Bonum Certa Men Certa

GitHub is a Dagger Inside Free/Open Source Software (FOSS); This is Why Microsoft Bought It

Remember that GitHub is proprietary software, it is centralised, and it gives Microsoft control over its foremost rival, which is a movement rather than a company



Summary: A year later it seems pretty evident that Microsoft doesn't like FOSS but is merely trying to control it, e.g. by buying millions of FOSS projects/repositories at the platform level (the above is what the Linux Foundation's Jim Zemlin said to Microsoft at their event while antitrust regulators were still assessing the proposed takeover)

THE PREVIOUS post ended by saying that we would deal separately with Microsoft's GitHub and the threat it poses to Software Freedom. This threat is unfortunately growing over time as not enough people shun GitHub. They walk right into the trap.



"In its internal documents Microsoft once explained that it needs to attack Software Freedom while ensuring the attacks don't look as though they come from Microsoft."Microsoft is still the biggest foe of Software Freedom, which it combats constantly. No other company stands to benefit from the destruction of Software Freedom as much as Microsoft. The same goes for GNU/Linux. Microsoft hates it and if it could destroy it overnight, it would (it already tried many times and failed every time).

In its internal documents Microsoft once explained that it needs to attack Software Freedom while ensuring the attacks don't look as though they come from Microsoft. This is what the likes of SCO and Black Duck are for. SCO's case isn't 100% over (believe it or not!) and Black Duck is still around and still active under another name because it got bought. It's being amplified by Microsoft allies, a Microsoft-connected FUD bunch with history and 'pedigree'. In "The license and security risks of using Node.js," for instance, Black Duck continues to attack FOSS as usual, amplified by the anti-FOSS site Security Boulevard (propaganda front of an anti-FOSS hack). Days ago it also promoted/copy-pasted Black Duck's "Review of Apache Struts vulnerabilities yields 24 updated advisories". Security Boulevard is not a news site (though Google News thinks it is). It's focused on FOSS...

"...Microsoft continues to attack FOSS. It's just doing that less directly."...always negative.

...has never mentioned back doors in proprietary software.

This anti-FOSS site is also constantly advertising WhiteSource (e.g. event placements, with a new example here), the 'new' Black Duck. They're Microsoft partners. They co-author papers with Microsoft and they attack FOSS by proxy for Microsoft. What a truly malicious network of hacks. But the point we wish to make is, Microsoft continues to attack FOSS. It's just doing that less directly. Security and licensing FUD (especially targeted at copyleft/GPL) is rampant. Now imagine how they can leverage GitHub to further amplify such FUD, as they very publicly do. They barely make that a secret. Their managers speak about that in Twitter. It's all public. They bash the GPL. Consider who Microsoft put in charge of GitHub; past Techrights articles about him would likely be eye-opening [1, 2, 3, 4].

"It's secret code and much worse things happen behind the scenes (including NSA surveillance; GitHub is in PRISM now)."Any project which takes Software Freedom seriously needs to avoid/reject GitHub and choose something else because GitHub is proprietary software, antithetical not just to FOSS but also to the decentralised nature of Git. It's secret code and much worse things happen behind the scenes (including NSA surveillance; GitHub is in PRISM now). Days ago we noticed that a decentralised code/content project, Audius, chose GitHub [1, 2]. That's like a vegetarian choosing to work for a butcher. We also noticed that the New York Times started pushing Microsoft GitHub (which is a proprietary software trap) under the headline "How to Take Your Open Source Project from Good to Great" (as if Microsoft entrapment in a proprietary software platform makes it "Great"!).

"As before, many so-called 'studies' or surveys count nothing but data from Microsoft (GitHub). If you're not on it, you don't exist or don't count."We've been observing a disturbing trend lately. As before, many so-called 'studies' or surveys count nothing but data from Microsoft (GitHub). If you're not on it, you don't exist or don't count. This way Microsoft can bias statistics about so-called 'FOSS' (only what Microsoft controls). This is not a particularly new issue; GitHub has long attracted projects that don't care so much about freedom. GitHub is strictly centralised and it is proprietary software. GitHub also helps put one heck of a twist on the term "Open Source" (which increasingly means nothing at all, e.g. outsourcing to a proprietary software platform of Microsoft). 2 days ago we saw evidence that Google still makes this mistake by outsourcing its projects to Microsoft. Is Google out of its mind? GitHub is Google's rival. It's controlled by company that still blackmails Android using patent lawsuits. Wrong platform for Google's code, no? Unless they stop outsourcing code (and control) to Microsoft -- a company full of criminals (who admit their crimes but never get arrested) -- they will simply make Microsoft stronger. Microsoft grossly misuses its control of the platform, based on imperialism and racism. You just know that something has gone very wrong with FOSS (or rather that Microsoft sabotages it for a price) when "going open source" means outsourcing everything to a proprietary software platform of Microsoft, which censors projects, bans developers etc. based on country of birth/origin.

Belatedly, or perhaps too late, countries realise that GitHub is a danger and a risk factor. Days ago JAXenter wrote:

At the end of July, GitHub enforced access blocks for its software repositories in line with United States trade controls, including U.S. Export Administration Regulations, on sanctioned countries. Instantly this made it difficult for developers based in countries such as Cuba, Iran, North Korea, and Syria to access private repository services, private organisational accounts or GitHub Marketplace Services. However, this also limited access to public repository services for personal communications only.

It’s important to stress that the individual developers themselves had no say over this decision. GitHub has to follow the rules around selling software to specific countries, yet the software itself is neither sold or bought. For open source projects, copying and distribution are important for building up community and use of the software. Blocking GitHub access – one of the main distribution methods for these software assets – therefore has an impact on the community building activity and makes it more difficult over time.

GitHub has become a central resource for downloading the latest official release code for projects and developers who use these repositories for building their own applications. Suddenly blocking access to GitHub repositories has meant that developers based in those countries were cut off and unable to work with many components, which highlights a key issue for open source software developers: if you don’t want your software to be restricted by international politics you had better choose self-hosted solutions, such as GitLab.


Business Times (Chinese site) explained that this motivated China to bypass GitHub altogether:

China will officially be forming the country's first-ever open-source software foundation to bolster its open-source software community. The plan was unveiled by Huawei Technologies, which plans to partner with domestic software firms to achieve the ambitious plan. Huawei also revealed that it plans to establish the infrastructure in as early as one or two months.

The plan to establish the country's first open-source software hub was put into place following the ban imposed by GitHub, the world's largest host of open-source software, on sanctioned nations by the United States. The US-based company began blocking access to its services in July, starting with the removal of Iranian accounts.

The incident itself has highlighted the increasing dangers of geopolitical interference on the open-source community. China likely felt that it needed to establish its own community as a precaution if the US government does decide to sanction the nation as trade disputes escalate.


The Phnom Penh Post and other Asian sites said this:

The plan for the software foundation came after GitHub, the world’s largest host of source code, last month prevented users in Iran and other nations sanctioned by the US government from accessing portions of its service.


Last but not least, ITWeb wrote the following some days ago:

This follows an acknowledgement from GitHub, the world’s largest open source code host, that it has to prevent users in nations sanctioned by the US government – potentially including China as well as Iran and Crimea – from accessing portions of its service.

[...]

While it is not yet clear whether Huawei or any other Chinese organisation has been impacted by GitHub’s actions, Wang lamented that although it had long been the de facto open source position that open source communities were supposed to be fair and equitable for all, the American position, and GitHub’s compliance with its government’s dictates, meant that open source had become a pawn in the power play between countries.


As we explained some days ago in relation to bogus foundations, it's not clear whether Huawei is serious about FOSS and BGR published "Huawei’s long-awaited mobile OS elicits mixed reactions in China". It quotes Torvalds as saying: “Talk is cheap. Show me the code.”

On it goes: "That user’s skepticism about the OS would seem to stem from its viability as a replacement for Android, which continues to be talked up given that the ban remains in place that prevents US companies (like Google) from working with Huawei. Accordingly, Huawei’s billionaire founder Ren Zhengfei sent out an internal memo in recent days spelling out his ambition of building an “iron army” over the next three to five years that can withstand the US ban — the “iron army,” being a generalized reference to a Huawei overhaul that puts more of the company’s fate in its own hands."

The bottom line is, a lot of what's being characterised as Open Source is nowadays neither "Open Source" (as per OSD) nor Free software. We'll deal with that in our next post which is dedicated solely to openwashing.

Recent Techrights' Posts

Despite Its Severe Financial Problems Gnome Foundation Inc Paid Rosanna Yuen Over 100,000 Dollars Last Year
maybe relocation should be considered
The "Left" and the Right"
It poisons everything
Mozilla and Rust Are Not Leftists
they're part of the mass consumerism machine
Disposable to Microsoft
There is an extensive set of people who got used by Microsoft, only to be thrown away a month later or a year later or a decade later
The UEFI 9/11 - Part VII - This Coming Week Many PCs Will Refuse to Boot "Linux" (Because of Microsoft's Expired Certificate)
The real solution is, disable "secure boot" or "SecureBoot" while it's still possible. [...] Just like submarine patents, a lot of this problem was "hibernating" for a while
The Thing Nobody in Red Hat Wants to Talk About Openly
There is a real sentiment or worry among Red Hatters, Europeans and Americans in particulars (because of higher salary expectations)
Slopwatch: Small Parade of Fake News About "Linux" and Scams Borrowing the Name (or Word) "Linux"
In practice, LLMs are a risk
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, September 05, 2025
IRC logs for Friday, September 05, 2025
Genini Links 05/09/2025: Community, ROOPHLOCH, and PITkit
Links for the day
Links 05/09/2025: Vaccine Sceptics Poison the Well, Two Exploited Vulnerabilities Patched in Android
Links for the day
Gemini Links 05/09/2025: Logitech Lift and DIY Gemini Servers
Links for the day
Links 05/09/2025: Sainsbury's Caught Spying on In-Store Shoppers and Microsoft "OpenAI is Using Legal Threats to Harass its Critics"
Links for the day
BASIC Predates Microsoft by Over a Decade, Microsoft-Controlled Sites Like The Register MS Don't Want You to Know This
The state of the media is really bad when it relies a lot on oligarchs' money and is appointing editors who are working for oligarchs
Analogies for "Memory Safety" in Rust
Don't worry, it's Rust! It can do anything!
Brian Kernighan, "Only Third to Dennis Richie and Ken Thompson" (UNIX), Agreed With Someone Who Said Rust Was Just Hype, Should Not Replace C
17 hours ago
Reminder: Microsoft's "Secure Boot" Certificate for "Linux" Will be Expired in One Week
Many PCs won't manage to 'rotate' to another certificate
"Many of the Red Hat Employees Are Still Looking for Work"
Shame on IBM's CEO
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, September 04, 2025
IRC logs for Thursday, September 04, 2025
Microsoft Started With Code Literally From The Trash, Nothing Has Improved Since
The reality is, there are systems and code that are reliable. But they're not Microsoft's.
Hypothesis That New McKinsey/Microsoft Executive Inside Red Hat Will Outsource Research and Development Operations to India (Like They Do in IBM)
IBM is floundering
Slopwatch: Scams, Fake Articles About "Linux", Plagiarism, and Worse
Perhaps some time soon the LLMs or the "Big LLMs" will run out of money (to borrow) and go offline, leaving those slopfarms in a tough place
Gemini Links 04/09/2025: Means of Production and Rusting Out
Links for the day
Links 04/09/2025: Science, Hardware, and Eyes on China
Links for the day
Gemini Links 04/09/2025: Digital Minimalism and Social Control Media
Links for the day
IBM's GNU/Linux Divestment, Based on Hard But Anecdotal Evidence (IBM Fails to Recognise How Much Money It Made and Can Still Make From "Linux")
Love us or hate us, a lot of what we've been saying about Red Hat under IBM turns out to be rather accurate
Links 04/09/2025: Massive Microsoft Staff Cuts (Barely Reported), "Strange Conspiracy Theory Is Reportedly Spreading Inside OpenAI"
Links for the day
Activists Can Win, But Keep an Eye on the Ball and on the Trophy
GitHub is dying, it was a loss-making trap, not free hosting
Gemini Links 04/09/2025: Katrina Remembered, Distracted Driving, and Virtual Economics
Links for the day
At This Point It's No Longer Matthew Garrett But People Who Fund Matthew Garrett (or Companies That Fund His SLAPPs Against My Wife and I)
The only thing worse than misogynists are misogynists who fail to respect other people's right to go on holiday
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, September 03, 2025
IRC logs for Wednesday, September 03, 2025
The UEFI 9/11 - Part VI - This Serious Harm Was Planned for Over a Decade, Not an Accident or Merely Some Misfortune
The term "Serious Harm" is legally meaningful here
GNOME Unfit for Diversity and Inclusion
GNOME's leadership is using "bad words"
Brodie Robertson Addressing the Recently-Discovered Comments
Most people probably knew nothing about this until he wrote a response
Red Hat QA Team "Had Shrunk by Half Over the Past Year." (After IBM Divestment)
If Red Hat's workforce is being moved to the East, then RHEL can become a national security problem
Slopwatch: "Open Source" and "Linux" News Faked, Made by Bots and Entered Into Google News
Spam combined with slop about "Linux" has entered Google News