[HN Gopher] Microsoft forked MIT licensed repo and changed the c...
___________________________________________________________________
Microsoft forked MIT licensed repo and changed the copyright
[fixed]
Author : mkdirp
Score : 1186 points
Date : 2021-12-25 14:12 UTC (8 hours ago)
(HTM) web link (github.com)
(TXT) w3m dump (github.com)
| throwaway984393 wrote:
| It seems people are outraged because they don't like it, but they
| don't seem to be talking about whether it's actually legal.
|
| IANAL, but the MIT license specifically does not say you have to
| redistribute with the same copyright owner notice. It says the
| copyright notice and terms must remain, and that you can
| sublicense it. It doesn't say you can't change the copyright
| notice.
| [deleted]
| osolo wrote:
| The attitude in these threads always boggles my mind. When YOU,
| your teammates or someone else you know makes a mistake, then
| it's just a mistake. But when someone at Microsoft makes a
| mistake it's because Microsoft is evil and by extension so is the
| person who offended.
|
| "It's a big company", you say. They should have a process! And
| I'm sad to say, they do/will have a process exactly because of
| this attitude. Then, everyone wonders why it takes forever to fix
| that bug they're furious about or why features are slow to come.
|
| Full disclosure: I work for MS, though have nothing to do with
| this. It's a huge company. I know hundreds of people and most of
| them are upstanding and try to do the right thing.
| fxtentacle wrote:
| In my opinion, this gets a strong reaction because:
|
| 1. They made similar mistakes in the past.
|
| 2. They didn't fix it for half a year.
|
| 3. They can expect strong financial benefits from making these
| mistakes.
|
| 4. They've recently burned a lot of goodwill by deliberately
| infringing licenses on a large scale when they trained Copilot.
|
| 5. They could have easily prevented this kind of mistakes.
|
| My summary would be that Microsoft deserves to be punished for
| making this mistake. If nothing bad happens now, then we'll
| have the same discussion again in half a year from now.
| tptacek wrote:
| What financial benefits do they stand to gain by changing the
| name on an MIT license?
| fxtentacle wrote:
| In some cases, they changed other licenses to MIT. That
| would then allow them to train their AI models on this
| source code, or redistribute a closed-source monetized GPL
| rip-off.
|
| Team A) makes a mistake and changes the license. Team B)
| uses the fork under its new license and forgets to check
| the original branch's license.
|
| Two honest mistakes leading to a de-GPL-ed library.
| tptacek wrote:
| Here, they're changed the name on an MIT license. What
| financial benefit do they stand to accrue from doing so?
| That's the question I'm asking.
| fxtentacle wrote:
| I was talking not only about this specific instance of it
| happening, but Microsoft had similar mistakes throughout
| the past 6 months. Here's the one from CUPS, a Linux
| printing library:
|
| https://github.com/microsoft/cups/commit/ad69bcc78bdea3fe
| a3f...
|
| It used to be Apache License, then it became "MIT License
| (c) Microsoft Corporation". Thanks to the attention that
| this thread got, it has now been fixed:
|
| https://github.com/microsoft/cups/commit/3859d70160010c61
| fd7...
|
| But that source code was online with the wrong license
| for more than 6 months. Imagine if you had hosted Windows
| source code with a misattributed MIT license for 6
| months... They would also bring out the pitchforks ;) Or
| even worse: well-paid lawyers.
| tptacek wrote:
| I asked what Microsoft had to gain from altering an MIT
| license. You're answering a different question. But,
| fine, I'll bite: tell me how Microsoft stood to make a
| nickel by modifying an Apache license.
| chris_wot wrote:
| Um, it changes the ownership? If they wanted to relicense
| it, then they could say "well, hey, it's our license!".
| tptacek wrote:
| The MIT license puts essentially no restrictions on them
| that they would need to relicense out from under. They
| can't un-MIT it. So I'm still not clear on how you
| propose for them to make money by doing this. Do you have
| an answer to my question?
| chris_wot wrote:
| If they can change the copyright ownership from an
| individual to themselves, then they could (however
| unlikely) change the license on subsequent revisions to
| no longer provide the software free of charge, and could
| prevent anyone from using the software and associated
| documentation files in an unrestricted form.
| mlyle wrote:
| > then they could (however unlikely) change the license
| on subsequent revisions to no longer provide the software
| free of charge,
|
| You don't need to change the "ownership" to do this. MIT
| licensed software can be put under more restrictive
| licenses for subsequent revisions by _anyone_.
| m3047 wrote:
| I think the OP is playing 20 questions for their own
| entertainment. I think what they're not telling you is
| that there's nothing to prevent someone from making a
| closed-source product incorporating something which is
| MIT licensed (but they're still supposed to give credit
| where due). That's also not the whole story. Squirrel!
| tptacek wrote:
| If they don't know the answer to the question I actually
| asked, all they have to do is not answer it. I object to
| the notion that I'm the one playing games here.
| m3047 wrote:
| They're asserting ownership. By asserting ownership they're
| converting good will and assuming the mantle of authority,
| which will sway plenty of weak-minded people: hey it's
| Microsoft.
| tptacek wrote:
| I see how that gets them a C-grade Mastodon lyric, but
| not how it gets them a nickel. Did I ask this question in
| a particularly weird way? The responses it's getting are
| a little confusing.
| fault1 wrote:
| also, never forget CP/M: https://www.wired.com/2012/08/ms-
| dos-examined-for-thef/
| junon wrote:
| The difference is, most engineers I know respect and understand
| licenses. If you work at Microsoft - a software company - you
| should too.
| nomel wrote:
| Respecting a license is completely orthogonal to the
| unintended behavior of an automation used on something it
| wasn't really meant for (fork rather than a new repo)
| drnonsense42 wrote:
| Yeah, get that promotion! Developers, developers, developers!
| hdjjhhvvhga wrote:
| I think your comments does not add anything meaningful to
| discussion. Yes, Microsoft screwed up. Yes, a Microsoft
| employee is trying to make excuses for them. This does not
| mean we couldn't have a civilized discussion, though.
| [deleted]
| hackertux wrote:
| All discussions are civilized until you start throwing
| stones at each other.
| dang wrote:
| Posting like this will get you banned here, so please don't.
| It's not what this site is for, and it destroys what it is
| for.
|
| https://news.ycombinator.com/newsguidelines.html
| [deleted]
| akkartik wrote:
| It's a bug, but it's also an example of what I think of as
| _differential accountability_ :
|
| * Bugs in the bot inevitably assign ownership to the writer
| rather than from the writer.
|
| * Bugs in the billing system invariably overcharge customers
|
| * Bugs in the image recognition system invariably select white
| people.
|
| Well-meaning people still follow their incentives. Corners have
| to get cut somewhere.
|
| I totally agree this isn't specific to MS. We have seen the
| enemy, and it is us.
| m3047 wrote:
| I believe "moral hazard" is the term of art for what you
| describe.
| akkartik wrote:
| Approximately. Moral hazard typically refers to sins of
| commission. Deliberately taking on more risk because you're
| insured. Here I'm thinking more of sins of omission. You
| just forgot to do something. You didn't have enough
| attention to devote to the task, so you rationally
| apportioned the attention budget to the areas most likely
| to be checked by others.
| micimize wrote:
| This isn't true - the only billing system bug I've seen
| undercharged. Also if it was an overcharge, they would have
| made customer whole, whereas they wrote off the undercharge.
|
| Microsoft doesn't really gain anything here - there's a clear
| "forked from" qualifier in the repo, they aren't republishing
| these packages, etc. The only people who noticed noticed in a
| negative light.
| akkartik wrote:
| To reiterate, I'm not saying there's malicious intent in
| any single bug. Yes, billing errors don't lead to more
| revenue for the firm. I'm describing rather a systemic bias
| in incentives for the people doing the work (programmers)
| and supervising the work (managers).
| aynyc wrote:
| There are genuine mistakes, and there are some due to
| incompetency. Both can be somewhat execused.
|
| However, if you look at the changelog, I don't know how you are
| gonna say with a straight face that it's a "mistake".
| laumars wrote:
| This isn't just one person making a silly mistake. This is a
| catalogue of failings. Where's the peer review? Are you
| suggesting that anything published in the main branch on
| Microsoft's GH org gets commit without any branch protection?
| And as pointed out by others, this isn't even an isolated case.
|
| A healthy org doesn't blame individuals, it blames failures in
| process. Thus Microsoft should own this mistake. Stating it's
| the fault of an individual sounds more like your team operates
| a blame culture. Which, frankly, is a major red flag for a
| failing organisation.
| res0nat0r wrote:
| It's an automated bot, and it's an edge case that wasn't
| considered and is going to get fixed soon.
| laumars wrote:
| I'm satisfied that the situation has been, or at least will
| be, resolved.m however there is still the unanswered
| question of who audits the changes the bot makes.
|
| There is a definitely lesson to be learnt here that bots
| aren't infallible themselves and thus need reviewing too.
| Automation undoubtedly enhances our developer experience
| but we do need to ensure that automation doesn't make
| unchecked changes. This is something a great many engineers
| can learn from too.
| timeon wrote:
| Is forking on Github edge case?
| res0nat0r wrote:
| Apparently forking a 3rd party repo INTO the Microsoft
| github org is, yes.
| [deleted]
| blihp wrote:
| Microsoft is a rather special case of a company that has
| virtually no goodwill in the open source world. These are the
| dividends that result from statements and actions over decades.
| So when something like this occurs, the default reaction is
| often 'of course... it is Microsoft after all'.
| faangiq wrote:
| MS and other bigcos have a history of being evil. It's the
| correct assumption.
| bakul wrote:
| How is running a bot to change _copyright notices_ a
| /mistake/?
|
| > Full disclosure: I work for MS
|
| It is difficult to see the reality distortion field you are in
| from the inside.
| dado3212 wrote:
| when $new_repo in $msft_github: echo $standard_license >
| LICENSE.md
|
| Could just be normal practices, and doesn't check if a
| license already exists because it's usually handling non-
| forked OSS repos. What's the phrase? "Never ascribe to malice
| that which is adequately explained by incompetence".
| michaelmrose wrote:
| When someone is a professional paid 150-200k it's hard to
| argue that they just forgot to check to see if a license
| exists.
| dado3212 wrote:
| I don't know why people assume the more money you make
| the more infallible you are. Trust me that every FAANG
| engineer has written code with some similar pitfall that
| seems so obvious from the outside.
| dangrossman wrote:
| They forgot that a bot may overwrite the license when
| they fork a repo. That's different from forgetting to
| check if a license exists.
| dang wrote:
| This breaks several of the HN guidelines and crosses into
| personal attack. We ban accounts that post like that, so
| please don't.
|
| https://news.ycombinator.com/newsguidelines.html
| yawnxyz wrote:
| I used to work for MS and... it's still easy to see it from
| the inside lol
| newjersey wrote:
| I don't work at Microsoft but I can confirm. There are so
| many "suggestions" for Microsoft Teams. I don't know if
| there exists another company whose employees are more
| critical of Microsoft Teams than Microsoft.
|
| My personal conspiracy theory is Teams would have died long
| ago if not for strong support from the top.
| tyrrvk wrote:
| Teams is garbage, every time I use it I loathe computing
| in general.
| fault1 wrote:
| teams seems important strategically for microsoft
| however, if it truly wants to remain as the standard
| 'operating system' for enterprises.
|
| but yeah, friends of mine who work at github say the
| worst thing about the acquisition was Teams
| hirsin wrote:
| Which is odd because Github doesn't use Teams, they're
| Slack based. As in, if I set up a meeting with my Github
| counterparts they're late because they had to install
| Teams.
| jounker wrote:
| How is this inconsistent with "Teams is awful, and we
| avoid it as much as possible"?
| bananamerica wrote:
| It is reasonable to have different expectations from large
| corporations with enormous resources than you would have for an
| independent developer.
| windexh8er wrote:
| Microsoft, a collective group of people trying to do the right
| thing, has made many choices over their time. Many of those
| choices have been in direct violation of things like, but not
| limited to, the spirit of the Internet, anti-competiton, spying
| on their customers, and many other negative things. Should we
| have let those things slide because Microsoft employs others
| that weren't involved? No. You can say this may have been a
| mistake but that is a slippery slope. Microsoft deserves
| negative press on "mistakes" because this acts as a balance to
| keep the power they wield in check. Beyond that you have a
| significant bias against biting the hand that feeds.
| micromacrofoot wrote:
| if I did this to microsoft do you think I'd be granted the same
| leeway? could I tell them they need to cut me some slack
| because i'm one person and "there's a process"?
| throwaway277432 wrote:
| This _is_ their process. Very hard to argue these are all
| mistakes:
|
| ippsample (Apache -> MIT)
| https://github.com/microsoft/ippsample/commit/938bff17c72868...
|
| huggingface-transformers (Apache -> MIT):
| https://github.com/microsoft/huggingface-transformers/commit...
|
| health-cards-tests (MIT changed)
| https://github.com/microsoft/health-cards-tests/commit/5649b...
|
| CUPS (Apache -> MIT)
| https://github.com/microsoft/cups/commit/ad69bcc78bdea3fea3f...
|
| Credit to this reddit comment:
| https://www.reddit.com/r/opensource/comments/roa9xz/comment/...
| verst wrote:
| This is a bot that is supposed to configure the right license
| when employees _start_ a new repo in the Microsoft GitHub
| org.
|
| It seems the automation is also triggered when Repos are
| forked into the Microsoft GitHub org which isn't correct
| behavior.
|
| This isn't a deliberate action. If it were plenty of
| employees (myself included) would be outraged. I assume it's
| a bug in the bot - an edge case that was not considered. It
| is very rare to fork something into the Microsoft GitHub org
| after all.
|
| I'll pass it along to some people I know.
| [deleted]
| micimize wrote:
| These forks may be done for security purposes for projects
| that use source-based build systems so that the depending
| project doesn't have 3rd party repo dependencies.
|
| As someone whose developed similar GH integrations, getting
| things right with their API is fairly tricky. What would
| actually be desirable is public-to-private forks so that
| the fork-dependency pattern is more enterprise friendly and
| this kind of confusion is mitigated.
| [deleted]
| tbrock wrote:
| Why would anyone write that so it changes the license to
| the right one instead of just flagging it as incorrect for
| review?
| chris_wot wrote:
| Have you considered that the reason for the outrage is
| because people don't actually trust Microsoft to do the
| right thing? I can see this is a mistake, but surely the
| litany of awful business practices by Microsoft in the past
| precedes it?
| verst wrote:
| I didn't say anything about the outrage of others. I said
| a deliberate license change would be unacceptable to
| employees.
|
| I'm no official representative of Microsoft...
| rStar wrote:
| chris_wot wrote:
| Sorry, I didn't mean to imply you were. But no offense,
| so what if it isn't acceptable to employees? The
| decisions by Microsoft are made by the management of the
| company. As an example of another company with severe
| credibility problems, I'm sure there are plenty of
| employees at Facebook who don't like working there now,
| but they are still there. And still implementing the
| policies and directions of management.
| throwaway277432 wrote:
| Thank you. So these are in fact all mistakes.
|
| I looked at some of the other forked repos (95 out of 4.5K
| repos) and all the human commits from MS I saw seem to care
| about getting the licenses right. So it really is just a
| broken bot.
|
| I hope the bot can be fixed soon and I'm going to put my
| figurative pitchfork down now.
| verst wrote:
| I'll consider it an unusual bug report.
|
| Hopefully the bot can be fixed soon and the affected
| licenses changed back.
|
| Realistically I'm not sure folks are working over the
| holidays, so give it a bit of time :)
| ognarb wrote:
| Look at https://github.com/microsoft/cups/commit/8100595a
| 3a3a6d5c7d0... . This was done by an human.
| mst wrote:
| As noted elsewhere in this thread this one looks like
| human misunderstanding and has already been raised
| internally for fixage.
|
| Shame it slipped through the cracks, but at scale
| eventually something's going to no matter how hard you
| try.
| btdmaster wrote:
| Are they deliberately getting their modifications under
| an pseudo-incompatible* license? This is the only
| reasonable explanation I can think of.
|
| * IANAL. Although Apache 2.0 and MIT are compatible,
| using a different license makes it awkward for changes to
| be merged upstream.
| ognarb wrote:
| The biggest change between Apache 2.0 and MIT are related
| to patents. INAL but the Apache 2.0 is a lot more safe in
| this aspect.
| lazysheepherd wrote:
| Things break all the time, so errors will happen.
|
| If you look at life as good & evil, you won't solve any
| conflicts. You should rather focus on "incentives".
| Correcting bugs and errors take time and other resources,
| therefore require incentive to prioritize. If their bots
| were to stamp Microsoft projects with open source
| licenses, there would be huge incentive for them to
| tackle this problem within this sprint, and make sure it
| never happens again.
|
| This bug profits them, or does not harm them at worst
| case. Therefore, by drawing attention and applying
| pressure, we should create the incentive for them to
| allocate resources to fix it, and make sure it does not
| repeat.
| verst wrote:
| I reached out to Jeff Wilcox who runs the Open Source
| Programs Office now earlier (see Tweet https://twitter.co
| m/berndverst/status/1474789173882089472?s=...).
|
| He since commented on this post with a lot more detail.
| throwaway277432 wrote:
| He wrote a great response. Not many people I know would
| stand in front of a online mob and say "It's code that I
| wrote". And then fix it on Christmas!
|
| While I'm glad this got resolved so quickly, I'm slightly
| ashamed of myself and the HN community for how we handled
| this. In hindsight the outrage was wildly out of
| proportion for a simple bug.
|
| I'll make a mental note to do better in 2022.
| tptacek wrote:
| Thanks for saying this.
| michaelmrose wrote:
| How can someone be so bad at their job that they realize
| that a bot that writes to the license file needs to avoid
| overwriting an existing file? A certain degree of
| malfeasance cannot possibly be explained as incompetence.
| wiredone wrote:
| This is the type of online rage that we as a community
| need to stamp out.
|
| Be better.
| dang wrote:
| I agree with you in principle but "stamp out" and "be
| better" are phrases that produce the opposite of what
| you're aiming at. We're trying to avoid the online
| callout/shaming culture here.
|
| https://hn.algolia.com/?sort=byDate&type=comment&dateRang
| e=a...
| dang wrote:
| Please don't pile on like this. You can make your
| substantive points without "how can someone be so bad at
| their job" hyperbole. Any mistake can be made to look
| terrible if you're uncharitable enough.
|
| https://news.ycombinator.com/newsguidelines.html
| jolux wrote:
| > A certain degree of malfeasance cannot possibly be
| explained as incompetence.
|
| This is a missing conditional check, a mistake that is
| extremely easy to make and one I'm sure you've made at
| least once if you've been a professional programmer for
| any significant length of time.
| [deleted]
| csunbird wrote:
| or maybe they do not know/they missed that creating a
| fork from an existing project actually triggers "new repo
| created" event in the github organization, which has an
| unintended effect.
| michaelmrose wrote:
| A year later?
| akyoan wrote:
| Shh people don't like to be wrong, don't waste your
| fingertips.
| [deleted]
| phendrenad2 wrote:
| Wrong. The more links, the easier it is to argue that it's a
| mistake. Automation is hard, you know? Especially if no one
| noticed these and called them out on it until now.
| fivea wrote:
| > Wrong. The more links, the easier it is to argue that
| it's a mistake. Automation is hard, you know?
|
| Is it wrong though? I mean, if Microsoft's reiterated
| pattern of license switches is automated, wouldn't this
| also mean that the error would be easily detected based on
| public feedback alone? And given this was not the first or
| second or third separate and independent occurrence of this
| pattern, if this was a honest mistake then wouldn't this
| already be addressed in any of the multiple past shout-out?
| nomel wrote:
| > wouldn't this also mean that the error would be easily
| detected based on public feedback alone
|
| Please see the entire public feedback you're a part of
| right now.
| throwaway277432 wrote:
| (deleted)
| Tyriar wrote:
| MS acquired that extension, Don works at MS now.
| throwaway277432 wrote:
| You're right. Saw the reviewer on that PR but you were
| too quick and I couldn't delete my comment anymore.
| Tyriar wrote:
| MS dev here. Thanks for calling this out. I contacted the
| GH@MS admins to look into this and to consider adding some
| safeguards to the tooling so this doesn't happen in the
| future.
| michaelmrose wrote:
| How is it remotely possible to not understand you cannot
| automatically overwrite a license file with your own. If
| you yourself were creating such automation wouldn't that be
| one of the first and most obvious things you would think
| of?
| mlyle wrote:
| If you think of the use case of forks, sure.
|
| If you think of employees creating new repos in the
| org--- smash the correct LICENSE in there ASAP.
|
| The problem is that forking a different repo into the org
| triggers the logic of a "new repository".
| wise_young_man wrote:
| A simple solution prior to writing to a file in this case
| is to check if it already exists. It shouldn't matter
| what triggers this bot if it's programmed safe and
| idempotent.
| mlyle wrote:
| Nuking the existing LICENSE file and replacing with the
| canonical one is a good move when it's your own
| developers' work.
| dpark wrote:
| So your simple solution is to not have the bug. Wish I'd
| thought of this for all the bugs I've ever shipped.
|
| Disclosure: Microsoft employee who sometimes writes bugs.
| dpark wrote:
| Do you never write code with bugs or do your employers
| just judge you much less harshly than you judge others?
|
| > _If you yourself were creating such automation wouldn
| 't that be one of the first and most obvious things you
| would think of?_
|
| Probably not, because it sounds like this was not
| intended to ever run on forked repos at all.
| ordiel wrote:
| And so ther revert the ones done in the past I hope...
| rStar wrote:
| [deleted]
| [deleted]
| lostsoul8282 wrote:
| I highly agree with this.
|
| Everytime I've taken the route that there is some evil, no good
| as come out of it but when you give a group of people the
| benifit of the doubt, I would argue the majority of the time
| it's just a mistake.
| DarkmSparks wrote:
| productceo wrote:
| +1
|
| This is the peril of the imaginary "corporation" identity.
| People expect a company to be one coherent and consistent
| entity, but although a company can be managed well, establish
| culture and processes, and progress towards cohesion, it can
| never become as coherent as one person. And a person is not
| that coherent in the first place.
|
| I am sure I subconsciously make the same mistake when I think
| about other companies. But I am making conscious effort to get
| better, take a more forgiving view on the humankind and give
| people as well as corporations chance to try again and be a
| better version of themselves, build the mental capability to
| remember that corporations are comprised of real people, and
| people make mistakes, and reasonable people who make up the
| majority of the population are constantly seeking (just
| struggling) to be better versions of themselves.
| halayli wrote:
| I am finding it hard to accept that it is an honest mistake.
|
| From my personal experience, every software engineer that works
| in a company of this scale is obligated to take a training
| course on software licensing and understand the differences,
| and the "dos and don'ts".
|
| If Microsoft doesn't have such a program in place then that's a
| big problem and should expect harsh criticisms when such events
| take place and if they do then it probably needs to be revised
| because it doesn't seem adequate.
|
| On the other hand, outside the context of MS, if a software
| engineer doesn't feel they are doing something dirty as they
| are replacing the license or the thought of I might get in
| trouble with legal doing that doesn't cross their mind, then
| they probably shouldn't be allowed to be at the front line
| taking actions that represents the company's name.
| curious_cat_163 wrote:
| There is not an attitude for the whole thread. Understandably
| you feel defensive but there is no need to.
|
| If you care about this issue, try to get it fixed within your
| company and move on.
| johncena33 wrote:
| You should see how HN would react if Google has done anything
| remotely close to it. If it was Google your comment would be
| downvoted to oblivion instead of being the top comment. Not to
| mention you'd be disparaged for protecting your employer.
| victorvscn wrote:
| I feel like the only people with an attitude against Microsoft
| these days are teenagers trying to look edgy and critical
| thinking or pretending they are insiders.
|
| I don't work for Microsoft.
| [deleted]
| hatware wrote:
| The road to hell is paved with good intentions.
| johnisgood wrote:
| > I know hundreds of people and most of them are upstanding and
| try to do the right thing.
|
| How can you work for Microsoft AND do the "right" thing? I
| guess it depends on your role, but still...
| indymike wrote:
| Microsoft has lawyers and more layers of management than
| grandma's lasagna.
| MrStonedOne wrote:
| skywhopper wrote:
| Folks who work at mega corporations with outrageous amounts of
| power have a correspondingly large responsibility to the
| communities they interact with. Their mistakes have a much
| larger impact. Honest mistakes by hugely powerful entities are
| not mere trivia. They have an effect on the rest of the world
| commensurate with their power. Thus they should be held to a
| much higher standard than everyone else.
| jrmg wrote:
| _But when someone at Microsoft makes a mistake..._
|
| For many it's not just Microsoft. Many assume negative intent
| from others most of the time. It much be such a frustrating,
| draining way to live.
| michaelmrose wrote:
| Few people are likely to know <insert employee here> but many
| people are very familiar with decades of bad behavior
| undertaken by Microsoft not as isolated misdeeds but as a
| matter of policy. Lacking personal context misdeeds or mistakes
| are extremely apt to be interpreted in context of literal
| decades of bad behavior by Microsoft.
|
| I mean come on the seismic change in leadership at Microsoft is
| just former lower echelon leaders during the time frame that MS
| was doing wrong now moving up and taking the helm.
|
| We are after all talking about the company that tried to
| destroy the competition by funneling money into a fraudulent
| lawsuit/pr campaign that was a front for a pump and dump. The
| only thing separating MS leadership and felony charges is
| meeting notes between them and SCO and the fact that important
| people don't go prison in the US if can at all be avoided. Lest
| we forget the current CEO was at this time an executive VP as
| well.
|
| Maybe it boggles your mind merely because you yourself are an
| ethical person who comports themselves properly professionally
| and would want people to see your efforts good and bad in
| context of who you are. This is entirely reasonable but people
| don't know you personally whereas your company makes headlines
| for bad behavior.
| dpweb wrote:
| You have to take "companies doing good" always with a grain of
| salt. They're profit seeking companies, who act aggressively in
| their own interests.
|
| It doesn't have to be a debate on "good vs evil" I've always
| hated those terms applied in these contexts, it's childish and
| for the naive. Fix the problem and move on.
| michaelmrose wrote:
| A company is merely a useful legal and organizational
| fiction. It's all people all the way down and those people
| don't act in a different moral context when they act on
| behalf of a company.
| gausswho wrote:
| 'Profit-seeking companies' begs a common pejorative that
| actively reduces the variety in the pool of companies. It may
| not be descriptive of the companies for which this is not an
| overarching motivation. Many of them really want to make a
| happy customer by crafting as good a thing possible for the
| price they charge, and be well by their employees.
|
| That said, I can relate the the cynicism especially for the
| giants. But painting them all as 'profit-seeking
| corporations' may deaden a satisfaction that comes from being
| a customer for a company you believe is good.
| [deleted]
| beervirus wrote:
| Y'all are not entitled to the benefit of the doubt any more
| than obviously-evil companies like Facebook are.
| dang wrote:
| We've banned this account for repeatedly breaking the site
| guidelines and ignoring our requests to stop (most recently
| https://news.ycombinator.com/item?id=29501677).
|
| If you don't want to be banned, you're welcome to email
| hn@ycombinator.com and give us reason to believe that you'll
| follow the rules in the future. They're here:
| https://news.ycombinator.com/newsguidelines.html.
|
| We particularly don't want the online callout/shaming culture
| here. nhttps://hn.algolia.com/?sort=byDate&type=comment&dateR
| ange=a...
| voakbasda wrote:
| For those of us that remember the "old" Microsoft, they are
| _still_ obviously evil. Nothing they have done will change
| that view. Incidents like this prove that this zebra cannot
| change its stripes.
|
| Never. Trust. Microsoft.
| beervirus wrote:
| I mean yeah. But for a few years there, they were at least
| not as obviously horrible as they used to be, or as some
| other companies were.
| __MatrixMan__ wrote:
| If you had a history of behaving as badly as Microsoft, I'd be
| as harsh on you as I am on Microsoft.
| caslon wrote:
| [deleted]
| 3np wrote:
| Along similar lines as my comment here:
| https://news.ycombinator.com/item?id=29684127
|
| ...Given that several engineers employed at Microsoft have been
| part of armchairing this along everyone else now, why is not
| one of y'all (not necessarily you but come on, this is getting
| absurd, holidays aside) still just busy discussing around it
| rather than spending the <5 minutes required per repo to start
| actually fixing the fallout of it?
| [deleted]
| [deleted]
| kyruzic wrote:
| It literally shouldn't be possible for them to do this. This is
| theft plain and simple. Why would anyone manually change a copy
| right from a persons name to Microsoft? There is no
| circumstance where that is acceptable.
| dangrossman wrote:
| Nobody manually changed a license. The commits were made by a
| bot named "microsoftopensource" that exclusively adds copies
| of Microsoft's license file, support file, readme file and
| code of conduct to every new repository under their account.
| Brave-Steak wrote:
| ErikVandeWater wrote:
| Microsoft is nearing 50 years of experience designing business
| processes, and has basically unlimited access to top tier
| talent. If the company had cared, it could have easily designed
| a process to prevent this kind of mistake. But this mistake
| doesn't negatively affect the bottom line so here we are.
| [deleted]
| GrinningFool wrote:
| Most processes for that type of thing come about only after
| someone has made a mistake.
|
| Source: experience in the industry. Including having made a
| similar mistake myself a couple of years back (and receiving
| a fair bit of internet hate for it)
| ErikVandeWater wrote:
| Processes are built ahead of time if people take a risk
| seriously.
| GrinningFool wrote:
| This is also true and is not mutually exclusive. People
| and organizations are fallible - much process is
| developed from learning.
| [deleted]
| [deleted]
| SquishyPanda23 wrote:
| I'm just curious, is Microsoft actually in violation of the MIT
| license here?
|
| All future changes to this repo are copyright Microsoft, so
| Microsoft's copyright should be in the statement.
|
| Arguably there should be an additional statement indicating
| that LesnyRumcajs holds copyright to bits of code that
| Microsoft hasn't changed.
|
| But
|
| (1) exactly which bits have LesnyRumcajs's copyright would have
| to be verified by examining source control history. Since
| LesnyRumcajs's copyright statement is visible on any commit
| where LesnyRumcajs holds copyright, this setup makes actually
| makes it easy to verify which portions LesnyRumcajs has
| copyright claims on.
|
| (2) Including LesnyRumcajs's copyright statement in repo
| history seems to be all that the MIT license requires. The
| license doesn't forbid there being another more easily
| accessible copyright notice that doesn't list all copyright
| holders. It only requires that LesnyRumcajs's statement be
| included in all copies of the software, which it currently is.
| esrauch wrote:
| What you're saying doesn't make any sense. If what you're
| saying was true you could take any MIT repro, fork it and
| replace the license with a fully proprietary copyright claim
| or any other license. You absolutely can't take code and just
| change the license to anything more permissive without the
| original copyright holders permission.
|
| It's definitely the case that at a given snapshot of the
| repository which has copyrighted code owned by someone else
| the copyright notice has to be there at that same revision.
| psyc wrote:
| Ok. I worked at MS from 2005-2015. As I recall, there was this
| huge formal legal process and due diligence around including a
| single line of open source code. Is that not still the case? Am
| I remembering it wrong?
| robbedpeter wrote:
| Github changed everything. All sorts of automation and open
| source involvement happened, with new bots and systems.
| psyc wrote:
| Y'know, it actually slipped my mind that Microsoft
| transformed into a much more open-source friendly company.
| That makes some sense now.
| IsThisYou wrote:
| Try running an illegal copy of Office or Flight Simulator "by
| mistake" and see what happens.
| tiahura wrote:
| FS I'm not sure about. Office goes into massive nag mode.
|
| What's your point?
| [deleted]
| mradmin wrote:
| Seems like a mistake to me. Microsoft recently adopted one of my
| Open Source projects and part of the agreement was they would
| keep the original license. This was a request on their part, I
| had no choice in the matter. They know what they're doing, I
| don't think they would do this deliberately. (Licence here:
| https://github.com/microsoft/vscode-gradle/blob/main/LICENSE...)
| motoboi wrote:
| Microsoft is not a person. And, by its size, is not a single
| entity with homogeneous values and procedures.
|
| You interacted with one part of Microsoft, maybe we are seeing
| the works of another part.
| mradmin wrote:
| Sure, could be. I guess i'd expect Microsoft to have company-
| wide processes and practises when working with OSS though.
| Could be wishful thinking.
| johnklos wrote:
| This is a perfect example of a huge company using the cover of
| bullshit to do whatever they want.
|
| "Oops. We f*d up? Well, you can't talk with a human unless you
| pay us lots of money. Oh - you don't have money for a lawyer?
| Tough. Good luck getting through our layers of trained monkeys."
| aoetalks wrote:
| A PR reverting this is already approved and merged:
| https://github.com/microsoft/grpc_bench/pull/1
|
| Thanks, 3np
| uda wrote:
| This isn't a mistake, stop calling it that.
|
| Yeah, the individual developer forking into the Microsoft
| organization might have not known what the bot does or how it
| harms the community, but the people litigating the bot knew very
| well what they were doing, and they are to blame for this.
|
| The MIT or Apache allow free use, use, not re-attribution, if you
| wanna add your name by attaching years to the lines, go ahead, it
| is your right. But removing the original developer's copyright
| DOES go against the license, and Microsoft should be held
| accountable by the community for that.
|
| How do we hold Microsoft accountable for what they do? we don't
| collaborate with them on "their" open source projects, we don't
| use "their" open source products.
|
| Yes, I do realize that some people find some MS developed tools
| useful, like VS Code, but I want to remind you that this was
| developed by others before, the only reason they got a hype is
| because they pushed it and you all rallied around it, so come on,
| we do just fine without the mighty patron Microsoft.
|
| (Edit: added "it" and "out")
| dls2016 wrote:
| Embrace, extend, extinguish.
|
| https://en.wikipedia.org/wiki/Embrace,_extend,_and_extinguis...
| rvz wrote:
| I did warn everyone that Microsoft has gotten smarter and is
| 'using' open-source and Linux for EEE. We know how they
| embrace and extend.
|
| _Extinguish_ basically now means:
|
| _' We fork the best open-source tools and they sit on our
| cloud and are more secure and scale better than if you self-
| hosted it, and is completely free to use.'_
|
| Paid competitors can't compete or will struggle to compete
| with free, given that it is open-source and more secure and
| is sitting on the cloud and scales. Lastly, nobody got fired
| for buying products with Microsoft(r) stamps.
| dang wrote:
| It seems to have very plainly been a mistake, and your comment
| broke the site guidelines. If you wouldn't mind reviewing
| https://news.ycombinator.com/newsguidelines.html and taking the
| intended spirit of the site more to heart, we'd be grateful.
| 37ef_ced3 wrote:
| The larger issue is that anyone using GitHub is donating their
| work for re-use without attribution through Copilot.
|
| In return, you receive hosting from GitHub.
|
| The writing is on the wall. You MUST host your own code on a
| stand-alone website.
|
| Here is an example. This Go program (a compiler) generates and
| serves its own website: https://NN-512.com
|
| It runs on a Linode shared CPU cloud instance that costs $5 per
| month: https://www.linode.com/pricing
|
| Another example, look at what Fabrice Bellard does:
| https://bellard.org
| phendrenad2 wrote:
| That "issue" is unrelated. You've just hijacked the thread to
| talk about it.
|
| Also the point you're making is controversial, and definitely
| isn't widely agreed on. As a human, I can read public code on
| Github, and use my internal neural network (brain) to
| regurgitate sections of code, and don't need to attribute
| anyone (who can say which codebase I'm recalling code from? I
| certainly can't). So a neural network doing the same thing, but
| external to a human, is certainly questionanble, but it isn't a
| cut-and-dry case of copying without attribution.
| Zababa wrote:
| You're making a false equivalence between copilot and a human
| brain. Neural networks are programs, programs don't have the
| same rights as humans. Implying the opposite is even more
| controversial than saying that copilot should respect
| licenses.
|
| Also, humans sometimes have limitations on what code they
| should have seen. It's common in the emulator community to
| forbid anyone that has seen proprietary code from working on
| black-box implementations to avoid legal issues.
| 37ef_ced3 wrote:
| "Unrelated"?
|
| Microsoft's automated violation of "no use without
| attribution" licenses?
|
| You can't see the connection?
|
| Please. Surely it's obvious to everyone but you.
| [deleted]
| coliveira wrote:
| This is a feature in fossil since the beginning. And fossil is
| good enough to be used by sqlite, it could be used by other
| projects.
| CyberShadow wrote:
| > Here is an example. This Go program (a compiler) generates
| and serves its own website: https://NN-512.com
|
| Not a very good one - clicking the link produces a download
| dialog on Firefox (I'm guessing because the website neglects to
| indicate a Content-Type).
|
| Ironically this is an argument against trying to do everything
| yourself - you might waste time chasing the long tail of
| thousands of little details that had been solved many times
| over elsewhere.
| forgotpwd16 wrote:
| >clicking the link produces a download dialog on Firefox
|
| Works fine for me (v90/Linux).
| y4mi wrote:
| It does work with Firefox on my end...
|
| Also hosting it yourself doesn't mean that you do everything
| yourself.
|
| It would definitely spawn build plugins that do most of what
| you need if this practice actually establishes itself.
| 37ef_ced3 wrote:
| It works for everyone except you. The Content-Type is right
| there, in the header.
|
| Coincidentally, you seem to have an issue with everything I
| said.
|
| You defend Microsoft, here and in other parts of this thread,
| as they sell the work of open source authors without
| attribution and in violation of explicit license statements
| in the code.
|
| Are you employed by Microsoft?
| CyberShadow wrote:
| > It works for everyone except you. The Content-Type is
| right there, in the header.
|
| I don't know what to tell you. It's not there.
|
| https://dump.cy.md/9b2a31fa5184397159fe42a85c197242/1640447
| 6...
|
| It is there if I check with cURL, though.
|
| Edit: looks like this bug is triggered by the absence of
| Accept-Encoding in the request. When the server compresses
| the response, it neglects to include the Content-Type of
| the compressed content.
|
| > You defend Microsoft, here and in other parts of this
| thread, as they sell the work of open source authors
| without attribution and in violation of explicit license
| statements in the code.
|
| I did no such thing. Please stop.
| 37ef_ced3 wrote:
| So, would you please acknowledge here that you are a
| Microsoft employee?
| CyberShadow wrote:
| I am not, and have never been a Microsoft employee.
|
| You can search online for my name / username to find my
| open-source contribution history, if you would like.
|
| I hope that sufficiently answers your query.
| 37ef_ced3 wrote:
| Microsoft investor, then.
|
| You own MSFT shares directly (not through an index fund).
|
| Please acknowledge it here.
| CyberShadow wrote:
| I own zero shares of anything directly or indirectly.
| 37ef_ced3 wrote:
| Big fan of Copilot, then?
| CyberShadow wrote:
| No. I am not in the program nor requested access.
|
| This is my last reply in this subthread; feel free to
| assume the same answer for all questions along the same
| line.
|
| I also invite you to review the HN comment guidelines:
| https://news.ycombinator.com/newsguidelines.html
| workOrNah wrote:
| you just keep digging your own grave lol
| wellthisisgreat wrote:
| Is the copilot thing true for paid accounts as well?
| judge2020 wrote:
| All public repos were included in the dataset.
| wongarsu wrote:
| afaik copilot is trained on all public repositories.
| Paid/free doesn't play into it
| judge2020 wrote:
| If you treat copilot like a human, and you ask it a question (
| like "#find median of list") that human either (A) will put
| together all the things they've learned over thousands of hours
| of simply looking at code in the programming language and how
| the syntax works, then provide a new code block, or (B)
| remember "oh, I remember this extract string of text and what
| comes after it. Here's the next 10 lines from that snippet". In
| that B scenario, would the human be infringing on the
| original's copyright? Arguably yes; but is situation (A) also
| copyright infringement, or is it like getting code help from a
| friend?
|
| In these situations, whether it be originating from a human or
| robot, the knowledge comes from looking at public code on
| GitHub and it's always been a risk that your public code might
| not be used with proper attribution at some point. Think about
| how many OSS projects have core code and algorithms copied
| daily by companies with no public name and keep all of their
| source code private - it's surely caused more damage than
| CoPilot ever will.
| chongli wrote:
| As a human, if you memorize a book word-for-word and later
| reproduce whole passages of the book in your own writing then
| that is considered plagiarism and copyright infringement. It
| does not matter that you stored it in your human memory
| before reproducing it.
|
| The test to use is to imagine you're writing an essay in
| college. If your essay contains unattributed passages from
| another work then the professor will not care that you
| memorized them rather than just copying and pasting the text.
| In order to be in the clear you need to properly quote and
| cite the original author.
|
| GitHub copilot does not provide attribution. All it does is
| obfuscate the original source to make attribution impossible.
| Copyright lawyers ought to have a field day with this one.
| fault1 wrote:
| I think the answer is: we don't know the copyright
| consequences of copilot yet. It's certainly a legal gray
| area, and it has not been challenged in court yet.
|
| There are quite a few companies where copilot and copoilot-
| like technologies seem radioactive at least for the moment.
| pbhjpbhj wrote:
| _the following is my personal opinion, unrelated to my work_
|
| >In that B scenario, would the human be infringing on the
| original's copyright? //
|
| Depends on jurisdiction but in general I'd say no as quoting,
| particularly an insubstantial portion, is allowed (certainly
| under USA Fair Use, possibly under UK Fair Dealing).
|
| However, and again depends on jurisdiction, copying a whole
| work to use for AI training or searching can be restricted
| (though it's on the GitHub license in this case). The snippet
| might be allowed but copying into a training corpus may be
| excluded (I think UK have an exception for AI training, but I
| may have misremembered, it might be a suggestion??).
| echelon wrote:
| I'm including licensing notices in several of my private
| repositories to prevent inclusion in ML training data sets.
|
| I might put this in my public ones as well.
| 999900000999 wrote:
| To be honest, can't humans go through various open source
| repositories and copy the bits they like?
|
| If you don't like that,don't release your code as open source.
| I'm not going to host my open source projects on my own
| website. That's just hard, it's much more difficult to get
| people to check it out if it's on Broblog.net
|
| I personally don't believe extremely short code snippets, like
| the ones copilot tends to copy are problematic.
| nerdponx wrote:
| This is the same fallacy behind the argument that we
| shouldn't care about privacy, because it's always been
| possible to track and surveil individuals.
| 999900000999 wrote:
| Do you want to write open source software or not?
|
| Here.
|
| def add( x, y): return x + y
|
| I don't want to live in some dystopia where we have dozens
| of lawyers deciding who owns that above code snippet. If
| Amazon wants to use that snippet, fine, you can use it,
| etc.
|
| All Co Pilot does is optimize taking code snippets from
| different sources.
| nerdponx wrote:
| I have no idea what point you are trying to make.
| rustc wrote:
| > The writing is on the wall. You MUST host your own code on a
| stand-alone website.
|
| How would self hosting your code prevent Microsoft/GitHub from
| using it in the Copilot training dataset? If using content from
| GitHub irrespective of their license to train Copilot is legal,
| so is training from code available on your website.
| nerdponx wrote:
| It's a question of handing it over and giving them a ToS
| shield to hide behind, versus making them work for it and
| risking license violations "in the wild".
| rustc wrote:
| Does their ToS give them additional rights to the code
| uploaded to GitHub? There are several unofficial copies of
| projects like glibc [1] uploaded by people who definitely
| do not have the authority to grant any additional rights to
| the code.
|
| [1]: https://github.com/bminor/glibc
| 37ef_ced3 wrote:
| Microsoft owns GitHub and you accept their terms of service.
|
| Copilot is trained on public GitHub repositories of any
| license:
| https://en.m.wikipedia.org/wiki/GitHub_Copilot#Technology
|
| If they scrape your website, that's different.
| judge2020 wrote:
| If it's legally sound to do that, then it's legally sound
| to scrape code from Stack overflow as well. No special
| license is granted to GitHub to train CoPilot; the hosting
| license in the ToS[0] specifically doesn't allow its use
| outside of GitHub itself[1], so i'd argue that applies to
| running copilot in VSCode for code not destined for GitHub
| - and i'm sure MS's lawyers reviewed such a product launch.
|
| 0: https://docs.github.com/en/github/site-policy/github-
| terms-o...
|
| 1: > This license does not grant GitHub the right to ..
| otherwise distribute or use Your Content outside of our
| provision of the Service
| jen20 wrote:
| Because it isn't in compliance with the terms of many popular
| licenses to create derivative works without attribution.
| Therefore the only possible claim Microsoft have to do so is
| via terms and conditions, which would not apply to code
| hosted on a stand-alone website.
|
| It might be time for popular licenses to update themselves
| for this new-found threat.
| defen wrote:
| What happens when some random person uploads your code
| (acquired from your website) to GitHub?
| leephillips wrote:
| It depends on how that code is licensed. Possibly the
| random person gets served with a summons. Possibly
| nothing.
| jen20 wrote:
| Well, that is what updating the license accomplishes.
|
| I'd be interested to know if code subject to DCMA
| takedown would be removed from the copilot training
| set...
| TedDoesntTalk wrote:
| > it isn't in compliance with the terms of many popular
| licenses to create derivative works without attribution
|
| Did you click the link for this article? Did you see that
| MS removed the author's name in the license header and
| replaced it with their own?
| jen20 wrote:
| Yes?
| dragonwriter wrote:
| > Therefore the only possible claim Microsoft have to do so
| is via terms and conditions
|
| No, Microsoft's claim is _fair use_ , not _GitHub terms and
| conditions_. You don 't have to speculate on what you think
| their possible claims are, when they've publicly stated
| their _actual_ claims.
| marcodiego wrote:
| > The larger issue is that anyone using Github is donating
| their work for re-use without attribution through Copilot.
|
| I think this can only be valid of Github's terms of use clearly
| specify that or the chosen license allows it.
|
| I actually see copilot benefiting GPL projects: suppose a
| programmer uses copilot to develop a proprietary software and
| copilot regurgitates GPL'ed code: now the proprietary software
| is a derivative work and must be GPL'ed too.
| anonymousab wrote:
| Unless copilot serves as a legally effective "laundering" of
| gpl code. Which sounds silly, but we're now in a situation
| where that outcome is super desirable to GitHub/Microsoft.
|
| Another potential outcome is that so many projects could now
| end up unknowingly using gpl code that enforcement becomes an
| impractical whack-a-mole, far more so than today. Being told
| to rework or relicense your project because of copiloted gpl
| code could easily end up with hobbyists wholesale begrudging
| the gpl license rather than copilot itself.
| fault1 wrote:
| > Unless copilot serves as a legally effective "laundering"
| of gpl code.
|
| It's quite interesting how it seems to have come full
| circle, at least according to this stackoverflow comment
| about Stallman releasing a paper in 1992 on how to
| effectively launder AT&T code via textual changes (I have
| no idea if he did, I just remembered the comment):
| https://unix.stackexchange.com/a/591221
| nerdponx wrote:
| "Not Github" is also a good place to start.
|
| I am a happy Sourcehut customer. Roughly the same cost as a
| VPS, but comes with tech support.
| smorgusofborg wrote:
| How does your license prevent someone redistributing source
| code over GitHub? What does copilot claim as far as licensing
| rights beyond fair use?
|
| You may be practically limiting copilots use of your code but I
| don't see any licensing difference if Microsoft hosts Copyright
| code or scrapes copyright code.
| [deleted]
| kstrauser wrote:
| The following is pure conjecture with zero evidence:
|
| I think that's on purpose, not to "steal" code from GPL'ed
| softwares' authors, but to get GPL'ed code into commercial
| projects. Then Microsoft can say "oops, we were right all
| along! The GPL is so dangerously viral that you can't even host
| your software on the same server!"
|
| I know that sounds stupid, unless you were there for the
| Halloween Documents. After all these years, it seems to me that
| Microsoft hasn't done the 180 they portray.
| petilon wrote:
| Anyone who puts anything on the web is at the same risk. For
| example, ask Google how old Queen Elizabeth is [1]. Google
| tells you the answer in a big font at the top of the result
| page. Google sourced the answer apparently from usnews.com but
| you didn't even have to click the usnews link. Google "took"
| the answer from them and deprived that website of a click.
|
| So yeah, you are donating your work to Google when you put it
| on a publicly accessible web site.
|
| [1] https://www.google.com/search?q=how+old+is+queen+elizabeth
| fault1 wrote:
| isn't that covered under a fair use 'right to quote'?
| https://en.wikipedia.org/wiki/Right_to_quote
| petilon wrote:
| If all of the useful information in a web page is mined and
| given away by a third party in an automated fashion, such
| that the copyright holder is deprived of revenue, then
| that's not the intention of 'right to quote'.
| fault1 wrote:
| I'm pretty sure Google pays these types of content
| publishers (like Reuters) very handsomely. In this case,
| the content distributor (USNews) also went out of their
| way to SEO their site with microdata[1], so I'm going to
| guess a lot of their inbound traffic also comes from
| Google searches.
|
| [1] https://developer.mozilla.org/en-
| US/docs/Web/HTML/Microdata
| peter_retief wrote:
| This seems to be the new reality. Sad we get fooled over and
| over by the same companies.
| coliveira wrote:
| I have good memory. I always stood one mile from anything
| that MS does. The new generation that is easily scammed by
| flashy stuff like VS code is in for a treat.
| dragonwriter wrote:
| > The writing is on the wall. You MUST host your own code on a
| stand-alone website.
|
| Even if Microsoft currently only uses GitHub-hosted code as an
| input to Copilot, their theory of the legality does not depend
| on code being hosted there and applies to any code they can get
| their hands on. The idea that hosting code publicly at some
| non-GitHub location is going to keep it out of Copilot is not
| well justified.
| emilengler wrote:
| > The larger issue is that anyone using GitHub is donating
| their work for re-use without attribution through Copilot.
|
| Wrong. Lets say a GPL project is not hosted on GitHub
| officially. I can easily setup a mirror for it though on GitHub
| as the GPL doesn't prevent me from doing it...
|
| Point is that anyone can put my work on GitHub, even if I don't
| want to.Assuming the project is under a free license though.
| leephillips wrote:
| How does that make what 37ef_ced3 said wrong? I'm not
| following your logic.
| emilengler wrote:
| > The writing is on the wall. You MUST host your own code
| on a stand-alone website.
|
| Because this does not prevent having the code to land on
| GitHub at the of the day assuming it is published under a
| free license.
|
| Now it depends on how you interpret the "MUST". My logic
| only makes sense if you consider it to a dogmatic-like
| prevention.
| leephillips wrote:
| The statement you tagged as "wrong" was:
|
| > The larger issue is that anyone using GitHub is
| donating their work for re-use without attribution
| through Copilot.
|
| Why is this wrong?
| dragonwriter wrote:
| It is wrong as a specific statement about GitHub, because
| regardless of current practice, the legal theory for
| Copilot applies to any code anywhere, so anything that is
| publicly accessible would involve the same risk. It's not
| dependent on use of GitHub even if Microsoft has
| initially started their because it's easier for them.
| leephillips wrote:
| So this sense of "wrong" is similar to "correct".
|
| Also, I don't see how this is true. Code on my website is
| publicly accessible, but not in the public domain, nor
| licensed for re-use, unless I say that it is.
| dragonwriter wrote:
| Licensing matters for things that would be forbidden
| without permission by copyright law. Fair use is an
| exception to copyright law. Microsoft's explicit legal
| theory around Copilot is that ingesting code for it (and
| ingesting content to train ML models more generally) is
| fair use. If there theory is correct, license is
| irrelevant, there is no legal (at least copyright-based)
| barrier to them using any source code they can get their
| hands on to train Copilot.
| 37ef_ced3 wrote:
| Yes, you can "donate" someone else's code, knowing Microsoft
| will violate a use-with-attribution license.
|
| You can do it, but it's WRONG.
|
| Copilot is trained on public GitHub repositories of any
| license:
| https://en.m.wikipedia.org/wiki/GitHub_Copilot#Technology
|
| We must all stop using GitHub.
| edoceo wrote:
| My team has code, MIT and GPL, on GitHub. We know the risk
| of this kind of theft. We remain on GitHub for the
| discoverability. It's not so absolute.
| _0ffh wrote:
| I wonder what kind of language you would need to add to
| your license in order to explicitly forbid the ingestion of
| your code by Copilot and/or like projects.
| ghoward wrote:
| IANAL, but I have written licenses for that purpose. [1]
| (I'm trying to get them reviewed by a lawyer, but can't
| afford to; maybe I'll do a GoFundMe.)
|
| What I did is say that if you feed copyrighted software
| to an algorithm that itself outputs software, then the
| license applies to the output. This covers the output of
| compilers and such, but it would also cover Copilot in my
| opinion. We'll see what a lawyer says.
|
| However, even with a license, I wouldn't doubt that
| Microsoft would just put it through GitHub anyway because
| finding them out would be extraordinarily hard.
|
| [1]: https://yzena.com/licenses/
| xigoi wrote:
| The "Yzena Copyleft License" states that it's a copyleft
| license, but it also states that it's not a viral
| license. According to Wikipedia, a viral license and a
| copyleft license are the same thing.
| ghoward wrote:
| Wikipedia is not the best source of information.
|
| There is a difference between "strong" copyleft and
| "weak" copyleft. An example of "weak" (non-viral)
| copyleft is the CDDL. In fact, the CDDL's Wikipedia page
| talks about strong and weak copyleft.
|
| You can read [1] for a breakdown of copyleft by an actual
| lawyer. Suffice it to say that Wikipedia's Copyleft page
| is woefully inadequate.
|
| [1]: https://writing.kemitchell.com/2018/10/24/How-to-
| Speak-Copyl...
| dragonwriter wrote:
| > I wonder what kind of language you would need to add to
| your license in order to explicitly forbid the ingestion
| of your code by Copilot and/or like projects.
|
| If Microsoft's theory is correct, under US law it is
| impossible to forbid this with a license, because a
| license is just an offer of additional permissions beyond
| what is available automatically under law, and
| Microsoft's theory is that ingesting code into GitHub is
| fair use and therefore permitted under law as an
| exception to copyright without any license from the
| copyright owner.
|
| If Microsoft's theory is not correct, pretty much any
| license with an attribution requirement (among others,
| for other reasons) would work.
|
| The idea that a _special_ license is needed or of any use
| doesn 't seem to have any justification, even in theory.
| (As is the idea that hosting publicly but not on GitHub
| changes the legal parameters.)
| ghoward wrote:
| You are correct.
|
| I just want to say that I believe the fair use argument
| only applies for _training_ , but not for distribution. I
| make the case for that in [1].
|
| [1]: https://gavinhoward.com/uploads/copilot.pdf
| Zababa wrote:
| There's a part that I don't understand. If some software
| is mirrored on github by someone that isn't the copyright
| owner, it seems like github shouldn't be able to use it.
| Yet they said nothing about that specifically. In that
| case, is the only option to put code somewhere else than
| github under a license that forbids reuploading to
| github, and issue DMCAs when/if people reupload your
| code? It also sounds like when code is removed through
| DMCA, it should be removed from the training set and they
| should retrain copilot.
| dragonwriter wrote:
| > If some software is mirrored on github by someone that
| isn't the copyright owner, it seems like github shouldn't
| be able to use it.
|
| If they don't need permission from the copyright owner,
| either via license of GitHub T&C, because it's fair use,
| which is their overt legal theory, then why would it
| matter legally whether the code was posted to GitHub _at
| all_ , much less _by whom_? Ingesting only code form
| GitHub is a practical convenience that has nothing to do
| with their legal theory of the right to do it.
|
| > Yet they said nothing about that specifically
|
| Their theory of fair use means they have the right to
| ingest any code, irrespective of who owns it and what
| conditions (if any) it is licensed under or where (or
| even if) it is hosted online. They don't need a separate
| justification for your scenario if the theory they've
| cited is correct.
|
| > In that case, is the only option to put code somewhere
| else than github under a license that forbids reuploading
| to github, and issue DMCAs when/if people reupload your
| code
|
| Nope, that doesn't help at all, legally; it may help
| practically as long as they are just using GitHub hosted
| code and not consuming code from other public hosting
| platforms, but it has no bearing on their legal theory of
| why they _can_ ingest code without additional
| permissions.
| rangoon626 wrote:
| Tasteless actions from a tasteless company.
| phendrenad2 wrote:
| Seems like it's probably a mistake, did you try to contact them?
| https://opensource.microsoft.com/
| https://twitter.com/OpenAtMicrosoft
| notquitehuman wrote:
| Contacting Microsoft is always a mistake. They don't want to
| hear from anyone and their process reflects this.
| phendrenad2 wrote:
| 1) What's your source for that assertion
|
| 2) Assuming it's even true, what should this person do
| instead?
|
| 3) What do you think the outcome would be if this person did
| contact Microsoft? Since it's a mistake, I assume something
| bad?
| kelnos wrote:
| > _Assuming it 's even true, what should this person do
| instead?_
|
| Since this is copyright infringement, the copyright holder
| could file a DMCA takedown notice.
| ognarb wrote:
| A 'mistake' they are actually doing since a long time now. Here
| is the cups equivalent with a license change from apache to mit
| for the CUPS system.
|
| https://github.com/microsoft/cups/commit/ad69bcc78bdea3fea3f...
| phendrenad2 wrote:
| Why the scare quotes around mistake? Are you implying that
| it's intentional? Or negligence? It seems like nobody noticed
| the CUPS license change until now, so it's irrelevant, right?
| dapids wrote:
| Because it was done intentionally by an employed individual
| in this case rather than a bot. You cannot in good
| conscious as an individual make this "mistake" without
| knowing or acting maliciously unless you are incompetent to
| begin with. Seems like a growing trend at MS. And I'll
| remind you that Apple actually uses CUPS for their print
| backend and funds it directly, they retain the original
| license and support the project, meanwhile MS takes it,
| doesn't contribute and acts like it's their own, sick.
|
| https://github.com/microsoft/cups/commit/8100595a3a3a6d5c7d
| 0...
| Strom wrote:
| How is it not intentional? To me it seems very clear that
| someone designed this bot to specifically alter the LICENSE
| file so that it matches some sort of predefind Microsoft
| file.
|
| _Edit:_ To give a bit more nuance, I would guess that the
| actual bot changing the LICENSE files is not a mistake, but
| working as intended. What could, however, be a mistake is
| thinking that licenses can be legally overwritten. It
| wouldn 't be a "rogue engineer" kind of mistake. Certainly
| several people at Microsoft have signed off on this.
| colejohnson66 wrote:
| Because a bot like this could never used on internal
| libraries that are about to be open sourced?
| formerly_proven wrote:
| https://github.com/microsoft/cups/commit/8100595a3a3a6d5c
| 7d0...
|
| That's not a bot.
| Strom wrote:
| I'm sure it could be used, however that would probably be
| a similar problem. Microsoft has internal libraries with
| all sorts of licenses. Replacing the actual licenses with
| a template wouldn't be the correct move there either.
| jesprenj wrote:
| Oops, a bot just removed bandwidth limits for Windows source code
| on a bittorrent seedbox.
| naves wrote:
| Yeah, everyone has a second chance but Microsoft has had n-th
| chances.
|
| Make no mistake, gravity will always pull MS towards their
| default behavior. Just wait for VS Code becoming a subscription-
| based product.
|
| Yes, there will always be a community maintained project. But it
| will not be MS Certified...
| readbeard wrote:
| There is a rampant practice where companies and organizations
| flippantly and often fraudulently stamp copyright notices on
| everything they touch--including public domain materials such as
| the U.S. Constitution, works of William Shakespeare, prints of
| the Mona Lisa, copies of the 9/11 Commission Report, and
| compositions of J.S. Bach. [0]
|
| It seems Microsoft has now automated this practice.
|
| [0] http://www.copyfraud.com
|
| Edit: It's easy to jump the gun and start accusing Microsoft of
| something nefarious here. To be clear, I'm personally giving
| Microsoft the benefit of the doubt and assuming that this was an
| honest mistake, and that the folks at Microsoft who had something
| to do with setting this up were well-meaning.
|
| My point is that we're living in a culture that, as a standard
| practice, sprinkles "(c) [year] [company]" on things like salt,
| that such claims are frequently invalid or misleading, and that
| this broader issue may be partly to blame for incidents like the
| one we are discussing today.
| darepublic wrote:
| Did the original author agree to give their project over to
| Microsoft?
| zach_garwood wrote:
| I didn't think code was copyrightable in the first place.
| shp0ngle wrote:
| This might be true about trivial pieces of code, which this one
| is not
| dpratt wrote:
| Any work, no matter how trivial, is eligible for copyright as
| long as it is an original artifact with a distinct identity.
| throwaway858 wrote:
| Copyright laws vary wildly across countries and jurisdictions
| tzs wrote:
| ...but aside from Eritrea, Ethiopia, Iran, Iraq, Marshall
| Islands, Nauru, Palau, Somalia, and South Sudan everyone is
| part of one or more (usually more) international treaties
| that cover copyright such as the Berne Convention or TRIPS
| or UCC, so you should expect in most places that most
| people on HN are likely to ever deal with have copyright
| law that isn't too different for the most common
| situations.
| emilfihlman wrote:
| Not true, u64 add26562(u64 value) {
| return(value+26562); }
|
| is not copyrightable.
| anonymousab wrote:
| If that function always returned, say, the AACS key then it
| would likely be violating copyright in the US. Regardless
| of whether it was the result of a computation or statically
| defined.
| emilfihlman wrote:
| I'll press x on that.
|
| https://en.wikipedia.org/wiki/AACS_encryption_key_controv
| ers...
| hirundo wrote:
| They changed the copyright holder on this fork, but left the MIT
| license in place. How does this harm anyone?
| thesuperbigfrog wrote:
| >> They changed the copyright holder on this fork, but left the
| MIT license in place. How does this harm anyone?
|
| Here you go:
|
| https://github.com/microsoft/TypeScript
|
| Just fork TypeScript, change the copyright holder to yourself,
| and do what you want with it. I sure Microsoft won't mind.
| precommunicator wrote:
| It violates the license that specifically says (IANAL):
|
| > The above copyright notice and this permission notice shall
| be included in all copies or substantial portions of the
| Software.
| bayindirh wrote:
| It looks like Microsoft developed this all along. Yes, git
| keeps history, but it's unethical and ugly to begin with.
|
| Also, I'm not sure you can just change the copyright
| information, and change the history of the code like that.
|
| However, this is typical of Microsoft. Like DOS, like Windows
| App Store / Packaging ripoff (they asked the guy some
| questions, sherlocked his software, even didn't thank him
| later), etc.
| shp0ngle wrote:
| that's still breaking the license
| arbitrage wrote:
| so take them to court.
| anonymousab wrote:
| A supercorp will have far more resources to succeed in
| courts than an individual person, such that the courts are
| not a fair avenue for resolving disputes. The court of
| public opinion is, unfortunately, far more accessible to
| the individual.
| fault1 wrote:
| That being said, if someone were to sue Microsoft over
| this (they would have to be the original copyright
| holder), I think it's more likely Microsoft would try and
| settle out of court.
| kube-system wrote:
| They copied a copyrighted work in a way that was not permitted
| by the copyright holder.
| MattPalmer1086 wrote:
| You can't own something by just saying you do!
|
| Only the copyright owner can license the work to others, or
| issue under a different license if they like.
| h2odragon wrote:
| The repo page still has:
|
| > This repo has been populated by an initial template to help get
| you started. Please make sure to update the content to build a
| great experience for community-building.
|
| Perhaps this is "updating content"?
| Hello71 wrote:
| is it possible that microsoft bought the rights to the software
| [deleted]
| kaladin-jasnah wrote:
| This comment shows they've done it to other pieces of software,
| including things like... CUPS:
| https://news.ycombinator.com/item?id=29684567
|
| For some reason I doubt they've bought the copyright to CUPS.
| mkdirp wrote:
| The original copyright holder claims on reddit[0] that it was
| forked, and there doesn't seem to be any implication of buying
| the rights to the software.
|
| [0]
| https://www.reddit.com/r/opensource/comments/roa9xz/microsof...
| SloopJon wrote:
| That Reddit thread is a better source link for this
| submission.
| ThinkBeat wrote:
| Makes me wonder if Microsoft GitHub should not make it a more
| specific action to relicense a repo.
|
| That would solve any ambiguities around the script Microsoft
| wrote.
|
| "Are you sure you want to change the license?" Yes / No.
|
| Perhaps a specific API call when you are doing it with a script.
| CyberShadow wrote:
| The account which did the change has this description:
|
| > This is the open source management service account used for
| performing key GitHub operations on behalf of Microsoft employees
| and users.
|
| Combined with the nonsense README change, this looks like a bot
| mis-use accident.
|
| Edit: to clarify, in no way am I saying that this is a "honest
| mistake" which does not deserve scrutiny.
| shp0ngle wrote:
| This is very obviously a mistake and I don't know how can
| anyone assume otherwise.
| colejohnson66 wrote:
| Because "Microsoft Bad". When a company gets big enough,
| there will always be a portion of the population you can
| never please, and Microsoft reached that size a long time
| ago.
| fartcannon wrote:
| It's got nothing to do with their size but the 40 years
| (thus far) of doing aggressively bad shit.
| toxik wrote:
| Microsoft has a long and dark history. I think you're
| brushing aside the real contention.
|
| People who were around before MS decided to open-source-
| wash their brand KNOW what Microsoft's DNA is. They had a
| literal playbook to crush Linux.
| tiahura wrote:
| " Microsoft has a long and dark history."
|
| The KKK has a long and dark history. MS is a business
| that at times has had slightly sharper business practices
| than _some_ of its competition.
| colejohnson66 wrote:
| From _twenty year ago_. You say it's in their DNA, but
| I'll bet that the majority of people there now were not
| there 20 years ago. Old habits die hard, yes, but they do
| die.
|
| Microsoft has committed to open source. Maybe it's self
| fulfilling reasons, but that doesn't mean we should brush
| it off. If some higher up decided to go open source for
| PR reasons, who cares? We should be embracing it.
| Shunning it will just make other companies think twice
| about open sourcing.
|
| Also, this was done by a bot. Microsoft is big enough to
| have their own in-house council, and I can't imagine them
| being stupid enough to risk everything over a copyright
| lawsuit with evidence like this that the whole world can
| see.
| sofixa wrote:
| Microsoft might have committed to open source for
| business reasons, to an extent ( see the recent .NET
| debacles), but they're still the same monopolist-abusing
| and anti-competitive company ( see the recent Edge
| debacles). They're an inherently _bad_ and _evil_
| company, and even though they seemed to be improving,
| they 've gone back to old tactics rather quickly.
| denton-scratch wrote:
| > Microsoft has committed to open source.
|
| They may have "committed" to open source (I think
| "committed" may be the wrong word there), but they never
| stopped hating free software.
| sofixa wrote:
| Because it's a very stupid mistake. I have a hard time
| believing someone developed a bot to deal with repo
| normalisation on GitHub that doesn't know how GitHub
| functions, what forks are, and that you can't just change the
| LICENSE with a file of your own. I don't necessarily think it
| was done on purpose to steal copyrighted content ( that'd be
| too stupid even for Microsoft), but it's a weird mistake to
| make.
| kenjackson wrote:
| No judgment from me since I suspect it is also an accident and
| I've made enough in my life that I don't get super judgy in
| most cases. But what purpose is there for a bot that forks and
| makes changes like adding template files? Copyright aside, I
| don't understand the value of this bot.
| CyberShadow wrote:
| If I were to guess, it would be that the action performed
| here (or the basis of the code implementing this action) was
| intended to be done on internal Microsoft repositories that
| should be open-sourced.
| coliveira wrote:
| I would't call a honest mistake some bot that is created to
| change code to a MS license. First of all, this kind of thing
| needs to be done after careful review, if they're doing it in
| an automated fashion there is almost the certainty that they'll
| take somebody else's work as their own.
| matt123456789 wrote:
| Ok, but this is still illegal, right?
| judge2020 wrote:
| Since MIT has this line:
|
| > The above copyright notice and this permission notice shall
| be included in all copies or substantial portions of the
| Software.
|
| MS would be in the wrong to redistribute this code without
| the notice that includes '(c) 2020 LesnyRumcajs' - however,
| just changing the line doesn't constitute copyright
| infringement or fraud if MS reverses the change and/or simply
| appends the original MIT license above their MIT license
| (since MS does indeed have '5 commits ahead' of the origin
| repo, all of those changes are copyright MS but still MIT
| licensed). They could even simply have a file called
| 'LICENSE2' with the original notice, if they can't easily
| exclude this repo from the bot.
| webmaven wrote:
| _> MS would be in the wrong to redistribute this code
| without the notice that includes '(c) 2020 LesnyRumcajs' -
| however, just changing the line doesn't constitute
| copyright infringement or fraud _
|
| Given that this change was committed to the main branch, if
| I download the code right now, haven't Microsoft
| redistributed it?
| phendrenad2 wrote:
| Things get philosophical rather quickly I'm afraid. If I
| misconfigure an FTP server, and you download some MIT
| code that I stripped the copyrights from, does that count
| as redistribution?
| sicromoft wrote:
| [deleted]
| colejohnson66 wrote:
| No. If you hack into my company and siphon out an EXE for
| an internal tool that uses GPL licensed code, you are
| _not_ entitled to the source code of the package because
| the company did not "distribute" it to you; you took it
| without any right to have it.
|
| There's a whole philosophical debate we can have where we
| quibble over the definitions of words as they deal with
| technology, but the (US) courts generally don't care
| about technicalities. An analogy is stolen property. If
| you purchase something that is stolen property, you have
| (almost) no legal right to it; the courts will often
| order its seizure for return to the original owner. By
| "hacking" (according to the CFAA), you "stole" the EXE.
| NeutronStar wrote:
| erinnh wrote:
| I would say that it isnt, because you had no intent to
| redistribute it.
|
| But you cant make that argument here, as its a public
| repo, as such Microsoft did have the intent to
| redistribute.
| [deleted]
| joshmanders wrote:
| But wouldn't this case fall under the same?
|
| Your argument is that a misconfigured FTP server isn't
| intent to distribute.
|
| What if this was a misconfigured fork that was meant to
| be private but was set public? Not intent to distribute
| either.
| albedoa wrote:
| Those two things are far more similar to each other than
| to a public repo whose intent is to redistribute. So no,
| this case is not the same as either a misconfigured FTP
| server or a misconfigured repo.
| cute_boi wrote:
| Yes, it counts as distribution. Why you would even
| stripped copyrights form?
| 0x0 wrote:
| The "5 commits ahead" are literally only replacing the
| license and the readmes.
| pitched wrote:
| So the only part of the repo that is legitimately
| copyrighted by Microsoft is the Microsoft copyright
| notice? I love how meta this is.
| matt123456789 wrote:
| I see. Thank you for the explanation.
| hnfong wrote:
| Yes, people make mistakes. Sometimes, mistakes turn out to be
| illegal.
|
| But if you're one of the largest corporations in USA, the law
| tends to go easy on you for making accidental mistakes.
| gizdan wrote:
| Which is fine, and surely an honest mistake. Automation is
| great, but the way I see it is, how many other projects have
| been forked and automatically re-licensed, and then profited
| from without proper attribution? An accident still needs to be
| flagged, and still needs to be corrected. They also need to be
| learned from and avoided in the future.
| xyproto wrote:
| Attribution is nice, but for it to be a requirement, it needs
| to either be specified in the license or be plain old
| copyright.
| wongarsu wrote:
| The license clearly states
|
| > Permission is hereby granted [...] subject to the
| following conditions:
|
| > The above copyright notice and this permission notice
| shall be included in all copies or substantial portions of
| the Software.
|
| Changing the name in the copyright is a clear license
| violation.
| CyberShadow wrote:
| > An accident still needs to be flagged, and still needs to
| be corrected.
|
| Yes. Additionally, the way such actions are performed is not
| great because the mechanism used does not provide any way to
| provide feedback - if the change was done by a user account,
| then they would have received notifications about the
| comments posted under the commit, but the ones received by
| the service account probably go nowhere.
| niros_valtos wrote:
| Can it be identified only in a PR or is there any tool that can
| search through all forks? Maybe it's too small problem to solve
| though.
| jhawk28 wrote:
| Probably just a setting in someone's IDE or a bot that they
| didn't understand what it was doing.
| fiatjaf wrote:
| So you can't do that? I do it all the time when I fork something.
| ozim wrote:
| Hey if anyone considering down voting this guy - it is
| important question as a lot of people might not understand
| those things.
|
| I see it as a honest question.
|
| Instead of voting down, vote up so more people can read replies
| and see that it is not something that should be done.
| onei wrote:
| You (or possibly your employer) own the copyright to the code
| you produce. And you are fine to say something like "copyright
| $me $yearIMadeACommit". What you can't do is claim copyright on
| work you did not produce or remove existing copyright notices.
| kube-system wrote:
| Free or open source licenses aren't a lack of copyright. They
| are an exercise of copyright. All of that code that you didn't
| write is still copyrighted by their original authors. You
| simply have permission to use it under the criteria outlined in
| the license.
| [deleted]
| [deleted]
| ignoramous wrote:
| One can _add_ their copyrights, relicense in some cases, but
| absolutely cannot remove existing copyrights. I don 't think
| any FOSS license (save for the "public domain" ones) allow for
| that.
| zenexer wrote:
| Correct. You don't own the code just because you forked it. The
| original copyright holders retain ownership, and you must abide
| by their license. You can't swap out the license unless they
| explicitly allow you to do so.
| gortok wrote:
| That's not true. You can change the license if the license
| allows you to. It's copyright you can't change unless the
| author assigns the copyright to you.
| soheil wrote:
| This comment highlights the ignorance of a lot of people in
| this thread jumping to conclusion and view MS instantly as
| an aggressor and themselves as victims of the obvious and
| horrible crime of copyright infringement.
|
| A) Do you know it was not an honest mistake?
|
| B) Why a complete understanding of esoteric legal copyright
| laws created by non-programmers all of a sudden so
| important to a mainly programmer HN audience?
| bogwog wrote:
| Are you joking? Programming is all about intellectual
| property. A complete understanding of copyright laws is
| important for anyone in the tech industry.
| soheil wrote:
| Jurisprudence is a specialty beyond the skill level of an
| average lawyer. It's like saying to be able to eat you
| need to have a complete understanding of how to raise a
| chicken.
| jacquesm wrote:
| That can get you into seriously hot water, I would suggest you
| stop doing that until you've had some interaction with an IP
| lawyer.
| bogwog wrote:
| You need to go revert all of those commits ASAP.
|
| EDIT: also if there are any forks of your project, you should
| ask people who forked it to restore the original copyright
| notice as well. If the original copyright holder sees your name
| instead of theirs, they'll know who to sue.
| jeremyjh wrote:
| Maybe read the license before agreeing to its terms.
| jbreckmckye wrote:
| No, you cannot.
|
| I'd advise you to fixup any forks on GitHub, e.g.
| https://github.com/fiatjaf/jiq/blob/master/LICENSE, which are
| currently in breach of license.
|
| You'll need to inform anyone who forked your code, too.
|
| This is something you agreed to in the following part of the
| license:
|
| > The above copyright notice and this permission notice shall
| be included in all copies or substantial portions of the
| Software.
| jeffwilcox wrote:
| I lead the Microsoft Open Source Programs Office team. I'm sorry
| this happened.
|
| We have merged a pull request that restored the correct LICENSE
| file and copyright, and are in touch with the upstream author
| Lesny Rumcajs who emailed us this morning. We'll look to revert
| the entire commit that our bot made, too, since it updated the
| README with a boilerplate getting started guide.
|
| The bug was caused by a bot that was designed to commit template
| files in new repositories. It's code that I wrote to try to
| prevent other problems we have had with releasing projects in the
| past. It's not supposed to run on forks.
|
| I'm going to make sure that we sit down and audit all of our
| forked repositories and revert similar changes to any other
| projects.
|
| We have a lot of process around forking, and have had to put
| controls in place to make sure that people are aware of that
| guidance. Starting a few years ago, we even "lock" forks to
| enforce our process. We prefer that people fork projects into
| their individual GitHub accounts, instead of our organization, to
| encourage that they participate with the upstream project. In
| this situation, a team got approval to fork the repository, but
| hasn't yet gotten started.
|
| To be as open as I can, I'd like to point to the bug:
|
| - The templates we apply on new repositories live at
| https://github.com/microsoft/repo-templates
|
| - The bug seems to be at this line of the new repository
| workflow: https://github.com/microsoft/opensource-management-
| portal/bl...
|
| - The system we have in place even tries to educate our engineers
| with this log message (https://github.com/microsoft/opensource-
| management-portal/bl...): "this.log.push({ message: `Repository
| ${subMessage}, template files will not be committed. Please check
| the LICENSE and other files to understand existing obligations.`
| });"
| krzyk wrote:
| Lesny Rumcajs? :)
|
| For those that don't know Polish it means Forest Rumcajs
| (https://en.wikipedia.org/wiki/Rumcajs), probably a joke of the
| author that wants to be anonymous.
| ModernMech wrote:
| Thank you for being transparent about this and dealing with it
| appropriately, even on Christmas. I think that goes a long way.
| 3np wrote:
| Really appreciate the prompt and transparent response, Jeff.
| Especially at a time when I assume you were not expecting to
| jump in on duty.
|
| I hope that despite all the harsh words, you can have sympathy
| with that behind them are legitimate concerns and suspicion
| stemming from past bad behavior from various part of your
| organization. Due to this, and Microsoft's position of power,
| you have a much, much lower budget for these kinds of mistakes
| compared to the most other orgs.
|
| Even if there was nothing intentionally malicious at play here,
| it would not be far-fetched for an outsider to interpret as
| "implicit maliciousness through neglect".
|
| Here's hoping that 2022 will be a year of bridging the divide
| and sincere alignment.
| tptacek wrote:
| Yes, it would be far-fetched. The conspiracy theory here is
| self-evidently implausible. We need to stop pretending that
| the accusations here were made in good faith, or are anything
| more than wishcasting. People write about these things
| because it's a lot more fun for them than to write about what
| actually might have happened, even if what actually happened
| is probably a better, more lastingly valuable conversation to
| have.
| 3np wrote:
| So, I'm of the opinion that a collective (for example a
| company) can exhibit malicious behavior despite no
| malicious intention of any particular individual in it. It
| can be emergent, and moreso the larger the organization.
| Along similar lines of systemic discrimination, there does
| not need to exist any conscious conspiracy or malintent.
| For better or worse, the whole is greater than the sum of
| its parts.
|
| This comment speaks towards that this is the case:
|
| https://news.ycombinator.com/item?id=29686347
|
| > I know Jeff personally and he's great. This happens all
| the time at Microsoft though. Teams try to do OSS
| themselves, haven't a clue how GitHub or licensing works
| (e.g. they think the CLA transfers copyright), and after a
| slap aside the head, I send them to Jeff for guidance and
| all is well.
|
| (I mostly agree with your sentiment, though. I do get the
| impression that leadership is sincere in wanting to do
| right. It's just that it's not that black-and-white or
| easy. As another MS employee commented, this is something
| that has to take time and they need to be held accountable
| along the way.
| https://news.ycombinator.com/item?id=29684127)
| tptacek wrote:
| If there was a plausible evil plan behind this licensing
| silliness, I'd shut up about it. But there isn't. The
| insinuations being made on this thread (still!
| continously!) are embarrassing. It's not that I think
| Microsoft is incapable of putting together a solid heist;
| it's that observers here have such bad taste in heists.
| 3np wrote:
| Agree with you there. I see it as manifestations of fear,
| tribalism, and short-sighted oversimplification around
| complex issues. Without wanting to dive deeper into any
| of those topics, I believe there are similar mechanism at
| play on a larger scale in COVID-conspiracy theories and
| the re-emergence of Western xenophobia/nationalism.
|
| It can be hard to assume good faith when your counterpart
| clearly isn't. But I think it can be at least as
| important then. We need to come together and find common
| ground.
| dewiz wrote:
| Thanks for clarifying. This also highlights the lack of
| sufficient testing, and subpar processes, eg automation should
| be tested against critical paths, and changing a license should
| require human approval.
| jeffwilcox wrote:
| Agree. The lack of tests has been the biggest regret of mine
| for this project. It started as a hackathon project a long
| time ago, and as it grew up, it never got the testing
| investment it deserved. I imagine the code coverage is about
| 0.001% and there's no end-to-end tests in place.
| mst wrote:
| My local tooling doesn't fail as visibly as this but it
| certain fails just as catastrophically leaving me feeling
| excessively silly.
|
| So, yeah, hugops, mate.
| yawaramin wrote:
| Thanks for explaining. Out of curiosity, does Microsoft have
| any external-facing GPL-licensed projects? Are there any
| restrictions to using (i.e. open sourcing something developed
| internally or forking something from outside MS) GPL-licensed
| projects? Specifically, would teams be able to get approval to
| fork GPL repos?
| jeffwilcox wrote:
| Git for Windows comes to mind. Teams can absolutely get
| approval for any open source license; however, for a GPL
| project, we'd have their open source legal team work with
| them to brief them on the license obligations and
| requirements, such as publishing code to
| https://3rdpartysource.microsoft.com/.
| yawaramin wrote:
| Interesting, so that's specifically for GPL-licensed
| projects? Or am I misunderstanding and you would have dev
| teams work with Legal for any open source licensed project?
| jeffwilcox wrote:
| Copyleft has more process, since we absolutely need our
| engineers to understand the obligations we have, and for
| some of us, it may be the first time we're being
| introduced to open source communities and licensing, so
| we have to do more education in the GPL case.
|
| Our process revolves more about _using_ open source than
| forking specifically.
|
| Whenever a build runs at the company, we have a detection
| task that identifies the open source that is used,
| storing an inventory. We evaluate the open source
| licenses for that inventory, and have automation
| depending on the license that will help inform a team
| that has taken a new dependency with specific legal
| obligations - could be to get business and legal approval
| for something, to take training and learn about copyleft
| software and licensing, or that they need to post third-
| party buildable source. We're also able to use that
| inventory to help with incident response and blast radius
| analysis.
|
| To scale, we need to make sure that our guidance and
| policies are in front of people, but we know that
| engineers want to get work done (or will find a way
| around what we have in place), and so need to be
| efficient and straightforward.
|
| Not all situations will require a business or legal
| approval. Our motto has been "eliminate, automate,
| delegate" - eliminate onerous bureaucracy and policies -
| automate licensing compliance and inventory and approvals
| - and delegate to business leaders and others when
| there's a need for humans to be involved.
|
| Sorry for the long answer.
| yawaramin wrote:
| Thank you-very informative answer.
| danesparza wrote:
| Damn dude. You posted this comment on CHRISTMAS no less. Either
| your phone exploded or you are a VERY PASSIONATE hacker news
| fan. Either way ... props to you for trying your best to
| straighten this out immediately.
| mst wrote:
| This feels like the sort of thing where straightening it out
| immediately, even on christmas day, was well worthwhile
| simply because it would let him enjoy his christmas dinner
| without worrying about an inevitable building dramastorm.
|
| That is not, however, a complaint - being smart enough and
| giving a damn enough to realise that straightening it out
| immediately was a really good idea is impressive and laudable
| in and of itself.
| throwawaymanbot wrote:
| junon wrote:
| Thanks, this is the correct sort of response to this problem.
| It wasn't clear by the title this was an automated change,
| hence the pitchforks.
| withinrafael wrote:
| I know Jeff personally and he's great. This happens all the
| time at Microsoft though. Teams try to do OSS themselves,
| haven't a clue how GitHub or licensing works (e.g. they think
| the CLA transfers copyright), and after a slap aside the head,
| I send them to Jeff for guidance and all is well.
| dapids wrote:
| Do you mind addressing the reason why an employee did exactly
| what you are claiming the bot did in error?
|
| https://github.com/microsoft/cups/commit/8100595a3a3a6d5c7d0...
|
| Again, this is a person, not a robot. How does this play into a
| "software bug"?
| cdcarter wrote:
| If you read the repo history carefully, you'll see a bot was
| responsible for rewriting the "LICENSE" file from an Apache
| license to the Microsoft (c) stamped MIT license. This human
| commit simply copied that same language to the file named
| "LICENSE.txt". It's unclear why they did that, but that human
| was not responsible for introducing the license text into the
| repo.
| will4274 wrote:
| ? Instead of a software bug, it was a human error. Is it
| really surprising that with a company of Microsoft's size,
| some employees fuck up? Likely the employee was trying to say
| that the contributions in this fork that were not present in
| upstream are covered by the new license, but failed to do so
| properly (by leaving the original license intact and
| identifying precisely which files the new license applied to
| and which it didn't).
|
| Courts will take a far more generous view than you are here.
| If Microsoft is not profiting from the change, and fixes it
| promptly when pointed out, the courts will shrug at any case
| - no harm, no foul. It's not even clear to me that it's
| illegal to have the wrong license on GitHub, assuming the
| shipping product does not violate the correct license. As
| nobody has pointed to any infringing Microsoft product...
| What are we talking about?
| jeffwilcox wrote:
| Honestly, I'm not sure what happened here.
|
| My guess is that they were going through a checklist of what
| to do when releasing open source changes, and didn't
| understand what they were doing.
|
| A lot of why we've had to put some guardrails in our system
| has been to point people to guidance and training on open
| source.
|
| I've sent the team that works on this repository an e-mail,
| but I don't expect to get a response on the holiday.
| dapids wrote:
| Thanks for the response. Mistakes happen, human or
| computer, not the end of the world, and I get it. I was
| just more curious to know if there is a manual process for
| this type of forking that was not being vetted via the bot,
| and to bring another example to your attention.
| oblio wrote:
| Just don't shoot down the poor schmuck, mistakes happen.
|
| The pitchforks will come down, anyway :-)
| sydney6 wrote:
| Is Tay still alive?
| mkdirp wrote:
| I saw your comment on the cups repo. Please don't feel horrible
| about it. An honest mistake is an honest mistake, as long as
| the issues are remediated. Merry Christmas
| yardie wrote:
| And here I was ready to sharpen my pitchfork. Thanks for
| communicating the error and the correction. I know this time of
| year can be especially challenging.
| brobinson wrote:
| FYI: when linking to a line of code, simply press Y on your
| keyboard to have Github switch from the
| _branchname/path/to/file.xyz_ URL to the
| _sha1/path/to/file.xyz_ URL. The former can result in your URL
| pointing to unrelated code if lines are added or removed in
| future commits on the referenced branch.
|
| https://github.com/microsoft/opensource-management-portal/bl...
| sillysaurusx wrote:
| Amusingly, this works on gitlab too. I was surprised that the
| shortcut was "so good that competitors had to implement it."
| jeffwilcox wrote:
| TIL. Thanks!
| sarahnovotny wrote:
| This is my favorite part of the culture change which is
| happening at Microsoft.
|
| We are still working on it. And, it will take time.
|
| Jeff's team, my team, the java team whose forked repo this
| unintentionally highlighted are working with dozens of other
| teams every week. Satya says we're all in on open source.
|
| Hold Jeff and Me and all the leaders of Microsoft to that
| vision. Keep us accountable. And, know this takes time. Let's
| make technology and humanity healthier and more sustainable in
| 2022.
| oblio wrote:
| > Satya says we're all in on open source.
|
| You're not, just as your competitors aren't.
|
| None of the secret sauces are Open Source: Windows, Office,
| Visual Studio, SQL Server, the Azure control stuff, and I
| don't expect them to be.
|
| You're half in, at best, only Red Hat was all in. And they
| were bought out by IBM, so here we are.
| thisoneistheone wrote:
| xafnuaetrf8764 wrote:
| dang wrote:
| We've banned this account. Nobody gets to attack others
| like that here.
|
| https://news.ycombinator.com/newsguidelines.html
| Shared404 wrote:
| Unlike the sibling to my comment, I appreciate both this and
| the GP.
|
| I was all in on MS as a kid/young teen.
|
| Eventually I started looking at the actions of Microsoft, and
| as stupid as it is, felt betrayed.
|
| I still don't trust MS, and still hate the direction Windows
| is heading, I will probably never daily drive it again.
|
| However, comments like these give me hope that MS can turn
| itself around. Maybe some day MS will be the company I
| thought it was!
|
| Tl;dr: Thanks for making changes!
| [deleted]
| phkahler wrote:
| I realize that Microsoft is composed of many pieces, but that
| doesnt prevent me from treating it like a single entity. And
| that entity has IMHO done horrible things to it's own
| products and customers, so I'd rather they keep theirs hands
| off FLOSS as much as possible.
| throwaway984393 wrote:
| But if you treat it like a single entity, that means you
| also treat all the people working there like that entity.
| The janitor working at Microsoft doesn't deserve your ire,
| nor the secretaries, etc. But they work there, and carry
| around their logos on their backpacks and what not. Those
| people have feelings, and those feelings feel bad when the
| entity they work for is lashed out at. It does make one
| feel bad when one's company is raked over the coals,
| because it makes one feel responsible, even if one doesn't
| even know what's going on.
|
| So, for the sake of the feelings of the innocent people who
| work there, I would ask everyone to please modulate the
| volume and intensity of ire that they project. Please speak
| truth to power, but don't be harsher than is needed to get
| your point across.
| citygm wrote:
| Ni Men Suo You Kai Yuan Zuo Zhe ,Ying Gai Xiang Wei Ruan Dao
| Qian ,Ni Men Qin Fan Liao Wei Ruan De Quan Li ,Ni Men Zai Kai
| Yuan Dai Ma De Tong Shi ,Ju Ran Dan Gan Xie Shang Zi Ji Ban
| Quan Suo You ?Huan De Ma Fan Wei Ruan Qin Zi Bang Ni Men Yi Yi
| Gai Zheng Guo Lai . Gei Ni Men Yi Tian Shi Jian ,Kuai Zi Ji
| Zhu Dong Gai Cheng Wei Ruan . Suo You githubXiang Mu ,Ban Quan
| Gui Wei Ruan Suo You . Fan Qing Suo You Kai Yuan Xiang Mu ,Zao
| Ri Gai Xie Gui Zheng ,Bu Yao Mi Tu Bu Fan .
| j4hdufd8 wrote:
| I'm really sorry you had to deal with this during the festive
| period.
|
| I certainly understand how scandalous this looks to crowds like
| Hacker News.
|
| But this seems a little bit blown out of proportion, as if
| Microsoft just forked the kernel or something and put their
| name on the license.
| victorvscn wrote:
| >I certainly understand how scandalous this looks to crowds
| like Hacker News.
|
| I don't. I'm with the Microsoft employee who was pissed at
| how people think it's edgy to diss on Microsoft. What were
| the chances that Microsoft was openly doing that? Some dude
| who has now deleted his post said Microsoft was trying to
| "create a monopoly of web IDEs". These are clearly people who
| barely have a passing knowledge of how Microsoft works these
| days.
|
| People think critical thinking means complaining endlessly.
| It doesn't. You can't think critically if you don't think
| clearly. And you can't think clearly if you're only looking
| for a reason to lift the pitchforks.
| 3np wrote:
| I don't know if you're aware of other not-that-ancient
| incidents like these?
|
| https://keivan.io/the-day-appget-died/
|
| https://web.archive.org/web/20180715225433/https://threadre
| a...
|
| It took significant public outrage and press coverage
| before either of those were even acknowledged, a long time
| after.
|
| > What were the chances that Microsoft was openly doing
| that?
|
| After reading the above, is it really that edgy to be
| assuming the worst? If it's truly just recurring instances
| of different rogue employees, doesn't that speak to a
| systemic and/or cultural issue that needs to be addressed
| with additional internal safeguards and/or deterrents to
| prevent it from happening again?
|
| To the credit of the relevant team here, today this was
| promptly addressed as soon as it got their attention. But
| it will take more than that to set to rest decades of
| precedence.
|
| (I did not partake in the flaming and don't find it
| constructive or beneficial; just saying I have full
| understanding of the suspicion and understand that MS are
| still on probation)
| tomnipotent wrote:
| > After reading the above, is it really that edgy to be
| assuming the worst?
|
| Yes. Neither of this are particularly damning.
|
| > doesn't that speak to a systemic and/or cultural issue
|
| No, not particularly. I think it says more about the
| person jumping to such conclusions considering the
| evidence.
| tiahura wrote:
| It was immediately obvious that it was a script gone awry.
| Sorry your team had to spend your holiday on something so
| trivial.
| freediver wrote:
| Hanlon's razor to the rescue!
| bloqs wrote:
| I have enormous respect for your response here.
| tptacek wrote:
| What happened here was obviously a mistake. The thread is full
| of lurid accusations, because those are fun to write and talk
| about, but it shouldn't take even a minute's thought to see how
| dumb a heist this would have been.
|
| The thread would have been a lot more fun if we could have
| spent it talking about what prompted your team to build this
| thingy, and bounce other people's approaches to the same
| problem off, and maybe share some war stories about dumb things
| bots have done on our behalf.
|
| Thanks, regardless, for the information you've provided here.
| It's interesting.
| HugoDaniel wrote:
| tptacek wrote:
| Are you still trying to make this a thing? I'm pretty sure
| it's over.
| HugoDaniel wrote:
| ad hominem
| PragmaticPulp wrote:
| > The thread is full of lurid accusations, because those are
| fun to write and talk about, but it shouldn't take even a
| minute's thought to see how dumb a heist this would have
| been.
|
| Another good reminder that Hacker News is not above assuming
| the worst and gathering pitchfork mobs like any other social
| media.
|
| The issue looked like a mistake from the start to anyone
| paying attention (committed by a bot, changes were consistent
| with a boilerplate LICENSE file being checked in).
|
| If someone at Microsoft wanted to steal some code, forking it
| on Github and then publicly documenting the history of the
| code in the most visible way possible would truly be the
| dumbest way to do it.
| tptacek wrote:
| Especially here, when the smoking gun is a change to an
| _MIT licensed project_. One of the torch-holding commenters
| remarked that developers at Microsoft ought to know enough
| about how licenses work to know what a big deal this was.
| Physician, heal thyself.
| dapids wrote:
| It's not just bots, it's real people: https://github.com/mi
| crosoft/cups/commit/8100595a3a3a6d5c7d0...
| will4274 wrote:
| How is this commit in May related to the current thread?
| Your post doesn't contain enough information for me to
| understand your meaning.
| dapids wrote:
| ignoramous wrote:
| Apparently that's a commit made by a human re-assigning
| copyright of a forked FOSS project [0] to MSFT,
| presumably without attribution [1]
|
| [0] https://openprinting.github.io/cups
|
| [1] MSFT moved attribution to _NOTICE_ file, which is
| cleaner, but trips people who aren 't paying attention:
| https://github.com/microsoft/cups/blob/main/NOTICE
| bayindirh wrote:
| > Another good reminder that Hacker News is not above
| assuming the worst and gathering pitchfork mobs like any
| other social media.
|
| As a person who read "The Halloween Documents" [0], I think
| I have the right to distrust Microsoft on every level.
|
| I use their hardware, subscribe to their Office suite, have
| their licenses for family computers, but they've filled
| their "Honest Mistake" quota for me long time ago.
|
| I wholeheartedly applaud them for acknowledging what
| happened and taking preventative measures, esp, on
| Christmas, but I can't forgive them for all the thing
| they've done in the far and recent hisory.
|
| [0]: http://www.catb.org/~esr/halloween/
| tptacek wrote:
| The obligation you're not living up to is to HN, not to
| Microsoft. If you want to participate here, the onus is
| on you not to be knee-jerk; avoiding knee-jerkism is the
| subtext of like 3/4 of the site guidelines.
| bayindirh wrote:
| This is veering to the meta, however, one of the best
| things came out of my HN experience is how to converse
| and discuss better. Actually I strive hard to not to be a
| knee-jerk person. I always take my time while writing
| something and try to back-up with actual events and/or
| facts.
|
| The point I was trying to make that for companies like
| Microsoft, reaching for the pitchfork is not always a
| knee-jerk reaction IMHO. For all the things they have
| done, my initial reaction is always _Oof, not again..._ ,
| which is actually sad for a company of this size.
|
| It's actually unfathomable to me for a company like
| Microsoft to not test these flows adequately and allowing
| this to happen.
|
| For a change, I want to see a more open computing
| platform, a less intrusive Windows version, or a longer
| maintenance window for CentOS, but we all have is a
| brawl.
| tptacek wrote:
| One big clue you have that the reactions here were knee-
| jerk is that they all turned out to be totally wrong.
| There's a lot of corncob dot gif happening in the
| aftermath.
| bayindirh wrote:
| I'm glad that my assumption proven to be wrong, by
| Microsoft itself, nonetheless. However, is being wrong is
| always equal to being a knee-jerk? Does the reputation of
| the company in question doesn't play a role here?
|
| Or, shall we be stateless, and evaluate every events
| without any prior experience? I don't think that holds a
| lot of water in real world, either.
| tptacek wrote:
| Another clue that it's knee-jerkism is that the
| accusations make no sense. It's hard to see what
| Microsoft plausibly stood to gain by modifying an MIT
| license. I suspect a lot of the accusations here are
| being made by people who simply don't know what an MIT
| license means. For that matter: even with a restrictive
| license like the GPL, it's hard to make sense of this as
| a heist, especially since _it 's right there in the
| public git log_.
|
| I don't think it's going to be possible to salvage the
| torch and pitchfork comments on this thread. For lack of
| a better way to put it: they're pretty dumb.
| bayindirh wrote:
| > It's hard to see what Microsoft plausibly stood to gain
| by modifying an MIT license.
|
| Actually, not being able to find a plausible gain in five
| minutes doesn't automatically clear Microsoft (or any
| company) in my mind. From top of my head, I can list
| three technologies which I find suspicious in the long
| run: LSP, WSL, SecureBoot.
|
| All in all, I _just don 't trust Microsoft_, and think
| about the worst of their actions first. They're the only
| company (ORACLE being a firm second) which evoke this
| reaction for me, and this their own making over the
| years.
|
| Just because I don't trust a company and assume the worst
| of them, and telling this openly makes me a knee-jerk
| person, so be it.
|
| As I said, I'm happy to be proven wrong, but I refuse to
| be stateless, and look every action of this company with
| completely neutral eyes.
| tptacek wrote:
| If you don't have anything well-considered to say about
| an event on HN, the best thing to do is not to say
| anything at all. Believe it or not, your personal
| distrust of a giant company isn't all that interesting to
| the rest of HN.
| J0BC6xEIDNi4 wrote:
| I think what he has to say is well-considered, and
| interesting. Meanwhile, the fact that you consider
| yourself qualified to speak for "the rest of HN" is...
| deeply fascinating.
| wnevets wrote:
| I figured something like this was the cause. I must say I'm
| quite disappointed by all of the negative comments before
| anyone from MS had a chance to explain what happened.
| pjmlp wrote:
| Thanks for jumping in and trying to explain what actually
| happened.
| mrVentures wrote:
| Good job owning the mistake and planning to prevent it in the
| future.
| [deleted]
| squidgyhead wrote:
| So, you are adding licenses automatically? This seems pretty
| risky. Why not just prevent commits that don't have a license?
| Shouldn't there be a human somewhere in that loop?
| phillipcarter wrote:
| Hugs Jeff, keep up the good work and hopefully the rest of your
| holidays are a lot more cheerful
| gautamcgoel wrote:
| A lot of commenters are sharpening their pitchforks, but this
| comment, in my opinion, makes it very likely that it was an
| honest mistake. Amazing what taking personal responsibility and
| earnestly apologizing can do to restore trust and credibility!
| beckman466 wrote:
| laumars wrote:
| If you read the comments, most people believed it was an
| honest mistake. What we didn't agree with was that it was an
| excusable mistake. Microsoft have since acknowledged it's not
| excusable and thus will rectify that error. So as far as I
| see it, all parties, both for and against MS, should be
| satisfied with the outcome.
| HugoDaniel wrote:
| ... "honest mistake" ...
|
| dude read yourself
| dang wrote:
| Could you please stop breaking the site guidelines? You've
| unfortunately been doing it repeatedly in your HN comments.
| People are supposed to get the benefit of the doubt here.
|
| https://news.ycombinator.com/newsguidelines.html
| csilverman wrote:
| Yeah, I think this is an example of addressing a mistake that
| other companies should take note of. I don't trust Microsoft-
| sized corporations as a matter of principle, and I don't
| typically give them the benefit of the doubt, but when one of
| their own engineers explains in human-readable terms what
| specifically happened--on a holiday, no less--I'm impressed
| enough to believe him. Some PR flack showing up with vague
| boilerplate about how Microsoft values the open-source
| community and they'll look into it would only have encouraged
| more outrage.
|
| I always appreciate communication that acknowledges I'm a
| person, not a data point or a customer. I wish more companies
| ditched the greasy PR approach and allowed folks like Jeff to
| do their talking for them.
| victorvscn wrote:
| This shouldn't be a reason to believe Microsoft or any such
| company. It's remarkably easy to fake.
|
| Here's what should be a reason: their history (considering
| if they reformed--which anyone paying attention knows
| Microsoft has).
|
| Even that is not 100%. But it should tell you to hold the
| pitchforks until the company has a chance to explain
| themselves (and whether you should believe the
| explanations).
| itzprime wrote:
| How has Microsoft reformed? Windows 11 is more intrusive
| than ever, it changes default programms more frequently
| to their desired programms and it is so annyoing to
| switch browser. THey still are the same old.
| novok wrote:
| I think a key reason that corps do try to avoid admitting
| fault, is because in a lawsuit that can be used as evidence
| for a guilty verdict in a civil lawsuit in some of the most
| slam dunk ways.
|
| If we remove this feature of common law legal systems, I
| think you will get far more admissions of fault like this
| one.
|
| If you hurt people, organizations, etc for admitting their
| mistakes, they're going to stop doing it.
| jdsully wrote:
| The key take away is that apologizing and admitting fault
| doesn't absolve one of liability. There are a number of
| "amnesty" laws on the books where admitting fault can
| server to limit or reduce your sentence - especially with
| tax issues. I'm not sure how desirable such a thing would
| be in civil law among private parties. Especially in
| cases where a tort is minor to one party but a big deal
| to the other because of disparate wealth.
|
| E.g. if Microsoft burned your house down would an apology
| and explanation be enough to settle the matter? How could
| we encode this principle into law for minor things but
| not large things?
| Debug_Overload wrote:
| Is the bar really that low? "This person used human-
| readable language and acknowledges that I'm a person, so
| it's impressive and all is forgiven"?
|
| I'm not trying to pull a straw man here but it's really
| strange how low the bar is; the PR folks must've been
| really busy if they managed to cultivate this level of low-
| expectations environment.
| laserbeam wrote:
| Alright... What is a proper response to an honest mistake
| in your book? We have links to a bug, explanation of what
| happened, a clear response (that they will check to see
| if this happened on other forks), they reversed the
| change...
|
| Unsure why the bar would need to be higher. This is all
| reasonable given the circumstances.
| robertlagrant wrote:
| An engineer who can write straightforwardly is worth 100
| PR people in situations like this.
|
| They're not paid like that, but they are worth that.
| PragmaticPulp wrote:
| > makes it very likely that it was an honest mistake.
|
| I don't have any doubt that it was an honest mistake. They
| also took accountability for the mistake, shared their steps
| to prevent it from happening again, and they're in contact
| with the original repo author directly.
|
| At this point, anyone digging for excuses to further demonize
| Microsoft isn't interested in honest discussion about this
| issue. This is a textbook mistake followed by rapid
| resolution (on Christmas Day, no less), with great
| communication on top.
| hawski wrote:
| In a way I'm glad that this is not taken lightly. We all need
| to be informed and calm, but mega-corporations should be held
| to higher standards. They should feel breath of an angry mob
| once in a while. I imagine, that if reactions to things like
| that would be just "meh, it's probably just a mistake" it
| would not be resolved as quickly or it could just be ignored.
| But now that it is all cleared up let's go home and Merry
| Christmas.
| throwaway82931 wrote:
| Now, will Microsoft cease violating the copyrights of
| everyone on Github via Copilot?
|
| That the pitchforks have come out for Microsoft should come
| as no surprise to anyone.
| novok wrote:
| Lets also get rid of web search engines while we are at it,
| or transparent caching CDNs /s
| throwaway82931 wrote:
| Web search engines claim fair use for snippets, and MS
| claims fair use for Copilot. However, a web search engine
| result page is only an aggregate of the excerpted pages,
| and it refers back to them; unlike software authored
| using Copilot, it does not draw those snippets together
| into a coherent purposeful whole, strip all reference to
| the original author. and claim complete originality.
|
| That MS went ahead with training Copilot on open source
| code authored by people who are clearly not OK with it is
| why they are so short on goodwill.
| tptacek wrote:
| It was obviously a mistake. Still nice to have someone
| involved give the backstory.
| sharken wrote:
| Yes, very nice writeup from Microsoft.
|
| Had a similar experience with AzureCli v2.30, where the
| environment variable to ignore certificate errors suddenly
| did not work anymore.
|
| It turned out it was removed but there was no mention of it
| in the release notes.
|
| On the GitHub page quick response was provided by
| Microsoft.
| rdl wrote:
| Thank you for showing up on Christmas to address this. Have a
| great holiday!
| smnscu wrote:
| Feels like the reverse Streisand effect at play here; a high-
| profile minor fuckup that helps popularize a positive thing.
| This was fun to meme on, but I'm glad Microsoft appears to be
| on an upward slant ethically. It also makes me more comfortable
| being a Microsoft customer.
| filomeno wrote:
| Do you mean it was done on purpose? Coming from Microsoft one
| would never know...
| giancarlostoro wrote:
| Thank you for the full transparency, sadly we may hear for
| years of people saying how Microsoft blatantly ripped off
| someone else's copyright, but that's probably okay, those
| people probably wouldn't use your projects for whatever reason
| anyway, when in fact it was a bot meant to keep you guys from
| releasing code prematurely without a reasonable license to
| begin with (at least that's what it sounds like?).
| explaingarlic wrote:
| Very nice to see someone take ownership of a problem. Thanks
| Jeff :)
| snthd wrote:
| Please consider
| https://github.com/microsoft/azuredatastudio/issues/102#issu...
|
| >SQL Operations Studio was built on the back of many open
| source projects that all use the MIT License for a reason: it's
| the right way to keep moving the community forward, empowering
| your users to do cool stuff and build useful things for the
| community.
|
| >We're just asking SQL Operations Studio to use the same
| license that Visual Studio Code does.
| andrei_says_ wrote:
| Thank you for taking responsibility for this and for the
| transparency.
|
| It is good to be reminded that care and integrity can exist,
| even in large corporations.
| severino wrote:
| > It's code that I wrote to try to prevent other problems [...]
|
| Don't worry, man, nobody expects people from Microsoft to write
| code that behaves as intended. Merry Christmas.
| akyoan wrote:
| dang wrote:
| You broke the site guidelines so badly and so repeatedly in
| this thread that I've banned the account. If it were just a
| question of a single thread, I'd put it down to going on tilt
| (which happens sometimes), but you've also been breaking the
| guidelines egregiously in other places too.
|
| If you don't want to be banned, you're welcome to email
| hn@ycombinator.com and give us reason to believe that you'll
| follow the rules in the future. They're here:
| https://news.ycombinator.com/newsguidelines.html.
|
| We detached this subthread from
| https://news.ycombinator.com/item?id=29683556.
| zenexer wrote:
| It doesn't matter that it was an accident; it's still a serious
| issue that needs to be corrected and deserves an upvote. It's
| also quite curious, and I appreciate hearing about the
| incident.
|
| Incidents don't need to be malicious to be newsworthy or
| intriguing.
| akyoan wrote:
| bayindirh wrote:
| Eh, considering Microsoft made similar "harmless" mistakes
| in the past, I don't give them "harmless mistake" credits.
|
| e.g.: Anyone remembering AppGet? [0][1]
|
| [0]: https://www.theverge.com/2020/5/28/21272964/microsoft-
| winget...
|
| [1]: https://www.theverge.com/2020/6/2/21277863/microsoft-
| winget-...
| akyoan wrote:
| bayindirh wrote:
| > Do you have brain?
|
| Just tapped to my head, looks like there's one.
|
| > Leave a message when you realize that forking a repo on
| GitHub is not the same as publishing a copy under your
| name.
|
| First, you send me a message when you realize you can't
| just change an MIT License's copyright line as you see
| fit, then we can discuss the rest.
|
| Also, milking knowledge from someone with an implicit
| promise of hiring, and re-implementing the software and
| tossing the original developer aside like an orange pulp
| is nowhere ethical.
| anonymousab wrote:
| Bot-driven crimes would be crimes nonetheless.
| [deleted]
| kstrauser wrote:
| - You're at work looking for an appropriately licensed
| library to do X.
|
| - You find one with an MIT license and use it.
|
| - Oops! It was really GPL and now you have some undesirable
| options to face.
|
| Microsoft's had a few "accidents" lately that remind me too
| much of their old war on the GPL.
| feanaro wrote:
| The mistake is not harmless. Corporations don't get to hide
| behind their bots' mistakes. Microsoft needs to reverse the
| change, explain why it happened and implement precautions
| so it doesn't happen again.
| coliveira wrote:
| You wouldn't believe how long "harmless mistakes" are
| maintained without correction, as long as they're
| benefiting a big company.
| luckylion wrote:
| How often did the bot make the same mistake? In how many of
| those cases does Microsoft now assume they have copyright
| and make their army of lawyers enforce it? Are you willing
| to go up against Microsoft in a court, rolling the dice?
| Crosseye_Jack wrote:
| Problem is in a world of moderation actions being taken by
| bots and not humans often the only way to get a human to
| review its decision is to raise awareness on social media
| like HN.
|
| How often have we seen closed accounts getting resolved
| after complaining about it on HN/Twitter/Etc.
|
| I'm not saying tha to how it should be, just what it's
| become.
| AdrianB1 wrote:
| How about stop blaming the bots and take responsibility?
| The bots have none, the humans behind the bots have full
| responsibility.
| frob wrote:
| Bots don't steal licenses; people who program bots steal
| licenses.
|
| It's the latter action that's being addressed here.
| akyoan wrote:
| xigoi wrote:
| If I accidentally write a program that deletes all files
| on your computer, are you not going to hold me
| accountable?
| Aperocky wrote:
| That just meant Microsoft have done many more of this? Wouldn't
| it make it worse?
|
| Intentional, manual or not, projects are now attributed to
| Microsoft when they should not.
| jwsteigerwalt wrote:
| ghjklpoiuy wrote:
| [deleted]
| Tepix wrote:
| I don't think that just because some "bot" did this Microsoft is
| to be excused. Someone decided that using a piece of software to
| automatically alter license files. This is a genuinely stupid
| idea. And they already fucked up in the same way with the CUPS
| project. Will they learn without someone taking them to court
| over this? I don't think so.
| nickelpro wrote:
| The bot's job was to get MS-originated repos onto the correct
| standard license for MS open source code. That forked repos got
| their license changed is an unintentional bug, not something
| anyone "decided" to do.
| CameronNemo wrote:
| An unintentional bug that keeps happening. The correct
| remediation is to disable the bot or feature until it stops
| violating the law.
| wutwutwutwut wrote:
| > Will they learn without someone taking them to court over
| this?
|
| Only on hackernews I see this level of crazyness. You need to
| reduce your caffein intake drastically.
| dang wrote:
| This sort of attack will get you banned here, regardless of
| how right you are or feel you are. If you'd please review
| https://news.ycombinator.com/newsguidelines.html and stick to
| the rules when posting here, we'd appreciate it. Note this
| one:
|
| " _When disagreeing, please reply to the argument instead of
| calling names. 'That is idiotic; 1 + 1 is 2, not 3' can be
| shortened to '1 + 1 is 2, not 3._"
|
| and this one:
|
| " _Please don 't sneer, including at the rest of the
| community._"
| genesor wrote:
| People on HN are completly crazy and uneducated... Whenever
| there is something like this you can be sure you will find
| hundreds of insulting or mean comments on the commit or PR...
| It gives a really bad image of the community.
| dang wrote:
| This sort of name-calling breaks the site guidelines badly,
| regardless of how right you are, or how superior you feel
| to the rest of the community. If you'd please review
| https://news.ycombinator.com/newsguidelines.html and stick
| to the rules when posting here, we'd appreciate it.
| misnome wrote:
| I think people should be as forgiving as Microsoft would be if
| someone "accidentally" changed the licence of Microsoft
| software and started distributing it.
| doubled112 wrote:
| My copy of Daz's Windows Loader accidentally activated my
| Windows pre-upgrade.
|
| It was just accidentally run in a script. No worries right?
| nexuist wrote:
| I don't know what point you're trying to prove here, since
| I don't think I've ever heard of Microsoft suing
| individuals for illegal Windows keys and certainly not in
| the past 10 years. If you start an LLC and attempt to
| commercialize on piracy then you'll probably get sued, but
| regardless they are a lot more lax than, say, Oracle on
| this issue.
| IgorPartola wrote:
| FWIW it does look like a bug in a bit and not company
| policy to me. But having said that the equivalent
| situation would be some _larger_ than Microsoft copying
| their work. For example the US Federal government
| distributing Windows under the MIT license.
| rvba wrote:
| 1) bot changes license
|
| 2) bot2 takes data for copilot
|
| 3) we are "sorry" for bot 1
|
| 4) bot2 took data
| [deleted]
| helsinkiandrew wrote:
| How did it used to go?
|
| Embrace, Extend, and Extinguish
|
| But now not even bothering with the extend. I'd guess this is a
| mistake of some kind.
| [deleted]
| implements wrote:
| Dismiss, Embrace, Extend and Extinguish - if I remember the
| early histories of Netscape and Java accurately.
| 3np wrote:
| So sure, this is far from a good look. But the verdict is still
| out on if it is an unfortunate mistake or malicious.
|
| It's far from the first time I see this kind of reaction and,
| IMO, rather than everyone spending time on piling on the
| flamewar, how about opening the door for MS to set this straight
| and do the right thing? Assume good faith even if you personally
| don't sincerely believe it? Give them an easy way to save face
| and present a plausible narrative rather than having everyone dig
| their trenches deeper? If you'd prefer MS not to screw people
| over, it helps no one to solidify them in doing just that.
|
| Already so many people shouting "YOU ARE THE DEVIL", not one
| going "hey, looks like this is a mistake, let's sort it out". IMO
| the latter is more constructive. It's almost as if people _want_
| Microsoft to do bad things. Remember it 's a huge organization
| with all kinds of people and ideologies internally. It's too
| early to tell which way the individual behind this particular
| change is leaning.
|
| It took me all of 1-2 minutes to make this PR[0], probably less
| than any of the meme pictures in that commit thread. Let's see
| how it goes. Last time it went through[1].
|
| [0]: https://github.com/microsoft/grpc_bench/pull/1
|
| [1]: https://github.com/dotnet/sdk/pull/22262
|
| EDIT: ...And, it's merged. I'm assuming the rest of the affected
| repos will be fixed as well and an apologetic blog post issued by
| Monday. Anyone who feels that's too long time can always open
| corresponding PRs instead of wasting their time by replying to
| this with how that's not our job. Happy holidays.
| 3np wrote:
| Another aspect of this: Rejecting such a change, or
| indefinitely leaving it hanging as open, is a _much_ worse look
| than simply ignoring all the complaints (which is already bad
| enough but has more plausible deniability). Providing a ready-
| to-merge PR is effectively pushing them to take a public
| stance.
| goodpoint wrote:
| Reminder: if you want to protect your software or your community
| from similar issues you can use [A]GPL and let Free Software
| Conservancy handle any legal battle on your behalf:
|
| https://sfconservancy.org/copyleft-compliance/
| rdpintqogeogsaa wrote:
| I observe some confused comments on this page that seem to argue
| that the MIT license doesn't come with a requirement to keep the
| copyright line intact (which is demonstrably false, you don't get
| two paragraphs into the license without finding the attribution
| requirement).
|
| The part that caught my interest is: How many people consciously
| picked the MIT license when they actually meant a non-attribution
| license?
| throwaway2037 wrote:
| I like your last question. Can you give an example of a "non-
| attribution license"?
| rdpintqogeogsaa wrote:
| If you're attached to your copyright: 0-clause BSD is a thing
| that exists[0]. Toybox uses it.
|
| If you want to throw your copyright out the window: The
| commonly accepted solution seems to be CC-0[1], which tries
| very hard to disclaim rights and limit liability in as many
| jurisdictions as possible, complete with a fallback license
| grant for failed public domain dedications. Because CC-0
| makes some people uncomfortable despite the lengths it goes
| to reach its goals, some projects work with dual-licensing to
| cover the other side, such as Monocypher.
|
| Neither of them address patents. If patents are something you
| want to/need to address, you could perhaps paste the patent
| clause from BSD-2-Clause-Patent onto 0-clause BSD.
|
| See also the discussion on [2,3].
|
| [0] https://spdx.org/licenses/0BSD.html
|
| [1] https://spdx.org/licenses/CC0-1.0.html
|
| [2] https://en.wikipedia.org/wiki/Public-domain-
| equivalent_licen...
|
| [3] http://landley.net/toybox/license.html
| redthrow wrote:
| I wondered why more FOSS projects aren't using CC0 instead
| of "permissive" licenses like MIT, considering a lot of
| folks who work in FOSS are against copyright/software
| patents system in general, and most of them don't really
| seem to care about attribution.
|
| People who release code under MIT not only won't/can't take
| legal action but they probably won't even bother writing an
| email to the person who they believe violated the
| attribution part.
| numpad0 wrote:
| Because permissive licenses promote proprietary use cases
| and that's not what FOSS movement aims to achieve.
| redthrow wrote:
| MIT doesn't promote proprietary use cases any more than
| CC0.
|
| I do (somewhat but not really) get why people use GPL but
| that's another story. Here we are only talking about
| people who use MIT instead of CC0.
| TrueDuality wrote:
| I think most people explicitly choose MIT for this. It's a very
| very free license, allowing you to do pretty much anything you
| want with the code. Among the opensource developers I know the
| one thing they consistently care about is attribution for the
| work they've done for free.
| axiosgunnar wrote:
| Sure this might be an innocent mistake, but if you were to
| infringe a nanometer on Microsoft intellectual property, never in
| hell would they be like ,,oh an innocent mistake, we don't sue
| you into oblivion then!"
| ramsundhar20 wrote:
| Is this the commitment, Microsoft shows towards Open source.
| Things never change.
| gjs278 wrote:
| iamleppert wrote:
| Tyriar wrote:
| MS dev here. I contacted the internal repo owners to bring this
| to their attention, people may be out for the holidays but I
| expect it to get fixed up soon.
| bennyp101 wrote:
| Could be it got caught by mistake?
|
| I know I can run "Update Copyright" on my projects in JetBrains -
| could just be an innocent mistake that hit the wrong folder.
|
| I know everyone jumps on the big corp as everything they do is
| intentional, but it's the holidays, someone was doing a bit of
| work, maybe not fully concentrating and hit push.
|
| Seeing how quickly this was plastered everywhere, and the
| responses to it, do you really, like REALLY think that this is a
| deliberate play?
| rolph wrote:
| exdsq wrote:
| It's fixed
|
| https://github.com/microsoft/grpc_bench/pull/1/commits/30561...
| noodlesUK wrote:
| This is a clear violation of the MIT License. MSFT can and should
| get in hot water over this. The copyright doesn't belong to them,
| just a license to use the software.
| alkonaut wrote:
| They'll be in hot water on social media because of a the
| automation mishap. Then it'll be corrected. There will be no
| legal hot water.
| sandworm101 wrote:
| "You haven't changed at all. You're still evil. And when you're
| trying to be good you're even more evil!" - LS
| phkahler wrote:
| franky_g wrote:
| Ok Jeff
|
| We forgive you...
|
| ;)
| bmitc wrote:
| What's surprising to me about all the negative reactions
| Microsoft receives, especially on here, is that from my point of
| view, they are currently the most open out of all the big
| companies (Google, Facebook, Apple, etc). I cannot remember a
| time Apple has admitted to anything or made any effort to have
| anything that could be considered open, but they do no wrong in
| most people's eyes, where even a simple mistake by Microsoft gets
| turned into some nefarious narrative.
| peakaboo wrote:
| Yes they are still working on world domination and needs to act
| kind and responsible, unlike Google and Apple that is ahead of
| them.
|
| If Microsoft had the most popular search engine and the most
| popular mobile operating system, they would be gathering all
| our data and putting ai robots to answer our questions.
|
| These big tech companies do not have the best interest of us in
| mind. They are a force for centralization of power into the
| hands of billionaires.
|
| It doesn't have to be this way but it requires users to smell
| the coffee and want another Internet and another big tech
| industry.
| throwaway82931 wrote:
| Barrin92 wrote:
| what surprises me the most about Microsoft related hate is
| that, despite the fact that they had (still have pretty much)
| control over the OS market they never locked their system down
| or charged people in any capacity.
|
| People take it for granted that you can just run what you want
| on your windows machine but they could have turned it into
| smartphone style locked down system. Imagine if every app
| developer in history had to fork 15-30% of their sales over to
| Microsoft just for building on Windows, they could have made a
| trillion bucks or something.
| viraptor wrote:
| While it's not locked, they're certainly pushing you that
| way. For example the only built-in installer for VS projects
| right now essentially gives you a choice of either a plain
| directory of files, or a nice process to release to the
| windows store. Want a simple MSI/installer - deal with the
| pain yourself.
|
| Once you do try to distribute your own app, you need to shell
| out >$200/yr for code signing certificates which pass the
| smartscreen filter, otherwise your app will be randomly
| prevented from running.
|
| And other issues... With every version things get just a tiny
| bit more inconvenient for out-of-store software releases.
| Mikeb85 wrote:
| They didn't do it because regulators were already on them,
| hard. They literally funded Apple to try have a competitor so
| they wouldn't be broken up. A judge did, at one point, rule
| that they should be broken up anyway.
| emodendroket wrote:
| Well we're all just lucky nobody had thought of that yet.
| bayindirh wrote:
| > they never locked their system down
|
| Oh, they wanted to do it badly, since 1999. See the Bill
| Gates' memo on the issue [0].
|
| [0]: http://antitrust.slated.org/www.iowaconsumercase.org/011
| 607/...
| dang wrote:
| We detached this subthread from
| https://news.ycombinator.com/item?id=29685852.
| Kye wrote:
| Releases of all open source things Apple uses, by OS:
| https://opensource.apple.com/releases/
|
| These mostly link to repositories under one of their GitHub
| organizations: https://github.com/apple-oss-distributions/
|
| Apple's open source projects:
| https://opensource.apple.com/projects/
|
| Which mostly link to repositories under their main GitHub
| organization: https://github.com/orgs/apple/repositories
| glandium wrote:
| Note these are thrown-over-the-wall source dumps, with no
| valuable VCS history, nothing more recent than at least 2
| releases ago, and sending a PR will likely only receive
| crickets (said as someone who recently found an easily
| patchable bug in dyld, contemplated the idea of opening a PR
| and was told by an ex-colleague who now works at Apple that
| my best shot would be through feedbackassistant.apple.com).
|
| BTW, those repos don't take issues.
| dapids wrote:
| I just got a security bug fixed last month in dyld in one
| release cycle. Didn't strike me as difficult. I emailed
| them, and they fixed it. Not much more to add then that.
| Have you actually tried?
|
| Also dyld isn't just some thrown-over the wall code. It's
| completely designed and built by Apple and is the
| cornerstone to making the user-space runtime functional.
| glandium wrote:
| All the code designed and built by Apple is thrown-over-
| the-wall. That's old-version-of-source-available, barely
| open source.
|
| I tried emailing ld64's author about a bug in the past
| without success. I don't remember how I found their
| name/address back then, but I sure can't find any names
| or contact information for dyld right now...
| dapids wrote:
| What on earth are you talking about? ld64 is a completely
| different beast than dyld in today's world.
|
| Also, I'm not sure looking for individual points of
| contact in a large org is the best idea. I emailed
| security@apple.com. Even if it's not a security bug they
| will help direct you to the right team.
|
| Again, have you even tried?
| glandium wrote:
| > What on earth are you talking about?
|
| I'm talking about trying to contact people at Apple about
| bugs in their "open source" code.
|
| Why would I send an email to security@apple.com for
| something that is not a security issue?
|
| > Again, have you even tried?
|
| Yes, I tried for ld64 in the past, and I tried through
| what I was told had the best chances to work by an Apple
| employee this time for dyld. I'm not holding my breath,
| though.
| filomeno wrote:
| simfree wrote:
| Saas like Office 365 seems to be Microsoft's current flavor
| of proprietary, closed software moving forward.
|
| MS has released some quality open source code, there are many
| organizations running fully open source stacks atop Dotnet
| Core, in our case atop Debian and Postgres. Microsoft makes
| no money off use cases like this (beyond hopefully selling
| Azure VMs)
| afiori wrote:
| Chrome is not open source, Chromium is.
| baumatron wrote:
| Edge is released as open source in literally the exact same
| way Chrome is. Microsoft is a Chromium stakeholder and
| contributor as well.
| Mikeb85 wrote:
| Please, Google contributes far more to open source than both.
| Between Chromium (which seemingly most other browsers are based
| on now as well as things like VSCode) to Android, GSoC, Golang,
| Dart/Flutter, the Linux kernel and a bunch of other random
| stuff, Google has probably done as much or more for the open
| source ecosystem than pretty much anyone.
|
| Pretty much MS' only useful contributions to open source are
| from MS Research, everything else feels like a Trojan horse,
| designed to make you like them and then lock you in to
| something proprietary later.
|
| Lots of plugins don't work on open-source VSCode, they tried a
| bait and switch with .NET features, Windows 11 has a bunch of
| anti-patterns, GitHub is being dodgy about how they train
| Copilot, etc...
| thisoneistheone wrote:
| neatze wrote:
| Google also contributes substantially to coreboot, I would
| not be surprised if Microsoft started working in open source
| because of google.
| sangnoir wrote:
| > ...from my point of view, they are currently the most open
| out of all the big companies (Google, Facebook, Apple, etc)
|
| I'm curious to know how you're measuring openness. I agree
| Apple is the least open of the group, but Facebook and Google
| owe their existence to FLOSS, and were always in harmony with
| it from their origins.
| billti wrote:
| But is Facebook the product or it's social/recommendation
| algorithms open source? Is Google's search engine or ad
| platform open source?
|
| Companies are open source where it's of value to them, but
| they don't give away the family jewels if they can help it.
| dapids wrote:
| Literally half the operating system is open source macOS, they
| have an entire site dedicated to it. opensource.apple.com.
|
| Oh and don't forget googles ridiculous amount of effort poured
| into Android open-source source tree, just to name one of many.
|
| I honestly can't tell if you are trolling here or not.
| [deleted]
| alsetmusic wrote:
| > I cannot remember a time Apple has admitted to anything or
| made any effort to have anything that could be considered
| open...
|
| This was a while back, but Tim Cook apologized[0] after a
| poorly received rollout of Apple Maps. That said, I applaud
| this response and agree that more like it is needed across the
| industry.
|
| [0] https://techcrunch.com/2012/09/28/tim-cook-apologizes-for-
| ap...
| DistractionRect wrote:
| Perhaps I'm the one misinterpreting your comment, and the
| others have it right.
|
| I'm assuming you mean open as in communication. Apple basically
| is a stone wall, facebook just spouts empty platitudes, google
| processes are opaque and unyielding (unless you know a someone
| or raise a massive community response on social media), but
| Microsoft continues to be staffed by humans.
|
| They aren't a shining pillar of FOSS, but they've taken some
| good steps in the right direction in the past few years. And of
| all of them, user feedback, support, and escalation seems to
| still be handled by people instead of algorithms
| robertlagrant wrote:
| Google contributed the enormous k8s to the community, which has
| thankfully made Microsoft's proprietary Service Fabric mostly
| go away.
|
| Apple have caught huge flak recently e.g. for the phone-local
| image scanning software.
| zekrioca wrote:
| Although Google was the one which prepared it for production
| before its releasing, k8s originated from academia (more
| precisely, University of Massachusetts Amherst).
|
| Ps.: check follow up comments. My comment in here is wrong.
| jsnell wrote:
| Do you have a source for that claim?
| zekrioca wrote:
| My mistake. One of its founders has a PhD from there
| (thus my mistake), but k8s was actually created while he
| was working at Google, after his PhD (which has nothing
| to do with k8s..).
| zekrioca wrote:
| [1] https://kubernetes.io/blog/2018/07/20/the-history-of-
| kuberne...
| novok wrote:
| Apple is active in their OSS work although, if you go look at
| their OSS project forms and such. Look at webkit, swift, etc.
| brisad wrote:
| Since they also removed a full stop at the end...
|
| What is the point of using all caps? For me it makes legal texts
| like these really annoying to read. I'm not a native English
| speaker, is that really correct English writing? Aren't there
| clear rules when to use capitalization? Like, at the beginning of
| sentences. Feels like they are abusing the language.
|
| Can they just lower case the paragraphs, to make things more
| convenient to read? Or does that change the legal meaning? For me
| it would feel like they would stop screaming :-)
| brianwawok wrote:
| https://www.termsfeed.com/blog/all-caps-legal-agreements/amp...
|
| It's legally important
| feanaro wrote:
| Your text says it's not. What's legally important is to make
| certain parts of the text _conspicuous_.
|
| Using all-caps is one way of achieving this, but there are
| other options, such as using a different typeface, font size
| or colour.
| numpad0 wrote:
| BUT ALL - CAPS TEXT IS EASIEST AND AT LEAST TO ME SOUND
| RIGHTEOUS ENOUGH. I THINK THIS IS A CLASSIC CASE OF QUOTE
| IT AIN'T STUPID IF IT WORKS END QUOTE.
| Ensorceled wrote:
| How do you use a different typeface in a plain text file?
| rdpintqogeogsaa wrote:
| _Disclaimer_ : I am not a lawyer. The following is not
| legal advice and, in particular, has not been tested in
| court to the best of my knowledge.
|
| You can't use a different typeface, font size or color in
| a plain text document. That does not mean you have no
| options. The criterion is that it is "written, displayed,
| or presented that a reasonable person [...] ought to have
| noticed it."
|
| Consider the following: Nihil harum
| autem impedit commodi ut occaecati. Nihil
| quisquam ab molestiae veritatis consectetur. Quis
| molestias sunt facere tempore est. Eum quia
| quisquam veritatis illo minus sint atque ipsa.
| Omnis optio ducimus minus nemo non deleniti
| voluptas. Blanditiis nisi eum eum beatae fugit
| delectus. Optio neque sed nostrum veniam eos. Culpa ut
| no- bis rem est dignissimos est eum sed.
| Occaecati dignissimos eveniet odit aut est ipsum
| minus nisi.
| !! IMPORTANT !!
| DISCLAIMER OF WARRANTY
| The software is provided "as is", without warran-
| ty of any kind, express or implied, including but
| not limited to the warranties of merchantability,
| fitness for a particular purpose and noninfringe-
| ment. In no event shall the authors or copyright
| holders be liable for any claim, damages or other
| liability, whether in an action of contract, tort
| or otherwise, arising from, out of or in connec-
| tion with the software or the use or other deal-
| ings in the software.
| Unde sint ab qui ut. Debitis qui deserunt fugiat aut
| nihil impedit vel saepe. Et ad voluptas quia.
| Omnis libero ni- hil perferendis aut ab.
| Illo et neque voluptatibus. Et animi consequatur
| enim eius aut at veritatis. Modi error a ratione
| tempore velit inventore. Accusantium accusantium
| et quam quis nemo id.
|
| This seems rather noticeable to me, gets to the point,
| and is considerably more readable.
|
| By using the all-caps sparingly, we've made way to draw
| attention to the heading, then offset the passage with
| large amounts of whitespace to draw attention to the
| passage itself. At the same time, this keeps readability
| of the actual text that you want people to read.
| garaetjjte wrote:
| Arguably all-caps is harder to read, making these clauses
| less conspicuous.
| kube-system wrote:
| "Easy to read" is not part of the criteria. The definition
| is explicit.
|
| > "Conspicuous", with reference to a term, means so
| written, displayed, or presented that a reasonable person
| against which it is to operate ought to have noticed it.
| Whether a term is "conspicuous" or not is a decision for
| the court. Conspicuous terms include the following: (A) a
| heading in capitals equal to or greater in size than the
| surrounding text, or in contrasting type, font, or color to
| the surrounding text of the same or lesser size; and (B)
| language in the body of a record or display in larger type
| than the surrounding text, or in contrasting type, font, or
| color to the surrounding text of the same size, or set off
| from surrounding text of the same size by symbols or other
| marks that call attention to the language.
| [deleted]
| vegetablepotpie wrote:
| Apparently it comes from commercial codes from the '50s, which
| says that important text must be _conspicuous_ [1]
|
| Conspicuous could mean all caps, contrasting text, or different
| colors. My guess is that CAPITALIZATION was used because most
| typewriters at the time could do caps, whereas doing different
| font sizes, colors, bold would have required a special
| expensive machine. When technology evolved, lawyers being
| process oriented creatures, stuck with all caps because it was
| the way things were always done, and therefore safe to do.
|
| [1] https://www.termsfeed.com/blog/all-caps-legal-agreements/
| stillicidious wrote:
| Someone has pushed a button and it's run the equivalent of
| cookiecutter on the repo.
|
| Original author could send a DMCA, or they could simply enjoy
| Christmas and assume a ticket will undo this sometime in January.
| radicalbyte wrote:
| This, the reason why we have the DMCA is to protect copyright
| holders, now the copyright holders should exercise their right.
| uda wrote:
| What? no, this goes entirely against the idea of laws.
|
| Copyright laws have one major purpose: protect the right
| holders. It does so by giving them tools to mitigate their
| loses by deterring people from infringing.
|
| If a right holder has to invest more time in complaining on
| people about infringement than actually having time to do
| other stuff, like creating, then we've got it all wrong.
| noodlesUK wrote:
| The relevant Reddit thread also points out that MSFT has
| illegally relicensed Apache licensed Apple software in the same
| way. Apple is very litigious...
|
| https://github.com/microsoft/cups
| ognarb wrote:
| I created an issue in the original cups repo:
| https://github.com/OpenPrinting/cups/issues/315
| bayindirh wrote:
| I was contemplating a PR with original license, but your
| course of action is much better.
| 88j88 wrote:
| I guess this is grounds for a valid DMCA take down? They are
| obviously breaking license agreement, effectively stealing
| copyrighted software.
| noodlesUK wrote:
| It looks like Jeff Wilcox who seems to be in a decision making
| position about this has addressed this (on Christmas no less),
| and I think whilst this is bad and definitely violating, I
| don't think there was any ill intent, and I hope we can all put
| the pitchforks down for a while.
| TedShiller wrote:
| Microsoft
| abhishekjha wrote:
| Hey, why are the comments repeating on the page? Is this a UI
| bug?
___________________________________________________________________
(page generated 2021-12-25 23:00 UTC)