The Modern .NET Show

S08E17 - Context Is Everything: Getting the Most from GitHub Copilot with Joydip Kanjilal

Sponsors

Support for this episode of The Modern .NET Show comes from the following sponsors. Please take a moment to learn more about their products and services:

Please also see the full sponsor message(s) in the episode transcription for more details of their products and services, and offers exclusive to listeners of The Modern .NET Show.

Thank you to the sponsors for supporting the show.

Embedded Player

S08E17 - Context Is Everything: Getting the Most from GitHub Copilot with Joydip Kanjilal
The Modern .NET Show

S08E17 - Context Is Everything: Getting the Most from GitHub Copilot with Joydip Kanjilal

Supporting The Show

If this episode was interesting or useful to you, please consider supporting the show with one of the above options.

Episode Summary

The episode centred around exploring GitHub Copilot – an AI-powered assistant for developers – and its role in modern software development. Joydip Kanjilal established his extensive experience in .NET (spanning almost thirty years, from its beta stages) and highlighted the evolution of the framework, its increasing performance, and now its open-source nature. He contextualised Copilot as a tool building upon this foundation, aiming to boost developer productivity and simplify workflows, rather than autonomously creating entire applications. The core message was that Copilot is an assistant, designed to alleviate the tedious aspects of coding and allow developers to focus on more complex problem-solving.

Joydip emphasised that GitHub Copilot isn’t an AI itself, but is powered by AI, specifically large language models. He articulated that the true skill lies in providing the right context and prompts, explaining that Copilot excels at generating code based on clear instructions. A key point was the importance of rigorous code review, comparing Copilot’s output to utilising code snippets from Stack Overflow – both require careful vetting. He stressed the need for organisations to implement balanced access controls and comprehensive training for developers to maximise Copilot’s benefits and ensure security and code quality aren’t compromised.

The conversation delved into the practical implications of integrating Copilot into development teams. Joydip explained how it can be used for tasks like generating tests or accelerating the creation of data access layers. The analogy of Copilot as a “junior developer” or “intern” was frequently drawn, highlighting that it requires guidance and isn’t a replacement for skilled engineers. He cautioned against simply copying and pasting generated code, urging developers to adapt it to meet specific requirements and adhere to best practices. This also tied into the idea that developers are hired to solve problems, not merely to type code.

A significant topic was security. Joydip explained that Microsoft ensures Copilot doesn’t share sensitive business information and that it can even assist in identifying vulnerabilities within code. He reiterated the need for governance – carefully controlling what Copilot has access to within an organisation – alongside training, and continuous monitoring of its effectiveness. Furthermore, the potential to integrate Copilot with other AI models (such as those offered by OpenAI) provides flexibility and the ability to tailor the tool to specific project needs.

Episode Transcription

Artificial intelligence is nothing new. It enables machines to simulate human cognitive functions such as reasoning, learning, problem solving and all using algorithms and vast data data sets to recognise patterns. And then it makes predictions and performs, you know, language processing, image recognition, and all those stuff.

- Joydip Kanjilal

Hey everyone, and welcome back to The Modern .NET Show; the premier .NET podcast, focusing entirely on the knowledge, tools, and frameworks that all .NET developers should have in their toolbox. I’m your host Jamie Taylor, bringing you conversations with the brightest minds in the .NET ecosystem.

Today, we’re joined by Joydip Kanjilal to talk about GitHub Copilot, agentic workflows for developers, and the benefits (and drawbacks) of having an AI agent help you write code.

Note that I didn’t say, “write all the code for you,” because an AI agent is simply helping you to be more productive.

You want to you know, convert, I mean uh migrate a legacy application to a modern-day enterprise application, there will be a lot of redundant code that you will otherwise have to write. So that all that code can be automatically generated by Copilot, provided you have provided the right context.

- Joydip Kanjilal

Along the way, we talked about the importance of the context that you give to an AI agent, security best practises (spoiler: you wouldn’t give a new junior the keys to teh castle on day one, do the same with your AI agents), and the most important things to remember when using AI agents.

So let’s sit back, open up a terminal, type in dotnet new podcast and we’ll dive into the core of Modern .NET.

Jamie : So welcome to the show, Joydip. We’re going to talk about the AI stuff in a moment. Before we get to that, would you mind introducing yourself to the listeners and letting them know a little bit about you — what work you do, things like that?

Joydip : Sure. I am from India — a software architect, Microsoft MVP, and also an author. I have written nine books and almost a thousand articles to date. I have participated in webinars frequently over the last few years, and I have been a speaker. I provide technical guidance and mentoring to various teams across the globe, and technical advice for software architects as well. I spend my time doing those things whilst writing books and articles.

Jamie : Nice. I like that. So you bring both that boots-on-the-ground experience and the experience of passing on information to your colleagues and clients.

Joydip : I put it at more than twenty-five years, but it is most probably very close to thirty years of experience in IT now.

I started working on .NET from when it was in beta. When the first version of Visual Studio came out, people were hardly aware of what .NET was, what Visual Studio was, or what the C# language was — at least in this part of the world, in India.

But over a period of time, because of several benefits that .NET, the Visual Studio editor, and C# offered — and C# has some proximity to other languages like Java, as far as syntax is concerned, so it does not deviate much — using the Visual Studio editor was quite easy compared to other editors at the time. The popularity of .NET grew very quickly.

In those days, if you think of performance, .NET was way behind because it had only just evolved. Over a period of time, as new versions of .NET and Visual Studio emerged through the IDE — the integrated development environment — where we all write programs and build applications — it has matured a great deal.

Many enterprises prefer .NET for distributed applications over other languages, because .NET is very fast. It has been made lightweight to such an extent that the performance of .NET, if not the best, is at least second best. If you consider open source languages, there are certain ones where performance is better than .NET, definitely. But .NET is very close.

Of course, it has also been made open source. There is community participation, so you know what you are writing, you know the framework you are using, you know end-to-end how the framework works. This has been transformative since Microsoft made .NET open source.

The long story short: .NET has grown tremendously. The framework, the C# programming language, the Visual Studio IDE — they have all matured over the years to an extent where we can say it is a world-class framework and environment, used by enterprises. If not the first choice, it is very close to that as far as the popularity of .NET is concerned.

Over a period of time, I feel it might become the most used framework ever, because with every release Microsoft has been improving the performance of the framework. So that is really great. Sorry — we have deviated somewhat from the topic.

Jamie : No, that’s absolutely fine. It’s always worth — how do I put it? There are folks who listen in who haven’t had the chance to migrate to modern .NET, which is the phrase I’m using for .NET 5 onwards. It’s always worth reiterating to folks that .NET as it stands is not the same as the old.

Joydip : .NET. Yeah.

Jamie : Not that the old .NET was a bad thing — the .NET Framework was amazing for its time. But like you said, we’re at a point now where, at the time of recording, last week saw .NET 11 Preview 1 come out, which has a whole bunch of async improvements. Your program can now be async from the start, which is just mind-blowing.

There is near constant evolution of .NET these days. I think it’s always worth reiterating that, because there are folks who listen to this whose career runs parallel to .NET — they don’t actually work in .NET, they’re just interested in what’s going on. It’s always worth reiterating: here’s where we are before we start.

Jamie : So we’re going to be talking about one of the many AI assistant tools — agent tools? I’m not sure, but we’ll work it out in a minute. We’re going to be talking about GitHub Copilot today, because I think it’s worth reminding folks that there are tools out there to make your life a little easier.

Joydip : Yep.

Jamie : In the same way that the IDE — Visual Studio, Visual Studio Code, Rider, whatever you want to use — if you’re writing C# or F#, it’s helping you to not have to write the Intermediate Language. Because you could just as easily write the IL and throw that at the JIT compiler and have it run, but your life is made easier by using C#, F#, or — if you’re on a supported platform — VB.NET.

In the same way that C# makes it easier for us to have IL run on our machine, our AI agents help us get past… the typing is not the hard part. I’ve been on a bit of a crusade, I suppose, over the last two or three years, trying to tell developers around the world — software developers, software engineers, coders, whatever word you want to use — that the typing is not the difficult bit.

There are some amazing software engineers I know who have never typed a single character on their machine, because they may have a permanent physical disability — perhaps they only have one arm, or they may be blind, or they may have accessibility challenges around dyslexia, for instance. I’ll see if I can dig it out for the show notes, but there was an episode of Hanselminutes where Scott Hanselman interviewed someone who did a lot of JavaScript-based development using an old-school Nokia T9 phone.

Because the typing isn’t the hard part. The hard part is converting the idea — “I want to digitise the system such that it does this” — into how to actually digitise it. That’s the hard part. Typing is the easy bit for the majority of people.

Our AI agents are going to help us with that. You’re going to talk to us about GitHub Copilot and how it helps, right?

Joydip : Absolutely. Before we come to a discussion on Copilot, let me give some background.

If you think of the old days when we used to write programs in C, reusability was still there, but from a different perspective — we used to use header files to store our library code, which could be reused across programs. Over a period of time, when object-oriented programming came along, it directly supported reusability. Languages like C++, Java, and C# all emerged. I’m not going into the pitfalls of OOP anyway — I just want to highlight the quest for better productivity, developer productivity, developer experience, and increased ROI.

That quest has drawn businesses across the globe, and the technology world has also come up with different thoughts, different technologies, and different architectures.

Artificial intelligence is nothing new. It enables machines to simulate human cognitive functions such as reasoning, learning, and problem solving, using algorithms and vast data sets to recognise patterns, make predictions, and perform language processing, image recognition, and so on. AI has been in use for a very long time — it is not as though it emerged just a few years ago. But it did not evolve to the extent that it is being used today.

A specific type of artificial intelligence is generative AI, which creates new content — including text, images, video, and audio — by learning from various patterns and data sets. From this generative AI, as it evolved over time, Microsoft came up with a tool to assist developers based on generative AI — and that is Copilot.

The intent is that it is just an assistant — it will assist you in writing your code. It is not building the entire application for you; that is not the intent. Think of the name: “Copilot” implies that the tool is an assistant. It will assist developers in writing code faster, in solving problems more quickly, and it will provide results instantly.

Why has it become popular? In one of my very recent projects — just at the end of last year — there was a need for a very fast data access layer. I asked my team to develop one using Entity Framework, and another not using Entity Framework directly, but using SQL queries or Dapper. My objective was to find out the performance difference. If it was significant, I would consider choosing the Dapper approach; otherwise, I would go with Entity Framework.

My developers took advantage of Copilot to generate the code, because for this type of task — where you might need to write some tedious code — it can boost developer productivity by generating the code for you. You do have to provide the right input, because based on that it will generate your code. Coming back to the same point: it is an assistant. It will assist you in writing code. Whatever it generates, you will not simply copy and paste it — you may need to make changes.

It will save a great deal of your time. The best thing is that Microsoft has integrated Copilot directly into Visual Studio, so while writing code, you can also generate code.

This saves a great deal of our time, especially when building an application where the KLOC — kilolines of code — is quite high. There are areas where you will have to write a great deal of routine code. If developers have to write all of that themselves, it is not the most judicious use of their talent. Developers should be given the opportunity to innovate and come up with solutions that require thinking. When it comes to writing code that can be generated by a tool like this, there is no point in asking them to write it — productivity will suffer.

The projects will be slow to deliver, the releases will be slow, and eventually the ROI gets affected. Businesses know this — many are taking advantage of .NET and .NET-related tools and technologies, and Copilot is being used massively these days.

Jamie : Businesses and teams have really seen that GitHub Copilot and other agentic systems can help with the production of code. We software engineers — and I have my own arguments about what is an engineer or what is a developer — we software engineers are not being paid to write the code. We’re being paid to digitise a solution to a problem. Sometimes that solution can be an Excel spreadsheet. Sometimes that solution can be distributed microservices with failovers and a million layers of redundancy.

The actual typing is not the difficult bit. A lot of businesses have seen that and said: “If we invest in an agentic system like GitHub Copilot and slowly integrate it into our development teams, then if the production of lines of code is the goal, we can hit that goal. If the creation of the solution is the goal, agentic systems can still help us, because that takes away the difficulty of producing the lines of code."

Is that where you’re going?

Joydip : Absolutely, absolutely.

Jamie : Right, okay. So in that case, what is GitHub Copilot? I know you’ve talked about a whole bunch of things there, introducing the idea, but where do we go in our conversation from here? Because I know that if I take a step back and say to the listeners, for a fact, that GitHub Copilot itself isn’t an AI.

Joydip : Yeah.

Jamie : But what is the AI? Where does the line get drawn? Is there a line that is drawn there, or — what is the AI and what is not?

Joydip : That’s a very good question. Copilot is a conversational, AI-powered assistant. It is not directly an AI tool — it is AI powered. It helps boost productivity and streamline workflows by providing contextual assistance or guidance, automating routine tasks, analysing your data, and generating your code. So it is an AI-powered tool.

It has a wide range of capabilities to optimise workflows and enhance productivity, but the major intent of using Copilot in an organisation is boosting productivity, simplifying automation, and providing contextual intelligence.

The third point is what helps a great deal, because the contextual intelligence has helped me make a lot of decisions. It can say, “This is not the way to get the best performance — you can go with this way instead."

Let me give you an example. Say in a project I am in a dilemma about whether to use a particular framework. Suppose there are two frameworks, A and B, and I ask Copilot — because the context is very important, I have to provide the right context — “What is the best solution, A or B?” That sort of contextual guidance it can provide. It will definitely help with making decisions quickly, and I keep coming back to this point.

Apart from that, it helps boost productivity by creating content. We are discussing Copilot in Visual Studio, but Copilot can actually be used across the entire Microsoft ecosystem, such as Microsoft 365. You can use it on the web, you can use it in Excel — you can use it everywhere. In Excel, it will help you analyse data trends, generate formulas, and create visualisations. It can help you draft reports. It can help you in Microsoft Teams to track tasks and schedules and keep projects on track. It can help you in Outlook as well. There are many ways that it is helping.

But coming back to Visual Studio, the most important benefit from using Copilot is boosting productivity — cutting the development time short. As a developer, if I am supposed to deliver a project within a hundred hours, I can do an analysis and say: “If I am able to use Copilot, I can deliver it in maybe sixty hours.” That is what it means to boost productivity.

I am never saying that whatever code it generates, we will just be copying and pasting — that is not the objective. It is just an assistant. It generates the code and, if you are not happy with what it has generated, you can make changes. You can provide it with another context and say, “This is what needs to be changed."

Your productivity gets boosted because you don’t have to spend very much time on mundane tasks. Suppose you’re having to build a modern-day enterprise application — there will be a lot of routine code that you would otherwise have to write. All that code can be automatically generated by Copilot, provided you have given it the right context.

As far as decision making is concerned within Visual Studio, it can definitely provide you with insights on which path to follow, whether it is a framework or a specific algorithm. This is an area where Microsoft is continually upgrading. That is why we say it is an AI-powered tool and not itself an AI.

In the very next release of Visual Studio and .NET, we will see that Copilot has matured even further. It speeds up the time to market and increases efficiency, because it can automate manual tasks, generate code for you, and — if you provide the right context — provide insights on a particular technical problem that you have asked it to guide you on. That is where Copilot in Visual Studio has been used, and that is the intent.

Jamie : Just to underline that point about taking away the toil aspect — I don’t think you called it that, but automating easy tasks. When it comes to things like tests, there are two schools of thought: test-driven development and development-driven testing. Both are absolutely valid; it depends on what your team is doing. But if you’re writing tests for code that already exists, you could say to GitHub Copilot, or your agent of choice: “Here is the method, here’s some valid input data — go write me some tests that validate that this code does what it says it does.” If it doesn’t do that, give me a little report that says why, and then I can find bugs and fix that piece of code.

Joydip : Absolutely. It can definitely generate a test for you. But you have to be specific — you have to provide the right context, and that is most important. If we provide the right context, I don’t feel it will generate anything wayward. It will not be wasting your time. It will generate something truthful.

That is why, with whichever team I have been working in recent times, I always tell them to be very specific. You have a very short window — you can’t type so many things at once. Within that small window, you have to be specific and provide the exact context of what you need. Then what it generates will be fruitful.

Jamie : Absolutely. There was this idea of context engineering, which I think has fallen by the wayside a little — this is the thing with LLM-based work, it just moves so quickly. But even so, the things related to context engineering still make sense. Like you were saying: what information do I need to give it to get the best output? Because you, as the developer driving the context and writing the message to the AI, know all of this. But it only knows explicitly what you tell it.

Joydip : Absolutely.

Jamie : Or what it’s able to gather by reading through the codebase.

Joydip : What I have been telling my teams — and I have been working on many projects around the globe, remotely these days — is that the code generated by Copilot has to be reviewed. You can’t just copy and paste it, because you have to review for correctness, completeness, and adherence to best practices.

If it has produced code which is invalid or incomplete, or produced tests that are invalid or incomplete, you have to first go back and see what context you provided. Did you provide the right context? Because based on that, it will generate. But even if you provide the right context, it may still generate code that does not adhere to the best practices you want to follow. In that case, you have to make the changes.

But think of it this way: you will not have to spend a great deal of time on it, because you are not writing the code from scratch. It is generating the code — maybe it has not adhered to two out of ten points on your checklist. That’s fine, because you can make the changes.

Correctness, completeness, and adherence to best practices all have to be kept in mind by developers who are using this, because they can never expect Copilot to build an application for them. That was never Microsoft’s intent. From its name, “Copilot” — it is an assistant.

Jamie : One of the big problems, at least in my experience, of people’s expectations of these agentic systems is: “I can just get it to do it for me.” But, like we’ve just said, it’s all about how you present the information to it. It will not be able to write a full system for you, but it can take an idea and start putting together parts of the system, or take a system and add a new part to it.

It’s very limited in its capabilities — but what it can do is fantastic. I’ve told folks that it’s like imagining you have a junior developer or an intern with zero long-term memory. Between sessions, unless you explicitly tell it to write your notes down and make a note of something, there is no way it will remember things. Whereas you and I, because we have long-term memory and memory aids like READMEs or notes that we take, are able to have that continuity between sessions. AI agents can’t do that.

Joydip : Absolutely. Absolutely.

Jamie : So we talked about what Copilot can give us. I’m in Visual Studio, I’m in Visual Studio Code, I’m in my IDE of choice, typing away. GitHub Copilot can help me in multiple different ways. I know there is a thing called ghost text — the phrase I believe people are still using — where you’re typing away and then it’s greyed out after where you’re typing, suggesting things. Then there’s the other one, which is a chat interface. Am I remembering correctly? It’s been a while.

Joydip : Yeah. We missed one other aspect of Copilot that is really great, and that is security. Security is at the heart of every Copilot interaction. Whatever code it generates — and, again, if you are providing the right context — it will adhere to security practices. You can take advantage of Copilot to generate code that follows the security standards you want to be followed. When you are providing the context, you have to specify clearly that you want the generated code to be compliant — not violating security best practices when generating the code, such as with SQL injection and similar issues. But, again, you have to provide the context.

The best thing is that Copilot will not share your sensitive business information outside of your organisation, because Microsoft never uses your prompts, inputs, or documents to train the models. Whatever you do, it remains within your organisational periphery — it is not shared with anyone. So this is one aspect of security.

From an organisation’s perspective, an organisation can safely use it. From a code security perspective, it provides a lot of features. In GitHub Copilot, you can review code — raise a pull request and ask GitHub Copilot to check for code vulnerabilities wherever they exist in the code. It can just point them out. It is your peer programmer — it is not intended to build the application entirely for you, but it is just an assistant.

When you want to detect and fix vulnerabilities in your code, Copilot can help you a great deal. You can just raise a pull request and ask it to do that, then make whatever minor changes you need. Again, it saves a great deal of time, and time is money. That is the biggest objective of Copilot — when it is assisting you, it is assisting you to save your time.

Jamie : I keep saying it, but it’s like an intern. The idea is: if I have a big task to complete, I can say to an AI agent, “I’m going to do this part of the task, I want you to do this part.” Or, like you said: I’ve done the task — how about you give me a code review?

I’m really glad you brought that up, because I’ve had great success with GitHub Copilot specifically for code reviews on my open source projects. I’ll raise a PR, all I’ve got to do is @Copilot in a comment in the PR, and then Copilot jumps in and performs a full review. It reads through the entire codebase, then reads through my PR, and gives me information like: “You’ve said this is a GUID, but actually it’s a string,” or “You’ve mixed this up,” or “You’ve said in the PR description that you’ve changed this, but you didn’t follow through — there’s a bit that you missed."

That is exactly what you would expect from a human reviewing your code. They can do it alongside GitHub Copilot.

Joydip : Yeah, absolutely. Absolutely.

Jamie : Cool. So how do I get started? I guess there will be pricing details — we’re not going to talk about those because they can age very quickly. I suppose there is some free level of access, but getting started requires just having a GitHub account, right?

Joydip : Yes, yes, yes, yes.

Jamie : Okay. So I have a GitHub account, I do some work on some code, and then I can say to GitHub Copilot: “Just check this for me,” or “Go do this task,” right?

Joydip : Absolutely. There are several plans for Copilot. One is free — simply Copilot, free, provided you have a GitHub account. Then you have Copilot Pro, Copilot for Microsoft 365, Copilot for Business, Copilot Studio, and more. Like any other software tool, you have several plans to choose from, and there is a free plan. You can use it, but it will not provide you with many features — it will provide some of them. It’s not that you have to pay for everything you want to do with Copilot.

You can get started for free, but then you can choose whichever plan suits your business. If you are an individual developer, you can choose your plan and leverage more features that Copilot Pro or Copilot Pro+ provides.

Jamie : Right, okay. So there are a couple of extra levels after the free version. We talked a little earlier about how GitHub Copilot is like an agent, and that’s different to the models. Does that get me access to all the models?

Before you answer that — just quickly, for the folks who are listening who don’t know — you have an LLM, a large language model, which is the thing that does the actual thinking. “Thinking” is the wrong word, because it’s not really thinking, but you can think of it that way. Then there’s the tooling layer that comes in with GitHub Copilot, which is doing all of the spelunking into the code and performing actions on the code for you, from the LLM’s instructions.

So if I have a GitHub Copilot account, does that mean I get access to, say, Claude or the ChatGPT models? What do I get access to?

Joydip : Copilot actually works using LLMs — large language models — and provides context-aware responses. It does not just use an AI model; it connects to your organisation’s data. As a user, you can enter the query, and Copilot’s orchestrator will then access the Microsoft Graph to provide you with relevant contextual information. It can generate responses tailored to your specific requirements, and given a context, it can also generate, summarise, or analyse content as well. To come back to your point, it works by combining LLMs.

Jamie : I know there are lots of different paid models out there that I can use — I can use a version of Claude. I know there are OpenAI models available on Microsoft’s servers. So if I’m paying for, or using Claude for free, do I get to choose between the models from a subset?

Joydip : Oh yeah. Microsoft Copilot can integrate with ChatGPT by taking advantage of OpenAI’s GPT-4 or GPT-4o models. There are several integration mechanisms. Using OpenAI, you can directly use it with any other tool, such as ChatGPT. You can use Power Automate to connect ChatGPT directly into Copilot, and it can generate workflows for you. ChatGPT can definitely be used. We can always use OpenAI models — that’s not a problem, because the integration capabilities are already built in.

Jamie : So I can use any of the integrations they provide. I can experiment with different models — maybe I’m doing .NET things and a particular model is better at a particular problem, so I can focus on that, rather than just going with the defaults. Let’s say I’m using an AI agent by Company A, using models from that company, and it turns out that what I want to do doesn’t fly well with their training. I can switch over to GitHub Copilot and switch to a completely different model, one that’s trained on the language, framework, and system I’m using, and have great success, right?

Joydip : Yeah, yeah, yeah, absolutely. Excellent support for integration.

You know that moment when a technical concept finally clicks? That's what we're all about here at The Modern .NET Show.

We can stay independent thanks to listeners like you. If you've learned something valuable from the show, please consider joining our Patreon or BuyMeACoffee. You'll find links in the show notes.

We're a listener supported and (at times) ad supported production. So every bit of support that you can give makes a difference.

Thank you.

Jamie : So that leads on to something you mentioned earlier about security. A lot of hot air has been wasted on: “We opened up the agent to do everything on our computer, then suddenly it does something wrong, and suddenly it’s the agent’s fault.” In the same way, on day one you don’t give a new employee access to all the things that could ruin the company — you slowly integrate them.

So is one of your top tips for folks interested in experimenting with GitHub Copilot to not give it full access to everything at the start? Is that something you would recommend?

Joydip : Yes, absolutely. Initially, developers should not have access to all aspects of Copilot — such as integration with other tools like ChatGPT. It should be gradual. There has to be restricted access to Copilot.

Jamie : Okay, cool. So I’ve opened some code, I’ve got GitHub Copilot assisting me. Do I have to worry about it performing commit actions on my account? Actually, before we get to that — I’ve just remembered you raised a really important point, and I want to double down on it: you need to double-check the code it produces to make sure it fits with whatever security, coding formats, or coding standards you’re using within your team or project.

Because it is the same — well, not exactly the same, but the same idea as, ten years ago, going to Stack Overflow and asking a question.

Joydip : Yes.

Jamie : There are people I know who would just copy-paste the code into the codebase and move on. The difference with GitHub Copilot — as opposed to Stack Overflow — is that Stack Overflow has a very specific licence that says if you copy-paste code from Stack Overflow into your codebase, you need to open source the entire codebase. Whether that would ever be legally enforceable or not, I don’t know.

What’s to stop a user from posting malicious code? For those who are interested, I’ll track it down and put it in the notes — there was a Stack Overflow conversation about what if a user intentionally puts malicious code as an answer to a question on Stack Overflow, and Stack Overflow’s answer was: it’s not their problem. It’s yours. You should be vetting this code.

The same thing should apply to anyone accepting code contributions from anywhere, whether it’s an AI system helping you out whilst you’re writing the code, or someone who has submitted a PR to your repository. You need to be vetting that code, because when that PR goes through, or when you commit the code generated by the AI system, it’s going to have your name against it. It’s your responsibility. Standing up and saying “the AI wrote it” is not going to fly with anyone, ever.

Joydip : Absolutely, absolutely. I missed another point that is very important — you already started talking about it — and that is: to what extent should developers be allowed to access Copilot? That’s a very important point.

From an organisation’s perspective, an organisation should foster a balanced approach of strong data governance, targeted training, and iterative adoption strategies for Copilot. What this means is that, based on the importance of a project and the experience level of the developer, the organisation should have certain restrictions. It should not be providing access to all features of Copilot. Think of integrations, or perhaps if you want Copilot to access your operational data — some of that data may be encapsulated and may not be allowed for those developers to access.

Everything has to be backed up with proper training. When you are training your developers, you have to train them on making the best use of Copilot. In essence, that means making sure they are able to provide the correct context. If they don’t, it is a waste of time, because whatever it generates may not be what you intended. Every time you’re changing a prompt, you’re saying, “This is not right — do it this way."

I have seen this happen — I told my developer: “Stop it, write the code yourself because you are wasting time,” because that poor fellow was unable to provide the proper context. Every time Copilot came up with a suggestion, the code listing was not what he intended, so it was wasting his time.

Training is a very important factor for success in an organisation. If an organisation really wants to make best use of Copilot: first, training should be on a regular basis; then, restricting access — governance and security; and then, periodically — let’s say quarterly — the organisation should be measuring the progress.

If I am the owner of an organisation, I will think: “My developers are using Copilot, but is it really worth it? Are they able to deliver on time? Is the code they are delivering using Copilot high quality — as far as performance, security, and scalability are concerned?” There are several things the organisation should be able to measure.

Let me repeat: the first and most important thing is training, followed by governance and security. Then the organisation should be able to measure success and productivity. Even when leaving an AI-powered tool in the hands of your developers, you should have a target. At the end of a certain cycle, you should be able to quantify whether it is really worth it and what is going wrong.

If something is going wrong — as in my case, I told my developer: “I can understand your pain point. I can see that what you are trying to generate is not generating, because your prompt is wrong. The context you are providing is not correct, so what it is returning is to some extent wayward, and it is wasting your time."

He was also not that proficient in English, so whatever he was providing as input — the context — was not perfect, and it was wasting his time. That is why I feel training is very, very important.

Jamie : Absolutely. I also feel like maybe R&D is not the right word, but experimentation and play — what can this thing do? I totally get your point about training, because otherwise you’ll have people across the team using it differently, getting different results, and the quality of the code it generates per person will be all over the map.

We’re rapidly running out of time, but I wonder if you’d be able to give the folks some resources for getting started? If it’s easier, you could just send them through and we’ll put them in the show notes. Where’s a good place to get started with GitHub Copilot? You mentioned earlier that you’re a prolific author — where can folks go to learn about what you’ve written?

Joydip : Absolutely. I’ll send you the link to the resources in an email.

Jamie : Keep an eye out for that, folks. If you’re listening to the episode, push the show notes button and you’ll get all of those links that Joydip is going to send over.

Is there any way you want to send the listeners to learn more about you? Are you on socials? Do you want them to visit your website? What’s the way for folks to keep up with what you’re doing?

Joydip : Sure. I will provide my email address. I can also share my Slack ID as well — we can hop on chat, and I can guide them if they are running into any difficulty using Copilot. They can reach me either through email or Slack.

Jamie : Amazing. Thank you so much for being on the show, Joydip. I hope we can convince you to come back another day to talk more about Copilot or any other topics you’re interested in.

Joydip : Sure, definitely.

Jamie : Amazing. Thank you so much.

Joydip : My pleasure.

Wrapping Up

Thank you for listening to this episode of The Modern .NET Show with me, Jamie Taylor. I’d like to thank this episode’s guest for graciously sharing their time, expertise, and knowledge.

Be sure to check out the show notes for a bunch of links to some of the stuff that we covered, and full transcription of the interview. The show notes, as always, can be found at the podcast's website, and there will be a link directly to them in your podcatcher.

And don’t forget to spread the word, leave a rating or review on your podcatcher of choice—head over to dotnetcore.show/review for ways to do that—reach out via our contact page, or join our discord server at dotnetcore.show/discord—all of which are linked in the show notes.

But above all, I hope you have a fantastic rest of your day, and I hope that I’ll see you again, next time for more .NET goodness.

I will see you again real soon. See you later folks.

Follow the show

You can find the show on any of these places