GitHub Copilot Tests Copyleft – The New Stack


Copilot, GitHub machine learning assisted code completion feature continues to generate controversy in some quarters of the open source community.

Late last month, Microsoft’s GitHub moved the Copilot service out of beta in a paid offerstarting at $10 per month (but still free for students and developers of large open source projects).

Because of this decision to charge for the service, two open source advocacy groups, the Free Software Foundation and the Software Freedom Conservancy, have both recommended that developers concerned about open source software sever their ties with GitHub altogether. That’s a big ask, given the almost universal use of GitHub.

Since its inception last year, Copilot has garnered critical attention. GitHub calls the service “pair programming with AI,” in an effort to remove the part of the coding process where developers search for pre-existing solutions on Stack Overflow or Google. To build the service, GitHub partnered with another Microsoft entity, Open AIto train the models, crawling the repositories on GitHub to build a knowledge base to provide these suggestions.

Many developers to like the service, though others wonder if GitHub and parent company Microsoft are too aggressively appropriating other people’s work.

Many open source projects on GitHub have a copyleft license, which requires that everything done with code also be made available as open source. But in the case of Copilot, the code is not used directly, but rather as input to create entirely new code. Does copyleft also apply to this use of code? This is the question on the table.

Even beyond the legalities, there is also an ethical issue to consider. Many see it as an aggressive land grab of open source intellectual property. In a contribution to The New Stack, Sasha Medvedovskithe CEO of the source control management service provider Derivationwrote:

If a developer does not want their code used in commercial applications, they should have the right to refuse. If they agree, there is no problem. But companies (be it Microsoft, Google or Amazon Web Services) should not just assume that if they give something away for free, they can get something else in return.

This isn’t the first time a Microsoft-owned company has gone overboard, Medvedovsky noted. He pointed to an incident earlier this year when an open-source programmer, who goes by the pseudonym of Markintentionally broke his open source code Fake fake data generator, allegedly to protest the lack of funding for his popular projects which are used by hundreds of companies.

GitHub’s answer? The code repository giant rolled back the malicious changes – presumably to protect users from running faulty code – and denied Marak access to his own projects.

In discussions with CCCMicrosoft and GitHub executives claimed that using this open-source code falls under fair use, since this code is public anyway.

But SFC thinks that’s wrong. GitHub uses open source code to create a proprietary service accessible only through a paid subscription. It’s also worth noting that Microsoft didn’t provide any code from its own proprietary software offerings, including Office and Windows, so it’s clear, according to SFC, that the project didn’t want to use Microsoft’s intellectual property. So why is it fair to use open source code, the organization asks.

What do you think? Does Copilot violate the spirit of open source? Or is it a natural evolution of programming that we will all soon enjoy?

This week in programming

  • Lazy loading may finally come to Python: Python can finally relax whenever the import module is called, according to an interview in a recent Tell me about Python podcast. A proposal, PEP 690, is presented that describes a way for a Python interpreter to load external modules only when needed, rather than loading them all at once. Pretty cool that the Talk Python team talked about all the principles of PEP for the scoop: Instagram engineer Carl MeyerMeta Senior Software Engineer German Mendez Bravoand LinkedIn Senior Staff Engineer Barry Warsaw all participated in the interview. Although at first glance the Python import may look like C’s include directive, they explained, it has much more power: it can call modules that call other modules, including those that can call Internet. This cascade of multiple modules can slow down a server’s crawl, Meyer had said, pointing to Instagram’s own experience.

  • NPM for Underground Cryptocurrency Mining: If system maintainers don’t have to worry enough about their Kubernetes clusters being hijacked by a nefarious crypto-miner, they now have to worry about NPM subversion as well. The Hacker News, a new online safety news site not to be confused with Y Combinator’s news aggregation site of the same name, reported an “attempt to launch a new large-scale cryptocurrency mining campaign targeting the NPM JavaScript package repository”. An entity, known only cuteboi, has so far released over 1,283 malicious modules from over 1,000 user accounts. Each module has almost identical code to exploit the Monero cryptocurrency with unused system resources.
  • people in motion: Long-time TNS readers are probably familiar with Childers chipwho acted as CTO and later the executive director of the Cloud Foundry Foundation. Last year, he decamped to become chief architect at Puppet (perhaps following a colleague Abby Kearns, the former executive director of Cloud Foundry before Childers). This month, however, Childers takes the role open source director at VMware. Childers has written eloquently about the open source ecosystem for TNS and we hope he continues this run from his new office (hint). A perhaps more controversial (and quieter) hire has been Microsoft Lennart Poetteringthe former controversial figure behind the creation of the systemd Linux system configuration software. Much of the controversy stemmed from how systemd broke the POSIX system model that Unix relies on, a move it says will be increasingly necessary to speed up Linux development.

The New Stack is a wholly owned subsidiary of Insight Partners, an investor in the following companies mentioned in this article: Deno.

Featured image: David holding the head of Goliath. 1600–1700, anonymous, public domain. The Metropolitan Museum of Art in New York.


Comments are closed.