On June 29th, GitHub announced Copilot, an AI-powered auto-complete for programmers, prompting a debate about the ethics of borrowed code.
GitHub is one of the biggest code repositories on the Internet. It hosts billions of lines of code, creating an unparalleled dataset with which to train a coding AI. And that is exactly what OpenAI, via GitHub, thanks to its owners Microsoft has done — training Copilot using public repositories.
The chances are you haven’t tried Copilot yet, because it’s still invite-only via a VSCode plugin. People who have, are reporting that it’s a stunning tool, with a few limitations; it transforms coders from writers to editors because when code is inserted for you, you still have to read it to make sure it’s what you intended.
Some developers have cried “foul” at what they see as over-reach by a corporation unafraid of copyright infringement when long-term profits are on offer. There have also been reports of Copilot spilling private data, such as API keys. If, however, as GitHub states, the tool has been trained on publicly available code, the real question is: which genius saved an API key to a public repository.
GitHub’s defense has been that it has only trained Copilot on public code and that training AI on public datasets is considered “fair use” in the industry because any other approach is prohibitively expensive. However, as reported by The Verge, there is a growing question of what constitutes “fair use”; the TLDR being that if an application is commercial, then any work product is potentially derivative.
If a judge rules that Copilot’s code is derivative, then any code created with the tool is, by definition, derivative. Thus, we could conceivably reach the point at which a humans.txt file is required to credit everyone who deserves kudos for a site or app. It seems far-fetched, but we’re talking about a world in which restaurants serve tepid coffee for fear of litigation.
There are plenty of idealists (a group to which I could easily be accused of belonging) that nurture a soft-spot for the open-source, community-driven web. And of course, it’s true to say that many who walk the halls (or at least log into the Slack) of Microsoft, OpenAI, and GitHub are of the same inclination, contributing generously to open-source projects, mentoring, blogging, and offering a leg-up to other coders.
When I first learnt to code HTML, step one, before <p>hello World!</p> was view > developer > view source. Most human developers have been actively encouraged to look at other people’s code to understand the best way to achieve something — after all, that’s how web standards emerged.
Some individuals are perhaps owed credit for their work. One example is Robert Penner, whose work on easing functions inspired a generation of Actionscript/JavaScript coders. Penner published his functions online for free, under the MIT license; he also wrote a book which taught me, among other things, that a while loop beats a for loop, a lesson I use every day — I’d like to think the royalties bought him a small Caribbean island (or at least a vacation on one).
There is an important distinction between posting code online and publishing code examples in a book, namely that the latter is expected to be protected. Where Copilot is on questionable ground is that the AI is not a searchable database of functions, it’s code derived from specific problems. On the surface, it appears that anything Copilot produces must be derivative.
I don’t have a public GitHub repository, so OpenAI learned nothing from me. But let’s say I did. Let’s say I had posted a JavaScript-powered animation from which Copilot garnered some of its understanding. Does Microsoft owe me a fraction of its profits? Do I in turn owe Penner a fraction of mine? Does Penner owe Adobe (who bought Macromedia)? Does Adobe owe Brendan Eich (the creator of JavaScript)? Does Eich owe James Gosling (creator of Java), if not for the syntax, then for the name? And while we’re at it, which OS was Gosling using back in the mid-90s to compile his code — I doubt it was named after a fruit.
If this seems farcical, it’s because it is. But it’s a real problem created by the fact that technology is moving faster than the law. Intellectual property rights defined before the advent of the home computer cannot possibly define an AI-driven future.
Featured image uses images via Max Chen and Michael Dziedzic.
Source
The post Poll: The Ethical Dilemma at the Heart of GitHub’s Copilot first appeared on Webdesigner Depot.
Source de l’article sur Webdesignerdepot
Your dev team lead is not controlling enough
Actualités, Méthodes et organisation des process ITThree phases of a controlling engineering manager
Every morning, I see the unfiltered thoughts of 1200+ engineering leaders as one of the community moderators in the Dev Interrupted Discord server. We start every day with a Daily Interruption topic about how to make agile work in real life; scaling teams, building culture, hiring, continuous improvement, metrics – fun stuff like that.
Recently this Daily Interruption popped up and stopped me in my tracks:
Source de l’article sur DZONE
Poll: The Ethical Dilemma at the Heart of GitHub’s Copilot
Actualités, ActualitésGitHub is one of the biggest code repositories on the Internet. It hosts billions of lines of code, creating an unparalleled dataset with which to train a coding AI. And that is exactly what OpenAI, via GitHub, thanks to its owners Microsoft has done — training Copilot using public repositories.
The chances are you haven’t tried Copilot yet, because it’s still invite-only via a VSCode plugin. People who have, are reporting that it’s a stunning tool, with a few limitations; it transforms coders from writers to editors because when code is inserted for you, you still have to read it to make sure it’s what you intended.
Some developers have cried “foul” at what they see as over-reach by a corporation unafraid of copyright infringement when long-term profits are on offer. There have also been reports of Copilot spilling private data, such as API keys. If, however, as GitHub states, the tool has been trained on publicly available code, the real question is: which genius saved an API key to a public repository.
GitHub’s defense has been that it has only trained Copilot on public code and that training AI on public datasets is considered “fair use” in the industry because any other approach is prohibitively expensive. However, as reported by The Verge, there is a growing question of what constitutes “fair use”; the TLDR being that if an application is commercial, then any work product is potentially derivative.
If a judge rules that Copilot’s code is derivative, then any code created with the tool is, by definition, derivative. Thus, we could conceivably reach the point at which a humans.txt file is required to credit everyone who deserves kudos for a site or app. It seems far-fetched, but we’re talking about a world in which restaurants serve tepid coffee for fear of litigation.
There are plenty of idealists (a group to which I could easily be accused of belonging) that nurture a soft-spot for the open-source, community-driven web. And of course, it’s true to say that many who walk the halls (or at least log into the Slack) of Microsoft, OpenAI, and GitHub are of the same inclination, contributing generously to open-source projects, mentoring, blogging, and offering a leg-up to other coders.
When I first learnt to code HTML, step one, before <p>hello World!</p> was view > developer > view source. Most human developers have been actively encouraged to look at other people’s code to understand the best way to achieve something — after all, that’s how web standards emerged.
Some individuals are perhaps owed credit for their work. One example is Robert Penner, whose work on easing functions inspired a generation of Actionscript/JavaScript coders. Penner published his functions online for free, under the MIT license; he also wrote a book which taught me, among other things, that a while loop beats a for loop, a lesson I use every day — I’d like to think the royalties bought him a small Caribbean island (or at least a vacation on one).
There is an important distinction between posting code online and publishing code examples in a book, namely that the latter is expected to be protected. Where Copilot is on questionable ground is that the AI is not a searchable database of functions, it’s code derived from specific problems. On the surface, it appears that anything Copilot produces must be derivative.
I don’t have a public GitHub repository, so OpenAI learned nothing from me. But let’s say I did. Let’s say I had posted a JavaScript-powered animation from which Copilot garnered some of its understanding. Does Microsoft owe me a fraction of its profits? Do I in turn owe Penner a fraction of mine? Does Penner owe Adobe (who bought Macromedia)? Does Adobe owe Brendan Eich (the creator of JavaScript)? Does Eich owe James Gosling (creator of Java), if not for the syntax, then for the name? And while we’re at it, which OS was Gosling using back in the mid-90s to compile his code — I doubt it was named after a fruit.
If this seems farcical, it’s because it is. But it’s a real problem created by the fact that technology is moving faster than the law. Intellectual property rights defined before the advent of the home computer cannot possibly define an AI-driven future.
Featured image uses images via Max Chen and Michael Dziedzic.
Source
The post Poll: The Ethical Dilemma at the Heart of GitHub’s Copilot first appeared on Webdesigner Depot.
Source de l’article sur Webdesignerdepot
Magecart Hackers Hide Stolen Credit Card Data Into Images for Evasive Exfiltration
Actualités, Sécurité de l'information et du SI, Sécurité de l’information, Sécurité du système d’informationCybercrime actors part of the Magecart group have latched on to a new technique of obfuscating the malware code within comment blocks and encoding stolen credit card data into images and other files hosted on the server, once again demonstrating how the attackers are continuously improving their infection chains to escape detection. « One tactic that some Magecart actors employ is the dumping of
Source de l’article sur The Hacker News
New SaaS Security Report Dives into the Concerns and Plans of CISOs in 2021
Actualités, Sécurité de l'information et du SI, Sécurité de l’information, Sécurité du système d’informationFor years, security professionals have recognized the need to enhance SaaS security. However, the exponential adoption of Software-as-a-Service (SaaS) applications over 2020 turned slow-burning embers into a raging fire.
Organizations manage anywhere from thirty-five to more than a hundred applications. From collaboration tools like Slack and Microsoft Teams to mission-critical applications
Source de l’article sur The Hacker News
Les experts de Kaspersky prévoient une croissance du nombre d’attaques visant la vulnérabilité PrintNightmare
Actualités, Sécurité de l'information et du SI, Sécurité de l’information, Sécurité du système d’informationLa semaine dernière, des chercheurs ont accidentellement publié l’expérimentation d’un exploit révélant une vulnérabilité critique du Windows Print Spooler, également connue sous le nom de PrintNightmare. Bien que l’exploit ait été rapidement retiré de GitHub, certains utilisateurs ont néanmoins réussi à le télécharger et à le repartager.
The post Les experts de Kaspersky prévoient une croissance du nombre d’attaques visant la vulnérabilité PrintNightmare first appeared on UnderNews.
Source de l’article sur UNDERNEWS
Critical Flaws Reported in Philips Vue PACS Medical Imaging Systems
Actualités, Sécurité de l'information et du SI, Sécurité de l’information, Sécurité du système d’informationMultiple security vulnerabilities have been disclosed in Philips Clinical Collaboration Platform Portal (aka Vue PACS), some of which could be exploited by an adversary to take control of an affected system. « Successful exploitation of these vulnerabilities could allow an unauthorized person or process to eavesdrop, view or modify data, gain system access, perform code execution, install
Source de l’article sur The Hacker News
Working With Multi-Level JSON in CockroachDB
Actualités, Méthodes et organisation des process ITMotivation
I had a customer inquiring about whether CockroachDB is capable of working with multi-level JSON. Considering their JSON would have up to 3 levels of hierarchy, they wanted to know whether CockroachDB is able to use native capability to access data multiple levels down. This prompted my interest and led to this tutorial. Surprisingly, CockroachDB does not inhibit any limitations to the number of levels in hiearchy and performance can be improved using various optimizations also discussed below.
Start a Single Node Instance With Max SQL Memory Flag and Connect to It
Source de l’article sur DZONE
En avril 2021, 1,1 million d’attaques web à l’échelle mondiale autour de la thématique des jeux vidéo
Actualités, Sécurité de l'information et du SI, Sécurité de l’information, Sécurité du système d’informationEn 2020, alors que les pays du monde entier étaient contraints de se confiner, le nombre de joueurs en ligne a atteint des sommets. De fait, à la fin du mois de mars2020, le nombre de joueurs actifs et simultanés sur Steam (la plateforme, communauté et boutique de jeux vidéo en ligne la plus populaire) […]
The post En avril 2021, 1,1 million d’attaques web à l’échelle mondiale autour de la thématique des jeux vidéo first appeared on UnderNews.
Source de l’article sur UNDERNEWS
Critical Flaws Reported in Sage X3 Enterprise Management Software
Actualités, Sécurité de l'information et du SI, Sécurité de l’information, Sécurité du système d’informationFour security vulnerabilities have been uncovered in the Sage X3 enterprise resource planning (ERP) product, two of which could be chained together as part of an attack sequence to enable adversaries to execute malicious commands and take control of vulnerable systems.
These issues were discovered by researchers from Rapid7, who notified Sage Group of their findings on Feb. 3, 2021. The vendor
Source de l’article sur The Hacker News
Ping – Unix/Linux Command, Beginners Introduction With Examples
Actualités, Méthodes et organisation des process ITThe ‘ping’ command is used to troubleshoot and diagnose network connectivity issues. It is used to check whether the host is reachable. It’s available on all the Operating Systems. ‘ping’ reports the round-trip time for the messages sent from the source to the destination.
How Does ‘ping’ Work?
Source de l’article sur DZONE