Modal Title
Cloud Native Ecosystem Containers Edge Computing Microservices Networking Serverless Storage
Looking for a k3OS Alternative? Choosing a Container OS for Edge K8s
Mar 28th 2023 5:57am, by Nicolas Vermande
Factor Cost Efficiency into Platform Engineering for Growth, Profitability
Mar 27th 2023 10:00am, by Omer Hamerman
Digital Anarchy: Abolishing State
Mar 23rd 2023 6:32am, by Tim Banks
A Is for OpenStack Antelope
Mar 22nd 2023 7:41am, by Steven J. Vaughan-Nichols
Grab a Snapshot of Your Container Image with Checkpoint
Mar 11th 2023 6:00am, by Jack Wallen
This Week in Computing: Malware Gone Wild
Mar 25th 2023 7:10am, by Joab Jackson
Inspect Container Images with the docker scan Command
Mar 25th 2023 6:00am, by Jack Wallen
Building and Securing Containers with Slim.ai
Mar 24th 2023 11:59am, by Steven J. Vaughan-Nichols
Catching up with the Founder and CEO of Portainer
Mar 24th 2023 4:00am, by Jack Wallen
Check for Container Image Vulnerabilities with Trivy
Mar 18th 2023 6:00am, by Jack Wallen
Vercel Adds Remix: Integration Supports Larger Apps
Mar 29th 2023 10:22am, by Loraine Lawson
5 Trends to Watch for at KubeCon EU 2023
Mar 28th 2023 10:00am, by Saad Malik
What Wasm Needs to Reach the Edge
Mar 27th 2023 9:00am, by B. Cameron Gain
What Are Time Series Databases, and Why Do You Need Them?
Mar 27th 2023 5:00am, by Robert Kimani
Startup pgEdge Tackles the Distributed Edge with Postgres
Mar 27th 2023 4:00am, by Susan Hall
Saga Without the Headaches
Mar 24th 2023 10:00am, by Dominik Tornow
What Is Microservices Architecture?
Feb 23rd 2023 4:22am, by Eric Schabell
Java's History Could Point the Way for WebAssembly
Jan 12th 2023 3:00am, by B. Cameron Gain
Limiting the Deployment Blast Radius
Nov 15th 2022 8:14am, by Steven Lohrenz
Do ... or Do Not: Why Yoda Never Used Microservices
Oct 25th 2022 6:00am, by Samar Abbas
Wireshark Celebrates 25th Anniversary with a New Foundation
Mar 28th 2023 5:00am, by Joab Jackson
This Week in Computing: Malware Gone Wild
Mar 25th 2023 7:10am, by Joab Jackson
JWTs: Connecting the Dots: Why, When and How
Mar 20th 2023 7:10am, by Michal Trojanowski
Palo Alto Networks Adds AI to Automate SASE Admin Operations
Mar 17th 2023 6:00am, by Chris J. Preimesberger
TrueNAS SCALE Network Attached Storage Meets High Demand
Mar 2nd 2023 7:13am, by Jack Wallen
Serverless WebAssembly for Browser Developers
Mar 22nd 2023 12:26pm, by Matt Butcher
ScyllaDB’s Incremental Changes: Just the Tip of the Iceberg
Mar 20th 2023 9:29am, by George Anadiotis
TriggerMesh: Open Sourcing Event-Driven Applications
Mar 13th 2023 12:14pm, by Jessica Wachtel
Ably Touts Real-Time Starter Kits for Vercel and Netlify
Mar 8th 2023 10:56am, by Loraine Lawson
Going Serverless on AWS Lambda? Recognize Potential Risks 
Mar 6th 2023 5:00am, by Sarabjeet Chugh
Best Practices to Build IoT Analytics
Mar 27th 2023 9:33am, by Zoe Steinkamp
What Are Time Series Databases, and Why Do You Need Them?
Mar 27th 2023 5:00am, by Robert Kimani
The Economics of Database Operations
Mar 23rd 2023 8:25am, by John Page
Digital Anarchy: Abolishing State
Mar 23rd 2023 6:32am, by Tim Banks
ScyllaDB’s Incremental Changes: Just the Tip of the Iceberg
Mar 20th 2023 9:29am, by George Anadiotis
Frontend Development Software Development Typescript WebAssembly Cloud Services Data Machine Learning Security
Vercel Adds Remix: Integration Supports Larger Apps
Mar 29th 2023 10:22am, by Loraine Lawson
Wolfram ChatGPT Plugin Blends Symbolic AI with Generative AI
Mar 29th 2023 6:42am, by Richard MacManus
No More JavaScript: How Microsoft Blazor Uses WebAssembly
Mar 27th 2023 7:22am, by David Eastman
TypeScript 5.0: New Decorators Standard, Smaller npm
Mar 24th 2023 11:25am, by Loraine Lawson
Toolkit Allows JavaScript Devs to Program Embedded Devices
Mar 23rd 2023 11:06am, by Loraine Lawson
Why Successful Platform Engineering Teams Need a Product Manager 
Mar 29th 2023 8:25am, by David Sandilands
Wolfram ChatGPT Plugin Blends Symbolic AI with Generative AI
Mar 29th 2023 6:42am, by Richard MacManus
3 Important AI/ML Tools You Can Deploy on Kubernetes 
Mar 29th 2023 6:16am, by Patrick McFadin
High-Performing DevOps Teams Build Self-Service Platforms
Mar 29th 2023 4:00am, by Heather Joslyn and Lawrence E Hecht
Bringing Principles into the World of Incident Management 
Mar 28th 2023 8:41am, by Luis Gonzalez
This Week in Computing: Malware Gone Wild
Mar 25th 2023 7:10am, by Joab Jackson
TypeScript 5.0: New Decorators Standard, Smaller npm
Mar 24th 2023 11:25am, by Loraine Lawson
JavaScript or WebAssembly: Which Is More Energy Efficient and Faster?
Jan 30th 2023 9:51am, by Loraine Lawson
What TypeScript Brings to Node.js
Dec 26th 2022 3:00am, by Paul Ferrill
Improve your TypeScript Skills with Type Challenges
Nov 11th 2022 3:00am, by Danni White
Python in the Browser: Free PyScript SaaS Launches
Mar 28th 2023 7:12am, by Loraine Lawson
What Wasm Needs to Reach the Edge
Mar 27th 2023 9:00am, by B. Cameron Gain
No More JavaScript: How Microsoft Blazor Uses WebAssembly
Mar 27th 2023 7:22am, by David Eastman
WebAssembly Providers Speed Ahead to Fill Serverless Gaps
Mar 24th 2023 2:00am, by B. Cameron Gain
VMware and Other Wasm Players Want WebAssembly 
Mar 23rd 2023 8:52am, by B. Cameron Gain
Surprising Results in the 2023 Third-Party App Access Report
Mar 27th 2023 11:26am, by Maor Bin
Unlock the Next Wave of Machine Learning with the Hybrid Cloud
Mar 22nd 2023 10:00am, by Kjell Carlsson
Getting the Most from Kubernetes Autoscaling
Mar 21st 2023 7:06am, by Brian Likosar
ScyllaDB Challenges DynamoDB on Latency and Pricing
Mar 20th 2023 9:00am, by Jessica Wachtel
Multiple Vendors Make Data and Analytics Ubiquitous
Mar 20th 2023 5:00am, by Andrew Brust
3 Important AI/ML Tools You Can Deploy on Kubernetes 
Mar 29th 2023 6:16am, by Patrick McFadin
Data Unleashed: Unlocking Powerful Business Insights
Mar 28th 2023 9:47am, by Irfan Khan
Best Practices to Build IoT Analytics
Mar 27th 2023 9:33am, by Zoe Steinkamp
What Are Time Series Databases, and Why Do You Need Them?
Mar 27th 2023 5:00am, by Robert Kimani
Startup pgEdge Tackles the Distributed Edge with Postgres
Mar 27th 2023 4:00am, by Susan Hall
Wolfram ChatGPT Plugin Blends Symbolic AI with Generative AI
Mar 29th 2023 6:42am, by Richard MacManus
3 Important AI/ML Tools You Can Deploy on Kubernetes 
Mar 29th 2023 6:16am, by Patrick McFadin
The Next Wave of Big Data Companies in the Age of ChatGPT
Mar 24th 2023 7:40am, by Richard MacManus
Nvidia Hones in on Apple-Like Approach to AI with CUDA
Mar 23rd 2023 7:34am, by Agam Shah
Stopping AI Hallucinations for Enterprise Is Key for Vectara
Mar 23rd 2023 4:00am, by Richard MacManus
Ubuntu Pro Tackles the Challenge of Enterprise Open Source Adoption
Mar 29th 2023 10:00am, by Lech Sandecki
Wireshark Celebrates 25th Anniversary with a New Foundation
Mar 28th 2023 5:00am, by Joab Jackson
Twitter's Source Code Leak Adds to Elon Musk's Social Media Mess
Mar 27th 2023 1:42pm, by Steven J. Vaughan-Nichols
Surprising Results in the 2023 Third-Party App Access Report
Mar 27th 2023 11:26am, by Maor Bin
How to Create Zero Trust Architecture for Service Mesh
Mar 27th 2023 7:00am, by Joe Fay
Platform Engineering Operations CI/CD Tech Life DevOps Kubernetes Observability Service Mesh
Why Successful Platform Engineering Teams Need a Product Manager 
Mar 29th 2023 8:25am, by David Sandilands
Self-Service Infrastructure as Code in a Dev Portal with GitOps
Mar 29th 2023 6:54am, by Zohar Einy
High-Performing DevOps Teams Build Self-Service Platforms
Mar 29th 2023 4:00am, by Heather Joslyn and Lawrence E Hecht
5 Trends to Watch for at KubeCon EU 2023
Mar 28th 2023 10:00am, by Saad Malik
Automation: All Fun and Games Until Something Goes Wrong
Mar 27th 2023 10:47am, by Richard Gall
The End of Programming Is Nigh
Mar 29th 2023 11:31am, by Alex Williams
Self-Service Infrastructure as Code in a Dev Portal with GitOps
Mar 29th 2023 6:54am, by Zohar Einy
5 Trends to Watch for at KubeCon EU 2023
Mar 28th 2023 10:00am, by Saad Malik
Data Unleashed: Unlocking Powerful Business Insights
Mar 28th 2023 9:47am, by Irfan Khan
Bringing Principles into the World of Incident Management 
Mar 28th 2023 8:41am, by Luis Gonzalez
How 2 Founders Sold Their Startup to Aqua Security in a Year
Mar 22nd 2023 1:42pm, by Heather Joslyn
Simplify CI/CD with a General-Purpose Software Catalog
Mar 14th 2023 6:24am, by Zohar Einy
IBM Donates SBOM Code to OWASP
Mar 7th 2023 7:51am, by Steven J. Vaughan-Nichols
Slim.AI: Automating Vulnerability Remediation for a Shift-Left World
Feb 21st 2023 10:00am, by John Amaral
DevPod: Uber's MonoRepo-Based Remote Development Platform
Jan 26th 2023 3:00am, by Jessica Wachtel
Why Successful Platform Engineering Teams Need a Product Manager 
Mar 29th 2023 8:25am, by David Sandilands
Technical Decision Making at Trivago
Mar 28th 2023 3:00am, by Jessica Wachtel
How 2 Founders Sold Their Startup to Aqua Security in a Year
Mar 22nd 2023 1:42pm, by Heather Joslyn
Stephen Thaler Claims He's Built a Sentient AI
Mar 16th 2023 8:10am, by David Cassel
How Tech Leaders Are Managing Anxieties after SVB Failure
Mar 15th 2023 10:59am, by Heather Joslyn and Colleen Coll
Why Successful Platform Engineering Teams Need a Product Manager 
Mar 29th 2023 8:25am, by David Sandilands
Self-Service Infrastructure as Code in a Dev Portal with GitOps
Mar 29th 2023 6:54am, by Zohar Einy
High-Performing DevOps Teams Build Self-Service Platforms
Mar 29th 2023 4:00am, by Heather Joslyn and Lawrence E Hecht
Automation: All Fun and Games Until Something Goes Wrong
Mar 27th 2023 10:47am, by Richard Gall
Getting Developer Self-Service Right
Mar 27th 2023 7:32am, by Aeris Stewart
5 Trends to Watch for at KubeCon EU 2023
Mar 28th 2023 10:00am, by Saad Malik
Looking for a k3OS Alternative? Choosing a Container OS for Edge K8s
Mar 28th 2023 5:57am, by Nicolas Vermande
A Is for OpenStack Antelope
Mar 22nd 2023 7:41am, by Steven J. Vaughan-Nichols
Getting the Most from Kubernetes Autoscaling
Mar 21st 2023 7:06am, by Brian Likosar
Is Cluster API Really the Future of Kubernetes Deployment?
Mar 14th 2023 10:00am, by Steve Francis
Boost SRE Productivity with Observability-Driven Automation
Mar 28th 2023 8:00am, by Rob Jahn
This Week in Computing: Malware Gone Wild
Mar 25th 2023 7:10am, by Joab Jackson
Reducing the Cognitive Load Associated with Observability
Mar 22nd 2023 6:44am, by Alex Gervais
Vercel Brings Logging, Monitoring to Its Observability Suite
Mar 22nd 2023 3:00am, by Jessica Wachtel
Is Your Incident Response Better Than an Energy Company’s?
Mar 21st 2023 9:04am, by Paige Cruz
How to Create Zero Trust Architecture for Service Mesh
Mar 27th 2023 7:00am, by Joe Fay
Ambient Mesh: Sidestepping the Sidecar
Mar 1st 2023 8:44am, by Jeff Goldman
Service Mesh Demand for Kubernetes Shifts to Security
Oct 27th 2022 11:04am, by B. Cameron Gain
AmeriSave Moved Its Microservices to the Cloud with Traefik's Dynamic Reverse Proxy
Sep 8th 2022 2:02pm, by Ann R. Thryft
Can You Now Safely Remove the Service Mesh Sidecar?
Sep 8th 2022 9:19am, by B. Cameron Gain
Machine Learning / Software Development

This Week in Programming: GitHub Copilot Tests the Copyleft

This week in programming. GitHub's Copilot offends the keepers of the copyleft; how Etsy was almost taken down by rampaging chat bots, Python may finally get lazy importing and why that's a good thing; Lennart Poettering heads to Microsoft.
Jul 9th, 2022 4:00am by
Featued image for: This Week in Programming: GitHub Copilot Tests the Copyleft
Feature image: David holding the head of Goliath. 1600–1700, Anonymous, Public Domain. The New York Metropolitan Museum of Art.

CoPilot, GitHub’s machine learning-assisted code completion feature continues to generate controversy in some quarters of the open source community.

Late last month, Microsoft’s GitHub has moved the Copilot service from beta into a paid offering, starting at US$10 a month (but still free to students and developers of large open source projects ).

Because of this move to charge for the service, two open source advocacy groups, the Free Software Foundation and Software Freedom Conservancy, both recommended that developers who care open source software cut their ties with GitHub altogether. This is a big ask, given the almost universal use of GitHub.

But for SFC, GitHub charging for a service built on Free and Open Source Software (FOSS) was the breaking point.

“We’ve learned from the many gratis offerings in Big Tech [that] if you aren’t the customer, you’re the product. The FOSS development methodology is GitHub’s product, which they’ve proprietarized and repackaged with our active (if often unwitting) help,” wrote SFC’s Denver Gingerich and Bradley M. Kuhn in a fiery blog post. “FOSS developers have been for too long the proverbial frog in slowly boiling water.”

Since its inception last year, Copilot has drawn critical attention. GitHub bills the service as “pair programming with AI,” with the aim of cutting out the part of the coding process where developers look for pre-existing solutions on Stack Overflow or Google. To build the service, GitHub paired with another Microsoft entity, OpenAI, to train the models, by scanning the repositories on GitHub to build up a knowledge base to provide these suggestions.

Many developers love the service, though others wonder if GitHub and parent company Microsoft are too aggressively appropriating the work of others.

A lot of open source projects on GitHub have a copyleft license, which demands anything made with the code must also be made available as open source. But in Copilot’s case, the code isn’t used directly, but rather as an input to create entirely new code. Does copyleft apply to this use of code as well? That’s the question on the table.

“FOSS developers have been for too long the proverbial frog in slowly boiling water.”

Even beyond the legalities, there is an ethical question to consider as well. Many see it as an aggressive land grab of open source intellectual property. In a contributed post to The New Stack, Sasha Medvedovsky, the CEO of source control management service provider Diversion, wrote:

If a developer doesn’t want their code to be used in commercial applications, they should be given a right to refuse. If they are ok with it, then there’s no problem. But companies (be it Microsoft, Google or Amazon Web Services) shouldn’t just assume that if they give something for free they can take something else in return.

This is not the first time Microsoft-owned company has overreached, Medvedovsky noted. He pointed to an incident earlier this year when an open source programmer, who goes by the handle of Marak, intentionally broke the code of his open source Faker mock data generator, allegedly to protest the lack of funding for his popular projects which are used by hundreds of companies.

GitHub’s response? The code repository giant reverted the malicious changes — presumably to protect users from running broken code — and denied Marak access to his own projects.

In discussions with SFC, Microsoft and GitHub executives claimed that use of this open source code falls under fair use, since this code is public anyway.

But SFC feels this is wrong. GitHub is using open source code to build a proprietary service that can be accessed only by way of a paid subscription. Also of note is that Microsoft did not provide any code from its own proprietary software offerings, notably Office and Windows, so it is clear, in SFC’s view, that the project did not want to use Microsoft’s own intellectual property. So why is it fair to use open source code, the organization asks.

What do you think? Does Copilot violate the spirit of open source? Or is a natural evolution of programming we soon all will enjoy?

This Week in Programming

  • Lazy Loading May Finally Come to Python: Python may finally chill whenever the import module is called, according to an interview in a recent Talk Python to Me podcast. A proposal, PEP 690, is being floated that describes a way that a Python interpreter would load external modules only when needed, rather than loading them all at once. Pretty cool that the Talk Python crew spoke to all the principles of the PEP for the inside scoop:  Instagram engineer Carl Meyer, Meta Senior Software Engineer Germán Méndez Bravo, and LinkedIn Senior Staff Engineer Barry Warsaw all participated in the interview. Though at first glance, the Python Import may look similar to C’s include directive, they explained, it has a lot more power: It can call modules that call out to other modules, including those that can call out to the internet. This cascading of multiple modules can slow a server to a crawl, Meyer had said, pointing to Instagram’s own experience.

  • Who Let the Bots Out? I guess he can talk about it now, but software engineer Anders Conbere posted a harrowing tale of how closely Etsy was to being taken down by rampaging chat bots. It started innocently enough. He worked for Etsy between 2012-2014, and just before one of the company’s legendary Hacker Weeks, he put together a Scala-based bot that would scan the chat logs of his friend Avi, who recently departed the company. The bot would ingest everything Avi wrote into a Markov Chain, and then when someone would reference Avi in an internal IRC chat, it would respond an Avi-like statement. So, for Hacker Week, Conbere built off this work to create a bot that would assume an employee’s name and issue statements accordingly. This turned out to be a minor annoyance, as the bots replicated across IRC, so they were locked away in a #purgatory channel to be forgotten. It was only then that he realized that the bots could replicate not only user accounts, but also the company’s Chat Ops, which was set up so that an engineer could issue a command — to spin up a server, for instance — and the bot could actually execute that command. “The terrifying realization was that [they could] execute all the other chatops commands, the ones that tear down servers, the ones that kill processes,” Conbere wrote. The bots were killed before they went full Chaos Monkey on the online marketplace, and perhaps not a second too soon.

Group Created with Sketch.
Joab Jackson is Editor-in-Chief for The New Stack, assuring that the TNS website gets a fresh batch of cloud native news, tutorials and perspectives each day. He has logged over 25 years in infrastructure IT journalism, including stints at IDG,...
Read more from Joab Jackson
SHARE THIS STORY
RELATED STORIES
AI21 Labs Releases Jurassic-2, its New Large Language Model Nvidia Hones in on Apple-Like Approach to AI with CUDA Congress and AI Apache Cassandra: The Data Foundation for Real-Time AI  Get More out of Machine Learning with Data Preprocessing
TNS owner Insight Partners is an investor in: The New Stack, Deno.
RELATED STORIES
Congress and AI Build Machine Learning Apps in Your Notebook with Tecton AI21 Labs Releases Jurassic-2, its New Large Language Model 3 Important AI/ML Tools You Can Deploy on Kubernetes  Iter8: Simple A/B/n Testing of Kubernetes Apps, ML Models
THE NEW STACK UPDATE A newsletter digest of the week’s most important stories & analyses.