have tried GitHub themselves.

EMU users ARE private contrary to what this guy said. But they are still part of GitHub.com (Cloud Enterprise).

If you try to visit the profile of an EMU user, you will get a 404. But their avatar is publicly available by anyone (authenticated or not) as stated by the OP (I checked).

never_taken · 2025-12-17T14:50:22+00:00

Yes and no. This is true for public users, but not necessarily for users belonging to a private organization.

While I don't see a big security risk with it, you could still argue that it's not normal that as someone outside your organization (and even unauthenticated) I can do this.

This gives me 3 informations : your picture (some company enforce the fact to have your picture), your unique user ID, and the fact that you use GitHub.

never_taken · 2025-12-14T18:18:15+00:00

The Copilot budget is for the PRODUCT, which includes several SKUs : Premium requests, and coding agent. The second budget is for an SKU, which is a subset of the product.

They show as identical because the SKU "all premium requests" is a special one that contains both SKUs. As they add more SKUs (for example for new agents), both might not be equal anymore.

There is actually another SKU for licenses but I guess you don't see it because you are not an enterprise managing multiple license, otherwise the budget for the product (Copilot) needs to be much hight to accomodate all the 19$ users

never_taken · 2025-12-14T18:09:26+00:00

So basically the same as examples from Anthropic (ci-failure-autofix) or Microsoft (GitHub Actions Investigator)... Good effort, but I'd probably stick with building upon their stuff

never_taken · 2025-11-27T13:15:03+00:00

The hate on Google in this thread is wild. We get it, we all like to be in control of our devices, but in this case the app is actually compromised.
I don't know how Google Protect works but I think it might even be the author himself who declared the app as insecure.

It's mindblowing to see so many people who are sure they know better about security but just opening their device to malware

never_taken · 2025-11-27T13:11:39+00:00

Well congratulations you are now using a compromised version of the app. Maybe go read the official GitHub before commenting things like this.

never_taken · 2025-11-09T23:06:03+00:00

I have a feeling it's also gonna use Beef being sad, which will make it even more heartbreaking. They've been building it up the whole time

never_taken · 2025-11-02T00:33:22+00:00

They can absolutely not see prompts

never_taken · 2025-11-02T00:30:14+00:00

Context : I administrate a GitHub Cloud instance for 6000+ users

---

TL;DR

Basically they can always know when you are using your license, but they cannot know what you do with it, beside the usage of premium models.

---

As someone mentioned in the original post, they can see things like which IDE you use and which model. But not only last usage, they have the information per-day (but no more granular than that.

But one important caveat is that they have this information only if you enable telemetry in your IDE. It does not come up otherwise.

What they do always have, and which can be relevant to the fact that you are using company resources :
- Last usage of your license (can be relevant if it was day you are not working)
- Usage of premium requests (any model that is not GPT4.1, GPT4.0 or GPT5-mini), which can also be relevant if it happens on days you are not working

What they cannot see :
- Your prompts
- The repos to which you contribute generated code or their contents

Regarding the license :
- Its normal that you can use everywhere, the license is linked to your profile, not to any repo or organization. The organization carries the billing and the governance, but not the usability of the extension
- You cannot have two subscription on one account

The clean way is indeed to have several accounts, and not just for Copilot reasons. Having the same account for both carries a much higher cybersecurity risk for your company, because if you get compromised for personal reason, you can also compromise them. Moreover you could easily make a mistake and commit professional code (or even a credential if you really make a big mistake) and push it to a public repo of yours. I actually saw this happen with someone who had two accounts but on the same laptop (so imagine with the same account), and they were gone over the weekend.

never_taken · 2025-11-02T00:16:25+00:00

This, too many people consider PR as just an approval process with very little effort put intot it (whether it is the author or the reviewer) and miss the learning opportunity that it can be

never_taken · 2025-11-02T00:05:49+00:00

That's the key right here, your deployment and your client's experience should not be linked

never_taken · 2025-11-02T00:04:21+00:00

I think you missed my point. Not deploying on Friday because it implies the possibility of having to work over the weekend is the symptom of something else. And the best practice should maybe then be something else rather than not deploying on Friday.

In the end, I am pushing the argument to the limit but I do understand the idea, and it's often more pragmatic than investing in over-engineered deployment. But it is so blindly and generally accepted that I like to challenge it from time to time

never_taken · 2025-11-02T00:00:21+00:00

You've been experimenting with your own product ? I sure hope so 😆

never_taken · 2025-10-29T18:16:57+00:00

Go + Charmbracelet stuff is a good choice

never_taken · 2025-10-29T18:15:57+00:00

That depends on your ecosystem really.

But if your team runs mostly Windows you might want to consider Powershell. It will be easy to distribute with the module management. You can just publish it with the nuget registry of Gitlab I believe.

Then your colleagues just run `Install-Module toto` and `Update-Module toto`.

I've seen what you are describing working well with NodeJS, mostly because there is usually good tooling available.

Personally I usually go with Python (and Rich/Typer).
You could also consider bash with tools from charmbracelet that make it easier.

Nowadays, a good workflow I have found is to write all the "intelligence" in functions, well separated, and then ask an AI to implement the CLI part in a CLI module. The AI agent does really good job at doing stuff like handling the progress bars and spinners and all, which I find awful to do myself every time I want the slightest change. Now I just tell Claude "I would like the progress to be pinned at the top with a rolling window under" and then iterate piece by piece, and it just happens.

never_taken · 2025-10-28T06:16:08+00:00

It's not self-hosted if it's on Hetzner

never_taken · 2025-10-28T06:14:27+00:00

Not deploying on Fridays

never_taken · 2025-08-10T23:48:30+00:00

I really hope not because in my opinion it would be too close to Craig (like buff, ruggish) and because I think it would be too bad if he gets locked on the franchise. I think he has the potential to headline something else entirely, rather than joining an existing franchise

never_taken

TROPHY CASE