I don’t find a real reason to move away from GitHub and I really don’t understand this hate for Microsoft products. Can you please explain better?
It’s not a hate for the products - every product has shortcomings, and Microsoft’s aren’t even usually the worst there is. It’s a desire to be independent of the megacorp monster. That applies not just to Microsoft, but to Apple, Google and Amazon too (which is why we’re here at Mycroft anyway).
Microsoft won’t be making any unpopular changes to GitHub for quite a while, I’m sure, but it would be good to at least be prepared with an exit plan before we get locked in. And though it really won’t make a difference since our existing data was part of this original sale, any more information I can keep Microsoft from learning about me is a net positive.
Then as far as exit strategies go, discussions and suggestions on ways to get off GitHub are some of the most popular projects currently on GitHub, ironically enough. We can sit tight for a while until something gains some traction. I’m enamored with the idea of ActivityPub federation for self-hosted git servers, but it’ll need time to shake out.
1 Like
Anyone who doesn’t think Microsoft is planning to kill each and every piece of open source out there by any mean is very naive at least. Since their FUD techniques against Open Source in general and GNU/Linux in particular they evolved to the more neat EEE strategy, but, in the end, they eventually plan to do the same: the return to their golden days where they were the king.
I’m advising everyone I can to take a look into GitLab, yet it doesn’t have all the features of Github (as far as I know) it powerfull enough and they are discussing for a long time GitLab’s Federation, so we can use our own GitLab account to make merge and PR in others GitLab instances.
1 Like
Just putting this out there, GitLab is hosted on Azure.
Maybe because of their gain from the anti-Microsoft exodus they’ll change hosts, but right now moving from GitHub to GitLab just means moving from one MS host to another.
There is a sizeable legal difference (Microsoft now owns GitHub’s user data, vs “only” providing the hosting for GitLab), but good point. That’s why I’d prefer, wherever (and if) we move, federation to give a far easier option for switching hosting providers.
1 Like
Minecraft used to be good too, until M$ bought it out and favorited the W10 edition with all of it’s microtransactions, and lack of support for all of the greatest mods out there. Lets take a moment to imagine how and where M$ can put in those money makers.
I cant see how Microsoft, Amazon, or Google who are in direct competition with any other AI platform, wouldn’t at some point, interfere, spy, or sabotage the new upcoming threat. Mycroft’s core principles and base concepts are 180 degrees out of phase with corporations like Microsoft. If privacy and security is really what Mycroft is all about, it should never allow Microsoft to host its source code, or to have any control of it whatsoever. It would seem to be a conflict of interest to the general public looking to purchase a Mycroft device, as well as many of the developers who truly believe in what Mycroft stands for.
Furthermore, I don’t blame Github for selling out to Microsoft, after all, at some point, i’m sure they figured they would cash in on the many years of hard work put into their company. But as far as Mycroft goes, shifting to a secure and private host for its code is essential for its credibility moving forward.
I do believe in what Mycroft stands for, and that when it comes to doing what is essential for credibility and survival of its AI project, it will in the end, make the right decision regarding this matter.
It’s up to us to protect this small flame of privacy, security, and freedom, from all those who would extinguish it with the winds of change.
2 Likes
I think they are now on Google Platform, but in the end, that’s the same: Amazon, Google or Azure are corporate giants and we should avoid using them. But as @mactrent said, is not the same hosting files that using the services as a whole.
Anyway, I was also saying to self-host our own GitLab instance. Setting up a GitLan and some CI tools are not difficult at all, and a minimum requirements are needed. I don’t mind to create an account in each and every GitLab repo out there (I’m doing this since years now) but I can see the potential on Federation, so we could have some like github or gitlab.com but with self-hosted instances.
I think most people here believe that digital independence is a must, and depending on big companies is against our nature, besides that the point here is that Microsoft, not other but Microsoft, had adquired the biggest code repo at the moment. On tuesday they said it will continue doing the same as is doing right now, but then, why spend $7.2 billion to do the same? If history teaches something for this company is they are good in business, they are good eating competition, they are good giving something “for free” (my clients are mainly hospitals and city councils) and when you rely in their infraestructure, then they force you to pay just for licenses, making more expensive to migrate to another infraestructure.
The wise action now is flee from GitHub. Just in case. They can close tomorrow github and all its repos without notice, they have done it something similar in the past. Surely they won’t, at least while Satya Narayana will be in the charge, but that can change in a blink of an eye. Better to be ready.
1 Like
I feel as though the Mycroft team should move all the code out of GitHub as soon as is feasible. This is a huge red flag, i.e. “Embrace, Extend, Extinguish”. GitLab is an excellent alternative ― I have long preferred it to GitHub anyway ― and BitBucket is also doing pretty well.
1 Like
But if Mycroft leaves its code on GitHub, what guarantee is there that Microsoft won’t alter the code?
Microsoft monitors its users more than almost any other company in the technology industry, and with Mycroft being developed on a Microsoft platform, Mycroft loses a lot of my trust… The entire project should be moved to a neutral platform - that might be GitLab or it might be elsewhere, but it’s not GitHub if you want your users to trust that the code has not been modified by Microsoft.
if mycroft ends up moving, please consider going self hosted, microsoft may just buy gitlab next and it’s the same all over again 
1 Like
Seriously?? MS is going to modify EVERY repo that it doesn’t like in a matter of days or weeks??
I think you are being a little bit extremist, does MS even have a Home based AI product other than Cortana on Win 10?
EDIT: The Blockchain Whitepaper, said that Mycroft has around 13,000 installs, how many 10s of Million does Windows 10 have? Mycroft is small fish.
I never said they’d alter the code in a matter or days or weeks, though given the resources Microsoft has at hand, that’s not implausible… Just unlikely.
As for the whole “small fish” thing, that’s not entirely true - just how many “virtual assistant” projects do you think are out there? The Mycroft project might be small (for now), but it is sits on a very short list of “virtual assistants” out there…
Given that the code is now stored on servers controlled by one of the biggest surveillance companies in the world and considering there are so few “virtual assistant” projects out there, Mycroft is actually more likely to be a target of malicious attacks from companies like Microsoft.
I doubt they would modify anything of the source repos, nor I see them appropiating of anything… I doubt they’ll risk being sued.
On the other hand, I can easily see them doing things like:
- Installing ads/tracking tools
- Creating some paid options, or forbid the free access completely.
- Censoring some projects against their interests
- Closing the site
All of this are pretty harmful and they are on their right to do it.
No, let’s face it, github has become the 2018’ sourceforge. Better to leave to a self-hosted solution and be completely free and independent.
1 Like
Let me qualify that, that number was the time frame that Mycroft would take to make a decision to move their repo off of GitHub.
Very true, it would seem to me that a modification of source code would be possible but should be pretty obvious to any developer that know their own code well.
Uh huh.
Just like how the North American Government was sued for doing exactly this, on a mass scale and usually outside of the law?
Naivety like this is exactly why companies and governments keep getting away with this sort of thing… Apparently ignorance is bliss after all.
And yet the last couple of years have shown just how inaccurate such a statement is… Numerous projects (Open and Closed Source) have had their code modified by governments and intelligence agencies around the world (notably by the governments of the “Five Eyes”) - yet how many times did the developers notice and/or how long before they noticed?
I don’t doubt that Mycroft would notice eventually (hopefully sooner rather than later) - but any delay in noticing such a modification to their source code is too long, when you’re talking about a device that can capture so much data…
1 Like
WWASD? (What would Adam Selene do?)
1 Like
OKay, first of all, there are multiple governments in N America!
Again with governments, I thought we were talking about Microsoft, not a government…there still, at this point, is a difference! I think you need to lighten up here, Mycroft is still unknown to much of the world, although that might be changing, I doubt if MS or any government cares at this point.
I am not familiar with the details of the unauthorized and/or malicious modifications to open source projects by government or intelligence agencies that you are referring to. Would you help me out with a citation? This Google query also did not get me very far:
open source (modified|infiltrated|infected|altered) (unknown|secretly) (agency|government)
I think the details will be an important point. If the the alleged offender did not abuse admin privileges, but instead made normal commits with disguised bad intent, then we are just vulnerable even if we host ourselves. If the attackers circumvented access control altogether, well then again we are just as vulnerable.
I saw in other comments here describing what we want in a source control provider, and I noticed the inclusion of the word “private”. I think this misses the point somewhat. In our personal data and our usage we want privacy, yes. For our source code and development process we want open and transparent, not private. We collectively and mutually act as watchdogs, which is facilitated (though not guaranteed) through open software and process. I am not clear on how that in and of itself is threatened by MS ownership.
Otherwise, Based on the concerns I am hearing throughout this thread, maybe what we should be looking into is cryptographic signatures on commits and repository replication.
2 Likes
Move to GitLab,
GitLab supports groups and subgroups so it’s easier to organise our 100+ repositories, making it easier for everyone to find their way round, and also visualise the different parts of the project/platform and how they fit together.
There could be groups for mycroft-core, Mimic TTS, Core Skills, Packaging, enclosure Infra, Documentation, Tooling, Working Groups, Experimental… the possibilities are endless but each group is easy to digest and only contains repos specific to each groups goals. On GitHub you just get a giant list of all repos and you almost have to remember repo names as paginating through the list is just painful if you can’t.
GitLab supports issues, milestones and kanban boards at both group and project level. This makes it really easy to organise per project as well as at the group level and get a higher level view of what’s going on. You can also move issue between projects which is handy!.
GitLab CI would also be a great thing to have at the project level. Each project could define it’s own pipeline for merge requests, doc generation, building etc.
GitLab releases new features nearly every month, so things can only get better.
This is more than just a PR move, this is about how we do this things in the future too. I say let us not do compromises in face of events such as this one. Make a firm statement that Mycroft does not do compromises and that Mycroft will move to other service even if Microsoft doesn’t have an agenda, do not wait to see the negative impact, make it clear that Mycroft will be paranoid so that you don’t need to be, so that you could have a peace of mind.
This move will most surely strengthen the bond and the trust between the project and it’s community.
1 Like