Change to open source firmware

Hey Lars,

I strongly recommend to avoid using the GitHub platform, for these reasons. If you are for Free and Open Source, you got to be aware that Microsoft’s GitHub platform violates the ideals of free and open source software consistently and in more than one way. If you really think you need a combination of public code repository and social network, I always recommend to better use one of these:

Alternative Hosting Services:

• CodeBerg
• SourceHut

Self-Host (or join a group that self-hosts). A few options:

• Gitea
• GitLab Community Edition (note, the GitLab Enterprise Edition, which is provided to the public on gitlab.com, is (like GitHub) trade-secret, proprietary, vendor-lock-in software)
• SourceHut

But you can also work very well together with other people on codebases completely without any of such platforms. Look at the Linux Kernel Project, which is a very important project, with many, many people contributing code to it. It does not use any of such platforms. In order to work on it, you just need a local installation of the Free and Open Source Distributed Version Control software git (which I strongly recommend to install anyway, in order to be able to work on multiple versions and branches of the code), and a mailing list (here: the Linux kernel mailing list (LKML)).

You don’t need anything else than these two things to work on open source code with the community. That is why I think it is important to know how to use git anyway.

Using things like the GitHub platform (and specifically, thinking that it is necessary to work on code with other people) is just a current fad because everyone wants to have everything in a social medium and sees nothing wrong with the fact that the means to realize collaborative work on codebases and the necessary communication are not their own (as with git and majordomo), but must necessarily belong to some crazy billionaires who exploit them with catalog-long terms and conditions with advertising and data collection. But that’s the way people are at the moment. But I think that will pass.

Further Reading

• Developers warned: GitHub Copilot code may be licensed – TechTarget

• Asleep at the Keyboard? Assessing the
  Security of GitHub Copilot’s Code Contributions

  Abstract—There is burgeoning interest in designing AI-based systems to assist humans in designing computing systems, including tools that automatically generate computer code. The most notable of these comes in the form of the first self-described ‘AI pair programmer’, GitHub Copilot, which is a language model trained over open-source GitHub code. However, code often contains bugs—and so, given the vast quantity of unvetted code that Copilot has processed, it is certain that the language model will have learned from exploitable, buggy code. This raises concerns on the security of Copilot’s code contributions. In this work, we systematically investigate the prevalence and conditions that can cause GitHub Copilot to recommend insecure code. To perform this analysis we prompt Copilot to generate code in scenarios relevant to high-risk cybersecurity weaknesses, e.g. those from MITRE’s “Top 25” Common Weakness Enumeration (CWE) list. We explore Copilot’s performance on three distinct code generation axes—examining how it performs given diversity of weaknesses, diversity of prompts, and diversity of domains. In total, we produce 89 different scenarios for Copilot to complete, producing 1,689 programs. Of these, we found approximately 40 % to be vulnerable.

• Why Give Up GitHub?
  There are so many reasons to give up on GitHub, but we list here a few of the most important ones:

  • Copilot is a for-profit product — developed and marketed by Microsoft and their GitHub subsidiary — that uses Artificial Intelligence (AI) techniques to automatically generate code interactively for developers. The AI model was trained (according to GitHub’s own statements) exclusively with projects that were hosted on GitHub, including many licensed under copyleft licenses. Most of those projects are not in the “public domain”, they are licensed under FOSS licenses. These licenses have requirements including proper author attribution and, in the case of copyleft licenses, they sometimes require that works based on and/or that incorporate the software be licensed under the same copyleft license as the prior work. Microsoft and GitHub have been ignoring these license requirements for more than a year. Their only defense of these actions was a tweet by their former CEO, in which he falsely claims that unsettled law on this topic is actually settled. In addition to the legal issues, the ethical implications of GitHub’s choice to use copylefted code in the service of creating proprietary software are grave.

  • […]