Posted on 07/06/2022 11:21:21 AM PDT by ShadowAce
Microsoft’s new service for automatically writing AI-based code, Copilot, has sparked outrage in the Open Source community.
“Microsoft loves open source.” So much has been put on this slogan recently, only to change the Open Source community’s perspective toward the Redmond company.
And while Microsoft was no longer demonized as the worst thing that could happen to the Open Source, certain of the Redmond tech giant’s tactics remained regardless of the times.
It must be said unequivocally, now and forever, that Microsoft loves open source! However, with one additional qualification: when it can generate a profit from it.
While this may appear to be perfectly acceptable from a business standpoint, it is quite the opposite regarding moral violations. And Microsoft did it again.
As you know, Microsoft acquired GitHub in 2018 for more than seven billion dollars. In reality, GitHub is the world’s largest repository of open-source code.
At the heart of the problem that has blown up the Open Source community in recent days is the GitHub Copilot service. It’s a code writing assistance tool driven by artificial intelligence (AI) that the company just unveiled.
And now we get to the core of the issue. Copilot is powered by natural language text and openly available source code, including code in GitHub public repositories. And, of course, you must have a paid subscription or a special invitation from Microsoft to access Copilot.
To put it another way. You are a developer who has contributed valuable content to various GitHub projects over the years. Of course, everyone is welcome to use it.
Would you be satisfied if your code was used for profit by a closed-source app without giving you credit? In its classic fashion, this is where Microsoft tramples on moral boundaries.
In response to this action, the Software Freedom Conservancy (SFC), a non-profit that provides various services to open-source software projects, has stated its intention to leave GitHub and has asked others to do the same.
Today, we take a stronger stance. We are ending all our own uses of GitHub, and announcing a long-term plan to assist FOSS projects to migrate away from GitHub.
After the SFC last week reminded GitHub of its unanswered questions and refusal to participate in public discussions, GitHub responded that it would not participate in any public or private discussion because “a broader conversation seemed unlikely to change your (SFC’s) stance, which is why we (GitHub) have not responded to your detailed questions.”
Without a doubt, an arrogant and rude approach. In other words, “Leave if you don’t like it. We don’t mind.” But what Microsoft’s GitHub fails to realize is that the Open Source community is extremely sensitive to violations of software freedoms. And the snowball that is currently bouncing on top of the mountain could roll and become an avalanche.
The conclusion of all of this is obvious. For Redmond’s tech giant, there have never been and will never be moral borders that are not worth crossing in pursuing profit. So, they’ve done it again. Is anyone surprised?
Knowing what I know now, I would have found a lawyer to assess what we could have expected in a settlement.
Another "hat" I wear now is software security. Sharing code is a wonderful way to be more productive, but it also means sharing bugs and vulnerabilities. New CVE (Common Vulnerability Enumeration) listings arrive almost daily. A single shared library with a vulnerability can expose hundreds of products built with the library. The price we pay for productivity and convenience is perpetual vigilance and regular patching when the flaws surface.
I'm currently moving multiple systems that live on dedicated servers into Docker containers using microservice patterns, kubernetes pods and helm charts to "compose" the systems. It's a very different paradigm and it has a new set of attack surfaces. We have 3 people dedicated to running security scans on each new "pod" and ensuring everything is as vulnerability free as possible.
Security has always been a pain and you’re right, open source gave script kiddies a new power.
I remember when Norton Antivirus actually shipped with a virus (I think a disgruntle employee). Which gave rise to the conspiracy theory that virus companies were generating viruses to increase profits.
On a different note, one of my favorite old time viruses was one that asked, “Have you ever dance with the devil in the pale moon light?” as it was formatting your hard drive in the background.
I've suspected for a long time that something like would happen. It's too obvious. Leopard cannot change his spots.
That’s impressive!
Nowadays I stick mostly to embedded work but back in the day I churned out some interesting software tools.. small compilers, program generators, parsing tools, web spiders... and various odd things. And if a problem involved pattern recognition then I was there...
We used to use small 286 mobos with modified bios chipsets as custom PLCs
I love this stuff :-)
The cars have accelerometers that support +/- 80g at up to 100 KSPS on the bearing adapters to perform spectral analysis of the cup/cone/cage/roller vibration. PIC18F6680 MCUs provided the CAN interface and a German supplier provided the CANopen embedded libraries. I designed and programmed devices to service a tri-axial accelerometer on each bolster for ride quality assessment, temperature sensors, a handbrake controller, an anglecock controller and a brake piston position sensor. Wilcoxon Research provided the accelerometers and did the CAD, fab and packaging of each controller. A dedicated PIC16F device monitored the 12 pole tachometer output of the Timken generator to determine car speed over the track and the threshold speed for making net charge to the system battery vs load. The 16F "pushed" the "power on" button and reported battery voltage.
I published a paper at the 10th Annual CANOpen Conference in Rome describing the Onboard Continuous Monitoring System. A related paper was published for the ASME/IEEE in Pueblo, CO a couple months later. More details than are suitable here. I love embedded and kernel work, but it is hit and miss on opportunities. Customers want systems moved "to the cloud". Lots of Java, Docker, kubernetes, Kafka, helm, keycloak and whatever UI framework is popular when the proposal is being written.
One of my co-workers was doing custom Xilinx devices to do DSP with sample rates in the 400 MSPS range. My tasking on that project was real-time stream compression. Never a dull moment :-)
That's rotten. The one's that annoy me most are the ransomware viruses with continuous morphing viruses that easily evade the best AV software. The most damaging to hit my own machines came from Sweden. It burrowed a Window PE virus into the firmware of the keyboard controller on the motherboard. That machine is now Linux only. The virus goes active if a Windows OS boots.
More like Microsoft saw the cloud as their future. Their phone,tablet and automotive software bombed. All that’s left is corporate and gaming.
They are making a killing with azure.
My boss brought me a ransomware computer that infected all of his wife’s images. The ransomware maker screwed up, the maker provided two parts of the encryption key. It took about 24 hours of running calculations on the computer to get the final key, but I saved thousands of family images.
Long story short, the ransomware jerks fixed the vulnerability and rendered most of the fixes useless.
My local FFL called when his "IT" guy was found stealing. All the 4473 records were in a database on a Linux machine. He was dead in the water. I downloaded a system rescue Linux DVD, booted it, mounted his filesystem and cleared the root password. Having done that, I booted, logged in and found a website pointing to a database. mySQL. Cool. A little poking around revealed the table structure. A little more and I exported all the critical data into a CSV. Copied to floppy, copied to his Windows laptop. Loaded in Excel. 100% recovery. He needed it as the ATF was coming for an inspection the next week. I left with some very nice ammunition that I would normally buy for myself. Items that weren't moving due to a fairly high price. My S&W 500 Magnun and 460 Magnum have some fine supplies for a future use.
CAN and ARINC work is always a little nerve-wracking since you are dealing with safety issues on every hand.
I’d sure hate to be the guy who’s firmware caused a disaster :-/
Imagine the hand-wringing and grief that must have resulted from the recent Boeing fiasco with the flight control on the 737 MAX ...
Working with biomedical devices is similar... you can leave NOTHING to chance.
It’s nice to be able to just create hobby projects now, no one is gonna be in mortal danger :-)
I enjoy playing with simple AVR projects and prefer DIP packages to avoid the hassle of having boards made... I often do dead-bug soldering, it’s a fright to look at but once the project is in the cute 3d printed enclosure who’s gonna know...lol
My FRA project died on January 20th, 2009 just after noon eastern time. Upon Obama's inauguration, I had to call the 46 people on the project to inform them. The funding was so abruptly cut that $1 million in specialized equipment was abandoned in a railyard in Joliet, IL. I had $80k in specialized development tools in my home lab. I packed up $50k of licensed software and sent to UPS back to the project office. Some of the hardware still occupies space in my basement. A year after the funds were pulled, my PhD colleague died from melanoma. He did the business development with FRA. I did all the EE/CS work. We subcontracted the physical board CAD/fab/packaging.
My wife got into creating little scenes with my dead bugs in the early 80s. She was a pretty good Pascal programmer on my OS/9 systems, but it wasn't her favorite thing. She earned a ham license to complement being a Master Falconer in a time when cellphones were in their infancy. Caring for a bird of prey is too time intensive for her now as a full-time police/fire/EMS dispatcher, so she moved on to collecting snakes and lizards. :-)
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.