So far as I am concerned the story with GitHub copilot is "Nothing more to see here, move on folks."
Granted people in business get a sugar rush when they see something that looks like working code generated automatically but at best it is doing the 20% of the work that seems to get you 80% of the way there except taking the bugs out of something written mindlessly is a stupendously expensive process.
Through the recent discussions I took part, I understood that many people think Free and Open software licenses as a black and white matter.
Is the code there? If yes, I can copy it. If not, it's verboten. The license attached to the code is not important in their eyes.
As one of my friend told me, his (native English speaking) professor at the university told him: "My English is not good enough to understand what is written there".
OTOH, I left GitHub the day Copilot is released for production.
This is a social problem, and we need to increase awareness IMHO. There's no other choice.
But surely a corporation like github should understand licenses well enough to realize that if copilot spits out a 1:1 copy of a piece of code it needs to at least tell the user the license for that code?
They shift the responsibility to the Copilot user.
From the official documentation:
You are responsible for ensuring the security and quality of your code. We recommend you take the same precautions when using code generated by GitHub Copilot that you would when using any code you didn't write yourself. These precautions include rigorous testing, IP scanning, and tracking for security vulnerabilities [0].
Also, you don't have to return a 1:1 copy of the code to breach the license. Adapting it to the context at hand is an effectively deriving the code, and you have a derived version of a licensed piece of code. Worse is, you can't check the code's license, because you can't underive and see where does it come from.
With this move, GitHub as a company is completely dissolved in my eyes. It's purely and squarely Microsoft now, because they behave like Microsoft, not GitHub.
fun and worthy post @! as someone who is "old enough to remember the events of the 90s" this captures so much in the intro paragraphs, with humor and without lecturing. Sure it misses important nuance here and there.. but overall, well done! thanks, recommended
I'm so tired of this argument. I want to host stuff myself. Really, I do. But I really don't have enough time in the day to do it.
I set up a blog this weekend using Hugo, Ansible, and Github Actions to host it on NearlyFreeSpeech.NET. It "only" took two days, but I'm exhausted and I don't actually have any content yet.
I host Plex and TiddlyWiki at home on my Raspberry Pi. I used docker and traefik. Sometimes it still has weird issues and I have to reboot it. It was another project that "only" took a weekend and left me exhausted.
So let's say I don't want to self host, but I don't want to use Github. What are my options? I used to use Bitbucket, but I moved to Github a few years ago to consolidate my accounts. I liked Bitbucket, but people give you weird looks when you give them a Bitbucket URL. It's not as seamlessly supported in apps that can automatically understand Github urls. Confluence kept buying other products and tacking them on. And they kept trying to upsell me.
Then there's Gitlab. I'm going to have to get used to it because my employer is transitioning to it, away from Github. This article mentions developers having short memories. I remember when Gitlab decidedly said they'll do business with anyone back when people were shaming tech companies for helping and cooperating with ICE a few years ago. That left a bad taste in my mouth.
There's Sourcehut. But I have friends with beef with the guy who made it and I don't want to support him.
I can't help but feel like Github is probably the lesser evil here. Honestly, I'd pay for a service if I believed in it. It's important to me that I'm the customer, not the product. That's why I switched from Gmail to ProtonMail a few years ago. I have their top tier paid account because I believe in them and I want to get what I pay for.
Sorry, I don't really have a point. I'm just tired of this argument. I'd self host in a second if I could do it quickly, easily, and reliably. But I don't think I can.
I'm sure the tools are out there. But I'm at a point where I have more money than time for this. I empathize with the self-hosting ethos. I want a more decentralized internet. But I don't enjoy the setup and maintenance. I have previous little free time. I even spend much of it writing software, because I enjoy that. I don't enjoy being a sysadmim or my own personal devops.
I think I realized that in college when a friend tried to get me to run Gentoo as my first linux distro. I never made it to a desktop! I still run linux as my daily driver today, but I'm currently using Pop!_OS after having used Ubuntu since college. Because when I'm using my daily driver computer, I want to use it, not maintain it.
> But I'm at a point where I have more money than time for this.
Sorry I'm not trying to stalk you across multiple threads, but this made me wonder if there's a market for contract SREs. Like you own a car but you take it for oil changes and tune-ups, you own a server but some admins SSH into it here and there when it needs fixing (puts an emphasis on encryption, maybe). I think it hasn't happened because there's not a huge difference between this and purchasing hosted services, but, maybe it's an interesting slightly different option.
a competitive engineering group I worked for ten+ years ago definitely had this exactly. Except "ssh from outside" was also carefully monitored, and the primary admin visited a few times a month in person. That computer admin was not the boss, it is a secure environment with a lot of top-down control. Engineers were occasionally terminated, while the executives rarely were. Its a real thing in the city.
> I remember when Gitlab decidedly said they'll do business with anyone back when people were shaming tech companies for helping and cooperating with ICE a few years ago. That left a bad taste in my mouth.
I could see how this would leave a bad taste in your mouth, but I'm not sure it follows that Github is the lesser evil.
I can't think of specific examples (aside from the EEE philosophy brought up in the post and copilot if you consider that to be a Bad Thing), but Microsoft seems to have done plenty of Bad Stuff in the past. Maybe a comparable amount, if not more, Bad Stuff than GitLab?
That's true. But I use VSCode every day. FWIW, I tried the de-Microsofted version and it worked well for almost a year. But then the plugin store split happened and it just made life more difficult than sucking it up and going back to vanilla VSCode. So I'd be a huge hypocrite if I said Github is a step too far.
Codeberg is just Gitea hosted in Germany: their Impressum lists the legal address as "Codeberg e.V. Gormannstraße 14 10119 Berlin".
Which may be good because EU privacy protection laws are stronger than US's. German laws specifically can be restrictive in other aspects though; e.g. there's no concept of protected free speech.
Well it's a tradeoff right? Zero hassle, zero control. Lots of hassle, lots of control.
Part of the complexity is that the effects aren't all immediate, and humans aren't good at thinking long term. People put code on GH for years and then Microsoft took it and undermined those same developers. So it might seem like zero hassle right now, but it's probably big destruction later on.
Personally I'm growing an allergy to these kinds of "no catch, we promise" services. What they usually mean is "we sell your data to other marketers, governments, and potential bad actors", "we try to hypnotize you with ads", "we aren't actually giving you this thing and we'll delist it whenever we want", or worse.
I know this doesn't respond to your issue, my weak effort there is that are a fair number of hosts for things like nextcloud and gitlab. My brother runs a substantial suite of services all through Docker and admins it almost not at all. This stuff is possible, but I agree it's harder than signing into GH with SSO and pushing code. All I'm saying is that there are other costs, you just don't pay until way later.
That's very true. I just wish there was a middle ground. I'd pay for a service that just runs a managed version of Gitea. Something similar to installing WordPress or a PHP bulletin board system to an old-fashioned web host. Hell, I could probably do just that if there was a super low end version of these types of services that will run with just PHP and Apache.
EDIT: Oh my god. I think I understand Sqlite and Fossil a little better now.
>But I really don't have enough time in the day to do it.
Things that take time cost money, because time is valuable. You can pay in money to self-host, or you can pay in time, or you can pay in privacy and marketing, but you can't just get it for free.
> There's Sourcehut. But I have friends with beef with the guy who made it and I don't want to support him.
What's their beef if you don't mind me asking? Drew seems like a nice enough guy. He is very opinionated obviously, but he's created many amazing FOSS projects.
I don’t know the OP’s friends’ beef with Drew, and I don’t have a direct beef with Drew, but I cancelled my paid Sourcehut account after getting a clear message that Drew wasn’t interested in supporting anyone who wants to use the software he writes on non-FOSS systems.
It’s a stricter stance than the FSF, and I won’t support the FSF financially (as I fundamentally do not agree with their mission, their licence, or their leadership). So…Sourcehut gets a year of paid support from me, but that’s it. It fundamentally doesn’t interest me, because I’m not interested in using Linux or FreeBSD as a daily driver.
He might have opinions about his software, but he also made it clear that Source Hut is free from his views, and he sees sr.ht as a serious business.
So, I don't see Drew's views as a reason to not to support Source Hut, because in my perspective while he might not be agreeing with one's view, he's actively protecting these views to allow them to be expressed, and this is great in my view. The relevant comment about this, made by himself is here [0].
Self-hosting should become absurdly easy to become widely popular, and to become any popular around non-technical users.
Very easy Linux host setup (like that of AWS, Linode, DO, etc) + containers (podman or docker) or stuff like flatpack or appimage should solve most of that problem. What's missing form the picture is an easy (I mean laughably easy) way to connect services. Something like a patch panel should be created to control UFW / traefik / whatever, when apps don't snap together automatically.
I'm gonna be honest: I don't get the outrage over Copilot. To me, it's obviously totally unobjectionable. If journalists were getting outraged that their newspaper columns were being consumed as GPT training data, we'd correctly call that silly: it's public text now, so long as you're not reproducing it verbatim and thus violating copyright, users can consume it for whatever purpose they see fit.
It's because software developers smell the disruption. We've automated lord knows how many people out of their jobs. We're apparently not immune either.
Frankly, no/low-code is more of a threat IMO, but copilot is eerie.
Am I mis-reading it? the article claims Microsoft had an internal policy of "embrace, extend, extinguish". As proof it links to Wikipedia. Wikipedia does not corroborate this. Instead it says some journalist made up that phrase. Microsoft themselves had "embrace, extend, innovate" which is a fully reasonable position
Let me add, my understanding of the 2 major things people complained about at the time are (1) extending Java with access to OLE/COM/DCOM (2) extending IE with ActiveX (which is OLE/COM/DCOM access in the browser).
It's always seemed like to me like both of those as the natural thing to do as an engineer. Microsoft and Windows users had 1000s and 1000s of OLE/COM/DCOM libraries. A new system/language appears and gets popular. You want to use all you existing software and solutions with this new system/language. So you find a way to make them interop. It requires zero malice to decide to do this. Irregardless of if it benefits your company it is arguably the most common sense and natural thing nearly any engineer would do.
There’s no contradiction here. Both things are true.
The engineers at MS thought Java was a great idea, and built a world-class implementation team for it. Of course they added P/Invoke (easy DLL native code integration) and COM interop because that’s naturally what you need in the Windows environment. There was plenty of enthusiasm for Java in the MS engineering community.
From MS’s business perspective, that was also great for the 3-E strategy, and more Windows-specific features were encouraged. From Sun’s business perspective, that went totally against the cross-platform Java strategy and was grounds for war.
The business folks had a major falling-out, and the same MS engineering team, now legally prevented from working on Java, built a better Java (CLR) for Windows software with the lessons learned.
The real disconnect on the engineering side was that the MS engineers thought of Java as just another language they could implement and improve on (like C), whereas Sun engineers thought of Java as a world-changing initiative where the WORA abstraction layer was paramount.
The first few paragraphs sum up a lot of stuff I was thinking for the last years or decade. Microsoft and Google are still scummy corporations and operate on bad faith and abuse their legal power to prosecute people for no reason other than loss aversion, as per the American status quo.
I'd like to make a point about what Open Source is to me.
At it's core, open source is not about The Internet at all. Open Source is about being able to look at the source of the software you have. If someone gives me (or god forbid I buy) some software, can I inspect the source? If yes, then it's Open Source.
Putting code on the internet is another thing entirely. Related, sure; but ultimately not at all the same. In fact, there's so much "open source" crap out there that doesn't even compile, build, or run, that isn't Open Source at all! OK, maybe it still is, software is allowed to have bugs... but I digress.
What you are describing is "Source available", which is a fairly common practice. Many large "open source" projects with a paid tier will have proprietary code in the repo for all to inspect, but it doesn't make those features open source. Microsoft has a special program for governments and institutions to inspect certain product code.
>These programmers have seemingly imagined a fantasy land in which Microsoft is now totally-on-board with the Richard Stallman free software fairyland socialist utopia.
Nobody imagines that. But nobody besides a very small group is on board with stallman anyways. That microsoft recognizes the value of open source to their bottom line is sufficient.
How is self-hosting protecting from Copilot infringing on your license? One can imagine Copilot fetching your self-hosted repo and adding it to its database, or someone forking your self-hosted repo, hosting it on github which will still be used by Copilot. The issue of respecting the license of Open Source code by these "AIs" it orthogonal to where the source is being hosted.
I have no problem with Copilot and other "AIs" using my source code, as long as they respect the license. If copilot spits out (even partially) my GPL code it is still GPL. Other than that - it's free and open for corporate and personal use.
When training the natural language model, I don't think it's possible to trace back from an output to which training data it comes from. So it will never spit out something and say it's GPL licensed.
Similarly, trying to prove a GPL violation because the model's output is based on any particular input seems impossible.
How very convenient. So many billions of things that "AI" can remember and infer, and yet it can't remember that one important 3-letter metadata. Reminds of these politicians that when questions in the court answer "I can't remember" for everything.
All these instructions for self hosting various services are looking like guides for rsync-based backup before Dropbox. We need some easy way to set up self hosting of all the popular decentralized systems at once with good security, proper backups, etc ready to go out of the box. Of course it needs to make migration away to true self hosting easy.
Or even something like a Raspberry Pi in a case with all this stuff.
> A programmer working on a project for a large corporation—as I was told—shouldn’t even be reading code that is licensed under, for instance, GPL. In effect, absorbing information from that code and “repurposing” it in a new solution would constitute an intellectual property rights violation if not expressly permitted by the license.
Wait a minute. Reading some GPL’ed code and then writing a new thing, based on the ideas you’ve learned from the code, can be an intellectual property rights violation?
They are a thing for CYA reasons. Abstract ideas and algorithms are not intellectual property, only the concrete code implementing them is, and as such do not fall under licenses such as GPL.
Not only that, a clean room isn't enough. You need to hire programmers straight out of college who have never looked at GPL code. Just kidding, it's even worse than that - most developers right out of college have read at least one character of GPL licensed-code. Even stack overflow is tainted, because the questions and answers there were written by people who read GPL code.
It's best to exclusively hire race car drivers and fedex delivery workers to your software development workforce, as they are statistically least likely to have been exposed to GPL code (per bureau of labor and statistics).
That would likely depend on the meaning of "based on" (not a lawyer here!), and the actual lawyers would feel very happy charging exorbitant sums for arguing it out in court. As any sensible corporation (that is not deriving its income from lawyer's fees) would like to avoid that so the easiest approach would be "don't look at GPL code".
That raises an interesting question though. If I read the code, remember it, and then re-type it as is, that'd obviously fall under license's terms. But if I write an ML process, that knows to read code, understand it, and reproduce it, and it ends up reproducing the said code byte-for-byte, is that considered copying too? Suppose I didn't intend for ML process to work that way, I just programmed it in a way to find optimal solutions, and trained it on a dataset of GPL code, and it happened that this particular piece of GPL code, byte-for-byte, was chosen by the ML algorithm as optimal. Did I copy the code? Did I violate the license even earlier, when training the ML model on GPL code?
Building a tool that facilitates or even automatically copies code and then using it would absolutely open you to issues.
I'm actually not sure what your thought process around why it wouldn't - if you're byte for byte copying something that you, or a machine, saw, that didn't have rights to use (or rather, didn't have rights to determine how other people use it - and you tried to enforce them) would be a problem.
If you're not supposed to look at GPL code, why would you train your model using such code?
Well, if I trained, say, search engine ranking model on GPL code, would that be a violation? Or, say, if I needed data about frequency of keywords in certain languages and I used GPL code would that be a violation? I don't think so...
If so, there must be some boundary there - but I am not sure where.
If your boss says “write me code that doesn’t have a GPL license because I want to license this to other customers in a non-GPL way” you cannot use, or have a machine use, GPL code.
This isn’t about whether or not you’re allowed to use GPL code, it’s about whether you’re allowed to enforce ownership rights against it, presumably.
If you copy GPL code you are in violation, however it happens.
I don't think it's true. Can a non-GPL backup tool backup files with GPL code? It will certainly be copying them, that's what backup is. I think you would agree that claiming it is a GPL violation would make no sense. What if that tool also calculates hash sums of the code? Still OK? What if it also builds inverse indexes on the content of the files, for better backup retrieval? Still OK? What if more complex calculation on the content of the files is done, for more efficient storage and compression? The resulting data set would certainly have something derived from the code, but it would not be anything like the original code. What if the same data set is used to train an ML model? I still don't see the boundary there, and "you can't touch bytes in any GPL code in any way" doesn't seem to be it.
I am not talking about "enforcing ownership rights" - if I train a model on GPL code and it produces some code, I am not asking about ownership rights on that code. For all I care, that can be public domain. What I am asking is how much of the original code should be left in this product for it to be still covered under GPL and how would one find such a boundary?
Ideas? No. Expressions? Yes. Github Copilot arguably copies protectable expressions. Microsoft is banking on the fact that nobody will sue them over it because it involves projects that cannot defend themselves, and because they will endlessly argue over where the line between ideas and protectable expressions is.
TL;DR Microsoft is being Microsoft again. Also water is wet.
> When property ownership disappears, all natural rights do.
Statements like this undermines their argument. Microsoft secures all sorts of rights under their EULA and is contractual. Enforcing property ownership is exactly how Microsoft has risen to dominance. And that is to say nothing of the a-historicism of this explanation of property rights.
is it common to group IP rights into "natural rights"? any argument i've heard for property rights emerging from "natural rights" has been reasoned from the resource in question being scarce (and hence, my taking of your property immediately deprives you of that resource). i've never heard the argument "my copying of your property deprives you of the benefits from some future interaction i would have otherwise voluntarily entered into" argued from a natural rights perspective.
I'm not sure about IP rights, but saying natural rights derive from property rights, which this sounds like, is pretty popular in right wing libertarian circles. The idea being that if you own yourself, all human rights become property rights. This is the basis of things like Ayn Rand's "objectivism", a philisophy effectively claiming to have solved morality once and for all.
It is, of course, clearly nonsense if you try to use it for anything more than justify unfettered capitalism or drug legalization. Most famously being unable to effectively condemn things like pedophilia, slave contracts or human trafficking. But this exact ability to come to counterintuitive conclusions about many things means it remains very popular among certain groups of people.
> saying natural rights derive from property rights, which this sounds like, is pretty popular in right wing libertarian circles
But it’s a distorsion of free market!
Not versed into philosophical currents, but very-right-wing people would claim that it’s not the role of the state to protect one’s IP rights, much less at least than protecting their physical integrity (at least every citizen has a body, as opposed to patents); The sponsor of the state to protect patents or copyright is effectively a “bribe” of states towards some private citizen, for something which is incredibly costly and unfair to prevent (think “The state guarantees me against the harm of my ideas getting used by everybody”), and therefore constitutes a unfair advantage, a misuse of public power, and a distortion of free market in favor of IP owners. Frequently seen when large corporations alter governments to tilt the balance to their advantage.
In a ideally liberal state, Microsoft would keep its secrets for itself OR choose to publish, but if you succeed to decompile, then Windows becomes effectively open-source, and you wouldn’t have such monopolistic behaviors enforced with the help of public taxes. But then the USA wouldn’t be hegemonic.
Just brainstorming a low-tech analogy to help sketch-out the problem space, let's imagine if a bronze-age scenario of:
1. Alice underwent great expense to transport a rare new fruit bush from another country, with a little selective-breeding to find a variety that would thrive in local soil.
2. Alice sells these fruits. Perhaps she makes buyers agree never to plant the seeds as a condition of purchase, but that doesn't matter since...
3. Carol finds one of the seeds, simply fallen on the street. (Therefore contracts aren't part of this scenario.)
4. Carol plants her own bush and starts selling the fruits too.
5. Alice complains that Carol has wronged her and that she has some kind of right to the sale of the fruit.
It's true that in this low-tech example Alice didn't construct the plant--certainly not same way as with a program or screenplay--but she did invest some similar kind of time/effort/resources in making it available.
So the question is whether that kind of "work" creates some kind of right, one which exists outside any kind of contractual agreement. If so, what are its differences or limitations from her other rights?
you're not self-hosting. you're using a managed hosting product. Digital Ocean (an entity which is not your self) is hosting things for you. On top of that this blog is hosted by Substack (also not your self). nothing intrinsically wrong with either of those, but if you simultaneously espouse the greatness of "self-hosting" and the awfulness of "cake-eating corporations" then this comes off as egregiously phony.
This seems like an odd bit of pedantry. Digital Ocean is just providing generic VPS services, they aren't operating at the git layer at all. The author fully controls the URLs in question, and can move to any number of equivalent server providers. What value does your litmus test add?
1. it's expanding the scope of "self-host". i'm sympathetic to anti-prescriptivists, but when self-hosting is something i care about and strive for i don't want for its definition to weaken without myself having a fallback phrase to use in place of the original "self-host".
2. his argument for moving away from MS GitHub is based on the understanding that license enforcement is lax in the modern era. the reasons he can expect to have greater license enforcement on a VPS than on MS GitHub may be real, but aren't immediately obvious to me. the most bulletproof defense seems to be one of obscurity: it takes a VPS provider more effort to decode his git repos than it does a managed git provider. any other defense i can come up with for why a VPS would enforce data agreements ought to apply similarly to GitHub (which is evidently not true).
i admit that a VPS achieves certain things better than self-hosting (as you say, it's easy to migrate, or deploy to multiple machines and have failover/load-balancing, etc). if the author is making a tradeoff between that and his license ideals, then his current solution might very well be right for him. on the other hand, if he prioritizes his license ideals as much as his post makes it seem, then he's already done half the work to go full self-hosting and may as well take the next step (as he says, "one day is worth it for a project that's going to have 10,000 hours of investment").
related to the author's quest for ownership, i would say "self-host" means that the "self" involved here owns the "host". so e.g. hosting on a PC you own is "self-hosting".
ownership is thorny (as the author is discovering). how does this change if you co-locate your box on the property of an internet exchange not owned by you? how does it change if you maintain physical possession of the host but there's some lien on it (i've never heard of somebody mortgaging a server, but there's no reason you couldn't)? i'm not sure. i think the concepts which "self-host" acts to label necessarily lie on a scale. if i were to attempt a strict boundary to which everything on one side is "self-hosting" and the other is not, there'd sure to be some contradictions. but i think at least notional ownership of the host is necessary for self-hosting and no VPS claims that.
I understand your point, but I think you're fighting a semantic war that has already been lost. For a new generation of hackers, self-hosting just means they control the data and executables directly. Physical ownership of hardware is getting more and more rare, and frankly the marginal benefits are small and probably not worth it most of the time.
Whether or not you call what I'm doing self-hosting or not is not really the issue. I am not really interested in fighting over that term - you may be right that I misused it. If so, I apologize for the confusion. Instead, I am interested in real, practical steps that increase individual control over property - which includes code - and decrease the ability of centralized organizations (corporations, governments) to freely exploit that work, thus increasing individual liberty and the freedom to compute.
I agree that Digital Ocean, Substack, and so on still operate as "chokepoints", and that I'd be more hardcore if I really went full-on setting up my own physical machine and my own totally open source web stack. Unfortunately, all of the software in that space is depressingly terrible - surely partly because of the mess that is the web - and it entirely lacks a good user experience, which is a very good argument in favor of these centralized services. For that reason, I've instead favored such centralized services, which is unfortunate but more practical for me, because I am a moron when it comes to running servers.
In my mind, the vision of fully decentralized self-hosting computing will simply never happen as long as this unfortunate technical situation remains - at some point, someone is going to have to really sit down and iron out all of the details in a way that doesn't absolutely suck shit. Like I mentioned in the article, Caddy and Gitea have done a fairly good job at the first few steps, but the tech and generally the whole process is still pretty idiotic, and I'm pretty sure it doesn't have to be.
As just a simple thought exercise, imagine if you wrote a fictional book that takes place on the moon, and you took a whopping entire paragraph out of one of JK Rowlings harry potter books, now imagine that you changed a few of the adjectives or pronouns and pasted it in.
I mean yeah legally there might be some level of copyright infringement here but that little fragment constitutes less than one percent of Rawlings work, and your entire book doesn't even follow the same plot as the Harry Potter book. Nobody gives a crap.
I also feel like there's a bit of a double standard, how many people knowingly lift things wholesale from Stack overflow without requiring and including the required attribution? How many times have you found a snippet of code online and implemented it in your code base without determining whether you need to provide attribution?
People are getting all worked up over basically nothing, in more than 90% of use cases for copilot you just wanted to fill out a basic boiler plate level function, and it does so beautifully.
MSFT is something else. Almost all developers were against Microsoft in the 2000s. Then they "embraced" OSS and Linux since they knew that going against developers would not get them far in the long run.
"Honeymoon" phase
They were catering to devs with free tools like vscode, WSL, etc..., A generous tier for GitHub (GitHub was bleeding devs right after they announced ms just bought them), etc..., Basically, pampering us.
"True colors" phase
The honeymoon is over and now they're showing their true colors. Copilot (devs do the heavy lifting stuff and they get all the goodies), vscode with different flavors (c# related issues), sunsetted atom in favor of vscode (one less competitor), etc..
There so much the dev community can tolerate before going nuclear on them.
79 comments
[ 4.8 ms ] story [ 130 ms ] threadGranted people in business get a sugar rush when they see something that looks like working code generated automatically but at best it is doing the 20% of the work that seems to get you 80% of the way there except taking the bugs out of something written mindlessly is a stupendously expensive process.
Is the code there? If yes, I can copy it. If not, it's verboten. The license attached to the code is not important in their eyes.
As one of my friend told me, his (native English speaking) professor at the university told him: "My English is not good enough to understand what is written there".
OTOH, I left GitHub the day Copilot is released for production.
This is a social problem, and we need to increase awareness IMHO. There's no other choice.
From the official documentation:
You are responsible for ensuring the security and quality of your code. We recommend you take the same precautions when using code generated by GitHub Copilot that you would when using any code you didn't write yourself. These precautions include rigorous testing, IP scanning, and tracking for security vulnerabilities [0].
Also, you don't have to return a 1:1 copy of the code to breach the license. Adapting it to the context at hand is an effectively deriving the code, and you have a derived version of a licensed piece of code. Worse is, you can't check the code's license, because you can't underive and see where does it come from.
With this move, GitHub as a company is completely dissolved in my eyes. It's purely and squarely Microsoft now, because they behave like Microsoft, not GitHub.
[0]: https://docs.github.com/en/copilot/overview-of-github-copilo...
I set up a blog this weekend using Hugo, Ansible, and Github Actions to host it on NearlyFreeSpeech.NET. It "only" took two days, but I'm exhausted and I don't actually have any content yet.
I host Plex and TiddlyWiki at home on my Raspberry Pi. I used docker and traefik. Sometimes it still has weird issues and I have to reboot it. It was another project that "only" took a weekend and left me exhausted.
So let's say I don't want to self host, but I don't want to use Github. What are my options? I used to use Bitbucket, but I moved to Github a few years ago to consolidate my accounts. I liked Bitbucket, but people give you weird looks when you give them a Bitbucket URL. It's not as seamlessly supported in apps that can automatically understand Github urls. Confluence kept buying other products and tacking them on. And they kept trying to upsell me.
Then there's Gitlab. I'm going to have to get used to it because my employer is transitioning to it, away from Github. This article mentions developers having short memories. I remember when Gitlab decidedly said they'll do business with anyone back when people were shaming tech companies for helping and cooperating with ICE a few years ago. That left a bad taste in my mouth.
There's Sourcehut. But I have friends with beef with the guy who made it and I don't want to support him.
I can't help but feel like Github is probably the lesser evil here. Honestly, I'd pay for a service if I believed in it. It's important to me that I'm the customer, not the product. That's why I switched from Gmail to ProtonMail a few years ago. I have their top tier paid account because I believe in them and I want to get what I pay for.
Sorry, I don't really have a point. I'm just tired of this argument. I'd self host in a second if I could do it quickly, easily, and reliably. But I don't think I can.
I think I realized that in college when a friend tried to get me to run Gentoo as my first linux distro. I never made it to a desktop! I still run linux as my daily driver today, but I'm currently using Pop!_OS after having used Ubuntu since college. Because when I'm using my daily driver computer, I want to use it, not maintain it.
Sorry I'm not trying to stalk you across multiple threads, but this made me wonder if there's a market for contract SREs. Like you own a car but you take it for oil changes and tune-ups, you own a server but some admins SSH into it here and there when it needs fixing (puts an emphasis on encryption, maybe). I think it hasn't happened because there's not a huge difference between this and purchasing hosted services, but, maybe it's an interesting slightly different option.
But your post gave me an idea I won't discuss in public, thanks.
I could see how this would leave a bad taste in your mouth, but I'm not sure it follows that Github is the lesser evil.
I can't think of specific examples (aside from the EEE philosophy brought up in the post and copilot if you consider that to be a Bad Thing), but Microsoft seems to have done plenty of Bad Stuff in the past. Maybe a comparable amount, if not more, Bad Stuff than GitLab?
[1] https://sourcehut.org/
[2] https://codeberg.org/
Which may be good because EU privacy protection laws are stronger than US's. German laws specifically can be restrictive in other aspects though; e.g. there's no concept of protected free speech.
Part of the complexity is that the effects aren't all immediate, and humans aren't good at thinking long term. People put code on GH for years and then Microsoft took it and undermined those same developers. So it might seem like zero hassle right now, but it's probably big destruction later on.
Personally I'm growing an allergy to these kinds of "no catch, we promise" services. What they usually mean is "we sell your data to other marketers, governments, and potential bad actors", "we try to hypnotize you with ads", "we aren't actually giving you this thing and we'll delist it whenever we want", or worse.
I know this doesn't respond to your issue, my weak effort there is that are a fair number of hosts for things like nextcloud and gitlab. My brother runs a substantial suite of services all through Docker and admins it almost not at all. This stuff is possible, but I agree it's harder than signing into GH with SSO and pushing code. All I'm saying is that there are other costs, you just don't pay until way later.
EDIT: Oh my god. I think I understand Sqlite and Fossil a little better now.
... maybe I should start a Gitea-as-a-service company.
It depends on your requirements, but I found Gitea to be really easy to set up.
Things that take time cost money, because time is valuable. You can pay in money to self-host, or you can pay in time, or you can pay in privacy and marketing, but you can't just get it for free.
What's their beef if you don't mind me asking? Drew seems like a nice enough guy. He is very opinionated obviously, but he's created many amazing FOSS projects.
It’s a stricter stance than the FSF, and I won’t support the FSF financially (as I fundamentally do not agree with their mission, their licence, or their leadership). So…Sourcehut gets a year of paid support from me, but that’s it. It fundamentally doesn’t interest me, because I’m not interested in using Linux or FreeBSD as a daily driver.
So, I don't see Drew's views as a reason to not to support Source Hut, because in my perspective while he might not be agreeing with one's view, he's actively protecting these views to allow them to be expressed, and this is great in my view. The relevant comment about this, made by himself is here [0].
[0]: https://news.ycombinator.com/item?id=31966313
Self-hosting should become absurdly easy to become widely popular, and to become any popular around non-technical users.
Very easy Linux host setup (like that of AWS, Linode, DO, etc) + containers (podman or docker) or stuff like flatpack or appimage should solve most of that problem. What's missing form the picture is an easy (I mean laughably easy) way to connect services. Something like a patch panel should be created to control UFW / traefik / whatever, when apps don't snap together automatically.
Frankly, no/low-code is more of a threat IMO, but copilot is eerie.
It's always seemed like to me like both of those as the natural thing to do as an engineer. Microsoft and Windows users had 1000s and 1000s of OLE/COM/DCOM libraries. A new system/language appears and gets popular. You want to use all you existing software and solutions with this new system/language. So you find a way to make them interop. It requires zero malice to decide to do this. Irregardless of if it benefits your company it is arguably the most common sense and natural thing nearly any engineer would do.
The engineers at MS thought Java was a great idea, and built a world-class implementation team for it. Of course they added P/Invoke (easy DLL native code integration) and COM interop because that’s naturally what you need in the Windows environment. There was plenty of enthusiasm for Java in the MS engineering community.
From MS’s business perspective, that was also great for the 3-E strategy, and more Windows-specific features were encouraged. From Sun’s business perspective, that went totally against the cross-platform Java strategy and was grounds for war.
The business folks had a major falling-out, and the same MS engineering team, now legally prevented from working on Java, built a better Java (CLR) for Windows software with the lessons learned.
The real disconnect on the engineering side was that the MS engineers thought of Java as just another language they could implement and improve on (like C), whereas Sun engineers thought of Java as a world-changing initiative where the WORA abstraction layer was paramount.
Source: I was there.
> McGeady testified that Maritz told Intel that Microsoft’s strategy was > to “embrace, extend, extinguish.”
> Rob Sullivan testified at his deposition that Maritz said the phrase > “embrace and smother.”
At it's core, open source is not about The Internet at all. Open Source is about being able to look at the source of the software you have. If someone gives me (or god forbid I buy) some software, can I inspect the source? If yes, then it's Open Source.
Putting code on the internet is another thing entirely. Related, sure; but ultimately not at all the same. In fact, there's so much "open source" crap out there that doesn't even compile, build, or run, that isn't Open Source at all! OK, maybe it still is, software is allowed to have bugs... but I digress.
Nobody imagines that. But nobody besides a very small group is on board with stallman anyways. That microsoft recognizes the value of open source to their bottom line is sufficient.
I have no problem with Copilot and other "AIs" using my source code, as long as they respect the license. If copilot spits out (even partially) my GPL code it is still GPL. Other than that - it's free and open for corporate and personal use.
Similarly, trying to prove a GPL violation because the model's output is based on any particular input seems impossible.
Or even something like a Raspberry Pi in a case with all this stuff.
https://www.theregister.com/2022/07/11/lenovo_secured_core/
Wait a minute. Reading some GPL’ed code and then writing a new thing, based on the ideas you’ve learned from the code, can be an intellectual property rights violation?
It's best to exclusively hire race car drivers and fedex delivery workers to your software development workforce, as they are statistically least likely to have been exposed to GPL code (per bureau of labor and statistics).
That raises an interesting question though. If I read the code, remember it, and then re-type it as is, that'd obviously fall under license's terms. But if I write an ML process, that knows to read code, understand it, and reproduce it, and it ends up reproducing the said code byte-for-byte, is that considered copying too? Suppose I didn't intend for ML process to work that way, I just programmed it in a way to find optimal solutions, and trained it on a dataset of GPL code, and it happened that this particular piece of GPL code, byte-for-byte, was chosen by the ML algorithm as optimal. Did I copy the code? Did I violate the license even earlier, when training the ML model on GPL code?
Building a tool that facilitates or even automatically copies code and then using it would absolutely open you to issues.
I'm actually not sure what your thought process around why it wouldn't - if you're byte for byte copying something that you, or a machine, saw, that didn't have rights to use (or rather, didn't have rights to determine how other people use it - and you tried to enforce them) would be a problem.
If you're not supposed to look at GPL code, why would you train your model using such code?
If so, there must be some boundary there - but I am not sure where.
This isn’t about whether or not you’re allowed to use GPL code, it’s about whether you’re allowed to enforce ownership rights against it, presumably.
If you copy GPL code you are in violation, however it happens.
I am not talking about "enforcing ownership rights" - if I train a model on GPL code and it produces some code, I am not asking about ownership rights on that code. For all I care, that can be public domain. What I am asking is how much of the original code should be left in this product for it to be still covered under GPL and how would one find such a boundary?
TL;DR Microsoft is being Microsoft again. Also water is wet.
Statements like this undermines their argument. Microsoft secures all sorts of rights under their EULA and is contractual. Enforcing property ownership is exactly how Microsoft has risen to dominance. And that is to say nothing of the a-historicism of this explanation of property rights.
Copying/stealing their creation is akin to making a worker work for free
Would making workers work for free be less moral the minute there is a worker surplus?
Theft is theft, it doesn't matter whether the stolen product is a scarce resource
It is, of course, clearly nonsense if you try to use it for anything more than justify unfettered capitalism or drug legalization. Most famously being unable to effectively condemn things like pedophilia, slave contracts or human trafficking. But this exact ability to come to counterintuitive conclusions about many things means it remains very popular among certain groups of people.
But it’s a distorsion of free market!
Not versed into philosophical currents, but very-right-wing people would claim that it’s not the role of the state to protect one’s IP rights, much less at least than protecting their physical integrity (at least every citizen has a body, as opposed to patents); The sponsor of the state to protect patents or copyright is effectively a “bribe” of states towards some private citizen, for something which is incredibly costly and unfair to prevent (think “The state guarantees me against the harm of my ideas getting used by everybody”), and therefore constitutes a unfair advantage, a misuse of public power, and a distortion of free market in favor of IP owners. Frequently seen when large corporations alter governments to tilt the balance to their advantage.
In a ideally liberal state, Microsoft would keep its secrets for itself OR choose to publish, but if you succeed to decompile, then Windows becomes effectively open-source, and you wouldn’t have such monopolistic behaviors enforced with the help of public taxes. But then the USA wouldn’t be hegemonic.
1. Alice underwent great expense to transport a rare new fruit bush from another country, with a little selective-breeding to find a variety that would thrive in local soil.
2. Alice sells these fruits. Perhaps she makes buyers agree never to plant the seeds as a condition of purchase, but that doesn't matter since...
3. Carol finds one of the seeds, simply fallen on the street. (Therefore contracts aren't part of this scenario.)
4. Carol plants her own bush and starts selling the fruits too.
5. Alice complains that Carol has wronged her and that she has some kind of right to the sale of the fruit.
It's true that in this low-tech example Alice didn't construct the plant--certainly not same way as with a program or screenplay--but she did invest some similar kind of time/effort/resources in making it available.
So the question is whether that kind of "work" creates some kind of right, one which exists outside any kind of contractual agreement. If so, what are its differences or limitations from her other rights?
2. his argument for moving away from MS GitHub is based on the understanding that license enforcement is lax in the modern era. the reasons he can expect to have greater license enforcement on a VPS than on MS GitHub may be real, but aren't immediately obvious to me. the most bulletproof defense seems to be one of obscurity: it takes a VPS provider more effort to decode his git repos than it does a managed git provider. any other defense i can come up with for why a VPS would enforce data agreements ought to apply similarly to GitHub (which is evidently not true).
i admit that a VPS achieves certain things better than self-hosting (as you say, it's easy to migrate, or deploy to multiple machines and have failover/load-balancing, etc). if the author is making a tradeoff between that and his license ideals, then his current solution might very well be right for him. on the other hand, if he prioritizes his license ideals as much as his post makes it seem, then he's already done half the work to go full self-hosting and may as well take the next step (as he says, "one day is worth it for a project that's going to have 10,000 hours of investment").
ownership is thorny (as the author is discovering). how does this change if you co-locate your box on the property of an internet exchange not owned by you? how does it change if you maintain physical possession of the host but there's some lien on it (i've never heard of somebody mortgaging a server, but there's no reason you couldn't)? i'm not sure. i think the concepts which "self-host" acts to label necessarily lie on a scale. if i were to attempt a strict boundary to which everything on one side is "self-hosting" and the other is not, there'd sure to be some contradictions. but i think at least notional ownership of the host is necessary for self-hosting and no VPS claims that.
I agree that Digital Ocean, Substack, and so on still operate as "chokepoints", and that I'd be more hardcore if I really went full-on setting up my own physical machine and my own totally open source web stack. Unfortunately, all of the software in that space is depressingly terrible - surely partly because of the mess that is the web - and it entirely lacks a good user experience, which is a very good argument in favor of these centralized services. For that reason, I've instead favored such centralized services, which is unfortunate but more practical for me, because I am a moron when it comes to running servers.
In my mind, the vision of fully decentralized self-hosting computing will simply never happen as long as this unfortunate technical situation remains - at some point, someone is going to have to really sit down and iron out all of the details in a way that doesn't absolutely suck shit. Like I mentioned in the article, Caddy and Gitea have done a fairly good job at the first few steps, but the tech and generally the whole process is still pretty idiotic, and I'm pretty sure it doesn't have to be.
I mean yeah legally there might be some level of copyright infringement here but that little fragment constitutes less than one percent of Rawlings work, and your entire book doesn't even follow the same plot as the Harry Potter book. Nobody gives a crap.
I also feel like there's a bit of a double standard, how many people knowingly lift things wholesale from Stack overflow without requiring and including the required attribution? How many times have you found a snippet of code online and implemented it in your code base without determining whether you need to provide attribution?
People are getting all worked up over basically nothing, in more than 90% of use cases for copilot you just wanted to fill out a basic boiler plate level function, and it does so beautifully.
"Honeymoon" phase
They were catering to devs with free tools like vscode, WSL, etc..., A generous tier for GitHub (GitHub was bleeding devs right after they announced ms just bought them), etc..., Basically, pampering us.
"True colors" phase
The honeymoon is over and now they're showing their true colors. Copilot (devs do the heavy lifting stuff and they get all the goodies), vscode with different flavors (c# related issues), sunsetted atom in favor of vscode (one less competitor), etc..
There so much the dev community can tolerate before going nuclear on them.