- cross-posted to:
- technology@beehaw.org
- cross-posted to:
- technology@beehaw.org
GitCode, a git-hosting website operated Chongqing Open-Source Co-Creation Technology Co Ltd and with technical support from CSDN and Huawei Cloud.
It is being reported that many users’ repository are being cloned and re-hosted on GitCode without explicit authorization.
There is also a thread on Ycombinator (archived link)
You must log in or register to comment.
Great! Now I know who to contact when I accidentally delete all the plaintext API keys and passwords I had stored in a public github repo.
Apart from the dozens of scrape bots that already stole them?
You’re supposed to revoke API keys that are leaked. Not try to “unleak” them
that could come in veery handy once microsoft wants to pull some plugs. i guess we can be grateful for the backup that is 1. not 100% in m$ hands any more then and 2nd cannot be as easy destroyed as some backups at archive.org. i actually hoped for someone with enough money to create this type of security after m$ assimilated github and thought like “does nobody see the rising danger there?” but even if china’s great fork might be more reliable than m$ over time, maybe it’s better to have your own backups of all the things you actually may need in future.
btw did microsoft manage to get rid of the hackers that settled into their network for … how long??
i guess they’ll tell
Quick, someone tell Nintendo!
It is not illegal is it?
If it is legal, then thank you China for the free backup.
I do believe it’s illegal if they take a repository with a restrictive license (which includes any repository without a license), and then make it available on their own service. I think China just doesn’t care.
You can buy pirated software or pre-cracked consoles in stores there. They don’t care.
If it’s hosted in a public repo, anyone can clone it, that’s very much part of most git flows.
What you can do with the software, how you can use it, that’s another matter, based on the licence.
That of course assumes China will respect the copyright…
Sure, you can probably clone it - I’m not 100% sure, but I think laws protect that as long as it’s private use.
You can also fork it on GitHub, that’s something you agree to in the GitHub ToS - though I think you’re not allowed to push any modifications if the license doesn’t allow it?
Straight up taking the content from GitHub, uploading it to your own servers, and letting people grab a copy from there? That’s redistribution, and is something that needs to be permitted by the license. It doesn’t matter if it’s git or something else, in the end that’s just a way to host potentially copyrighted material.
Though if you have some reference on why this is not the case, I’d love to see it - but I’m not gonna take a claim that “that’s very much a part of most git flows”.
Illegal according to who?
The US? Why would China care, they are their own country with their own laws.
International courts? Who is enforcing those judgments?
Law do not exist by itself; it’s the result of balance of power. How would you know that your State do not use illegally free software ? And if you know it, could you sue it ? Even if it’s a classified administration ?
Apply laws Internationally is even worse. It usually depends of the imperialist relationship between States. For exemple, Facebook rules was illegal in France, but France changes it’s laws rather than sue Facebook. A decade later, the whole European Union could forte RGPD upon the GAFAM.
China have nothing to fear in ignoring those licence, and we shouldn’t rely on it to protect our work. However we could strengthen our common defenses, through FOSS for people in the US … and maybe trade unions elsewhere.
I love how every Chinese company is called “China”
Yeah… That’s because they are. it is required that every Chinese Company has to be owned by “tHe PeOpLe” (CCP)
Lmao
Gotta disguise being a capitalist country somehow.
Capitalism is when the public owns the things. And Communism is when a handful of private individuals owns the things.
So what’s it called when the government is a handful of private individuals, as opposed to representing the public?
Oligarchy or aristocracy, and that’s Russia. And the US at this point lol.
The Aristocrats
Badum tish!
No… Capitalism is when a handful of individuals own the means of production and have full authority on how they are used.
Communism is more akin to when the workers decide what to do with the means of production they operate.
You got this literally backwards.
Facebook = America
Classic Chinese tech co, if you can’t create something on your own just download the source files and say you made it. The money spends the same after the fact, anyhow.
I’m surprised this wasnt done already
I don’t understand why this is a bad thing? Open source code is designed to be shared/distributed, and an open-source license can’t place any limits on who can use or share the code. Git was designed as a distributed, decentralized model partly for this reason (even though people ended up centralizing it on Github anyways)
They might end up using the code in a way that violates its license, but simply cloning it isn’t a problem.
I’m seeing this misconception in a lot of places.
Just because something is on GitHub, doesn’t mean it’s open source. It doesn’t automatically grant permission to share either.
This is part of the Github terms of service:
By setting your repositories to be viewed publicly, you agree to allow others to view and “fork” your repositories (this means that others may make their own copies of Content from your repositories in repositories they control).
Correct, you are allowed to click the “fork” button and nothing else. You’re still not allowed to download, use, modify, compile or redistribute the code in any way that doesn’t involve the “fork” button.
It may not be de jure open source, but if the code is posted publicly on the internet in a way that anyone can download and modify it, it sort of becomes de facto open source (or “source available” if you prefer).
Please don’t muddy the water with terms like this. Something is open source if and only if it has an open source license.
The code needs to maintain the copyrights and authors. They are “mirroring” usernames into their own domain, with mails that dont correspond to the original authors, stealing their contributions.
with mails that dont correspond to the original authors,
Oh! I didn’t realise this. Do you have an example?
That would make it plagiarism, which ethically is a whole different matter than merelly copying that which is free to copy.
I personally don’t care if someone “steals” my code (Here’s my profile if you want to do so: https://github.com/ZILtoid1991 ), however it can mean some mixture of two things:
- China is getting ready for war, which will mean the US will try its best to block technology, including open source projects.
- China is planning to block GitHub due to it being able to host information the Chinese government might not like.
Of course it could mean totally unrelated stuff too (e.g. just your typical anti-China and/or anti-communist paranoia sells political points).
Isn’t GitHub already blocked in China?
It is
US will try its best to block technology, including open source projects.
You can’t block open source projects from anyone. That’s the entire point of open source. For a license to be considered open-source, it must not have any limitations as to who can use it.
You can’t block open source projects from anyone.
I think they were referring to blocking GitHub from public access. In the event of a world war I could easily see Microsoft obeying the order to shut down GitHub.
But china bad and scary.
I expect it’s going likely to be used to train some Chinese AI model. The race to AGI is in progress. IMO: “ideas” (code included) should be freely usable by anyone, including the people I might disagree with. But I understand the fear it induces to think that an authoritarian government will get access to AGI before a democratic one. That said I’m not entirely convinced the US is a democratic government…
PS: I’m french, and my gov is soon to be controlled by fascist pigs if it’s not already, so I’m not judging…
I expect it’s going likely to be used to train some Chinese AI model.
Even if they do that, the license for open source software doesn’t disallow it from being done.
It certainly can. Most licences require derivative works to be under the same or similar licence, and an AI based on FOSS would likely not respect those terms. It’s the same issue as AI training on music, images, and text, it’s a likely violation of copyright and thus a violation of open source licensing terms.
Training on it is probably fine, but generating code from the model is likely a whole host of licence violations.
Most licences require derivative works to be under the same or similar licence
Some, but probably not most. This is mostly an issue with “viral” licenses like GPL, which restrict the license of derivative works. Permissive licenses like the MIT license are very common and don’t restrict this.
MIT does say that “all copies or substantial portions of the Software” need to come with the license attached, but code generated by an AI is arguably not a “substantial portion” of the software.
code generated by an AI is arguably not a “substantial portion” of the software
How do you verify that though?
And does the model need to include all of the licenses? Surely the “all copies or substantial portions” would apply to LLMs, since they literally include the source in the model as a derivative work. That’s fine if it’s for personal use (fair use laws apply), but if you’re going to distribute it (e.g. as a centralized LLM), then you need to be very careful about how licenses are used, applied, and distributed.
So I absolutely do believe that building a broadly used model is a violation of copyright, and that’s true whether it’s under an open source license or not.
By comparing it to the original work.
And how will you know what original work(s) to compare it to?
And I was just asking yesterday what would you feel if someone evil used your FOSS software: https://lemmy.world/post/16898871
God damn it, Jiaan Yang!
I call my uncle, he’s very corrupt
New New Internet.
If we steal IP from China does the America government give us a business loan?
China has no IP
Bs
I love how this image is a pun
I’m not getting it. Explain, please?
IP Man. Great movies.
Ahh, thanks. I think that may be a grandad level pun
Oh, cool. I might finally find contributors to my projects.
Might want to audit what they MR though, ctrl+f “.cn” is a quick audit for most of what the chinese “hackers” try
Maybe Lemmy will finally get good mod tools now.
That would be hilarious lol
I hope they copy the web interface too. I stopped using GitHub for my dumb little projects when Microsoft bought them and I can’t be bothered to learn git. I will gladly host my future projects there if it’s good.
What use is Github / a Github clone to you without knowing git?
Generally, I tend to think more in the direction of that there is some misunderstanding happening, then people being stupid. Maybe that is just the optimist in me.
What exactly is meant when people say they don’t know git. Do they mean the repository data format? Do they mean the network protocol? Do they mean the command line utility? Or just how to work with git as a developer, which is similar to other vcs?
I think if you use some git gui, you can get very far, without needing to understand “git”, which I would argue most people, that use it daily, don’t, at least not fully.
*self hosts gitlab with docker run
*still doesn’t know git
‘:confused jackie:’
So what are you using it for? (Not criticizing, genuinely curious)
The web interface is great and easy to use. I liked just dragging and dropping updated files to it, very simple.
I can’t be bothered to learn git.
How to become unemployable as an engineer 101.
Cloned even?
Maybe they were open source projects?
If the license of the project isn’t being respected then this is a problem.
I’m not disagreeing, but can anyone really be surprised? IP theft is Chinese policy 101.
IP theft is…… less prevalent these days (or at least leas obvious)
This would be a return to the before times
Sweet summer child…
GitHub owner Microsoft would never engage in IP theft of source code. They leave that to OpenAI and then rebrand it as GitHub Copilot.
Training an AI on something doesn’t involve copying it.
This is entirely different. Copilot and Chatgpt doesn’t exactly reproduce the code. It’s paraphrasing it. By your logic you’re not allowed to implement anything as the majority of algrithms originate from scientific research and papers that also have copy-rights on them.
fun to think that my shitty program is now stored in an artic vault and stored in some Chinese servers
So many bugs I never fixed and yet here we are lol
The great thing about China is that it’s got lots of people eager to fix those bugs
You haven’t worked with a lot of Chinese engineers, have you? https://www.chinaexpatsociety.com/culture/the-chabuduo-mindset
I love how they reinvent a universal experience as uniquely Chinese
They stole half assing it from the West!
Not as bad as you make it out to be, and I actually worked in the US with more Chinese engineers than US engineers.
Just discovered I was Chinese all this time!
