Tag Archives: Microsoft

GitHub Copilot – Your AI-powered accomplice to steal code?

Last week GitHub and its parent company Microsoft announced “GitHub Copilot – their/your new AI pair programmer”. E.g. The New Stack, The Verge or CNBC have reported extensively about it. And there is a lot of buzz around this new service, especially within the Open Source and Free Software world. Not only by its developers, but also among its supporting lawyers and legal experts, although the actual news is not that ground breaking, because it is not the first of its kind. Similar ML-/AI-based offers like Tabnine, Kite, CodeGuru, and IntelliCode are already out there, which have also been trained with public code.

Copilot currently is in “technical preview” and planned to be offered as commercial version according to GitHub.

Illustration: GitHub Inc. © 2021

The core of it appears to be OpenAI Codex, a descendant of the famous GPT-3 for natural language processing. According to its homepage it “[…] has been trained on a selection of English language and source code from publicly available sources, including code in public repositories on GitHub”. Update 2021/07/08: GitHub Support appears to have confirmed that all public code at GitHub was used as training data.

GitHub is the platform where the majority of source code of the global Open Source community has meanwhile been accumulated: 65+ million developers, 200+ million repositories (as of 2021) or 23+ million owners of 128+ million public repositories (as of 2020). Alternatives to it have become scarce as long as you do not want to host it on your own.

Great, in what amazing times we are living in! Sounds like with Copilot you do not need your human co-programmers any longer, who assisted you during the good old times in form of pair-programming or code review. Lucky you and especially your employer. On top you will save precious time because it will help you to directly fix a bug, write typical functions or even “[…] learn how to use a new framework without spending most of your time spelunking through the docs or searching the web”. Not to forget about copying & pasting useful code fragments from Stackoverflow or other publicly available sources like GitHub.

At the same time, two essential questions arise, in case you care a bit about authorship:

  1. Did the training of the AI infringe any copyright of the original authors who actually wrote the code that was used as training data?
  2. Will you violate any copyright by including Copilot’s code suggestions in your source code?

Let’s not talk about another aspect that GitHub mentions in their FAQs – personal data: “[…] In some cases, the model will suggest what appears to be personal data – email addresses, phone numbers, access keys, etc. […]”

Continue reading GitHub Copilot – Your AI-powered accomplice to steal code?

GPL compliance and the persistent cancer theory

In the golden age of Open Source compliance offerings, one of the key marketing argument still appears to be: “The General Public License (GPL) is sooo risky. In case of GPL infringement, you will have to release all of your code – speak your intellectual property (IP) – under the same terms. Take our license scanner as we are the best to protect you against such nightmares.”

That statement simply is not correct. But very effective if you want to sell your services. Which company wants to be forced to release its valuable IP into the public only by not following specific license terms?

This myth was supposedly framed by Steve Balmer of Microsoft who once said back in 2001: “The way the license is written, if you use any open-source software, you have to make the rest of your software open source. […] Linux is a cancer that attaches itself in an intellectual property sense to everything it touches. That’s the way that the license works.”

His general understanding of one of the basic principles of Free Software and the GPL – reciprocity – speaks of great intellectual power. However this muddle-headed theory in total is utterly wrong but still persistent today serving as one of the main arguments to sell license compliance offerings.

Even infringing the terms of the GPL will never force you to put your own source code under the same license. Simple as that.

Sure, in the worst case you have violated a software license. In this aspect there is no difference between the GPL or any other even proprietary license. Copyright infringement claims are caused by

  • the actual violation of the license and
  • the unlicensed use of software.

You have to cope with its consequences. Legal remedies are

  • punitive damages and
  • injunction to not distribute your product any further.

Not more, not less.

Continue reading GPL compliance and the persistent cancer theory

WannaCry – Presseschau und Kommentar

Seit vergangenen Freitag infiziert die unter anderem als “WannaCry” (auch WannaCrypt, WanaCrypt0r 2.0, Wanna Decryptor) bekannte Ransomware hundertausende Computern weltweit. Bereits am ersten Tag wurde sogar in der Tagesschau darüber berichtet, mittlerweile sind die Medien voll von Berichten, Analysen, Kommentaren und Ratschlägen.

Dieser Blogpost soll eine informative Übersicht über hilfreiche und lesenswerte Artikel geben, da dieses Thema bereits ausführlichst auf allen Kanäle diskutiert wurde und wird. Zunächst sollte sich der Leser aber dringend mit folgenden zwei Fragen befassen:

  • Ist auf dem eigenen Computer (oder der seiner betreuten Verwandten und Freunde) eine Version von Microsoft Windows installiert? Falls ja, dann umgehend – sofort! – das Microsoft-Sicherheitsupdate MS17-010 einspielen. Details dazu liefert auch der National Security Officer Michael Kranawetter von Microsoft im Blogeintrag “WannaCrypt: Microsoft schützt auch ältere Windows-Versionen”. Und ja, zukünftig immer Sicherheitsupdates sobald wie möglich einspielen. Ernsthaft.
  • Verfügt man über ein aktuelles Backup aller wichtigen Dateien? Falls nein, dann umgehend eine vollständige Sicherung auf ein externes Medium (USB-Festplatte, NAS, Blu-ray, Diskette) erstellen und sich dies zukünftig zur Gewohnheit machen. Wirklich.

Continue reading WannaCry – Presseschau und Kommentar