back to article Open source body quits GitHub, urges you to do the same

The Software Freedom Conservancy (SFC), a non-profit focused on free and open source software (FOSS), said it has stopped using Microsoft's GitHub for project hosting – and is urging other software developers to do the same. In a blog post on Thursday, Denver Gingerich, SFC FOSS license compliance engineer, and Bradley M. Kuhn …

  1. VoiceOfTruth

    Hold on a second

    -> GitHub's decision to release a for-profit product derived from FOSS code, the SFC said, is "too much to bear."

    One of SFC's sponsors is RedHat. What do they do again? So according to SFC you can't use FOSS code to make a for-profit product? What are people supposed to live on, earth worms?

    1. Flocke Kroes Silver badge

      Re: What they do

      Purchase close source projects and change the license to open source. Create the own open source projects. Maintain open source projects with a professional level of quality assurance. Distribute open source software in accordance with the licenses. Offer subscription based customer support.

      They do not take software from multiple sources with different copyright owners and licenses, remove the attribution and licenses, chew what is left together and sell the result as if it were not the creation of others and mostly likely stand back and laugh when the recipients get into legal trouble for distributing the resulting code.

      1. VoiceOfTruth

        Re: What they do

        They also take code which other people have given for free, and sell support for it, do they not?

        They make profit from doing so, do they not?

        1. Maventi

          Re: What they do

          Yes, and they are well within their rights to do that as they adhere to the respective license terms and maintain attribution where required. They contribute plenty of code back too. It's a two-way street. There's nothing wrong with any of that.

          The issue with GitHub isn't so much profit in itself, it's the fact they are taking code, digesting and regurgitating it to others without attribution or following the terms of the licenses the original code was licensed under. That is in pretty stark contrast to Red Hat.

          1. VoiceOfTruth

            Re: What they do

            -> Yes, and they are well within their rights to do

            Right. So why is the SFC complaining about companies making profit from selling software? PLEASE don't make the pointless distinction between software and software support. You don't buy Windows, you buy a Windows licence.

            -> The issue with GitHub isn't so much profit in itself

            That is not how the SFC words it. Let me quote from SFC's web site: Launching a for-profit product that disrespects the FOSS community. The SFC does not like companies making profits.Now, please go and read the SFC's own article on this and then you will be better informed. They are a pressure group which is trying to form a posse to get what they want. I shall continue to use Github as it suits me.

            1. Anonymous Coward
              Anonymous Coward

              Re: What they do

              > Right. So why is the SFC complaining about companies making profit from selling software?

              They are not.

              > That is not how the SFC words it. Let me quote from SFC's web site: Launching a for-profit product that disrespects the FOSS community.

              How about we quote the entire sentence:

              > Launching a for-profit product that disrespects the FOSS community in the way Copilot does simply makes the weight of GitHub's bad behavior too much to bear.

              That is, they are here specifically complaining about the specific way that the for-profit product Copilot disrespects the FOSS community.

              > I shall continue to use Github as it suits me.

              And you are free to do that. But understand that by doing so you may well be having your copyrights and licensing infringed by GitHub and Microsoft.

              1. Anonymous Coward
                Anonymous Coward

                Re: What they do

                Cherry picking quotes is basically VoT's MO.

                Just as he's ignored snippets like

                > Microsoft and GitHub have been ignoring these license requirements for more than a year. Their only defense of these actions was a tweet by their former CEO, in which he falsely claims that unsettled law on this topic is actually settled. In addition to the legal issues, the ethical implications of GitHub's choice to use copylefted code in the service of creating proprietary software are grave.

                1. msobkow Silver badge

                  Re: What they do

                  Well, they couldn't very well train it on Microsoft's internal code repositories - everyone knows those must be crap like the end results. :)

            2. TheRealRoland
              FAIL

              Re: What they do

              Why are you so obtuse?

          2. razorfishsl

            Re: What they do

            The problem is they are "license stripping"

            Taking code as an example but not including the license for that code.

        2. teebie

          Re: What they do

          "They also take code which other people have given for free, and sell support for it, do they not?"

          The word 'given' is what makes this different from what Github is doing.

        3. vincent himpe

          Re: What they do

          That's essentially what a plumber does. You scored a free toilet, and want it installed in your home ,built by someone else. So the plumber comes and does that for a fee. if the toilet develops a problem the same plumber will come and fix it , for a fee. Why ? because you can't deal with your own sh..

          1. Tom 7 Silver badge

            Re: What they do

            Its selling access to my crapper without my permission that fucks me off.

        4. Anonymous Coward
          Anonymous Coward

          Re: What they do

          Red Hat pays the salaries of many of the developers that work on many of the open source projects they sell support for, including Linux (several Kernel developers are RH employees, as well as many tools developers), JBoss, Quarkus, 3Scale, Kafka, Camel and many others.

          If you want to feed your family while writing open-source software, Red Hat are one of the best companies to help you do that.

    2. Doctor Syntax Silver badge

      Re: Hold on a second

      "One of SFC's sponsors is RedHat. What do they do again?"

      They

      (a) publish the source for their distro, including their own contributions to that code, under FOSS terms and

      (b) they sell a supported binary version of that distro. If you buy their binary version you are essentially buying support.

      Is that sufficiently clear?

      If you don't need their support then without paying them a penny you can use the Alma or Rocky distros which are built from the RHEL distro's source. You can even use the Alma & Rocky versions with 3rd party paid support.

      1. VoiceOfTruth

        Re: Hold on a second

        I thought somebody gullible would chime in with "buying support". It has always been a pointless distinction, because that support is for their product only. Try ringing up Red Hat and saying "Hi, I would like Red Hat without systemd". I can hear the laughing from here.

        Go to the Red Hat download page today, right this minute. What do you see? "Product Trial". Congratulations, gullible people. You have a paid for product.

        RedHat is a for profit company. In addition to their own code, they take code given by other people, package it up, and sell "support" for it. In doing this they have become the "standard" Linux distro. A fool and his money are soon parted.

        And enough of your FOSS terms. If I publish code under a BSD licence, end users do not have to publish their changes. Please do not conflate FOSS with GPL.

        1. Anonymous Coward
          Anonymous Coward

          Re: Hold on a second

          Don't feed the moron.

          1. VoiceOfTruth

            Re: Hold on a second

            All Anonymous Cowards should be labelled "troll".

            1. Anonymous Coward
              Anonymous Coward

              Re: Hold on a second

              Thank you for keeping that name, it makes it possible to set the ignore function for your handle. Which I will do so now, not on the basis of your more recent postings but on the total I have been able to track. There's simply nothing of value in it.

              1. Anonymous Coward
                Anonymous Coward

                Re: Hold on a second

                Does the reg have an ignore function?

        2. Doctor Syntax Silver badge

          Re: Hold on a second

          As I want a Linux system without systemd I do not choose RHEL. There are other distros with other characteristics. Thank goodness for all that effort that goes into producing different distros which is not, despite views to the contrary, wasted.

          And yes, I do understand the difference between GPL & BSD (although I may have to check on the multitude of other licences in the spaces between, nor do I conflate FOSS with GPL. Actually I read FOSS as Free and Open Source Software regarding the "and" as a union operator, not an intersect.

    3. Graham 32

      Re: Hold on a second

      The full sentence from the blog post is: "Launching a for-profit product that disrespects the FOSS community in the way Copilot does simply makes the weight of GitHub's bad behavior too much to bear."

      So it's more the *nature* of the for-profit product, not for-profit per se.

      1. Ace2 Bronze badge

        Re: Hold on a second

        If you (not you specifically, anyone) want to have any input as to the *nature* of the product derived from your code, perhaps you should have chosen a different license.

        1. Richard 12 Silver badge

          Re: Hold on a second

          Nearly all the code on github is licensed with an Attribution clause.

          Copilot does not provide any attribution whatsoever. It is very likely in breach of tens of thousands of licences.

          1. Dr_Barnowl

            Re: Hold on a second

            Not to mention copyleft licensing.

            If the Copilot corpus is a derivative work of dozens or hundreds of GPL projects, that puts it's outputs on a very sticky wicket indeed.

    4. JDPower666 Silver badge

      Re: Hold on a second

      I suggest you re-read the article as you've not understood it and your argument is not relevant.

    5. Bjchiran

      Re: Hold on a second

      I don't think it is true!

  2. MajorDoubt
    Thumb Down

    is anyone really surprised??

    microsoft is in it for the most money they can get. they bought github with the intent to make money, and to do as much damage to free software as they could, no profit in free. fuck monopolies..

    1. Joe W Silver badge

      Re: is anyone really surprised??

      I actually was looking for a place to host a (personal, FLOSS, but largely irrelevant) project, just after MS acquired GitHub. I did not pick GitHub. It did not really matter much, since the project is not used by more than a handful of people, but I am sort of allergic to MS' behaviour.

      1. badflorist

        Re: is anyone really surprised??

        Rent a cheap VPS and put Gitea or another HTTP based front end on it. If you run nothing else besides Gitea you'll need 1GB RAM. I've read you can host it in 512MB but I've never tried.

        1. Joe W Silver badge

          Re: is anyone really surprised??

          I have (had...) two other colleagues accessing this repo. I would have hosted it on my university's server, but that was a bit of a hassle (and I could not use it any longer, no longer time storage etc. - you leave, you loose it - most of it, access for sure).

          If it were more relevant I would actually do that. Or actually I would now host it myself. DynDNS...

          1. Duke of Source

            Re: is anyone really surprised??

            Codeberg looks like a promising alternative, with many features borrowed from Github. It's building on Gitea, is itself open source and they offer a hosted version so no need for a VPS.

  3. Chubango

    Make sure to FLOSS to keep your ecosystem healthy.

    Open source continues to miss the point. Make sure to keep on using licenses that everyone's freedoms in perpetuity. Alphabet has a handy list if you're unsure what to pick.

    1. Flocke Kroes Silver badge

      Re: Make sure to FLOSS to keep your ecosystem healthy.

      Top of that handy list was AGPL. One of the limitations of GPL is it does not address Googlization: taking GPL software, adapting it, renting it out as a cloud service and not distributing the source code for the adaptations. Googlization is legal for GPL code because Google does not distribute binary version of GPL software. That may not represent the copyright holder's intent because the license may have been selected before Googlization started.

      The AGPL fixes this loop-hole. AGPL software is intended to be run as a service. It includes the ability for users of the service to download the source code. The service provider may not remove this ability from AGPL software and if they choose to provide modified AGPL software as a service, the modifications must be made available to clients.

      Google rejects the AGPL not for legal reasons. They could legally use AGPL software and charge for it as a service - if they do so in accordance with the license. They reject AGPL for financial reasons: they would not be able to lock users into a monopolistic relationship with services based on secret modifications to GPL code.

      1. VoiceOfTruth

        Re: Make sure to FLOSS to keep your ecosystem healthy.

        Another reason why the BSD licence is a better licence.

        1. Greybearded old scrote Silver badge

          Re: Make sure to FLOSS to keep your ecosystem healthy.

          Not really, BSD expects attribution doesn't it? MS ain't complying with that either.

          Also AGPL is designed to disallow making free code become non-free. BSD explicitly allows that. which license is superior depends on which of those you value.

          1. VoiceOfTruth

            Re: Make sure to FLOSS to keep your ecosystem healthy.

            Can you show an example where MS has not complied with the BSD licence?

            BSD is the superior licence.

            1. Greybearded old scrote Silver badge

              Re: Make sure to FLOSS to keep your ecosystem healthy.

              This article. That's the whole of FCC's issue. Do they credit the code that they have derived the suggestions from? No.

            2. Richard 12 Silver badge

              Re: Make sure to FLOSS to keep your ecosystem healthy.

              Copilot does not give any attribution to any of the code it ingested and spits out.

              So if it was fed BSD licensed code, Microsoft broke the BSD license.

              1. Charlie Clark Silver badge

                Re: Make sure to FLOSS to keep your ecosystem healthy.

                I think that's both a misinterpretation of liberal software licences and what the tool does. I've not looked at CoPilot and, thus, not at its licence or copyright, but BSD/MIT and other licences are very much about letting people look at the code and use bits of it without any kind of restriction. It's a bit like a lecturer asserting copyright over a CS class when covering memory management, or loops, etc.

                In fact the BSD court case was mainly about this with AT&T asserting copyright infringement only to be found to be guilty of it itself.

                Copyright in liberal licensing only really comes into play when entire libraries or applications are used, ie. not Oracle's API assertion. But it would be a different thing if Microsoft were to assert copyright over anything produced by CoPilot.

                So, while I think the SFC has a point, I also think they're protesting too much and about the wrong thing. I don't host anything on GitHub myself, mainly because I started, and am sticking with Mercurial, but also because of the GitHub's terms and conditions, Being taken over by Microsoft didn't help either but that was long after I'd made my decision. And I'm also not a fan of monocultures: when everyone else gets malaria, I'll be the one holding out for Dengue fever!

      2. Chubango

        I'm glad you agree with me that copyleft licenses prevent unscrupulous monetization.

    2. steelpillow Silver badge
      Boffin

      Re: Make sure to FLOSS to keep your ecosystem healthy.

      This issue of "when is open source not F/LOSS?' is as much about defining the word "open" as anything else. In mathematics, the term means different things in different contexts. Geometry, topology and set theory all give it different and incompatible technical meanings. In set theory it is even incompatible with the theory's use of "closed", so that a set may be open and closed at the same tile, known as clopen.

      The open-to-inspection-but-not-reuse garbage is just another example. You can't say that people are "missing the point" to use the word in a different way, as that would be autocratically imposing your own meaning on a much-twisted word - and if the English-language lexicon is one thing, it is much-twisted over time and space. This is what the maths example illustrates in its small way. But you can say that the open-to-inspection-but-not-reuse brigade are a bunch of sharks to be steered well clear of. Certain of Microsoft's bad smells being a case in point.

  4. pavel.petrman Silver badge

    7 Zip

    Meanwhile some fool accuses real OS project of not being one because its source code is not hosted on GitHub (as reported here). Microsoft seems to be doing their marketing and PR much better than their programs.

    1. steelpillow Silver badge

      Microsoft seems to be doing their marketing and PR much better than their programs.

      Thus has it ever been.

    2. Anonymous Coward
      Anonymous Coward

      Re: 7 Zip

      The AZ-900 course specifically lists Github as a great alternative when building CI/CD automated pipelines on Azure "because most of the open-source projects are hosted there". Nadella's minion are doing a great job steering everyone into their monetization scheme.

    3. doublelayer Silver badge

      Re: 7 Zip

      Microsoft didn't say that, and the complainer in that case didn't list GitHub as the only "acceptable" location. In any case, it's the raving of someone who doesn't understand a lot of things, from open source to security to Russia's war in Ukraine. I wouldn't take that complaint as representative of anything in this debate.

  5. Doctor Syntax Silver badge

    It's worth pointing out that the https://sfconservancy.org/GiveUpGitHub/ article lists some alternatives although one of them is istill n alpha

    1. Greybearded old scrote Silver badge

      Alternatively

      It doesn't even need to be git. That's designed for a project on the scale of the Linux kernel, which relatively few of us are working at.

      At home I'm using fossil. Its command set is cleaner than git's nasty big heap of mixed metaphors. It includes a wiki, forum and ticket tracker, the sort of metadata that github holds hostage. (Do any of the other hosted services allow you to take all that with you?) Also a clean looking web gui. If you don't want to use your system package handler it comes in a single binary.

      After the switching cost is paid the only thing I'm aware of that you'd lose is the ability to rebase. Fossil records what you did, not what you'd like to say you did. And that's a good thing.

      BTW it's created by Richard Hipp, the author of SQLite. He's not exactly known for sloppy code is he?

      1. VoiceOfTruth

        Re: Alternatively

        Fossil is indeed good. I've used it locally for several years. It has a built in web server too. HTTPS support server side was added fairly recently.

        What Fossil doesn't have is all the things that we take for granted with Github - such as the service is up there and running 24x7. Somebody has to do that. For small or even larger projects, somebody needs to ensure that is done. Github has a free tier. If you are spending your time running a source control service, whether it with git, fossil, or whatever, you are now spending some of your time doing that instead of your normal coding. Now I grant you that setting up fossil is not hard, but it does not take 0 time. Then you have to arrange your own backups. Maybe you already do that. Fine. But it all needs to be done.

        1. Greybearded old scrote Silver badge
          Joke

          Re: Alternatively

          Nice for us to agree for a change.

          I like something Linus once wrote about backups (although I expect he was joking). A distributed version system means that everyone working on your project has a copy. There's multiple backups for you!

      2. Michael Wojcik Silver badge

        Re: Alternatively

        It doesn't even need to be git. That's designed for a project on the scale of the Linux kernel, which relatively few of us are working at.

        And more importantly, it's designed for a truly distributed use case. Most of the projects using GitHub are using it as a single central server, which is not where git has any significant advantages.

        It'd make more sense to be using SourceForge and Subversion for that use case. Subversion's model is easier to understand (the vast majority of git users seem to have no idea of what its internal representation actually is) and better suited to the central-repository use case.

        Most projects seem to be using git because most projects are using git.

        1. Joe W Silver badge

          Re: Alternatively

          I would rather not use subversion any more. It is... painful. In ways that git is not. Git sucks in other ways, sure. I cannot pin-point the annoyances then and now, but I know that I prefer git. And sourceforge is... good grief! Have you looked at it recently? Full of scripts and nasty and ugly and ....

          nah. I'll pass.

          I use git because I hate it less than subversion.

      3. Tom 7 Silver badge

        Re: Alternatively

        I have a feeling Git has things you need when you outgrow fossil and find it too restrictive. 2nd law of software - if its any good it will have to work with absolutely everything else sooner or later. I'm not saying you should include 200 unit tests before you write your first "Hello World!" but you should be aware you will have to and which particular cloud server /dev/null handles.

      4. Def Silver badge

        Re: Alternatively

        BTW it's created by Richard Hipp, the author of SQLite. He's not exactly known for sloppy code is he?

        Oh how I laughed.

        Earlier incantations of SQLite used to regularly and quite randomly corrupt pretty much any data you gave it. To the point that we dropped it completely due to its lack of stability and reliability. It's entirely possible it no longer does that, but the damage has already been done as far as I'm concerned.

        Mentioning SQLite as a quality metric probably has the opposite effect for a lot of people.

  6. Greybearded old scrote Silver badge

    Ordinarily

    Usually I'd point to GPL at this point. In this case they are breaking most of the sloppier (usually pronounced 'permissive') licenses by not attributing code to its original author. Otherwise they'd be well within their rights when changing other licensing terms.

    1. Howard Sway Silver badge

      Re: Ordinarily

      I agree with your point, but if the copilot thing has digested millions of people's code, then the attribution list for derived works would have to be very long indeed (probably much bigger than the code itself). And there is no way they would have paid heed to what each open source licence used actually meant. Then the argument is inevitably going to be made by MS that GitHub's terms and conditions take precedence over individual project software licences......................

      It's what happens when you wade into the open source world like a 10 ton gorilla hoping to monetise it.

      1. Greybearded old scrote Silver badge

        Re: Ordinarily

        Yep. But "The license prevents me from doing what I want" isn't a valid argument is it? Tough Groobies to them.

      2. Anonymous Coward
        Anonymous Coward

        Re: Ordinarily

        If only Microsoft were a software company, so had access to millions of lines of code which they had copyright ownership of, they could have made a Copilot tool without needing to infringe on millions of other peoples' copyrights!

        1. Anonymous Coward
          Anonymous Coward

          Re: Ordinarily

          .... Would *you* want to use a code assistant tool based solely on the horrors of the Windows and Office codebases?

          1. Ben Tasker Silver badge
            Joke

            Re: Ordinarily

            It'd work quite well as a sort of spellchecker

            "It looks like you've written this the way a Windows developer would - do you want to refactor it?"

          2. Stoneshop Silver badge
            Holmes

            Re: Ordinarily

            Any half-decent AI would have gone and shot itself after being fed the Windows and Office source, or at least taken the rest of the decade off and arranged for some extensive counseling.

            Thus we know Copilot is not even a half-decent AI.

  7. Warm Braw Silver badge

    This is just one of many "hosted" problems

    I'm sufficiently old and scarred to be rather skeptical of source code in the sky, but this is merely one example of a growing problem.

    You can, at least, get your source code back from GitHub in the format you submitted it, but that does not necessarily free you from its clutches if it's the route to other people's code you depend on. Moving your build pipeline, though, may involve rather more significant work.

    If you look at all the other online tools - some based on FOSS and some proprietary - that are in pretty much ubiquitous use for everything from graphic design through to project management, there's a significant availability risk and in many cases no realistic way to migrate your data to your own servers or to other vendors.

    There are many aspects of these tools with which it might be possible to take issue at some point but for many of them there is no realistic way out once you're committed. The convenience of an online solution you don't need to host and you likely aren't paying for nevertheless has a high cost.

  8. Crypto Monad

    There's a fundamental problem

    For the SFC, the break with GitHub was precipitated by the general availability of GitHub Copilot, an AI coding assistant tool. GitHub's decision to release a for-profit product derived from FOSS code, the SFC said, is "too much to bear."

    But how is moving away from GitHub going to help, if you still publish your work as open source on some other platform? Or even just as source tarballs? Microsoft will simply scrape that instead.

    The only solution I can see is *more restrictive* FOSS licences. Normally these don't put limits on who can use the software, or what you can use it for. Such conditions are explicitly forbidden in the Open Source Definition.

    It seems we'll need new licenses that forbid specific uses - such as embedding in code-generation systems or for training AI models.

    Even then, it will be extremely hard to prove that your code was used to train an AI, short of whistleblowers.

    1. Anonymous Coward
      Anonymous Coward

      Re: There's a fundamental problem

      > Microsoft will simply scrape that instead.

      Could be, but 1. the hosting platform would probably notice; and 2. The hosting platform's terms of service may forbid scraping, in which case there may be legal/financial consequences for the scraping company.

      > The only solution I can see is *more restrictive* FOSS licences.

      In this case, Microsoft didn't care about the licenses, because they believe (though no legal reasoning has been given) that the FOSS licenses don't apply to their usage. So it doesn't matter what license the code has.

      1. Anonymous Coward
        Anonymous Coward

        Re: There's a fundamental problem

        If they put their server in the right location, scraping will be perfectly ok,whether they want it to be or not (see some court case from 2021).

    2. silent_count

      Re: There's a fundamental problem

      But how is moving away from GitHub going to help, if you still publish your work as open source on some other platform? Or even just as source tarballs? Microsoft will simply scrape that instead.",

      If I were a nasty person I'd find a way to detect when it is Microsoft scraping projects on the new platform and feed them poisoned code.

      That would solve the secondary problem of know if MS is using "our" code to train its AI. If the copilot support forums are flooded with users who suddenly have mysterious and difficult to track down bugs... you'll know :)

      The MS will then have to spend so much time and money ferreting out subtly bad and downright malicious code, they'll actually get negative value from scraping "our" site's code.

      If I were a nasty person, that is.

    3. Erik Beall

      Re: There's a fundamental problem

      It might be feasible to tell if Co pilot was trained on a few particular cider snippets, neural networks, unless significant care is taken and even then.., tend to resonate significantly (statistically detectably) to training data versus unseen data, although so much code is similar when looked at as snippets. An excellent grad school thesis project...

  9. John Navas

    It's not training. It's harvesting. And it's not AI.

    Two major misstatements in this piece:

    1. It's not training. It's harvesting, like Google News harvesting news from real news websites. (That Microsoft did not harvest its own proprietary code is telling.)

    2. It's not AI. It's pattern matching, like a search engine. There's no learning. It doesn't write code. It regurgitates code without attribution.

    I know because I invented similar technology more than 25 years ago, except my technology surfaces the original code with attribution.

    That Microsoft would do something like this is not terribly surprising, because it presumably purchased GitHub to monetize it. It probably figures it can get away with this because the origin is obfuscated, and because it would be difficult for a FOSS litigant to prove substantial monetary damages (a basic problem of FOSS licensing).

    1. Anonymous Coward
      Anonymous Coward

      Re: It's not training. It's harvesting. And it's not AI.

      Another reason to check (again) for any exploitable security/personal info in your GitHub repos...

    2. Anonymous Coward
      Anonymous Coward

      Re: It's not training. It's harvesting. And it's not AI.

      it would be difficult for a FOSS litigant to prove substantial monetary damages (a basic problem of FOSS licensing)

      If it ever got to litigation in the first place. Microsoft's history is replete with individuals and companies that were too small to afford taking them to court because they would have died long before it ever came in front of a judge, and if it did, Microsoft would simply keep appealing until the entity that dared to challenge them was drained of money. Stack was a notable exception to that dirty game.

  10. Anonymous Coward
    Anonymous Coward

    So are Microsoft saying that their code improvement tool is derived from open source code rather than their own product code because basing it on the latter would have resulted in a code disimprovement tool ?

    1. doublelayer Silver badge

      Probably more that the developers of this tool were at GitHub, not the main Microsoft organization, so didn't have access. While I entirely understand the SFC's complaint and think that Microsoft/GitHub's excuses are stupid, I'm having trouble caring because the tool they've built seems so useless to me. There's no way that Copilot can understand what I want the code to do, so no matter how much good code they've ingested, they'll not have anything to fill in. At least when an IDE suggests parameters or the like, they have a reason for doing that, but I also turn that off too.

  11. Anonymous Coward
    Anonymous Coward

    It was only a matter of time

    Maybe it's because I have been watching MS from the days of Xenix and MS-DOS, but I can't say I'm surprised.

    Yes, that could be confirmation bias, but just because you're paranoid doesn't mean they're not out to rip you off..

    1. ecofeco Silver badge

      Re: It was only a matter of time

      There is no such thing as bias when it comes to Microsoft's bollocks.

  12. Yet Another Anonymous coward Silver badge

    Somebody is going to have to create some case law on this

    If the copyright of images used in training data translates into a copyright on the neural net

    Self driving cars are going to have a problem, even if Telsa/Google/Whoever capture their own street images does the DoT own the copyright on the shape of the STOP sign?

    Do the people whose faces were used for your iPhone camera's face detection have a copyright on the algorithm?

    Can criminals register a trademark on their face and stop police using it in mugshots?

    1. doublelayer Silver badge

      Re: Somebody is going to have to create some case law on this

      "does the DoT own the copyright on the shape of the STOP sign?"

      No. For one thing, such things are frequently standardized, so it wouldn't necessarily be them. Many governments, including the American government, can't copyright things, so things they have designed and published are automatically in the public domain.

      "Do the people whose faces were used for your iPhone camera's face detection have a copyright on the algorithm?"

      I'm guessing the photos used were collected by the algorithm writers to avoid this. Unlike, for example, facial recognition where it needs the details of many peoples' faces, face detection just requires a lot of pictures of faces on different backgrounds. They can be from a small subset of people, so it's easier to get consent.

      "Can criminals register a trademark on their face and stop police using it in mugshots?"

      No. Getting a trademark or copyright doesn't prevent people from using the work, but from conducting business with it or distributing it respectively. A criminal could copyright a photo, but the police will be taking a new one not copyrighted by them. They could trademark their face, but the use of the image would be allowed because the police weren't using it to sell products or imply endorsement.

      In this circumstance, however, the code is copyrighted and not licensed such that Microsoft's use is acceptable. Microsoft could probably argue successfully that they were permitted to read it and use it in derivative works, and thus the creation of their tool is fine. However, the tool is going to output things which potentially fall under licenses with other terms, and Microsoft doesn't appear to have a plan for how they'll deal with those. In short, they would have no legal problem if they created this thing, including reading all the code they did, but never used it. As soon as they want to distribute the result, they have an issue.

  13. Anonymous Coward
    Anonymous Coward

    No one here mentioned ClearViewAI.....

    ....scraping billions (yes....billions) of images from FB and elsewhere.....

    ....and selling the result to police forces and other entities worldwide.

    In this and the Copilot matter, it seems to me that copyright owners are just like the rest of us.......we have NO IDEA who might be out there stealing our work or our privacy.

    The fundamental problem is "the cloud".

    Perhaps we should adjust the Benjamin Franklin dictum: "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."

    As: "Those who would give up essential Control, to purchase a little temporary Cashflow improvement, deserve neither Control nor Cashflow."

  14. Tom 7 Silver badge

    If copilot created windows code from open source code

    would MS just do the right thing and implode?

  15. lofoten

    This is The End ?

    According to my understanding of current copyright law, only software which has been produced by a person can be protected. Machine generated code has no protection whatsoever. Using machine generated code might generate surprises.

    1. Anonymous Coward
      Anonymous Coward

      Re: This is The End ?

      This isn't about the copyright on the code *produced*, but the rights of the authors of the code *consumed* and *regurgitated*.

  16. Anonymous Coward
    Anonymous Coward

    Hey its MS, what did you guys expect.. a 50 year history of ripping off other peoples work..

    ..since the original Traf-O-Data days.

    I got a big laugh out of the "why did they not train on MS code" quote. As would anyone else who has seen the MS codebase. I think the Win2K / XP and NT4 codebases should still be out there. The ones that escaped about 20 years ago. Over 200 meg (each) of mostly very bad code. Apart from the DEC code in the kernel of course. The rest? You dont want to ask.

    1. ecofeco Silver badge

      Re: Hey its MS, what did you guys expect.. a 50 year history of ripping off other peoples work..

      This. ^^

      How is ANYONE surprised?

  17. Dom 3

    why Copilot was trained on FOSS code

    Hmmm.... would anybody want to infect their code with stuff based on Wordpress and its plugins?

  18. Robert Grant Silver badge

    Bitbucket and Gitlab should be making hay from this. A golden chance to become the new home of open source.

  19. ClemCa

    Don't know about this. While copilot was shown to use snippets of code, its model is also not meant to do that, and won't if there is further refining. For copilot to get better, it needs to understand the purpose of each piece of code instead of the purpose of whole sections, which matches the idea of avoiding plagiarism. It becomes a general understanding of code.

    Beyond the intent and future argument, there's also the question of how much copied code do you consider to be plagiarised code. Unless you're purposefully having copilot do entire files for you, the architecture & quirks will vary. We all know there is some sort of "plagiarism limit" somewhere between copying a small function that you found smart and a bigger function, purposefully unique to its program. There's truly a need to ask whether code made of hundreds of pieces of different sources can be considered plagiarism of any of them. And going further, there's a need to question whether we would hold a robot and a human to different standards on that matter too.

    1. Androgynous Cupboard Silver badge

      First comment on this topic I've read that gets the nuance of this situation - thanks, and I agree. It's not copying code, it's writing new code "inspired by" the code it's digested. The argument is where inspiration stops and plagiarism starts, but assuming it's functioning as described I think it's far from clear.

  20. Lord Baphomet

    Has anyone complaining about CoPilot either tried it?

    It's fine. It isn't breaking any licences. It isn't copying why code from any system. What it generate is completely novel. They're isn't a single licence on GitHub that says that you cannot read public code and build statistics from it. Nothing blocks code analysis. I don't see anyone complaining about DependaBot, or secret scanner.

    Ok, if it's generating a block of trivial code for which there are only a handful of possible solutions, it may generate something similar to choose that's in a public licenced repo, but I'll do that myself too, all the time. But, it'll pick up on my variable names and use them appropriately.

    This complaint is spurious and probably malicious. Ignore it.

  21. ecofeco Silver badge

    WHOCOULDAKNOWED?

    Microsoft doing something sketchy? Say it ain't so! /s

  22. Anonymous Coward
    Anonymous Coward

    Maybe they learned this from Gracenote?

    It strikes me as a similar process. Let others do the work for free, then monetise it - of course, without any input of, let alone reward for, the people who did the work.

  23. Anonymous Coward
    Anonymous Coward

    Are we talking about the GitHub.com…

    …that seemingly cannot afford an AAAA DNS record?

    I would call it a massive pile of shite but I'm not feeling that generous today.

    1. Anonymous Coward
      Anonymous Coward

      Re: Are we talking about the GitHub.com…

      I rate FOSS projects, in part, according to whether or not they use a GitHub repo as their source of truth. If they do, my first reaction is to carefully tiptoe away.

  24. Anonymous Coward
    Anonymous Coward

    Oh no not more drivel from Kuhnt and the SFC.

  25. Justthefacts Silver badge

    BlackDuck?

    Is nobody going to mention Black Duck, or YMMV other standard scanners for open source components?

    It’s fairly standard practice nowadays for companies developing proprietary software to run something like Black Duck over it before release. Because who knows what their developers have cut and paste from Stackoverflow or GitHub, and there’s legal risk associated with that. If it triggers, the developer has to justify it to a lawyer, or delete it. Hint: the lawyer always wins.

    But now, an innocent developer accepts code suggestions from CoPilot, and suddenly behind the scenes they are getting code snippets from open source on GitHub….every single line of code guaranteed to be flagged by BlackDuck.

    How does MS think this is going to *work* in the modern ecosystem? Did they not join the dots?

  26. JackFisher

    Ironically, this could turn out well for the GPL

    If copilot can't inform its users which license(s) applied to the code that it "regurgitates", then the only legally safe way for it to be used (I expect) is for Github to require all copilot users to license their resulting code under the GPLv3+. After all, it's the only(?) license that has the property of vaccinating derivative works against becoming non-free software.

    While it's possible that some instances of regurgitated code might not contain GPL'd code, what corporate lawyer would be willing to advise their clients to accept that risk? Ironically, copilot could increase the use of the GPL. :-) That's assuming people would even continue to use copilot. It's probably more likely that corporate lawyers would warn their clients' developers not to use it.

    Another alternative of course, is for Github to throw away all of the "learning" that copilot has done and start again from scratch but this time scrupulously excluding all GPL code (and any other vaccine licenses that might exist).

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022