- cross-posted to:
- technology@beehaw.org
- cross-posted to:
- technology@beehaw.org
GitCode, a git-hosting website operated Chongqing Open-Source Co-Creation Technology Co Ltd and with technical support from CSDN and Huawei Cloud.
It is being reported that many users’ repository are being cloned and re-hosted on GitCode without explicit authorization.
There is also a thread on Ycombinator (archived link)
You must log in or register to comment.
fun to think that my shitty program is now stored in an artic vault and stored in some Chinese servers
So many bugs I never fixed and yet here we are lol
The great thing about China is that it’s got lots of people eager to fix those bugs
You haven’t worked with a lot of Chinese engineers, have you? https://www.chinaexpatsociety.com/culture/the-chabuduo-mindset
I love how they reinvent a universal experience as uniquely Chinese
They stole half assing it from the West!
Not as bad as you make it out to be, and I actually worked in the US with more Chinese engineers than US engineers.
Just discovered I was Chinese all this time!
The vast majority of projects on GitHub is open-source and forkable, why would that need authorization?
It’s… suspicious that China’s doing it en masse, but there’s nothing wrong in cloning or forking a repo last i heard.
It’s not about authorization. They want to build a knowledge base for when the Great Firewall gets some more filters. Just like russias mirror of wikipedia which is heavily edited to discredit the west.
This seems like the most plausible explanation. Only other thing I can think of is they want to develop their own CoPilot (which I’m guessing isn’t available in China due to the U.S. AI restrictions?), and they’re just using their existing infrastructure to gather training data.
Just like russias mirror of wikipedia which is heavily edited to discredit the west.
How come I live in Russia and have never seen such?
I know only of quite a few troll\counterculture projects, some, like Lurkmore, are already, well, dead, some, like Traditsiya, are not.
That, of course, if you don’t mean that Russian Wikipedia in itself has problems. Which would be true.
It’s called Ruwiki.
It was launched in June 24, 2023 as a fork of the Russian Wikipedia, and has been described by some media groups as “Putin-friendly” and “Kremlin-compliant”.
OK. Well, not sure anyone really uses that.
And under copyleft licensing, they’re allowed to do that. Both to GitHub repositories and Wikipedia.
Of course they are, it’s not like there is some kind of international jurisdiction anyway. What is bothersome is why they do it.
Even if there was jurisdiction, anyone in the world is entitled to do it by the very licenses these works are released under.
Hopefully they follow the rest of the stipulations of the licenses, such as the common one about keeping the license as such and contributing the changes back.
Open source? Or open source with a non-commercial restriction?
Why would that matter? You can fork such projects too.
Seems easier to commercialize a mirrored site?
Firewalls are already being built in america’s internet with the ban of tiktok
As an european i do not see problem with having copies of free software in places not controlled by the monopoly microsoft is morphing to.
Solution: create a GitHub repo with Markdown articles outlining human rights abuses by the CCP and have a large number of GitHub users star and fork the repo.
genius.
You’ve heard of CamelCase and lowercase and intVariableName variable naming styles. Get ready for:
for (int Taiwan == 0; Taiwan < HongKong; Taiwan++) { int TianamenSquare == 0; … }
Problem: the repo is only 1MB, while USA’s is 100GB
Tankie whataboutism strikes again.
Two things can be bad at the same time. Wild, I know.
“Whataboutism” is what Americans say to profess blind faith in their exceptionalism.
I’m not American. I don’t even like America.
Hell even i’m American and don’t like America
So you have even less reason to use the racist-in-origin and logically fallacious term.
Lmao it’s literally the name of a logical fallacy. How is the term itself fallacious?
Also I harbour no racism or ill will toward the Chinese people. My girlfriend is Chinese and I care about her a lot and love learning about her culture. I just don’t abide the human rights atrocities committed by any government.
-
it’s a euphemism for “And You Are Lynching Negroes” - that’s literally what people used to say instead of whataboutism.
-
It’s not the name of any logical fallacy. You’re thinking of Tu Quoque.
https://www.currentaffairs.org/news/2022/03/is-whataboutism-always-a-bad-thing
-
Maybe we should consider the same for the US government instead of being afraid of the big Chinese boogeyman across the sea? Because I guarantee you the US has just as many, if not more. But China bad. 🙄
426
50 Cent Army Repellant:
六四
1989 Tiananmen Square Massacre
I always thought the term “Wumao” sounded suspiciosly like “woo Mao.”
I was making a joke about abusing Chinese censorship in order to stop them cloning GitHub repos (assuming that was something you wanted to do. The joke being that the CCP suppresses information about their human rights abuses. That is not true of the US. You could absolutely make a GitHub repo detailing the crimes of the US government. Nobody will stop you.
Tell that to Julian Assange
Is that what you think got him in trouble?
yes. he published us crimes in iraq/afghanistan.
Yes yes, what about the US?
everyone should have stuff in their code comments, tianamen, hong kong, taiwan, uyghurs
That’s the whole point of this: they will automatically filter that out, and this is an impotent, though well intended, gesture.
Yeah I figured as much. It was mostly a joke. At the end of the day, if stuff is on GH, people can take it. It’s barely even stealing. Unless the license disagrees of course but then you were putting a lot of trust in society by making it public in the first place.
That’s what I don’t get about this. Why does anyone care? Even this Chinese company, why do they care to clone it all? It’s already all hosted and publicly available.
Apparently they aren’t respecting licenses. It’s possible to have source code publicly available on GH but have it not be truly FOSS. But that’s generally not a great idea since you’re effectively relying on the honour system for people not to take your code.
Even this Chinese company, why do they care to clone it all? It’s already all hosted and publicly available.
Until it isn’t. Perhaps they are preparing for a future war with the US and assume their access to all that code will be blocked. They want to copy it now while they have access.
Good point.
How will they filter it out? If they just don’t mirror anything with ‘forbidden’ terms, we can poison repos to prevent them being mirrored. If they try to tamper with the repo histories then they’ll end up breaking a load of stuff that relies on consistent git hashes.
I feel like the effort to make such a repo and make it popular enough to be cloned and rehosted is a lot more effort than someone manually checking the results of an automated filter process.
The “effort economy” is hugely in favor of the mirroring side
The real solution is to include a few
tiananmenSquarevariables in all the repositories. Either they exclude the entire repository or just the specific file, in either case the entire project may be unusable.So… You’re saying instead of “main”, “app”, or “core”, we should change the convention to make tiananmenSquare the entry point for apps?
Or maybe make it the filename for utils, so it’ll just break
China filters every byte of Internet traffic in and out of the country.
It seems naive to think they can’t accomplish the same thing for a GitHub mirror.
They’re not supposed to, it’s just about blocking them from using the software :)
It’s a new coding paradigm, I will take some time getting used to looking for libraries in the
uyghur/tianamenfolder.
create a GitHub repo with Markdown articles outlining human rights abuses by the CCP
Once you have logged “China killed 100 Zillion people! End CCP now!” in Chinese GitHub, everyone in China will realize that their lives are actually very bad and they need to do a Revolution immediately.
I don’t understand why this is a bad thing? Open source code is designed to be shared/distributed, and an open-source license can’t place any limits on who can use or share the code. Git was designed as a distributed, decentralized model partly for this reason (even though people ended up centralizing it on Github anyways)
They might end up using the code in a way that violates its license, but simply cloning it isn’t a problem.
I’m seeing this misconception in a lot of places.
Just because something is on GitHub, doesn’t mean it’s open source. It doesn’t automatically grant permission to share either.
This is part of the Github terms of service:
By setting your repositories to be viewed publicly, you agree to allow others to view and “fork” your repositories (this means that others may make their own copies of Content from your repositories in repositories they control).
Correct, you are allowed to click the “fork” button and nothing else. You’re still not allowed to download, use, modify, compile or redistribute the code in any way that doesn’t involve the “fork” button.
It may not be de jure open source, but if the code is posted publicly on the internet in a way that anyone can download and modify it, it sort of becomes de facto open source (or “source available” if you prefer).
Please don’t muddy the water with terms like this. Something is open source if and only if it has an open source license.
The code needs to maintain the copyrights and authors. They are “mirroring” usernames into their own domain, with mails that dont correspond to the original authors, stealing their contributions.
with mails that dont correspond to the original authors,
Oh! I didn’t realise this. Do you have an example?
That would make it plagiarism, which ethically is a whole different matter than merelly copying that which is free to copy.
I personally don’t care if someone “steals” my code (Here’s my profile if you want to do so: https://github.com/ZILtoid1991 ), however it can mean some mixture of two things:
- China is getting ready for war, which will mean the US will try its best to block technology, including open source projects.
- China is planning to block GitHub due to it being able to host information the Chinese government might not like.
Of course it could mean totally unrelated stuff too (e.g. just your typical anti-China and/or anti-communist paranoia sells political points).
Isn’t GitHub already blocked in China?
It is
US will try its best to block technology, including open source projects.
You can’t block open source projects from anyone. That’s the entire point of open source. For a license to be considered open-source, it must not have any limitations as to who can use it.
You can’t block open source projects from anyone.
I think they were referring to blocking GitHub from public access. In the event of a world war I could easily see Microsoft obeying the order to shut down GitHub.
But china bad and scary.
I expect it’s going likely to be used to train some Chinese AI model. The race to AGI is in progress. IMO: “ideas” (code included) should be freely usable by anyone, including the people I might disagree with. But I understand the fear it induces to think that an authoritarian government will get access to AGI before a democratic one. That said I’m not entirely convinced the US is a democratic government…
PS: I’m french, and my gov is soon to be controlled by fascist pigs if it’s not already, so I’m not judging…
I expect it’s going likely to be used to train some Chinese AI model.
Even if they do that, the license for open source software doesn’t disallow it from being done.
It certainly can. Most licences require derivative works to be under the same or similar licence, and an AI based on FOSS would likely not respect those terms. It’s the same issue as AI training on music, images, and text, it’s a likely violation of copyright and thus a violation of open source licensing terms.
Training on it is probably fine, but generating code from the model is likely a whole host of licence violations.
Most licences require derivative works to be under the same or similar licence
Some, but probably not most. This is mostly an issue with “viral” licenses like GPL, which restrict the license of derivative works. Permissive licenses like the MIT license are very common and don’t restrict this.
MIT does say that “all copies or substantial portions of the Software” need to come with the license attached, but code generated by an AI is arguably not a “substantial portion” of the software.
code generated by an AI is arguably not a “substantial portion” of the software
How do you verify that though?
And does the model need to include all of the licenses? Surely the “all copies or substantial portions” would apply to LLMs, since they literally include the source in the model as a derivative work. That’s fine if it’s for personal use (fair use laws apply), but if you’re going to distribute it (e.g. as a centralized LLM), then you need to be very careful about how licenses are used, applied, and distributed.
So I absolutely do believe that building a broadly used model is a violation of copyright, and that’s true whether it’s under an open source license or not.
By comparing it to the original work.
And how will you know what original work(s) to compare it to?
And I was just asking yesterday what would you feel if someone evil used your FOSS software: https://lemmy.world/post/16898871
God damn it, Jiaan Yang!
I call my uncle, he’s very corrupt
New New Internet.
If we steal IP from China does the America government give us a business loan?
China has no IP
Bs
I love how this image is a pun
I’m not getting it. Explain, please?
IP Man. Great movies.
Ahh, thanks. I think that may be a grandad level pun
Oh, cool. I might finally find contributors to my projects.
Might want to audit what they MR though, ctrl+f “.cn” is a quick audit for most of what the chinese “hackers” try
Maybe Lemmy will finally get good mod tools now.
That would be hilarious lol
I hope they copy the web interface too. I stopped using GitHub for my dumb little projects when Microsoft bought them and I can’t be bothered to learn git. I will gladly host my future projects there if it’s good.
What use is Github / a Github clone to you without knowing git?
Generally, I tend to think more in the direction of that there is some misunderstanding happening, then people being stupid. Maybe that is just the optimist in me.
What exactly is meant when people say they don’t know git. Do they mean the repository data format? Do they mean the network protocol? Do they mean the command line utility? Or just how to work with git as a developer, which is similar to other vcs?
I think if you use some git gui, you can get very far, without needing to understand “git”, which I would argue most people, that use it daily, don’t, at least not fully.
*self hosts gitlab with docker run
*still doesn’t know git
‘:confused jackie:’
So what are you using it for? (Not criticizing, genuinely curious)
The web interface is great and easy to use. I liked just dragging and dropping updated files to it, very simple.
I can’t be bothered to learn git.
How to become unemployable as an engineer 101.
Cloned even?
Maybe they were open source projects?
If the license of the project isn’t being respected then this is a problem.
I’m not disagreeing, but can anyone really be surprised? IP theft is Chinese policy 101.
GitHub owner Microsoft would never engage in IP theft of source code. They leave that to OpenAI and then rebrand it as GitHub Copilot.
Training an AI on something doesn’t involve copying it.
This is entirely different. Copilot and Chatgpt doesn’t exactly reproduce the code. It’s paraphrasing it. By your logic you’re not allowed to implement anything as the majority of algrithms originate from scientific research and papers that also have copy-rights on them.
IP theft is…… less prevalent these days (or at least leas obvious)
This would be a return to the before times
Sweet summer child…
omw to get all the homebrew stuff NIntendo got removed from github lol
Shame they don’t have anything themselves that’s worth the trouble to copy back.
Aren’t Alibaba and Huawei huge on opensource?
As China leap frogged west in solar and EV tech
I’ve seen what’s inside the speed controllers and battery monitoring circuitry for Chinese EVs. I don’t think I want to be anywhere near them.
That they got from the West when CATL bought out a bankrupt US company that had developed LFP to commercial viability.
I think the two of you are focusing on either end of this and not really seeing the bigger picture.
China absolutely (stole / acquired) all the technology they have for solar, EV, and grid based storage. They have literally innovated 0% in this particular industry. I don’t think there’s any debating this aspect.
At the same time, China has pour billions into domestic production of solar panels, lithium and sodium batteries, vehicle production, and grid based storage solutions the likes that no other country has even remotely attempted. They recent demonstrated cheap sodium based 10MWh storage systems that can be built using seawater sodium. Something that California makes a shit ton of in their desalination plants, that they currently just shove the salt off as waste byproduct.
Like, if we wanted to, that kind of thing that China just demonstrated, we could be building GWh level storage systems for 10% the cost of a 1 GWh nuclear facility strictly off a byproduct that California distinctly doesn’t want and is literally paying people to take away. They could literally flip a cost into a revenue stream, but we don’t because “reasons”. We could literally have large batteries charged in Utah, and then use rail to move the sodium based batteries into the Eastern sections of the US, using literally the same infrastructure that we use today to move the tons of coal we move around for the TWh of power we generate. We could be doing this today. But we don’t because many nations just buy the arguments politicians feed them, or “it’s complicated”. And then there’s China demonstrating at small scale that it’s doable. So instead we say “oh well it wouldn’t scale” or “oh well you stole all that tech” because apparently our pride is more important than climate change.
The thing is, yes China has not committed to educating their population into novel development of these technologies. But at the same time they are deploying this stuff at rates every other developed nation has said they’d like to try and do that one day off in the future. Or can’t do right now because their hands are tied.
For the folks pointing at China as the enemy, fine. I’m not going to debate it. But there’s still things to learn from what they are doing with that stolen technology. Do we need to cozy up to them? Nah. But they’re showing off that grid based storage at scale and cheap is a thing even though people like France and the US say that such a thing is not possible at this time. They are showing LFP is viable if you’re willing to take an initial domestic loss to invest in the infrastructure, something the US citizens know but keep saying “well oil interest are holding us back”. No, there’s only a few dozen oil execs, there over a three hundred million non-oil execs. It’s a lack of will power.
Like most western nations keep coming up with excuses for delaying EV and green technology pushes and China keeps showing many of the excuses given to be false. And we know they’re false. We know the expectation of no less than $36k USD for an EV is some bullshit that car companies are pulling to offset all the baggage they have from leaving ICE. We know we could have charge stations every 100 miles on the Interstates, but we don’t because oil companies don’t want to lose their investments in the infrastructure they’ve got right now.
We know the reasons being given by our political and industry leaders are all bullshit. China is over there showing IRL how bullshit they are. Yeah, they stole everything they have, but at the same time all this “oh we couldn’t possibly do that here in the US” is shown for the BS it is, that we already know it to be, in China.
I mean, great, we’re all very smart people. Awesome. What good is that awesome smartness if we keep letting dumb fucks in politics pander off dumb excuses for why we don’t get to enjoy any of the stuff that awesome smartness provides? What good is being innovative if corporations keep handicapping that innovation to ensure they have a steady stream of revenue?
I mean yeah, let’s call China out of the bullshit they pull. But I mean, let’s not forget all the damn windows we’ve broken ourselves in our glass house here.
Why move the batteries instead of “moving” the electrons? You generate the electricity anywhere you want and use Therese nice cables that happen to be everywhere.
I absolutely do not discredit the scaling they’ve done in the manufacturing process, but if there’s one thing China does well, it’s scale manufacturing. That’s usually because they have much lower safety and quality standards, and might bring them up later on. But what they don’t seem to have, at least in these industries, is innovation in the underlying technology to any appreciable extent.
But hooboy, can they pump out solar panels and batteries when they’re taken off the leash.
And abso-fucking-lutely, we in Western countries continuously shoot ourselves in the foot with short-term thinking. There was a time it seemed when there were plans like the New Deal where thought was given to decades down the road. Today, the longest term outlook you see if 4 years. And that’s common across the board, I wouldn’t even place that just at the feet of the US. It’s a damn shame, and it’s the reason the middle class is getting hammered for the last 40 years. But we do know how to R&D, just now we can’t get build a manufacturing base without some grifter taking all the subsidies and shipping them offshore.
Now I’m depressed.
Just my take but:
Like them or not (and IMV they are a serious threat), China’s system enforces a strategic view, long term, more like a 100yr plan.
We don’t. It’s by election cycle or quarterly earnings report.
These things all make more sense if you see them impassionately, and without an ethical filter, from a long term POV.
China will do what’s best for China in the long term. Irrespective of ‘politics’ that are like ripples upon a rising tide.
That’s called value investing… Maybe our dear leader should learn how to manage national wealth instead of cutting companies and allowing a geopolitical adversary to take over tech/IP
Ie this is not a flex you think it is, it just proves my point that our dear leaders are incompetent imbiciles or worst… Bad faith actors.
No accountability leads to this sort of decision making lol
Bad faith, for sure, made very clear in the last 20 years.
Let’s dismiss all chinese contributors to open source projects with AI, javascript, PHP and so on.
I hate authoritarian regimes, but why hosting cloned repos is bad?
EDIT: https://lemmy.world/comment/10853810
It appears to be scam-type(capitalism with beastly grin type) mirror. Not saying that hosting mirrors is bad in itself.
I think the major issue is here is that they are “mirroring” with the same username without clear indicating they are mirrors and they are modifying all the github links in Readme to GitCode. But if you want to claim your project, they want to only comment using the issue section of a project which requires account; but then you have to have a Chinese phone number to register account, and you will automatically get a Huawei Cloud account when you registering it
- All code provided there requires “coins” to download, even they are open-sourced code; it was reported multiple people in China got scammed via CSDN;
- You have to login to copy code on the post, and sometimes hides half the post to require you to login to read.
Oh fuck! Capitalism with beastly grin strikes back.
Great! Now I know who to contact when I accidentally delete all the plaintext API keys and passwords I had stored in a public github repo.
Apart from the dozens of scrape bots that already stole them?
You’re supposed to revoke API keys that are leaked. Not try to “unleak” them
