GitCode, a git-hosting website operated Chongqing Open-Source Co-Creation Technology Co Ltd and with technical support from CSDN and Huawei Cloud.
It is being reported that many users’ repository are being cloned and re-hosted on GitCode without explicit authorization.
There is also a thread on Ycombinator (archived link)
Classic Chinese tech co, if you can’t create something on your own just download the source files and say you made it. The money spends the same after the fact, anyhow.
Solution: create a GitHub repo with Markdown articles outlining human rights abuses by the CCP and have a large number of GitHub users star and fork the repo.
genius.
That’s the whole point of this: they will automatically filter that out, and this is an impotent, though well intended, gesture.
How will they filter it out? If they just don’t mirror anything with ‘forbidden’ terms, we can poison repos to prevent them being mirrored. If they try to tamper with the repo histories then they’ll end up breaking a load of stuff that relies on consistent git hashes.
I feel like the effort to make such a repo and make it popular enough to be cloned and rehosted is a lot more effort than someone manually checking the results of an automated filter process.
The “effort economy” is hugely in favor of the mirroring side
Yeah I figured as much. It was mostly a joke. At the end of the day, if stuff is on GH, people can take it. It’s barely even stealing. Unless the license disagrees of course but then you were putting a lot of trust in society by making it public in the first place.
That’s what I don’t get about this. Why does anyone care? Even this Chinese company, why do they care to clone it all? It’s already all hosted and publicly available.
Apparently they aren’t respecting licenses. It’s possible to have source code publicly available on GH but have it not be truly FOSS. But that’s generally not a great idea since you’re effectively relying on the honour system for people not to take your code.
Even this Chinese company, why do they care to clone it all? It’s already all hosted and publicly available.
Until it isn’t. Perhaps they are preparing for a future war with the US and assume their access to all that code will be blocked. They want to copy it now while they have access.
The real solution is to include a few
tiananmenSquarevariables in all the repositories. Either they exclude the entire repository or just the specific file, in either case the entire project may be unusable.So… You’re saying instead of “main”, “app”, or “core”, we should change the convention to make tiananmenSquare the entry point for apps?
Or maybe make it the filename for utils, so it’ll just break
China filters every byte of Internet traffic in and out of the country.
It seems naive to think they can’t accomplish the same thing for a GitHub mirror.
They’re not supposed to, it’s just about blocking them from using the software :)
It’s a new coding paradigm, I will take some time getting used to looking for libraries in the
uyghur/tianamenfolder.
You’ve heard of CamelCase and lowercase and intVariableName variable naming styles. Get ready for:
for (int Taiwan == 0; Taiwan < HongKong; Taiwan++) { int TianamenSquare == 0; … }
everyone should have stuff in their code comments, tianamen, hong kong, taiwan, uyghurs
Maybe we should consider the same for the US government instead of being afraid of the big Chinese boogeyman across the sea? Because I guarantee you the US has just as many, if not more. But China bad. 🙄
50 Cent Army Repellant:
六四
1989 Tiananmen Square Massacre
I always thought the term “Wumao” sounded suspiciosly like “woo Mao.”
Yes yes, what about the US?
426
I was making a joke about abusing Chinese censorship in order to stop them cloning GitHub repos (assuming that was something you wanted to do). The joke being that the CCP suppresses information about their human rights abuses. That is not true of the US. You could absolutely make a GitHub repo detailing the crimes of the US government. Nobody will stop you.
Tell that to Julian Assange
Is that what you think got him in trouble?
yes. he published us crimes in iraq/afghanistan.
create a GitHub repo with Markdown articles outlining human rights abuses by the CCP
Once you have logged “China killed 100 Zillion people! End CCP now!” in Chinese GitHub, everyone in China will realize that their lives are actually very bad and they need to do a Revolution immediately.
Yeah, though the Chinese government isn’t doing this out of the goodness of their heart, this is what open source is about.
Cloned even?
Maybe they were open source projects?
If the license of the project isn’t being respected then this is a problem.
I’m not disagreeing, but can anyone really be surprised? IP theft is Chinese policy 101.
GitHub owner Microsoft would never engage in IP theft of source code. They leave that to OpenAI and then rebrand it as GitHub Copilot.
Training an AI on something doesn’t involve copying it.
It is not illegal is it?
If it is legal, then thank you China for the free backup.
Law do not exist by itself; it’s the result of balance of power. How would you know that your State do not use illegally free software ? And if you know it, could you sue it ? Even if it’s a classified administration ?
Apply laws Internationally is even worse. It usually depends of the imperialist relationship between States. For exemple, Facebook rules was illegal in France, but France changes it’s laws rather than sue Facebook. A decade later, the whole European Union could forte RGPD upon the GAFAM.
China have nothing to fear in ignoring those licence, and we shouldn’t rely on it to protect our work. However we could strengthen our common defenses, through FOSS for people in the US … and maybe trade unions elsewhere.
I do believe it’s illegal if they take a repository with a restrictive license (which includes any repository without a license), and then make it available on their own service. I think China just doesn’t care.
Illegal according to who?
The US? Why would China care, they are their own country with their own laws.
International courts? Who is enforcing those judgments?
If it’s hosted in a public repo, anyone can clone it, that’s very much part of most git flows.
What you can do with the software, how you can use it, that’s another matter, based on the licence.
That of course assumes China will respect the copyright…
Sure, you can probably clone it - I’m not 100% sure, but I think laws protect that as long as it’s private use.
You can also fork it on GitHub, that’s something you agree to in the GitHub ToS - though I think you’re not allowed to push any modifications if the license doesn’t allow it?
Straight up taking the content from GitHub, uploading it to your own servers, and letting people grab a copy from there? That’s redistribution, and is something that needs to be permitted by the license. It doesn’t matter if it’s git or something else, in the end that’s just a way to host potentially copyrighted material.
Though if you have some reference on why this is not the case, I’d love to see it - but I’m not gonna take a claim that “that’s very much a part of most git flows”.
You can buy pirated software or pre-cracked consoles in stores there. They don’t care.
Smart.
I hate authoritarian regimes, but why hosting cloned repos is bad?
EDIT: https://lemmy.world/comment/10853810
It appears to be scam-type(capitalism with beastly grin type) mirror. Not saying that hosting mirrors is bad in itself.
I’m surprised this wasnt done already
And I was just asking yesterday what would you feel if someone evil used your FOSS software: https://lemmy.world/post/16898871
If we steal IP from China does the American government give us a business loan?
China has no IP
Bs
I love how this image is a pun
I’m not getting it. Explain, please?
IP Man. Great movies.
Ahh, thanks. I think that may be a grandad level pun
Free backups.
They should definitely respect the licenses, that being said, Microsoft owns GitHub and can be a bit quick in what they ban. It also means they are beholden to US laws, which could turn anti FOSS-AI in the near future.
This is a smart move and I honestly hope more countries start doing it. It would probably lead to a better ecosystem.
Great! Now I know who to contact when I accidentally delete all the plaintext API keys and passwords I had stored in a public github repo.
Apart from the dozens of scrape bots that already stole them?
You’re supposed to revoke API keys that are leaked. Not try to “unleak” them
The vast majority of projects on GitHub is open-source and forkable, why would that need authorization?
It’s… suspicious that China’s doing it en masse, but there’s nothing wrong in cloning or forking a repo last i heard.
Firewalls are already being built in america’s internet with the ban of tiktok
As an european i do not see problem with having copies of free software in places not controlled by the monopoly microsoft is morphing to.
It’s not about authorization. They want to build a knowledge base for when the Great Firewall gets some more filters. Just like russias mirror of wikipedia which is heavily edited to discredit the west.
And under copyleft licensing, they’re allowed to do that. Both to GitHub repositories and Wikipedia.
Hopefully they follow the rest of the stipulations of the licenses, such as the common one about keeping the license as such and contributing the changes back.
Of course they are, it’s not like there is some kind of international jurisdiction anyway. What is bothersome is why they do it.
Just like russias mirror of wikipedia which is heavily edited to discredit the west.
How come I live in Russia and have never seen such?
I know only of quite a few troll\counterculture projects, some, like Lurkmore, are already, well, dead, some, like Traditsiya, are not.
That, of course, if you don’t mean that Russian Wikipedia in itself has problems. Which would be true.
It’s called Ruwiki.
It was launched in June 24, 2023 as a fork of the Russian Wikipedia, and has been described by some media groups as “Putin-friendly” and “Kremlin-compliant”.
OK. Well, not sure anyone really uses that.
Open source? Or open source with a non-commercial restriction?
Why would that matter? You can fork such projects too.
I don’t understand why this is a bad thing? Open source code is designed to be shared/distributed, and an open-source license can’t place any limits on who can use or share the code. Git was designed as a distributed, decentralized model partly for this reason (even though people ended up centralizing it on Github anyways)
They might end up using the code in a way that violates its license, but simply cloning it isn’t a problem.
I personally don’t care if someone “steals” my code (Here’s my profile if you want to do so: https://github.com/ZILtoid1991 ), however it can mean some mixture of two things:
- China is getting ready for war, which will mean the US will try its best to block technology, including open source projects.
- China is planning to block GitHub due to it being able to host information the Chinese government might not like.
Of course it could mean totally unrelated stuff too (e.g. just your typical anti-China and/or anti-communist paranoia sells political points).
US will try its best to block technology, including open source projects.
You can’t block open source projects from anyone. That’s the entire point of open source. For a license to be considered open-source, it must not have any limitations as to who can use it.
You can’t block open source projects from anyone.
I think they were referring to blocking GitHub from public access. In the event of a world war I could easily see Microsoft obeying the order to shut down GitHub.
Isn’t GitHub already blocked in China?
I’m seeing this misconception in a lot of places.
Just because something is on GitHub, doesn’t mean it’s open source. It doesn’t automatically grant permission to share either.
It may not be de jure open source, but if the code is posted publicly on the internet in a way that anyone can download and modify it, it sort of becomes de facto open source (or “source available” if you prefer).
Please don’t muddy the water with terms like this. Something is open source if and only if it has an open source license.
But china bad and scary.
I expect it’s going likely to be used to train some Chinese AI model. The race to AGI is in progress. IMO: “ideas” (code included) should be freely usable by anyone, including the people I might disagree with. But I understand the fear it induces to think that an authoritarian government will get access to AGI before a democratic one. That said I’m not entirely convinced the US is a democratic government…
PS: I’m french, and my gov is soon to be controlled by fascist pigs if it’s not already, so I’m not judging…
I expect it’s going likely to be used to train some Chinese AI model.
Even if they do that, the license for open source software doesn’t disallow it from being done.
It certainly can. Most licences require derivative works to be under the same or similar licence, and an AI based on FOSS would likely not respect those terms. It’s the same issue as AI training on music, images, and text, it’s a likely violation of copyright and thus a violation of open source licensing terms.
Training on it is probably fine, but generating code from the model is likely a whole host of licence violations.
Most licences require derivative works to be under the same or similar licence
Some, but probably not most. This is mostly an issue with “viral” licenses like GPL, which restrict the license of derivative works. Permissive licenses like the MIT license are very common and don’t restrict this.
MIT does say that “all copies or substantial portions of the Software” need to come with the license attached, but code generated by an AI is arguably not a “substantial portion” of the software.
code generated by an AI is arguably not a “substantial portion” of the software
How do you verify that though?
And does the model need to include all of the licenses? Surely the “all copies or substantial portions” would apply to LLMs, since they literally include the source in the model as a derivative work. That’s fine if it’s for personal use (fair use laws apply), but if you’re going to distribute it (e.g. as a centralized LLM), then you need to be very careful about how licenses are used, applied, and distributed.
So I absolutely do believe that building a broadly used model is a violation of copyright, and that’s true whether it’s under an open source license or not.
By comparing it to the original work.
And how will you know what original work(s) to compare it to?
The code needs to maintain the copyrights and authors. They are “mirroring” usernames into their own domain, with mails that dont correspond to the original authors, stealing their contributions.
That would make it plagiarism, which ethically is a whole different matter than merelly copying that which is free to copy.
