Bonum Certa Men Certa

Microsoft GitHub Exposé — Part XVI — The Attack on the Autonomy of Free Software Carries on

Series parts:

  1. Microsoft GitHub Exposé — Part I — Inside a Den of Corruption and Misogynists
  2. Microsoft GitHub Exposé — Part II — The Campaign Against GPL Compliance and War on Copyleft Enforcement
  3. Microsoft GitHub Exposé — Part III — A Story of Plagiarism and Likely Securities Fraud
  4. Microsoft GitHub Exposé — Part IV — Mr. MobileCoin: From Mono to Plagiarism... and to Unprecedented GPL Violations at GitHub (Microsoft)
  5. Microsoft GitHub Exposé — Part V — Why Nat Friedman is Leaving GitHub


  6. Microsoft GitHub Exposé — Part VI — The Media Has Mischaracterised Nat Friedman's Departure (Effective Now)
  7. Microsoft GitHub Exposé — Part VII — Nat Friedman, as GitHub CEO, Had a Plan of Defrauding Microsoft Shareholders
  8. Microsoft GitHub Exposé — Part VIII — Mr. Graveley's Long Career Serving Microsoft's Agenda (Before Hiring by Microsoft to Work on GitHub's GPL Violations Machine)
  9. Microsoft GitHub Exposé — Part IX — Microsoft's Chief Architect of GitHub Copilot Sought to be Arrested One Day After Techrights Article About Him
  10. Microsoft GitHub Exposé — Part X — Connections to the Mass Surveillance Industry (and the Surveillance State)


  11. Microsoft GitHub Exposé — Part XI — Violence Against Women
  12. Microsoft GitHub Exposé — Part XII — Life of Disorderly Conduct and Lust
  13. Microsoft GitHub Exposé — Part XIII — Nihilistic Death Cults With Substance Abuse and Sick Kinks
  14. Microsoft GitHub Exposé — Part XIV — Gaslighting Victims of Sexual Abuse and Violence
  15. Microsoft GitHub Exposé — Part XV — Cover-Up and Defamation


  16. YOU ARE HERE ☞ The Attack on the Autonomy of Free Software Carries on


GitHub: Where everything comes to die



Summary: In spite of clear misuse of code and of copyrights, some people are trying to export OpenBSD to Microsoft; maybe they're ill-equipped with facts, so here's a much-needed (and very timely) discussion of some of the issues at stake

A NUMBER of weeks from now Balabhadra (Alex) Graveley will be in court again (arrest record here). He's a big part of the attack of Free software -- an attack that he has helped his "best friend" (his words) Nat Friedman with. But today we leave Graveley aside and instead focus on the toxic legacy of his work.

As we noted earlier in the series, Graveley enabled plagiarism disguised as "Hey Hi" (AI). Graveley himself has quite a history with plagiarism, as we explained in earlier parts of the series.

"GitHub was never about sharing. It's about hoarding, controlling and censoring aside."It's therefore imperative that all Free software projects think twice or thrice before "mirroring" anything in GitHub; yet more, they might as well be very wise to at least consider removing any existing mirrors. A mirror at GitHub is basically a major legal liability.

GitHub was never about sharing. It's about hoarding, controlling and censoring aside. It wants to just swallow everything and then add some vendor lock-in such as "Issues" (with uppercase "i"; it's like a brand, a proprietary extension to Git for bug reports that Microsoft controls and won't let you export, at least not easily).

We recently grew concerned about efforts by unknown persons to 'outsource' OpenBSD to Microsoft or at least make babysteps towards that. As a reminder, Microsoft began offering funding for OpenBSD when the project was desperate for money. This is a well-documented fact and we wrote about it in 2015 when it started [1, 2]. Microsoft started this 'funnelling' of cash (a very high level of sponsorship) around the same year "Microsoft loves Linux" started as a ruse to Microsoft hijacking a large chunk of Free software projects by taking over GitHub (which it had started ambushing the prior year). At the moment Microsoft is listed as "Gold: $25,000 to $50,000" (see "Microsoft Corporation"), but back then it wanted to port parts of OpenSSH to Windows, irrespective of the security lapses and back doors in Windows. As our associate put it, "Microsoft tossed them some chump change; it's a large sum for openbsd, but for a marketing company [Microsoft] it's so small an amount that probably no one needed to sign off on it." Among those who donate to the OpenBSD Foundation we see Gulag (at the top), but at least Gulag isn't promoting something like Windows or GitHub (proprietary). No project really needs GitHub; it's just a brand and a trap. Alternatives include Sourcehut, Codeberg, and of course self-hosting with something like Gitea (we've coded our own in Gemini Protocol). Also viable but less freedom-oriented are Gitlab and Bitbucket, though our associate is "not sure SourceForge is still worthy" as it had its share of scandals and trust issues.

"As a reminder, the people from Microsoft do not limit themselves to the BSDs."For Microsoft, any control over any BSD would usher in so-called 'features' that would mostly be beneficial to Microsoft and to Windows. There's already discussion in progress about unwanted features that can add bloat and/or compromise security/readability (those two things are connected; the code can become less elegant and thus a lot more risky).

"We had two Gold contributors in 2020 Camiel Dobbelaar and Microsoft," says this page in the OpenBSD site.

As a reminder, the people from Microsoft do not limit themselves to the BSDs. They had a go at Linus/Linux as well. Microsoft employees inside the Linux Foundation's Board, together with Microsoft operatives inside the media, tried to push Linux towards GitHub about 1.5 years ago (we wrote many articles about it back then).

Torvalds pointed out, albeit not so explicitly, that "contributions" (so-called 'PRs') from GitHub would likely come from people who don't know how to use Git and E-mail, which means that the quality of the code is low and origin/motivation suspect. Didn't we learn enough already from the University of Minnesota debacle?

"There's moreover the risk of putting a foot in Microsoft's doorstep (or vice versa), letting momentum be built up in the wrong platform -- a platform you do not actually control, as noted by Blender well before Microsoft had ambushed GitHub (2014) and then bought it (2018)."As a rule of thumb, opening up to more people (when more code does not necessarily mean "better") isn't a measure of success, especially if it's something like a kernel where security is paramount.

There's moreover the risk of putting a foot in Microsoft's doorstep (or vice versa), letting momentum be built up in the wrong platform -- a platform you do not actually control, as noted by Blender well before Microsoft had ambushed GitHub (2014) and then bought it (2018). Remember what Blender's 'daddy' Ton Roosendaal wrote.

Well, Copilot, as noted in earlier parts (we'll come to that again some time later) will enable people to plagiarise OpenBSD code without even being aware of it. Don't forget what Intel did to MINIX code, which was licensed as non-reciprocal. The user-hostile M.E. was secretly crafted using MINIX code; no credit or notice was given.

Thankfully, there's some resistance to the few entrants who foolishly think "new blood" (not just blood) would come through Microsoft's proprietary GitHub:





On Fri, Jan 21, 2022 at 11:42:08AM -0600, joshua stein wrote: > Maybe we can do something radical like enable GitHub pull requests > to let people submit changes against the ports repo on GitHub

Cringe.

I sincerely hope that this doesn't happen.

Just look at the typical quality of the projects hosted on GitHub, and you'll see how relying on a set of third-party managed tools to do your work instead of taking the time to learn the basic tools, (tar, diff, an email program, etc), yourself can lead to laziness and poor quality.

If people can't be bothered to do things themselves or make their own tools to automate a process, how dedicated are they likely to be?

> I believe that the GitHub repo can be configured to also email > ports@openbsd.org on any submissions/comments there, so the mailing > list would still be in the loop on everything for anyone that > doesn't want to use GitHub.

So the mailing list is going to be flooded with automated mails from GitHub, that become tedious, leading people to just skim over them or OK them without really reviewing the content.

Honestly, I think we all want to keep the quality of the ports tree as high as possible, and if learing to use tar and diff as a barrier to entry for some people is doing that, I suggest we continue as we are.



Here's more:





On 21/01/22 11:42 -0600, joshua stein wrote: > On Fri, 21 Jan 2022 at 18:29:27 +0100, Marc Espie wrote: > > In my opinion, our main issue is the lack of new blood. > > > > We have chronically fewer people who can give okays than ports waiting. > > > > One big "meta" stuff that needs doing is pointing out (especially from > > new guys) what can be improved in the documentation of the porting process... > > sometimes pointing people in the right direction. > > > > Informal poll: what thing weirded you guys out the first time you touched > > OpenBSD ports coming from other platforms. > > > > What kind of gotcha can we get rid of, so that "new ports" will tend to > > be squeaky clean, infrastructure-wise, and ready for import. > > > > Maybe we'd need an FAQ from people coming from elsewhere explaining the > > main differences to (say) deb, rpm, freebsd ?... > > Using CVS and dealing with tarballs is probably pretty > ancient-feeling for many outsiders. I don't know that more > documentation is really the problem. > > I personally tend to ignore most ports@ emails that aren't diffs I > can easily view in my e-mail client because it's a hassle to save > the attachment, tar -t it to see what its directory structure is, > untar it in the proper place, try to build it, then provide feedback > by copying parts of the Makefile to an e-mail or doing some other > work to produce a diff. > > Maybe we can do something radical like enable GitHub pull requests > to let people submit changes against the ports repo on GitHub, do > review and feedback on those on GitHub, and once it's been approved > by a developer, that developer can do the final legwork of > committing it to CVS and closing the pull request (since we can't > commit directly to the Git repo). > > I believe that the GitHub repo can be configured to also email > ports@openbsd.org on any submissions/comments there, so the mailing > list would still be in the loop on everything for anyone that > doesn't want to use GitHub. >

Big NO. We use CVS, deal with it. If you want to help people who are lazy to cvs diff and send an email, write a script that that does a submission for them automatically in a format we prefer.

If you want to use git, fine, you can send git diffs to the mailing list.

If someone does not have enough brain to figure out how to do things our way then we probably do not want that submission either.

On the other hand, I think the issue here is not the version control system or the development method we are using, but the lack of interest or need.

The openbsd ports and packages are quiet good compared to others and things just work. There is always room for imrovement of course.



Marc Espie received this reply:





On Fri, 21 Jan 2022 at 18:29:27 +0100, Marc Espie wrote: > In my opinion, our main issue is the lack of new blood. > > We have chronically fewer people who can give okays than ports waiting. > > One big "meta" stuff that needs doing is pointing out (especially from > new guys) what can be improved in the documentation of the porting process... > sometimes pointing people in the right direction. > > Informal poll: what thing weirded you guys out the first time you touched > OpenBSD ports coming from other platforms. > > What kind of gotcha can we get rid of, so that "new ports" will tend to > be squeaky clean, infrastructure-wise, and ready for import. > > Maybe we'd need an FAQ from people coming from elsewhere explaining the > main differences to (say) deb, rpm, freebsd ?...

Using CVS and dealing with tarballs is probably pretty ancient-feeling for many outsiders. I don't know that more documentation is really the problem.

I personally tend to ignore most ports@ emails that aren't diffs I can easily view in my e-mail client because it's a hassle to save the attachment, tar -t it to see what its directory structure is, untar it in the proper place, try to build it, then provide feedback by copying parts of the Makefile to an e-mail or doing some other work to produce a diff.

Maybe we can do something radical like enable GitHub pull requests to let people submit changes against the ports repo on GitHub, do review and feedback on those on GitHub, and once it's been approved by a developer, that developer can do the final legwork of committing it to CVS and closing the pull request (since we can't commit directly to the Git repo).

I believe that the GitHub repo can be configured to also email ports@openbsd.org on any submissions/comments there, so the mailing list would still be in the loop on everything for anyone that doesn't want to use GitHub.



They seem to rather conveniently overlook a very big problem; the moment they put their code in GitHub they give Microsoft implicit if not explicit permission to misuse this code. In the case of copyleft/GPL-licensed software, it facilitates widespread GPL violations/infringement of one's code, without even being aware of it. That's the dimension (mission creep) added without prior warning some time last year. You cannot opt out. Don't people take that as a clear warning, universally (irrespective of a project's licence)?

"They seem to rather conveniently overlook a very big problem; the moment they put their code in GitHub they give Microsoft implicit if not explicit permission to misuse this code."GitHub needs to go the way of the dodo, not adopted for so-called 'mass appeal' (a fallacy; coding isn't for the masses at the level of kernel).

In the words of our associate, "the e-mail messages are myopically focused on the technical aspects as per the public lists; what is equally important is to observe reuse of Microsoft tactics to disrupt and control" (a subject we wrote about a very long time ago, partly based on internal Microsoft documents).

Our associate concludes that "it is important to highlight the control that self-hosting of version control and bug tracking gives. Also for those that do not want to or cannot self-host, then there are many alternatives which are far better than Microsoft GitHub. See the list from earlier."

“A couple of years ago this guy called Ken Brown wrote a book saying that Linus stole Linux from me... It later came out that Microsoft had paid him to do this...”

--Andrew S Tanenbaum, father on MINIX

Recent Techrights' Posts

Next Month 'New Techrights' Turns Two
Next month, on the fourth week, it'll be 2 years since the migration
Online Safety Act Tries to Accomplish the Impossible
All I can say is, "good luck with that!"
 
They Tell Us That "Cloud Storage" is Safe and Robust to Incidents Like Fires
Do you have backups? Where are they and who controls them?
"Allowing SDL to default to Wayland caused a number of customer issues so keep the default at X11 for now"
2025 is another year of Wayland ambitions. It's also a year of self-fulfilling prophecies.
In The United Kingdom (UK), Microsoft Search (Bing) Falls to All-Time Low
Grow? What grow??? It's collapsing.
GNU/Linux Reaches 5% in Oman
Some GNU/Linux distros are made in Oman
Google's "AI Mode" is a Pathetic Joke Prematurely Introduced in the UK (Like "Bard", Which Sank the Company's Shares)
what Google "thinks" about PCLinuxOS
What the Free Software Foundation Started Four Decades Ago is Becoming Mainstream
"Four decades; Four freedoms; For all users"
Doing a Better Job at Labelling Slop Images
we'll label screenshots that contain slop, typically with red-coloured text overlay
Social Control Media is Out of Style
What's your excuse for wasting time on (or in) it?
Maldives: GNU/Linux at All-Time High, Windows at New Lows
data from statCounter shows a reassuring trend
Efficiency is Good, So Why Won't Governments Cull LLM Companies Using Stronger, Stringent Policies?
Like every bubble that ever existed, including some recent ones, an end will come
The Defunct Site LinuxConfig Has Published a Fake Article About Richard Stallman Using LLM Slop, Which Stallman Calls "Bullshit Generator"
Worse yet, it is writing using a "Bullshit Generator" (the term used by Stallman) about Stallman's health
Microsoft Windows Falls to All-Time Lows in Morocco and Algeria
About 70% or even less
StopGenAI in the Cyber Show (C|S)
covering a theme that we too covered a lot lately
Gemini Links 03/08/2025: Once-a-Decade Couch Shopping and Blessings in Disguise
Links for the day
Links 03/08/2025: Political Catch-up, Global Warming, and Hunger
Links for the day
Brittany Day Entered LLM Slop Into LinuxSecurity.com and Something Hilarious Happened: The Site is "Exploited"
The brainless, effortless copypasta of "slop artists" shows its limits
Links 03/08/2025: Microsoft Exchange 0-day Exploited and Avoidable Nuclear Escalation
Links for the day
Definitely Not a Ponzi Scheme
Bitcoin v Microsoft
The Electronic Frontier Foundation (EFF) is a Billionaires' Lobby
Billionaires that control tech companies
Microsoft Borrows 3 Billion Dollars Per Month, a Company Truly Worth Trillions Would Not Do This
if Windows (and Office) "market share" fell from about 90% to barely 30%, how come Microsoft is now "valued" at 20 times more?
It's Even Worse Than Microsoft Lunduke Puts It; GNOME is SLAPPing Journalists
In our experience, GNOME is so malicious - some elements of it in particular - that it would launch multiple simultaneous SLAPP campaigns not only against journalists but also their spouses
GNU/Linux Adoption Reaches All-Time Highs in Chile, statCounter Indicates
This month marks 4 years since Vista 11 came out (as a fake "leak") and some surveys still measure its adoption at less than 40%
Slop Will Not Change the World
Some of us grow up sooner and leave that nonsense behind (or altogether avoid/skip it)
Gemini Links 03/08/2025: Nostalgia and TOFU
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, August 02, 2025
IRC logs for Saturday, August 02, 2025
Google Throwing Out the Search Engine With the Bathwater is a Complete and Utter 'Shi---ow' as the Company Drowns in Debt, Layoffs, and Worse
The mainstream media almost never mentions GAFAM debt
Operating Systems' Statistics in New Zealand: GNU/Linux Up, Windows Down to All-Time Lows
Remember all this when the media says that Microsoft became like 10 times more valuable in those 15 years (from 400 billion to 4,000 billion in alleged "worth")
Microsoft Windows "Market Share" Measured Around 2.7% in Iraq, Plunges to 6.5% in Saudi Arabia
Microsoft isn't on the agenda in Iraq
GNU/Linux Share in Sweden Has Doubled Since PewDiePie, A Swede, Recommended It
months ago he moved to GNU/Linux, then told others to consider doing the same
GNU/Linux Hits Record High in Portugal
GNU/Linux picking up in Portugal
Gemini Protocol is Not Dying, It's Growing
When people say things like "Gemini Protocol is dying" the data does not support them
GNU/Linux is Thriving This Summer
It is meanwhile acknowledged, even by Microsoft pushers, that many GNU/Linux PCs will get sabotaged next month
The End of Microsoft's Reign in Spain: Windows Falls to All-Time Lows in Spanish Web Traffic
Windows sank to new lows in Spain
The Bots Never Sleep: In The Weekends, Slopfarms Dominate Google News, Majority of Entries in Google Are Fake Articles About 'Linux'
Google is fast becoming an ocean of plagiarism; the same goes for Google News, which was supposed to have extra quality control
Russia's Yandex Has Caught Up With Bing in Terms of "Market Share"
Microsoft has been firing loads of Bing workers for over 2 years already
Canada: GNU/Linux Up to Records Highs, Windows Down to Record Lows
Microsoft already announcing some plans to shut down Vista 11
Gemini Links 02/08/2025: Transducers in Typed Racket and American ISPs
Links for the day
Links 02/08/2025: Microsoft Already Kills Vista 11 SE, Smartphone Sales Down, Truth Gets "You're Fired!" in the US
Links for the day
Video: The Rise of GNU/Linux and Free Software as Seen by RMS in 2004
DTP's founder argued that when Windows goes below 85% "market share", it'll lose its grip in the monopoly sense
Russia: GNU/Linux Rises to Highest Adoption Level Since Invasion of Ukraine
Moving up in the north
Microsoft's Latest Financial Report: We "Gained" 300 Million Dollars in "Goodwill" and Liabilities Grew by 32 Billion Dollars
Microsoft's debt has reached an all-time high
The Register US = The Register MS
Formerly The Register UK
Weeks After Microsoft Shut Down Its Operations in Pakistan Windows Falls to All-Time Lows
Only less than a month ago it was quietly revealed, based on laid-off staff, that Microsoft shut down in Pakistan
Criminal Behaviour is the Standard Operating Procedure at Microsoft
In the future I'll be able to tell how, when dealing with SLAPPs from Microsofters, their Microsoft services failed me and sometimes even blocked my contacts
GNU/Linux Rises to All-Time Highs in Europe
many people will get fired for buying Microsoft
All-Time Highs for GNU/Linux on the Client Desktop/Laptop, Based on Steam Survey
GNU/Linux rose to 2.89% in Steam
Links 02/08/2025: Blaugust 2025 and "Russia Declares Navalny Memoir ‘Extremist’"
Links for the day
Free Software is Not a Business Model
Go ahead, ask your friend, "how do you plan to monetise your children?"
When (Almost) One-Man Operations Are Disguised as Medium-Sized Companies
the CEO hides in the US (hiding from his ex-wives, 4 daughters from those wives, and Sirius staff that he defrauded)
LLM Slop Harms Real Literature, Real Web Sites, Real Journalism
LLM slop is a parasite and it'll run out of legitimate outputs
Upcoming OSI Scandal Series
The OSI is a rogue actor because it serves Microsoft in exchange for money
Slopwatch: The Issue Persists, But the Consensus in the Media Changes as Google Enrages It With LLM Plagiarism
We've meanwhile assessed the latest output from Linuxiac
Microsoft Actually in Trouble, Microsofters Unable to Obey Judges' Orders
For the second time in a week, Microsofters are unable to obey orders
IRC Proceedings: Friday, August 01, 2025
IRC logs for Friday, August 01, 2025
Over at Tux Machines...
GNU/Linux news for the past day
Links 02/08/2025: İstanbul Retail Inflation Reaches 42.48%, US FBI Opens Office in New Zealand
Links for the day
Gemini Links 02/08/2025: ZFS, LLM Hype, and Fake Modules
Links for the day
Links 01/08/2025: Health, Conflict, and Attacks on Freedom of the Press
Links for the day
Microsoft's Debt Exploded by 15.4 Billion Dollars in the Past 9 Months Alone (Despite All the Layoffs)
As of minutes ago, at 6PM on a Friday, the numbers are made public
Meeting (Webchat) With Maria Arranz Gomez, Florian Grundies, Jürgen Janda and Konstantinos Kortsaris Confronts EPO Management About Breaking Promises and Crushing Workers
The lack of consistent messages suggests plans other than what's advertised and the lack of consultation (secrecy) likewise
Links 01/08/2025: "The Great British Firewall" and U.S. Army Sponsors Palantir
Links for the day
For Second Day in a Row, Top Story in The Register MS is "Microsoft Says"
The editor in chief exercises control over everybody else
LLMs as Attack Method Against Free Software and Programming
DDoS in "hey hi" (slop) clothing
Stability and Reliability, Backward Compatibility
I don't fancy relying on social control media as "sources"
What "the News" Looks Like in 2025
The "says" (or "sez") phenomenon
History Will Be Distorted, Sometimes Intentionally, Under the Guise of Intelligence (Manipulated/Curated Slop)
Militarised misinformation or military-grade chaff is a national security threat, even domestically
Financial Engineering Companies: A Company Worth 4 Trillion Dollars Would Not Borrow 100+ Billion Dollars at Interest Rates Like Today's
Many headlines perpetuate the lie Microsoft had just 2 waves of layoffs
Microsoft is Googlebombing "Linux" While Paying Former News Sites to Publish SPAM
How much lower will IDG sink?
Google as a 'Bullshit Generator' Disguised as Intelligence
It'll probably cause Google to get sued a lot, both by individuals and companies
As Expected, Google in the UK Now Experiments With Slop Instead of Web Search
At this point more people ought to stop and think: Does Google's search engine deserve trust?
The Data You Don't Give Away is Your Advantage
stop sharing data that does not need to be shared
Being Obedient or Doing the Right Thing
The world always changes for the better because of people who think "Outside the Box", not the cogs
Gemini Links 01/08/2025: Happy Hacking Keyboards and New Gemini Arrivals
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, July 31, 2025
IRC logs for Thursday, July 31, 2025