"Reflections on Trusting Trust" for the new era. MSVC doesn't compile a secret master-password into your software, just a Copilot ad.

("Reflections on Trusting Trust" Turing Award Lecture by Ken Thompson: https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_Ref...)

I wonder if there will come a time where I can pay M$ to sabotage my competition codebase

Spent yesterday pruning dependencies in a project. Cut half of them and everything still worked. Makes you wonder how much stuff we pull in without thinking about it. Same thing with AI-generated PRs honestly, one bad suggestion and it ships.

Imagine just having the copilot extension installed will be an excuse at some point for them to steal our code to train their AI models. Not sure if they already do this.

Can somebody explain to me why this is legal?

If anybody but Microsoft does this, it's called malware and they'll end up with an FBI visit and prison time.

Why are the judicative so skewed here in their judgements?