China is attempting to mirror the entire GitHub over to their own servers, users report ( infosec.exchange )

GitCode, a git-hosting website operated Chongqing Open-Source Co-Creation Technology Co Ltd and with technical support from CSDN and Huawei Cloud.

It is being reported that many users' repository are being cloned and re-hosted on GitCode without explicit authorization.

There is also a thread on Ycombinator (archived link)

l3m05 ,

It is a new "internet" archive without copyright bla bla? ¯\_(ツ)_/¯

phoenixz ,

Yeah... The main thing I see here is that China (read; government , not the people, not being racist here) will take this code, they will make improvements on it, they will NOT give back. Basically like Microsoft, but now an entire country.

Chinese government hasn't exact had a good reputation when it comes to taking technology and not giving anything back

Appoxo ,
@Appoxo@lemmy.dbzer0.com avatar

Not like I'd want contributions from the chinese state programmers.
Feels like an easy entry for state level supply chain attack.

Fidel_Cashflow ,
@Fidel_Cashflow@lemmy.ml avatar

https://lemmy.ml/pictrs/image/a8b288ca-b5c4-4d61-9245-5396d10cdbb2.jpeg

postmateDumbass ,

Preparation for war.

OsrsNeedsF2P ,

Lmao the murican propaganda worked wonders on this guy

pewgar_seemsimandroid ,

and the Chinese propoganda worked on 2 websites.

smb ,

that could come in veery handy once microsoft wants to pull some plugs.
i guess we can be grateful for the backup that is 1. not 100% in m$ hands any more then and 2nd cannot be as easy destroyed as some backups at archive.org.
i actually hoped for someone with enough money to create this type of security after m$ assimilated github and thought like "does nobody see the rising danger there?"
but even if china's great fork might be more reliable than m$ over time, maybe it's better to have your own backups of all the things you actually may need in future.

btw did microsoft manage to get rid of the hackers that settled into their network for .. how long??

i guess they'll tell

Melvin_Ferd , (edited )

If we steal IP from China does the American government give us a business loan?

Andromxda ,
@Andromxda@lemmy.dbzer0.com avatar

China has no IP

Melvin_Ferd ,

https://lemmy.world/pictrs/image/f509f762-3e98-4d83-8955-24f8dbe1fada.jpeg

Wogi ,

I love how this image is a pun

AngryCommieKender ,

I'm not getting it. Explain, please?

sugar_in_your_tea ,

IP Man. Great movies.

AngryCommieKender ,

Ahh, thanks. I think that may be a grandad level pun

kaffiene ,

Bs

Agent641 ,

God damn it, Jiaan Yang!

automator404 ,

I call my uncle, he’s very corrupt

liv ,
@liv@lemmy.nz avatar

New New Internet.

phoenixz ,

Yeah, though the Chinese government isn't doing this out of the goodness of their heart, this is what open source is about.

TypicalHog ,

Smart.

SplashJackson ,

What, even the private gits???

Andromxda ,
@Andromxda@lemmy.dbzer0.com avatar

No, they don't have access to that

uis , (edited )
@uis@lemm.ee avatar

I hate authoritarian regimes, but why hosting cloned repos is bad?

EDIT: https://lemmy.world/comment/10853810

It appears to be scam-type(capitalism with beastly grin type) mirror. Not saying that hosting mirrors is bad in itself.

PanArab ,

It is not illegal is it?

If it is legal, then thank you China for the free backup.

kuberoot ,

I do believe it's illegal if they take a repository with a restrictive license (which includes any repository without a license), and then make it available on their own service. I think China just doesn't care.

Themadbeagle ,

Illegal according to who?

The US? Why would China care, they are their own country with their own laws.

International courts? Who is enforcing those judgments?

the_ocs ,

If it's hosted in a public repo, anyone can clone it, that's very much part of most git flows.

What you can do with the software, how you can use it, that's another matter, based on the licence.

That of course assumes China will respect the copyright..

kuberoot ,

Sure, you can probably clone it - I'm not 100% sure, but I think laws protect that as long as it's private use.

You can also fork it on GitHub, that's something you agree to in the GitHub ToS - though I think you're not allowed to push any modifications if the license doesn't allow it?

Straight up taking the content from GitHub, uploading it to your own servers, and letting people grab a copy from there? That's redistribution, and is something that needs to be permitted by the license. It doesn't matter if it's git or something else, in the end that's just a way to host potentially copyrighted material.

Though if you have some reference on why this is not the case, I'd love to see it - but I'm not gonna take a claim that "that's very much a part of most git flows".

RecluseRamble ,

You can buy pirated software or pre-cracked consoles in stores there. They don't care.

menas ,

Law do not exist by itself; it's the result of balance of power.
How would you know that your State do not use illegally free software ? And if you know it, could you sue it ?
Even if it's a classified administration ?

Apply laws Internationally is even worse. It usually depends of the imperialist relationship between States. For exemple, Facebook rules was illegal in France, but France changes it's laws rather than sue Facebook. A decade later, the whole European Union could forte RGPD upon the GAFAM.

China have nothing to fear in ignoring those licence, and we shouldn't rely on it to protect our work. However we could strengthen our common defenses, through FOSS for people in the US … and maybe trade unions elsewhere.

raspberriesareyummy ,

With the obligatory "fuck everyone who disregards open source licenses", I am still slightly amused at this raising eyebrows while nearly no one is complaining about MS using github to train their copilot LLM, which will help circumvent licenses & copyrights by the bazillion.

ILikeBoobies ,

Are you just trying to make a bad pro-China argument or have you never been online before?

Petter1 ,

I see it more as a good anti-Microsoft argument 🤷🏻‍♀️

ILikeBoobies ,

“Why does no one say murder is bad unless China is murdering”

Isn’t a good anti-murder argument

raspberriesareyummy ,

“Why does no one say murder is bad unless China is murdering”

I can not fathom how you absolutely nailed the essence of my comment, yet misunderstood it (and - arguably - your own example) so fundamentally.

Let me try to help, once:

"Why do most people not complain about murder when Microsoft is doing it, but when China is doing it, the very justified outrage can be heard?"

Petter1 ,

❤️

ILikeBoobies , (edited )

I cannot fathom how you absolutely nailed the essence of my comment, yet misunderstood it (and - arguably - your own example) so fundamentally.

People do criticize Microsoft for using open source data to train LLMs, just like people criticize murder

Hence the query about having never been on the internet before

Cosmicomical ,

Came here to say this. As much as I don't like china, there is really nothing to see (apart from the source, that's for everybody to see).

mightyfoolish , (edited )

This could be illegal for git repos that do not have a open source license that allows mirroring or copying (BSD, Apache, Mit, GPL, etc.) Sometimes these repos are more "source available" and the source is only allowed to be read, not redistributed or modified. I would say that this is more of a matter for each individual copyright holder, not Microsoft.

But ultimately I agree, this really isn't as big of a deal as people are making.

edit: changed some wording to be clearer

Maggoty ,

China is a sovereign entity. I'm pretty sure they can decide foreign licensing laws don't apply there.

mightyfoolish ,

China is a soverign state and they should make their own laws. However, China has promised repeatably that they will take IP concerns more strictly (trade deal with Trump in 2020 is one example of this promise). It seems of this moment they still use the World Intellectual Property Organization for inspiration for their IP laws. At one point, China did not acknowledge IP rights at all but chose to acknowledge them in order to secure foreign business trade. Being consistent is good for business; especially when it comes to international business.

In 1980, China became a member of the World Intellectual Property Organization (WIPO). As of at least 2023, China's view is that WIPO should be the primary international forum for IP rule-making. - Wikipedia

Maggoty ,

China has never been consistent. Doing business there is all about relations with the CCP. This is a perfect example of how an authoritarian regime differs from a liberal regime. One is bound by it's promises and rules and the other binds it's rules to it's needs.

JackbyDev ,

while nearly no one is complaining about MS using github to train their copilot LLM,

Lots of people complained about that. I've only seen this single thread complaining about this.

kava ,

If I look at a few implementations of an algorithm and then implement my own using those as inspiration, am I breaking copyright law and circumventing licenses?

raspberriesareyummy ,

As I am a big proponent of open source, there is nothing wrong even with copying code - the point is that you should not be allowed to claim something as your own idea and definitely not to claim copyright on code that was "inspired" by someone else's work. The easiest solution would be to forbid patents on software (and patents altogether) completely. The only purpose that FOSS licenses have is to prevent corporations from monetizing the work under the license.

kava ,

Well let's say there's an algorithm to find length of longest palindrome with a set of letters. I look at 20 different implementations. Some people use hashmaps, some don't. Some do it recursively, some don't. Etc

I consider all of them and create my own. I decide to implement myself both recursive and hash map but also add certain novel elements.

Am I copying code? Am I breaking copyright? Can I claim I wrote it? Or do I have to give credit to all 20 people?

As for forbidding patents on software, I agree entirely. Would be a net positive for the world. You should be able to inspect all software that runs on your computer. Of course that's a bit idealistic and pipe-dreamy.

raspberriesareyummy ,

again, I don't have a problem with copying code - but I as a developer know whether I took enough of someone else's algorithm so that I should mention the original authorship :)
My only problem with circumventing licenses is when people put more restrictive licenses on plagiarized code.

And - I guess - in conclusion, if someone makes a license too free, so that putting a restrictive (commercial) license or patent on plagiarized / derived work, that is also something I don't want to see.

kava ,

I have no problem copying code either. The question is at what point does it go from

  1. I'm reading code and doing research

To

  1. I'm copying code

How abstracted does it have to be before it's OK? If you write a merge sort, it might be similar to the one you learned when you were studying data structures.

Should you make sure you attribute your data structure textbook every time you write a merge sort?

Are you understanding the point I'm trying to get at?

raspberriesareyummy ,

My trivial (non legal ;) answer is: If you are working for a corporation that is looking to patent something / make something closed license: the moment you ever looked at a single line of my code relevant to what you are doing, you are forbidden from releasing under any more restrictive license.
If you are a private person working on open source? Then you be the judge whether you copied enough of my code that you believe it is more than just "inspired by".

sugar_in_your_tea ,

That depends on how similar your resulting algorithm is to the sources you were "inspired" by. You're probably fine if you're not copying verbatim and your code just ends up looking similar because that's how solutions are generally structured, but there absolutely are limits there.

If you're trying to rewrite something into another license, you'll need to be a lot more careful.

kava ,

What's the limit? This needs to be absolutely explicit and easy to understand because this is what LLMs are doing. They take hundreds of thousands of similar algorithms and they create an amalgamation of it.

When is it copying and when it is "inspiration"? What's the line between learning and copying?

sugar_in_your_tea ,

I disagree that it needs to be explicit. The current law is the fair use doctrine, which generally has more to do with the intended use than specific amounts of the text/media. The point is that humans should know where that limit is and when they've crossed it, with motive being a huge part of it.

I think machines and algorithms should have to abide by a much narrower understanding of "fair use" because they don't have motive or the ability to Intuit when they've crossed the line. So scraping copyrighted works to produce an LLM should probably generally be illegal, imo.

That said, our current copyright system is busted and desperately needs reform. We should be limiting copyright to 14 years (as in the original copyright act of 1790), with an option to explicitly extend for another 14 years. That way LLMs can scrape comment published >28 years ago with no concerns, and most content produced >14 years (esp. forums and social media where copyright extension is incredibly unlikely). That would be reasonable IMO and sidestep most of the issues people have with LLMs.

kava ,

First, this conversation has little to do with fair use. Fair use is when there is an acceptable reason to break copyright. For example when you are making a parody or critique or for education purposes.

What we are talking about is the act of reading and/or learning and then using that information in order to synthesize new material. This is essentially the entire point of education. When someone goes to art school, they study many different artists and their techniques. They learn from these techniques as they merge them together in different ways to create novel art.

Everybody recognizes this is perfectly OK and to assume otherwise is absurd. So what we are talking about is not fair use, but extracting data from copyrighted material and using it to create novel material.

The distinction here is you claim when this process is automated, it should become illegal. Why?

My opinion is if it's legal for a human to do, it should be legal for a human to automate.

sugar_in_your_tea ,

What we are talking about is the act of reading and/or learning and then using that information in order to synthesize new material.

Sure, but that's not what LLMs are doing. They're breaking down works to reproduce portions of it in answers. Learning is about concepts, LLMs don't understand concepts, they just compare inputs with training data to provide synthesized answers.

The process a human goes through is distinctly different from the process current AI goes through. The process an AI goes through is closer to a journalist copy-pasting quotations into their article, which falls under fair use. The difference is that AI will synthesize quotations from multiple (many) sources, whereas a journalist will generally just do one at a time, but it's still the same process.

sugar_in_your_tea ,

I complain all the time. But that's not the subject of this post...

PlexSheep ,

Yeah exactly, fuck llms that don't honor licenses

Kusimulkku ,

nearly no one is complaining about MS using github to train their copilot LLM

What rock have you been living under??

Appoxo ,
@Appoxo@lemmy.dbzer0.com avatar

Not like MS couldn't be sued.
It may be expensive but possible.
Unlike China. Good luck suing china (or the chinese government) as a whole. Maybe you'll get out a domestic ban but I can hardly believe that they will care and probably will continue with their operation. But now it's not on very legal grounds.

YeetPics ,
@YeetPics@mander.xyz avatar

Classic Chinese tech co, if you can't create something on your own just download the source files and say you made it. The money spends the same after the fact, anyhow.

zipzoopaboop ,

I'm surprised this wasnt done already

  • All
  • Subscribed
  • Moderated
  • Favorites
  • [email protected]
  • kbinchat
  • All magazines
    •