China is attempting to mirror the entire GitHub over to their own servers, users report
(infosec.exchange)
from 0x815@feddit.org to technology@lemmy.world on 26 Jun 12:09
https://feddit.org/post/176888
from 0x815@feddit.org to technology@lemmy.world on 26 Jun 12:09
https://feddit.org/post/176888
GitCode, a git-hosting website operated Chongqing Open-Source Co-Creation Technology Co Ltd and with technical support from CSDN and Huawei Cloud.
It is being reported that many users’ repository are being cloned and re-hosted on GitCode without explicit authorization.
There is also a thread on Ycombinator (archived link)
threaded - newest
Cloned even?
Maybe they were open source projects?
If the license of the project isn’t being respected then this is a problem.
I’m not disagreeing, but can anyone really be surprised? IP theft is Chinese policy 101.
IP theft is…… less prevalent these days (or at least leas obvious)
This would be a return to the before times
Sweet summer child…
GitHub owner Microsoft would never engage in IP theft of source code. They leave that to OpenAI and then rebrand it as GitHub Copilot.
Training an AI on something doesn't involve copying it.
This is entirely different. Copilot and Chatgpt doesn’t exactly reproduce the code. It’s paraphrasing it. By your logic you’re not allowed to implement anything as the majority of algrithms originate from scientific research and papers that also have copy-rights on them.
Solution: create a GitHub repo with Markdown articles outlining human rights abuses by the CCP and have a large number of GitHub users star and fork the repo.
genius.
everyone should have stuff in their code comments, tianamen, hong kong, taiwan, uyghurs
.
That’s the whole point of this: they will automatically filter that out, and this is an impotent, though well intended, gesture.
How will they filter it out? If they just don’t mirror anything with ‘forbidden’ terms, we can poison repos to prevent them being mirrored. If they try to tamper with the repo histories then they’ll end up breaking a load of stuff that relies on consistent git hashes.
I feel like the effort to make such a repo and make it popular enough to be cloned and rehosted is a lot more effort than someone manually checking the results of an automated filter process.
The “effort economy” is hugely in favor of the mirroring side
Yeah I figured as much. It was mostly a joke. At the end of the day, if stuff is on GH, people can take it. It’s barely even stealing. Unless the license disagrees of course but then you were putting a lot of trust in society by making it public in the first place.
That’s what I don’t get about this. Why does anyone care? Even this Chinese company, why do they care to clone it all? It’s already all hosted and publicly available.
Apparently they aren’t respecting licenses. It’s possible to have source code publicly available on GH but have it not be truly FOSS. But that’s generally not a great idea since you’re effectively relying on the honour system for people not to take your code.
Until it isn’t. Perhaps they are preparing for a future war with the US and assume their access to all that code will be blocked. They want to copy it now while they have access.
Good point.
The real solution is to include a few
tiananmenSquarevariables in all the repositories. Either they exclude the entire repository or just the specific file, in either case the entire project may be unusable.China filters every byte of Internet traffic in and out of the country.
It seems naive to think they can’t accomplish the same thing for a GitHub mirror.
They’re not supposed to, it’s just about blocking them from using the software :)
It’s a new coding paradigm, I will take some time getting used to looking for libraries in the
uyghur/tianamenfolder.So… You’re saying instead of “main”, “app”, or “core”, we should change the convention to make tiananmenSquare the entry point for apps?
Or maybe make it the filename for utils, so it’ll just break
For example.
But honestly I was more joking. The thing that makes most projects useful is the developers developing it, and they can’t clone that
Problem: the repo is only 1MB, while USA’s is 100GB
Tankie whataboutism strikes again.
Two things can be bad at the same time. Wild, I know.
Edit: also, the point of my joke wasn’t the human rights abuses. It is that these things are censored in China. So your comment is even more irrelevant. One could very easily create a repo outlining American crimes and put it on GitHub. But doing so in China with CCP crimes will have you sent to a Gulag
“Whataboutism” is what Americans say to profess blind faith in their exceptionalism.
I’m not American. I don’t even like America.
So you have even less reason to use the racist-in-origin and logically fallacious term.
Lmao it’s literally the name of a logical fallacy. How is the term itself fallacious?
Also I harbour no racism or ill will toward the Chinese people. My girlfriend is Chinese and I care about her a lot and love learning about her culture. I just don’t abide the human rights atrocities (or censorship thereof) committed by any government.
it’s a euphemism for “And You Are Lynching Negroes” - that’s literally what people used to say instead of whataboutism.
It’s not the name of any logical fallacy. You’re thinking of Tu Quoque.
currentaffairs.org/…/is-whataboutism-always-a-bad…
It’s funny how much effort you’re going to debating my word choice instead of the meaning and content of my rebuttal to your stupid comment. Do you have an actual point here? Are you claiming that what you were doing above wasn’t whataboutism? That it’s somehow a valid counterpoint to my joke about CCP censorship to say that the US also does bad things?
Your rebuttal was nothing more than a word choice. And you’re still using it.
The reason you’re doing this is because if you use the actual fallacy’s name, rather than the US empire’s “and you are lynching negros”, you’re more likely to see your error.
Hahahahahahahaha, oh man, how much you spend on a psychologist every month?
Also, what you’re doing is called sophistry, specifically moving the goal posts (which predates the US by about 1000 years).
You later move on to attacking the person, rather than the argument (more sophistry).
You should probably educate yourself lest you expose the clown inside.
Free Palestine
What an effortless Troll
The other guy was saying I put in too much effort. Can’t please you libs
I can think of ways you could please me 🚀🤤
lol who do you think was saying this, and how is “whataboutism” in any way of a euphemism for it? Did you even bother to read the article you linked?
.
America didn’t drop anything because they weren’t saying it in the first place, the Soviets were. America also aren’t the ones that coined a new phrase for it, British royalists were, who probably had no knowledge of the Russian phrase. All of this was explained in the article you linked.
Hell even i’m American and don’t like America
You’ve heard of CamelCase and lowercase and intVariableName variable naming styles. Get ready for:
for (int Taiwan == 0; Taiwan < HongKong; Taiwan++) { int TianamenSquare == 0; … }
Maybe we should consider the same for the US government instead of being afraid of the big Chinese boogeyman across the sea? Because I guarantee you the US has just as many, if not more. But China bad. 🙄
I was making a joke about abusing Chinese censorship in order to stop them cloning GitHub repos (assuming that was something you wanted to do). The joke being that the CCP suppresses information about their human rights abuses. That is not true of the US. You could absolutely make a GitHub repo detailing the crimes of the US government. Nobody will stop you.
Tell that to Julian Assange
Is that what you think got him in trouble?
yes. he published us crimes in iraq/afghanistan.
50 Cent Army Repellant:
六四
1989 Tiananmen Square Massacre
I always thought the term “Wumao” sounded suspiciosly like “woo Mao.”
426
Yes yes, what about the US?
Once you have logged “China killed 100 Zillion people! End CCP now!” in Chinese GitHub, everyone in China will realize that their lives are actually very bad and they need to do a Revolution immediately.
And here I was thinking that might prevent them mirroring the repo but whatever
The vast majority of projects on GitHub is open-source and forkable, why would that need authorization?
It’s… suspicious that China’s doing it en masse, but there’s nothing wrong in cloning or forking a repo last i heard.
Open source? Or open source with a non-commercial restriction?
Why would that matter? You can fork such projects too.
Seems easier to commercialize a mirrored site?
It’s not about authorization. They want to build a knowledge base for when the Great Firewall gets some more filters. Just like russias mirror of wikipedia which is heavily edited to discredit the west.
How come I live in Russia and have never seen such?
I know only of quite a few troll\counterculture projects, some, like Lurkmore, are already, well, dead, some, like Traditsiya, are not.
That, of course, if you don’t mean that Russian Wikipedia in itself has problems. Which would be true.
It’s called Ruwiki.
OK. Well, not sure anyone really uses that.
And under copyleft licensing, they're allowed to do that. Both to GitHub repositories and Wikipedia.
Of course they are, it’s not like there is some kind of international jurisdiction anyway. What is bothersome is why they do it.
Even if there was jurisdiction, anyone in the world is entitled to do it by the very licenses these works are released under.
Hopefully they follow the rest of the stipulations of the licenses, such as the common one about keeping the license as such and contributing the changes back.
This seems like the most plausible explanation. Only other thing I can think of is they want to develop their own CoPilot (which I’m guessing isn’t available in China due to the U.S. AI restrictions?), and they’re just using their existing infrastructure to gather training data.
Firewalls are already being built in america’s internet with the ban of tiktok
As an european i do not see problem with having copies of free software in places not controlled by the monopoly microsoft is morphing to.
When they mirror it, does they uses a different username? If so I’m totally fine as that’s just a fork, otherwise it should count as stolen. Not the project but the name and reputation of the owner.
They can use the same name but if the owner signs their commits we can at least spot the fake commits.
And even if they clone all repos they don’t clone the build systems, so their builds of apps and windows installers will be signed with different keys.
For people who follow guides to clone something from a repo, compile it and install it, they need to be on their guard if the repo URL is not the official one.
How many know what even signed commit and build is? For people following a guide they don’t even know what Github is for but a nice place to have free programs.
But at what cost???
Better to analyze for vulnerabilities. Particularly with a number of governments using open source software hosted on github.
That is a good thought.
Free backups.
Yeah, why not. They are not cloning developers, yet. :)
Shame they don’t have anything themselves that’s worth the trouble to copy back.
As China leap frogged west in solar and EV tech
That they got from the West when CATL bought out a bankrupt US company that had developed LFP to commercial viability.
That's called value investing..... Maybe our dear leader should learn how to manage national wealth instead of cutting companies and allowing a geopolitical adversary to take over tech/IP
Ie this is not a flex you think it is, it just proves my point that our dear leaders are incompetent imbiciles or worst... Bad faith actors.
No accountability leads to this sort of decision making lol
Bad faith, for sure, made very clear in the last 20 years.
I think the two of you are focusing on either end of this and not really seeing the bigger picture.
China absolutely (stole / acquired) all the technology they have for solar, EV, and grid based storage. They have literally innovated 0% in this particular industry. I don't think there's any debating this aspect.
At the same time, China has pour billions into domestic production of solar panels, lithium and sodium batteries, vehicle production, and grid based storage solutions the likes that no other country has even remotely attempted. They recent demonstrated cheap sodium based 10MWh storage systems that can be built using seawater sodium. Something that California makes a shit ton of in their desalination plants, that they currently just shove the salt off as waste byproduct.
Like, if we wanted to, that kind of thing that China just demonstrated, we could be building GWh level storage systems for 10% the cost of a 1 GWh nuclear facility strictly off a byproduct that California distinctly doesn't want and is literally paying people to take away. They could literally flip a cost into a revenue stream, but we don't because "reasons". We could literally have large batteries charged in Utah, and then use rail to move the sodium based batteries into the Eastern sections of the US, using literally the same infrastructure that we use today to move the tons of coal we move around for the TWh of power we generate. We could be doing this today. But we don't because many nations just buy the arguments politicians feed them, or "it's complicated". And then there's China demonstrating at small scale that it's doable. So instead we say "oh well it wouldn't scale" or "oh well you stole all that tech" because apparently our pride is more important than climate change.
The thing is, yes China has not committed to educating their population into novel development of these technologies. But at the same time they are deploying this stuff at rates every other developed nation has said they'd like to try and do that one day off in the future. Or can't do right now because their hands are tied.
For the folks pointing at China as the enemy, fine. I'm not going to debate it. But there's still things to learn from what they are doing with that stolen technology. Do we need to cozy up to them? Nah. But they're showing off that grid based storage at scale and cheap is a thing even though people like France and the US say that such a thing is not possible at this time. They are showing LFP is viable if you're willing to take an initial domestic loss to invest in the infrastructure, something the US citizens know but keep saying "well oil interest are holding us back". No, there's only a few dozen oil execs, there over a three hundred million non-oil execs. It's a lack of will power.
Like most western nations keep coming up with excuses for delaying EV and green technology pushes and China keeps showing many of the excuses given to be false. And we know they're false. We know the expectation of no less than $36k USD for an EV is some bullshit that car companies are pulling to offset all the baggage they have from leaving ICE. We know we could have charge stations every 100 miles on the Interstates, but we don't because oil companies don't want to lose their investments in the infrastructure they've got right now.
We know the reasons being given by our political and industry leaders are all bullshit. China is over there showing IRL how bullshit they are. Yeah, they stole everything they have, but at the same time all this "oh we couldn't possibly do that here in the US" is shown for the BS it is, that we already know it to be, in China.
I mean, great, we're all very smart people. Awesome. What good is that awesome smartness if we keep letting dumb fucks in politics pander off dumb excuses for why we don't get to enjoy any of the stuff that awesome smartness provides? What good is being innovative if corporations keep handicapping that innovation to ensure they have a steady stream of revenue?
I mean yeah, let's call China out of the bullshit they pull. But I mean, let's not forget all the damn windows we've broken ourselves in our glass house here.
Just my take but:
Like them or not (and IMV they are a serious threat), China’s system enforces a strategic view, long term, more like a 100yr plan.
We don’t. It’s by election cycle or quarterly earnings report.
These things all make more sense if you see them impassionately, and without an ethical filter, from a long term POV.
China will do what’s best for China in the long term. Irrespective of ‘politics’ that are like ripples upon a rising tide.
I absolutely do not discredit the scaling they’ve done in the manufacturing process, but if there’s one thing China does well, it’s scale manufacturing. That’s usually because they have much lower safety and quality standards, and might bring them up later on. But what they don’t seem to have, at least in these industries, is innovation in the underlying technology to any appreciable extent.
But hooboy, can they pump out solar panels and batteries when they’re taken off the leash.
And abso-fucking-lutely, we in Western countries continuously shoot ourselves in the foot with short-term thinking. There was a time it seemed when there were plans like the New Deal where thought was given to decades down the road. Today, the longest term outlook you see if 4 years. And that’s common across the board, I wouldn’t even place that just at the feet of the US. It’s a damn shame, and it’s the reason the middle class is getting hammered for the last 40 years. But we do know how to R&D, just now we can’t get build a manufacturing base without some grifter taking all the subsidies and shipping them offshore.
Now I’m depressed.
Why move the batteries instead of “moving” the electrons? You generate the electricity anywhere you want and use Therese nice cables that happen to be everywhere.
HVAC suffers from loss over distance. Large distances like what's between the western US deserts and the eastern seaboard would suffer large losses to heat via HVAC.
HVDC can solve this, but that requires an investment into this kind of infrastructure. Moving the batteries is using a preexisting infrastructure because the assumption is that new infrastructure won't be upgraded. We will build new so long as a ROI has quick turn around, another assumption here being that long term profit planning won't happen so everything needs to be planned to have profiting within two or less years. But we won't build new if usage of that new happens a decade later.
We could totally send the electrons over, but sending the batteries over is adding a bunch of assumptions that people won't want to do massive investments in basic infrastructure to facilitate that, so we've got run with what we have that can ensure profits in a fairly rapid pace before investors bore of it or the next election cycle tosses everything in chaos.
I've seen what's inside the speed controllers and battery monitoring circuitry for Chinese EVs. I don't think I want to be anywhere near them.
Let’s dismiss all chinese contributors to open source projects with AI, javascript, PHP and so on.
Aren’t Alibaba and Huawei huge on opensource?
Well now chinese companies that use free softwware don’t have an excuse to share their modifications of their software product.
Someone reupload yuzu, stat!
They should definitely respect the licenses, that being said, Microsoft owns GitHub and can be a bit quick in what they ban. It also means they are beholden to US laws, which could turn anti FOSS-AI in the near future.
This is a smart move and I honestly hope more countries start doing it. It would probably lead to a better ecosystem.
I think projects like this are good, but I really don’t want governments to create their own version of XYZ for the sake of creating clones of XYZ. I’m scared that all this will do is fragment an almost-universal collection of open-source projects into regional variants for no real reason.
“Governments” arent doing this. Its some company
In China, they’re the same picture.
Hey look, more crazy postings
Some random Chinese company: does something jenky
Blogger: “The entire country of China is doing this jenky thing!”
All Chinese companies are the CCP. That’s how the system works.
And all US companies follow US laws and crazy people say they do the bidding of CIA/NSA/FBI- which they do, to a degree.
Yea they would have to do their bidding if the government came knocking with subpoenas.
And they have been!
Funny how you say something similar and we have such different karma for it.
Might be because of our approaches?
Your’s comes across as a sort of whatabout that nobody asked for and mine is just a statement of fact related to what you mentioned.
It’s not inaccurate to say that the Chinese government has a tighter leash on all business in their country than the US has in theirs though.
The random Chinese company: owned by Huawei and CSDN (where CSDN is known to be the worst site known to Chinese developers where they literally costs money to let you download open source code)
Edit: i think my original is a bit unclear, so this is a more detailed info: the company is funded and owned by CSDN (China Software Developer Network) and the actual infrastructure and service is provided by Huawei Cloud. On the website they have written this statement in the registration page.
CSDN is mostly a platform to share posts on software development, but it is known to have a lot of issues, including:
JIAN YANG!!!
Ehrlich Bachman, this is your mom and you, you are not my baby.
you’re a fat, and a poor
Eric, is a refrigerator running?
This is Mike Hunt - and he’s a rich.
I burn the garbage
i eat the fish
It’s a bit odd, but isn’t it equivalent to forking and putting up a fork elsewhere?
I guess I don’t see the problem.
It depends on the software license.
Does it though? You can still put up a fork somewhere else as long as you uphold the license right? Unless I guess in the case where the license explicitly disallows forks, but I don’t think that’s very common (can you even do that?).
Forks are derivative works (quite obviously) so yes you can forbid them via license terms. Whether or not that’s still open source, take it up with OSI. I vaguely recall that at least once upon a time there was some project that required modification to the code to be published as separate patches and it was generally accepted to be open source don’t ask me which.
Most GitHub repos don’t have a license, meaning you are not licensed to do anything with them. Rehosting them would be the same as rehosting an image you don’t have a license for.
It will be funny to see folks who spent the last ten years posting “It’s not stealing, it’s copying” memes suddenly find religion because Evil Foreign People got involved.
I’m quite scared of how AI apparently pushes people in favour of significantly stricter copyrights. This is not a good trend.
This isn’t people being influenced by AI. This is Microsoft’s Godzilla battling the RIAA/MPAA’s King Kong.
The trend, to date, has been consolidation of media properties under fewer and more hegemonic distributors. And now we’re seeing a couple of economic Titans battle over the position of “Last Legitimate Music Vendor”.
Ya, I kind of like the idea of code being put somewhere else just in case. It sucks it’s China, but I hate to see anything centralized in one company, especially if it’s a big public, good like Github and all it’s code.
The only issue I see is that they make a new Chinese equivalent for GitHub where they can censor code easier (or was GitHub already blocked?), but they already censor everything anyway so there’s probably effectively no change.
Oh, cool. I might finally find contributors to my projects.
Might want to audit what they MR though, ctrl+f “.cn” is a quick audit for most of what the chinese “hackers” try
Maybe Lemmy will finally get good mod tools now.
That would be hilarious lol
I love how every Chinese company is called “China”
Yeah… That’s because they are. it is required that every Chinese Company has to be owned by “tHe PeOpLe” (CCP)
Gotta disguise being a capitalist country somehow.
Capitalism is when the public owns the things. And Communism is when a handful of private individuals owns the things.
So what’s it called when the government is a handful of private individuals, as opposed to representing the public?
The Aristocrats
Badum tish!
Oligarchy or aristocracy, and that’s Russia. And the US at this point lol.
No… Capitalism is when a handful of individuals own the means of production and have full authority on how they are used.
Communism is more akin to when the workers decide what to do with the means of production they operate.
You got this literally backwards.
Lmao
Facebook = America
fun to think that my shitty program is now stored in an artic vault and stored in some Chinese servers
So many bugs I never fixed and yet here we are lol
The great thing about China is that it’s got lots of people eager to fix those bugs
You haven’t worked with a lot of Chinese engineers, have you? www.chinaexpatsociety.com/…/the-chabuduo-mindset
I love how they reinvent a universal experience as uniquely Chinese
They stole half assing it from the West!
Just discovered I was Chinese all this time!
Chalega in Hindi ribbonfarm.com/…/survival-of-the-mediocre-mediocr…
Not as bad as you make it out to be, and I actually worked in the US with more Chinese engineers than US engineers.
I didn’t down vote you. I’m not saying all Chinese engineers are bad, I’m just saying a lot are bad or don’t care enough about details just execution as fast and with as little effort as possible.
*New GitHub
Is it hosted on New Pied Piper?
no, new new Internet
JIAN YANG!!!
suck it, jian yiang
omw to get all the homebrew stuff NIntendo got removed from github lol
Quick, someone tell Nintendo!
I don’t understand why this is a bad thing? Open source code is designed to be shared/distributed, and an open-source license can’t place any limits on who can use or share the code. Git was designed as a distributed, decentralized model partly for this reason (even though people ended up centralizing it on Github anyways)
They might end up using the code in a way that violates its license, but simply cloning it isn’t a problem.
But china bad and scary.
I expect it’s going likely to be used to train some Chinese AI model. The race to AGI is in progress. IMO: “ideas” (code included) should be freely usable by anyone, including the people I might disagree with. But I understand the fear it induces to think that an authoritarian government will get access to AGI before a democratic one. That said I’m not entirely convinced the US is a democratic government…
PS: I’m french, and my gov is soon to be controlled by fascist pigs if it’s not already, so I’m not judging…
Even if they do that, the license for open source software doesn’t disallow it from being done.
It certainly can. Most licences require derivative works to be under the same or similar licence, and an AI based on FOSS would likely not respect those terms. It’s the same issue as AI training on music, images, and text, it’s a likely violation of copyright and thus a violation of open source licensing terms.
Training on it is probably fine, but generating code from the model is likely a whole host of licence violations.
Some, but probably not most. This is mostly an issue with “viral” licenses like GPL, which restrict the license of derivative works. Permissive licenses like the MIT license are very common and don’t restrict this.
MIT does say that “all copies or substantial portions of the Software” need to come with the license attached, but code generated by an AI is arguably not a “substantial portion” of the software.
How do you verify that though?
And does the model need to include all of the licenses? Surely the “all copies or substantial portions” would apply to LLMs, since they literally include the source in the model as a derivative work. That’s fine if it’s for personal use (fair use laws apply), but if you’re going to distribute it (e.g. as a centralized LLM), then you need to be very careful about how licenses are used, applied, and distributed.
So I absolutely do believe that building a broadly used model is a violation of copyright, and that’s true whether it’s under an open source license or not.
By comparing it to the original work.
And how will you know what original work(s) to compare it to?
How do you know anything about anything an LLM generates? Presumably if you’re the author you would recognize your own work?
I’m not going to be monitoring Chinese code projects. They don’t seem to care much about copyright, so they’ll probably just yoink the code into proprietary projects and not care about the licenses.
What am I going to do, sue someone in China? And decompile everything that comes from China to check if my code was likely in it? That’s ridiculous. If it’s domestic, I probably have a chance, but not if it’s in another country, and especially not one like China that doesn’t seem to care about copyright.
I agree with you, and don’t really have any answers :)
The code needs to maintain the copyrights and authors. They are “mirroring” usernames into their own domain, with mails that dont correspond to the original authors, stealing their contributions.
Oh! I didn’t realise this. Do you have an example?
That would make it plagiarism, which ethically is a whole different matter than merelly copying that which is free to copy.
I personally don’t care if someone “steals” my code (Here’s my profile if you want to do so: github.com/ZILtoid1991 ), however it can mean some mixture of two things:
Of course it could mean totally unrelated stuff too (e.g. just your typical anti-China and/or anti-communist paranoia sells political points).
Isn’t GitHub already blocked in China?
It is
You can’t block open source projects from anyone. That’s the entire point of open source. For a license to be considered open-source, it must not have any limitations as to who can use it.
I think they were referring to blocking GitHub from public access. In the event of a world war I could easily see Microsoft obeying the order to shut down GitHub.
I’m seeing this misconception in a lot of places.
Just because something is on GitHub, doesn’t mean it’s open source. It doesn’t automatically grant permission to share either.
It may not be de jure open source, but if the code is posted publicly on the internet in a way that anyone can download and modify it, it sort of becomes de facto open source (or “source available” if you prefer).
Please don’t muddy the water with terms like this. Something is open source if and only if it has an open source license.
.
Correct, you are allowed to click the “fork” button and nothing else. You’re still not allowed to download, use, modify, compile or redistribute the code in any way that doesn’t involve the “fork” button.
Put content that is illegal in China into your code, problem solved!
Include “Winnie the Poo” into your next oss project!
AbstractBaseWinnieThePoohFactory
The phrase Tiananmen Square massacre in each file.
Actually that happened 😂 they accidentally “mirrored” some activists’ repository and got blocked temporarily
There is always something you can do about it. Always.
And I was just asking yesterday what would you feel if someone evil used your FOSS software: lemmy.world/post/16898871
I think the major issue is here is that they are “mirroring” with the same username without clear indicating they are mirrors and they are modifying all the github links in Readme to GitCode. But if you want to claim your project, they want to only comment using the issue section of a project which requires account; but then you have to have a Chinese phone number to register account, and you will automatically get a Huawei Cloud account when you registering it
Edit: also some background info about the company behind GitCode from my other comment: the company behind GitCode is funded and owned by CSDN (China Software Developer Network) and the actual infrastructure and service is provided by Huawei Cloud. On the website they have written this statement in the registration page.
CSDN is mostly a platform to share posts on software development, but it is known to have a lot of issues, including:
Oh fuck! Capitalism with beastly grin strikes back.
I hope they copy the web interface too. I stopped using GitHub for my dumb little projects when Microsoft bought them and I can’t be bothered to learn git. I will gladly host my future projects there if it’s good.
What use is Github / a Github clone to you without knowing git?
*self hosts gitlab with docker run
*still doesn’t know git
‘:confused jackie:’
So what are you using it for? (Not criticizing, genuinely curious)
Generally, I tend to think more in the direction of that there is some misunderstanding happening, then people being stupid. Maybe that is just the optimist in me.
What exactly is meant when people say they don’t know git. Do they mean the repository data format? Do they mean the network protocol? Do they mean the command line utility? Or just how to work with git as a developer, which is similar to other vcs?
I think if you use some git gui, you can get very far, without needing to understand “git”, which I would argue most people, that use it daily, don’t, at least not fully.
I don’t understand all 3 :)
The web interface is great and easy to use. I liked just dragging and dropping updated files to it, very simple.
Oh, didn’t even know you could do that, lol
How to become unemployable as an engineer 101.
I’m not an engineer and I am employed, I do a little scripting for fun. Software developers should learn how to use git but I’m not one :)
Relevant
%100 me when I first started github: “welp its saying something I dont understand, time to nuke the local copy and restart”
Great! Now I know who to contact when I accidentally delete all the plaintext API keys and passwords I had stored in a public github repo.
Apart from the dozens of scrape bots that already stole them?
You’re supposed to revoke API keys that are leaked. Not try to “unleak” them
Oh boy, Lemmy really doesn’t get sarcasm without the “/s”, huh?
If it’s a public repo do they need permission?
Not saying this is good, but you can’t really argue that it’s not a natural consequence of open source.
Depends on the license I suppose.
All major licenses allow it. GPL-family, BSD-family, MIT/X11, CC-family. Anything FSF-approved or OSI-approved.
Most projects on GitHub don’t have a license, which means it’s not allowed.
I’m noticing this misconception in a lot of places.
Just because something is on GitHub, doesn’t mean it’s open source.
I get what your saying, in that open source projects normally have a licence that applies to how it’s used - but this has always been open to abuse.
Nothing has ever stopped things like this happening - see how industry has taken advantage of open source for decades (often productising things as their own in the process).
The industry takes advantage of open source projects that have permissive licenses. This is an important distinction.
If you didn’t release your code with a permissive license (or even with a license at all), you have rights that protect you and your code. The only issue is that copyright infringement can often be hard to prove if you didn’t plan ahead for it.
If it’s on the internet, I save, I pirate, I protect. Don’t like it ? Then get off MY internet !
Obviously it functionally very much is. If you wanted to keep it closed source you’d host it on your own servers or even keep it offline.
No, this is not correct at all! You keep limiting yourself to the terms “open source” and “closed source”.
Any code you create, you own by copyright. Even if it is public on GitHub, you’re still the lone copyright owner and no one is legally allowed to do with it what isn’t allowed by a license.
Projects on GitHub without an open source license are only “functionally open source” to the same extent that pirated games are “functionally free”.
If you want to use piracy language then this is privateering. It would be piracy except for the fact that they’ve got the backing and protection of a major country.
Copyright is an arbitrary concept. If a country decides to ignore it, then they can do what they want with a publicly-visible resource.
Don’t forget that “open source” has a different definition than “source available”.
Oh I get the theoretical difference. I’m talking about functional difference. Good luck taking China to patent court.
Open source doesn’t mean source available. You simply aren’t using the term correctly.
No, I’m pointing out that China doesn’t care about your dictionary.
If someone infringes on a copyright that doesn’t mean the work isn’t copyrighted. You can’t just say things that are source available are open source. Even if someone is infringing on the rights holders they’re still only source available.
In countries following that legal regime.
You’re being obtuse. I get the point you’re trying to make – you’ve been heard. I’m just saying those aren’t the terms you should be using to make it. Open source has a very distinct definition and it has to do with the licenses covering the code. It has nothing to do with whether different countries have differing laws. Code cannot be open source in one country and not open source in another because the definition has nothing to do with countries. In fact, that would specifically not be open source because it gives rights to some and not others.
The problem is we aren’t in a thread talking about Apple stealing code. We’re in a thread about China doing it. And people in here are like, “that’s illegal! It’s not actually open source!”
Which is why I’m driving this point so hard.
Just because it might be legal to violate copyrights in other countries doesn’t make the code considered open source though lol.
It does where they’re concerned.
🙄
I’m surprised this wasnt done already
GitHub are not some bastion of righteousness - they are literally owned by Microsoft. And they work hard to stop people from getting too much Open Source from them, with rate limits and the like, so essentially gate keep.
I think CSDN probably want to gatekeep their clone even harder, but in general having archives of GitHub on the Internet is a good thing.
Yes. Fuck CCP, but having mirror is good.
EDIT: lemmy.world/comment/10853810
It appears to be scam-type(capitalism with beastly grin type) mirror.
Classic Chinese tech co, if you can’t create something on your own just download the source files and say you made it. The money spends the same after the fact, anyhow.
With the obligatory “fuck everyone who disregards open source licenses”, I am still slightly amused at this raising eyebrows while nearly no one is complaining about MS using github to train their copilot LLM, which will help circumvent licenses & copyrights by the bazillion.
Are you just trying to make a bad pro-China argument or have you never been online before?
I see it more as a good anti-Microsoft argument 🤷🏻♀️
“Why does no one say murder is bad unless China is murdering”
Isn’t a good anti-murder argument
I can not fathom how you absolutely nailed the essence of my comment, yet misunderstood it (and - arguably - your own example) so fundamentally.
Let me try to help, once:
“Why do most people not complain about murder when Microsoft is doing it, but when China is doing it, the very justified outrage can be heard?”
❤️
I cannot fathom how you absolutely nailed the essence of my comment, yet misunderstood it (and - arguably - your own example) so fundamentally.
People do criticize Microsoft for using open source data to train LLMs, just like people criticize murder
Hence the query about having never been on the internet before
Came here to say this. As much as I don’t like china, there is really nothing to see (apart from the source, that’s for everybody to see).
This could be illegal for git repos that do not have a open source license that allows mirroring or copying (BSD, Apache, Mit, GPL, etc.) Sometimes these repos are more “source available” and the source is only allowed to be read, not redistributed or modified. I would say that this is more of a matter for each individual copyright holder, not Microsoft.
But ultimately I agree, this really isn’t as big of a deal as people are making.
edit: changed some wording to be clearer
China is a sovereign entity. I’m pretty sure they can decide foreign licensing laws don’t apply there.
China is a soverign state and they should make their own laws. However, China has promised repeatably that they will take IP concerns more strictly (trade deal with Trump in 2020 is one example of this promise). It seems of this moment they still use the World Intellectual Property Organization for inspiration for their IP laws. At one point, China did not acknowledge IP rights at all but chose to acknowledge them in order to secure foreign business trade. Being consistent is good for business; especially when it comes to international business.
China has never been consistent. Doing business there is all about relations with the CCP. This is a perfect example of how an authoritarian regime differs from a liberal regime. One is bound by it’s promises and rules and the other binds it’s rules to it’s needs.
Lots of people complained about that. I’ve only seen this single thread complaining about this.
If I look at a few implementations of an algorithm and then implement my own using those as inspiration, am I breaking copyright law and circumventing licenses?
As I am a big proponent of open source, there is nothing wrong even with copying code - the point is that you should not be allowed to claim something as your own idea and definitely not to claim copyright on code that was “inspired” by someone else’s work. The easiest solution would be to forbid patents on software (and patents altogether) completely. The only purpose that FOSS licenses have is to prevent corporations from monetizing the work under the license.
Well let’s say there’s an algorithm to find length of longest palindrome with a set of letters. I look at 20 different implementations. Some people use hashmaps, some don’t. Some do it recursively, some don’t. Etc
I consider all of them and create my own. I decide to implement myself both recursive and hash map but also add certain novel elements.
Am I copying code? Am I breaking copyright? Can I claim I wrote it? Or do I have to give credit to all 20 people?
As for forbidding patents on software, I agree entirely. Would be a net positive for the world. You should be able to inspect all software that runs on your computer. Of course that’s a bit idealistic and pipe-dreamy.
again, I don’t have a problem with copying code - but I as a developer know whether I took enough of someone else’s algorithm so that I should mention the original authorship :) My only problem with circumventing licenses is when people put more restrictive licenses on plagiarized code.
And - I guess - in conclusion, if someone makes a license too free, so that putting a restrictive (commercial) license or patent on plagiarized / derived work, that is also something I don’t want to see.
I have no problem copying code either. The question is at what point does it go from
To
How abstracted does it have to be before it’s OK? If you write a merge sort, it might be similar to the one you learned when you were studying data structures.
Should you make sure you attribute your data structure textbook every time you write a merge sort?
Are you understanding the point I’m trying to get at?
My trivial (non legal ;) answer is: If you are working for a corporation that is looking to patent something / make something closed license: the moment you ever looked at a single line of my code relevant to what you are doing, you are forbidden from releasing under any more restrictive license. If you are a private person working on open source? Then you be the judge whether you copied enough of my code that you believe it is more than just “inspired by”.
That depends on how similar your resulting algorithm is to the sources you were “inspired” by. You’re probably fine if you’re not copying verbatim and your code just ends up looking similar because that’s how solutions are generally structured, but there absolutely are limits there.
If you’re trying to rewrite something into another license, you’ll need to be a lot more careful.
What’s the limit? This needs to be absolutely explicit and easy to understand because this is what LLMs are doing. They take hundreds of thousands of similar algorithms and they create an amalgamation of it.
When is it copying and when it is “inspiration”? What’s the line between learning and copying?
I disagree that it needs to be explicit. The current law is the fair use doctrine, which generally has more to do with the intended use than specific amounts of the text/media. The point is that humans should know where that limit is and when they’ve crossed it, with motive being a huge part of it.
I think machines and algorithms should have to abide by a much narrower understanding of “fair use” because they don’t have motive or the ability to Intuit when they’ve crossed the line. So scraping copyrighted works to produce an LLM should probably generally be illegal, imo.
That said, our current copyright system is busted and desperately needs reform. We should be limiting copyright to 14 years (as in the original copyright act of 1790), with an option to explicitly extend for another 14 years. That way LLMs can scrape comment published >28 years ago with no concerns, and most content produced >14 years (esp. forums and social media where copyright extension is incredibly unlikely). That would be reasonable IMO and sidestep most of the issues people have with LLMs.
First, this conversation has little to do with fair use. Fair use is when there is an acceptable reason to break copyright. For example when you are making a parody or critique or for education purposes.
What we are talking about is the act of reading and/or learning and then using that information in order to synthesize new material. This is essentially the entire point of education. When someone goes to art school, they study many different artists and their techniques. They learn from these techniques as they merge them together in different ways to create novel art.
Everybody recognizes this is perfectly OK and to assume otherwise is absurd. So what we are talking about is not fair use, but extracting data from copyrighted material and using it to create novel material.
The distinction here is you claim when this process is automated, it should become illegal. Why?
My opinion is if it’s legal for a human to do, it should be legal for a human to automate.
Sure, but that’s not what LLMs are doing. They’re breaking down works to reproduce portions of it in answers. Learning is about concepts, LLMs don’t understand concepts, they just compare inputs with training data to provide synthesized answers.
The process a human goes through is distinctly different from the process current AI goes through. The process an AI goes through is closer to a journalist copy-pasting quotations into their article, which falls under fair use. The difference is that AI will synthesize quotations from multiple (many) sources, whereas a journalist will generally just do one at a time, but it’s still the same process.
I complain all the time. But that’s not the subject of this post…
Yeah exactly, fuck llms that don’t honor licenses
What rock have you been living under??
Not like MS couldn’t be sued.
It may be expensive but possible.
Unlike China. Good luck suing china (or the chinese government) as a whole. Maybe you’ll get out a domestic ban but I can hardly believe that they will care and probably will continue with their operation. But now it’s not on very legal grounds.
It is not illegal is it?
If it is legal, then thank you China for the free backup.
I do believe it’s illegal if they take a repository with a restrictive license (which includes any repository without a license), and then make it available on their own service. I think China just doesn’t care.
Illegal according to who?
The US? Why would China care, they are their own country with their own laws.
International courts? Who is enforcing those judgments?
.
If it’s hosted in a public repo, anyone can clone it, that’s very much part of most git flows.
What you can do with the software, how you can use it, that’s another matter, based on the licence.
That of course assumes China will respect the copyright…
Sure, you can probably clone it - I’m not 100% sure, but I think laws protect that as long as it’s private use.
You can also fork it on GitHub, that’s something you agree to in the GitHub ToS - though I think you’re not allowed to push any modifications if the license doesn’t allow it?
Straight up taking the content from GitHub, uploading it to your own servers, and letting people grab a copy from there? That’s redistribution, and is something that needs to be permitted by the license. It doesn’t matter if it’s git or something else, in the end that’s just a way to host potentially copyrighted material.
Though if you have some reference on why this is not the case, I’d love to see it - but I’m not gonna take a claim that “that’s very much a part of most git flows”.
You can buy pirated software or pre-cracked consoles in stores there. They don’t care.
Law do not exist by itself; it’s the result of balance of power. How would you know that your State do not use illegally free software ? And if you know it, could you sue it ? Even if it’s a classified administration ?
Apply laws Internationally is even worse. It usually depends of the imperialist relationship between States. For exemple, Facebook rules was illegal in France, but France changes it’s laws rather than sue Facebook. A decade later, the whole European Union could forte RGPD upon the GAFAM.
China have nothing to fear in ignoring those licence, and we shouldn’t rely on it to protect our work. However we could strengthen our common defenses, through FOSS for people in the US … and maybe trade unions elsewhere.
I hate authoritarian regimes, but why hosting cloned repos is bad?
EDIT: lemmy.world/comment/10853810
It appears to be scam-type(capitalism with beastly grin type) mirror. Not saying that hosting mirrors is bad in itself.
What, even the private gits???
No, they don’t have access to that
Smart.
Yeah, though the Chinese government isn’t doing this out of the goodness of their heart, this is what open source is about.
God damn it, Jiaan Yang!
I call my uncle, he’s very corrupt
New New Internet.
If we steal IP from China does the American government give us a business loan?
China has no IP
<img alt="" src="https://lemmy.world/pictrs/image/f509f762-3e98-4d83-8955-24f8dbe1fada.jpeg">
I love how this image is a pun
I’m not getting it. Explain, please?
IP Man. Great movies.
Ahh, thanks. I think that may be a grandad level pun
Bs
that could come in veery handy once microsoft wants to pull some plugs. i guess we can be grateful for the backup that is 1. not 100% in m$ hands any more then and 2nd cannot be as easy destroyed as some backups at archive.org. i actually hoped for someone with enough money to create this type of security after m$ assimilated github and thought like “does nobody see the rising danger there?” but even if china’s great fork might be more reliable than m$ over time, maybe it’s better to have your own backups of all the things you actually may need in future.
btw did microsoft manage to get rid of the hackers that settled into their network for … how long??
i guess they’ll tell
Preparation for war.
Lmao the murican propaganda worked wonders on this guy
and the Chinese propoganda worked on 2 websites.
<img alt="" src="https://lemmy.ml/pictrs/image/a8b288ca-b5c4-4d61-9245-5396d10cdbb2.jpeg">
Yeah… The main thing I see here is that China (read; government , not the people, not being racist here) will take this code, they will make improvements on it, they will NOT give back. Basically like Microsoft, but now an entire country.
Chinese government hasn’t exact had a good reputation when it comes to taking technology and not giving anything back
Not like I’d want contributions from the chinese state programmers.
Feels like an easy entry for state level supply chain attack.
Who says they aren’t trying right now? I recall SSH had an attempt quite recently, I can guarantee that China is trying hard to include anything to out in back doors
It is a new “internet” archive without copyright bla bla? ¯\_(ツ)_/¯
China cares of nothing, from patents to licences. Culture of steal and copy, rebrand and sell/use
I would argue that this culture would possibly be good to learn from them, first. It didn’t come to existence as some kind of social evolution, but was impressed by power.
Second, at least they are behind Europeans in the culture of genocide.