GitHub and trust

@ Paolo, elsewhere on these fora…

Am I missing something?

The connection is because that’s where you suggested putting a copy.

I afraid I simply don’t trust GitHub, primarily because I don’t trust Microsoft (you might want to look up something called CoPilot while you’re at it), and couple that with the fact that making use of GitHub on RISC OS isn’t exactly simple, I’m not inclined to consider it a good solution at this point.
Ideally, it could be added as an offshoot to the ROOL source collection? EUPL should present no issues, and I’m open to changing that if it does.

However, if you think it may be useful to have on GitHub, go ahead. Just understand that my updates at this time will be in the form of zip files on my site. Yeah, I know, crap and ancient. But that’s how I am.

By the way, the correct solution to perceived issues is to reduce dependence on a product ¹, or simply not use it. Working around them with specific add-ons to specific browsers is only useful if you have that combination of software. Does it work on Android? No. Does it work on RISC OS? No. Well, that’s my two primary systems then…

I’m going to ignore the stuff about government takedowns. There’s a chasm the size of Valles Marineris between privacy invading corporations, and annoying governments.
Actually, I would be rather impressed if a little MIDI driver module for an operating system few people have heard of, never mind used, gets any government interest whatsoever.
Please don’t conflate “wants privacy to be respected” with “nutjob hiding from the government”. I’m utterly utterly boring, I just simply don’t want some shitty AI to draw a bunch of bogus conclusions about me to generate a dataset of manure that gets sold to anybody interested especially when, since there’s no direct name or account associated this data and the conclusions drawn are not accessible, correctable, or able to be deleted, all in contravention to existing European laws. Refer to the GDPR, Max Schrems, and the endless crappy “Safe Harbor” nonsense that keeps getting revised as the EU doesn’t yet have the balls to tell the Americans to stuff their illusion of privacy.

Did you know that in France it’s technically illegal to use Google Analytics because of this? https://www.cnil.fr/en/use-google-analytics-and-data-transfers-united-states-cnil-orders-website-manageroperator-comply (it’s in English)

Are you mining cryptocurrency

My interest in fantasy money begins and ends with EuroMillions.
I tend to class crypto currency akin to NFTs – complicated mathematical tokens that people have assigned idiotic monetary values to in some delusional attempt to gain bragging rights.

¹ I don’t have much choice with Google’s rapacious behaviour as it’s pretty much necessary in order to use Android within the Google ecosystem (as bad as the app store is, others are worse). That being said, they don’t have my phone number ² or bank details, and I rarely use my Gmail address. While there’s no such thing as absolute privacy online, it can help to reduce exposure to outfits known to secretly track and profile people, aggressively block scripts, wipe cookies, etc etc. And don’t use Chrome.

² Probably the only reason they haven’t asked me to hand over a lot of information to prove I’m over 13 is because my account has been active for over a decade.

Just did a few tests to see if random sites call out to analytics and/or trackers. Just, you know, ‘cos it’s nearly 34°C and I’m kinda bored of the heat. Maybe I should toddle off and make some fish&mash instead of messing around with this? ;-)

• caf.fr
  Seems clean.

• Ameli.fr
  Seems clean.

• legifrance.gouv.fr
  Seems clean.

• laposte.fr
  Sends a wodge of data as a GET request to French analytics outfit Xiti.
  Does not ask about cookies, but sets 9 (only 2 are session).

• m.labanquepostale.fr
  Sends a large amount of encoded data to aweucn1.advanced-web-analytics.com which resolves as dw7rgqrzq5tr1.cloudfront.net (99.86.91.89), followed by a huge wodge of encoded data to d21j9nkdg2p3wo.cloudfront.net (13.32.158.12).
  Both appear to be French-based data centres run by Amazon (so likely AWS).
  Doesn’t ask about cookies, but sets eight (all except one are session).

• www.cmb.fr
  Makes a few short calls to googletagmanager; so potential indirect tracking if that sets cookies.
  Doesn’t ask about cookies, sets four session.

• leclerc.fr
  Uhhh… Not what I expected. ;)
  But no tracking or cookies. Well done!

• e.leclerc
  Seems to have nothing obvious other than googletagmanager and a link to an adtasty script.
  Makes heavy use of a cdn for the images, and calls out to scene7.com which indirects to akamaiedge.net for the larger graphics. These had weird names like “3e91d590-1499-11ed-9001-932e58e59e11” but playing with this, it appears as if it’s a UID for the image, not some sort of tracking.
  Surprisingly, sets only one session cookie.

• heyrick.eu
  No tracking, I don’t believe in it, nor do I care for analytics.
  Most of the site has no truck with cookies. They’re necessary for the forum, but you have an annoying prompt for EU-rules-reasons. Those cookies are only concerned with various aspects of forum behaviour, I think there’s a page saying what they are for.
  Some blog entries contain YouTube links, but these point to the nocookie version, for what little that’s probably worth…

• vigilance.meteofrance.fr
  Just Google Tag Manager.
  Sets one cookie, that expires in an hour. Might prompt, but privacy-center.org is blocked as an “annoyance”. :)

• riscosopen.org
  Absolutely no offsite requests; though as Steve points out below, the forum references Gravatar for the user icons, I forgot that.
  Sets three session cookies (if not logged in).

I cannot tell you if Google Tag Manager, Xiti, Adtasty, etc set their own cookies or contain further scripting that do things as my blocking does not permit these requests to happen.

However, while tracking happens, it looks like the whole “sending analytics data to America is BAD” thing has finally started sinking in.

riscosopen.org
Absolutely no offsite requests.

Hmmm, no references to gravatar.com perhaps?

I afraid I simply don’t trust GitHub, primarily because I don’t trust Microsoft

Why does GitHub and/or its current owner need your trust for storing a Git repo (i.e. a binary blob) of Open Source software?

and couple that with the fact that making use of GitHub on RISC OS isn’t exactly simple

That on the other hand is entirely RISC OS’ fault (or to be more precise: the fault of the people who still insist on doing everything via RISC OS and come to the conclusion to use inferior tools “just because they work with RISC OS”). It nicely illustrates why nearly no new developers are interested in doing stuff on/for RISC OS.

[deleted, irrelevant twaddle (result of boredom)]

Hmmm, no references to gravatar.com perhaps?

Good point. I did all of these tests with the landing page, which in the case of ROOL doesn’t link out to anything. I forget the icons on the forum. My bad.

That on the other hand is entirely RISC OS’ fault

It’s good that there are ways and means of building RISC OS sources using modern environments on other platforms.
Exactly how many of them work on Android?

I’m sorry, but when I’m writing stuff for fun and not any sort of profit (my first commercial venture, my little game, sold five copies, so not exactly a viable Get Rich Quick scheme), I’m not inclined to want to run a desktop computer burning over 200W, and I’m sure as hell not going to spend a pile of cash to upgrade to something better/more efficient.
My main Pi setup consumes about 7W, or around 35W with the monitor on. That’s about what the Livebox consumes.
The machine I’m using right now (Pi 1B, 7" monitor) is currently powered from mains, but will quite happily run for around 8-10 hours or so off a 15000mAh battery pack.

That’s part of why my yearly electricity bill is less than what some pay every other month in the colder months. I tend to wash my clothes at the same time as having a bath. Why? Because I’ve heated 200 litres which is way more than I need, so I fill a bucket with hot water and tip it into the washing machine until the level sensor clicks (about two and a half buckets). I would get a smaller tank installed, but they seem way more expensive than a generic 200l one. I might go talk to a plumber sometime soon…?

Otherwise, it’s the fridge and the ADSL router that are the main consumers. Not a lot, but it adds up over time. All of the main lights are now LED bulbs (6W instead of 60W), and I’ve changed bulbs in the outbuildings too, plus fitted an LED strip light in the kitchen.

To me, this sort of thing matters. So, usually, my desktop PC stays off. And as the electricity prices rise thanks to the current state of world crazy, I might moan on my blog that a ~30% hike in the cost per unit is a tad more than the 4% promised by the government, but really, it doesn’t make that much difference to me. The last bill was €60 rather than €50, and most of that is standing charge and taxes.

Don’t ask about prices in the UK… OMG!

or to be more precise: the fault of the people who still insist on doing everything via RISC OS

I’ve grown up with RISC OS. I persist with using RISC OS. I do this mostly as an intellectual challenge (beats watching rubbish like Is It Cake? on Netflix). And, yes, I persist with the crappy tools that have barely changed since 1987.

If that’s not good enough for you, well, too bloody bad, basically.

@ Rick

First of all thanks :)

Now… from where should I start? Oh boy you shared a lot! :D

However, if you think it may be useful to have on GitHub, go ahead…

Thanks for allowing a mirror site, I will take care of the zips.

Now to your position on GitHub.

The connection is because that’s where you suggested putting a copy.

Ok, but I did not mean only GitHub, ROOL GitLab is perfectly fine too (again another example, not an absolute single option)

I afraid I simply don’t trust GitHub, primarily because I don’t trust Microsoft (you might want to look up something called CoPilot while you’re at it)

I respect your personal decisions. I know CodePilot really well and, so far, it’s a total failure, they don’t want to admit it, but it kinda works only for extremely simple examples (pretty much like a beginner with BASIC language of back in the days). Try to ask it to write some C and be ready for a very entertaining hour of laughing.

However, let’s assume CodePilot will evolve into something that actually works: Would you mind it writing code for RISC OS (given we have lesser and lesser developers)? I am pretty sure that it could help also the old developers to write less code. But, again, this is in an hypotesys where CodePilot actually works! XD

But there is a bit more to this, in a more serious set of thoughts:

1) When you publish code on your blog and someone uses it maybe for something completely unrelated to RISC OS, or even scrap your license and use the code for a different OS/CPU and makes some money with it by modifying it a bit and maybe integrating it with something else. Does this bother you? Should we distrust your blog because it actually allow this despicable thing to happen? How dare you filthy blog to allow someone to do such a horrible thing?

2) There is more, let’s have a look at one example:
“Why should I use RISC OS in 2022?

RISC OS is a versatile and user-friendly operating system that is well suited for a variety of tasks.

It is easy to install and configure, and it comes with a wide range of applications that can be used for everything from office work to multimedia and web browsing.

RISC OS is also very stable and reliable, making it an ideal choice for users who need an operating system that can be relied upon."

Now, if you’re wondering what the heck is the above, well let me explain: It’s one of my AI/ML engines running on RISC OS and using wide neuronal networks in the cloud. You can talk to it in English and it responds to your questions (like some super-ELISA pumped with steroids, in the sense that the answers can make sense! lol). The AI knows nothing about RISC OS, it just can predict what comes next to my question. Such prediction is being possible by analysing the entire internet of websites (yours included, ROOL, the old ones and archive.org etc.). It’s like CodePilot, but for colloquial things, and yes you can entertain an almost miningful conversation with RISC OS itself (or so it will look like) ;)

So, am I evil too now? And why didn’t I ask for your permission to read your blog? Well, if you read this question well, why would I have to ask your permission to read your blog? I mean this is what you’ve published it for in the first place! No?

So, if I read your published code, do you want me to ask your permission to read your code? And if I read your code in an answer to solve a problem here on ROOL, why I can’t use it to solve that problem it was mean to solve? Do I need to ask your permission to solve that problem now?

“Is it me or this whole thing is getting crazy?” I mean, Open Source is freely available to everyone, or do we do discriminations? Like “Open Source only for X and Y country/gender/animal class”, no we do not.

Here is where the problem lies, media need to demonise certain things, not even because they believe they are bad practice, it’s just because negativity attaract clicks and readers more than positivity, it’s a well known thing. Fear moves “bottoms” more than anything else, in the end is in our nature to be interested to avoid the danger.

“But they want to spy on meeee!”
“They” are mostly collecting user habbits to figure out what people need, sure still a privacy issue, but in this case “contenarise them” and let them see nothing, they won’t mind. Trust me, Microsoft will not come at your door upset because you made their data collecting thing believe Pixies are real ;) (besides Pixies ARE real, they play Alternative Rock!) – In other words they do not care as much as your “network brain” is suggesting you, and if they would care that much then… well… you’re using Windows XP and you know they are collecting data since Windows 95 right? ;)

and couple that with the fact that making use of GitHub on RISC OS isn’t exactly simple, I’m not inclined to consider it a good solution at this point.

Well, that is an interesting point. I mean, I use GitHub with RISC OS every day and no issues whatsoever. Here is how I do it:

1) I have a spare RPi connected to an SSD USB 3 that I use as backup and RISC OS network server (included ShareFS and, obviously SMB compiled on purpose to work also with RiscPCs and all the neandertal Acorn stuff, I love it, sorry)

2) That Rpi runs Linux and I access it from all my RISC OS via Nettle

3) I run git on the linux side on the SSD that is shared with all my RISC OS machines

4) I compile code on RISC OS from the shared folders

So, everything is being used from RISC OS and I have no issues whatoever. If I need to access GitHub I use Iris, so again all on RISC OS.

It not only works really well, but also avoid to wear out the SDs on my various RISC OS systems (so probably it’s also a better solution than using git nativelly on RISC OS itself and compile/debug/safe sources many times) and keep the SSD nice and fast (Linux supports the USB 3 very well, network port of the RPi runs at best speed, and Linux supports the TRIM keeping the life of the SSD long)

Not to mention that, everything can also be shared with GCCSDK if I need to.

Now, if this is bad, wait for the test automation that can help as well (and even running controlled instances of RPCEmu to run the tests without cripling my development RISC OS) and all of this using my favorite editor StrongED.

Oh and what about concurrent builds using the good ol’ DDE? Well running automated RPCEmu you can do that too, and it’s nice to be able to spin things off from RISC OS itself.

But, as always, I fully respect that others may not like this setup, it’s totally fine. However for me using GitHub with RISC OS is super easy, fast and very confortable.

Just did a few tests to see if random sites call out to analytics and/or trackers.

Sure and that is not a secret, they are in clear view. I repeat for maybe the thousand time (lol) I work in the Cybersecurity field, and I deal every day with so much worst things going on, that makes the trackers look like a silly toy for corps to collect some users data which you can completely control (again) isulating the browsing experience in many ways (mostly free and without having too much troubles these days).

But ok, let’s be dystopian, it’s trendy these days. Every single one tries to steal your data, included your ISP. So if it’s not a cookie, then it’s a DNS request, or analysing your HTTP connection (which is why I keep begging ROOL to move Packman source to HTTPS only), your http header, your IP, your activities finger print and more.

Your antivirus, your browser itself, your Operating System, your utilities, your freaking editor and even when a utility is completely innocent but still use not privacy-safe practices, then boom your IP and such utilities get tracked.

Your Netflix tracks your, Your Android device call google home every ~4 minutes, your bloody bulb now does it too, your CC get tracked by the circuit and the bank, your NHS website (well you are in France, but same thing there).

But ok, if the GitHub tracker is the bad guy, even when you can completely control it, sure, again, I respect your opinion :)

I’ve grown up with RISC OS. I persist with using RISC OS. I do this mostly as an intellectual challenge (beats watching rubbish like Is It Cake? on Netflix). And, yes, I persist with the crappy tools that have barely changed since 1987.

Me too, and please do not stop if you enjoy it. I love to use RISC OS for what it is and just “mod” it to my pleasing, it’s all fun and there is no need to have two “factions” like “the progressive” and “the conservative” lol both ways are fully valid if one is enjoying either of the two or both. RISC OS is a toy and toys are made to have fun :)

I stop it here, I have written already way too much (apollogies for this). BTW, please don’t get it in any antagonistic/aggressive/negative way, just my usual sarcasm in the hope of a smile and not a negative outcome.

As always a super-duper thanks for the USB MIDI driver, spot on idea and work (also to Dave!), let’s hope that all the old music making software will be released too so we can enjoy it on RO 5 and the new hardware.

Cheers!

It’s good that there are ways and means of building RISC OS sources using modern environments on other platforms. Exactly how many of them work on Android?

I have no idea. Does it matter? Who in their right mind would choose Android as their development environment? I can only think of very few reasons.

I’m sorry, but when I’m writing stuff for fun and not any sort of profit (my first commercial venture, my little game, sold five copies, so not exactly a viable Get Rich Quick scheme), I’m not inclined to want to run a desktop computer burning over 200W, and I’m sure as hell not going to spend a pile of cash to upgrade to something better/more efficient.

I don’t understand what you are referring to. Did I advocate a 200W desktop computer anywhere for development?

My main Pi setup consumes about 7W, or around 35W with the monitor on. That’s about what the Livebox consumes. The machine I’m using right now (Pi 1B, 7" monitor) is currently powered from mains, but will quite happily run for around 8-10 hours or so off a 15000mAh battery pack.

And the Pi 1B is really inefficient (compared to the later models – the difference is less when you run RISC OS of course). But my notebook also runs on around 35W on average with the screen on. So I am not sure what you are trying to say.

To me, this sort of thing matters.

Not so much to me, I enjoy the comfort of living with an extremely high electricity consumption. My home cinema is not exactly built to be power-saving at all.

But again, I don’t understand your point. Use Linux on your power-saving Pi environment, and you can do GitHub-based development for RISC OS just fine. Or you can even do it from RISC OS as Paolo illustrated. Using better tools to do the development might even speed development up so much that you can do so much more in a shorter period of time, enabling you to save even more electricity.

I’ve grown up with RISC OS. I persist with using RISC OS. I do this mostly as an intellectual challenge (beats watching rubbish like Is It Cake? on Netflix). And, yes, I persist with the crappy tools that have barely changed since 1987.

I recommend setting up ArcEm or ArchiEmu with ANSI C release 3 (or 4? Not sure about the timeline) and work from one or two virtual floppy disc drives, that is much more faithful to the original 80s developer experience. And even more of an intellectual challenge – e.g. using TWIN for editing your source code.

If that’s not good enough for you, well, too bloody bad, basically.

I don’t care what people do for whatever reasons – I am a real libertarian. Just do whatever suits you. Type in every byte by operating dip switches if you like. I just notice the inefficiency, which is kind of sad if talented people waste their time (especially in a developer world like RISC OS where resources are extremely scarce). On the other hand, I am wasting my time here on this forum, but whether I’m talented is in dispute anyway :-)

My main question relating to the topic of this thread has unfortunately not been answered, which is kind of sad, because it was the more important part of my post.

Would you mind it writing code for RISC OS

The problem is that CoPilot, by design, scans through loads of code and treats it as code devoid of context and, more importantly, licence.

My personal opinion on GPL is well known, so I’ll not waste time calling a turd a turd; however if somebody wishes to release their code under any particular copyleft licence, from BSD to GPL, then the very least that they can do is respect that.

Back in the 80s and 90s, nobody cared about this nonsense, it was the crap that was printed on the box or envelope of a set of floppy discs. It was some corporate rubbish.

But these days, these things are important, as the act of granting rights is what allows us to use the software. People are generally more aware of this, even if loads ignore it. ;)
Which means, most (if not all?) of the projects on the likes of GitHub are tagged with the licence info. I saw something the other day, can’t remember where, and it said “MIT” halfway down the screen. I clicked to see what that meant, and it took me to the licence text.

Thus, CoPilot paying no attention to this seems to me to be “by design”. And while it might seem ridiculous to want to apply GPL to a single function that might, say, convert Julian dates into normal dates, a program is made up of many little functions. At which point does it become an issue?

Does this bother you?

If it was modified and stuck into something commercial, I’d probably never know.

I have, however, stopped releasing the sources to my NetRadio. As explained on the last update (with binary blob), I’m getting just a little fed up with people letting me know they’ve added all sorts of features but without having the decency to share their code so everybody else can benefit.
I’ll probably do a source release next time, it’s more making a point than any sort of policy.

As for documents, the Chinese used to rip off my assembler stuff regularly. There’s a Windows help file version kicking around (or, at least, there was in 2011). Actually kind of useful.

Oh, and just the other day I came across this: https://manualzz.com/doc/1277139/filestore-rtc-nvram
Look familiar? Don’t bother downloading or reading beyond the first page though, it’s a broken PDF.

Should we distrust your blog because it actually allow this despicable thing to happen?

That’s like distrusting people because some so horrible things.
Oh, wait, that’s actually a pretty useful outlook in this day and age.

So, if I read your published code, do you want me to ask your permission to read your code?

As far as I’m aware, no open source licence is concerned with people. But do be aware that, yes, this might be a concern. It’s why “clean room programming” is a thing. Indeed, the proper way to do it is to have somebody use the original software, document how it acts and behaves and then pass that document (and only that document) on to the programmer to implement something that behaves alike but is a completely original implementation by virtue of the programmer never having actually examined the original.

Personally I think copyright might not entirely make sense when applied to software. And it’s being used for two conflicting purposes. Commercially, it’s like traditional copyright of books and such in that it is a set of restrictions to allow the publisher to benefit from the commercialisation of their product. With open source, it’s being used as a set of restrictions aimed at keeping an open thing open (and also disclaiming liability, etc). For this, it’s an interesting abuse of the concept, but I do wonder if there shouldn’t be something else? Maybe something that hasn’t been corrupted by Disney to mean “life plus a billion years”?

Like “Open Source only for X and Y country/gender/animal class”, no we do not.

Except, in a way, GPL does. <stir>

Oh, and in the terms of country, actually this does happen. American software, including open source, is subject to American export rules. The author of PGP was charged with exporting munitions without a licence, because the government considered encryption to be a munition.
At about the same time, online encryption was technically illegal in France, but that nonsense was quietly abandoned, perhaps when it was pointed out that not having anything would kill online commerce stone dead. Which, honestly, I wouldn’t have put past the French government in order to prop up the ailing Minitel system…
[France has come up with some pretty bizarre rules aimed at the likes of Amazon in order to favour local booksellers who completely and utterly missed the boat and never bothered to innovate; why should I buy a book at X and pay almost as much in postage and it might take two weeks? Fail! And following the Nutella Riot (don’t laugh, it actually happened), it’s the law that the most a product can be discounted is 33%, so it’s no longer a buy one get one free, it’s buy two get one free; in these cost of living crisis days, how exactly does this help the consumer?]

Do I need to ask your permission to solve that problem now?

Technically yes. But, then, technically I think you might need permission to quote what I have written, since I’ll have copyright according to the Berne Convention.

Yes, it can be understood that writing on a public forum comes with this expectation, but it was never actually stated.
This is why Google and Facebook (etc) have some weird looking stuff in their licences such as you agreeing to give them a worldwide royalty free licence to display your uploaded material as is necessary. This isn’t to give Google the right to rip you off, it’s to give them the ability to function without worrying about you suing them for copyright infringement simply for providing a copy of your uploaded content to other people.

“Is it me or this whole thing is getting crazy?”

It got crazy the moment the lawyers arrived, parasitic scum that they are.
When I think of a lawyer, one of two images pops into my head. Ally McBeal, or a mosquito. Usually the latter.

just because negativity attaract clicks and readers more than positivity

Yup. In the now deleted post above, I mentioned a loony right wing “newspaper” (used in the loosest possible definition). This pathetic excuse for journalism is pretty much nothing but shouty clickbait. Vehemently frothing at the mouth over anything to do with the French, or the EU, or the French, or Megan, or the French, or Russia, or the French.
Once in a while they even insult the French.

you’re using Windows XP and you know they are collecting data since Windows 95 right? ;)

Love to see that happen with a machine that’s blocked from accessing the internet. ;)

XP + Internet = Poor idea since April 2014.

But ok, let’s be dystopian, it’s trendy these days.

Not trendy, quite legitimately real. In the country I don’t trust, service providers routinely sell information on their clients.
Part of this is why Google is being very big on pushing for TLS everywhere and encrypted DNS. Specially so all a snooping ISP can see is data between two IP addresses.

And, yes, in a land where bounty hunters can legally harass pregnant women, mobile phone services are happy to sell location information and histories, and ISPs sell information on users, there could be fundamental repercussions of any woman who is known to be pregnant who goes within miles of a place associated with making pregnancies go away (even if in a different state).

Sorry Paolo, it’s not dystopian, it’s real, it’s happening right now, and it’s happening in the country that likes to think it’s the greatest place on earth.
What a shitshow.

Privacy is important. Even if there’s exactly zero chance I’ll ever need an abortion to be performed on me, it’s still important. Slippery slope and all. After all, look at the gradual erosion that made these sorts of things happen.

I use GitHub with RISC OS every day and no issues whatsoever.

By using an entirely different system to do the hard work. That’s cheating. ;)

Your Netflix tracks your

Oh, I think most people have no idea.

If you have Netflix, request a copy of your user data. Go on, go do it. It’ll tell you it might take weeks, but it’s more likely a couple of hours.

You’ll get a bunch of files back. Your watchlist. Things you’ve watched. Your settings. And then there will be a really big file. And in that really big file will be a record of every single interaction you have had with the service.
Did you ever hit the back then seconds button a few times to watch a cute/pervy/gory bit? Guess what, recorded. Complete with timestamps. All the times you hit +10s to skip the rubbish at the beginning, or boring parts… all carefully recorded.

your bloody bulb now does it too

I refuse to install lightbulbs that need firmware updates. I mean, it only has one job…

But ok, if the GitHub tracker is the bad guy

Actually, it’s not the tracker in GitHub’s case. It’s the corporation behind the thing. Excuse me, but I’m old enough to take Microsoft’s attempts to embrace open source with an entire barrel full of cynicism.

just my usual sarcasm

Ah, sarcasm.

A long time ago I had to explain to an American that a bunch of British people sarcastically mocking each other was basically how they said hello.
On TVTropes, they don’t allow real life examples on the World Of Snark page, but they did concede to attempt to explain British humour.

Right. I meant to make dinner an hour and a half ago, so…

*Bye

I recommend setting up ArcEm or ArchiEmu with ANSI C release 3 (or 4? Not sure about the timeline) and work from one or two virtual floppy disc drives, that is much more faithful to the original 80s developer experience.

Some of us are trying to take this platform forward, Steffen.

I think he’s trying out sarcasm. ;)

I think he’s trying out sarcasm

And before you know it he’ll be on to dramatic irony, metaphor, bathos, puns, litotes and satire. :-)

And don’t use Chrome.

At work, we created a test page on our public website (we normally use a test site but there were issues in this case). The test page was not added to the navigation menus or site map, and wasn’t linked from anywhere. The direct URL was given to two or three people, and I can only assume that one of them opened it in Chrome because the page somehow ended up in Google’s search index!

And don’t use Chrome.

because the page somehow ended up in Google’s search index

Obviously the pepole who do use Chrome have not read (or didn’t understand) the Terms and Conditions.

@ Rick

The problem is that CoPilot, by design, scans through loads of code and treats it as code devoid of context and, more importantly, licence.

I’m afraid, this is what all ML does. If you ask GPT-3 to write a chapter of a book it will behave the same way.

However, IMHO, it’s also important to note:

- How many times should we write a Quick Sort algorithm before it becomes not licensable?
- Where is the list of all the authors of the original algorithms you use in your own pplications? Are we sure we should not mention the folks at Acorn that did the early WIMP tests by writing multiple times the traditional WIMP Poll routine that we all have rewriteen after learning about it from a book?
- Why is it ok for you to use a fibonacci series and not mention Fibonacci copyright in the list of code owners and it’s not ok for an AI to do the same?

In other words, how truly original is our software, if we stop for a minute and think about it?

The big picture indeed is almost unique, but the components of it, not so much.

We have this issue in music composition as well. For instance chord progressions cannot be copyrighted otherwise most of the Pop music produced in the last 50 years would be plagirism lol

However, even melodies are copied, not in the extend of (again) the big picture, but in the extent of intervals used to create such melodies, they have same rules as chord progressions, however they are more rules and so harder to spot the copy.

As a composer I can easly say that most of the original music has been written already, all we do these days is just reassemble sub-patterns and play with rythms and time signatures together with some technique to surprise the listener in certain points of a melody or a song to make it “original enough”. ML techniques are not yet so refined, but then again, music is around by many, many, many centuries.

Sorry Paolo, it’s not dystopian, it’s real

There is nothing to be sorry about, it’s true what you say, and I appreciate your feedback. However it has started long ago, not now. The way it works is simple: The more we put data on the internet the worst it gets.

Companies like Facebook have already declared they have lost control of all the data they own.

And let’s not mention the new waves of companies collecting very, very, very sensitive data for background checks when someone has to rent a flat or have a flight somewhere etc.

But again, having an Adroid deice (or an Apple for that matter) means having renounced to privacy long ago. And besides, there are so many data-collectors everywhere that it’s impossible to hold on to privacy. We probably should talk of “degrees of privacy”.

Privacy is important

I agree, and never said otherwise, but again there is no more privacy, only different degrees of it, but (IMHO) full privacy is utopistic at this point.

You’ll get a bunch of files back. Your watchlist. Things you’ve watched. Your settings. And then there will be a really big file. And in that really big file will be a record of every single interaction you have had with the service.
Did you ever hit the back then seconds button a few times to watch a cute/pervy/gory bit? Guess what, recorded. Complete with timestamps. All the times you hit +10s to skip the rubbish at the beginning, or boring parts… all carefully recorded.

Indeed, and that is just the data a user has produced directly. It’s not in its “enriched form”. For who is not familiar with enriched daa, it simply means an IP at a given date and time also has a geographical location that can be added via dedicated GeoDBs, so in that case the data is called enriched, because there are extra information that haven’t been collected directly from the user, they have been added.

Actually, it’s not the tracker in GitHub’s case. It’s the corporation behind the thing

As I said, I totally respect your opinion. my point wasn’t in trying to change your opinion, it was more like, so why do you trust others that do exactly the same activities? I mean Google tracks users down to the meter on Android devices and reads all their emails on gmail accounts, cross reference search data and analytics and more.

Part of this is why Google is being very big on pushing for TLS everywhere and encrypted DNS.

Google, Microsoft and Apple (yes also your disliked company is a big pushed for TLS everywhere), but they are doing it because data is now considered the new “oil” and with TLS everywhere the big guys will be the only one who will own the data ;)

Nothing related to you Rick, but my favourite are the folks that do searches on duckduckgo using Chrome XD

before it becomes not licensable?

Not my call.

As I understand it, the copyright relates to “artistic expression”, otherwise one could use similar broken logic to discount pretty much anything… how many times putting paint on a canvas, etc.

Where is the list of all the authors of the original algorithms you use

Given my (limited) grasp of mathematics, I’d expect copyright to have long since expired on anything I do.
[software patents, on the other hand…. I’m glad we don’t have such a blight around here]

Why is it ok for you to use a fibonacci series and not mention Fibonacci copyright in the list of code owners and it’s not ok for an AI to do the same?

Bogus argument. I never said anything about Fibonacci, and given that he was circa 12-something, I would be amused at anybody trying the copyright ruse with that.

In other words, how truly original is our software, if we stop for a minute and think about it?

That’s why software patents are a big deal across the pond. Taking the smallest bit of innovation and using it as a weapon.

On the other hand, originality or not, if somebody puts time and effort into creating a product, should they not be entitled to have some means of profiting from it?

My little game, for instance. Nothing new whatsoever. The “female protagonist” has been done. The “nonviolent platformer” has been done. “Hunting ghosts with a camera” was basically lifted directly from the plot of a Japanese video game (and, later, movie). Even the tile based scene drawing, which is pretty much all a third generation video game console could do. I even, in my blog series, make specific mention to the game (Ghost House, SMS) that I used as inspiration.

While the ideas had been around for ages, the actual implementation of the game was entirely my own work. Asides from the theme music (by Tony) and some of Lucy’s dialogue (Tony’s daughter), everything was created from the first line of code and/or the very first pixel.
So, should I not be entitled to have rights over my creation in order to be able to sell it if I so desire?

I think this is part of the copyright idea of “derivative works”, that it’s not so much the thing that gets the copyright as much as the effort behind it. After all, there are hundreds of platform games. Hundreds of driving games. Hundreds of word processors. And so on. But they’re all a little bit different because people put work into making them, with their own good and bad points.

If you’re at all interested in how my game came to be, sixteen articles starting here: https://heyrick.eu/blog/index.php?diary=20211201

For instance chord progressions cannot be copyrighted otherwise most of the Pop music produced in the last 50 years would be plagirism lol

Chord progressions, rhythm, and licks generally aren’t copyrightable, but phrases and arpeggios generally are.
How many notes constitute a phrase? Well, that depends upon how good your solicitor is (and what jurisdiction you live in).

This was part of the recent case against Ed Sheeran. Some nobody tried to sue him for stealing a phrase from one of their songs. It fell apart when he pointed out that the phrase in question was as old as the hills, and if I remember correctly, demonstrated something with that exact same phrase that existed before the complainant was even born.

I understand the desire to want to copyright a commercial product, but I also wonder exactly how many ways it is actually possible to assemble rightly 61 notes (how many keys on my keyboard) into a bar before there’s some sort of repetition? Consider, thousands of songs made every year.

Thus, trying to attack somebody over a single phrase shouldn’t be allowed. Such things ought to be applied to works as a whole, with exemptions for specific sections (such as iconic guitar solos). Those should be copyright. Simply having a B flat followed by an A sharp shouldn’t be. ;)

As a composer I can easly say that most of the original music has been written already

I have no doubt. This is also likely why certain types of music have a certain ambience, often used in film scores.
Like, how many people associate a sax solo with sex? Maybe even the seedy type? And perhaps even your mind has already started playing the intro to a certain Dire Straits song…

It’s these sort of repetitions that allow ambience to happen. Like the end theme to Child’s Play, or the opening theme of Trancers, or Ennio Morricone’s iconic work.
We see their influence time and again, as simple subtle references can set up an ambience.

The Theramin – spooky haunted house, Halloween, spiders, ghosts, right?

Might blow your mind to realise it is also responsible for the chorus hook in Good Vibrations (Beach Boys).

But, yeah, usually you hear it just before you see the sweet little girl that wants to play with your dead body (hello Wednesday)…

But again, having an Adroid deice (or an Apple for that matter) means having renounced to privacy long ago.

To a degree, yes. There’s not a lot you can do with Android that doesn’t involve Google, unless you want a vastly inferior experience. But that doesn’t mean you have to play along. No linking credit card to phone. Don’t use GMail for primary contact, don’t visit “hidden” web pages using Chrome, don’t hand over all your passwords to be shared, don’t leave location on all the time, etc.

Of course, Google will subtly fight back – you can’t perform a WiFi scan since about Android 6 or so unless GPS location is on. This is complete crap, but it gives them the ability to tie an access point to a location, to improve their mapping facilities.

On the other hand, Apple does exactly the same thing but has no method of doing so when the device in question has no GPS. For the time when I had an iPad, Siri was utterly useless. Ask her about tomorrow’s weather, she’ll reply that she doesn’t know where I am, with no way to specify.
So, I guess, what you share depends upon what you need to use…

And besides, there are so many data-collectors everywhere that it’s impossible to hold on to privacy.

Part of the reason I don’t participate in social media, and try to avoid using apps when there’s a perfectly functional website.

We probably should talk of “degrees of privacy”.

Oh, certainly. There’s no such thing as absolute privacy unless you’re willing to exist entirely off grid and panic when anything at all goes wrong.

Many people reading will know a reasonable amount about me, my politics, how I think, and the sort of stuff that interests me.
This, however, are those things that I have chosen to share. Either here or on my blog.

Some of you may know where I live. For everybody else, it’s a vague “somewhere near Châteaubriant”. That’s close enough. I’m not okay with bleating my GPS location to strangers. Too many crazies in the world.

For who is not familiar with enriched daa

There’s a huge market in data aggregation, because while individual data sets might claim to be anonymised (by whatever idiotic metric this is, usually “it doesn’t have your name therefore it’s anonymous”), if enough different data sets are merged, bang goes any anonymity.
It’s a real big thing in America where de-anonymising medical data is a treasure trove for insurers. There’s a lot of money in refusal to cover certain treatments before the patient is even ill.

so why do you trust others that do exactly the same activities?

Who said I do? My old Yahoo! address is still active, but I don’t use it much any more (except as a place where spam can go) as they are known to scan through personal communication in order to profile for advertising. They have, at least, backed down from requiring people use their app, so IMAP still works. Probably realised that if they forced that, too many people would just walk away.

That’s part of the price when you use a “free” product. Just like I don’t believe in advertising, but most of my videos on YouTube have advertising before them now. This isn’t my choice and I don’t qualify for any form of monetisation, so it’s them getting the pennies for the crap they show. But I don’t pay for YouTube (either as a viewer or creator) so I guess it is something we have to put up with.

That being said – if you have an Android device, look out an app called NewPipe. For obvious reason it is banned from Google’s app store. Turns out, all the YouTube adverts are put there by the app. They aren’t a part of the video stream. So with an alternative app, no remembering everything I have watched, no adverts, and if I like something it’s two taps to download it.

my favourite are the folks that do searches on duckduckgo using Chrome

Well, half the battle… 😂

The problem is that CoPilot, by design, scans through loads of code and treats it as code devoid of context and, more importantly, licence.

That sounds like an accurate description of the average human coder. For smaller values of “loads”.

Not my call.

K, then not your call either on judging an AI doing that same for the thousands + 1 time, no? ;)

As I understand it, the copyright relates to “artistic expression”, …

That is an interesting concept, however Enterprise Software Development is anything but “artistic expression” ;)

otherwise one could use similar broken logic to discount pretty much anything… how many times putting paint on a canvas, etc.

It’s not a broken logic, I’m afraid, it’s pure mathematics (where is Gavin Wraight when I need him??? :) ), there is only a finite number of permutations one can use to implement the same algorithm. Sure, one could claim that by using different variable names they have changed the artistic expression, however, I’m afraid, that will not hold in a copyright infringement case.

That’s why software patents are a big deal across the pond

Ermm NOT true: https://en.wikipedia.org/wiki/Software_patents_under_United_States_patent_law

“On June 19, 2014 the United States Supreme Court ruled in Alice Corp. v. CLS Bank International that “merely requiring generic computer implementation fails to transform [an] abstract idea into a patent-eligible invention.”

Software cannot be patented neither in EU nor in the US. One patents a useful process, a mechanism or a composition of matter. Some may argue that a software program is per se a process, but that is a way to simplistic definition. As a matter of facts a software program is per-se an implementation of a process and thus fails to transform a general idea into a patentable invention.

Given my (limited) grasp of mathematics, I’d expect copyright to have long since expired on anything I do.

You’d be surprised to know that a lot haven’t actually. It’s just that mathematicians do not expect everyones to pay or ask to use a formula or an algorithm, which is one of the reasons why our society actually (mostly) works.

But, let me help: https://en.wikipedia.org/wiki/Timeline_of_algorithms

On the other hand, originality or not, if somebody puts time and effort into creating a product, should they not be entitled to have some means of profiting from it?

Absolutely, but be careful, you’ve mentioned the term “product”, not algorithm or function. I have stated very clearly that the “big picture” (aka a product, a solution, an entire system) is indeed original and therefore a different matter. So, by your question, I think you have (maybe) not fully understood my point?

My little game…

Inrelevant to the discussion because your game is a full product, not a single algorithm. Sure one day also full products will have a similar situation, but like in music, the moment we increase the “picture” the more the permutation number can grow and so, the harder it’s to get to clones. But also there the number of permutation are finite (the end number is just very, very, very big)

While the ideas had been around for ages, the actual implementation of the game was entirely my own work.

Sounds like you’ve used undiscovered and totally alien logic in your code! Awesome! Impressive! You managed to give us the illusion of sprite moving without merging them to the screen memory as we all do, you truly are an incredible mind! You did not need to detect collisions as we all do, impressive and the map, not even using a regular surrogate of the map as we all do… I am trully impressed, well done! Sorry, my usual sarcasm, I hope it’s ok, if not, then my apologies.

don’t leave location on all the time

I am afraid, a location can be calcoulated just by having either bluetooth on or WiFi (even with WiFi not connected to anything). This is because bluetooth can interact with other devices which may have their position tracked and bluetooth can determine the distanc from such devices. WiFi will scan for networks (SSID is unique) and such network can be traced.

Google own the OS and the HW, so, also, who’s telling you they do not enable features? They did it in the past and that caused a lot of troubles for them, so maybe they don’t do it anymore. But, again, the only way is to have the device in a Farady bag, which makes the device pretty useless, no?

Who said I do?

You did not, indeed, but you watch netflix and that is enough to warrantee them your trust, you are giving them your data and they are enriching them. You do have a phone? Your phone company is tracking your data (yes even with WiFi off) and they are enriching them etc…

This is called trust. You may say, but I have no option, and that is a great answer, but none of us do, again “degrees of privacy”.

That’s part of the price when you use a “free” product

I wish this was still true… These days WE are the product, either if we buy something or if we use something for free.

The sad reality is that we can only control which data we give to things like GitHub which are not omniscent entities, but we cannot control what we give to Google, Microsoft, Apple and other big players. You may argue that GitHub IS Microsoft, but in reality they are just one of the Microsoft data entry points, hence you can control them, but not Microsoft. Hope this makes sense.

The sad reality is that we can only control which data we give to things like GitHub

Given a bot searching for sufficiently permissive licensing, it’s not beyond them to go off cloning other remote repos for their toy AI to ponder… Why not?

then not your call either on judging an AI doing that same for the thousands + 1 time, no? ;)

Please don’t twist my words. The “not my call” was relating to the question of how many times something can be recreated before it cannot be considered copyrightable. I don’t know. I would imagine, independently, people have written the same things many times. After all, there are only so many ways to do something like work out the area of a circle. But this is a tiny part of a greater work. For example, there are only so many ways to apply paint to a canvas, but it’s doing this many many times with different colours that creates a picture.

One patents a useful process, a mechanism or a composition of matter.

True. But a lot of that is “<something that existed> on a computer”.
So, no. iOS isn’t covered by a patent. But there probably one for the on-screen slider, on for the toggle buttons, one for the way of dismissing apps, one for the notification area, dozens for the text rendering, more for…
Apple has seventy two thousand patents, and infringing just one could be enough to get an entire product blocked.
Especially if they head to the east district court of Texas, that…is somewhat notorious.

Here’s Google, patenting the notification bar. Since patents are a weapon, Google has loads too. https://patents.google.com/patent/US20090249247

there is only a finite number of permutations one can use to implement the same algorithm

Yup. And somebody has used a computer to generate every possible musical phrase (for Western music, at least), which is copyright, and now released into the public domain.
Ted talk: https://youtu.be/sJtm0MoOgiU

Would be interesting to invoke that in court if somebody gets upset about something. ;)

You’d be surprised to know that a lot haven’t actually.

Looking at that list, I’m not sure I’d use any recent ones. I am surprised how recent the shell sort is, but then I’d use the bubble sort (terrible efficiency but easy to understand and remember).

I think you have (maybe) not fully understood my point?

This is the problem with throwing computers at something. You or I can see in the context of individual functions. Maybe it would be useful to copy this function instead of reinventing a wheel.

In the time it has taken you to read that, an AI machine could have analysed hundreds of entire projects, breaking down and categorising each function and major code blocks within.
How much needs to be reproduced until it isn’t just a function here or there, but substantial portions? And, remember, because it can offer this to thousands of people, not everybody will need the same thing.

Is it valid to break entire projects down to a set of basic algorithms and then try to claim “there’s only so many ways you can do it so shut up”.

No, it isn’t. Otherwise I could happily pirate Harry Potter (or, ahem, something I’d want to read) using daft logic such as there’s only so many ways to arrange words (and they’re all in the dictionary so prior art!).

Copyright is applied to things that people create. It’s how the likes of GPL even work. We tend to think of it as applying to a whole, but the little bits that make the whole are equally covered.

Devising a method to pillage on a mass scale is nota great way forward.

You managed to give us the illusion of sprite moving without merging them to the screen memory

Don’t be facetious, I called the OS routine.

You did not need to detect collisions as we all do, impressive

Had you seen my code, you’d probably scratch your head and agree that it is, in fact, alien logic. ;)

What I meant was that I didn’t refer to existing code, I came up with the algorithms myself. Of course, I used plenty of OS routines, I have no interest in trying to bare metal it.

a location can be calcoulated just by having either bluetooth on or WiFi

Yup. But I usually keep them off too when I’m out. Helps battery life.
And, yes, Google could turn them on. But since I often switch my phone to airplane mode, they’d likely get their asses legally slain if they started doing radio stuff when in airplane mode.

again “degrees of privacy”.

Exactly. There’s no absolute, not if you want to exist in the world with others.

These days WE are the product

That’s what I was hinting at, actually.

And, yes, I understand. We can control what we choose to give, but we can’t control what others steal.

I hope, some day, legislation will catch up with these practices, but I’m just about cynical enough to think that the general government response will not be to clamp down on it, but instead to quietly threaten to raise absolute hell unless the data thieves share what they have. Paedophiles, terrorists, it’ll be one or the other trotted out as an excuse to justify it.
Again.

Given a bot searching for sufficiently permissive licensing, it’s not beyond them to go off cloning other remote repos for their toy AI to ponder… Why not?

This is a very good point Stuart. It is possible that they are filtering repos now. But, again, given the really bad state that project is in at the moment, (and with my apologies for the terminology I am using next), I think that CodePilot is just a cheap stunt and nothing more at the moment. Problably it will become (in the future) a better thing, in the end we are in the age of “agile” right? So, why not release a complete and utterly bad made thing and then improve it over time as the famos methodology kinda allow? ;)

Please don’t twist my words.

Sorry, it wasn’t my intention. What I am implying is that you (like everyone else) are not reinventing the wheel every time you have to code. What you’ve learned comes from books and teaching, as well as “hacking your way out of troubles” (it’s part of the whole process, so it’s fine).

What distinguish a human made code from a to-date-AI is that the AI doesn’t experiment, doesn’t hacks it’s way out of troubles (some more advanced forms actually can, but CodePilot right now clearly can’t).

In a lot of situations we believe we are “creating” an algorithm, however we are reusing something we have learned, from a book, a lesson, a magazine. It’s part of being humans and it’s fine, it’s part of the so called “learning process”.

If all of us would have to “re-invent” Pythagorean theorem every time we need to cacoulate the measure of one side of a rectangle triangle our society would not have gone too far.

Computer Science has been around for a while now and sooner or later also CS will have to embrace what has been embraced by all other scientifical disciplines. Technically this has already happened long ago, but I understand there are still people that wants to hold onto their functions like there were so unique. and probably in case of bad coding they trully are ;)

Anyway, my point is clear and I believe it needs no more clarifications. Again if you want to continue to mix up components with full creations, it’s your choice, But then stop using printf if you do not want to mention the original author of that function which indeed is another function like the ones you wrote in your code! ;)

Joking!

Don’t be facetious, I called the OS routine.

Oh c’mon that was funny XD

Had you seen my code, you’d probably scratch your head and agree that it is, in fact, alien logic. ;)

XD

That’s what I was hinting at, actually.

Oh I know ;)

But the title then is a bit missleading, it implyes only GitHub is evil, while, in all honesty it’s just a drop in an ocean of madness which we were all told it would happen by all the old school sci-fi authors, I guess those books are slowly turning from fiction to non-fiction, sadly.

[edit]
Just a funny note on Enterprise Software Development and “the whole thing” concept: https://www.youtube.com/watch?v=y8OnoxKotPQ
[/edit]

I guess those books are slowly turning from fiction to non-fiction

Some of them. It’s interesting to see which ones are, and which ones aren’t – and to see how accurate or inaccurate one’s predictions of which would prove prescient and which ones wouldn’t have been. Some of the ones that haven’t proved prescient may yet do so, but some pretty obviously won’t, and others? Have fun predicting…

It’s interesting to see which ones are, and which ones aren’t – and to see how accurate or inaccurate one’s predictions of which would prove prescient and which ones wouldn’t have been.

Agreed, but no no no Clive do not suggest me other activities to do, my todo list is already from here to Mars and back! XD

One thing they all seems to have missed (or at least seriously underestimated) is the rise of the Internet. I guess it wasn’t something “dystophian” enough for the authors, but indeed it’s the thing that is allowing their dystophian worlds to become a reality.

One thing they all seems to have missed (or at least seriously underestimated) is the rise of the Internet.

I take it that you never read Neuromancer? God help us if the internet evolves into that.

As for Zoom, Skype, Facetime, etc… Mark Twain had that sussed in 1898. https://www.gutenberg.org/files/3251/3251-h/3251-h.htm#link2H_4_0009

The movie 2001 (from 1969) has the characters using tablets and they’re connected. Granted, it’s not the internet as we might describe it, but within the narrative of the film’s world, it’s close enough to count.
Samsung even brought this up in the long running psychodrama that was the legal spat between them and Apple: https://www.cnet.com/culture/samsung-says-2001-a-space-odyssey-invented-the-tablet-not-apple/

I haven’t read the book, but the internet and its problems and dangers was predicted in 1962: https://historynewsnetwork.org/article/176382