Technology

74289 readers

4633 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related news or articles.
Be excellent to each other!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
Check for duplicates before posting, duplicates may be removed
Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago

MODERATORS

L3s@lemmy.world

enu@lemmy.world

technopagan@lemmy.world

L4s@lemmy.world

L3s@hackingne.ws

L4s@hackingne.ws

EnteAuth (and a bunch of other FOSS) take Microsoft's "free" money (github.blog)

submitted 1 week ago* (last edited 1 week ago) by kennedy@lemmy.dbzer0.com to c/technology@lemmy.world

12 comments fedilink hide all child comments

cross-posted from: https://lemmy.dbzer0.com/post/51040952

I'm moving away from using products by big tech and I recently started using EnteAuth for 2FA. Today I got an email from them saying that they received money as part of GitHub's secure open source fund. Maybe I'm just being paranoid but I do not like this at all. Microsoft is not altruistic I don't care what anyone says. There has to be an ulterior motive for this. With even the recent news that github won't be so independent anymore and they're getting folded into the Microsoft umbrella this has me worried. But let's be real github was never independent just look at copilot being forced down everyone's throat. That's why I personally stopped using it.

According to the fund

Throughout this program, each project receives $10,000 USD via GitHub Sponsors (which breaks down to $6,000 USD during the sprint and $2,000 USD at 6- and 12-month security check-ins). Projects are also invited to a new security focused community, and office hours with the GitHub Security Lab, that they can take advantage of during the full 12 months. They also receive security resources to immediately implement in their project and Azure credits for cloud infrastructure.

Those sponsors include

Alfred P. Sloan Foundation, American Express, Chainguard, Datadog, Herodevs, Kraken, Mayfield, Microsoft, Shopify, Stripe, Superbloom, Vercel, Zerodha, 1Password

Projects that are part of this even include nodejs, nvm, log4j, JUnit, and Matplotlib. Taking cybersecurity seriously is great but this just seems like a way to sucker them into their ecosystem to get them dependent on their products. Like I said maybe I'm being paranoid but I wouldn't be surprise when Microsoft suddenly buys these projects and we lose what made them so great.

you are viewing a single comment's thread
view the rest of the comments

[–] just_another_person@lemmy.world 44 points 1 week ago (10 children)

You may as well just stop using computers all together, bud 🤣

I don't mean to ruin your world view, but there are no ways to run anything you want to run by focusing on "altruistic companies", however you may subjectively define that.

Look, you're focusing on the wrong thing here. Maybe you didn't know this, but the massive majority of FOSS projects get funded by companies - either for consulting, feature bounties, IC development - and is a main driving force for the ecosystem.

Many in this ecosystem would even tell you that every single project is massively UNDERfunded by said companies, and they should kick in more to help keep these projects secure and in good standing. They make billions and billions of dollars off people's work, and it surely seems they should kick some of that back to the projects.

Whatever Microsoft's involvement is here, it's not going to be changing the direction of any of the projects mentioned. If for some reason something untoward starts happening with any project: boom, fork and new community. It's that simple.

In short, these people getting funding for their work is a good thing. If you take issue with who is providing that money, you're going to be digging a deep, deep hole in your research, and if you're running down the dep chain, you'll find out that all of the things you use have some funding by companies like Microsoft, Apple, Google, Facebook, IBM, Red Hat, Amazon, Alibaba, Halliburton, Qualcomm...I could keep going on and on.

[–] WhyJiffie@sh.itjust.works 7 points 1 week ago (9 children)

but there are no ways to run anything you want to run by focusing on "altruistic companies", however you may subjectively define that.

I think you misunderstood OP. their complaint is not that these projects should search an altruistic donor... but that Microsoft is suspicious in doing this, because arguably they rarely have good intentions.

Whatever Microsoft's involvement is here, it's not going to be changing the direction of any of the projects mentioned.

let's hope so

If for some reason something untoward starts happening with any project: boom, fork and new community. It's that simple.

easier said than done.

In short, these people getting funding for their work is a good thing.

I think OP (and me too) is worried about the terms. like, can these projects abandon github without repercussions? can they start using another code forge in parallel?

[–] abrasiveteapot@sh.itjust.works 3 points 1 week ago

https://en.m.wikipedia.org/wiki/Embrace,_extend,_and_extinguish

OP has a reasonable concern, Microsoft has had a troubling past history, and embrace extend extinguish hasn't gone away, just look at the office file standards shenanigans.

It's certainly the case that the purchase of github is intended to create a platform that has network effects (making it hard to leave).

Microsoft has proven many times that their participation in FOSS tends to come with a catch or an intent to subvert.

load more comments (8 replies)