01.31.22

Gemini version available ♊︎

Microsoft GitHub Exposé — Part XVI — The Attack on the Autonomy of Free Software Carries on

Posted in BSD, Deception, Free/Libre Software, Microsoft at 8:13 am by Dr. Roy Schestowitz

Series parts:

  1. Microsoft GitHub Exposé — Part I — Inside a Den of Corruption and Misogynists
  2. Microsoft GitHub Exposé — Part II — The Campaign Against GPL Compliance and War on Copyleft Enforcement
  3. Microsoft GitHub Exposé — Part III — A Story of Plagiarism and Likely Securities Fraud
  4. Microsoft GitHub Exposé — Part IV — Mr. MobileCoin: From Mono to Plagiarism… and to Unprecedented GPL Violations at GitHub (Microsoft)
  5. Microsoft GitHub Exposé — Part V — Why Nat Friedman is Leaving GitHub
  6. Microsoft GitHub Exposé — Part VI — The Media Has Mischaracterised Nat Friedman’s Departure (Effective Now)
  7. Microsoft GitHub Exposé — Part VII — Nat Friedman, as GitHub CEO, Had a Plan of Defrauding Microsoft Shareholders
  8. Microsoft GitHub Exposé — Part VIII — Mr. Graveley’s Long Career Serving Microsoft’s Agenda (Before Hiring by Microsoft to Work on GitHub’s GPL Violations Machine)
  9. Microsoft GitHub Exposé — Part IX — Microsoft’s Chief Architect of GitHub Copilot Sought to be Arrested One Day After Techrights Article About Him
  10. Microsoft GitHub Exposé — Part X — Connections to the Mass Surveillance Industry (and the Surveillance State)
  11. Microsoft GitHub Exposé — Part XI — Violence Against Women
  12. Microsoft GitHub Exposé — Part XII — Life of Disorderly Conduct and Lust
  13. Microsoft GitHub Exposé — Part XIII — Nihilistic Death Cults With Substance Abuse and Sick Kinks
  14. Microsoft GitHub Exposé — Part XIV — Gaslighting Victims of Sexual Abuse and Violence
  15. Microsoft GitHub Exposé — Part XV — Cover-Up and Defamation
  16. YOU ARE HERE ☞ The Attack on the Autonomy of Free Software Carries on

GitHub: Where everything comes to die

Summary: In spite of clear misuse of code and of copyrights, some people are trying to export OpenBSD to Microsoft; maybe they’re ill-equipped with facts, so here’s a much-needed (and very timely) discussion of some of the issues at stake

A NUMBER of weeks from now Balabhadra (Alex) Graveley will be in court again (arrest record here). He’s a big part of the attack of Free software — an attack that he has helped his “best friend” (his words) Nat Friedman with. But today we leave Graveley aside and instead focus on the toxic legacy of his work.

As we noted earlier in the series, Graveley enabled plagiarism disguised as “Hey Hi” (AI). Graveley himself has quite a history with plagiarism, as we explained in earlier parts of the series.

“GitHub was never about sharing. It’s about hoarding, controlling and censoring aside.”It’s therefore imperative that all Free software projects think twice or thrice before “mirroring” anything in GitHub; yet more, they might as well be very wise to at least consider removing any existing mirrors. A mirror at GitHub is basically a major legal liability.

GitHub was never about sharing. It’s about hoarding, controlling and censoring aside. It wants to just swallow everything and then add some vendor lock-in such as “Issues” (with uppercase “i”; it’s like a brand, a proprietary extension to Git for bug reports that Microsoft controls and won’t let you export, at least not easily).

We recently grew concerned about efforts by unknown persons to ‘outsource’ OpenBSD to Microsoft or at least make babysteps towards that. As a reminder, Microsoft began offering funding for OpenBSD when the project was desperate for money. This is a well-documented fact and we wrote about it in 2015 when it started [1, 2]. Microsoft started this ‘funnelling’ of cash (a very high level of sponsorship) around the same year "Microsoft loves Linux" started as a ruse to Microsoft hijacking a large chunk of Free software projects by taking over GitHub (which it had started ambushing the prior year). At the moment Microsoft is listed as “Gold: $25,000 to $50,000″ (see “Microsoft Corporation”), but back then it wanted to port parts of OpenSSH to Windows, irrespective of the security lapses and back doors in Windows. As our associate put it, “Microsoft tossed them some chump change; it’s a large sum for openbsd, but for a marketing company [Microsoft] it’s so small an amount that probably no one needed to sign off on it.” Among those who donate to the OpenBSD Foundation we see Gulag (at the top), but at least Gulag isn’t promoting something like Windows or GitHub (proprietary). No project really needs GitHub; it’s just a brand and a trap. Alternatives include Sourcehut, Codeberg, and of course self-hosting with something like Gitea (we’ve coded our own in Gemini Protocol). Also viable but less freedom-oriented are Gitlab and Bitbucket, though our associate is “not sure SourceForge is still worthy” as it had its share of scandals and trust issues.

“As a reminder, the people from Microsoft do not limit themselves to the BSDs.”For Microsoft, any control over any BSD would usher in so-called ‘features’ that would mostly be beneficial to Microsoft and to Windows. There’s already discussion in progress about unwanted features that can add bloat and/or compromise security/readability (those two things are connected; the code can become less elegant and thus a lot more risky).

“We had two Gold contributors in 2020 Camiel Dobbelaar and Microsoft,” says this page in the OpenBSD site.

As a reminder, the people from Microsoft do not limit themselves to the BSDs. They had a go at Linus/Linux as well. Microsoft employees inside the Linux Foundation‘s Board, together with Microsoft operatives inside the media, tried to push Linux towards GitHub about 1.5 years ago (we wrote many articles about it back then).

Torvalds pointed out, albeit not so explicitly, that “contributions” (so-called ‘PRs’) from GitHub would likely come from people who don’t know how to use Git and E-mail, which means that the quality of the code is low and origin/motivation suspect. Didn’t we learn enough already from the University of Minnesota debacle?

“There’s moreover the risk of putting a foot in Microsoft’s doorstep (or vice versa), letting momentum be built up in the wrong platform — a platform you do not actually control, as noted by Blender well before Microsoft had ambushed GitHub (2014) and then bought it (2018).”As a rule of thumb, opening up to more people (when more code does not necessarily mean “better”) isn’t a measure of success, especially if it’s something like a kernel where security is paramount.

There’s moreover the risk of putting a foot in Microsoft’s doorstep (or vice versa), letting momentum be built up in the wrong platform — a platform you do not actually control, as noted by Blender well before Microsoft had ambushed GitHub (2014) and then bought it (2018). Remember what Blender’s ‘daddy’ Ton Roosendaal wrote.

Well, Copilot, as noted in earlier parts (we’ll come to that again some time later) will enable people to plagiarise OpenBSD code without even being aware of it. Don’t forget what Intel did to MINIX code, which was licensed as non-reciprocal. The user-hostile M.E. was secretly crafted using MINIX code; no credit or notice was given.

Thankfully, there’s some resistance to the few entrants who foolishly think “new blood” (not just blood) would come through Microsoft’s proprietary GitHub:



On Fri, Jan 21, 2022 at 11:42:08AM -0600, joshua stein wrote:
> Maybe we can do something radical like enable GitHub pull requests 
> to let people submit changes against the ports repo on GitHub

Cringe.

I sincerely hope that this doesn't happen.

Just look at the typical quality of the projects hosted on GitHub, and
you'll see how relying on a set of third-party managed tools to do your
work instead of taking the time to learn the basic tools, (tar, diff,
an email program, etc), yourself can lead to laziness and poor quality.

If people can't be bothered to do things themselves or make their own
tools to automate a process, how dedicated are they likely to be?

> I believe that the GitHub repo can be configured to also email 
> ports@openbsd.org on any submissions/comments there, so the mailing 
> list would still be in the loop on everything for anyone that 
> doesn't want to use GitHub.

So the mailing list is going to be flooded with automated mails from
GitHub, that become tedious, leading people to just skim over them
or OK them without really reviewing the content.

Honestly, I think we all want to keep the quality of the ports tree
as high as possible, and if learing to use tar and diff as a barrier to
entry for some people is doing that, I suggest we continue as we are.


Here’s more:



On 21/01/22 11:42 -0600, joshua stein wrote:
> On Fri, 21 Jan 2022 at 18:29:27 +0100, Marc Espie wrote:
> > In my opinion, our main issue is the lack of new blood.
> > 
> > We have chronically fewer people who can give okays than ports waiting.
> > 
> > One big "meta" stuff that needs doing is pointing out (especially from
> > new guys) what can be improved in the documentation of the porting process...
> > sometimes pointing people in the right direction.
> > 
> > Informal poll: what thing weirded you guys out the first time you touched
> > OpenBSD ports coming from other platforms.
> > 
> > What kind of gotcha can we get rid of, so that "new ports" will tend to
> > be squeaky clean, infrastructure-wise, and ready for import.
> > 
> > Maybe we'd need an FAQ from people coming from elsewhere explaining the
> > main differences to (say) deb, rpm, freebsd ?...
> 
> Using CVS and dealing with tarballs is probably pretty 
> ancient-feeling for many outsiders.  I don't know that more 
> documentation is really the problem.
> 
> I personally tend to ignore most ports@ emails that aren't diffs I 
> can easily view in my e-mail client because it's a hassle to save 
> the attachment, tar -t it to see what its directory structure is, 
> untar it in the proper place, try to build it, then provide feedback 
> by copying parts of the Makefile to an e-mail or doing some other 
> work to produce a diff.
> 
> Maybe we can do something radical like enable GitHub pull requests 
> to let people submit changes against the ports repo on GitHub, do 
> review and feedback on those on GitHub, and once it's been approved 
> by a developer, that developer can do the final legwork of 
> committing it to CVS and closing the pull request (since we can't 
> commit directly to the Git repo).
> 
> I believe that the GitHub repo can be configured to also email 
> ports@openbsd.org on any submissions/comments there, so the mailing 
> list would still be in the loop on everything for anyone that 
> doesn't want to use GitHub.
> 

Big NO. We use CVS, deal with it. If you want to help people who are lazy
to cvs diff and send an email, write a script that that does a submission
for them automatically in a format we prefer.

If you want to use git, fine, you can send git diffs to the mailing list.

If someone does not have enough brain to figure out how to do things our way
then we probably do not want that submission either.

On the other hand, I think the issue here is not the version control system
or the development method we are using, but the lack of interest or need.

The openbsd ports and packages are quiet good compared to others and things
just work. There is always room for imrovement of course.


Marc Espie received this reply:



On Fri, 21 Jan 2022 at 18:29:27 +0100, Marc Espie wrote:
> In my opinion, our main issue is the lack of new blood.
> 
> We have chronically fewer people who can give okays than ports waiting.
> 
> One big "meta" stuff that needs doing is pointing out (especially from
> new guys) what can be improved in the documentation of the porting process...
> sometimes pointing people in the right direction.
> 
> Informal poll: what thing weirded you guys out the first time you touched
> OpenBSD ports coming from other platforms.
> 
> What kind of gotcha can we get rid of, so that "new ports" will tend to
> be squeaky clean, infrastructure-wise, and ready for import.
> 
> Maybe we'd need an FAQ from people coming from elsewhere explaining the
> main differences to (say) deb, rpm, freebsd ?...

Using CVS and dealing with tarballs is probably pretty 
ancient-feeling for many outsiders.  I don't know that more 
documentation is really the problem.

I personally tend to ignore most ports@ emails that aren't diffs I 
can easily view in my e-mail client because it's a hassle to save 
the attachment, tar -t it to see what its directory structure is, 
untar it in the proper place, try to build it, then provide feedback 
by copying parts of the Makefile to an e-mail or doing some other 
work to produce a diff.

Maybe we can do something radical like enable GitHub pull requests 
to let people submit changes against the ports repo on GitHub, do 
review and feedback on those on GitHub, and once it's been approved 
by a developer, that developer can do the final legwork of 
committing it to CVS and closing the pull request (since we can't 
commit directly to the Git repo).

I believe that the GitHub repo can be configured to also email 
ports@openbsd.org on any submissions/comments there, so the mailing 
list would still be in the loop on everything for anyone that 
doesn't want to use GitHub.


They seem to rather conveniently overlook a very big problem; the moment they put their code in GitHub they give Microsoft implicit if not explicit permission to misuse this code. In the case of copyleft/GPL-licensed software, it facilitates widespread GPL violations/infringement of one’s code, without even being aware of it. That’s the dimension (mission creep) added without prior warning some time last year. You cannot opt out. Don’t people take that as a clear warning, universally (irrespective of a project’s licence)?

“They seem to rather conveniently overlook a very big problem; the moment they put their code in GitHub they give Microsoft implicit if not explicit permission to misuse this code.”GitHub needs to go the way of the dodo, not adopted for so-called ‘mass appeal’ (a fallacy; coding isn’t for the masses at the level of kernel).

In the words of our associate, “the e-mail messages are myopically focused on the technical aspects as per the public lists; what is equally important is to observe reuse of Microsoft tactics to disrupt and control” (a subject we wrote about a very long time ago, partly based on internal Microsoft documents).

Our associate concludes that “it is important to highlight the control that self-hosting of version control and bug tracking gives. Also for those that do not want to or cannot self-host, then there are many alternatives which are far better than Microsoft GitHub. See the list from earlier.”

“A couple of years ago this guy called Ken Brown wrote a book saying that Linus stole Linux from me… It later came out that Microsoft had paid him to do this…”

Andrew S Tanenbaum, father on MINIX

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

DecorWhat Else is New


  1. After Freenode's Demise It's OFTC That's Gaining in IRC, Not Libera.Chat

    IRC 12 months after the dust 'settled'



  2. Finland Turns 18

    This summer in Finland there seem to be changes



  3. Copyleft is Still Better and More Suitable for Business

    Copyleft does not mean one cannot make money; it just means proprietary software companies such as Microsoft stand to lose their dying empires, only to be replaced by new businesses that market and support GPL-licensed systems



  4. With New Data Just in (a Couple of Hours Ago), It Seems Clear Microsoft Windows Continues to Lose Market Share in July

    As shown above, Windows continues its demise; there’s also rapid erosion of Windows "market share" in Russia this year (“Russians [are] switching to Linux”) and sooner or later Windows will be just a quarter of the market (maybe by year’s end). Windows is at 10% in Turkey (down by a huge amount this year) and in Russia it’s down by about 5% since the war. In India GNU/Linux (“proper”, not ChromeOS) is up to nearly 5% of desktops/laptops.



  5. Links 02/07/2022: PSPP 1.6.2 Released, Linux Mint Rejects Parts of Systemd, Lots of Politics

    Links for the day



  6. Walking Like the Talking, Acting Like One's Preaching

    It has now been about 2 years since lock-downs in the world's Western nations were first loosened or lifted; we've thankfully taken advantage of all that commotion (persistent flux; we've not solved the underlying issues) to expand beyond and Web and become self-hosted wherever possible



  7. IRC Proceedings: Friday, July 01, 2022

    IRC logs for Friday, July 01, 2022



  8. EPO Steering Off the Road, Just Like the Drunken Son of António Campinos, Who Crashed the Car and Begged for Impunity

    With the EPO rapidly turning into a corrupt dynasty of rogue politicians, lawyers and bankers (not scientists) we must turn to constitutions and treaties that they knowingly violate with impunity



  9. Koch Operatives Working to Shape Patent Law in Favour of Monopolies and Oligarchs

    Patent systems are being hijacked by monopolists and plutocrats for their financial gain and protectionism; it's a longstanding issue because it begets constitutional violations (glossed over by bought or installed "Justices", which is another creeping threat, especially in light of recent developments in the US Supreme Court and patently, manifestly illegal actions by Team UPC)



  10. At the EPO, “Online” Means Microsoft Windows Only (“Unitary Patent” Also Limited to Microsoft Customers!)

    The EPO's "special" (corrupt) relationship with Microsoft is a major liability for Europe; does one need to adopt back doors and US surveillance to interact with the EPO?



  11. Microsoft GitHub Exposé — Part XXII — 'Mr. GitHub Copilot' Balabhadra (Alex) Graveley Pleads Guilty After Assaulting Women

    Balabhadra (Alex) Graveley from Microsoft GitHub (the man behind the GPL violation machine called “Copilot”) has “pled guilty to get deferred sentence”



  12. Links 01/07/2022: Russians Switching to GNU/Linux, New WINE Release

    Links for the day



  13. Links 01/07/2022: More Widespread Calls to Delete GitHub

    Links for the day



  14. [Meme] President Crybaby

    EPO President António Campinos, who constantly assaults the EPO’s staff, has portrayed himself as a poor victim of “hostile” staff (reversal of narratives)



  15. People Are Very Angry That Campinos Was Left in Positions of Power Without Any Competition and in Spite of Failing to Fulfill Essential Goals

    As predicted, people are infuriated by the decision of the Administrative Council to give Campinos several more years to destroy the EPO and its reputation (while moreover pushing a totally illegal and unconstitutional patent court system, which severely harms the image of the European Union)



  16. Microsoft Windows is a 'Burning Platform' (Both on the Server Side and the Client Side)

    'Burning platform' is a derogatory term from Microsoft's Elop; ironically, today's 'burning platform' is actually Windows, even if the corporate media isn't talking about that



  17. Links 01/07/2022: Nitrux 2.2.1 and Raspberry Pi Pico W Chatter

    Links for the day



  18. Links 01/07/2022: Wayland 1.21.0 and SteamOS 3.3 Beta

    Links for the day



  19. IRC Proceedings: Thursday, June 30, 2022

    IRC logs for Thursday, June 30, 2022



  20. [Meme] EPO Election (Auction)

    The corruption at the EPO did not end with Benoît Battistelli‘s departure; it’s still deepening



  21. Links 01/07/2022: Condres OS 1.0 and Microsoft Losing More Share in Web Servers

    Links for the day



  22. Published 10 Minutes Ago: IRCNow by Aaron Lin

    This talk was uploaded moments ago. “Of the users, by the users, for the users…”



  23. Links 30/06/2022: PostgreSQL 15 Beta 2

    Links for the day



  24. Links 30/06/2022: Pine64 Has RISC-V-Based Raspberry Pi Rival, Pico W Introduced

    Links for the day



  25. IRC Proceedings: Wednesday, June 29, 2022

    IRC logs for Wednesday, June 29, 2022



  26. It's 2022 and Installing Software in GNU/Linux Has Never Been Easier

    GNU/Linux is easy to use and extend; the above demonstrates how new software gets installed, removed, and updated in KDE Neon



  27. Sitting Down Less

    Avoiding long periods of sitting down is important for one's health, especially in sedentary lifestyles or jobs



  28. Microsoft Windows Market Share in Russia in 2022: Down From 55% to 50% in 5 Months

    As June ends (last day today) let’s examine the rapid demise of Windows in Russia, even before the exodus media speaks of this week (an ongoing story)



  29. European Patent Office is a Kakistocracy Illustrated

    Benoît Battistelli and António Campinos aren’t just a “dark era” for the EPO; they might in fact be the end of the EPO, having made corruption the “new normal” or “new ways of working”



  30. [Meme] EPO Rewarding Corruption Instead of Upholding the Law and Protecting the European Patent Convention (EPC)

    Wednesday proved that the EPO actively guards corruption and protects Team Battistelli from scrutiny; instead of standing for patent law the EPO under António Campinos stands for overt violations of the law; national delegates are fine with it as long as they’re personally rewarded for complicity


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts