- ByteSize
- Posts
- Private Repos Aren't, Apple's AI Has Opinions, and North Korea Just Stole More Than Your Password
Private Repos Aren't, Apple's AI Has Opinions, and North Korea Just Stole More Than Your Password
CoPilot: I see your private repo and raise you 20,000 other ones nobody should have access to...
Welcome back!
It's March 4th – and it's time to march forth (get it?!) with our today in tech history fact!
On this day in 1956, Chinese-American inventor An Wang sold his magnetic core memory patent to IBM for a cool $500K (that's about $5.5M in today's dollars or about 5,505 MacBook Airs!). This revolutionary tech became the primary random access storage method in digital computers from the mid-1950s until the mid-1970s. In other words, the OG memory card—before they were tiny and always lost in your couch.
If it wasn't for Wang's patented invention, MIT's Jay Forrester wouldn't have been able to perfect core memory for the 1951 Whirlwind computer. Without Wang, we'd probably all still be calculating with abacuses and stone tablets. Or worse... Excel 95.
The ghosts of tech past have spoken—now, onto what’s haunting us today…
GitHub's "Private" Repos: About as Private as Your Browser History on the Family Computer
Privacy? Never heard of it—neither has Microsoft’s Copilot.
Security researchers from Lasso have discovered that GitHub repositories set to private—even those only briefly public—can still be accessed through Microsoft Copilot long after you've frantically toggled that privacy setting. That's about as secure as hiding your cash under a ‘DO NOT STEAL’ sign
Lasso found content from its OWN private GitHub repository appearing in Copilot because it had been indexed by Microsoft's Bing search engine during a brief "oopsie" when the repo was public. Digging deeper, they uncovered over 20,000 supposedly-private repositories with data still accessible through Copilot, affecting more than 16,000 organizations including tech giants like Google, IBM, PayPal, and — chef's kiss — Microsoft itself.
The implications are less "haha funny" and more "oh dear god no" — confidential GitHub archives containing intellectual property, sensitive corporate data, and access tokens are all potentially exposed. In one particularly delicious irony, Lasso used Copilot to retrieve contents of a GitHub repo (since deleted by Microsoft) that hosted a tool for creating "offensive and harmful" AI images using Microsoft's own cloud AI service. It's like finding your house keys in the burglar's pocket.
What does Microsoft have to say? Basically, “Eh, could be worse." ¯\_(ツ)_/¯
Apple's Voice Dictation Thinks "Racist" Sounds a Lot Like "Trump"
Siri, define "awkward." Oh wait, she just did: Apple's iPhone dictation feature has been briefly displaying "Trump" when someone says the word "racist." The bug went viral after a TikTok video demonstrated that AI freudian slip, forcing Apple to acknowledge the issue and promise a fix "as soon as possible." (Though, somewhere, an engineer is either getting fired...)
Apple engineers, presumably updating their LinkedIn profiles as we speak, claim the problem stems from "phonetic overlap" – the same way there's "phonetic overlap" between "I'm totally fine" and "everything is on fire." Meanwhile, former Siri team member John Burkey told The New York Times this "smells like a serious prank," or that could have been deliberately implemented by someone internally.
The timing is as impeccable as Sheldon Cooper attempting to understand sarcasm – coming just after Apple announced plans to invest $500 billion in the US. With Trump's threatening a 24% tariff on chips and slapping trade restrictions on imports quicker than Sean Bean's characters die in everything, this bug feels like watching someone accidentally text their boss the meme they just made about them. Ctrl+Z! CTRL+Z! 😬
North Korea's $1.5B Crypto Heist: When Old-School Cons Beat New-School Tech
North Korea just pulled off history's biggest crypto theft using... checks notes... PowerPoint skills?
According to ArsTechnica, Kim Jong Un's online fan club (read: North Korean agents) stole $1.5 billion from Dubai-based exchange Bybit by compromising their "Multisig Cold Wallet" system—supposedly the Fort Knox of crypto security.
Instead of the expected Mission Impossible-style infrastructure attack, they hacked something way easier than code – humans. The hackers fooled Bybit employees by manipulating what these employees saw on their screens to trick them into approving the fraudulent transfer of 400,000 Ethereum and staked Ethereum coins. The equivalent of switching price tags at checkout.
Imagine being at the Costco checkout thinking you're buying pizza, but the cashier scans in a barcode for a yacht. Ouch.
⚙️ Tool Time
We recommend DBeaver.
The Infinity Gauntlet of database tools that makes SQL look less intimidating than your first day of coding bootcamp. This free, cross-platform database tool is like having a database whisperer who doesn't judge you for naming your primary key column "id_please_work_this_time."
Whether you're juggling MySQL, PostgreSQL, SQLite, or any of the dozens of other databases it supports, DBeaver delivers a unified interface that doesn't require a PhD in computer science to navigate:
Visual Query Builder Magic: Visualize database relationships with ER diagrams so intuitive they make your whiteboard markers jealous. No more explaining your database architecture using condiments at lunch meetings.
Monospace Font Errors: DBeaver's latest update brings monospaced error messages – because nothing screams "I know what I'm doing" like consistently aligned notifications of your failures.
Database Polyglot: Supports 80+ databases from Apache Hive to YugabyteDB – it's basically the Rosetta Stone for data nerds who can't commit to just one database technology.
Accounting-Friendly: The open-source community edition costs exactly zero dollars – perfect for developers whose expense requests get rejected faster than that intern's pull request to "optimize" the production database.
A hat tip to our EE expert and database guru Qlemo for recommending DBeaver. They say its perfect "for accessing different database brands" – which is tech-speak for "stop using Excel as a database, you monsters."
👨💻 Job Opportunities
Ready to lead a team of 6-8 software engineers in the Specialty Cyber Business Unit? You'll also have to navigate corporate red tape better than Arya Stark navigated the House of Black and White—apply now before all faces are taken.
Be First Citizens Bank's network hero by day, on-call defender by night—like Batman, but with more Command Line Interface and less childhood trauma. If you're the type who configures VLANs while humming "Never Gonna Give You Up," this network engineering positio is perfect for you.
Lead the design and implementation of Microsoft Dynamics 365/Power Platform solutions with the same artistry as Wes Anderson designs symmetrical film shots. They're looking for someone who can create solutions as intricate and satisfying as the plot of "Inception" (no dream infiltration required).
🛩 Industry Moves
Tech's chaotic, we're methodical. Here's what mattered this week while you were busy updating your password manager:
Amazon unveiled Alexa+, a "complete re-architecture" powered by generative AI that "knows almost everything in your life." It can summarize Ring footage, access your personal data, create quizzes from study guides, and presumably judge your 3AM food delivery choices.
Through Google Password Manager, users can log into passkey-protected accounts in standalone iOS apps like Kayak and LinkedIn, representing the first time Apple and Google products have cooperated since... well, possibly ever.
Private equity firm KKR secured a 58% stake in Fuji Soft for over $4 billion, ending a months-long bidding war with Bain Capital that was basically the corporate equivalent of billionaires fighting over who gets to super-size their yacht first.
Edera, founded by three women, raised $15M Series A funding for cloud security tech in an industry where female founders typically get less VC attention than a terms of service agreement.
💽 Data Upload
And that wraps up this week in tech! Whether GitHub's spilling your secrets, AI's making awkward political commentary, or North Korea's funding their nuclear program with your crypto, just remember: in 2025, the only truly secure system is a potato with no internet connection. 🥔✌️
Enjoyed the news? Discuss over on Experts Exchange.
Got news to share or topics you'd like us to cover? Send ‘em our way. We can’t wait to hear from you. Really.
And hey… psst… are you interested in sponsoring our newsletter and reaching a passionate, engaged community of IT professionals across the globe? Reach out here.